Alauda Service Mesh

asm.alauda.io group

CanaryTemplate is the Schema for the Canarytemplates API

v1alpha1 version
spec object

CanaryTemplateSpec defines the desired state of CanaryTemplate

analysis object

Analysis defines the validation process of a release

interval string required

Schedule interval for this canary analysis

iterations integer

Number of checks to run for A/B Testing and Blue/Green

match []object

HttpMatchRequest specifies a set of criterion to be met in order for the rule to be applied to the HTTP request. For example, the following restricts the rule to match only requests where the URL path starts with /ratings/v2/ and the request contains a "cookie" with value "user=jason". apiVersion: networking.istio.io/v1alpha3 kind: VirtualService metadata: name: ratings-route spec: hosts: - ratings http: - match: - headers: cookie: regex: "^(.?;)?(user=jason)(;.)?" uri: prefix: "/ratings/v2/" route: - destination: host: ratings HTTPMatchRequest CANNOT be empty.

authority object

HTTP Authority values are case-sensitive and formatted as follows:

  • exact: "value" for exact string match
  • prefix: "value" for prefix-based match
  • regex: "value" for ECMAscript style regex-based match
exact string

exact string match

prefix string

prefix-based match

regex string

ECMAscript style regex-based match

suffix string

suffix-based match.

gateways []string

Names of gateways where the rule should be applied to. Gateway names at the top of the VirtualService (if any) are overridden. The gateway match is independent of sourceLabels.

headers object

The header keys must be lowercase and use hyphen as the separator, e.g. x-request-id. Header values are case-sensitive and formatted as follows:

  • exact: "value" for exact string match
  • prefix: "value" for prefix-based match
  • regex: "value" for ECMAscript style regex-based match Note: The keys uri, scheme, method, and authority will be ignored.
method object

HTTP Method values are case-sensitive and formatted as follows:

  • exact: "value" for exact string match
  • prefix: "value" for prefix-based match
  • regex: "value" for ECMAscript style regex-based match
exact string

exact string match

prefix string

prefix-based match

regex string

ECMAscript style regex-based match

suffix string

suffix-based match.

port integer

Specifies the ports on the host that is being addressed. Many services only expose a single port or label ports with the protocols they support, in these cases it is not required to explicitly select the port.

scheme object

URI Scheme values are case-sensitive and formatted as follows:

  • exact: "value" for exact string match
  • prefix: "value" for prefix-based match
  • regex: "value" for ECMAscript style regex-based match
exact string

exact string match

prefix string

prefix-based match

regex string

ECMAscript style regex-based match

suffix string

suffix-based match.

sourceLabels object

One or more labels that constrain the applicability of a rule to workloads with the given labels. If the VirtualService has a list of gateways specified at the top, it should include the reserved gateway mesh in order for this field to be applicable.

uri object

URI to match values are case-sensitive and formatted as follows:

  • exact: "value" for exact string match
  • prefix: "value" for prefix-based match
  • regex: "value" for ECMAscript style regex-based match
exact string

exact string match

prefix string

prefix-based match

regex string

ECMAscript style regex-based match

suffix string

suffix-based match.

maxWeight integer

Max traffic percentage routed to canary

metrics []object

CanaryMetric holds the reference to metrics used for canary analysis

interval string

Interval represents the windows size

name string required

Name of the metric

query string

Prometheus query for this metric (deprecated in favor of TemplateRef)

templateRef object

TemplateRef references a metric template object

apiVersion string

API version of the referent

kind string

Kind of the referent

name string required

Name of the referent

namespace string

Namespace of the referent

threshold number

Max value accepted for this metric

thresholdRange object

Range value accepted for this metric

max number

Maximum value

min number

Minimum value

mirror boolean

Enable traffic mirroring for Blue/Green

stepWeight integer

Incremental traffic percentage step

stepWeightPromotion integer

Incremental traffic percentage step for promotion phase

threshold integer

Max number of failed checks before the canary is terminated

webhooks []object

CanaryWebhook holds the reference to external checks used for canary analysis

metadata object

Metadata (key-value pairs) for this webhook

name string required

Name of this webhook

timeout string

Request timeout for this webhook

type string required

Type of this webhook

url string required

URL address of this webhook

autoscalerRef object

AutoscalerRef references an autoscaling resource

apiVersion string

API version of the referent

kind string

Kind of the referent

name string required

Name of the referent

namespace string

Namespace of the referent

canaryAnalysis object

Deprecated: replaced by Analysis

interval string required

Schedule interval for this canary analysis

iterations integer

Number of checks to run for A/B Testing and Blue/Green

match []object

HttpMatchRequest specifies a set of criterion to be met in order for the rule to be applied to the HTTP request. For example, the following restricts the rule to match only requests where the URL path starts with /ratings/v2/ and the request contains a "cookie" with value "user=jason". apiVersion: networking.istio.io/v1alpha3 kind: VirtualService metadata: name: ratings-route spec: hosts: - ratings http: - match: - headers: cookie: regex: "^(.?;)?(user=jason)(;.)?" uri: prefix: "/ratings/v2/" route: - destination: host: ratings HTTPMatchRequest CANNOT be empty.

authority object

HTTP Authority values are case-sensitive and formatted as follows:

  • exact: "value" for exact string match
  • prefix: "value" for prefix-based match
  • regex: "value" for ECMAscript style regex-based match
exact string

exact string match

prefix string

prefix-based match

regex string

ECMAscript style regex-based match

suffix string

suffix-based match.

gateways []string

Names of gateways where the rule should be applied to. Gateway names at the top of the VirtualService (if any) are overridden. The gateway match is independent of sourceLabels.

headers object

The header keys must be lowercase and use hyphen as the separator, e.g. x-request-id. Header values are case-sensitive and formatted as follows:

  • exact: "value" for exact string match
  • prefix: "value" for prefix-based match
  • regex: "value" for ECMAscript style regex-based match Note: The keys uri, scheme, method, and authority will be ignored.
method object

HTTP Method values are case-sensitive and formatted as follows:

  • exact: "value" for exact string match
  • prefix: "value" for prefix-based match
  • regex: "value" for ECMAscript style regex-based match
exact string

exact string match

prefix string

prefix-based match

regex string

ECMAscript style regex-based match

suffix string

suffix-based match.

port integer

Specifies the ports on the host that is being addressed. Many services only expose a single port or label ports with the protocols they support, in these cases it is not required to explicitly select the port.

scheme object

URI Scheme values are case-sensitive and formatted as follows:

  • exact: "value" for exact string match
  • prefix: "value" for prefix-based match
  • regex: "value" for ECMAscript style regex-based match
exact string

exact string match

prefix string

prefix-based match

regex string

ECMAscript style regex-based match

suffix string

suffix-based match.

sourceLabels object

One or more labels that constrain the applicability of a rule to workloads with the given labels. If the VirtualService has a list of gateways specified at the top, it should include the reserved gateway mesh in order for this field to be applicable.

uri object

URI to match values are case-sensitive and formatted as follows:

  • exact: "value" for exact string match
  • prefix: "value" for prefix-based match
  • regex: "value" for ECMAscript style regex-based match
exact string

exact string match

prefix string

prefix-based match

regex string

ECMAscript style regex-based match

suffix string

suffix-based match.

maxWeight integer

Max traffic percentage routed to canary

metrics []object

CanaryMetric holds the reference to metrics used for canary analysis

interval string

Interval represents the windows size

name string required

Name of the metric

query string

Prometheus query for this metric (deprecated in favor of TemplateRef)

templateRef object

TemplateRef references a metric template object

apiVersion string

API version of the referent

kind string

Kind of the referent

name string required

Name of the referent

namespace string

Namespace of the referent

threshold number

Max value accepted for this metric

thresholdRange object

Range value accepted for this metric

max number

Maximum value

min number

Minimum value

mirror boolean

Enable traffic mirroring for Blue/Green

stepWeight integer

Incremental traffic percentage step

stepWeightPromotion integer

Incremental traffic percentage step for promotion phase

threshold integer

Max number of failed checks before the canary is terminated

webhooks []object

CanaryWebhook holds the reference to external checks used for canary analysis

metadata object

Metadata (key-value pairs) for this webhook

name string required

Name of this webhook

timeout string

Request timeout for this webhook

type string required

Type of this webhook

url string required

URL address of this webhook

failFallBack boolean

if set true,we will rollback canary workload modify

ingressRef object

Reference to NGINX ingress resource

apiVersion string

API version of the referent

kind string

Kind of the referent

name string required

Name of the referent

namespace string

Namespace of the referent

maxResponseTime number
metricsServer string

MetricsServer overwrites the -metrics-server flag for this particular canary

minSuccessRate number
progressDeadlineSeconds integer

ProgressDeadlineSeconds represents the maximum time in seconds for a canary deployment to make progress before it is considered to be failed

service object

Service defines how ClusterIP services, service mesh or ingress routing objects are generated

backends []string

Backends of the generated App Mesh virtual nodes

corsPolicy object

Cross-Origin Resource Sharing policy for the generated Istio virtual service

allowCredentials boolean

Indicates whether the caller is allowed to send the actual request (not the preflight) using credentials. Translates to Access-Control-Allow-Credentials header.

allowHeaders []string

List of HTTP headers that can be used when requesting the resource. Serialized to Access-Control-Allow-Methods header.

allowMethods []string

List of HTTP methods allowed to access the resource. The content will be serialized into the Access-Control-Allow-Methods header.

allowOrigin []string

The list of origins that are allowed to perform CORS requests. The content will be serialized into the Access-Control-Allow-Origin header. Wildcard * will allow all origins.

exposeHeaders []string

A white list of HTTP headers that the browsers are allowed to access. Serialized into Access-Control-Expose-Headers header.

maxAge string

Specifies how long the the results of a preflight request can be cached. Translates to the Access-Control-Max-Age header.

gateways []string

Gateways attached to the generated Istio virtual service Defaults to the internal mesh gateway

headers object

Headers operations for the generated Istio virtual service

request object

Header manipulation rules to apply before forwarding a request to the destination service

add object

Append the given values to the headers specified by keys (will create a comma-separated list of values)

remove []string

Remove the specified headers

set object

Overwrite the headers specified by key with the given values

response object

Header manipulation rules to apply before returning a response to the caller

add object

Append the given values to the headers specified by keys (will create a comma-separated list of values)

remove []string

Remove the specified headers

set object

Overwrite the headers specified by key with the given values

hosts []string

Hosts attached to the generated Istio virtual service Defaults to the service name

match []object

HttpMatchRequest specifies a set of criterion to be met in order for the rule to be applied to the HTTP request. For example, the following restricts the rule to match only requests where the URL path starts with /ratings/v2/ and the request contains a "cookie" with value "user=jason". apiVersion: networking.istio.io/v1alpha3 kind: VirtualService metadata: name: ratings-route spec: hosts: - ratings http: - match: - headers: cookie: regex: "^(.?;)?(user=jason)(;.)?" uri: prefix: "/ratings/v2/" route: - destination: host: ratings HTTPMatchRequest CANNOT be empty.

authority object

HTTP Authority values are case-sensitive and formatted as follows:

  • exact: "value" for exact string match
  • prefix: "value" for prefix-based match
  • regex: "value" for ECMAscript style regex-based match
exact string

exact string match

prefix string

prefix-based match

regex string

ECMAscript style regex-based match

suffix string

suffix-based match.

gateways []string

Names of gateways where the rule should be applied to. Gateway names at the top of the VirtualService (if any) are overridden. The gateway match is independent of sourceLabels.

headers object

The header keys must be lowercase and use hyphen as the separator, e.g. x-request-id. Header values are case-sensitive and formatted as follows:

  • exact: "value" for exact string match
  • prefix: "value" for prefix-based match
  • regex: "value" for ECMAscript style regex-based match Note: The keys uri, scheme, method, and authority will be ignored.
method object

HTTP Method values are case-sensitive and formatted as follows:

  • exact: "value" for exact string match
  • prefix: "value" for prefix-based match
  • regex: "value" for ECMAscript style regex-based match
exact string

exact string match

prefix string

prefix-based match

regex string

ECMAscript style regex-based match

suffix string

suffix-based match.

port integer

Specifies the ports on the host that is being addressed. Many services only expose a single port or label ports with the protocols they support, in these cases it is not required to explicitly select the port.

scheme object

URI Scheme values are case-sensitive and formatted as follows:

  • exact: "value" for exact string match
  • prefix: "value" for prefix-based match
  • regex: "value" for ECMAscript style regex-based match
exact string

exact string match

prefix string

prefix-based match

regex string

ECMAscript style regex-based match

suffix string

suffix-based match.

sourceLabels object

One or more labels that constrain the applicability of a rule to workloads with the given labels. If the VirtualService has a list of gateways specified at the top, it should include the reserved gateway mesh in order for this field to be applicable.

uri object

URI to match values are case-sensitive and formatted as follows:

  • exact: "value" for exact string match
  • prefix: "value" for prefix-based match
  • regex: "value" for ECMAscript style regex-based match
exact string

exact string match

prefix string

prefix-based match

regex string

ECMAscript style regex-based match

suffix string

suffix-based match.

meshName string

Mesh name of the generated App Mesh virtual nodes and virtual service

name string

Name of the Kubernetes service generated by Flagger Defaults to CanarySpec.TargetRef.Name

port integer required

Port of the generated Kubernetes service

portDiscovery boolean required

PortDiscovery adds all container ports to the generated Kubernetes service

portName string

Port name of the generated Kubernetes service Defaults to http

retries object

Retries policy for the generated virtual service

attempts integer

REQUIRED. Number of retries for a given request. The interval between retries will be determined automatically (25ms+). Actual number of retries attempted depends on the httpReqTimeout.

perTryTimeout string

Timeout per retry attempt for a given request. format: 1h/1m/1s/1ms. MUST BE >=1ms.

retryOn string

Specifies the conditions under which retry takes place. One or more policies can be specified using a ‘,’ delimited list. The supported policies can be found in https://www.envoyproxy.io/docs/envoy/latest/configuration/http_filters/router_filter#x-envoy-retry-on and https://www.envoyproxy.io/docs/envoy/latest/configuration/http_filters/router_filter#x-envoy-retry-grpc-on

rewrite object

Rewrite HTTP URIs for the generated service

authority string

rewrite the Authority/Host header with this value.

uri string

rewrite the path (or the prefix) portion of the URI with this value. If the original URI was matched based on prefix, the value provided in this field will replace the corresponding matched prefix.

targetPort

Target port number or name of the generated Kubernetes service Defaults to CanaryService.Port

timeout string

Timeout of the HTTP or gRPC request

trafficPolicy object

TrafficPolicy attached to the generated Istio destination rules

connectionPool object

Settings controlling the volume of connections to an upstream service

http object

HTTP connection pool settings.

h2UpgradePolicy string

Specify if http1.1 connection should be upgraded to http2 for the associated destination. DEFAULT - Use the global default. DO_NOT_UPGRADE - Do not upgrade the connection to http2. UPGRADE - Upgrade the connection to http2.

http1MaxPendingRequests integer

Maximum number of pending HTTP requests to a destination. Default 2^32-1.

http2MaxRequests integer

Maximum number of requests to a backend. Default 2^32-1.

idleTimeout string

The idle timeout for upstream connection pool connections. The idle timeout is defined as the period in which there are no active requests. If not set, the default is 1 hour. When the idle timeout is reached the connection will be closed. Note that request based timeouts mean that HTTP/2 PINGs will not keep the connection alive. Applies to both HTTP1.1 and HTTP2 connections.

maxRequestsPerConnection integer

Maximum number of requests per connection to a backend. Setting this parameter to 1 disables keep alive. Default 0, meaning "unlimited", up to 2^29.

maxRetries integer

Maximum number of retries that can be outstanding to all hosts in a cluster at a given time. Defaults to 2^32-1.

tcp object

Settings common to both HTTP and TCP upstream connections.

connectTimeout string

TCP connection timeout.

maxConnections integer

Maximum number of HTTP1 /TCP connections to a destination host.

loadBalancer object

Settings controlling the load balancer algorithms.

consistentHash object

Consistent Hash-based load balancing can be used to provide soft session affinity based on HTTP headers, cookies or other properties. This load balancing policy is applicable only for HTTP connections. The affinity to a particular destination host will be lost when one or more hosts are added/removed from the destination service.

httpCookie object

Hash based on HTTP cookie.

name string required

REQUIRED. Name of the cookie.

path string

Path to set for the cookie.

ttl string required

REQUIRED. Lifetime of the cookie.

httpHeaderName string

It is required to specify exactly one of the fields as hash key: HTTPHeaderName, HTTPCookie, or UseSourceIP. Hash based on a specific HTTP header.

minimumRingSize integer

The minimum number of virtual nodes to use for the hash ring. Defaults to 1024. Larger ring sizes result in more granular load distributions. If the number of hosts in the load balancing pool is larger than the ring size, each host will be assigned a single virtual node.

useSourceIp boolean

Hash based on the source IP address.

simple string

It is required to specify exactly one of the fields: Simple or ConsistentHash

outlierDetection object

Settings controlling eviction of unhealthy hosts from the load balancing pool

baseEjectionTime string

Minimum ejection duration. A host will remain ejected for a period equal to the product of minimum ejection duration and the number of times the host has been ejected. This technique allows the system to automatically increase the ejection period for unhealthy upstream servers. format: 1h/1m/1s/1ms. MUST BE >=1ms. Default is 30s.

consecutive5xxErrors integer

Number of 5xx errors before a host is ejected from the connection pool. When the upstream host is accessed over an opaque TCP connection, connect timeouts, connection error/failure and request failure events qualify as a 5xx error. This feature defaults to 5 but can be disabled by setting the value to 0. Note that consecutive_gateway_errors and consecutive_5xx_errors can be used separately or together. Because the errors counted by consecutive_gateway_errors are also included in consecutive_5xx_errors, if the value of consecutive_gateway_errors is greater than or equal to the value of consecutive_5xx_errors, consecutive_gateway_errors will have no effect.

consecutiveErrors integer

Number of errors before a host is ejected from the connection pool. Defaults to 5. When the upstream host is accessed over HTTP, a 5xx return code qualifies as an error. When the upstream host is accessed over an opaque TCP connection, connect timeouts and connection error/failure events qualify as an error.

consecutiveGatewayErrors integer

Number of gateway errors before a host is ejected from the connection pool. When the upstream host is accessed over HTTP, a 502, 503, or 504 return code qualifies as a gateway error. When the upstream host is accessed over an opaque TCP connection, connect timeouts and connection error/failure events qualify as a gateway error. This feature is disabled by default or when set to the value 0. Note that consecutive_gateway_errors and consecutive_5xx_errors can be used separately or together. Because the errors counted by consecutive_gateway_errors are also included in consecutive_5xx_errors, if the value of consecutive_gateway_errors is greater than or equal to the value of consecutive_5xx_errors, consecutive_gateway_errors will have no effect.

interval string

Time interval between ejection sweep analysis. format: 1h/1m/1s/1ms. MUST BE >=1ms. Default is 10s.

maxEjectionPercent integer

Maximum % of hosts in the load balancing pool for the upstream service that can be ejected. Defaults to 10%.

minHealthPercent integer

Outlier detection will be enabled as long as the associated load balancing pool has at least min_health_percent hosts in healthy mode. When the percentage of healthy hosts in the load balancing pool drops below this threshold, outlier detection will be disabled and the proxy will load balance across all hosts in the pool (healthy and unhealthy). The threshold can be disabled by setting it to 0%. The default is 0% as it's not typically applicable in k8s environments with few pods per service.

portLevelSettings []object

Traffic policies that apply to specific ports of the service

connectionPool object

Settings controlling the volume of connections to an upstream service

http object

HTTP connection pool settings.

h2UpgradePolicy string

Specify if http1.1 connection should be upgraded to http2 for the associated destination. DEFAULT - Use the global default. DO_NOT_UPGRADE - Do not upgrade the connection to http2. UPGRADE - Upgrade the connection to http2.

http1MaxPendingRequests integer

Maximum number of pending HTTP requests to a destination. Default 2^32-1.

http2MaxRequests integer

Maximum number of requests to a backend. Default 2^32-1.

idleTimeout string

The idle timeout for upstream connection pool connections. The idle timeout is defined as the period in which there are no active requests. If not set, the default is 1 hour. When the idle timeout is reached the connection will be closed. Note that request based timeouts mean that HTTP/2 PINGs will not keep the connection alive. Applies to both HTTP1.1 and HTTP2 connections.

maxRequestsPerConnection integer

Maximum number of requests per connection to a backend. Setting this parameter to 1 disables keep alive. Default 0, meaning "unlimited", up to 2^29.

maxRetries integer

Maximum number of retries that can be outstanding to all hosts in a cluster at a given time. Defaults to 2^32-1.

tcp object

Settings common to both HTTP and TCP upstream connections.

connectTimeout string

TCP connection timeout.

maxConnections integer

Maximum number of HTTP1 /TCP connections to a destination host.

loadBalancer object

Settings controlling the load balancer algorithms.

consistentHash object

Consistent Hash-based load balancing can be used to provide soft session affinity based on HTTP headers, cookies or other properties. This load balancing policy is applicable only for HTTP connections. The affinity to a particular destination host will be lost when one or more hosts are added/removed from the destination service.

httpCookie object

Hash based on HTTP cookie.

name string required

REQUIRED. Name of the cookie.

path string

Path to set for the cookie.

ttl string required

REQUIRED. Lifetime of the cookie.

httpHeaderName string

It is required to specify exactly one of the fields as hash key: HTTPHeaderName, HTTPCookie, or UseSourceIP. Hash based on a specific HTTP header.

minimumRingSize integer

The minimum number of virtual nodes to use for the hash ring. Defaults to 1024. Larger ring sizes result in more granular load distributions. If the number of hosts in the load balancing pool is larger than the ring size, each host will be assigned a single virtual node.

useSourceIp boolean

Hash based on the source IP address.

simple string

It is required to specify exactly one of the fields: Simple or ConsistentHash

outlierDetection object

Settings controlling eviction of unhealthy hosts from the load balancing pool

baseEjectionTime string

Minimum ejection duration. A host will remain ejected for a period equal to the product of minimum ejection duration and the number of times the host has been ejected. This technique allows the system to automatically increase the ejection period for unhealthy upstream servers. format: 1h/1m/1s/1ms. MUST BE >=1ms. Default is 30s.

consecutive5xxErrors integer

Number of 5xx errors before a host is ejected from the connection pool. When the upstream host is accessed over an opaque TCP connection, connect timeouts, connection error/failure and request failure events qualify as a 5xx error. This feature defaults to 5 but can be disabled by setting the value to 0. Note that consecutive_gateway_errors and consecutive_5xx_errors can be used separately or together. Because the errors counted by consecutive_gateway_errors are also included in consecutive_5xx_errors, if the value of consecutive_gateway_errors is greater than or equal to the value of consecutive_5xx_errors, consecutive_gateway_errors will have no effect.

consecutiveErrors integer

Number of errors before a host is ejected from the connection pool. Defaults to 5. When the upstream host is accessed over HTTP, a 5xx return code qualifies as an error. When the upstream host is accessed over an opaque TCP connection, connect timeouts and connection error/failure events qualify as an error.

consecutiveGatewayErrors integer

Number of gateway errors before a host is ejected from the connection pool. When the upstream host is accessed over HTTP, a 502, 503, or 504 return code qualifies as a gateway error. When the upstream host is accessed over an opaque TCP connection, connect timeouts and connection error/failure events qualify as a gateway error. This feature is disabled by default or when set to the value 0. Note that consecutive_gateway_errors and consecutive_5xx_errors can be used separately or together. Because the errors counted by consecutive_gateway_errors are also included in consecutive_5xx_errors, if the value of consecutive_gateway_errors is greater than or equal to the value of consecutive_5xx_errors, consecutive_gateway_errors will have no effect.

interval string

Time interval between ejection sweep analysis. format: 1h/1m/1s/1ms. MUST BE >=1ms. Default is 10s.

maxEjectionPercent integer

Maximum % of hosts in the load balancing pool for the upstream service that can be ejected. Defaults to 10%.

minHealthPercent integer

Outlier detection will be enabled as long as the associated load balancing pool has at least min_health_percent hosts in healthy mode. When the percentage of healthy hosts in the load balancing pool drops below this threshold, outlier detection will be disabled and the proxy will load balance across all hosts in the pool (healthy and unhealthy). The threshold can be disabled by setting it to 0%. The default is 0% as it's not typically applicable in k8s environments with few pods per service.

port object required

Specifies the port name or number of a port on the destination service on which this policy is being applied. Names must comply with DNS label syntax (rfc1035) and therefore cannot collide with numbers. If there are multiple ports on a service with the same protocol the names should be of the form -.

name string

Valid port name

number integer

Valid port number

tls object

TLS related settings for connections to the upstream service.

caCertificates string

OPTIONAL: The path to the file containing certificate authority certificates to use in verifying a presented server certificate. If omitted, the proxy will not verify the server's certificate. Should be empty if mode is ISTIO_MUTUAL.

clientCertificate string

REQUIRED if mode is MUTUAL. The path to the file holding the client-side TLS certificate to use. Should be empty if mode is ISTIO_MUTUAL.

mode string required

REQUIRED: Indicates whether connections to this port should be secured using TLS. The value of this field determines how TLS is enforced.

privateKey string

REQUIRED if mode is MUTUAL. The path to the file holding the client's private key. Should be empty if mode is ISTIO_MUTUAL.

sni string

SNI string to present to the server during TLS handshake. Should be empty if mode is ISTIO_MUTUAL.

subjectAltNames []string

A list of alternate names to verify the subject identity in the certificate. If specified, the proxy will verify that the server certificate's subject alt name matches one of the specified values. Should be empty if mode is ISTIO_MUTUAL.

tls object

TLS related settings for connections to the upstream service.

caCertificates string

OPTIONAL: The path to the file containing certificate authority certificates to use in verifying a presented server certificate. If omitted, the proxy will not verify the server's certificate. Should be empty if mode is ISTIO_MUTUAL.

clientCertificate string

REQUIRED if mode is MUTUAL. The path to the file holding the client-side TLS certificate to use. Should be empty if mode is ISTIO_MUTUAL.

mode string required

REQUIRED: Indicates whether connections to this port should be secured using TLS. The value of this field determines how TLS is enforced.

privateKey string

REQUIRED if mode is MUTUAL. The path to the file holding the client's private key. Should be empty if mode is ISTIO_MUTUAL.

sni string

SNI string to present to the server during TLS handshake. Should be empty if mode is ISTIO_MUTUAL.

subjectAltNames []string

A list of alternate names to verify the subject identity in the certificate. If specified, the proxy will verify that the server certificate's subject alt name matches one of the specified values. Should be empty if mode is ISTIO_MUTUAL.

skipAnalysis boolean

SkipAnalysis promotes the canary without analysing it

targetRef object

TargetRef references a target resource

apiVersion string

API version of the referent

kind string

Kind of the referent

name string required

Name of the referent

namespace string

Namespace of the referent