asm.alauda.iogroup
CanaryTemplate is the Schema for the Canarytemplates API
v1alpha1versionspecobject
CanaryTemplateSpec defines the desired state of CanaryTemplate
analysisobject
Analysis defines the validation process of a release
intervalstringrequired
Schedule interval for this canary analysis
iterationsinteger
Number of checks to run for A/B Testing and Blue/Green
match[]object
HttpMatchRequest specifies a set of criterion to be met in order for the rule to be applied to the HTTP request. For example, the following restricts the rule to match only requests where the URL path starts with /ratings/v2/ and the request contains a "cookie" with value "user=jason". apiVersion: networking.istio.io/v1alpha3 kind: VirtualService metadata: name: ratings-route spec: hosts: - ratings http: - match: - headers: cookie: regex: "^(.?;)?(user=jason)(;.)?" uri: prefix: "/ratings/v2/" route: - destination: host: ratings HTTPMatchRequest CANNOT be empty.
authorityobject
HTTP Authority values are case-sensitive and formatted as follows:
exact: "value"for exact string matchprefix: "value"for prefix-based matchregex: "value"for ECMAscript style regex-based match
exactstring
exact string match
prefixstring
prefix-based match
regexstring
ECMAscript style regex-based match
suffixstring
suffix-based match.
gateways[]string
Names of gateways where the rule should be applied to. Gateway names at the top of the VirtualService (if any) are overridden. The gateway match is independent of sourceLabels.
headersobject
The header keys must be lowercase and use hyphen as the separator, e.g. x-request-id. Header values are case-sensitive and formatted as follows:
exact: "value"for exact string matchprefix: "value"for prefix-based matchregex: "value"for ECMAscript style regex-based match Note: The keysuri,scheme,method, andauthoritywill be ignored.
methodobject
HTTP Method values are case-sensitive and formatted as follows:
exact: "value"for exact string matchprefix: "value"for prefix-based matchregex: "value"for ECMAscript style regex-based match
exactstring
exact string match
prefixstring
prefix-based match
regexstring
ECMAscript style regex-based match
suffixstring
suffix-based match.
portinteger
Specifies the ports on the host that is being addressed. Many services only expose a single port or label ports with the protocols they support, in these cases it is not required to explicitly select the port.
schemeobject
URI Scheme values are case-sensitive and formatted as follows:
exact: "value"for exact string matchprefix: "value"for prefix-based matchregex: "value"for ECMAscript style regex-based match
exactstring
exact string match
prefixstring
prefix-based match
regexstring
ECMAscript style regex-based match
suffixstring
suffix-based match.
sourceLabelsobject
One or more labels that constrain the applicability of a rule to workloads with the given labels. If the VirtualService has a list of gateways specified at the top, it should include the reserved gateway mesh in order for this field to be applicable.
uriobject
URI to match values are case-sensitive and formatted as follows:
exact: "value"for exact string matchprefix: "value"for prefix-based matchregex: "value"for ECMAscript style regex-based match
exactstring
exact string match
prefixstring
prefix-based match
regexstring
ECMAscript style regex-based match
suffixstring
suffix-based match.
maxWeightinteger
Max traffic percentage routed to canary
metrics[]object
CanaryMetric holds the reference to metrics used for canary analysis
intervalstring
Interval represents the windows size
namestringrequired
Name of the metric
querystring
Prometheus query for this metric (deprecated in favor of TemplateRef)
templateRefobject
TemplateRef references a metric template object
apiVersionstring
API version of the referent
kindstring
Kind of the referent
namestringrequired
Name of the referent
namespacestring
Namespace of the referent
thresholdnumber
Max value accepted for this metric
thresholdRangeobject
Range value accepted for this metric
maxnumber
Maximum value
minnumber
Minimum value
mirrorboolean
Enable traffic mirroring for Blue/Green
stepWeightinteger
Incremental traffic percentage step
stepWeightPromotioninteger
Incremental traffic percentage step for promotion phase
thresholdinteger
Max number of failed checks before the canary is terminated
webhooks[]object
CanaryWebhook holds the reference to external checks used for canary analysis
metadataobject
Metadata (key-value pairs) for this webhook
namestringrequired
Name of this webhook
timeoutstring
Request timeout for this webhook
typestringrequired
Type of this webhook
urlstringrequired
URL address of this webhook
autoscalerRefobject
AutoscalerRef references an autoscaling resource
apiVersionstring
API version of the referent
kindstring
Kind of the referent
namestringrequired
Name of the referent
namespacestring
Namespace of the referent
canaryAnalysisobject
Deprecated: replaced by Analysis
intervalstringrequired
Schedule interval for this canary analysis
iterationsinteger
Number of checks to run for A/B Testing and Blue/Green
match[]object
HttpMatchRequest specifies a set of criterion to be met in order for the rule to be applied to the HTTP request. For example, the following restricts the rule to match only requests where the URL path starts with /ratings/v2/ and the request contains a "cookie" with value "user=jason". apiVersion: networking.istio.io/v1alpha3 kind: VirtualService metadata: name: ratings-route spec: hosts: - ratings http: - match: - headers: cookie: regex: "^(.?;)?(user=jason)(;.)?" uri: prefix: "/ratings/v2/" route: - destination: host: ratings HTTPMatchRequest CANNOT be empty.
authorityobject
HTTP Authority values are case-sensitive and formatted as follows:
exact: "value"for exact string matchprefix: "value"for prefix-based matchregex: "value"for ECMAscript style regex-based match
exactstring
exact string match
prefixstring
prefix-based match
regexstring
ECMAscript style regex-based match
suffixstring
suffix-based match.
gateways[]string
Names of gateways where the rule should be applied to. Gateway names at the top of the VirtualService (if any) are overridden. The gateway match is independent of sourceLabels.
headersobject
The header keys must be lowercase and use hyphen as the separator, e.g. x-request-id. Header values are case-sensitive and formatted as follows:
exact: "value"for exact string matchprefix: "value"for prefix-based matchregex: "value"for ECMAscript style regex-based match Note: The keysuri,scheme,method, andauthoritywill be ignored.
methodobject
HTTP Method values are case-sensitive and formatted as follows:
exact: "value"for exact string matchprefix: "value"for prefix-based matchregex: "value"for ECMAscript style regex-based match
exactstring
exact string match
prefixstring
prefix-based match
regexstring
ECMAscript style regex-based match
suffixstring
suffix-based match.
portinteger
Specifies the ports on the host that is being addressed. Many services only expose a single port or label ports with the protocols they support, in these cases it is not required to explicitly select the port.
schemeobject
URI Scheme values are case-sensitive and formatted as follows:
exact: "value"for exact string matchprefix: "value"for prefix-based matchregex: "value"for ECMAscript style regex-based match
exactstring
exact string match
prefixstring
prefix-based match
regexstring
ECMAscript style regex-based match
suffixstring
suffix-based match.
sourceLabelsobject
One or more labels that constrain the applicability of a rule to workloads with the given labels. If the VirtualService has a list of gateways specified at the top, it should include the reserved gateway mesh in order for this field to be applicable.
uriobject
URI to match values are case-sensitive and formatted as follows:
exact: "value"for exact string matchprefix: "value"for prefix-based matchregex: "value"for ECMAscript style regex-based match
exactstring
exact string match
prefixstring
prefix-based match
regexstring
ECMAscript style regex-based match
suffixstring
suffix-based match.
maxWeightinteger
Max traffic percentage routed to canary
metrics[]object
CanaryMetric holds the reference to metrics used for canary analysis
intervalstring
Interval represents the windows size
namestringrequired
Name of the metric
querystring
Prometheus query for this metric (deprecated in favor of TemplateRef)
templateRefobject
TemplateRef references a metric template object
apiVersionstring
API version of the referent
kindstring
Kind of the referent
namestringrequired
Name of the referent
namespacestring
Namespace of the referent
thresholdnumber
Max value accepted for this metric
thresholdRangeobject
Range value accepted for this metric
maxnumber
Maximum value
minnumber
Minimum value
mirrorboolean
Enable traffic mirroring for Blue/Green
stepWeightinteger
Incremental traffic percentage step
stepWeightPromotioninteger
Incremental traffic percentage step for promotion phase
thresholdinteger
Max number of failed checks before the canary is terminated
webhooks[]object
CanaryWebhook holds the reference to external checks used for canary analysis
metadataobject
Metadata (key-value pairs) for this webhook
namestringrequired
Name of this webhook
timeoutstring
Request timeout for this webhook
typestringrequired
Type of this webhook
urlstringrequired
URL address of this webhook
failFallBackboolean
if set true,we will rollback canary workload modify
ingressRefobject
Reference to NGINX ingress resource
apiVersionstring
API version of the referent
kindstring
Kind of the referent
namestringrequired
Name of the referent
namespacestring
Namespace of the referent
maxResponseTimenumber
metricsServerstring
MetricsServer overwrites the -metrics-server flag for this particular canary
minSuccessRatenumber
progressDeadlineSecondsinteger
ProgressDeadlineSeconds represents the maximum time in seconds for a canary deployment to make progress before it is considered to be failed
serviceobject
Service defines how ClusterIP services, service mesh or ingress routing objects are generated
backends[]string
Backends of the generated App Mesh virtual nodes
corsPolicyobject
Cross-Origin Resource Sharing policy for the generated Istio virtual service
allowCredentialsboolean
Indicates whether the caller is allowed to send the actual request (not the preflight) using credentials. Translates to Access-Control-Allow-Credentials header.
allowHeaders[]string
List of HTTP headers that can be used when requesting the resource. Serialized to Access-Control-Allow-Methods header.
allowMethods[]string
List of HTTP methods allowed to access the resource. The content will be serialized into the Access-Control-Allow-Methods header.
allowOrigin[]string
The list of origins that are allowed to perform CORS requests. The content will be serialized into the Access-Control-Allow-Origin header. Wildcard * will allow all origins.
exposeHeaders[]string
A white list of HTTP headers that the browsers are allowed to access. Serialized into Access-Control-Expose-Headers header.
maxAgestring
Specifies how long the the results of a preflight request can be cached. Translates to the Access-Control-Max-Age header.
gateways[]string
Gateways attached to the generated Istio virtual service Defaults to the internal mesh gateway
headersobject
Headers operations for the generated Istio virtual service
requestobject
Header manipulation rules to apply before forwarding a request to the destination service
addobject
Append the given values to the headers specified by keys (will create a comma-separated list of values)
remove[]string
Remove the specified headers
setobject
Overwrite the headers specified by key with the given values
responseobject
Header manipulation rules to apply before returning a response to the caller
addobject
Append the given values to the headers specified by keys (will create a comma-separated list of values)
remove[]string
Remove the specified headers
setobject
Overwrite the headers specified by key with the given values
hosts[]string
Hosts attached to the generated Istio virtual service Defaults to the service name
match[]object
HttpMatchRequest specifies a set of criterion to be met in order for the rule to be applied to the HTTP request. For example, the following restricts the rule to match only requests where the URL path starts with /ratings/v2/ and the request contains a "cookie" with value "user=jason". apiVersion: networking.istio.io/v1alpha3 kind: VirtualService metadata: name: ratings-route spec: hosts: - ratings http: - match: - headers: cookie: regex: "^(.?;)?(user=jason)(;.)?" uri: prefix: "/ratings/v2/" route: - destination: host: ratings HTTPMatchRequest CANNOT be empty.
authorityobject
HTTP Authority values are case-sensitive and formatted as follows:
exact: "value"for exact string matchprefix: "value"for prefix-based matchregex: "value"for ECMAscript style regex-based match
exactstring
exact string match
prefixstring
prefix-based match
regexstring
ECMAscript style regex-based match
suffixstring
suffix-based match.
gateways[]string
Names of gateways where the rule should be applied to. Gateway names at the top of the VirtualService (if any) are overridden. The gateway match is independent of sourceLabels.
headersobject
The header keys must be lowercase and use hyphen as the separator, e.g. x-request-id. Header values are case-sensitive and formatted as follows:
exact: "value"for exact string matchprefix: "value"for prefix-based matchregex: "value"for ECMAscript style regex-based match Note: The keysuri,scheme,method, andauthoritywill be ignored.
methodobject
HTTP Method values are case-sensitive and formatted as follows:
exact: "value"for exact string matchprefix: "value"for prefix-based matchregex: "value"for ECMAscript style regex-based match
exactstring
exact string match
prefixstring
prefix-based match
regexstring
ECMAscript style regex-based match
suffixstring
suffix-based match.
portinteger
Specifies the ports on the host that is being addressed. Many services only expose a single port or label ports with the protocols they support, in these cases it is not required to explicitly select the port.
schemeobject
URI Scheme values are case-sensitive and formatted as follows:
exact: "value"for exact string matchprefix: "value"for prefix-based matchregex: "value"for ECMAscript style regex-based match
exactstring
exact string match
prefixstring
prefix-based match
regexstring
ECMAscript style regex-based match
suffixstring
suffix-based match.
sourceLabelsobject
One or more labels that constrain the applicability of a rule to workloads with the given labels. If the VirtualService has a list of gateways specified at the top, it should include the reserved gateway mesh in order for this field to be applicable.
uriobject
URI to match values are case-sensitive and formatted as follows:
exact: "value"for exact string matchprefix: "value"for prefix-based matchregex: "value"for ECMAscript style regex-based match
exactstring
exact string match
prefixstring
prefix-based match
regexstring
ECMAscript style regex-based match
suffixstring
suffix-based match.
meshNamestring
Mesh name of the generated App Mesh virtual nodes and virtual service
namestring
Name of the Kubernetes service generated by Flagger Defaults to CanarySpec.TargetRef.Name
portintegerrequired
Port of the generated Kubernetes service
portDiscoverybooleanrequired
PortDiscovery adds all container ports to the generated Kubernetes service
portNamestring
Port name of the generated Kubernetes service Defaults to http
retriesobject
Retries policy for the generated virtual service
attemptsinteger
REQUIRED. Number of retries for a given request. The interval between retries will be determined automatically (25ms+). Actual number of retries attempted depends on the httpReqTimeout.
perTryTimeoutstring
Timeout per retry attempt for a given request. format: 1h/1m/1s/1ms. MUST BE >=1ms.
retryOnstring
Specifies the conditions under which retry takes place. One or more policies can be specified using a ‘,’ delimited list. The supported policies can be found in https://www.envoyproxy.io/docs/envoy/latest/configuration/http_filters/router_filter#x-envoy-retry-on and https://www.envoyproxy.io/docs/envoy/latest/configuration/http_filters/router_filter#x-envoy-retry-grpc-on
rewriteobject
Rewrite HTTP URIs for the generated service
authoritystring
rewrite the Authority/Host header with this value.
uristring
rewrite the path (or the prefix) portion of the URI with this value. If the original URI was matched based on prefix, the value provided in this field will replace the corresponding matched prefix.
targetPort
Target port number or name of the generated Kubernetes service Defaults to CanaryService.Port
timeoutstring
Timeout of the HTTP or gRPC request
trafficPolicyobject
TrafficPolicy attached to the generated Istio destination rules
connectionPoolobject
Settings controlling the volume of connections to an upstream service
httpobject
HTTP connection pool settings.
h2UpgradePolicystring
Specify if http1.1 connection should be upgraded to http2 for the associated destination. DEFAULT - Use the global default. DO_NOT_UPGRADE - Do not upgrade the connection to http2. UPGRADE - Upgrade the connection to http2.
http1MaxPendingRequestsinteger
Maximum number of pending HTTP requests to a destination. Default 2^32-1.
http2MaxRequestsinteger
Maximum number of requests to a backend. Default 2^32-1.
idleTimeoutstring
The idle timeout for upstream connection pool connections. The idle timeout is defined as the period in which there are no active requests. If not set, the default is 1 hour. When the idle timeout is reached the connection will be closed. Note that request based timeouts mean that HTTP/2 PINGs will not keep the connection alive. Applies to both HTTP1.1 and HTTP2 connections.
maxRequestsPerConnectioninteger
Maximum number of requests per connection to a backend. Setting this parameter to 1 disables keep alive. Default 0, meaning "unlimited", up to 2^29.
maxRetriesinteger
Maximum number of retries that can be outstanding to all hosts in a cluster at a given time. Defaults to 2^32-1.
tcpobject
Settings common to both HTTP and TCP upstream connections.
connectTimeoutstring
TCP connection timeout.
maxConnectionsinteger
Maximum number of HTTP1 /TCP connections to a destination host.
loadBalancerobject
Settings controlling the load balancer algorithms.
consistentHashobject
Consistent Hash-based load balancing can be used to provide soft session affinity based on HTTP headers, cookies or other properties. This load balancing policy is applicable only for HTTP connections. The affinity to a particular destination host will be lost when one or more hosts are added/removed from the destination service.
httpCookieobject
Hash based on HTTP cookie.
namestringrequired
REQUIRED. Name of the cookie.
pathstring
Path to set for the cookie.
ttlstringrequired
REQUIRED. Lifetime of the cookie.
httpHeaderNamestring
It is required to specify exactly one of the fields as hash key: HTTPHeaderName, HTTPCookie, or UseSourceIP. Hash based on a specific HTTP header.
minimumRingSizeinteger
The minimum number of virtual nodes to use for the hash ring. Defaults to 1024. Larger ring sizes result in more granular load distributions. If the number of hosts in the load balancing pool is larger than the ring size, each host will be assigned a single virtual node.
useSourceIpboolean
Hash based on the source IP address.
simplestring
It is required to specify exactly one of the fields: Simple or ConsistentHash
outlierDetectionobject
Settings controlling eviction of unhealthy hosts from the load balancing pool
baseEjectionTimestring
Minimum ejection duration. A host will remain ejected for a period equal to the product of minimum ejection duration and the number of times the host has been ejected. This technique allows the system to automatically increase the ejection period for unhealthy upstream servers. format: 1h/1m/1s/1ms. MUST BE >=1ms. Default is 30s.
consecutive5xxErrorsinteger
Number of 5xx errors before a host is ejected from the connection pool. When the upstream host is accessed over an opaque TCP connection, connect timeouts, connection error/failure and request failure events qualify as a 5xx error. This feature defaults to 5 but can be disabled by setting the value to 0. Note that consecutive_gateway_errors and consecutive_5xx_errors can be used separately or together. Because the errors counted by consecutive_gateway_errors are also included in consecutive_5xx_errors, if the value of consecutive_gateway_errors is greater than or equal to the value of consecutive_5xx_errors, consecutive_gateway_errors will have no effect.
consecutiveErrorsinteger
Number of errors before a host is ejected from the connection pool. Defaults to 5. When the upstream host is accessed over HTTP, a 5xx return code qualifies as an error. When the upstream host is accessed over an opaque TCP connection, connect timeouts and connection error/failure events qualify as an error.
consecutiveGatewayErrorsinteger
Number of gateway errors before a host is ejected from the connection pool. When the upstream host is accessed over HTTP, a 502, 503, or 504 return code qualifies as a gateway error. When the upstream host is accessed over an opaque TCP connection, connect timeouts and connection error/failure events qualify as a gateway error. This feature is disabled by default or when set to the value 0. Note that consecutive_gateway_errors and consecutive_5xx_errors can be used separately or together. Because the errors counted by consecutive_gateway_errors are also included in consecutive_5xx_errors, if the value of consecutive_gateway_errors is greater than or equal to the value of consecutive_5xx_errors, consecutive_gateway_errors will have no effect.
intervalstring
Time interval between ejection sweep analysis. format: 1h/1m/1s/1ms. MUST BE >=1ms. Default is 10s.
maxEjectionPercentinteger
Maximum % of hosts in the load balancing pool for the upstream service that can be ejected. Defaults to 10%.
minHealthPercentinteger
Outlier detection will be enabled as long as the associated load balancing pool has at least min_health_percent hosts in healthy mode. When the percentage of healthy hosts in the load balancing pool drops below this threshold, outlier detection will be disabled and the proxy will load balance across all hosts in the pool (healthy and unhealthy). The threshold can be disabled by setting it to 0%. The default is 0% as it's not typically applicable in k8s environments with few pods per service.
portLevelSettings[]object
Traffic policies that apply to specific ports of the service
connectionPoolobject
Settings controlling the volume of connections to an upstream service
httpobject
HTTP connection pool settings.
h2UpgradePolicystring
Specify if http1.1 connection should be upgraded to http2 for the associated destination. DEFAULT - Use the global default. DO_NOT_UPGRADE - Do not upgrade the connection to http2. UPGRADE - Upgrade the connection to http2.
http1MaxPendingRequestsinteger
Maximum number of pending HTTP requests to a destination. Default 2^32-1.
http2MaxRequestsinteger
Maximum number of requests to a backend. Default 2^32-1.
idleTimeoutstring
The idle timeout for upstream connection pool connections. The idle timeout is defined as the period in which there are no active requests. If not set, the default is 1 hour. When the idle timeout is reached the connection will be closed. Note that request based timeouts mean that HTTP/2 PINGs will not keep the connection alive. Applies to both HTTP1.1 and HTTP2 connections.
maxRequestsPerConnectioninteger
Maximum number of requests per connection to a backend. Setting this parameter to 1 disables keep alive. Default 0, meaning "unlimited", up to 2^29.
maxRetriesinteger
Maximum number of retries that can be outstanding to all hosts in a cluster at a given time. Defaults to 2^32-1.
tcpobject
Settings common to both HTTP and TCP upstream connections.
connectTimeoutstring
TCP connection timeout.
maxConnectionsinteger
Maximum number of HTTP1 /TCP connections to a destination host.
loadBalancerobject
Settings controlling the load balancer algorithms.
consistentHashobject
Consistent Hash-based load balancing can be used to provide soft session affinity based on HTTP headers, cookies or other properties. This load balancing policy is applicable only for HTTP connections. The affinity to a particular destination host will be lost when one or more hosts are added/removed from the destination service.
httpCookieobject
Hash based on HTTP cookie.
namestringrequired
REQUIRED. Name of the cookie.
pathstring
Path to set for the cookie.
ttlstringrequired
REQUIRED. Lifetime of the cookie.
httpHeaderNamestring
It is required to specify exactly one of the fields as hash key: HTTPHeaderName, HTTPCookie, or UseSourceIP. Hash based on a specific HTTP header.
minimumRingSizeinteger
The minimum number of virtual nodes to use for the hash ring. Defaults to 1024. Larger ring sizes result in more granular load distributions. If the number of hosts in the load balancing pool is larger than the ring size, each host will be assigned a single virtual node.
useSourceIpboolean
Hash based on the source IP address.
simplestring
It is required to specify exactly one of the fields: Simple or ConsistentHash
outlierDetectionobject
Settings controlling eviction of unhealthy hosts from the load balancing pool
baseEjectionTimestring
Minimum ejection duration. A host will remain ejected for a period equal to the product of minimum ejection duration and the number of times the host has been ejected. This technique allows the system to automatically increase the ejection period for unhealthy upstream servers. format: 1h/1m/1s/1ms. MUST BE >=1ms. Default is 30s.
consecutive5xxErrorsinteger
Number of 5xx errors before a host is ejected from the connection pool. When the upstream host is accessed over an opaque TCP connection, connect timeouts, connection error/failure and request failure events qualify as a 5xx error. This feature defaults to 5 but can be disabled by setting the value to 0. Note that consecutive_gateway_errors and consecutive_5xx_errors can be used separately or together. Because the errors counted by consecutive_gateway_errors are also included in consecutive_5xx_errors, if the value of consecutive_gateway_errors is greater than or equal to the value of consecutive_5xx_errors, consecutive_gateway_errors will have no effect.
consecutiveErrorsinteger
Number of errors before a host is ejected from the connection pool. Defaults to 5. When the upstream host is accessed over HTTP, a 5xx return code qualifies as an error. When the upstream host is accessed over an opaque TCP connection, connect timeouts and connection error/failure events qualify as an error.
consecutiveGatewayErrorsinteger
Number of gateway errors before a host is ejected from the connection pool. When the upstream host is accessed over HTTP, a 502, 503, or 504 return code qualifies as a gateway error. When the upstream host is accessed over an opaque TCP connection, connect timeouts and connection error/failure events qualify as a gateway error. This feature is disabled by default or when set to the value 0. Note that consecutive_gateway_errors and consecutive_5xx_errors can be used separately or together. Because the errors counted by consecutive_gateway_errors are also included in consecutive_5xx_errors, if the value of consecutive_gateway_errors is greater than or equal to the value of consecutive_5xx_errors, consecutive_gateway_errors will have no effect.
intervalstring
Time interval between ejection sweep analysis. format: 1h/1m/1s/1ms. MUST BE >=1ms. Default is 10s.
maxEjectionPercentinteger
Maximum % of hosts in the load balancing pool for the upstream service that can be ejected. Defaults to 10%.
minHealthPercentinteger
Outlier detection will be enabled as long as the associated load balancing pool has at least min_health_percent hosts in healthy mode. When the percentage of healthy hosts in the load balancing pool drops below this threshold, outlier detection will be disabled and the proxy will load balance across all hosts in the pool (healthy and unhealthy). The threshold can be disabled by setting it to 0%. The default is 0% as it's not typically applicable in k8s environments with few pods per service.
portobjectrequired
Specifies the port name or number of a port on the destination service on which this policy is being applied. Names must comply with DNS label syntax (rfc1035) and therefore cannot collide with numbers. If there are multiple ports on a service with the same protocol the names should be of the form -.
namestring
Valid port name
numberinteger
Valid port number
tlsobject
TLS related settings for connections to the upstream service.
caCertificatesstring
OPTIONAL: The path to the file containing certificate authority certificates to use in verifying a presented server certificate. If omitted, the proxy will not verify the server's certificate. Should be empty if mode is ISTIO_MUTUAL.
clientCertificatestring
REQUIRED if mode is MUTUAL. The path to the file holding the client-side TLS certificate to use. Should be empty if mode is ISTIO_MUTUAL.
modestringrequired
REQUIRED: Indicates whether connections to this port should be secured using TLS. The value of this field determines how TLS is enforced.
privateKeystring
REQUIRED if mode is MUTUAL. The path to the file holding the client's private key. Should be empty if mode is ISTIO_MUTUAL.
snistring
SNI string to present to the server during TLS handshake. Should be empty if mode is ISTIO_MUTUAL.
subjectAltNames[]string
A list of alternate names to verify the subject identity in the certificate. If specified, the proxy will verify that the server certificate's subject alt name matches one of the specified values. Should be empty if mode is ISTIO_MUTUAL.
tlsobject
TLS related settings for connections to the upstream service.
caCertificatesstring
OPTIONAL: The path to the file containing certificate authority certificates to use in verifying a presented server certificate. If omitted, the proxy will not verify the server's certificate. Should be empty if mode is ISTIO_MUTUAL.
clientCertificatestring
REQUIRED if mode is MUTUAL. The path to the file holding the client-side TLS certificate to use. Should be empty if mode is ISTIO_MUTUAL.
modestringrequired
REQUIRED: Indicates whether connections to this port should be secured using TLS. The value of this field determines how TLS is enforced.
privateKeystring
REQUIRED if mode is MUTUAL. The path to the file holding the client's private key. Should be empty if mode is ISTIO_MUTUAL.
snistring
SNI string to present to the server during TLS handshake. Should be empty if mode is ISTIO_MUTUAL.
subjectAltNames[]string
A list of alternate names to verify the subject identity in the certificate. If specified, the proxy will verify that the server certificate's subject alt name matches one of the specified values. Should be empty if mode is ISTIO_MUTUAL.
skipAnalysisboolean
SkipAnalysis promotes the canary without analysing it
targetRefobject
TargetRef references a target resource
apiVersionstring
API version of the referent
kindstring
Kind of the referent
namestringrequired
Name of the referent
namespacestring
Namespace of the referent