Skip to content

Instantly share code, notes, and snippets.

@gAmUssA

gAmUssA/kuma.yaml

Created May 9, 2023 17:25
Show Gist options
  • Save gAmUssA/5f04988ce6e2f2a416125527268ade8c to your computer and use it in GitHub Desktop.
Save gAmUssA/5f04988ce6e2f2a416125527268ade8c to your computer and use it in GitHub Desktop.
Download ZIP
Raw
kuma.yaml
---
apiVersion: v1
kind: Namespace
metadata:
name: kuma-system
labels:
kuma.io/system-namespace: "true"
---
apiVersion: v1
kind: ServiceAccount
metadata:
name: kuma-control-plane
namespace: kuma-system
labels:
app: kuma-control-plane
app.kubernetes.io/name: kuma
app.kubernetes.io/instance: kuma
---
apiVersion: v1
kind: Secret
type: kubernetes.io/tls
metadata:
name: kuma-tls-cert
namespace: kuma-system
labels:
app: kuma-control-plane
app.kubernetes.io/name: kuma
app.kubernetes.io/instance: kuma
data:
tls.crt: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSURhekNDQWxPZ0F3SUJBZ0lSQU44bnBrV3FaOVExL3dGL3gyelhaTFl3RFFZSktvWklodmNOQVFFTEJRQXcKRWpFUU1BNEdBMVVFQXhNSGEzVnRZUzFqWVRBZUZ3MHlNekExTURreE56RXpOVFJhRncwek16QTFNRFl4TnpFegpOVFJhTUIweEd6QVpCZ05WQkFNVEVtdDFiV0V0WTI5dWRISnZiQzF3YkdGdVpUQ0NBU0l3RFFZSktvWklodmNOCkFRRUJCUUFEZ2dFUEFEQ0NBUW9DZ2dFQkFKTG5UVHRHbXVEdjFJV1RHMlhPdURMQmQ4dlp5TGxDMTdXUzdOaEIKWTZkOGxtRmlJa0Z4Z0VwQjBZY3ZDUXNobzlhR3M1MVNBMjc3cDZFcEJOb3BtMktDcjJ3amJJbUQrVEZoL2lkUAo5ekRmcThhYnpXcEpEc3VJd1A1WEp3eENmMnRGZERaYzd1cmJKdnB5MGNndUExeTZFcGhSSVZYcVAraHViMUlECjBRZmxYd2VSaHM3STY4TXpFRVJjMi9zSTdpTk1RTlQrbGNMcjNJVEtUTjBpMDNNbENIOWtMYzZISHJ6VHB3b2IKcTQ3U1JwbUFBMkdvc0hSMDNzMHVrdlVlS1NnSVBJMDVHMlRRK2NacXBRNktmV0ltbitjb3dOUHhRaTVKTnM5cwpQSHdmbldvUFpmM0srdTFTbThFK200MHc0SGJwdjVDSnFXM1dQQ2d5TFRnUENyY0NBd0VBQWFPQnNEQ0JyVEFPCkJnTlZIUThCQWY4RUJBTUNCYUF3SFFZRFZSMGxCQll3RkFZSUt3WUJCUVVIQXdFR0NDc0dBUVVGQndNQ01Bd0cKQTFVZEV3RUIvd1FDTUFBd0h3WURWUjBqQkJnd0ZvQVVSeDBqbnZSOGJRU2QvT0tSY2RVNUg1eHhlL1V3VFFZRApWUjBSQkVZd1JJSWVhM1Z0WVMxamIyNTBjbTlzTFhCc1lXNWxMbXQxYldFdGMzbHpkR1Z0Z2lKcmRXMWhMV052CmJuUnliMnd0Y0d4aGJtVXVhM1Z0WVMxemVYTjBaVzB1YzNaak1BMEdDU3FHU0liM0RRRUJDd1VBQTRJQkFRQ2MKbzBxQVU5WWYrMjBZUnVQbjZNd3pnWXBEVTVlUkdIMTgySUV0MG9Xd0E0TUNPRnhFWE5aaTFyWUswc0lmaVBFTQpMUklma0lSeHZTVjZ5c3kxM3gwQ2l2VmhYbmRiRTJFclBXV09SQXlXbm9uTW54eXdESDUvY3RtR0lEc0tlRTdtClhKd2pOU2RhUFBLU1FuNml1YTdEWE96cU5ITFhObDA2cnkxbDhXaUs1N0ZPVXc0aDQzR2VEZmE1ajJxaC82U28KRFJheHJubHoxRitKMENzM2RxdWs0SVR1QU1VdVVoTC8xdWovZk5MRGRJVGNuNm1qaW1GRlRKNjNTK2VhRFpGZwpJWUYwYkZXREdvSndkSFQzSWwwTnlYaFMrUXRqSmJ3Y1Nic1JRUzVjN0xHNDlPSVFWOUdqbnFpcnZvZGxkYkpaCmczeThEOFhiZGFUajdFanhhWllCCi0tLS0tRU5EIENFUlRJRklDQVRFLS0tLS0K
tls.key: LS0tLS1CRUdJTiBSU0EgUFJJVkFURSBLRVktLS0tLQpNSUlFb3dJQkFBS0NBUUVBa3VkTk8wYWE0Ty9VaFpNYlpjNjRNc0YzeTluSXVVTFh0WkxzMkVGanAzeVdZV0lpClFYR0FTa0hSaHk4SkN5R2oxb2F6blZJRGJ2dW5vU2tFMmltYllvS3ZiQ05zaVlQNU1XSCtKMC8zTU4rcnhwdk4KYWtrT3k0akEvbGNuREVKL2EwVjBObHp1NnRzbStuTFJ5QzREWExvU21GRWhWZW8vNkc1dlVnUFJCK1ZmQjVHRwp6c2pyd3pNUVJGemIrd2p1STB4QTFQNlZ3dXZjaE1wTTNTTFRjeVVJZjJRdHpvY2V2Tk9uQ2h1cmp0SkdtWUFECllhaXdkSFRlelM2UzlSNHBLQWc4alRrYlpORDV4bXFsRG9wOVlpYWY1eWpBMC9GQ0xrazJ6Mnc4ZkIrZGFnOWwKL2NyNjdWS2J3VDZialREZ2R1bS9rSW1wYmRZOEtESXRPQThLdHdJREFRQUJBb0lCQUhpTXZ0L3ByS2J4cUNDRQorM0tzRkpQeUYzQjlJeTZFSDZldERoYlljZ0s3Umx4YnYyaWN6MzRnVE9UMlFDR1dWWEJ4MFd0RUpmVXBKZ0ltCk93a2NJNXJQUzAwZU5LOFVVYVdvbUh1Q0w0TTN5U3FPS0I4VUhNUUJVUDVtWG5DOUVQcmlYOTlNbS9LMkxHSlIKWHIwNnBSK3V3aHVrV0FxODAvelV3eDAyYkk1ZytUUTNDUWJyQm9pMnhlWEJVNWhWOCtqZmZwVDlWTmpCaU5CdgowTkdXMHZNV3EzWnAyTklIQ0VjQ0hOVVd2em9IamNsL3NXTkRySWNJQ1RGdWQ1aHg1TmZiQnRnQi9CQzRvRDliClhxR1NmQ0NGSnlvcGxtNGhwU0lGRXVjdFNFYVJNaEJQQy9TMCtTb1RwVzY0TzNtclRhbU85QzdzVDkxdE9TM1kKSy80Mjc0RUNnWUVBd0RZSkNmdWxCbWFWYWRGaml0ZVRSNmtYd08xejRwbEYxUWIyZVNlUDk2MmJNQ2Q0b1lFUwo4ckJrcVVpdE51a244NmQyOUd1clFubEVSL1RwUmYybk9ScFY2djdhUHhlZkxjVnppS0JGRElkdHV4YXJnMXhWCllmWkg5WmNPelZ0MWtYYjR3M0lBcEtVbnNNZElvUjVoVWt3TWFKRGFYOVN2UFJwU1YvUkREUkVDZ1lFQXc2Z0IKTGZ6V3Q3M3MvNnVwU0h4M2VoNVdXellHL052UmpHZHpxcE0xQ3c4cEZvWlF6eXhyVHFlUWdOcDlwZ1A2bVlyeApZSmUzR0VreU9jU0cvRkR0MGhnclltNCt4dU1ZN09NSkRvdXozaXU3enZwcHM2SlY0dWV6VVVVb3lpUmV3ZVROCmY3MjZzaU5TQXF1dFlxSDFudHlrcGRzUlFiN0tVRWthWDd3N3UwY0NnWUJ2ei84NkczVklYK3lTL2dlV0FRbmcKS2ZGemZhNW9KeG1FYnVSNlhoVlYwMXZ2aTBhVlRPeWsyUS8xbWgySlQrQzUwTFZXUWp3Q0UyRXhLcnQ0eDdHNwplaUo0N1lBd0s2R2hrcmMreDF6amlQVEFYTk94T3NsQWozQVU0YWJ1dDBHUk9WQkZBZEIxOXMwNy9QRzNLR0VjCjZyaGRLOGFjOExCd0x4dXZwcHhLd1FLQmdRQ0tOcXhlcURXbUp1eTh6NjhPSFo3cERYVkRpYTcyQVBMT2xHWUoKSVdSZkk1Nks0dWRDOHNYN0VqUHFVbTVnVUg4KzZBQUxsQ0VyYnNta05VaUdCVVY3SE1mSkNNZ2dCMTBjT21XegplTXpmTFZYR3FPN3lqc0xOUDVCVTRONG5yZm1pVHRjOFhmTDgxQ2FpN0ZQWFVVSUpyeVJBWmJpVEVRd3FHdm9lCmx3STdFUUtCZ0RNRjZsNjlRU25jcnp2UmFuWVRqQkxYOUg5d2RJODhpcTBxVm9FUXZQV2gxMm9KS280Mk9oTE8KZVViOE1vSW1mdWp0TllFT1FNYVB4bm9DbllKZGlLeVI0SW1oT2Z3bldMWjZTeU5KZHVNeWVDVDJqaDZXejlKTQpUL043MzV0TUV0WHJtYVNyNHFuRjdMZmFUT3VGdk5XODY3ckVNM1VXMGdveGo0ak93RWdkCi0tLS0tRU5EIFJTQSBQUklWQVRFIEtFWS0tLS0tCg==
ca.crt: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSURFRENDQWZpZ0F3SUJBZ0lSQU5sTmNXNWlYRzU1Z3lLRXgzc0tkT013RFFZSktvWklodmNOQVFFTEJRQXcKRWpFUU1BNEdBMVVFQXhNSGEzVnRZUzFqWVRBZUZ3MHlNekExTURreE56RXpOVFJhRncwek16QTFNRFl4TnpFegpOVFJhTUJJeEVEQU9CZ05WQkFNVEIydDFiV0V0WTJFd2dnRWlNQTBHQ1NxR1NJYjNEUUVCQVFVQUE0SUJEd0F3CmdnRUtBb0lCQVFEbzBRWHdJTXFBVkt0YnVxQUpCa3UyS3B3WlBQYlVDK01wYWN0SXJ5VVUxVUhld29OK3g4TWMKZ09ERHdXdEJadCtxZVZFOE84RzdtenBGUmQwS0hEUkVVdE02UDdpVFJCb1Uvd1YvRFhpYjBtTU9ZbmVrcmRBcQpBbFVtMms3RlJtMDVsVys4NS9wTmJxc0x1QWxiRkpERFc4RVM3Vk5HYUpOYkJ6TlMyclE2eU5XUkRrb2JwSGhaCmVnSzV0TmJVeHdYMDRRQU45bTQxVWxjcXh0SHhxMDBUaHJnTzFpNFFJL0dwNzFnWWc3RTQzejJxUTJpS1dCQnUKcElKTkhJbEdPUWROU3U0TmlhbHJ0Mll2ZHdheGMwdjFWcjhiMVBWeFVYODlXVXJIdzZrV0Nrb292U3lLTU95agpqVGlUUlZocll1UGFRSVAvTzlOYWpMSFpMWXZKMk5tOUFnTUJBQUdqWVRCZk1BNEdBMVVkRHdFQi93UUVBd0lDCnBEQWRCZ05WSFNVRUZqQVVCZ2dyQmdFRkJRY0RBUVlJS3dZQkJRVUhBd0l3RHdZRFZSMFRBUUgvQkFVd0F3RUIKL3pBZEJnTlZIUTRFRmdRVVJ4MGpudlI4YlFTZC9PS1JjZFU1SDV4eGUvVXdEUVlKS29aSWh2Y05BUUVMQlFBRApnZ0VCQU9SajBYZUoyYU1UMVQ0aGxLOURXQk9XQm5JUjZpYktqVzIweUlSYVVIbkpaOTUycVVISEN6TkNTaXVnCmFyZEhYalB6QVp5TVR4b0kwMmFkRXhKaXQ1d2tzQS9vWlJvWnErZ2d1WUwvUjhlR0NaZXpPZ1FyYyt2dzZ4OXYKVHRyVjJTWitEV09KV25Td1RqREk0d0pHMWV6QitQYzl1dmEzcDdYaERpa2NqcFlQWHMrZFd6Z1ppYWwxZnRyTQo1cGxMSVBvc2JaUmtUVjRzaWJhQTYzOHlxTjJEWjArcHNPV2I0a2Fya3JXSEgwRktpc1E3SSt0NUF1ZnZicHBaCkZza0N3K1JqV3pjRzR4NUNadFRUVlM2Ty9nbnJYa1pCb3psbDcwd0U3c1p3YnZLYzNyVUhMaitlZ25jQ2dmMDUKZ2U2V2VtVk1qb0FLdjJuUDlvZG9wS0pNODJjPQotLS0tLUVORCBDRVJUSUZJQ0FURS0tLS0tCg==
---
apiVersion: v1
kind: ConfigMap
metadata:
name: kuma-control-plane-config
namespace: kuma-system
labels:
app: kuma-control-plane
app.kubernetes.io/name: kuma
app.kubernetes.io/instance: kuma
data:
config.yaml: |
# use this file to override default configuration of `kuma-cp`
#
# see conf/kuma-cp.conf.yml for available settings
---
apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
annotations:
controller-gen.kubebuilder.io/version: v0.11.3
creationTimestamp: null
name: circuitbreakers.kuma.io
spec:
group: kuma.io
names:
categories:
- kuma
kind: CircuitBreaker
listKind: CircuitBreakerList
plural: circuitbreakers
singular: circuitbreaker
scope: Cluster
versions:
- name: v1alpha1
schema:
openAPIV3Schema:
properties:
apiVersion:
description: 'APIVersion defines the versioned schema of this representation
of an object. Servers should convert recognized schemas to the latest
internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
type: string
kind:
description: 'Kind is a string value representing the REST resource this
object represents. Servers may infer this from the endpoint the client
submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
type: string
mesh:
description: Mesh is the name of the Kuma mesh this resource belongs to.
It may be omitted for cluster-scoped resources.
type: string
metadata:
type: object
spec:
description: Spec is the specification of the Kuma CircuitBreaker resource.
x-kubernetes-preserve-unknown-fields: true
type: object
served: true
storage: true
---
apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
annotations:
controller-gen.kubebuilder.io/version: v0.11.3
creationTimestamp: null
name: containerpatches.kuma.io
spec:
group: kuma.io
names:
categories:
- kuma
kind: ContainerPatch
listKind: ContainerPatchList
plural: containerpatches
singular: containerpatch
scope: Namespaced
versions:
- name: v1alpha1
schema:
openAPIV3Schema:
description: ContainerPatch stores a list of patches to apply to init and
sidecar containers.
properties:
apiVersion:
description: 'APIVersion defines the versioned schema of this representation
of an object. Servers should convert recognized schemas to the latest
internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
type: string
kind:
description: 'Kind is a string value representing the REST resource this
object represents. Servers may infer this from the endpoint the client
submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
type: string
mesh:
type: string
metadata:
type: object
spec:
description: ContainerPatchSpec specifies the options available for a
ContainerPatch
properties:
initPatch:
description: InitPatch specifies jsonpatch to apply to an init container.
items:
description: JsonPatchBlock is one json patch operation block.
properties:
from:
description: From is a jsonpatch from string, used by move and
copy operations.
type: string
op:
description: Op is a jsonpatch operation string.
enum:
- add
- remove
- replace
- move
- copy
type: string
path:
description: Path is a jsonpatch path string.
type: string
value:
description: Value must be a string representing a valid json
object used by replace and add operations. String has to be
escaped with " to be valid a json object.
type: string
required:
- op
- path
type: object
type: array
sidecarPatch:
description: SidecarPatch specifies jsonpatch to apply to a sidecar
container.
items:
description: JsonPatchBlock is one json patch operation block.
properties:
from:
description: From is a jsonpatch from string, used by move and
copy operations.
type: string
op:
description: Op is a jsonpatch operation string.
enum:
- add
- remove
- replace
- move
- copy
type: string
path:
description: Path is a jsonpatch path string.
type: string
value:
description: Value must be a string representing a valid json
object used by replace and add operations. String has to be
escaped with " to be valid a json object.
type: string
required:
- op
- path
type: object
type: array
type: object
type: object
served: true
storage: true
---
apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
annotations:
controller-gen.kubebuilder.io/version: v0.11.3
creationTimestamp: null
name: meshfaultinjections.kuma.io
spec:
group: kuma.io
names:
categories:
- kuma
kind: MeshFaultInjection
listKind: MeshFaultInjectionList
plural: meshfaultinjections
singular: meshfaultinjection
scope: Namespaced
versions:
- name: v1alpha1
schema:
openAPIV3Schema:
properties:
apiVersion:
description: 'APIVersion defines the versioned schema of this representation
of an object. Servers should convert recognized schemas to the latest
internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
type: string
kind:
description: 'Kind is a string value representing the REST resource this
object represents. Servers may infer this from the endpoint the client
submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
type: string
metadata:
type: object
spec:
description: Spec is the specification of the Kuma MeshFaultInjection
resource.
properties:
from:
description: From list makes a match between clients and corresponding
configurations
items:
properties:
default:
description: Default is a configuration specific to the group
of destinations referenced in 'targetRef'
properties:
http:
description: Http allows to define list of Http faults between
dataplanes.
items:
description: FaultInjection defines the configuration
of faults between dataplanes.
properties:
abort:
description: Abort defines a configuration of not
delivering requests to destination service and replacing
the responses from destination dataplane by predefined
status code
properties:
httpStatus:
description: HTTP status code which will be returned
to source side
format: int32
type: integer
percentage:
anyOf:
- type: integer
- type: string
description: Percentage of requests on which abort
will be injected, has to be either int or decimal
represented as string.
x-kubernetes-int-or-string: true
required:
- httpStatus
- percentage
type: object
delay:
description: Delay defines configuration of delaying
a response from a destination
properties:
percentage:
anyOf:
- type: integer
- type: string
description: Percentage of requests on which delay
will be injected, has to be either int or decimal
represented as string.
x-kubernetes-int-or-string: true
value:
description: The duration during which the response
will be delayed
type: string
required:
- percentage
- value
type: object
responseBandwidth:
description: ResponseBandwidth defines a configuration
to limit the speed of responding to the requests
properties:
limit:
description: Limit is represented by value measure
in gbps, mbps, kbps or bps, e.g. 10kbps
type: string
percentage:
anyOf:
- type: integer
- type: string
description: Percentage of requests on which response
bandwidth limit will be either int or decimal
represented as string.
x-kubernetes-int-or-string: true
required:
- limit
- percentage
type: object
type: object
type: array
type: object
targetRef:
description: TargetRef is a reference to the resource that represents
a group of destinations.
properties:
kind:
description: Kind of the referenced resource
enum:
- Mesh
- MeshSubset
- MeshService
- MeshServiceSubset
- MeshGatewayRoute
type: string
mesh:
description: Mesh is reserved for future use to identify
cross mesh resources.
type: string
name:
description: 'Name of the referenced resource. Can only
be used with kinds: `MeshService`, `MeshServiceSubset`
and `MeshGatewayRoute`'
type: string
tags:
additionalProperties:
type: string
description: Tags used to select a subset of proxies by
tags. Can only be used with kinds `MeshSubset` and `MeshServiceSubset`
type: object
type: object
required:
- targetRef
type: object
type: array
targetRef:
description: TargetRef is a reference to the resource the policy takes
an effect on. The resource could be either a real store object or
virtual resource defined inplace.
properties:
kind:
description: Kind of the referenced resource
enum:
- Mesh
- MeshSubset
- MeshService
- MeshServiceSubset
- MeshGatewayRoute
type: string
mesh:
description: Mesh is reserved for future use to identify cross
mesh resources.
type: string
name:
description: 'Name of the referenced resource. Can only be used
with kinds: `MeshService`, `MeshServiceSubset` and `MeshGatewayRoute`'
type: string
tags:
additionalProperties:
type: string
description: Tags used to select a subset of proxies by tags.
Can only be used with kinds `MeshSubset` and `MeshServiceSubset`
type: object
type: object
required:
- targetRef
type: object
type: object
served: true
storage: true
---
apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
annotations:
controller-gen.kubebuilder.io/version: v0.11.3
creationTimestamp: null
name: meshgatewayinstances.kuma.io
spec:
group: kuma.io
names:
categories:
- kuma
kind: MeshGatewayInstance
listKind: MeshGatewayInstanceList
plural: meshgatewayinstances
singular: meshgatewayinstance
scope: Namespaced
versions:
- name: v1alpha1
schema:
openAPIV3Schema:
description: MeshGatewayInstance represents a managed instance of a dataplane
proxy for a Kuma Gateway.
properties:
apiVersion:
description: 'APIVersion defines the versioned schema of this representation
of an object. Servers should convert recognized schemas to the latest
internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
type: string
kind:
description: 'Kind is a string value representing the REST resource this
object represents. Servers may infer this from the endpoint the client
submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
type: string
metadata:
type: object
spec:
description: MeshGatewayInstanceSpec specifies the options available for
a GatewayDataplane.
properties:
podTemplate:
description: PodTemplate configures the Pod owned by this config.
properties:
metadata:
description: Metadata holds metadata configuration for a Service.
properties:
annotations:
additionalProperties:
type: string
description: Annotations holds annotations to be set on an
object.
type: object
labels:
additionalProperties:
type: string
description: Labels holds labels to be set on an objects.
type: object
type: object
spec:
description: Spec holds some customizable fields of a Pod.
properties:
container:
description: Container corresponds to PodSpec.Container
properties:
securityContext:
description: ContainerSecurityContext corresponds to PodSpec.Container.SecurityContext
properties:
readOnlyRootFilesystem:
description: ReadOnlyRootFilesystem corresponds to
PodSpec.Container.SecurityContext.ReadOnlyRootFilesystem
type: boolean
type: object
type: object
securityContext:
description: PodSecurityContext corresponds to PodSpec.SecurityContext
properties:
fsGroup:
description: FSGroup corresponds to PodSpec.SecurityContext.FSGroup
format: int64
type: integer
type: object
serviceAccountName:
description: ServiceAccountName corresponds to PodSpec.ServiceAccountName.
type: string
type: object
type: object
replicas:
default: 1
description: Replicas is the number of dataplane proxy replicas to
create. For now this is a fixed number, but in the future it could
be automatically scaled based on metrics.
format: int32
minimum: 1
type: integer
resources:
description: Resources specifies the compute resources for the proxy
container. The default can be set in the control plane config.
properties:
claims:
description: "Claims lists the names of resources, defined in
spec.resourceClaims, that are used by this container. \n This
is an alpha field and requires enabling the DynamicResourceAllocation
feature gate. \n This field is immutable. It can only be set
for containers."
items:
description: ResourceClaim references one entry in PodSpec.ResourceClaims.
properties:
name:
description: Name must match the name of one entry in pod.spec.resourceClaims
of the Pod where this field is used. It makes that resource
available inside a container.
type: string
required:
- name
type: object
type: array
x-kubernetes-list-map-keys:
- name
x-kubernetes-list-type: map
limits:
additionalProperties:
anyOf:
- type: integer
- type: string
pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
x-kubernetes-int-or-string: true
description: 'Limits describes the maximum amount of compute resources
allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/'
type: object
requests:
additionalProperties:
anyOf:
- type: integer
- type: string
pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
x-kubernetes-int-or-string: true
description: 'Requests describes the minimum amount of compute
resources required. If Requests is omitted for a container,
it defaults to Limits if that is explicitly specified, otherwise
to an implementation-defined value. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/'
type: object
type: object
serviceTemplate:
description: ServiceTemplate configures the Service owned by this
config.
properties:
metadata:
description: Metadata holds metadata configuration for a Service.
properties:
annotations:
additionalProperties:
type: string
description: Annotations holds annotations to be set on an
object.
type: object
labels:
additionalProperties:
type: string
description: Labels holds labels to be set on an objects.
type: object
type: object
spec:
description: Spec holds some customizable fields of a Service.
properties:
loadBalancerIP:
description: LoadBalancerIP corresponds to ServiceSpec.LoadBalancerIP.
type: string
type: object
type: object
serviceType:
default: LoadBalancer
description: ServiceType specifies the type of managed Service that
will be created to expose the dataplane proxies to traffic from
outside the cluster. The ports to expose will be taken from the
matching Gateway resource. If there is no matching Gateway, the
managed Service will be deleted.
enum:
- LoadBalancer
- ClusterIP
- NodePort
type: string
tags:
additionalProperties:
type: string
description: Tags specifies the Kuma tags that are propagated to the
managed dataplane proxies. These tags should include exactly one
`kuma.io/service` tag, and should match exactly one Gateway resource.
type: object
type: object
status:
description: MeshGatewayInstanceStatus holds information about the status
of the gateway instance.
properties:
conditions:
description: Conditions is an array of gateway instance conditions.
items:
description: "Condition contains details for one aspect of the current
state of this API Resource. --- This struct is intended for direct
use as an array at the field path .status.conditions. For example,
\n type FooStatus struct{ // Represents the observations of a
foo's current state. // Known .status.conditions.type are: \"Available\",
\"Progressing\", and \"Degraded\" // +patchMergeKey=type // +patchStrategy=merge
// +listType=map // +listMapKey=type Conditions []metav1.Condition
`json:\"conditions,omitempty\" patchStrategy:\"merge\" patchMergeKey:\"type\"
protobuf:\"bytes,1,rep,name=conditions\"` \n // other fields }"
properties:
lastTransitionTime:
description: lastTransitionTime is the last time the condition
transitioned from one status to another. This should be when
the underlying condition changed. If that is not known, then
using the time when the API field changed is acceptable.
format: date-time
type: string
message:
description: message is a human readable message indicating
details about the transition. This may be an empty string.
maxLength: 32768
type: string
observedGeneration:
description: observedGeneration represents the .metadata.generation
that the condition was set based upon. For instance, if .metadata.generation
is currently 12, but the .status.conditions[x].observedGeneration
is 9, the condition is out of date with respect to the current
state of the instance.
format: int64
minimum: 0
type: integer
reason:
description: reason contains a programmatic identifier indicating
the reason for the condition's last transition. Producers
of specific condition types may define expected values and
meanings for this field, and whether the values are considered
a guaranteed API. The value should be a CamelCase string.
This field may not be empty.
maxLength: 1024
minLength: 1
pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$
type: string
status:
description: status of the condition, one of True, False, Unknown.
enum:
- "True"
- "False"
- Unknown
type: string
type:
description: type of condition in CamelCase or in foo.example.com/CamelCase.
--- Many .condition.type values are consistent across resources
like Available, but because arbitrary conditions can be useful
(see .node.status.conditions), the ability to deconflict is
important. The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt)
maxLength: 316
pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$
type: string
required:
- lastTransitionTime
- message
- reason
- status
- type
type: object
type: array
x-kubernetes-list-map-keys:
- type
x-kubernetes-list-type: map
loadBalancer:
description: LoadBalancer contains the current status of the load-balancer,
if one is present.
properties:
ingress:
description: Ingress is a list containing ingress points for the
load-balancer. Traffic intended for the service should be sent
to these ingress points.
items:
description: 'LoadBalancerIngress represents the status of a
load-balancer ingress point: traffic intended for the service
should be sent to an ingress point.'
properties:
hostname:
description: Hostname is set for load-balancer ingress points
that are DNS based (typically AWS load-balancers)
type: string
ip:
description: IP is set for load-balancer ingress points
that are IP based (typically GCE or OpenStack load-balancers)
type: string
ports:
description: Ports is a list of records of service ports
If used, every port defined in the service should have
an entry in it
items:
properties:
error:
description: 'Error is to record the problem with
the service port The format of the error shall comply
with the following rules: - built-in error values
shall be specified in this file and those shall
use CamelCase names - cloud provider specific error
values must have names that comply with the format
foo.example.com/CamelCase. --- The regex it matches
is (dns1123SubdomainFmt/)?(qualifiedNameFmt)'
maxLength: 316
pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$
type: string
port:
description: Port is the port number of the service
port of which status is recorded here
format: int32
type: integer
protocol:
default: TCP
description: 'Protocol is the protocol of the service
port of which status is recorded here The supported
values are: "TCP", "UDP", "SCTP"'
type: string
required:
- port
- protocol
type: object
type: array
x-kubernetes-list-type: atomic
type: object
type: array
type: object
type: object
type: object
served: true
storage: true
subresources:
status: {}
---
apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
annotations:
controller-gen.kubebuilder.io/version: v0.11.3
creationTimestamp: null
name: meshgatewayroutes.kuma.io
spec:
group: kuma.io
names:
categories:
- kuma
kind: MeshGatewayRoute
listKind: MeshGatewayRouteList
plural: meshgatewayroutes
singular: meshgatewayroute
scope: Cluster
versions:
- name: v1alpha1
schema:
openAPIV3Schema:
properties:
apiVersion:
description: 'APIVersion defines the versioned schema of this representation
of an object. Servers should convert recognized schemas to the latest
internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
type: string
kind:
description: 'Kind is a string value representing the REST resource this
object represents. Servers may infer this from the endpoint the client
submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
type: string
mesh:
description: Mesh is the name of the Kuma mesh this resource belongs to.
It may be omitted for cluster-scoped resources.
type: string
metadata:
type: object
spec:
description: Spec is the specification of the Kuma MeshGatewayRoute resource.
x-kubernetes-preserve-unknown-fields: true
type: object
served: true
storage: true
---
apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
annotations:
controller-gen.kubebuilder.io/version: v0.11.3
creationTimestamp: null
name: meshgateways.kuma.io
spec:
group: kuma.io
names:
categories:
- kuma
kind: MeshGateway
listKind: MeshGatewayList
plural: meshgateways
singular: meshgateway
scope: Cluster
versions:
- name: v1alpha1
schema:
openAPIV3Schema:
properties:
apiVersion:
description: 'APIVersion defines the versioned schema of this representation
of an object. Servers should convert recognized schemas to the latest
internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
type: string
kind:
description: 'Kind is a string value representing the REST resource this
object represents. Servers may infer this from the endpoint the client
submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
type: string
mesh:
description: Mesh is the name of the Kuma mesh this resource belongs to.
It may be omitted for cluster-scoped resources.
type: string
metadata:
type: object
spec:
description: Spec is the specification of the Kuma MeshGateway resource.
x-kubernetes-preserve-unknown-fields: true
type: object
served: true
storage: true
---
apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
annotations:
controller-gen.kubebuilder.io/version: v0.11.3
creationTimestamp: null
name: meshhealthchecks.kuma.io
spec:
group: kuma.io
names:
categories:
- kuma
kind: MeshHealthCheck
listKind: MeshHealthCheckList
plural: meshhealthchecks
singular: meshhealthcheck
scope: Namespaced
versions:
- name: v1alpha1
schema:
openAPIV3Schema:
properties:
apiVersion:
description: 'APIVersion defines the versioned schema of this representation
of an object. Servers should convert recognized schemas to the latest
internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
type: string
kind:
description: 'Kind is a string value representing the REST resource this
object represents. Servers may infer this from the endpoint the client
submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
type: string
metadata:
type: object
spec:
description: Spec is the specification of the Kuma MeshHealthCheck resource.
properties:
targetRef:
description: TargetRef is a reference to the resource the policy takes
an effect on. The resource could be either a real store object or
virtual resource defined inplace.
properties:
kind:
description: Kind of the referenced resource
enum:
- Mesh
- MeshSubset
- MeshService
- MeshServiceSubset
- MeshGatewayRoute
type: string
mesh:
description: Mesh is reserved for future use to identify cross
mesh resources.
type: string
name:
description: 'Name of the referenced resource. Can only be used
with kinds: `MeshService`, `MeshServiceSubset` and `MeshGatewayRoute`'
type: string
tags:
additionalProperties:
type: string
description: Tags used to select a subset of proxies by tags.
Can only be used with kinds `MeshSubset` and `MeshServiceSubset`
type: object
type: object
to:
description: To list makes a match between the consumed services and
corresponding configurations
items:
properties:
default:
description: Default is a configuration specific to the group
of destinations referenced in 'targetRef'
properties:
alwaysLogHealthCheckFailures:
description: If set to true, health check failure events
will always be logged. If set to false, only the initial
health check failure event will be logged. The default
value is false.
type: boolean
eventLogPath:
description: Specifies the path to the file where Envoy
can log health check events. If empty, no event log will
be written.
type: string
failTrafficOnPanic:
description: If set to true, Envoy will not consider any
hosts when the cluster is in 'panic mode'. Instead, the
cluster will fail all requests as if all hosts are unhealthy.
This can help avoid potentially overwhelming a failing
service.
type: boolean
grpc:
description: GrpcHealthCheck defines gRPC configuration
which will instruct the service the health check will
be made for is a gRPC service.
properties:
authority:
description: The value of the :authority header in the
gRPC health check request, by default name of the
cluster this health check is associated with
type: string
disabled:
description: If true the GrpcHealthCheck is disabled
type: boolean
serviceName:
description: Service name parameter which will be sent
to gRPC service
type: string
type: object
healthyPanicThreshold:
anyOf:
- type: integer
- type: string
description: Allows to configure panic threshold for Envoy
cluster. If not specified, the default is 50%. To disable
panic mode, set to 0%. Either int or decimal represented
as string.
x-kubernetes-int-or-string: true
healthyThreshold:
default: 1
description: Number of consecutive healthy checks before
considering a host healthy.
format: int32
type: integer
http:
description: HttpHealthCheck defines HTTP configuration
which will instruct the service the health check will
be made for is an HTTP service.
properties:
disabled:
description: If true the HttpHealthCheck is disabled
type: boolean
expectedStatuses:
description: List of HTTP response statuses which are
considered healthy
items:
format: int32
type: integer
type: array
path:
default: /
description: The HTTP path which will be requested during
the health check (ie. /health)
type: string
requestHeadersToAdd:
description: The list of HTTP headers which should be
added to each health check request
properties:
add:
items:
properties:
name:
maxLength: 256
minLength: 1
pattern: ^[a-z0-9!#$%&'*+\-.^_\x60|~]+$
type: string
value:
type: string
required:
- name
- value
type: object
maxItems: 16
type: array
x-kubernetes-list-map-keys:
- name
x-kubernetes-list-type: map
set:
items:
properties:
name:
maxLength: 256
minLength: 1
pattern: ^[a-z0-9!#$%&'*+\-.^_\x60|~]+$
type: string
value:
type: string
required:
- name
- value
type: object
maxItems: 16
type: array
x-kubernetes-list-map-keys:
- name
x-kubernetes-list-type: map
type: object
type: object
initialJitter:
description: If specified, Envoy will start health checking
after a random time in ms between 0 and initialJitter.
This only applies to the first health check.
type: string
interval:
default: 1m
description: Interval between consecutive health checks.
type: string
intervalJitter:
description: If specified, during every interval Envoy will
add IntervalJitter to the wait time.
type: string
intervalJitterPercent:
description: If specified, during every interval Envoy will
add IntervalJitter * IntervalJitterPercent / 100 to the
wait time. If IntervalJitter and IntervalJitterPercent
are both set, both of them will be used to increase the
wait time.
format: int32
type: integer
noTrafficInterval:
description: The "no traffic interval" is a special health
check interval that is used when a cluster has never had
traffic routed to it. This lower interval allows cluster
information to be kept up to date, without sending a potentially
large amount of active health checking traffic for no
reason. Once a cluster has been used for traffic routing,
Envoy will shift back to using the standard health check
interval that is defined. Note that this interval takes
precedence over any other. The default value for "no traffic
interval" is 60 seconds.
type: string
reuseConnection:
description: Reuse health check connection between health
checks. Default is true.
type: boolean
tcp:
description: TcpHealthCheck defines configuration for specifying
bytes to send and expected response during the health
check
properties:
disabled:
description: If true the TcpHealthCheck is disabled
type: boolean
receive:
description: List of Base64 encoded blocks of strings
expected as a response. When checking the response,
"fuzzy" matching is performed such that each block
must be found, and in the order specified, but not
necessarily contiguous. If not provided or empty,
checks will be performed as "connect only" and be
marked as successful when TCP connection is successfully
established.
items:
type: string
type: array
send:
description: Base64 encoded content of the message which
will be sent during the health check to the target
type: string
type: object
timeout:
default: 15s
description: Maximum time to wait for a health check response.
type: string
unhealthyThreshold:
default: 5
description: Number of consecutive unhealthy checks before
considering a host unhealthy.
format: int32
type: integer
type: object
targetRef:
description: TargetRef is a reference to the resource that represents
a group of destinations.
properties:
kind:
description: Kind of the referenced resource
enum:
- Mesh
- MeshSubset
- MeshService
- MeshServiceSubset
- MeshGatewayRoute
type: string
mesh:
description: Mesh is reserved for future use to identify
cross mesh resources.
type: string
name:
description: 'Name of the referenced resource. Can only
be used with kinds: `MeshService`, `MeshServiceSubset`
and `MeshGatewayRoute`'
type: string
tags:
additionalProperties:
type: string
description: Tags used to select a subset of proxies by
tags. Can only be used with kinds `MeshSubset` and `MeshServiceSubset`
type: object
type: object
required:
- targetRef
type: object
type: array
required:
- targetRef
type: object
type: object
served: true
storage: true
---
apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
annotations:
controller-gen.kubebuilder.io/version: v0.11.3
creationTimestamp: null
name: meshhttproutes.kuma.io
spec:
group: kuma.io
names:
categories:
- kuma
kind: MeshHTTPRoute
listKind: MeshHTTPRouteList
plural: meshhttproutes
singular: meshhttproute
scope: Namespaced
versions:
- name: v1alpha1
schema:
openAPIV3Schema:
properties:
apiVersion:
description: 'APIVersion defines the versioned schema of this representation
of an object. Servers should convert recognized schemas to the latest
internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
type: string
kind:
description: 'Kind is a string value representing the REST resource this
object represents. Servers may infer this from the endpoint the client
submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
type: string
metadata:
type: object
spec:
description: Spec is the specification of the Kuma MeshHTTPRoute resource.
properties:
targetRef:
description: TargetRef is a reference to the resource the policy takes
an effect on. The resource could be either a real store object or
virtual resource defined inplace.
properties:
kind:
description: Kind of the referenced resource
enum:
- Mesh
- MeshSubset
- MeshService
- MeshServiceSubset
- MeshGatewayRoute
type: string
mesh:
description: Mesh is reserved for future use to identify cross
mesh resources.
type: string
name:
description: 'Name of the referenced resource. Can only be used
with kinds: `MeshService`, `MeshServiceSubset` and `MeshGatewayRoute`'
type: string
tags:
additionalProperties:
type: string
description: Tags used to select a subset of proxies by tags.
Can only be used with kinds `MeshSubset` and `MeshServiceSubset`
type: object
type: object
to:
description: To matches destination services of requests and holds
configuration.
items:
properties:
rules:
description: Rules contains the routing rules applies to a combination
of top-level targetRef and the targetRef in this entry.
items:
properties:
default:
description: Default holds routing rules that can be merged
with rules from other policies.
properties:
backendRefs:
items:
properties:
kind:
description: Kind of the referenced resource
enum:
- Mesh
- MeshSubset
- MeshService
- MeshServiceSubset
- MeshGatewayRoute
type: string
mesh:
description: Mesh is reserved for future use
to identify cross mesh resources.
type: string
name:
description: 'Name of the referenced resource.
Can only be used with kinds: `MeshService`,
`MeshServiceSubset` and `MeshGatewayRoute`'
type: string
tags:
additionalProperties:
type: string
description: Tags used to select a subset of
proxies by tags. Can only be used with kinds
`MeshSubset` and `MeshServiceSubset`
type: object
weight:
default: 1
minimum: 0
type: integer
type: object
type: array
filters:
items:
properties:
requestHeaderModifier:
description: Only one action is supported per
header name. Configuration to set or add multiple
values for a header must use RFC 7230 header
value formatting, separating each value with
a comma.
properties:
add:
items:
properties:
name:
maxLength: 256
minLength: 1
pattern: ^[a-z0-9!#$%&'*+\-.^_\x60|~]+$
type: string
value:
type: string
required:
- name
- value
type: object
maxItems: 16
type: array
x-kubernetes-list-map-keys:
- name
x-kubernetes-list-type: map
remove:
items:
type: string
maxItems: 16
type: array
set:
items:
properties:
name:
maxLength: 256
minLength: 1
pattern: ^[a-z0-9!#$%&'*+\-.^_\x60|~]+$
type: string
value:
type: string
required:
- name
- value
type: object
maxItems: 16
type: array
x-kubernetes-list-map-keys:
- name
x-kubernetes-list-type: map
type: object
requestMirror:
properties:
backendRef:
description: TargetRef defines structure
that allows attaching policy to various
objects
properties:
kind:
description: Kind of the referenced
resource
enum:
- Mesh
- MeshSubset
- MeshService
- MeshServiceSubset
- MeshGatewayRoute
type: string
mesh:
description: Mesh is reserved for future
use to identify cross mesh resources.
type: string
name:
description: 'Name of the referenced
resource. Can only be used with kinds:
`MeshService`, `MeshServiceSubset`
and `MeshGatewayRoute`'
type: string
tags:
additionalProperties:
type: string
description: Tags used to select a subset
of proxies by tags. Can only be used
with kinds `MeshSubset` and `MeshServiceSubset`
type: object
type: object
percentage:
anyOf:
- type: integer
- type: string
description: Percentage of requests to mirror.
If not specified, all requests to the
target cluster will be mirrored.
x-kubernetes-int-or-string: true
required:
- backendRef
type: object
requestRedirect:
properties:
hostname:
description: "PreciseHostname is the fully
qualified domain name of a network host.
This matches the RFC 1123 definition of
a hostname with 1 notable exception that
numeric IP addresses are not allowed.
\n Note that as per RFC1035 and RFC1123,
a *label* must consist of lower case alphanumeric
characters or '-', and must start and
end with an alphanumeric character. No
other punctuation is allowed."
maxLength: 253
minLength: 1
pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$
type: string
path:
description: Path defines parameters used
to modify the path of the incoming request.
The modified path is then used to construct
the location header. When empty, the request
path is used as-is.
properties:
replaceFullPath:
type: string
replacePrefixMatch:
type: string
type:
enum:
- ReplaceFullPath
- ReplacePrefixMatch
type: string
required:
- type
type: object
port:
description: Port is the port to be used
in the value of the `Location` header
in the response. When empty, port (if
specified) of the request is used.
format: int32
maximum: 65535
minimum: 1
type: integer
scheme:
enum:
- http
- https
type: string
statusCode:
default: 302
description: StatusCode is the HTTP status
code to be used in response.
enum:
- 301
- 302
- 303
- 307
- 308
type: integer
type: object
responseHeaderModifier:
description: Only one action is supported per
header name. Configuration to set or add multiple
values for a header must use RFC 7230 header
value formatting, separating each value with
a comma.
properties:
add:
items:
properties:
name:
maxLength: 256
minLength: 1
pattern: ^[a-z0-9!#$%&'*+\-.^_\x60|~]+$
type: string
value:
type: string
required:
- name
- value
type: object
maxItems: 16
type: array
x-kubernetes-list-map-keys:
- name
x-kubernetes-list-type: map
remove:
items:
type: string
maxItems: 16
type: array
set:
items:
properties:
name:
maxLength: 256
minLength: 1
pattern: ^[a-z0-9!#$%&'*+\-.^_\x60|~]+$
type: string
value:
type: string
required:
- name
- value
type: object
maxItems: 16
type: array
x-kubernetes-list-map-keys:
- name
x-kubernetes-list-type: map
type: object
type:
enum:
- RequestHeaderModifier
- ResponseHeaderModifier
- RequestRedirect
- URLRewrite
- RequestMirror
type: string
urlRewrite:
properties:
hostname:
description: Hostname is the value to be
used to replace the host header value
during forwarding.
maxLength: 253
minLength: 1
pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$
type: string
path:
description: Path defines a path rewrite.
properties:
replaceFullPath:
type: string
replacePrefixMatch:
type: string
type:
enum:
- ReplaceFullPath
- ReplacePrefixMatch
type: string
required:
- type
type: object
type: object
required:
- type
type: object
type: array
type: object
matches:
items:
properties:
headers:
items:
description: HeaderMatch describes how to select
an HTTP route by matching HTTP request headers.
properties:
name:
description: Name is the name of the HTTP
Header to be matched. Name MUST be lower
case as they will be handled with case insensitivity
(See https://tools.ietf.org/html/rfc7230#section-3.2).
maxLength: 256
minLength: 1
pattern: ^[a-z0-9!#$%&'*+\-.^_\x60|~]+$
type: string
type:
default: Exact
description: Type specifies how to match against
the value of the header.
enum:
- Exact
- Present
- RegularExpression
- Absent
- Prefix
type: string
value:
description: Value is the value of HTTP Header
to be matched.
type: string
required:
- name
type: object
type: array
method:
enum:
- CONNECT
- DELETE
- GET
- HEAD
- OPTIONS
- PATCH
- POST
- PUT
- TRACE
type: string
path:
properties:
type:
enum:
- Exact
- Prefix
- RegularExpression
type: string
value:
description: Exact or prefix matches must be
an absolute path. A prefix matches only if
separated by a slash or the entire path.
minLength: 1
type: string
required:
- type
- value
type: object
queryParams:
description: QueryParams matches based on HTTP URL
query parameters. Multiple matches are ANDed together
such that all listed matches must succeed.
items:
properties:
name:
minLength: 1
type: string
type:
enum:
- Exact
- RegularExpression
type: string
value:
type: string
required:
- name
- type
- value
type: object
type: array
type: object
type: array
required:
- default
- matches
type: object
type: array
targetRef:
description: TargetRef is a reference to the resource that represents
a group of request destinations.
properties:
kind:
description: Kind of the referenced resource
enum:
- Mesh
- MeshSubset
- MeshService
- MeshServiceSubset
- MeshGatewayRoute
type: string
mesh:
description: Mesh is reserved for future use to identify
cross mesh resources.
type: string
name:
description: 'Name of the referenced resource. Can only
be used with kinds: `MeshService`, `MeshServiceSubset`
and `MeshGatewayRoute`'
type: string
tags:
additionalProperties:
type: string
description: Tags used to select a subset of proxies by
tags. Can only be used with kinds `MeshSubset` and `MeshServiceSubset`
type: object
type: object
type: object
type: array
type: object
type: object
served: true
storage: true
---
apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
annotations:
controller-gen.kubebuilder.io/version: v0.11.3
creationTimestamp: null
name: meshinsights.kuma.io
spec:
group: kuma.io
names:
categories:
- kuma
kind: MeshInsight
listKind: MeshInsightList
plural: meshinsights
singular: meshinsight
scope: Cluster
versions:
- name: v1alpha1
schema:
openAPIV3Schema:
properties:
apiVersion:
description: 'APIVersion defines the versioned schema of this representation
of an object. Servers should convert recognized schemas to the latest
internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
type: string
kind:
description: 'Kind is a string value representing the REST resource this
object represents. Servers may infer this from the endpoint the client
submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
type: string
mesh:
description: Mesh is the name of the Kuma mesh this resource belongs to.
It may be omitted for cluster-scoped resources.
type: string
metadata:
type: object
spec:
description: Spec is the specification of the Kuma MeshInsight resource.
x-kubernetes-preserve-unknown-fields: true
type: object
served: true
storage: true
---
apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
annotations:
controller-gen.kubebuilder.io/version: v0.11.3
creationTimestamp: null
name: meshloadbalancingstrategies.kuma.io
spec:
group: kuma.io
names:
categories:
- kuma
kind: MeshLoadBalancingStrategy
listKind: MeshLoadBalancingStrategyList
plural: meshloadbalancingstrategies
singular: meshloadbalancingstrategy
scope: Namespaced
versions:
- name: v1alpha1
schema:
openAPIV3Schema:
properties:
apiVersion:
description: 'APIVersion defines the versioned schema of this representation
of an object. Servers should convert recognized schemas to the latest
internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
type: string
kind:
description: 'Kind is a string value representing the REST resource this
object represents. Servers may infer this from the endpoint the client
submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
type: string
metadata:
type: object
spec:
description: Spec is the specification of the Kuma MeshLoadBalancingStrategy
resource.
properties:
targetRef:
description: TargetRef is a reference to the resource the policy takes
an effect on. The resource could be either a real store object or
virtual resource defined inplace.
properties:
kind:
description: Kind of the referenced resource
enum:
- Mesh
- MeshSubset
- MeshService
- MeshServiceSubset
- MeshGatewayRoute
type: string
mesh:
description: Mesh is reserved for future use to identify cross
mesh resources.
type: string
name:
description: 'Name of the referenced resource. Can only be used
with kinds: `MeshService`, `MeshServiceSubset` and `MeshGatewayRoute`'
type: string
tags:
additionalProperties:
type: string
description: Tags used to select a subset of proxies by tags.
Can only be used with kinds `MeshSubset` and `MeshServiceSubset`
type: object
type: object
to:
description: To list makes a match between the consumed services and
corresponding configurations
items:
properties:
default:
description: Default is a configuration specific to the group
of destinations referenced in 'targetRef'
properties:
loadBalancer:
description: LoadBalancer allows to specify load balancing
algorithm.
properties:
leastRequest:
description: LeastRequest selects N random available
hosts as specified in 'choiceCount' (2 by default)
and picks the host which has the fewest active requests
properties:
choiceCount:
description: ChoiceCount is the number of random
healthy hosts from which the host with the fewest
active requests will be chosen. Defaults to 2
so that Envoy performs two-choice selection if
the field is not set.
format: int32
minimum: 2
type: integer
type: object
maglev:
description: Maglev implements consistent hashing to
upstream hosts. Maglev can be used as a drop in replacement
for the ring hash load balancer any place in which
consistent hashing is desired.
properties:
hashPolicies:
description: HashPolicies specify a list of request/connection
properties that are used to calculate a hash.
These hash policies are executed in the specified
order. If a hash policy has the “terminal” attribute
set to true, and there is already a hash generated,
the hash is returned immediately, ignoring the
rest of the hash policy list.
items:
properties:
connection:
properties:
sourceIP:
description: Hash on source IP address.
type: boolean
type: object
cookie:
properties:
name:
description: The name of the cookie that
will be used to obtain the hash key.
minLength: 1
type: string
path:
description: The name of the path for
the cookie.
type: string
ttl:
description: If specified, a cookie with
the TTL will be generated if the cookie
is not present.
type: string
required:
- name
type: object
filterState:
properties:
key:
description: The name of the Object in
the per-request filterState, which is
an Envoy::Hashable object. If there
is no data associated with the key,
or the stored object is not Envoy::Hashable,
no hash will be produced.
minLength: 1
type: string
required:
- key
type: object
header:
properties:
name:
description: The name of the request header
that will be used to obtain the hash
key.
minLength: 1
type: string
required:
- name
type: object
queryParameter:
properties:
name:
description: The name of the URL query
parameter that will be used to obtain
the hash key. If the parameter is not
present, no hash will be produced. Query
parameter names are case-sensitive.
minLength: 1
type: string
required:
- name
type: object
terminal:
description: 'Terminal is a flag that short-circuits
the hash computing. This field provides
a ‘fallback’ style of configuration: “if
a terminal policy doesn’t work, fallback
to rest of the policy list”, it saves time
when the terminal policy works. If true,
and there is already a hash computed, ignore
rest of the list of hash polices.'
type: boolean
type:
enum:
- Header
- Cookie
- SourceIP
- QueryParameter
- FilterState
type: string
required:
- type
type: object
type: array
tableSize:
description: The table size for Maglev hashing.
Maglev aims for “minimal disruption” rather than
an absolute guarantee. Minimal disruption means
that when the set of upstream hosts change, a
connection will likely be sent to the same upstream
as it was before. Increasing the table size reduces
the amount of disruption. The table size must
be prime number limited to 5000011. If it is not
specified, the default is 65537.
format: int32
maximum: 5000011
minimum: 1
type: integer
type: object
random:
description: Random selects a random available host.
The random load balancer generally performs better
than round-robin if no health checking policy is configured.
Random selection avoids bias towards the host in the
set that comes after a failed host.
type: object
ringHash:
description: RingHash implements consistent hashing
to upstream hosts. Each host is mapped onto a circle
(the “ring”) by hashing its address; each request
is then routed to a host by hashing some property
of the request, and finding the nearest corresponding
host clockwise around the ring.
properties:
hashFunction:
description: HashFunction is a function used to
hash hosts onto the ketama ring. The value defaults
to XX_HASH. Available values – XX_HASH, MURMUR_HASH_2.
enum:
- XXHash
- MurmurHash2
type: string
hashPolicies:
description: HashPolicies specify a list of request/connection
properties that are used to calculate a hash.
These hash policies are executed in the specified
order. If a hash policy has the “terminal” attribute
set to true, and there is already a hash generated,
the hash is returned immediately, ignoring the
rest of the hash policy list.
items:
properties:
connection:
properties:
sourceIP:
description: Hash on source IP address.
type: boolean
type: object
cookie:
properties:
name:
description: The name of the cookie that
will be used to obtain the hash key.
minLength: 1
type: string
path:
description: The name of the path for
the cookie.
type: string
ttl:
description: If specified, a cookie with
the TTL will be generated if the cookie
is not present.
type: string
required:
- name
type: object
filterState:
properties:
key:
description: The name of the Object in
the per-request filterState, which is
an Envoy::Hashable object. If there
is no data associated with the key,
or the stored object is not Envoy::Hashable,
no hash will be produced.
minLength: 1
type: string
required:
- key
type: object
header:
properties:
name:
description: The name of the request header
that will be used to obtain the hash
key.
minLength: 1
type: string
required:
- name
type: object
queryParameter:
properties:
name:
description: The name of the URL query
parameter that will be used to obtain
the hash key. If the parameter is not
present, no hash will be produced. Query
parameter names are case-sensitive.
minLength: 1
type: string
required:
- name
type: object
terminal:
description: 'Terminal is a flag that short-circuits
the hash computing. This field provides
a ‘fallback’ style of configuration: “if
a terminal policy doesn’t work, fallback
to rest of the policy list”, it saves time
when the terminal policy works. If true,
and there is already a hash computed, ignore
rest of the list of hash polices.'
type: boolean
type:
enum:
- Header
- Cookie
- SourceIP
- QueryParameter
- FilterState
type: string
required:
- type
type: object
type: array
maxRingSize:
description: Maximum hash ring size. Defaults to
8M entries, and limited to 8M entries, but can
be lowered to further constrain resource use.
format: int32
maximum: 8000000
minimum: 1
type: integer
minRingSize:
description: Minimum hash ring size. The larger
the ring is (that is, the more hashes there are
for each provided host) the better the request
distribution will reflect the desired weights.
Defaults to 1024 entries, and limited to 8M entries.
format: int32
maximum: 8000000
minimum: 1
type: integer
type: object
roundRobin:
description: RoundRobin is a load balancing algorithm
that distributes requests across available upstream
hosts in round-robin order.
type: object
type:
enum:
- RoundRobin
- LeastRequest
- RingHash
- Random
- Maglev
type: string
required:
- type
type: object
localityAwareness:
description: LocalityAwareness contains configuration for
locality aware load balancing.
properties:
disabled:
description: Disabled allows to disable locality-aware
load balancing. When disabled requests are distributed
across all endpoints regardless of locality.
type: boolean
type: object
type: object
targetRef:
description: TargetRef is a reference to the resource that represents
a group of destinations.
properties:
kind:
description: Kind of the referenced resource
enum:
- Mesh
- MeshSubset
- MeshService
- MeshServiceSubset
- MeshGatewayRoute
type: string
mesh:
description: Mesh is reserved for future use to identify
cross mesh resources.
type: string
name:
description: 'Name of the referenced resource. Can only
be used with kinds: `MeshService`, `MeshServiceSubset`
and `MeshGatewayRoute`'
type: string
tags:
additionalProperties:
type: string
description: Tags used to select a subset of proxies by
tags. Can only be used with kinds `MeshSubset` and `MeshServiceSubset`
type: object
type: object
required:
- targetRef
type: object
type: array
required:
- targetRef
type: object
type: object
served: true
storage: true
---
apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
annotations:
controller-gen.kubebuilder.io/version: v0.11.3
creationTimestamp: null
name: meshproxypatches.kuma.io
spec:
group: kuma.io
names:
categories:
- kuma
kind: MeshProxyPatch
listKind: MeshProxyPatchList
plural: meshproxypatches
singular: meshproxypatch
scope: Namespaced
versions:
- name: v1alpha1
schema:
openAPIV3Schema:
properties:
apiVersion:
description: 'APIVersion defines the versioned schema of this representation
of an object. Servers should convert recognized schemas to the latest
internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
type: string
kind:
description: 'Kind is a string value representing the REST resource this
object represents. Servers may infer this from the endpoint the client
submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
type: string
metadata:
type: object
spec:
description: Spec is the specification of the Kuma MeshProxyPatch resource.
properties:
default:
description: Default is a configuration specific to the group of destinations
referenced in 'targetRef'.
properties:
appendModifications:
description: AppendModifications is a list of modifications applied
on the selected proxy.
items:
properties:
cluster:
description: Cluster is a modification of Envoy's Cluster
resource.
properties:
jsonPatches:
description: JsonPatches specifies list of jsonpatches
to apply to on Envoy's Cluster resource
items:
description: JsonPatchBlock is one json patch operation
block.
properties:
from:
description: From is a jsonpatch from string,
used by move and copy operations.
type: string
op:
description: Op is a jsonpatch operation string.
enum:
- add
- remove
- replace
- move
- copy
type: string
path:
description: Path is a jsonpatch path string.
type: string
value:
description: Value must be a valid json value
used by replace and add operations.
x-kubernetes-preserve-unknown-fields: true
required:
- op
- path
type: object
type: array
match:
description: Match is a set of conditions that have
to be matched for modification operation to happen.
properties:
name:
description: Name of the cluster to match.
type: string
origin:
description: "Origin is the name of the component
or plugin that generated the resource. \n Here
is the list of well-known origins: inbound - resources
generated for handling incoming traffic. outbound
- resources generated for handling outgoing traffic.
transparent - resources generated for transparent
proxy functionality. prometheus - resources generated
when Prometheus metrics are enabled. direct-access
- resources generated for Direct Access functionality.
ingress - resources generated for Zone Ingress.
egress - resources generated for Zone Egress.
gateway - resources generated for MeshGateway.
\n The list is not complete, because policy plugins
can introduce new resources. For example MeshTrace
plugin can create Cluster with \"mesh-trace\"
origin."
type: string
type: object
operation:
description: Operation to execute on matched cluster.
enum:
- Add
- Remove
- Patch
type: string
value:
description: Value of xDS resource in YAML format to
add or patch.
type: string
required:
- operation
type: object
httpFilter:
description: HTTPFilter is a modification of Envoy HTTP
Filter available in HTTP Connection Manager in a Listener
resource.
properties:
jsonPatches:
description: JsonPatches specifies list of jsonpatches
to apply to on Envoy's HTTP Filter available in HTTP
Connection Manager in a Listener resource.
items:
description: JsonPatchBlock is one json patch operation
block.
properties:
from:
description: From is a jsonpatch from string,
used by move and copy operations.
type: string
op:
description: Op is a jsonpatch operation string.
enum:
- add
- remove
- replace
- move
- copy
type: string
path:
description: Path is a jsonpatch path string.
type: string
value:
description: Value must be a valid json value
used by replace and add operations.
x-kubernetes-preserve-unknown-fields: true
required:
- op
- path
type: object
type: array
match:
description: Match is a set of conditions that have
to be matched for modification operation to happen.
properties:
listenerName:
description: Name of the listener to match.
type: string
listenerTags:
additionalProperties:
type: string
description: Listener tags available in Listener#Metadata#FilterMetadata[io.kuma.tags]
type: object
name:
description: Name of the HTTP filter. For example
"envoy.filters.http.local_ratelimit"
type: string
origin:
description: "Origin is the name of the component
or plugin that generated the resource. \n Here
is the list of well-known origins: inbound - resources
generated for handling incoming traffic. outbound
- resources generated for handling outgoing traffic.
transparent - resources generated for transparent
proxy functionality. prometheus - resources generated
when Prometheus metrics are enabled. direct-access
- resources generated for Direct Access functionality.
ingress - resources generated for Zone Ingress.
egress - resources generated for Zone Egress.
gateway - resources generated for MeshGateway.
\n The list is not complete, because policy plugins
can introduce new resources. For example MeshTrace
plugin can create Cluster with \"mesh-trace\"
origin."
type: string
type: object
operation:
description: Operation to execute on matched listener.
enum:
- Remove
- Patch
- AddFirst
- AddBefore
- AddAfter
- AddLast
type: string
value:
description: Value of xDS resource in YAML format to
add or patch.
type: string
required:
- operation
type: object
listener:
description: Listener is a modification of Envoy's Listener
resource.
properties:
jsonPatches:
description: JsonPatches specifies list of jsonpatches
to apply to on Envoy's Listener resource
items:
description: JsonPatchBlock is one json patch operation
block.
properties:
from:
description: From is a jsonpatch from string,
used by move and copy operations.
type: string
op:
description: Op is a jsonpatch operation string.
enum:
- add
- remove
- replace
- move
- copy
type: string
path:
description: Path is a jsonpatch path string.
type: string
value:
description: Value must be a valid json value
used by replace and add operations.
x-kubernetes-preserve-unknown-fields: true
required:
- op
- path
type: object
type: array
match:
description: Match is a set of conditions that have
to be matched for modification operation to happen.
properties:
name:
description: Name of the listener to match.
type: string
origin:
description: "Origin is the name of the component
or plugin that generated the resource. \n Here
is the list of well-known origins: inbound - resources
generated for handling incoming traffic. outbound
- resources generated for handling outgoing traffic.
transparent - resources generated for transparent
proxy functionality. prometheus - resources generated
when Prometheus metrics are enabled. direct-access
- resources generated for Direct Access functionality.
ingress - resources generated for Zone Ingress.
egress - resources generated for Zone Egress.
gateway - resources generated for MeshGateway.
\n The list is not complete, because policy plugins
can introduce new resources. For example MeshTrace
plugin can create Cluster with \"mesh-trace\"
origin."
type: string
tags:
additionalProperties:
type: string
description: Tags available in Listener#Metadata#FilterMetadata[io.kuma.tags]
type: object
type: object
operation:
description: Operation to execute on matched listener.
enum:
- Add
- Remove
- Patch
type: string
value:
description: Value of xDS resource in YAML format to
add or patch.
type: string
required:
- operation
type: object
networkFilter:
description: NetworkFilter is a modification of Envoy Listener's
filter.
properties:
jsonPatches:
description: JsonPatches specifies list of jsonpatches
to apply to on Envoy Listener's filter.
items:
description: JsonPatchBlock is one json patch operation
block.
properties:
from:
description: From is a jsonpatch from string,
used by move and copy operations.
type: string
op:
description: Op is a jsonpatch operation string.
enum:
- add
- remove
- replace
- move
- copy
type: string
path:
description: Path is a jsonpatch path string.
type: string
value:
description: Value must be a valid json value
used by replace and add operations.
x-kubernetes-preserve-unknown-fields: true
required:
- op
- path
type: object
type: array
match:
description: Match is a set of conditions that have
to be matched for modification operation to happen.
properties:
listenerName:
description: Name of the listener to match.
type: string
listenerTags:
additionalProperties:
type: string
description: Listener tags available in Listener#Metadata#FilterMetadata[io.kuma.tags]
type: object
name:
description: Name of the network filter. For example
"envoy.filters.network.ratelimit"
type: string
origin:
description: "Origin is the name of the component
or plugin that generated the resource. \n Here
is the list of well-known origins: inbound - resources
generated for handling incoming traffic. outbound
- resources generated for handling outgoing traffic.
transparent - resources generated for transparent
proxy functionality. prometheus - resources generated
when Prometheus metrics are enabled. direct-access
- resources generated for Direct Access functionality.
ingress - resources generated for Zone Ingress.
egress - resources generated for Zone Egress.
gateway - resources generated for MeshGateway.
\n The list is not complete, because policy plugins
can introduce new resources. For example MeshTrace
plugin can create Cluster with \"mesh-trace\"
origin."
type: string
type: object
operation:
description: Operation to execute on matched listener.
enum:
- Remove
- Patch
- AddFirst
- AddBefore
- AddAfter
- AddLast
type: string
value:
description: Value of xDS resource in YAML format to
add or patch.
type: string
required:
- operation
type: object
virtualHost:
description: VirtualHost is a modification of Envoy's VirtualHost
referenced in HTTP Connection Manager in a Listener resource.
properties:
jsonPatches:
description: JsonPatches specifies list of jsonpatches
to apply to on Envoy's VirtualHost resource
items:
description: JsonPatchBlock is one json patch operation
block.
properties:
from:
description: From is a jsonpatch from string,
used by move and copy operations.
type: string
op:
description: Op is a jsonpatch operation string.
enum:
- add
- remove
- replace
- move
- copy
type: string
path:
description: Path is a jsonpatch path string.
type: string
value:
description: Value must be a valid json value
used by replace and add operations.
x-kubernetes-preserve-unknown-fields: true
required:
- op
- path
type: object
type: array
match:
description: Match is a set of conditions that have
to be matched for modification operation to happen.
properties:
name:
description: Name of the VirtualHost to match.
type: string
origin:
description: "Origin is the name of the component
or plugin that generated the resource. \n Here
is the list of well-known origins: inbound - resources
generated for handling incoming traffic. outbound
- resources generated for handling outgoing traffic.
transparent - resources generated for transparent
proxy functionality. prometheus - resources generated
when Prometheus metrics are enabled. direct-access
- resources generated for Direct Access functionality.
ingress - resources generated for Zone Ingress.
egress - resources generated for Zone Egress.
gateway - resources generated for MeshGateway.
\n The list is not complete, because policy plugins
can introduce new resources. For example MeshTrace
plugin can create Cluster with \"mesh-trace\"
origin."
type: string
routeConfigurationName:
description: Name of the RouteConfiguration resource
to match.
type: string
type: object
operation:
description: Operation to execute on matched listener.
enum:
- Add
- Remove
- Patch
type: string
value:
description: Value of xDS resource in YAML format to
add or patch.
type: string
required:
- match
- operation
type: object
type: object
type: array
required:
- appendModifications
type: object
targetRef:
description: TargetRef is a reference to the resource the policy takes
an effect on. The resource could be either a real store object or
virtual resource defined inplace.
properties:
kind:
description: Kind of the referenced resource
enum:
- Mesh
- MeshSubset
- MeshService
- MeshServiceSubset
- MeshGatewayRoute
type: string
mesh:
description: Mesh is reserved for future use to identify cross
mesh resources.
type: string
name:
description: 'Name of the referenced resource. Can only be used
with kinds: `MeshService`, `MeshServiceSubset` and `MeshGatewayRoute`'
type: string
tags:
additionalProperties:
type: string
description: Tags used to select a subset of proxies by tags.
Can only be used with kinds `MeshSubset` and `MeshServiceSubset`
type: object
type: object
required:
- default
- targetRef
type: object
type: object
served: true
storage: true
---
apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
annotations:
controller-gen.kubebuilder.io/version: v0.11.3
creationTimestamp: null
name: meshratelimits.kuma.io
spec:
group: kuma.io
names:
categories:
- kuma
kind: MeshRateLimit
listKind: MeshRateLimitList
plural: meshratelimits
singular: meshratelimit
scope: Namespaced
versions:
- name: v1alpha1
schema:
openAPIV3Schema:
properties:
apiVersion:
description: 'APIVersion defines the versioned schema of this representation
of an object. Servers should convert recognized schemas to the latest
internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
type: string
kind:
description: 'Kind is a string value representing the REST resource this
object represents. Servers may infer this from the endpoint the client
submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
type: string
metadata:
type: object
spec:
description: Spec is the specification of the Kuma MeshRateLimit resource.
properties:
from:
description: From list makes a match between clients and corresponding
configurations
items:
properties:
default:
description: Default is a configuration specific to the group
of clients referenced in 'targetRef'
properties:
local:
description: LocalConf defines local http or/and tcp rate
limit configuration
properties:
http:
description: LocalHTTP defines confguration of local
HTTP rate limiting https://www.envoyproxy.io/docs/envoy/latest/configuration/http/http_filters/local_rate_limit_filter
properties:
disabled:
description: Define if rate limiting should be disabled.
type: boolean
onRateLimit:
description: Describes the actions to take on a
rate limit event
properties:
headers:
description: The Headers to be added to the
HTTP response on a rate limit event
properties:
add:
items:
properties:
name:
maxLength: 256
minLength: 1
pattern: ^[a-z0-9!#$%&'*+\-.^_\x60|~]+$
type: string
value:
type: string
required:
- name
- value
type: object
maxItems: 16
type: array
x-kubernetes-list-map-keys:
- name
x-kubernetes-list-type: map
set:
items:
properties:
name:
maxLength: 256
minLength: 1
pattern: ^[a-z0-9!#$%&'*+\-.^_\x60|~]+$
type: string
value:
type: string
required:
- name
- value
type: object
maxItems: 16
type: array
x-kubernetes-list-map-keys:
- name
x-kubernetes-list-type: map
type: object
status:
description: The HTTP status code to be set
on a rate limit event
format: int32
type: integer
type: object
requestRate:
description: Defines how many requests are allowed
per interval.
properties:
interval:
description: The interval the number of units
is accounted for.
type: string
num:
description: Number of units per interval (depending
on usage it can be a number of requests, or
a number of connections).
format: int32
type: integer
required:
- interval
- num
type: object
type: object
tcp:
description: LocalTCP defines confguration of local
TCP rate limiting https://www.envoyproxy.io/docs/envoy/latest/configuration/listeners/network_filters/local_rate_limit_filter
properties:
connectionRate:
description: Defines how many connections are allowed
per interval.
properties:
interval:
description: The interval the number of units
is accounted for.
type: string
num:
description: Number of units per interval (depending
on usage it can be a number of requests, or
a number of connections).
format: int32
type: integer
required:
- interval
- num
type: object
disabled:
description: 'Define if rate limiting should be
disabled. Default: false'
type: boolean
type: object
type: object
type: object
targetRef:
description: TargetRef is a reference to the resource that represents
a group of clients.
properties:
kind:
description: Kind of the referenced resource
enum:
- Mesh
- MeshSubset
- MeshService
- MeshServiceSubset
- MeshGatewayRoute
type: string
mesh:
description: Mesh is reserved for future use to identify
cross mesh resources.
type: string
name:
description: 'Name of the referenced resource. Can only
be used with kinds: `MeshService`, `MeshServiceSubset`
and `MeshGatewayRoute`'
type: string
tags:
additionalProperties:
type: string
description: Tags used to select a subset of proxies by
tags. Can only be used with kinds `MeshSubset` and `MeshServiceSubset`
type: object
type: object
required:
- targetRef
type: object
type: array
targetRef:
description: TargetRef is a reference to the resource the policy takes
an effect on. The resource could be either a real store object or
virtual resource defined inplace.
properties:
kind:
description: Kind of the referenced resource
enum:
- Mesh
- MeshSubset
- MeshService
- MeshServiceSubset
- MeshGatewayRoute
type: string
mesh:
description: Mesh is reserved for future use to identify cross
mesh resources.
type: string
name:
description: 'Name of the referenced resource. Can only be used
with kinds: `MeshService`, `MeshServiceSubset` and `MeshGatewayRoute`'
type: string
tags:
additionalProperties:
type: string
description: Tags used to select a subset of proxies by tags.
Can only be used with kinds `MeshSubset` and `MeshServiceSubset`
type: object
type: object
required:
- targetRef
type: object
type: object
served: true
storage: true
---
apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
annotations:
controller-gen.kubebuilder.io/version: v0.11.3
creationTimestamp: null
name: dataplaneinsights.kuma.io
spec:
group: kuma.io
names:
categories:
- kuma
kind: DataplaneInsight
listKind: DataplaneInsightList
plural: dataplaneinsights
singular: dataplaneinsight
scope: Namespaced
versions:
- name: v1alpha1
schema:
openAPIV3Schema:
properties:
apiVersion:
description: 'APIVersion defines the versioned schema of this representation
of an object. Servers should convert recognized schemas to the latest
internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
type: string
kind:
description: 'Kind is a string value representing the REST resource this
object represents. Servers may infer this from the endpoint the client
submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
type: string
mesh:
description: Mesh is the name of the Kuma mesh this resource belongs to.
It may be omitted for cluster-scoped resources.
type: string
metadata:
type: object
status:
description: Status is the status the Kuma resource.
x-kubernetes-preserve-unknown-fields: true
type: object
served: true
storage: true
---
apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
annotations:
controller-gen.kubebuilder.io/version: v0.11.3
creationTimestamp: null
name: meshretries.kuma.io
spec:
group: kuma.io
names:
categories:
- kuma
kind: MeshRetry
listKind: MeshRetryList
plural: meshretries
singular: meshretry
scope: Namespaced
versions:
- name: v1alpha1
schema:
openAPIV3Schema:
properties:
apiVersion:
description: 'APIVersion defines the versioned schema of this representation
of an object. Servers should convert recognized schemas to the latest
internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
type: string
kind:
description: 'Kind is a string value representing the REST resource this
object represents. Servers may infer this from the endpoint the client
submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
type: string
metadata:
type: object
spec:
description: Spec is the specification of the Kuma MeshRetry resource.
properties:
targetRef:
description: TargetRef is a reference to the resource the policy takes
an effect on. The resource could be either a real store object or
virtual resource defined inplace.
properties:
kind:
description: Kind of the referenced resource
enum:
- Mesh
- MeshSubset
- MeshService
- MeshServiceSubset
- MeshGatewayRoute
type: string
mesh:
description: Mesh is reserved for future use to identify cross
mesh resources.
type: string
name:
description: 'Name of the referenced resource. Can only be used
with kinds: `MeshService`, `MeshServiceSubset` and `MeshGatewayRoute`'
type: string
tags:
additionalProperties:
type: string
description: Tags used to select a subset of proxies by tags.
Can only be used with kinds `MeshSubset` and `MeshServiceSubset`
type: object
type: object
to:
description: To list makes a match between the consumed services and
corresponding configurations
items:
properties:
default:
description: Default is a configuration specific to the group
of destinations referenced in 'targetRef'
properties:
grpc:
description: GRPC defines a configuration of retries for
GRPC traffic
properties:
backOff:
description: BackOff is a configuration of durations
which will be used in exponential backoff strategy
between retries.
properties:
baseInterval:
description: BaseInterval is an amount of time which
should be taken between retries. Must be greater
than zero. Values less than 1 ms are rounded up
to 1 ms. Default is 25ms.
type: string
maxInterval:
description: MaxInterval is a maximal amount of
time which will be taken between retries. Default
is 10 times the "BaseInterval".
type: string
type: object
numRetries:
description: NumRetries is the number of attempts that
will be made on failed (and retriable) requests.
format: int32
type: integer
perTryTimeout:
description: PerTryTimeout is the amount of time after
which retry attempt should timeout. Setting this timeout
to 0 will disable it. Default is 15s.
type: string
rateLimitedBackOff:
description: RateLimitedBackOff is a configuration of
backoff which will be used when the upstream returns
one of the headers configured.
properties:
maxInterval:
description: MaxInterval is a maximal amount of
time which will be taken between retries. Default
is 300 seconds.
type: string
resetHeaders:
description: ResetHeaders specifies the list of
headers (like Retry-After or X-RateLimit-Reset)
to match against the response. Headers are tried
in order, and matched case-insensitive. The first
header to be parsed successfully is used. If no
headers match the default exponential BackOff
is used instead.
items:
properties:
format:
description: The format of the reset header,
either Seconds or UnixTimestamp.
enum:
- Seconds
- UnixTimestamp
type: string
name:
description: The Name of the reset header.
maxLength: 256
minLength: 1
pattern: ^[a-z0-9!#$%&'*+\-.^_\x60|~]+$
type: string
required:
- format
- name
type: object
type: array
type: object
retryOn:
description: 'RetryOn is a list of conditions which
will cause a retry. Available values are: [Canceled,
DeadlineExceeded, Internal, ResourceExhausted, Unavailable].'
items:
type: string
type: array
type: object
http:
description: HTTP defines a configuration of retries for
HTTP traffic
properties:
backOff:
description: BackOff is a configuration of durations
which will be used in exponential backoff strategy
between retries
properties:
baseInterval:
description: BaseInterval is an amount of time which
should be taken between retries. Must be greater
than zero. Values less than 1 ms are rounded up
to 1 ms. Default is 25ms.
type: string
maxInterval:
description: MaxInterval is a maximal amount of
time which will be taken between retries. Default
is 10 times the "BaseInterval".
type: string
type: object
hostSelection:
description: HostSelection is a list of predicates that
dictate how hosts should be selected when requests
are retried.
items:
properties:
predicate:
description: Type is requested predicate mode.
Available values are OmitPreviousHosts, OmitHostsWithTags,
and OmitPreviousPriorities.
type: string
tags:
additionalProperties:
type: string
description: Tags is a map of metadata to match
against for selecting the omitted hosts. Required
if Type is OmitHostsWithTags
type: object
updateFrequency:
description: UpdateFrequency is how often the
priority load should be updated based on previously
attempted priorities. Used for OmitPreviousPriorities.
Default is 2 if not set.
format: int32
type: integer
required:
- predicate
type: object
type: array
hostSelectionMaxAttempts:
description: HostSelectionMaxAttempts is the maximum
number of times host selection will be reattempted
before giving up, at which point the host that was
last selected will be routed to. If unspecified, this
will default to retrying once.
format: int64
type: integer
numRetries:
description: NumRetries is the number of attempts that
will be made on failed (and retriable) requests
format: int32
type: integer
perTryTimeout:
description: PerTryTimeout is the amount of time after
which retry attempt should timeout. Setting this timeout
to 0 will disable it. Default is 15s.
type: string
rateLimitedBackOff:
description: RateLimitedBackOff is a configuration of
backoff which will be used when the upstream returns
one of the headers configured.
properties:
maxInterval:
description: MaxInterval is a maximal amount of
time which will be taken between retries. Default
is 300 seconds.
type: string
resetHeaders:
description: ResetHeaders specifies the list of
headers (like Retry-After or X-RateLimit-Reset)
to match against the response. Headers are tried
in order, and matched case-insensitive. The first
header to be parsed successfully is used. If no
headers match the default exponential BackOff
is used instead.
items:
properties:
format:
description: The format of the reset header,
either Seconds or UnixTimestamp.
enum:
- Seconds
- UnixTimestamp
type: string
name:
description: The Name of the reset header.
maxLength: 256
minLength: 1
pattern: ^[a-z0-9!#$%&'*+\-.^_\x60|~]+$
type: string
required:
- format
- name
type: object
type: array
type: object
retriableRequestHeaders:
description: RetriableRequestHeaders is an HTTP headers
which must be present in the request for retries to
be attempted.
items:
description: HeaderMatch describes how to select an
HTTP route by matching HTTP request headers.
properties:
name:
description: Name is the name of the HTTP Header
to be matched. Name MUST be lower case as they
will be handled with case insensitivity (See
https://tools.ietf.org/html/rfc7230#section-3.2).
maxLength: 256
minLength: 1
pattern: ^[a-z0-9!#$%&'*+\-.^_\x60|~]+$
type: string
type:
default: Exact
description: Type specifies how to match against
the value of the header.
enum:
- Exact
- Present
- RegularExpression
- Absent
- Prefix
type: string
value:
description: Value is the value of HTTP Header
to be matched.
type: string
required:
- name
type: object
type: array
retriableResponseHeaders:
description: RetriableResponseHeaders is an HTTP response
headers that trigger a retry if present in the response.
A retry will be triggered if any of the header matches
match the upstream response headers.
items:
description: HeaderMatch describes how to select an
HTTP route by matching HTTP request headers.
properties:
name:
description: Name is the name of the HTTP Header
to be matched. Name MUST be lower case as they
will be handled with case insensitivity (See
https://tools.ietf.org/html/rfc7230#section-3.2).
maxLength: 256
minLength: 1
pattern: ^[a-z0-9!#$%&'*+\-.^_\x60|~]+$
type: string
type:
default: Exact
description: Type specifies how to match against
the value of the header.
enum:
- Exact
- Present
- RegularExpression
- Absent
- Prefix
type: string
value:
description: Value is the value of HTTP Header
to be matched.
type: string
required:
- name
type: object
type: array
retryOn:
description: 'RetryOn is a list of conditions which
will cause a retry. Available values are: [5XX, GatewayError,
Reset, Retriable4xx, ConnectFailure, EnvoyRatelimited,
RefusedStream, Http3PostConnectFailure, HttpMethodConnect,
HttpMethodDelete, HttpMethodGet, HttpMethodHead, HttpMethodOptions,
HttpMethodPatch, HttpMethodPost, HttpMethodPut, HttpMethodTrace].
Also, any HTTP status code (500, 503, etc).'
items:
type: string
type: array
type: object
tcp:
description: TCP defines a configuration of retries for
TCP traffic
properties:
maxConnectAttempt:
description: MaxConnectAttempt is a maximal amount of
TCP connection attempts which will be made before
giving up
format: int32
type: integer
type: object
type: object
targetRef:
description: TargetRef is a reference to the resource that represents
a group of destinations.
properties:
kind:
description: Kind of the referenced resource
enum:
- Mesh
- MeshSubset
- MeshService
- MeshServiceSubset
- MeshGatewayRoute
type: string
mesh:
description: Mesh is reserved for future use to identify
cross mesh resources.
type: string
name:
description: 'Name of the referenced resource. Can only
be used with kinds: `MeshService`, `MeshServiceSubset`
and `MeshGatewayRoute`'
type: string
tags:
additionalProperties:
type: string
description: Tags used to select a subset of proxies by
tags. Can only be used with kinds `MeshSubset` and `MeshServiceSubset`
type: object
type: object
required:
- targetRef
type: object
type: array
required:
- targetRef
type: object
type: object
served: true
storage: true
---
apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
annotations:
controller-gen.kubebuilder.io/version: v0.11.3
creationTimestamp: null
name: meshtimeouts.kuma.io
spec:
group: kuma.io
names:
categories:
- kuma
kind: MeshTimeout
listKind: MeshTimeoutList
plural: meshtimeouts
singular: meshtimeout
scope: Namespaced
versions:
- name: v1alpha1
schema:
openAPIV3Schema:
properties:
apiVersion:
description: 'APIVersion defines the versioned schema of this representation
of an object. Servers should convert recognized schemas to the latest
internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
type: string
kind:
description: 'Kind is a string value representing the REST resource this
object represents. Servers may infer this from the endpoint the client
submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
type: string
metadata:
type: object
spec:
description: Spec is the specification of the Kuma MeshTimeout resource.
properties:
from:
description: From list makes a match between clients and corresponding
configurations
items:
properties:
default:
description: Default is a configuration specific to the group
of clients referenced in 'targetRef'
properties:
connectionTimeout:
description: ConnectionTimeout specifies the amount of time
proxy will wait for an TCP connection to be established.
Default value is 5 seconds. Cannot be set to 0.
type: string
http:
description: Http provides configuration for HTTP specific
timeouts
properties:
maxConnectionDuration:
description: MaxConnectionDuration is the time after
which a connection will be drained and/or closed,
starting from when it was first established. Setting
this timeout to 0 will disable it. Disabled by default.
type: string
maxStreamDuration:
description: MaxStreamDuration is the maximum time that
a stream’s lifetime will span. Setting this timeout
to 0 will disable it. Disabled by default.
type: string
requestTimeout:
description: RequestTimeout The amount of time that
proxy will wait for the entire request to be received.
The timer is activated when the request is initiated,
and is disarmed when the last byte of the request
is sent, OR when the response is initiated. Setting
this timeout to 0 will disable it. Default is 15s.
type: string
streamIdleTimeout:
description: StreamIdleTimeout is the amount of time
that proxy will allow a stream to exist with no activity.
Setting this timeout to 0 will disable it. Default
is 30m
type: string
type: object
idleTimeout:
description: IdleTimeout is defined as the period in which
there are no bytes sent or received on connection Setting
this timeout to 0 will disable it. Be cautious when disabling
it because it can lead to connection leaking. Default
value is 1h.
type: string
type: object
targetRef:
description: TargetRef is a reference to the resource that represents
a group of clients.
properties:
kind:
description: Kind of the referenced resource
enum:
- Mesh
- MeshSubset
- MeshService
- MeshServiceSubset
- MeshGatewayRoute
type: string
mesh:
description: Mesh is reserved for future use to identify
cross mesh resources.
type: string
name:
description: 'Name of the referenced resource. Can only
be used with kinds: `MeshService`, `MeshServiceSubset`
and `MeshGatewayRoute`'
type: string
tags:
additionalProperties:
type: string
description: Tags used to select a subset of proxies by
tags. Can only be used with kinds `MeshSubset` and `MeshServiceSubset`
type: object
type: object
required:
- targetRef
type: object
type: array
targetRef:
description: TargetRef is a reference to the resource the policy takes
an effect on. The resource could be either a real store object or
virtual resource defined inplace.
properties:
kind:
description: Kind of the referenced resource
enum:
- Mesh
- MeshSubset
- MeshService
- MeshServiceSubset
- MeshGatewayRoute
type: string
mesh:
description: Mesh is reserved for future use to identify cross
mesh resources.
type: string
name:
description: 'Name of the referenced resource. Can only be used
with kinds: `MeshService`, `MeshServiceSubset` and `MeshGatewayRoute`'
type: string
tags:
additionalProperties:
type: string
description: Tags used to select a subset of proxies by tags.
Can only be used with kinds `MeshSubset` and `MeshServiceSubset`
type: object
type: object
to:
description: To list makes a match between the consumed services and
corresponding configurations
items:
properties:
default:
description: Default is a configuration specific to the group
of destinations referenced in 'targetRef'
properties:
connectionTimeout:
description: ConnectionTimeout specifies the amount of time
proxy will wait for an TCP connection to be established.
Default value is 5 seconds. Cannot be set to 0.
type: string
http:
description: Http provides configuration for HTTP specific
timeouts
properties:
maxConnectionDuration:
description: MaxConnectionDuration is the time after
which a connection will be drained and/or closed,
starting from when it was first established. Setting
this timeout to 0 will disable it. Disabled by default.
type: string
maxStreamDuration:
description: MaxStreamDuration is the maximum time that
a stream’s lifetime will span. Setting this timeout
to 0 will disable it. Disabled by default.
type: string
requestTimeout:
description: RequestTimeout The amount of time that
proxy will wait for the entire request to be received.
The timer is activated when the request is initiated,
and is disarmed when the last byte of the request
is sent, OR when the response is initiated. Setting
this timeout to 0 will disable it. Default is 15s.
type: string
streamIdleTimeout:
description: StreamIdleTimeout is the amount of time
that proxy will allow a stream to exist with no activity.
Setting this timeout to 0 will disable it. Default
is 30m
type: string
type: object
idleTimeout:
description: IdleTimeout is defined as the period in which
there are no bytes sent or received on connection Setting
this timeout to 0 will disable it. Be cautious when disabling
it because it can lead to connection leaking. Default
value is 1h.
type: string
type: object
targetRef:
description: TargetRef is a reference to the resource that represents
a group of destinations.
properties:
kind:
description: Kind of the referenced resource
enum:
- Mesh
- MeshSubset
- MeshService
- MeshServiceSubset
- MeshGatewayRoute
type: string
mesh:
description: Mesh is reserved for future use to identify
cross mesh resources.
type: string
name:
description: 'Name of the referenced resource. Can only
be used with kinds: `MeshService`, `MeshServiceSubset`
and `MeshGatewayRoute`'
type: string
tags:
additionalProperties:
type: string
description: Tags used to select a subset of proxies by
tags. Can only be used with kinds `MeshSubset` and `MeshServiceSubset`
type: object
type: object
required:
- targetRef
type: object
type: array
required:
- targetRef
type: object
type: object
served: true
storage: true
---
apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
annotations:
controller-gen.kubebuilder.io/version: v0.11.3
creationTimestamp: null
name: meshtraces.kuma.io
spec:
group: kuma.io
names:
categories:
- kuma
kind: MeshTrace
listKind: MeshTraceList
plural: meshtraces
singular: meshtrace
scope: Namespaced
versions:
- name: v1alpha1
schema:
openAPIV3Schema:
properties:
apiVersion:
description: 'APIVersion defines the versioned schema of this representation
of an object. Servers should convert recognized schemas to the latest
internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
type: string
kind:
description: 'Kind is a string value representing the REST resource this
object represents. Servers may infer this from the endpoint the client
submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
type: string
metadata:
type: object
spec:
description: Spec is the specification of the Kuma MeshTrace resource.
properties:
default:
description: MeshTrace configuration.
properties:
backends:
description: A one element array of backend definition. Envoy
allows configuring only 1 backend, so the natural way of representing
that would be just one object. Unfortunately due to the reasons
explained in MADR 009-tracing-policy this has to be a one element
array for now.
items:
description: Only one of zipkin, datadog or openTelemetry can
be used.
properties:
datadog:
description: Datadog backend configuration.
properties:
splitService:
description: 'Determines if datadog service name should
be split based on traffic direction and destination.
For example, with `splitService: true` and a `backend`
service that communicates with a couple of databases,
you would get service names like `backend_INBOUND`,
`backend_OUTBOUND_db1`, and `backend_OUTBOUND_db2`
in Datadog. Default: false'
type: boolean
url:
description: Address of Datadog collector, only host
and port are allowed (no paths, fragments etc.)
type: string
required:
- url
type: object
openTelemetry:
description: OpenTelemetry backend configuration.
properties:
endpoint:
description: Address of OpenTelemetry collector.
example: otel-collector:4317
minLength: 1
type: string
required:
- endpoint
type: object
zipkin:
description: Zipkin backend configuration.
properties:
apiVersion:
default: httpJson
description: 'Version of the API. values: httpJson,
httpProto. Default: httpJson see https://github.com/envoyproxy/envoy/blob/v1.22.0/api/envoy/config/trace/v3/zipkin.proto#L66'
enum:
- httpJson
- httpProto
type: string
sharedSpanContext:
description: 'Determines whether client and server spans
will share the same span context. Default: true. https://github.com/envoyproxy/envoy/blob/v1.22.0/api/envoy/config/trace/v3/zipkin.proto#L63'
type: boolean
traceId128bit:
description: 'Generate 128bit traces. Default: false'
type: boolean
url:
description: Address of Zipkin collector.
type: string
required:
- url
type: object
type: object
type: array
sampling:
description: Sampling configuration. Sampling is the process by
which a decision is made on whether to process/export a span
or not.
properties:
client:
anyOf:
- type: integer
- type: string
description: 'Target percentage of requests that will be force
traced if the ''x-client-trace-id'' header is set. Default:
100% Mirror of client_sampling in Envoy https://github.com/envoyproxy/envoy/blob/v1.22.0/api/envoy/config/filter/network/http_connection_manager/v2/http_connection_manager.proto#L127-L133
Either int or decimal represented as string.'
x-kubernetes-int-or-string: true
overall:
anyOf:
- type: integer
- type: string
description: 'Target percentage of requests will be traced
after all other sampling checks have been applied (client,
force tracing, random sampling). This field functions as
an upper limit on the total configured sampling rate. For
instance, setting client_sampling to 100% but overall_sampling
to 1% will result in only 1% of client requests with the
appropriate headers to be force traced. Default: 100% Mirror
of overall_sampling in Envoy https://github.com/envoyproxy/envoy/blob/v1.22.0/api/envoy/config/filter/network/http_connection_manager/v2/http_connection_manager.proto#L142-L150
Either int or decimal represented as string.'
x-kubernetes-int-or-string: true
random:
anyOf:
- type: integer
- type: string
description: 'Target percentage of requests that will be randomly
selected for trace generation, if not requested by the client
or not forced. Default: 100% Mirror of random_sampling in
Envoy https://github.com/envoyproxy/envoy/blob/v1.22.0/api/envoy/config/filter/network/http_connection_manager/v2/http_connection_manager.proto#L135-L140
Either int or decimal represented as string.'
x-kubernetes-int-or-string: true
type: object
tags:
description: Custom tags configuration. You can add custom tags
to traces based on headers or literal values.
items:
description: Custom tags configuration. Only one of literal
or header can be used.
properties:
header:
description: Tag taken from a header.
properties:
default:
description: Default value to use if header is missing.
If the default is missing and there is no value the
tag will not be included.
type: string
name:
description: Name of the header.
type: string
required:
- name
type: object
literal:
description: Tag taken from literal value.
type: string
name:
description: Name of the tag.
type: string
required:
- name
type: object
type: array
type: object
targetRef:
description: TargetRef is a reference to the resource the policy takes
an effect on. The resource could be either a real store object or
virtual resource defined inplace.
properties:
kind:
description: Kind of the referenced resource
enum:
- Mesh
- MeshSubset
- MeshService
- MeshServiceSubset
- MeshGatewayRoute
type: string
mesh:
description: Mesh is reserved for future use to identify cross
mesh resources.
type: string
name:
description: 'Name of the referenced resource. Can only be used
with kinds: `MeshService`, `MeshServiceSubset` and `MeshGatewayRoute`'
type: string
tags:
additionalProperties:
type: string
description: Tags used to select a subset of proxies by tags.
Can only be used with kinds `MeshSubset` and `MeshServiceSubset`
type: object
type: object
required:
- targetRef
type: object
type: object
served: true
storage: true
---
apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
annotations:
controller-gen.kubebuilder.io/version: v0.11.3
creationTimestamp: null
name: meshtrafficpermissions.kuma.io
spec:
group: kuma.io
names:
categories:
- kuma
kind: MeshTrafficPermission
listKind: MeshTrafficPermissionList
plural: meshtrafficpermissions
singular: meshtrafficpermission
scope: Namespaced
versions:
- name: v1alpha1
schema:
openAPIV3Schema:
properties:
apiVersion:
description: 'APIVersion defines the versioned schema of this representation
of an object. Servers should convert recognized schemas to the latest
internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
type: string
kind:
description: 'Kind is a string value representing the REST resource this
object represents. Servers may infer this from the endpoint the client
submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
type: string
metadata:
type: object
spec:
description: Spec is the specification of the Kuma MeshTrafficPermission
resource.
properties:
from:
description: From list makes a match between clients and corresponding
configurations
items:
properties:
default:
description: Default is a configuration specific to the group
of clients referenced in 'targetRef'
properties:
action:
description: 'Action defines a behavior for the specified
group of clients:'
enum:
- Allow
- Deny
- AllowWithShadowDeny
type: string
type: object
targetRef:
description: TargetRef is a reference to the resource that represents
a group of clients.
properties:
kind:
description: Kind of the referenced resource
enum:
- Mesh
- MeshSubset
- MeshService
- MeshServiceSubset
- MeshGatewayRoute
type: string
mesh:
description: Mesh is reserved for future use to identify
cross mesh resources.
type: string
name:
description: 'Name of the referenced resource. Can only
be used with kinds: `MeshService`, `MeshServiceSubset`
and `MeshGatewayRoute`'
type: string
tags:
additionalProperties:
type: string
description: Tags used to select a subset of proxies by
tags. Can only be used with kinds `MeshSubset` and `MeshServiceSubset`
type: object
type: object
required:
- targetRef
type: object
type: array
targetRef:
description: TargetRef is a reference to the resource the policy takes
an effect on. The resource could be either a real store object or
virtual resource defined inplace.
properties:
kind:
description: Kind of the referenced resource
enum:
- Mesh
- MeshSubset
- MeshService
- MeshServiceSubset
- MeshGatewayRoute
type: string
mesh:
description: Mesh is reserved for future use to identify cross
mesh resources.
type: string
name:
description: 'Name of the referenced resource. Can only be used
with kinds: `MeshService`, `MeshServiceSubset` and `MeshGatewayRoute`'
type: string
tags:
additionalProperties:
type: string
description: Tags used to select a subset of proxies by tags.
Can only be used with kinds `MeshSubset` and `MeshServiceSubset`
type: object
type: object
required:
- targetRef
type: object
type: object
served: true
storage: true
---
apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
annotations:
controller-gen.kubebuilder.io/version: v0.11.3
creationTimestamp: null
name: proxytemplates.kuma.io
spec:
group: kuma.io
names:
categories:
- kuma
kind: ProxyTemplate
listKind: ProxyTemplateList
plural: proxytemplates
singular: proxytemplate
scope: Cluster
versions:
- name: v1alpha1
schema:
openAPIV3Schema:
properties:
apiVersion:
description: 'APIVersion defines the versioned schema of this representation
of an object. Servers should convert recognized schemas to the latest
internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
type: string
kind:
description: 'Kind is a string value representing the REST resource this
object represents. Servers may infer this from the endpoint the client
submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
type: string
mesh:
description: Mesh is the name of the Kuma mesh this resource belongs to.
It may be omitted for cluster-scoped resources.
type: string
metadata:
type: object
spec:
description: Spec is the specification of the Kuma ProxyTemplate resource.
x-kubernetes-preserve-unknown-fields: true
type: object
served: true
storage: true
---
apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
annotations:
controller-gen.kubebuilder.io/version: v0.11.3
creationTimestamp: null
name: ratelimits.kuma.io
spec:
group: kuma.io
names:
categories:
- kuma
kind: RateLimit
listKind: RateLimitList
plural: ratelimits
singular: ratelimit
scope: Cluster
versions:
- name: v1alpha1
schema:
openAPIV3Schema:
properties:
apiVersion:
description: 'APIVersion defines the versioned schema of this representation
of an object. Servers should convert recognized schemas to the latest
internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
type: string
kind:
description: 'Kind is a string value representing the REST resource this
object represents. Servers may infer this from the endpoint the client
submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
type: string
mesh:
description: Mesh is the name of the Kuma mesh this resource belongs to.
It may be omitted for cluster-scoped resources.
type: string
metadata:
type: object
spec:
description: Spec is the specification of the Kuma RateLimit resource.
x-kubernetes-preserve-unknown-fields: true
type: object
served: true
storage: true
---
apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
annotations:
controller-gen.kubebuilder.io/version: v0.11.3
creationTimestamp: null
name: retries.kuma.io
spec:
group: kuma.io
names:
categories:
- kuma
kind: Retry
listKind: RetryList
plural: retries
singular: retry
scope: Cluster
versions:
- name: v1alpha1
schema:
openAPIV3Schema:
properties:
apiVersion:
description: 'APIVersion defines the versioned schema of this representation
of an object. Servers should convert recognized schemas to the latest
internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
type: string
kind:
description: 'Kind is a string value representing the REST resource this
object represents. Servers may infer this from the endpoint the client
submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
type: string
mesh:
description: Mesh is the name of the Kuma mesh this resource belongs to.
It may be omitted for cluster-scoped resources.
type: string
metadata:
type: object
spec:
description: Spec is the specification of the Kuma Retry resource.
x-kubernetes-preserve-unknown-fields: true
type: object
served: true
storage: true
---
apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
annotations:
controller-gen.kubebuilder.io/version: v0.11.3
creationTimestamp: null
name: serviceinsights.kuma.io
spec:
group: kuma.io
names:
categories:
- kuma
kind: ServiceInsight
listKind: ServiceInsightList
plural: serviceinsights
singular: serviceinsight
scope: Cluster
versions:
- name: v1alpha1
schema:
openAPIV3Schema:
properties:
apiVersion:
description: 'APIVersion defines the versioned schema of this representation
of an object. Servers should convert recognized schemas to the latest
internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
type: string
kind:
description: 'Kind is a string value representing the REST resource this
object represents. Servers may infer this from the endpoint the client
submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
type: string
mesh:
description: Mesh is the name of the Kuma mesh this resource belongs to.
It may be omitted for cluster-scoped resources.
type: string
metadata:
type: object
spec:
description: Spec is the specification of the Kuma ServiceInsight resource.
x-kubernetes-preserve-unknown-fields: true
type: object
served: true
storage: true
---
apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
annotations:
controller-gen.kubebuilder.io/version: v0.11.3
creationTimestamp: null
name: timeouts.kuma.io
spec:
group: kuma.io
names:
categories:
- kuma
kind: Timeout
listKind: TimeoutList
plural: timeouts
singular: timeout
scope: Cluster
versions:
- name: v1alpha1
schema:
openAPIV3Schema:
properties:
apiVersion:
description: 'APIVersion defines the versioned schema of this representation
of an object. Servers should convert recognized schemas to the latest
internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
type: string
kind:
description: 'Kind is a string value representing the REST resource this
object represents. Servers may infer this from the endpoint the client
submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
type: string
mesh:
description: Mesh is the name of the Kuma mesh this resource belongs to.
It may be omitted for cluster-scoped resources.
type: string
metadata:
type: object
spec:
description: Spec is the specification of the Kuma Timeout resource.
x-kubernetes-preserve-unknown-fields: true
type: object
served: true
storage: true
---
apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
annotations:
controller-gen.kubebuilder.io/version: v0.11.3
creationTimestamp: null
name: trafficlogs.kuma.io
spec:
group: kuma.io
names:
categories:
- kuma
kind: TrafficLog
listKind: TrafficLogList
plural: trafficlogs
singular: trafficlog
scope: Cluster
versions:
- name: v1alpha1
schema:
openAPIV3Schema:
properties:
apiVersion:
description: 'APIVersion defines the versioned schema of this representation
of an object. Servers should convert recognized schemas to the latest
internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
type: string
kind:
description: 'Kind is a string value representing the REST resource this
object represents. Servers may infer this from the endpoint the client
submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
type: string
mesh:
description: Mesh is the name of the Kuma mesh this resource belongs to.
It may be omitted for cluster-scoped resources.
type: string
metadata:
type: object
spec:
description: Spec is the specification of the Kuma TrafficLog resource.
x-kubernetes-preserve-unknown-fields: true
type: object
served: true
storage: true
---
apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
annotations:
controller-gen.kubebuilder.io/version: v0.11.3
creationTimestamp: null
name: dataplanes.kuma.io
spec:
group: kuma.io
names:
categories:
- kuma
kind: Dataplane
listKind: DataplaneList
plural: dataplanes
singular: dataplane
scope: Namespaced
versions:
- name: v1alpha1
schema:
openAPIV3Schema:
properties:
apiVersion:
description: 'APIVersion defines the versioned schema of this representation
of an object. Servers should convert recognized schemas to the latest
internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
type: string
kind:
description: 'Kind is a string value representing the REST resource this
object represents. Servers may infer this from the endpoint the client
submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
type: string
mesh:
description: Mesh is the name of the Kuma mesh this resource belongs to.
It may be omitted for cluster-scoped resources.
type: string
metadata:
type: object
spec:
description: Spec is the specification of the Kuma Dataplane resource.
x-kubernetes-preserve-unknown-fields: true
type: object
served: true
storage: true
---
apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
annotations:
controller-gen.kubebuilder.io/version: v0.11.3
creationTimestamp: null
name: trafficpermissions.kuma.io
spec:
group: kuma.io
names:
categories:
- kuma
kind: TrafficPermission
listKind: TrafficPermissionList
plural: trafficpermissions
singular: trafficpermission
scope: Cluster
versions:
- name: v1alpha1
schema:
openAPIV3Schema:
properties:
apiVersion:
description: 'APIVersion defines the versioned schema of this representation
of an object. Servers should convert recognized schemas to the latest
internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
type: string
kind:
description: 'Kind is a string value representing the REST resource this
object represents. Servers may infer this from the endpoint the client
submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
type: string
mesh:
description: Mesh is the name of the Kuma mesh this resource belongs to.
It may be omitted for cluster-scoped resources.
type: string
metadata:
type: object
spec:
description: Spec is the specification of the Kuma TrafficPermission resource.
x-kubernetes-preserve-unknown-fields: true
type: object
served: true
storage: true
---
apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
annotations:
controller-gen.kubebuilder.io/version: v0.11.3
creationTimestamp: null
name: trafficroutes.kuma.io
spec:
group: kuma.io
names:
categories:
- kuma
kind: TrafficRoute
listKind: TrafficRouteList
plural: trafficroutes
singular: trafficroute
scope: Cluster
versions:
- name: v1alpha1
schema:
openAPIV3Schema:
properties:
apiVersion:
description: 'APIVersion defines the versioned schema of this representation
of an object. Servers should convert recognized schemas to the latest
internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
type: string
kind:
description: 'Kind is a string value representing the REST resource this
object represents. Servers may infer this from the endpoint the client
submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
type: string
mesh:
description: Mesh is the name of the Kuma mesh this resource belongs to.
It may be omitted for cluster-scoped resources.
type: string
metadata:
type: object
spec:
description: Spec is the specification of the Kuma TrafficRoute resource.
x-kubernetes-preserve-unknown-fields: true
type: object
served: true
storage: true
---
apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
annotations:
controller-gen.kubebuilder.io/version: v0.11.3
creationTimestamp: null
name: traffictraces.kuma.io
spec:
group: kuma.io
names:
categories:
- kuma
kind: TrafficTrace
listKind: TrafficTraceList
plural: traffictraces
singular: traffictrace
scope: Cluster
versions:
- name: v1alpha1
schema:
openAPIV3Schema:
properties:
apiVersion:
description: 'APIVersion defines the versioned schema of this representation
of an object. Servers should convert recognized schemas to the latest
internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
type: string
kind:
description: 'Kind is a string value representing the REST resource this
object represents. Servers may infer this from the endpoint the client
submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
type: string
mesh:
description: Mesh is the name of the Kuma mesh this resource belongs to.
It may be omitted for cluster-scoped resources.
type: string
metadata:
type: object
spec:
description: Spec is the specification of the Kuma TrafficTrace resource.
x-kubernetes-preserve-unknown-fields: true
type: object
served: true
storage: true
---
apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
annotations:
controller-gen.kubebuilder.io/version: v0.11.3
creationTimestamp: null
name: virtualoutbounds.kuma.io
spec:
group: kuma.io
names:
categories:
- kuma
kind: VirtualOutbound
listKind: VirtualOutboundList
plural: virtualoutbounds
singular: virtualoutbound
scope: Cluster
versions:
- name: v1alpha1
schema:
openAPIV3Schema:
properties:
apiVersion:
description: 'APIVersion defines the versioned schema of this representation
of an object. Servers should convert recognized schemas to the latest
internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
type: string
kind:
description: 'Kind is a string value representing the REST resource this
object represents. Servers may infer this from the endpoint the client
submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
type: string
mesh:
description: Mesh is the name of the Kuma mesh this resource belongs to.
It may be omitted for cluster-scoped resources.
type: string
metadata:
type: object
spec:
description: Spec is the specification of the Kuma VirtualOutbound resource.
x-kubernetes-preserve-unknown-fields: true
type: object
served: true
storage: true
---
apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
annotations:
controller-gen.kubebuilder.io/version: v0.11.3
creationTimestamp: null
name: zoneegresses.kuma.io
spec:
group: kuma.io
names:
categories:
- kuma
kind: ZoneEgress
listKind: ZoneEgressList
plural: zoneegresses
singular: zoneegress
scope: Namespaced
versions:
- name: v1alpha1
schema:
openAPIV3Schema:
properties:
apiVersion:
description: 'APIVersion defines the versioned schema of this representation
of an object. Servers should convert recognized schemas to the latest
internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
type: string
kind:
description: 'Kind is a string value representing the REST resource this
object represents. Servers may infer this from the endpoint the client
submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
type: string
mesh:
description: Mesh is the name of the Kuma mesh this resource belongs to.
It may be omitted for cluster-scoped resources.
type: string
metadata:
type: object
spec:
description: Spec is the specification of the Kuma ZoneEgress resource.
x-kubernetes-preserve-unknown-fields: true
type: object
served: true
storage: true
---
apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
annotations:
controller-gen.kubebuilder.io/version: v0.11.3
creationTimestamp: null
name: zoneegressinsights.kuma.io
spec:
group: kuma.io
names:
categories:
- kuma
kind: ZoneEgressInsight
listKind: ZoneEgressInsightList
plural: zoneegressinsights
singular: zoneegressinsight
scope: Namespaced
versions:
- name: v1alpha1
schema:
openAPIV3Schema:
properties:
apiVersion:
description: 'APIVersion defines the versioned schema of this representation
of an object. Servers should convert recognized schemas to the latest
internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
type: string
kind:
description: 'Kind is a string value representing the REST resource this
object represents. Servers may infer this from the endpoint the client
submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
type: string
mesh:
description: Mesh is the name of the Kuma mesh this resource belongs to.
It may be omitted for cluster-scoped resources.
type: string
metadata:
type: object
spec:
description: Spec is the specification of the Kuma ZoneEgressInsight resource.
x-kubernetes-preserve-unknown-fields: true
type: object
served: true
storage: true
---
apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
annotations:
controller-gen.kubebuilder.io/version: v0.11.3
creationTimestamp: null
name: zoneingresses.kuma.io
spec:
group: kuma.io
names:
categories:
- kuma
kind: ZoneIngress
listKind: ZoneIngressList
plural: zoneingresses
singular: zoneingress
scope: Namespaced
versions:
- name: v1alpha1
schema:
openAPIV3Schema:
properties:
apiVersion:
description: 'APIVersion defines the versioned schema of this representation
of an object. Servers should convert recognized schemas to the latest
internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
type: string
kind:
description: 'Kind is a string value representing the REST resource this
object represents. Servers may infer this from the endpoint the client
submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
type: string
mesh:
description: Mesh is the name of the Kuma mesh this resource belongs to.
It may be omitted for cluster-scoped resources.
type: string
metadata:
type: object
spec:
description: Spec is the specification of the Kuma ZoneIngress resource.
x-kubernetes-preserve-unknown-fields: true
type: object
served: true
storage: true
---
apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
annotations:
controller-gen.kubebuilder.io/version: v0.11.3
creationTimestamp: null
name: zoneingressinsights.kuma.io
spec:
group: kuma.io
names:
categories:
- kuma
kind: ZoneIngressInsight
listKind: ZoneIngressInsightList
plural: zoneingressinsights
singular: zoneingressinsight
scope: Namespaced
versions:
- name: v1alpha1
schema:
openAPIV3Schema:
properties:
apiVersion:
description: 'APIVersion defines the versioned schema of this representation
of an object. Servers should convert recognized schemas to the latest
internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
type: string
kind:
description: 'Kind is a string value representing the REST resource this
object represents. Servers may infer this from the endpoint the client
submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
type: string
mesh:
description: Mesh is the name of the Kuma mesh this resource belongs to.
It may be omitted for cluster-scoped resources.
type: string
metadata:
type: object
spec:
description: Spec is the specification of the Kuma ZoneIngressInsight
resource.
x-kubernetes-preserve-unknown-fields: true
type: object
served: true
storage: true
---
apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
annotations:
controller-gen.kubebuilder.io/version: v0.11.3
creationTimestamp: null
name: zoneinsights.kuma.io
spec:
group: kuma.io
names:
categories:
- kuma
kind: ZoneInsight
listKind: ZoneInsightList
plural: zoneinsights
singular: zoneinsight
scope: Cluster
versions:
- name: v1alpha1
schema:
openAPIV3Schema:
properties:
apiVersion:
description: 'APIVersion defines the versioned schema of this representation
of an object. Servers should convert recognized schemas to the latest
internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
type: string
kind:
description: 'Kind is a string value representing the REST resource this
object represents. Servers may infer this from the endpoint the client
submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
type: string
mesh:
description: Mesh is the name of the Kuma mesh this resource belongs to.
It may be omitted for cluster-scoped resources.
type: string
metadata:
type: object
spec:
description: Spec is the specification of the Kuma ZoneInsight resource.
x-kubernetes-preserve-unknown-fields: true
type: object
served: true
storage: true
---
apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
annotations:
controller-gen.kubebuilder.io/version: v0.11.3
creationTimestamp: null
name: zones.kuma.io
spec:
group: kuma.io
names:
categories:
- kuma
kind: Zone
listKind: ZoneList
plural: zones
singular: zone
scope: Cluster
versions:
- name: v1alpha1
schema:
openAPIV3Schema:
properties:
apiVersion:
description: 'APIVersion defines the versioned schema of this representation
of an object. Servers should convert recognized schemas to the latest
internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
type: string
kind:
description: 'Kind is a string value representing the REST resource this
object represents. Servers may infer this from the endpoint the client
submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
type: string
mesh:
description: Mesh is the name of the Kuma mesh this resource belongs to.
It may be omitted for cluster-scoped resources.
type: string
metadata:
type: object
spec:
description: Spec is the specification of the Kuma Zone resource.
x-kubernetes-preserve-unknown-fields: true
type: object
served: true
storage: true
---
apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
annotations:
controller-gen.kubebuilder.io/version: v0.11.3
creationTimestamp: null
name: externalservices.kuma.io
spec:
group: kuma.io
names:
categories:
- kuma
kind: ExternalService
listKind: ExternalServiceList
plural: externalservices
singular: externalservice
scope: Cluster
versions:
- name: v1alpha1
schema:
openAPIV3Schema:
properties:
apiVersion:
description: 'APIVersion defines the versioned schema of this representation
of an object. Servers should convert recognized schemas to the latest
internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
type: string
kind:
description: 'Kind is a string value representing the REST resource this
object represents. Servers may infer this from the endpoint the client
submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
type: string
mesh:
description: Mesh is the name of the Kuma mesh this resource belongs to.
It may be omitted for cluster-scoped resources.
type: string
metadata:
type: object
spec:
description: Spec is the specification of the Kuma ExternalService resource.
x-kubernetes-preserve-unknown-fields: true
type: object
served: true
storage: true
---
apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
annotations:
controller-gen.kubebuilder.io/version: v0.11.3
creationTimestamp: null
name: faultinjections.kuma.io
spec:
group: kuma.io
names:
categories:
- kuma
kind: FaultInjection
listKind: FaultInjectionList
plural: faultinjections
singular: faultinjection
scope: Cluster
versions:
- name: v1alpha1
schema:
openAPIV3Schema:
properties:
apiVersion:
description: 'APIVersion defines the versioned schema of this representation
of an object. Servers should convert recognized schemas to the latest
internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
type: string
kind:
description: 'Kind is a string value representing the REST resource this
object represents. Servers may infer this from the endpoint the client
submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
type: string
mesh:
description: Mesh is the name of the Kuma mesh this resource belongs to.
It may be omitted for cluster-scoped resources.
type: string
metadata:
type: object
spec:
description: Spec is the specification of the Kuma FaultInjection resource.
x-kubernetes-preserve-unknown-fields: true
type: object
served: true
storage: true
---
apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
annotations:
controller-gen.kubebuilder.io/version: v0.11.3
creationTimestamp: null
name: healthchecks.kuma.io
spec:
group: kuma.io
names:
categories:
- kuma
kind: HealthCheck
listKind: HealthCheckList
plural: healthchecks
singular: healthcheck
scope: Cluster
versions:
- name: v1alpha1
schema:
openAPIV3Schema:
properties:
apiVersion:
description: 'APIVersion defines the versioned schema of this representation
of an object. Servers should convert recognized schemas to the latest
internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
type: string
kind:
description: 'Kind is a string value representing the REST resource this
object represents. Servers may infer this from the endpoint the client
submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
type: string
mesh:
description: Mesh is the name of the Kuma mesh this resource belongs to.
It may be omitted for cluster-scoped resources.
type: string
metadata:
type: object
spec:
description: Spec is the specification of the Kuma HealthCheck resource.
x-kubernetes-preserve-unknown-fields: true
type: object
served: true
storage: true
---
apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
annotations:
controller-gen.kubebuilder.io/version: v0.11.3
creationTimestamp: null
name: meshaccesslogs.kuma.io
spec:
group: kuma.io
names:
categories:
- kuma
kind: MeshAccessLog
listKind: MeshAccessLogList
plural: meshaccesslogs
singular: meshaccesslog
scope: Namespaced
versions:
- name: v1alpha1
schema:
openAPIV3Schema:
properties:
apiVersion:
description: 'APIVersion defines the versioned schema of this representation
of an object. Servers should convert recognized schemas to the latest
internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
type: string
kind:
description: 'Kind is a string value representing the REST resource this
object represents. Servers may infer this from the endpoint the client
submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
type: string
metadata:
type: object
spec:
description: Spec is the specification of the Kuma MeshAccessLog resource.
properties:
from:
description: From list makes a match between clients and corresponding
configurations
items:
properties:
default:
description: Default is a configuration specific to the group
of clients referenced in 'targetRef'
properties:
backends:
items:
properties:
file:
description: FileBackend defines configuration for
file based access logs
properties:
format:
description: Format of access logs. Placeholders
available on https://www.envoyproxy.io/docs/envoy/latest/configuration/observability/access_log/usage#command-operators
properties:
json:
items:
properties:
key:
type: string
value:
type: string
type: object
type: array
omitEmptyValues:
type: boolean
plain:
type: string
type: object
path:
description: Path to a file that logs will be
written to
type: string
required:
- path
type: object
openTelemetry:
description: Defines an OpenTelemetry logging backend.
properties:
attributes:
description: Attributes can contain placeholders
available on https://www.envoyproxy.io/docs/envoy/latest/configuration/observability/access_log/usage#command-operators
items:
properties:
key:
type: string
value:
type: string
type: object
type: array
endpoint:
description: Endpoint of OpenTelemetry collector.
An empty port defaults to 4317.
example: otel-collector:4317
minLength: 1
type: string
required:
- endpoint
type: object
tcp:
description: TCPBackend defines a TCP logging backend.
properties:
address:
description: Address of the TCP logging backend
type: string
format:
description: Format of access logs. Placeholders
available on https://www.envoyproxy.io/docs/envoy/latest/configuration/observability/access_log/usage#command-operators
properties:
json:
items:
properties:
key:
type: string
value:
type: string
type: object
type: array
omitEmptyValues:
type: boolean
plain:
type: string
type: object
required:
- address
type: object
type: object
type: array
type: object
targetRef:
description: TargetRef is a reference to the resource that represents
a group of clients.
properties:
kind:
description: Kind of the referenced resource
enum:
- Mesh
- MeshSubset
- MeshService
- MeshServiceSubset
- MeshGatewayRoute
type: string
mesh:
description: Mesh is reserved for future use to identify
cross mesh resources.
type: string
name:
description: 'Name of the referenced resource. Can only
be used with kinds: `MeshService`, `MeshServiceSubset`
and `MeshGatewayRoute`'
type: string
tags:
additionalProperties:
type: string
description: Tags used to select a subset of proxies by
tags. Can only be used with kinds `MeshSubset` and `MeshServiceSubset`
type: object
type: object
required:
- targetRef
type: object
type: array
targetRef:
description: TargetRef is a reference to the resource the policy takes
an effect on. The resource could be either a real store object or
virtual resource defined inplace.
properties:
kind:
description: Kind of the referenced resource
enum:
- Mesh
- MeshSubset
- MeshService
- MeshServiceSubset
- MeshGatewayRoute
type: string
mesh:
description: Mesh is reserved for future use to identify cross
mesh resources.
type: string
name:
description: 'Name of the referenced resource. Can only be used
with kinds: `MeshService`, `MeshServiceSubset` and `MeshGatewayRoute`'
type: string
tags:
additionalProperties:
type: string
description: Tags used to select a subset of proxies by tags.
Can only be used with kinds `MeshSubset` and `MeshServiceSubset`
type: object
type: object
to:
description: To list makes a match between the consumed services and
corresponding configurations
items:
properties:
default:
description: Default is a configuration specific to the group
of destinations referenced in 'targetRef'
properties:
backends:
items:
properties:
file:
description: FileBackend defines configuration for
file based access logs
properties:
format:
description: Format of access logs. Placeholders
available on https://www.envoyproxy.io/docs/envoy/latest/configuration/observability/access_log/usage#command-operators
properties:
json:
items:
properties:
key:
type: string
value:
type: string
type: object
type: array
omitEmptyValues:
type: boolean
plain:
type: string
type: object
path:
description: Path to a file that logs will be
written to
type: string
required:
- path
type: object
openTelemetry:
description: Defines an OpenTelemetry logging backend.
properties:
attributes:
description: Attributes can contain placeholders
available on https://www.envoyproxy.io/docs/envoy/latest/configuration/observability/access_log/usage#command-operators
items:
properties:
key:
type: string
value:
type: string
type: object
type: array
endpoint:
description: Endpoint of OpenTelemetry collector.
An empty port defaults to 4317.
example: otel-collector:4317
minLength: 1
type: string
required:
- endpoint
type: object
tcp:
description: TCPBackend defines a TCP logging backend.
properties:
address:
description: Address of the TCP logging backend
type: string
format:
description: Format of access logs. Placeholders
available on https://www.envoyproxy.io/docs/envoy/latest/configuration/observability/access_log/usage#command-operators
properties:
json:
items:
properties:
key:
type: string
value:
type: string
type: object
type: array
omitEmptyValues:
type: boolean
plain:
type: string
type: object
required:
- address
type: object
type: object
type: array
type: object
targetRef:
description: TargetRef is a reference to the resource that represents
a group of destinations.
properties:
kind:
description: Kind of the referenced resource
enum:
- Mesh
- MeshSubset
- MeshService
- MeshServiceSubset
- MeshGatewayRoute
type: string
mesh:
description: Mesh is reserved for future use to identify
cross mesh resources.
type: string
name:
description: 'Name of the referenced resource. Can only
be used with kinds: `MeshService`, `MeshServiceSubset`
and `MeshGatewayRoute`'
type: string
tags:
additionalProperties:
type: string
description: Tags used to select a subset of proxies by
tags. Can only be used with kinds `MeshSubset` and `MeshServiceSubset`
type: object
type: object
required:
- targetRef
type: object
type: array
required:
- targetRef
type: object
type: object
served: true
storage: true
---
apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
annotations:
controller-gen.kubebuilder.io/version: v0.11.3
creationTimestamp: null
name: meshcircuitbreakers.kuma.io
spec:
group: kuma.io
names:
categories:
- kuma
kind: MeshCircuitBreaker
listKind: MeshCircuitBreakerList
plural: meshcircuitbreakers
singular: meshcircuitbreaker
scope: Namespaced
versions:
- name: v1alpha1
schema:
openAPIV3Schema:
properties:
apiVersion:
description: 'APIVersion defines the versioned schema of this representation
of an object. Servers should convert recognized schemas to the latest
internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
type: string
kind:
description: 'Kind is a string value representing the REST resource this
object represents. Servers may infer this from the endpoint the client
submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
type: string
metadata:
type: object
spec:
description: Spec is the specification of the Kuma MeshCircuitBreaker
resource.
properties:
from:
description: From list makes a match between clients and corresponding
configurations
items:
properties:
default:
description: Default is a configuration specific to the group
of destinations referenced in 'targetRef'
properties:
connectionLimits:
description: ConnectionLimits contains configuration of
each circuit breaking limit, which when exceeded makes
the circuit breaker to become open (no traffic is allowed
like no current is allowed in the circuits when physical
circuit breaker ir open)
properties:
maxConnectionPools:
description: The maximum number of connection pools
per cluster that are concurrently supported at once.
Set this for clusters which create a large number
of connection pools.
format: int32
type: integer
maxConnections:
description: The maximum number of connections allowed
to be made to the upstream cluster.
format: int32
type: integer
maxPendingRequests:
description: The maximum number of pending requests
that are allowed to the upstream cluster. This limit
is applied as a connection limit for non-HTTP traffic.
format: int32
type: integer
maxRequests:
description: The maximum number of parallel requests
that are allowed to be made to the upstream cluster.
This limit does not apply to non-HTTP traffic.
format: int32
type: integer
maxRetries:
description: The maximum number of parallel retries
that will be allowed to the upstream cluster.
format: int32
type: integer
type: object
outlierDetection:
description: OutlierDetection contains the configuration
of the process of dynamically determining whether some
number of hosts in an upstream cluster are performing
unlike the others and removing them from the healthy load
balancing set. Performance might be along different axes
such as consecutive failures, temporal success rate, temporal
latency, etc. Outlier detection is a form of passive health
checking.
properties:
baseEjectionTime:
description: The base time that a host is ejected for.
The real time is equal to the base time multiplied
by the number of times the host has been ejected.
type: string
detectors:
description: Contains configuration for supported outlier
detectors
properties:
failurePercentage:
description: Failure Percentage based outlier detection
functions similarly to success rate detection,
in that it relies on success rate data from each
host in a cluster. However, rather than compare
those values to the mean success rate of the cluster
as a whole, they are compared to a flat user-configured
threshold. This threshold is configured via the
outlierDetection.failurePercentageThreshold field.
The other configuration fields for failure percentage
based detection are similar to the fields for
success rate detection. As with success rate detection,
detection will not be performed for a host if
its request volume over the aggregation interval
is less than the outlierDetection.detectors.failurePercentage.requestVolume
value. Detection also will not be performed for
a cluster if the number of hosts with the minimum
required request volume in an interval is less
than the outlierDetection.detectors.failurePercentage.minimumHosts
value.
properties:
minimumHosts:
description: The minimum number of hosts in
a cluster in order to perform failure percentage-based
ejection. If the total number of hosts in
the cluster is less than this value, failure
percentage-based ejection will not be performed.
format: int32
type: integer
requestVolume:
description: The minimum number of total requests
that must be collected in one interval (as
defined by the interval duration above) to
perform failure percentage-based ejection
for this host. If the volume is lower than
this setting, failure percentage-based ejection
will not be performed for this host.
format: int32
type: integer
threshold:
description: The failure percentage to use when
determining failure percentage-based outlier
detection. If the failure percentage of a
given host is greater than or equal to this
value, it will be ejected.
format: int32
type: integer
type: object
gatewayFailures:
description: In the default mode (outlierDetection.splitExternalLocalOriginErrors
is false) this detection type takes into account
a subset of 5xx errors, called "gateway errors"
(502, 503 or 504 status code) and local origin
failures, such as timeout, TCP reset etc. In split
mode (outlierDetection.splitExternalLocalOriginErrors
is true) this detection type takes into account
a subset of 5xx errors, called "gateway errors"
(502, 503 or 504 status code) and is supported
only by the http router.
properties:
consecutive:
description: The number of consecutive gateway
failures (502, 503, 504 status codes) before
a consecutive gateway failure ejection occurs.
format: int32
type: integer
type: object
localOriginFailures:
description: 'This detection type is enabled only
when outlierDetection.splitExternalLocalOriginErrors
is true and takes into account only locally originated
errors (timeout, reset, etc). If Envoy repeatedly
cannot connect to an upstream host or communication
with the upstream host is repeatedly interrupted,
it will be ejected. Various locally originated
problems are detected: timeout, TCP reset, ICMP
errors, etc. This detection type is supported
by http router and tcp proxy.'
properties:
consecutive:
description: The number of consecutive locally
originated failures before ejection occurs.
Parameter takes effect only when splitExternalAndLocalErrors
is set to true.
format: int32
type: integer
type: object
successRate:
description: 'Success Rate based outlier detection
aggregates success rate data from every host in
a cluster. Then at given intervals ejects hosts
based on statistical outlier detection. Success
Rate outlier detection will not be calculated
for a host if its request volume over the aggregation
interval is less than the outlierDetection.detectors.successRate.requestVolume
value. Moreover, detection will not be performed
for a cluster if the number of hosts with the
minimum required request volume in an interval
is less than the outlierDetection.detectors.successRate.minimumHosts
value. In the default configuration mode (outlierDetection.splitExternalLocalOriginErrors
is false) this detection type takes into account
all types of errors: locally and externally originated.
In split mode (outlierDetection.splitExternalLocalOriginErrors
is true), locally originated errors and externally
originated (transaction) errors are counted and
treated separately.'
properties:
minimumHosts:
description: The number of hosts in a cluster
that must have enough request volume to detect
success rate outliers. If the number of hosts
is less than this setting, outlier detection
via success rate statistics is not performed
for any host in the cluster.
format: int32
type: integer
requestVolume:
description: The minimum number of total requests
that must be collected in one interval (as
defined by the interval duration configured
in outlierDetection section) to include this
host in success rate based outlier detection.
If the volume is lower than this setting,
outlier detection via success rate statistics
is not performed for that host.
format: int32
type: integer
standardDeviationFactor:
anyOf:
- type: integer
- type: string
description: 'This factor is used to determine
the ejection threshold for success rate outlier
ejection. The ejection threshold is the difference
between the mean success rate, and the product
of this factor and the standard deviation
of the mean success rate: mean - (standard_deviation
* success_rate_standard_deviation_factor).
Either int or decimal represented as string.'
x-kubernetes-int-or-string: true
type: object
totalFailures:
description: 'In the default mode (outlierDetection.splitExternalAndLocalErrors
is false) this detection type takes into account
all generated errors: locally originated and externally
originated (transaction) errors. In split mode
(outlierDetection.splitExternalLocalOriginErrors
is true) this detection type takes into account
only externally originated (transaction) errors,
ignoring locally originated errors. If an upstream
host is an HTTP-server, only 5xx types of error
are taken into account (see Consecutive Gateway
Failure for exceptions). Properly formatted responses,
even when they carry an operational error (like
index not found, access denied) are not taken
into account.'
properties:
consecutive:
description: The number of consecutive server-side
error responses (for HTTP traffic, 5xx responses;
for TCP traffic, connection failures; for
Redis, failure to respond PONG; etc.) before
a consecutive total failure ejection occurs.
format: int32
type: integer
type: object
type: object
disabled:
description: When set to true, outlierDetection configuration
won't take any effect
type: boolean
interval:
description: The time interval between ejection analysis
sweeps. This can result in both new ejections and
hosts being returned to service.
type: string
maxEjectionPercent:
description: The maximum % of an upstream cluster that
can be ejected due to outlier detection. Defaults
to 10% but will eject at least one host regardless
of the value.
format: int32
type: integer
splitExternalAndLocalErrors:
description: 'Determines whether to distinguish local
origin failures from external errors. If set to true
the following configuration parameters are taken into
account: detectors.localOriginFailures.consecutive'
type: boolean
type: object
type: object
targetRef:
description: TargetRef is a reference to the resource that represents
a group of destinations.
properties:
kind:
description: Kind of the referenced resource
enum:
- Mesh
- MeshSubset
- MeshService
- MeshServiceSubset
- MeshGatewayRoute
type: string
mesh:
description: Mesh is reserved for future use to identify
cross mesh resources.
type: string
name:
description: 'Name of the referenced resource. Can only
be used with kinds: `MeshService`, `MeshServiceSubset`
and `MeshGatewayRoute`'
type: string
tags:
additionalProperties:
type: string
description: Tags used to select a subset of proxies by
tags. Can only be used with kinds `MeshSubset` and `MeshServiceSubset`
type: object
type: object
required:
- targetRef
type: object
type: array
targetRef:
description: TargetRef is a reference to the resource the policy takes
an effect on. The resource could be either a real store object or
virtual resource defined in place.
properties:
kind:
description: Kind of the referenced resource
enum:
- Mesh
- MeshSubset
- MeshService
- MeshServiceSubset
- MeshGatewayRoute
type: string
mesh:
description: Mesh is reserved for future use to identify cross
mesh resources.
type: string
name:
description: 'Name of the referenced resource. Can only be used
with kinds: `MeshService`, `MeshServiceSubset` and `MeshGatewayRoute`'
type: string
tags:
additionalProperties:
type: string
description: Tags used to select a subset of proxies by tags.
Can only be used with kinds `MeshSubset` and `MeshServiceSubset`
type: object
type: object
to:
description: To list makes a match between the consumed services and
corresponding configurations
items:
properties:
default:
description: Default is a configuration specific to the group
of destinations referenced in 'targetRef'
properties:
connectionLimits:
description: ConnectionLimits contains configuration of
each circuit breaking limit, which when exceeded makes
the circuit breaker to become open (no traffic is allowed
like no current is allowed in the circuits when physical
circuit breaker ir open)
properties:
maxConnectionPools:
description: The maximum number of connection pools
per cluster that are concurrently supported at once.
Set this for clusters which create a large number
of connection pools.
format: int32
type: integer
maxConnections:
description: The maximum number of connections allowed
to be made to the upstream cluster.
format: int32
type: integer
maxPendingRequests:
description: The maximum number of pending requests
that are allowed to the upstream cluster. This limit
is applied as a connection limit for non-HTTP traffic.
format: int32
type: integer
maxRequests:
description: The maximum number of parallel requests
that are allowed to be made to the upstream cluster.
This limit does not apply to non-HTTP traffic.
format: int32
type: integer
maxRetries:
description: The maximum number of parallel retries
that will be allowed to the upstream cluster.
format: int32
type: integer
type: object
outlierDetection:
description: OutlierDetection contains the configuration
of the process of dynamically determining whether some
number of hosts in an upstream cluster are performing
unlike the others and removing them from the healthy load
balancing set. Performance might be along different axes
such as consecutive failures, temporal success rate, temporal
latency, etc. Outlier detection is a form of passive health
checking.
properties:
baseEjectionTime:
description: The base time that a host is ejected for.
The real time is equal to the base time multiplied
by the number of times the host has been ejected.
type: string
detectors:
description: Contains configuration for supported outlier
detectors
properties:
failurePercentage:
description: Failure Percentage based outlier detection
functions similarly to success rate detection,
in that it relies on success rate data from each
host in a cluster. However, rather than compare
those values to the mean success rate of the cluster
as a whole, they are compared to a flat user-configured
threshold. This threshold is configured via the
outlierDetection.failurePercentageThreshold field.
The other configuration fields for failure percentage
based detection are similar to the fields for
success rate detection. As with success rate detection,
detection will not be performed for a host if
its request volume over the aggregation interval
is less than the outlierDetection.detectors.failurePercentage.requestVolume
value. Detection also will not be performed for
a cluster if the number of hosts with the minimum
required request volume in an interval is less
than the outlierDetection.detectors.failurePercentage.minimumHosts
value.
properties:
minimumHosts:
description: The minimum number of hosts in
a cluster in order to perform failure percentage-based
ejection. If the total number of hosts in
the cluster is less than this value, failure
percentage-based ejection will not be performed.
format: int32
type: integer
requestVolume:
description: The minimum number of total requests
that must be collected in one interval (as
defined by the interval duration above) to
perform failure percentage-based ejection
for this host. If the volume is lower than
this setting, failure percentage-based ejection
will not be performed for this host.
format: int32
type: integer
threshold:
description: The failure percentage to use when
determining failure percentage-based outlier
detection. If the failure percentage of a
given host is greater than or equal to this
value, it will be ejected.
format: int32
type: integer
type: object
gatewayFailures:
description: In the default mode (outlierDetection.splitExternalLocalOriginErrors
is false) this detection type takes into account
a subset of 5xx errors, called "gateway errors"
(502, 503 or 504 status code) and local origin
failures, such as timeout, TCP reset etc. In split
mode (outlierDetection.splitExternalLocalOriginErrors
is true) this detection type takes into account
a subset of 5xx errors, called "gateway errors"
(502, 503 or 504 status code) and is supported
only by the http router.
properties:
consecutive:
description: The number of consecutive gateway
failures (502, 503, 504 status codes) before
a consecutive gateway failure ejection occurs.
format: int32
type: integer
type: object
localOriginFailures:
description: 'This detection type is enabled only
when outlierDetection.splitExternalLocalOriginErrors
is true and takes into account only locally originated
errors (timeout, reset, etc). If Envoy repeatedly
cannot connect to an upstream host or communication
with the upstream host is repeatedly interrupted,
it will be ejected. Various locally originated
problems are detected: timeout, TCP reset, ICMP
errors, etc. This detection type is supported
by http router and tcp proxy.'
properties:
consecutive:
description: The number of consecutive locally
originated failures before ejection occurs.
Parameter takes effect only when splitExternalAndLocalErrors
is set to true.
format: int32
type: integer
type: object
successRate:
description: 'Success Rate based outlier detection
aggregates success rate data from every host in
a cluster. Then at given intervals ejects hosts
based on statistical outlier detection. Success
Rate outlier detection will not be calculated
for a host if its request volume over the aggregation
interval is less than the outlierDetection.detectors.successRate.requestVolume
value. Moreover, detection will not be performed
for a cluster if the number of hosts with the
minimum required request volume in an interval
is less than the outlierDetection.detectors.successRate.minimumHosts
value. In the default configuration mode (outlierDetection.splitExternalLocalOriginErrors
is false) this detection type takes into account
all types of errors: locally and externally originated.
In split mode (outlierDetection.splitExternalLocalOriginErrors
is true), locally originated errors and externally
originated (transaction) errors are counted and
treated separately.'
properties:
minimumHosts:
description: The number of hosts in a cluster
that must have enough request volume to detect
success rate outliers. If the number of hosts
is less than this setting, outlier detection
via success rate statistics is not performed
for any host in the cluster.
format: int32
type: integer
requestVolume:
description: The minimum number of total requests
that must be collected in one interval (as
defined by the interval duration configured
in outlierDetection section) to include this
host in success rate based outlier detection.
If the volume is lower than this setting,
outlier detection via success rate statistics
is not performed for that host.
format: int32
type: integer
standardDeviationFactor:
anyOf:
- type: integer
- type: string
description: 'This factor is used to determine
the ejection threshold for success rate outlier
ejection. The ejection threshold is the difference
between the mean success rate, and the product
of this factor and the standard deviation
of the mean success rate: mean - (standard_deviation
* success_rate_standard_deviation_factor).
Either int or decimal represented as string.'
x-kubernetes-int-or-string: true
type: object
totalFailures:
description: 'In the default mode (outlierDetection.splitExternalAndLocalErrors
is false) this detection type takes into account
all generated errors: locally originated and externally
originated (transaction) errors. In split mode
(outlierDetection.splitExternalLocalOriginErrors
is true) this detection type takes into account
only externally originated (transaction) errors,
ignoring locally originated errors. If an upstream
host is an HTTP-server, only 5xx types of error
are taken into account (see Consecutive Gateway
Failure for exceptions). Properly formatted responses,
even when they carry an operational error (like
index not found, access denied) are not taken
into account.'
properties:
consecutive:
description: The number of consecutive server-side
error responses (for HTTP traffic, 5xx responses;
for TCP traffic, connection failures; for
Redis, failure to respond PONG; etc.) before
a consecutive total failure ejection occurs.
format: int32
type: integer
type: object
type: object
disabled:
description: When set to true, outlierDetection configuration
won't take any effect
type: boolean
interval:
description: The time interval between ejection analysis
sweeps. This can result in both new ejections and
hosts being returned to service.
type: string
maxEjectionPercent:
description: The maximum % of an upstream cluster that
can be ejected due to outlier detection. Defaults
to 10% but will eject at least one host regardless
of the value.
format: int32
type: integer
splitExternalAndLocalErrors:
description: 'Determines whether to distinguish local
origin failures from external errors. If set to true
the following configuration parameters are taken into
account: detectors.localOriginFailures.consecutive'
type: boolean
type: object
type: object
targetRef:
description: TargetRef is a reference to the resource that represents
a group of destinations.
properties:
kind:
description: Kind of the referenced resource
enum:
- Mesh
- MeshSubset
- MeshService
- MeshServiceSubset
- MeshGatewayRoute
type: string
mesh:
description: Mesh is reserved for future use to identify
cross mesh resources.
type: string
name:
description: 'Name of the referenced resource. Can only
be used with kinds: `MeshService`, `MeshServiceSubset`
and `MeshGatewayRoute`'
type: string
tags:
additionalProperties:
type: string
description: Tags used to select a subset of proxies by
tags. Can only be used with kinds `MeshSubset` and `MeshServiceSubset`
type: object
type: object
required:
- targetRef
type: object
type: array
required:
- targetRef
type: object
type: object
served: true
storage: true
---
apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
annotations:
controller-gen.kubebuilder.io/version: v0.11.3
creationTimestamp: null
name: meshes.kuma.io
spec:
group: kuma.io
names:
categories:
- kuma
kind: Mesh
listKind: MeshList
plural: meshes
singular: mesh
scope: Cluster
versions:
- name: v1alpha1
schema:
openAPIV3Schema:
properties:
apiVersion:
description: 'APIVersion defines the versioned schema of this representation
of an object. Servers should convert recognized schemas to the latest
internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
type: string
kind:
description: 'Kind is a string value representing the REST resource this
object represents. Servers may infer this from the endpoint the client
submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
type: string
mesh:
description: Mesh is the name of the Kuma mesh this resource belongs to.
It may be omitted for cluster-scoped resources.
type: string
metadata:
type: object
spec:
description: Spec is the specification of the Kuma Mesh resource.
x-kubernetes-preserve-unknown-fields: true
type: object
served: true
storage: true
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
name: kuma-control-plane
labels:
app: kuma-control-plane
app.kubernetes.io/name: kuma
app.kubernetes.io/instance: kuma
rules:
- apiGroups:
- ""
resources:
- namespaces
- pods
- configmaps
- nodes
verbs:
- get
- list
- watch
- apiGroups:
- "apps"
resources:
- deployments
- replicasets
verbs:
- create
- delete
- get
- list
- patch
- update
- watch
- apiGroups:
- "batch"
resources:
- jobs
verbs:
- get
- list
- watch
- apiGroups:
- gateway.networking.k8s.io
resources:
- gatewayclasses
- gateways
- referencegrants
- httproutes
verbs:
- create
- delete
- get
- list
- patch
- update
- watch
- apiGroups:
- gateway.networking.k8s.io
resources:
- gatewayclasses/status
- gateways/status
- httproutes/status
verbs:
- get
- patch
- update
- apiGroups:
- coordination.k8s.io
resources:
- leases
verbs:
- get
- list
- watch
- create
- update
- patch
- delete
- apiGroups:
- ""
resources:
- events
verbs:
- create
- patch
- apiGroups:
- ""
resources:
- services
verbs:
- get
- delete
- list
- watch
- create
- update
- patch
- apiGroups:
- kuma.io
resources:
- dataplanes
- dataplaneinsights
- meshes
- zones
- zoneinsights
- zoneingresses
- zoneingressinsights
- zoneegresses
- zoneegressinsights
- meshinsights
- serviceinsights
- proxytemplates
- ratelimits
- trafficpermissions
- trafficroutes
- timeouts
- retries
- circuitbreakers
- virtualoutbounds
- containerpatches
- externalservices
- faultinjections
- healthchecks
- trafficlogs
- traffictraces
- meshgateways
- meshgatewayroutes
- meshgatewayinstances
- meshaccesslogs
- meshcircuitbreakers
- meshfaultinjections
- meshhealthchecks
- meshhttproutes
- meshloadbalancingstrategies
- meshproxypatches
- meshratelimits
- meshretries
- meshtimeouts
- meshtraces
- meshtrafficpermissions
verbs:
- get
- list
- watch
- create
- update
- patch
- delete
- apiGroups:
- kuma.io
resources:
- meshgatewayinstances/status
- meshgatewayinstances/finalizers
- meshes/finalizers
- dataplanes/finalizers
verbs:
- get
- patch
- update
- apiGroups:
- ""
resources:
- pods/finalizers
verbs:
- get
- patch
- update
# validate k8s token before issuing mTLS cert
- apiGroups:
- authentication.k8s.io
resources:
- tokenreviews
verbs:
- create
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
name: kuma-control-plane
labels:
app: kuma-control-plane
app.kubernetes.io/name: kuma
app.kubernetes.io/instance: kuma
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: kuma-control-plane
subjects:
- kind: ServiceAccount
name: kuma-control-plane
namespace: kuma-system
---
apiVersion: rbac.authorization.k8s.io/v1
kind: Role
metadata:
name: kuma-control-plane
namespace: kuma-system
labels:
app: kuma-control-plane
app.kubernetes.io/name: kuma
app.kubernetes.io/instance: kuma
rules:
- apiGroups:
- ""
resources:
- secrets
verbs:
- get
- list
- watch
- create
- update
- patch
- delete
- apiGroups:
- ""
resources:
- configmaps
verbs:
- get
- list
- watch
- create
- update
- patch
- delete
# leader-for-life election deletes Pods in some circumstances
- apiGroups:
- ""
resources:
- pods
verbs:
- delete
---
apiVersion: rbac.authorization.k8s.io/v1
kind: RoleBinding
metadata:
name: kuma-control-plane
namespace: kuma-system
labels:
app: kuma-control-plane
app.kubernetes.io/name: kuma
app.kubernetes.io/instance: kuma
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: Role
name: kuma-control-plane
subjects:
- kind: ServiceAccount
name: kuma-control-plane
namespace: kuma-system
---
apiVersion: v1
kind: Service
metadata:
name: kuma-control-plane
namespace: kuma-system
labels:
app: kuma-control-plane
app.kubernetes.io/name: kuma
app.kubernetes.io/instance: kuma
annotations:
prometheus.io/scrape: "true"
prometheus.io/port: "5680"
spec:
type: ClusterIP
ports:
- port: 5680
name: diagnostics
appProtocol: http
- port: 5681
name: http-api-server
appProtocol: http
- port: 5682
name: https-api-server
appProtocol: http
- port: 443
name: https-admission-server
targetPort: 5443
appProtocol: http
- port: 5676
name: mads-server
appProtocol: http
- port: 5678
name: dp-server
appProtocol: http
selector:
app: kuma-control-plane
app.kubernetes.io/name: kuma
app.kubernetes.io/instance: kuma
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: kuma-control-plane
namespace: kuma-system
labels:
app: kuma-control-plane
app.kubernetes.io/name: kuma
app.kubernetes.io/instance: kuma
spec:
replicas: 1
strategy:
rollingUpdate:
maxSurge: 1
maxUnavailable: 0
selector:
matchLabels:
app.kubernetes.io/name: kuma
app.kubernetes.io/instance: kuma
app: kuma-control-plane
template:
metadata:
annotations:
checksum/config: fd9d1d8386f97f2bd49e50f476520816168a1c9f60bbc43dec1347a64d239155
checksum/tls-secrets: 32067ea9b2a9a2baf564819334ff16922ff6dd36cb6afc99bf56dc361b6e125a
labels:
app: kuma-control-plane
app.kubernetes.io/name: kuma
app.kubernetes.io/instance: kuma
spec:
affinity:
podAntiAffinity:
preferredDuringSchedulingIgnoredDuringExecution:
- podAffinityTerm:
labelSelector:
matchExpressions:
- key: app.kubernetes.io/name
operator: In
values:
- 'kuma'
- key: app.kubernetes.io/instance
operator: In
values:
- 'kuma'
- key: app
operator: In
values:
- 'kuma-control-plane'
topologyKey: kubernetes.io/hostname
weight: 100
securityContext:
runAsNonRoot: true
serviceAccountName: kuma-control-plane
automountServiceAccountToken: true
nodeSelector:
kubernetes.io/os: linux
hostNetwork: false
terminationGracePeriodSeconds: 30
containers:
- name: control-plane
image: "docker.io/kumahq/kuma-cp:2.2.0"
imagePullPolicy: IfNotPresent
securityContext:
readOnlyRootFilesystem: true
env:
- name: KUMA_API_SERVER_AUTHN_LOCALHOST_IS_ADMIN
value: "false"
- name: KUMA_API_SERVER_READ_ONLY
value: "true"
- name: KUMA_DEFAULTS_SKIP_MESH_CREATION
value: "false"
- name: KUMA_DP_SERVER_HDS_ENABLED
value: "false"
- name: KUMA_ENVIRONMENT
value: "kubernetes"
- name: KUMA_GENERAL_TLS_CERT_FILE
value: "/var/run/secrets/kuma.io/tls-cert/tls.crt"
- name: KUMA_GENERAL_TLS_KEY_FILE
value: "/var/run/secrets/kuma.io/tls-cert/tls.key"
- name: KUMA_INJECTOR_INIT_CONTAINER_IMAGE
value: "docker.io/kumahq/kuma-init:2.2.0"
- name: KUMA_MODE
value: "standalone"
- name: KUMA_RUNTIME_KUBERNETES_ADMISSION_SERVER_CERT_DIR
value: "/var/run/secrets/kuma.io/tls-cert"
- name: KUMA_RUNTIME_KUBERNETES_ADMISSION_SERVER_PORT
value: "5443"
- name: KUMA_RUNTIME_KUBERNETES_CONTROL_PLANE_SERVICE_NAME
value: "kuma-control-plane"
- name: KUMA_RUNTIME_KUBERNETES_INJECTOR_CA_CERT_FILE
value: "/var/run/secrets/kuma.io/tls-cert/ca.crt"
- name: KUMA_RUNTIME_KUBERNETES_INJECTOR_CNI_ENABLED
value: "false"
- name: KUMA_RUNTIME_KUBERNETES_INJECTOR_SIDECAR_CONTAINER_IMAGE
value: "docker.io/kumahq/kuma-dp:2.2.0"
- name: KUMA_RUNTIME_KUBERNETES_SERVICE_ACCOUNT_NAME
value: "system:serviceaccount:kuma-system:kuma-control-plane"
- name: KUMA_STORE_KUBERNETES_SYSTEM_NAMESPACE
value: "kuma-system"
- name: KUMA_STORE_TYPE
value: "kubernetes"
- name: KUMA_INTER_CP_CATALOG_INSTANCE_ADDRESS
valueFrom:
fieldRef:
fieldPath: status.podIP
args:
- run
- --log-level=info
- --config-file=/etc/kuma.io/kuma-control-plane/config.yaml
ports:
- containerPort: 5680
name: diagnostics
protocol: TCP
- containerPort: 5681
- containerPort: 5682
- containerPort: 5443
- containerPort: 5678
livenessProbe:
timeoutSeconds: 10
httpGet:
path: /healthy
port: 5680
readinessProbe:
timeoutSeconds: 10
httpGet:
path: /ready
port: 5680
resources:
limits:
memory: 256Mi
requests:
cpu: 500m
memory: 256Mi
volumeMounts:
- name: general-tls-cert
mountPath: /var/run/secrets/kuma.io/tls-cert/tls.crt
subPath: tls.crt
readOnly: true
- name: general-tls-cert
mountPath: /var/run/secrets/kuma.io/tls-cert/tls.key
subPath: tls.key
readOnly: true
- name: general-tls-cert
mountPath: /var/run/secrets/kuma.io/tls-cert/ca.crt
subPath: ca.crt
readOnly: true
- name: kuma-control-plane-config
mountPath: /etc/kuma.io/kuma-control-plane
readOnly: true
- name: tmp
mountPath: /tmp
volumes:
- name: general-tls-cert
secret:
secretName: kuma-tls-cert
- name: kuma-control-plane-config
configMap:
name: kuma-control-plane-config
- name: tmp
emptyDir: {}
---
apiVersion: admissionregistration.k8s.io/v1
kind: MutatingWebhookConfiguration
metadata:
name: kuma-admission-mutating-webhook-configuration
namespace: kuma-system
labels:
app: kuma-control-plane
app.kubernetes.io/name: kuma
app.kubernetes.io/instance: kuma
webhooks:
- name: mesh.defaulter.kuma-admission.kuma.io
admissionReviewVersions: ["v1"]
failurePolicy: Fail
clientConfig:
caBundle: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSURFRENDQWZpZ0F3SUJBZ0lSQU5sTmNXNWlYRzU1Z3lLRXgzc0tkT013RFFZSktvWklodmNOQVFFTEJRQXcKRWpFUU1BNEdBMVVFQXhNSGEzVnRZUzFqWVRBZUZ3MHlNekExTURreE56RXpOVFJhRncwek16QTFNRFl4TnpFegpOVFJhTUJJeEVEQU9CZ05WQkFNVEIydDFiV0V0WTJFd2dnRWlNQTBHQ1NxR1NJYjNEUUVCQVFVQUE0SUJEd0F3CmdnRUtBb0lCQVFEbzBRWHdJTXFBVkt0YnVxQUpCa3UyS3B3WlBQYlVDK01wYWN0SXJ5VVUxVUhld29OK3g4TWMKZ09ERHdXdEJadCtxZVZFOE84RzdtenBGUmQwS0hEUkVVdE02UDdpVFJCb1Uvd1YvRFhpYjBtTU9ZbmVrcmRBcQpBbFVtMms3RlJtMDVsVys4NS9wTmJxc0x1QWxiRkpERFc4RVM3Vk5HYUpOYkJ6TlMyclE2eU5XUkRrb2JwSGhaCmVnSzV0TmJVeHdYMDRRQU45bTQxVWxjcXh0SHhxMDBUaHJnTzFpNFFJL0dwNzFnWWc3RTQzejJxUTJpS1dCQnUKcElKTkhJbEdPUWROU3U0TmlhbHJ0Mll2ZHdheGMwdjFWcjhiMVBWeFVYODlXVXJIdzZrV0Nrb292U3lLTU95agpqVGlUUlZocll1UGFRSVAvTzlOYWpMSFpMWXZKMk5tOUFnTUJBQUdqWVRCZk1BNEdBMVVkRHdFQi93UUVBd0lDCnBEQWRCZ05WSFNVRUZqQVVCZ2dyQmdFRkJRY0RBUVlJS3dZQkJRVUhBd0l3RHdZRFZSMFRBUUgvQkFVd0F3RUIKL3pBZEJnTlZIUTRFRmdRVVJ4MGpudlI4YlFTZC9PS1JjZFU1SDV4eGUvVXdEUVlKS29aSWh2Y05BUUVMQlFBRApnZ0VCQU9SajBYZUoyYU1UMVQ0aGxLOURXQk9XQm5JUjZpYktqVzIweUlSYVVIbkpaOTUycVVISEN6TkNTaXVnCmFyZEhYalB6QVp5TVR4b0kwMmFkRXhKaXQ1d2tzQS9vWlJvWnErZ2d1WUwvUjhlR0NaZXpPZ1FyYyt2dzZ4OXYKVHRyVjJTWitEV09KV25Td1RqREk0d0pHMWV6QitQYzl1dmEzcDdYaERpa2NqcFlQWHMrZFd6Z1ppYWwxZnRyTQo1cGxMSVBvc2JaUmtUVjRzaWJhQTYzOHlxTjJEWjArcHNPV2I0a2Fya3JXSEgwRktpc1E3SSt0NUF1ZnZicHBaCkZza0N3K1JqV3pjRzR4NUNadFRUVlM2Ty9nbnJYa1pCb3psbDcwd0U3c1p3YnZLYzNyVUhMaitlZ25jQ2dmMDUKZ2U2V2VtVk1qb0FLdjJuUDlvZG9wS0pNODJjPQotLS0tLUVORCBDRVJUSUZJQ0FURS0tLS0tCg==
service:
namespace: kuma-system
name: kuma-control-plane
path: /default-kuma-io-v1alpha1-mesh
rules:
- apiGroups:
- kuma.io
apiVersions:
- v1alpha1
operations:
- CREATE
- UPDATE
resources:
- meshes
- meshaccesslogs
- meshcircuitbreakers
- meshfaultinjections
- meshhealthchecks
- meshhttproutes
- meshloadbalancingstrategies
- meshproxypatches
- meshratelimits
- meshretries
- meshtimeouts
- meshtraces
- meshtrafficpermissions
sideEffects: None
- name: owner-reference.kuma-admission.kuma.io
admissionReviewVersions: ["v1"]
failurePolicy: Fail
clientConfig:
caBundle: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSURFRENDQWZpZ0F3SUJBZ0lSQU5sTmNXNWlYRzU1Z3lLRXgzc0tkT013RFFZSktvWklodmNOQVFFTEJRQXcKRWpFUU1BNEdBMVVFQXhNSGEzVnRZUzFqWVRBZUZ3MHlNekExTURreE56RXpOVFJhRncwek16QTFNRFl4TnpFegpOVFJhTUJJeEVEQU9CZ05WQkFNVEIydDFiV0V0WTJFd2dnRWlNQTBHQ1NxR1NJYjNEUUVCQVFVQUE0SUJEd0F3CmdnRUtBb0lCQVFEbzBRWHdJTXFBVkt0YnVxQUpCa3UyS3B3WlBQYlVDK01wYWN0SXJ5VVUxVUhld29OK3g4TWMKZ09ERHdXdEJadCtxZVZFOE84RzdtenBGUmQwS0hEUkVVdE02UDdpVFJCb1Uvd1YvRFhpYjBtTU9ZbmVrcmRBcQpBbFVtMms3RlJtMDVsVys4NS9wTmJxc0x1QWxiRkpERFc4RVM3Vk5HYUpOYkJ6TlMyclE2eU5XUkRrb2JwSGhaCmVnSzV0TmJVeHdYMDRRQU45bTQxVWxjcXh0SHhxMDBUaHJnTzFpNFFJL0dwNzFnWWc3RTQzejJxUTJpS1dCQnUKcElKTkhJbEdPUWROU3U0TmlhbHJ0Mll2ZHdheGMwdjFWcjhiMVBWeFVYODlXVXJIdzZrV0Nrb292U3lLTU95agpqVGlUUlZocll1UGFRSVAvTzlOYWpMSFpMWXZKMk5tOUFnTUJBQUdqWVRCZk1BNEdBMVVkRHdFQi93UUVBd0lDCnBEQWRCZ05WSFNVRUZqQVVCZ2dyQmdFRkJRY0RBUVlJS3dZQkJRVUhBd0l3RHdZRFZSMFRBUUgvQkFVd0F3RUIKL3pBZEJnTlZIUTRFRmdRVVJ4MGpudlI4YlFTZC9PS1JjZFU1SDV4eGUvVXdEUVlKS29aSWh2Y05BUUVMQlFBRApnZ0VCQU9SajBYZUoyYU1UMVQ0aGxLOURXQk9XQm5JUjZpYktqVzIweUlSYVVIbkpaOTUycVVISEN6TkNTaXVnCmFyZEhYalB6QVp5TVR4b0kwMmFkRXhKaXQ1d2tzQS9vWlJvWnErZ2d1WUwvUjhlR0NaZXpPZ1FyYyt2dzZ4OXYKVHRyVjJTWitEV09KV25Td1RqREk0d0pHMWV6QitQYzl1dmEzcDdYaERpa2NqcFlQWHMrZFd6Z1ppYWwxZnRyTQo1cGxMSVBvc2JaUmtUVjRzaWJhQTYzOHlxTjJEWjArcHNPV2I0a2Fya3JXSEgwRktpc1E3SSt0NUF1ZnZicHBaCkZza0N3K1JqV3pjRzR4NUNadFRUVlM2Ty9nbnJYa1pCb3psbDcwd0U3c1p3YnZLYzNyVUhMaitlZ25jQ2dmMDUKZ2U2V2VtVk1qb0FLdjJuUDlvZG9wS0pNODJjPQotLS0tLUVORCBDRVJUSUZJQ0FURS0tLS0tCg==
service:
namespace: kuma-system
name: kuma-control-plane
path: /owner-reference-kuma-io-v1alpha1
rules:
- apiGroups:
- kuma.io
apiVersions:
- v1alpha1
operations:
- CREATE
resources:
- circuitbreakers
- externalservices
- faultinjections
- healthchecks
- meshgateways
- meshgatewayroutes
- proxytemplates
- ratelimits
- retries
- timeouts
- trafficlogs
- trafficpermissions
- trafficroutes
- traffictraces
- virtualoutbounds
- meshaccesslogs
- meshcircuitbreakers
- meshfaultinjections
- meshhealthchecks
- meshhttproutes
- meshloadbalancingstrategies
- meshproxypatches
- meshratelimits
- meshretries
- meshtimeouts
- meshtraces
- meshtrafficpermissions
sideEffects: None
- name: namespace-kuma-injector.kuma.io
admissionReviewVersions: ["v1"]
failurePolicy: Fail
namespaceSelector:
matchLabels:
kuma.io/sidecar-injection: enabled
clientConfig:
caBundle: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSURFRENDQWZpZ0F3SUJBZ0lSQU5sTmNXNWlYRzU1Z3lLRXgzc0tkT013RFFZSktvWklodmNOQVFFTEJRQXcKRWpFUU1BNEdBMVVFQXhNSGEzVnRZUzFqWVRBZUZ3MHlNekExTURreE56RXpOVFJhRncwek16QTFNRFl4TnpFegpOVFJhTUJJeEVEQU9CZ05WQkFNVEIydDFiV0V0WTJFd2dnRWlNQTBHQ1NxR1NJYjNEUUVCQVFVQUE0SUJEd0F3CmdnRUtBb0lCQVFEbzBRWHdJTXFBVkt0YnVxQUpCa3UyS3B3WlBQYlVDK01wYWN0SXJ5VVUxVUhld29OK3g4TWMKZ09ERHdXdEJadCtxZVZFOE84RzdtenBGUmQwS0hEUkVVdE02UDdpVFJCb1Uvd1YvRFhpYjBtTU9ZbmVrcmRBcQpBbFVtMms3RlJtMDVsVys4NS9wTmJxc0x1QWxiRkpERFc4RVM3Vk5HYUpOYkJ6TlMyclE2eU5XUkRrb2JwSGhaCmVnSzV0TmJVeHdYMDRRQU45bTQxVWxjcXh0SHhxMDBUaHJnTzFpNFFJL0dwNzFnWWc3RTQzejJxUTJpS1dCQnUKcElKTkhJbEdPUWROU3U0TmlhbHJ0Mll2ZHdheGMwdjFWcjhiMVBWeFVYODlXVXJIdzZrV0Nrb292U3lLTU95agpqVGlUUlZocll1UGFRSVAvTzlOYWpMSFpMWXZKMk5tOUFnTUJBQUdqWVRCZk1BNEdBMVVkRHdFQi93UUVBd0lDCnBEQWRCZ05WSFNVRUZqQVVCZ2dyQmdFRkJRY0RBUVlJS3dZQkJRVUhBd0l3RHdZRFZSMFRBUUgvQkFVd0F3RUIKL3pBZEJnTlZIUTRFRmdRVVJ4MGpudlI4YlFTZC9PS1JjZFU1SDV4eGUvVXdEUVlKS29aSWh2Y05BUUVMQlFBRApnZ0VCQU9SajBYZUoyYU1UMVQ0aGxLOURXQk9XQm5JUjZpYktqVzIweUlSYVVIbkpaOTUycVVISEN6TkNTaXVnCmFyZEhYalB6QVp5TVR4b0kwMmFkRXhKaXQ1d2tzQS9vWlJvWnErZ2d1WUwvUjhlR0NaZXpPZ1FyYyt2dzZ4OXYKVHRyVjJTWitEV09KV25Td1RqREk0d0pHMWV6QitQYzl1dmEzcDdYaERpa2NqcFlQWHMrZFd6Z1ppYWwxZnRyTQo1cGxMSVBvc2JaUmtUVjRzaWJhQTYzOHlxTjJEWjArcHNPV2I0a2Fya3JXSEgwRktpc1E3SSt0NUF1ZnZicHBaCkZza0N3K1JqV3pjRzR4NUNadFRUVlM2Ty9nbnJYa1pCb3psbDcwd0U3c1p3YnZLYzNyVUhMaitlZ25jQ2dmMDUKZ2U2V2VtVk1qb0FLdjJuUDlvZG9wS0pNODJjPQotLS0tLUVORCBDRVJUSUZJQ0FURS0tLS0tCg==
service:
namespace: kuma-system
name: kuma-control-plane
path: /inject-sidecar
rules:
- apiGroups:
- ""
apiVersions:
- v1
operations:
- CREATE
resources:
- pods
sideEffects: None
- name: pods-kuma-injector.kuma.io
admissionReviewVersions: ["v1"]
failurePolicy: Fail
objectSelector:
matchLabels:
kuma.io/sidecar-injection: enabled
clientConfig:
caBundle: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSURFRENDQWZpZ0F3SUJBZ0lSQU5sTmNXNWlYRzU1Z3lLRXgzc0tkT013RFFZSktvWklodmNOQVFFTEJRQXcKRWpFUU1BNEdBMVVFQXhNSGEzVnRZUzFqWVRBZUZ3MHlNekExTURreE56RXpOVFJhRncwek16QTFNRFl4TnpFegpOVFJhTUJJeEVEQU9CZ05WQkFNVEIydDFiV0V0WTJFd2dnRWlNQTBHQ1NxR1NJYjNEUUVCQVFVQUE0SUJEd0F3CmdnRUtBb0lCQVFEbzBRWHdJTXFBVkt0YnVxQUpCa3UyS3B3WlBQYlVDK01wYWN0SXJ5VVUxVUhld29OK3g4TWMKZ09ERHdXdEJadCtxZVZFOE84RzdtenBGUmQwS0hEUkVVdE02UDdpVFJCb1Uvd1YvRFhpYjBtTU9ZbmVrcmRBcQpBbFVtMms3RlJtMDVsVys4NS9wTmJxc0x1QWxiRkpERFc4RVM3Vk5HYUpOYkJ6TlMyclE2eU5XUkRrb2JwSGhaCmVnSzV0TmJVeHdYMDRRQU45bTQxVWxjcXh0SHhxMDBUaHJnTzFpNFFJL0dwNzFnWWc3RTQzejJxUTJpS1dCQnUKcElKTkhJbEdPUWROU3U0TmlhbHJ0Mll2ZHdheGMwdjFWcjhiMVBWeFVYODlXVXJIdzZrV0Nrb292U3lLTU95agpqVGlUUlZocll1UGFRSVAvTzlOYWpMSFpMWXZKMk5tOUFnTUJBQUdqWVRCZk1BNEdBMVVkRHdFQi93UUVBd0lDCnBEQWRCZ05WSFNVRUZqQVVCZ2dyQmdFRkJRY0RBUVlJS3dZQkJRVUhBd0l3RHdZRFZSMFRBUUgvQkFVd0F3RUIKL3pBZEJnTlZIUTRFRmdRVVJ4MGpudlI4YlFTZC9PS1JjZFU1SDV4eGUvVXdEUVlKS29aSWh2Y05BUUVMQlFBRApnZ0VCQU9SajBYZUoyYU1UMVQ0aGxLOURXQk9XQm5JUjZpYktqVzIweUlSYVVIbkpaOTUycVVISEN6TkNTaXVnCmFyZEhYalB6QVp5TVR4b0kwMmFkRXhKaXQ1d2tzQS9vWlJvWnErZ2d1WUwvUjhlR0NaZXpPZ1FyYyt2dzZ4OXYKVHRyVjJTWitEV09KV25Td1RqREk0d0pHMWV6QitQYzl1dmEzcDdYaERpa2NqcFlQWHMrZFd6Z1ppYWwxZnRyTQo1cGxMSVBvc2JaUmtUVjRzaWJhQTYzOHlxTjJEWjArcHNPV2I0a2Fya3JXSEgwRktpc1E3SSt0NUF1ZnZicHBaCkZza0N3K1JqV3pjRzR4NUNadFRUVlM2Ty9nbnJYa1pCb3psbDcwd0U3c1p3YnZLYzNyVUhMaitlZ25jQ2dmMDUKZ2U2V2VtVk1qb0FLdjJuUDlvZG9wS0pNODJjPQotLS0tLUVORCBDRVJUSUZJQ0FURS0tLS0tCg==
service:
namespace: kuma-system
name: kuma-control-plane
path: /inject-sidecar
rules:
- apiGroups:
- ""
apiVersions:
- v1
operations:
- CREATE
resources:
- pods
sideEffects: None
- name: kuma-injector.kuma.io
admissionReviewVersions: ["v1"]
failurePolicy: Ignore
clientConfig:
caBundle: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSURFRENDQWZpZ0F3SUJBZ0lSQU5sTmNXNWlYRzU1Z3lLRXgzc0tkT013RFFZSktvWklodmNOQVFFTEJRQXcKRWpFUU1BNEdBMVVFQXhNSGEzVnRZUzFqWVRBZUZ3MHlNekExTURreE56RXpOVFJhRncwek16QTFNRFl4TnpFegpOVFJhTUJJeEVEQU9CZ05WQkFNVEIydDFiV0V0WTJFd2dnRWlNQTBHQ1NxR1NJYjNEUUVCQVFVQUE0SUJEd0F3CmdnRUtBb0lCQVFEbzBRWHdJTXFBVkt0YnVxQUpCa3UyS3B3WlBQYlVDK01wYWN0SXJ5VVUxVUhld29OK3g4TWMKZ09ERHdXdEJadCtxZVZFOE84RzdtenBGUmQwS0hEUkVVdE02UDdpVFJCb1Uvd1YvRFhpYjBtTU9ZbmVrcmRBcQpBbFVtMms3RlJtMDVsVys4NS9wTmJxc0x1QWxiRkpERFc4RVM3Vk5HYUpOYkJ6TlMyclE2eU5XUkRrb2JwSGhaCmVnSzV0TmJVeHdYMDRRQU45bTQxVWxjcXh0SHhxMDBUaHJnTzFpNFFJL0dwNzFnWWc3RTQzejJxUTJpS1dCQnUKcElKTkhJbEdPUWROU3U0TmlhbHJ0Mll2ZHdheGMwdjFWcjhiMVBWeFVYODlXVXJIdzZrV0Nrb292U3lLTU95agpqVGlUUlZocll1UGFRSVAvTzlOYWpMSFpMWXZKMk5tOUFnTUJBQUdqWVRCZk1BNEdBMVVkRHdFQi93UUVBd0lDCnBEQWRCZ05WSFNVRUZqQVVCZ2dyQmdFRkJRY0RBUVlJS3dZQkJRVUhBd0l3RHdZRFZSMFRBUUgvQkFVd0F3RUIKL3pBZEJnTlZIUTRFRmdRVVJ4MGpudlI4YlFTZC9PS1JjZFU1SDV4eGUvVXdEUVlKS29aSWh2Y05BUUVMQlFBRApnZ0VCQU9SajBYZUoyYU1UMVQ0aGxLOURXQk9XQm5JUjZpYktqVzIweUlSYVVIbkpaOTUycVVISEN6TkNTaXVnCmFyZEhYalB6QVp5TVR4b0kwMmFkRXhKaXQ1d2tzQS9vWlJvWnErZ2d1WUwvUjhlR0NaZXpPZ1FyYyt2dzZ4OXYKVHRyVjJTWitEV09KV25Td1RqREk0d0pHMWV6QitQYzl1dmEzcDdYaERpa2NqcFlQWHMrZFd6Z1ppYWwxZnRyTQo1cGxMSVBvc2JaUmtUVjRzaWJhQTYzOHlxTjJEWjArcHNPV2I0a2Fya3JXSEgwRktpc1E3SSt0NUF1ZnZicHBaCkZza0N3K1JqV3pjRzR4NUNadFRUVlM2Ty9nbnJYa1pCb3psbDcwd0U3c1p3YnZLYzNyVUhMaitlZ25jQ2dmMDUKZ2U2V2VtVk1qb0FLdjJuUDlvZG9wS0pNODJjPQotLS0tLUVORCBDRVJUSUZJQ0FURS0tLS0tCg==
service:
namespace: kuma-system
name: kuma-control-plane
path: /inject-sidecar
rules:
- apiGroups:
- ""
apiVersions:
- v1
operations:
- CREATE
resources:
- pods
sideEffects: None
---
apiVersion: admissionregistration.k8s.io/v1
kind: ValidatingWebhookConfiguration
metadata:
name: kuma-validating-webhook-configuration
namespace: kuma-system
labels:
app: kuma-control-plane
app.kubernetes.io/name: kuma
app.kubernetes.io/instance: kuma
webhooks:
- name: validator.kuma-admission.kuma.io
admissionReviewVersions: ["v1"]
failurePolicy: Fail
clientConfig:
caBundle: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSURFRENDQWZpZ0F3SUJBZ0lSQU5sTmNXNWlYRzU1Z3lLRXgzc0tkT013RFFZSktvWklodmNOQVFFTEJRQXcKRWpFUU1BNEdBMVVFQXhNSGEzVnRZUzFqWVRBZUZ3MHlNekExTURreE56RXpOVFJhRncwek16QTFNRFl4TnpFegpOVFJhTUJJeEVEQU9CZ05WQkFNVEIydDFiV0V0WTJFd2dnRWlNQTBHQ1NxR1NJYjNEUUVCQVFVQUE0SUJEd0F3CmdnRUtBb0lCQVFEbzBRWHdJTXFBVkt0YnVxQUpCa3UyS3B3WlBQYlVDK01wYWN0SXJ5VVUxVUhld29OK3g4TWMKZ09ERHdXdEJadCtxZVZFOE84RzdtenBGUmQwS0hEUkVVdE02UDdpVFJCb1Uvd1YvRFhpYjBtTU9ZbmVrcmRBcQpBbFVtMms3RlJtMDVsVys4NS9wTmJxc0x1QWxiRkpERFc4RVM3Vk5HYUpOYkJ6TlMyclE2eU5XUkRrb2JwSGhaCmVnSzV0TmJVeHdYMDRRQU45bTQxVWxjcXh0SHhxMDBUaHJnTzFpNFFJL0dwNzFnWWc3RTQzejJxUTJpS1dCQnUKcElKTkhJbEdPUWROU3U0TmlhbHJ0Mll2ZHdheGMwdjFWcjhiMVBWeFVYODlXVXJIdzZrV0Nrb292U3lLTU95agpqVGlUUlZocll1UGFRSVAvTzlOYWpMSFpMWXZKMk5tOUFnTUJBQUdqWVRCZk1BNEdBMVVkRHdFQi93UUVBd0lDCnBEQWRCZ05WSFNVRUZqQVVCZ2dyQmdFRkJRY0RBUVlJS3dZQkJRVUhBd0l3RHdZRFZSMFRBUUgvQkFVd0F3RUIKL3pBZEJnTlZIUTRFRmdRVVJ4MGpudlI4YlFTZC9PS1JjZFU1SDV4eGUvVXdEUVlKS29aSWh2Y05BUUVMQlFBRApnZ0VCQU9SajBYZUoyYU1UMVQ0aGxLOURXQk9XQm5JUjZpYktqVzIweUlSYVVIbkpaOTUycVVISEN6TkNTaXVnCmFyZEhYalB6QVp5TVR4b0kwMmFkRXhKaXQ1d2tzQS9vWlJvWnErZ2d1WUwvUjhlR0NaZXpPZ1FyYyt2dzZ4OXYKVHRyVjJTWitEV09KV25Td1RqREk0d0pHMWV6QitQYzl1dmEzcDdYaERpa2NqcFlQWHMrZFd6Z1ppYWwxZnRyTQo1cGxMSVBvc2JaUmtUVjRzaWJhQTYzOHlxTjJEWjArcHNPV2I0a2Fya3JXSEgwRktpc1E3SSt0NUF1ZnZicHBaCkZza0N3K1JqV3pjRzR4NUNadFRUVlM2Ty9nbnJYa1pCb3psbDcwd0U3c1p3YnZLYzNyVUhMaitlZ25jQ2dmMDUKZ2U2V2VtVk1qb0FLdjJuUDlvZG9wS0pNODJjPQotLS0tLUVORCBDRVJUSUZJQ0FURS0tLS0tCg==
service:
namespace: kuma-system
name: kuma-control-plane
path: /validate-kuma-io-v1alpha1
rules:
- apiGroups:
- kuma.io
apiVersions:
- v1alpha1
operations:
- CREATE
- UPDATE
- DELETE
resources:
- circuitbreakers
- dataplanes
- externalservices
- faultinjections
- gatewayinstances
- healthchecks
- meshes
- meshgateways
- meshgatewayroutes
- proxytemplates
- ratelimits
- retries
- trafficlogs
- trafficpermissions
- trafficroutes
- traffictraces
- virtualoutbounds
- zones
- containerpatches
- meshaccesslogs
- meshcircuitbreakers
- meshfaultinjections
- meshhealthchecks
- meshhttproutes
- meshloadbalancingstrategies
- meshproxypatches
- meshratelimits
- meshretries
- meshtimeouts
- meshtraces
- meshtrafficpermissions
sideEffects: None
- name: service.validator.kuma-admission.kuma.io
admissionReviewVersions: ["v1"]
failurePolicy: Ignore
clientConfig:
caBundle: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSURFRENDQWZpZ0F3SUJBZ0lSQU5sTmNXNWlYRzU1Z3lLRXgzc0tkT013RFFZSktvWklodmNOQVFFTEJRQXcKRWpFUU1BNEdBMVVFQXhNSGEzVnRZUzFqWVRBZUZ3MHlNekExTURreE56RXpOVFJhRncwek16QTFNRFl4TnpFegpOVFJhTUJJeEVEQU9CZ05WQkFNVEIydDFiV0V0WTJFd2dnRWlNQTBHQ1NxR1NJYjNEUUVCQVFVQUE0SUJEd0F3CmdnRUtBb0lCQVFEbzBRWHdJTXFBVkt0YnVxQUpCa3UyS3B3WlBQYlVDK01wYWN0SXJ5VVUxVUhld29OK3g4TWMKZ09ERHdXdEJadCtxZVZFOE84RzdtenBGUmQwS0hEUkVVdE02UDdpVFJCb1Uvd1YvRFhpYjBtTU9ZbmVrcmRBcQpBbFVtMms3RlJtMDVsVys4NS9wTmJxc0x1QWxiRkpERFc4RVM3Vk5HYUpOYkJ6TlMyclE2eU5XUkRrb2JwSGhaCmVnSzV0TmJVeHdYMDRRQU45bTQxVWxjcXh0SHhxMDBUaHJnTzFpNFFJL0dwNzFnWWc3RTQzejJxUTJpS1dCQnUKcElKTkhJbEdPUWROU3U0TmlhbHJ0Mll2ZHdheGMwdjFWcjhiMVBWeFVYODlXVXJIdzZrV0Nrb292U3lLTU95agpqVGlUUlZocll1UGFRSVAvTzlOYWpMSFpMWXZKMk5tOUFnTUJBQUdqWVRCZk1BNEdBMVVkRHdFQi93UUVBd0lDCnBEQWRCZ05WSFNVRUZqQVVCZ2dyQmdFRkJRY0RBUVlJS3dZQkJRVUhBd0l3RHdZRFZSMFRBUUgvQkFVd0F3RUIKL3pBZEJnTlZIUTRFRmdRVVJ4MGpudlI4YlFTZC9PS1JjZFU1SDV4eGUvVXdEUVlKS29aSWh2Y05BUUVMQlFBRApnZ0VCQU9SajBYZUoyYU1UMVQ0aGxLOURXQk9XQm5JUjZpYktqVzIweUlSYVVIbkpaOTUycVVISEN6TkNTaXVnCmFyZEhYalB6QVp5TVR4b0kwMmFkRXhKaXQ1d2tzQS9vWlJvWnErZ2d1WUwvUjhlR0NaZXpPZ1FyYyt2dzZ4OXYKVHRyVjJTWitEV09KV25Td1RqREk0d0pHMWV6QitQYzl1dmEzcDdYaERpa2NqcFlQWHMrZFd6Z1ppYWwxZnRyTQo1cGxMSVBvc2JaUmtUVjRzaWJhQTYzOHlxTjJEWjArcHNPV2I0a2Fya3JXSEgwRktpc1E3SSt0NUF1ZnZicHBaCkZza0N3K1JqV3pjRzR4NUNadFRUVlM2Ty9nbnJYa1pCb3psbDcwd0U3c1p3YnZLYzNyVUhMaitlZ25jQ2dmMDUKZ2U2V2VtVk1qb0FLdjJuUDlvZG9wS0pNODJjPQotLS0tLUVORCBDRVJUSUZJQ0FURS0tLS0tCg==
service:
namespace: kuma-system
name: kuma-control-plane
path: /validate-v1-service
rules:
- apiGroups:
- ""
apiVersions:
- v1
operations:
- CREATE
- UPDATE
resources:
- services
sideEffects: None
- name: secret.validator.kuma-admission.kuma.io
admissionReviewVersions: ["v1"]
namespaceSelector:
matchLabels:
kuma.io/system-namespace: "true"
failurePolicy: Ignore
clientConfig:
caBundle: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSURFRENDQWZpZ0F3SUJBZ0lSQU5sTmNXNWlYRzU1Z3lLRXgzc0tkT013RFFZSktvWklodmNOQVFFTEJRQXcKRWpFUU1BNEdBMVVFQXhNSGEzVnRZUzFqWVRBZUZ3MHlNekExTURreE56RXpOVFJhRncwek16QTFNRFl4TnpFegpOVFJhTUJJeEVEQU9CZ05WQkFNVEIydDFiV0V0WTJFd2dnRWlNQTBHQ1NxR1NJYjNEUUVCQVFVQUE0SUJEd0F3CmdnRUtBb0lCQVFEbzBRWHdJTXFBVkt0YnVxQUpCa3UyS3B3WlBQYlVDK01wYWN0SXJ5VVUxVUhld29OK3g4TWMKZ09ERHdXdEJadCtxZVZFOE84RzdtenBGUmQwS0hEUkVVdE02UDdpVFJCb1Uvd1YvRFhpYjBtTU9ZbmVrcmRBcQpBbFVtMms3RlJtMDVsVys4NS9wTmJxc0x1QWxiRkpERFc4RVM3Vk5HYUpOYkJ6TlMyclE2eU5XUkRrb2JwSGhaCmVnSzV0TmJVeHdYMDRRQU45bTQxVWxjcXh0SHhxMDBUaHJnTzFpNFFJL0dwNzFnWWc3RTQzejJxUTJpS1dCQnUKcElKTkhJbEdPUWROU3U0TmlhbHJ0Mll2ZHdheGMwdjFWcjhiMVBWeFVYODlXVXJIdzZrV0Nrb292U3lLTU95agpqVGlUUlZocll1UGFRSVAvTzlOYWpMSFpMWXZKMk5tOUFnTUJBQUdqWVRCZk1BNEdBMVVkRHdFQi93UUVBd0lDCnBEQWRCZ05WSFNVRUZqQVVCZ2dyQmdFRkJRY0RBUVlJS3dZQkJRVUhBd0l3RHdZRFZSMFRBUUgvQkFVd0F3RUIKL3pBZEJnTlZIUTRFRmdRVVJ4MGpudlI4YlFTZC9PS1JjZFU1SDV4eGUvVXdEUVlKS29aSWh2Y05BUUVMQlFBRApnZ0VCQU9SajBYZUoyYU1UMVQ0aGxLOURXQk9XQm5JUjZpYktqVzIweUlSYVVIbkpaOTUycVVISEN6TkNTaXVnCmFyZEhYalB6QVp5TVR4b0kwMmFkRXhKaXQ1d2tzQS9vWlJvWnErZ2d1WUwvUjhlR0NaZXpPZ1FyYyt2dzZ4OXYKVHRyVjJTWitEV09KV25Td1RqREk0d0pHMWV6QitQYzl1dmEzcDdYaERpa2NqcFlQWHMrZFd6Z1ppYWwxZnRyTQo1cGxMSVBvc2JaUmtUVjRzaWJhQTYzOHlxTjJEWjArcHNPV2I0a2Fya3JXSEgwRktpc1E3SSt0NUF1ZnZicHBaCkZza0N3K1JqV3pjRzR4NUNadFRUVlM2Ty9nbnJYa1pCb3psbDcwd0U3c1p3YnZLYzNyVUhMaitlZ25jQ2dmMDUKZ2U2V2VtVk1qb0FLdjJuUDlvZG9wS0pNODJjPQotLS0tLUVORCBDRVJUSUZJQ0FURS0tLS0tCg==
service:
namespace: kuma-system
name: kuma-control-plane
path: /validate-v1-secret
rules:
- apiGroups:
- ""
apiVersions:
- v1
operations:
- CREATE
- UPDATE
- DELETE
resources:
- secrets
sideEffects: None
- name: gateway.validator.kuma-admission.kuma.io
admissionReviewVersions: ["v1"]
failurePolicy: Ignore
clientConfig:
caBundle: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSURFRENDQWZpZ0F3SUJBZ0lSQU5sTmNXNWlYRzU1Z3lLRXgzc0tkT013RFFZSktvWklodmNOQVFFTEJRQXcKRWpFUU1BNEdBMVVFQXhNSGEzVnRZUzFqWVRBZUZ3MHlNekExTURreE56RXpOVFJhRncwek16QTFNRFl4TnpFegpOVFJhTUJJeEVEQU9CZ05WQkFNVEIydDFiV0V0WTJFd2dnRWlNQTBHQ1NxR1NJYjNEUUVCQVFVQUE0SUJEd0F3CmdnRUtBb0lCQVFEbzBRWHdJTXFBVkt0YnVxQUpCa3UyS3B3WlBQYlVDK01wYWN0SXJ5VVUxVUhld29OK3g4TWMKZ09ERHdXdEJadCtxZVZFOE84RzdtenBGUmQwS0hEUkVVdE02UDdpVFJCb1Uvd1YvRFhpYjBtTU9ZbmVrcmRBcQpBbFVtMms3RlJtMDVsVys4NS9wTmJxc0x1QWxiRkpERFc4RVM3Vk5HYUpOYkJ6TlMyclE2eU5XUkRrb2JwSGhaCmVnSzV0TmJVeHdYMDRRQU45bTQxVWxjcXh0SHhxMDBUaHJnTzFpNFFJL0dwNzFnWWc3RTQzejJxUTJpS1dCQnUKcElKTkhJbEdPUWROU3U0TmlhbHJ0Mll2ZHdheGMwdjFWcjhiMVBWeFVYODlXVXJIdzZrV0Nrb292U3lLTU95agpqVGlUUlZocll1UGFRSVAvTzlOYWpMSFpMWXZKMk5tOUFnTUJBQUdqWVRCZk1BNEdBMVVkRHdFQi93UUVBd0lDCnBEQWRCZ05WSFNVRUZqQVVCZ2dyQmdFRkJRY0RBUVlJS3dZQkJRVUhBd0l3RHdZRFZSMFRBUUgvQkFVd0F3RUIKL3pBZEJnTlZIUTRFRmdRVVJ4MGpudlI4YlFTZC9PS1JjZFU1SDV4eGUvVXdEUVlKS29aSWh2Y05BUUVMQlFBRApnZ0VCQU9SajBYZUoyYU1UMVQ0aGxLOURXQk9XQm5JUjZpYktqVzIweUlSYVVIbkpaOTUycVVISEN6TkNTaXVnCmFyZEhYalB6QVp5TVR4b0kwMmFkRXhKaXQ1d2tzQS9vWlJvWnErZ2d1WUwvUjhlR0NaZXpPZ1FyYyt2dzZ4OXYKVHRyVjJTWitEV09KV25Td1RqREk0d0pHMWV6QitQYzl1dmEzcDdYaERpa2NqcFlQWHMrZFd6Z1ppYWwxZnRyTQo1cGxMSVBvc2JaUmtUVjRzaWJhQTYzOHlxTjJEWjArcHNPV2I0a2Fya3JXSEgwRktpc1E3SSt0NUF1ZnZicHBaCkZza0N3K1JqV3pjRzR4NUNadFRUVlM2Ty9nbnJYa1pCb3psbDcwd0U3c1p3YnZLYzNyVUhMaitlZ25jQ2dmMDUKZ2U2V2VtVk1qb0FLdjJuUDlvZG9wS0pNODJjPQotLS0tLUVORCBDRVJUSUZJQ0FURS0tLS0tCg==
service:
namespace: kuma-system
name: kuma-control-plane
path: /validate-gatewayclass
rules:
- apiGroups:
- "gateway.networking.k8s.io"
apiVersions:
- v1beta1
operations:
- CREATE
resources:
- gatewayclasses
sideEffects: None
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment