Packages:

config.openservicemesh.io/v1alpha2

Package v1alpha2 is the v1alpha2 version of the API.

Resource Types:

CertManagerProviderSpec

(Appears on:ProviderSpec)

CertManagerProviderSpec defines the configuration of the cert-manager provider

FieldDescription
secretName
string

SecretName specifies the name of the k8s secret containing the root certificate

issuerName
string

IssuerName specifies the name of the Issuer resource

issuerKind
string

IssuerKind specifies the kind of Issuer

issuerGroup
string

IssuerGroup specifies the group the Issuer belongs to

CertificateSpec

(Appears on:MeshConfigSpec)

CertificateSpec is the type to reperesent OSM’s certificate management configuration.

FieldDescription
serviceCertValidityDuration
string

ServiceCertValidityDuration defines the service certificate validity duration.

certKeyBitSize
int

CertKeyBitSize defines the certicate key bit size.

ingressGateway
IngressGatewayCertSpec
(Optional)

IngressGateway defines the certificate specification for an ingress gateway.

ClusterSpec

(Appears on:MultiClusterServiceSpec)

ClusterSpec is the type used to represent a remote cluster in multicluster scenarios.

FieldDescription
address
string

Address defines the remote IP address of the gateway

name
string

Name defines the name of the remote cluster.

weight
int

Weight defines the load balancing weight of the remote cluster

priority
int

Priority defines the priority of the remote cluster in locality based load balancing

ExternalAuthzSpec

(Appears on:TrafficSpec)

ExternalAuthzSpec is a type to represent external authorization configuration.

FieldDescription
enable
bool

Enable defines a boolean indicating if the external authorization policy is to be enabled.

address
string

Address defines the remote address of the external authorization endpoint.

port
uint16

Port defines the destination port of the remote external authorization endpoint.

statPrefix
string

StatPrefix defines a prefix for the stats sink for this external authorization policy.

timeout
string

Timeout defines the timeout in which a response from the external authorization endpoint. is expected to execute.

failureModeAllow
bool

FailureModeAllow defines a boolean indicating if traffic should be allowed on a failure to get a response against the external authorization endpoint.

FeatureFlags

(Appears on:MeshConfigSpec)

FeatureFlags is a type to represent OSM’s feature flags.

FieldDescription
enableWASMStats
bool

EnableWASMStats defines if WASM Stats are enabled.

enableEgressPolicy
bool

EnableEgressPolicy defines if OSM’s Egress policy is enabled.

enableMulticlusterMode
bool

EnableMulticlusterMode defines if Multicluster mode is enabled.

enableSnapshotCacheMode
bool

EnableSnapshotCacheMode defines if XDS server starts with snapshot cache.

enableAsyncProxyServiceMapping
bool

EnableAsyncProxyServiceMapping defines if OSM will map proxies to services asynchronously.

enableIngressBackendPolicy
bool

EnableIngressBackendPolicy defines if OSM will use the IngressBackend API to allow ingress traffic to service mesh backends.

enableEnvoyActiveHealthChecks
bool

EnableEnvoyActiveHealthChecks defines if OSM will Envoy active health checks between services allowed to communicate.

enableRetryPolicy
bool

EnableRetryPolicy defines if retry policy is enabled.

IngressGatewayCertSpec

(Appears on:CertificateSpec)

IngressGatewayCertSpec is the type to represent the certificate specification for an ingress gateway.

FieldDescription
subjectAltNames
[]string

SubjectAltNames defines the Subject Alternative Names (domain names and IP addresses) secured by the certificate.

validityDuration
string

ValidityDuration defines the validity duration of the certificate.

secret
Kubernetes core/v1.SecretReference

Secret defines the secret in which the certificate is stored.

LocalProxyMode (string alias)

(Appears on:SidecarSpec)

LocalProxyMode is a type alias representing the way the envoy sidecar proxies to the main application

ValueDescription

“Localhost”

LocalProxyModeLocalhost indicates the the sidecar should communicate with the main application over localhost

“PodIP”

LocalProxyModePodIP indicates that the sidecar should communicate with the main application via the pod ip

MeshConfig

MeshConfig is the type used to represent the mesh configuration.

FieldDescription
metadata
Kubernetes meta/v1.ObjectMeta
(Optional)

Object’s metadata.

Refer to the Kubernetes API documentation for the fields of the metadata field.
spec
MeshConfigSpec
(Optional)

Spec is the MeshConfig specification.



sidecar
SidecarSpec

Sidecar defines the configurations of the proxy sidecar in a mesh.

traffic
TrafficSpec

Traffic defines the traffic management configurations for a mesh instance.

observability
ObservabilitySpec

Observalility defines the observability configurations for a mesh instance.

certificate
CertificateSpec

Certificate defines the certificate management configurations for a mesh instance.

featureFlags
FeatureFlags

FeatureFlags defines the feature flags for a mesh instance.

MeshConfigSpec

(Appears on:MeshConfig)

MeshConfigSpec is the spec for OSM’s configuration.

FieldDescription
sidecar
SidecarSpec

Sidecar defines the configurations of the proxy sidecar in a mesh.

traffic
TrafficSpec

Traffic defines the traffic management configurations for a mesh instance.

observability
ObservabilitySpec

Observalility defines the observability configurations for a mesh instance.

certificate
CertificateSpec

Certificate defines the certificate management configurations for a mesh instance.

featureFlags
FeatureFlags

FeatureFlags defines the feature flags for a mesh instance.

MeshRootCertificate

MeshRootCertificate defines the configuration for certificate issuing by the mesh control plane

FieldDescription
metadata
Kubernetes meta/v1.ObjectMeta
(Optional)

Object’s metadata

Refer to the Kubernetes API documentation for the fields of the metadata field.
spec
MeshRootCertificateSpec
(Optional)

Spec is the MeshRootCertificate config specification



provider
ProviderSpec

Provider specifies the mesh certificate provider

status
MeshRootCertificateStatus
(Optional)

Status of the MeshRootCertificate resource

MeshRootCertificateSpec

(Appears on:MeshRootCertificate)

MeshRootCertificateSpec defines the mesh root certificate specification

FieldDescription
provider
ProviderSpec

Provider specifies the mesh certificate provider

MeshRootCertificateStatus

(Appears on:MeshRootCertificate)

MeshRootCertificateStatus defines the status of the MeshRootCertificate resource

FieldDescription
state
string

State specifies the state of the root certificate rotation

rotationStage
string

RotationStage specifies the stage of the rotation indicating how a root certificate is currently being used within the mesh. The exact meaning of the RotationStage status is determined by the accompanying State status

MultiClusterService

MultiClusterService is the type used to represent the multicluster configuration. MultiClusterService name needs to match the name of the service backing the pods in each cluster.

FieldDescription
metadata
Kubernetes meta/v1.ObjectMeta
(Optional)

Object’s metadata.

Refer to the Kubernetes API documentation for the fields of the metadata field.
spec
MultiClusterServiceSpec

Spec is the MultiClusterService specification.



clusters
[]ClusterSpec

ClusterSpec defines the configuration of other clusters

serviceAccount
string

ServiceAccount represents the service account of the multicluster service.

ports
[]PortSpec

Ports is the list of ports exported by this service.

MultiClusterServiceSpec

(Appears on:MultiClusterService)

MultiClusterServiceSpec is the type used to represent the multicluster service specification.

FieldDescription
clusters
[]ClusterSpec

ClusterSpec defines the configuration of other clusters

serviceAccount
string

ServiceAccount represents the service account of the multicluster service.

ports
[]PortSpec

Ports is the list of ports exported by this service.

ObservabilitySpec

(Appears on:MeshConfigSpec)

ObservabilitySpec is the type to represent OSM’s observability configurations.

FieldDescription
osmLogLevel
string

OSMLogLevel defines the log level for OSM control plane logs.

enableDebugServer
bool

EnableDebugServer defines if the debug endpoint on the OSM controller pod is enabled.

tracing
TracingSpec

Tracing defines OSM’s tracing configuration.

PortSpec

(Appears on:MultiClusterServiceSpec)

PortSpec contains information on service’s port.

FieldDescription
Port
uint32

The port that will be exposed by this service.

Protocol
string

Protocol is The IP protocol for this port. Supports “TCP”, “UDP”, and “SCTP”. Default is TCP.

ProviderSpec

(Appears on:MeshRootCertificateSpec)

ProviderSpec defines the certificate provider used by the mesh control plane

FieldDescription
certManager
CertManagerProviderSpec
(Optional)

CertManager specifies the cert-manager provider configuration

vault
VaultProviderSpec
(Optional)

Vault specifies the vault provider configuration

tresor
TresorProviderSpec
(Optional)

Tresor specifies the Tresor provider configuration

SidecarSpec

(Appears on:MeshConfigSpec)

SidecarSpec is the type used to represent the specifications for the proxy sidecar.

FieldDescription
enablePrivilegedInitContainer
bool

EnablePrivilegedInitContainer defines a boolean indicating whether the init container for a meshed pod should run as privileged.

logLevel
string

LogLevel defines the logging level for the sidecar’s logs. Non developers should generally never set this value. In production environments the LogLevel should be set to error.

envoyImage
string

EnvoyImage defines the container image used for the Envoy proxy sidecar.

envoyWindowsImage
string

EnvoyWindowsImage defines the windows container image used for the Envoy proxy sidecar.

initContainerImage
string

InitContainerImage defines the container image used for the init container injected to meshed pods.

maxDataPlaneConnections
int

MaxDataPlaneConnections defines the maximum allowed data plane connections from a proxy sidecar to the OSM controller.

configResyncInterval
string

ConfigResyncInterval defines the resync interval for regular proxy broadcast updates.

resources
Kubernetes core/v1.ResourceRequirements

Resources defines the compute resources for the sidecar.

tlsMinProtocolVersion
string

TLSMinProtocolVersion defines the minimum TLS protocol version that the sidecar supports. Valid TLS protocol versions are TLS_AUTO, TLSv1_0, TLSv1_1, TLSv1_2 and TLSv1_3.

tlsMaxProtocolVersion
string

TLSMaxProtocolVersion defines the maximum TLS protocol version that the sidecar supports. Valid TLS protocol versions are TLS_AUTO, TLSv1_0, TLSv1_1, TLSv1_2 and TLSv1_3.

cipherSuites
[]string

CipherSuites defines a list of ciphers that listener supports when negotiating TLS 1.0-1.2. This setting has no effect when negotiating TLS 1.3. For valid cipher names, see the latest OpenSSL ciphers manual page. E.g. https://www.openssl.org/docs/man1.1.1/apps/ciphers.html.

ecdhCurves
[]string

ECDHCurves defines a list of ECDH curves that TLS connection supports. If not specified, the curves are [X25519, P-256] for non-FIPS build and P-256 for builds using BoringSSL FIPS.

localProxyMode
LocalProxyMode

LocalProxyMode defines the network interface the envoy proxy will use to send traffic to the backend service application. Acceptable values are [Localhost, PodIP]. The default is Localhost

TracingSpec

(Appears on:ObservabilitySpec)

TracingSpec is the type to represent OSM’s tracing configuration.

FieldDescription
enable
bool

Enable defines a boolean indicating if the sidecars are enabled for tracing.

port
int16

Port defines the tracing collector’s port.

address
string

Address defines the tracing collectio’s hostname.

endpoint
string

Endpoint defines the API endpoint for tracing requests sent to the collector.

TrafficSpec

(Appears on:MeshConfigSpec)

TrafficSpec is the type used to represent OSM’s traffic management configuration.

FieldDescription
enableEgress
bool

EnableEgress defines a boolean indicating if mesh-wide Egress is enabled.

outboundIPRangeExclusionList
[]string

OutboundIPRangeExclusionList defines a global list of IP address ranges to exclude from outbound traffic interception by the sidecar proxy.

outboundIPRangeInclusionList
[]string

OutboundIPRangeInclusionList defines a global list of IP address ranges to include for outbound traffic interception by the sidecar proxy. IP addresses outside this range will be excluded from outbound traffic interception by the sidecar proxy.

outboundPortExclusionList
[]int

OutboundPortExclusionList defines a global list of ports to exclude from outbound traffic interception by the sidecar proxy.

inboundPortExclusionList
[]int

InboundPortExclusionList defines a global list of ports to exclude from inbound traffic interception by the sidecar proxy.

enablePermissiveTrafficPolicyMode
bool

EnablePermissiveTrafficPolicyMode defines a boolean indicating if permissive traffic policy mode is enabled mesh-wide.

inboundExternalAuthorization
ExternalAuthzSpec

InboundExternalAuthorization defines a ruleset that, if enabled, will configure a remote external authorization endpoint for all inbound and ingress traffic in the mesh.

networkInterfaceExclusionList
[]string

NetworkInterfaceExclusionList defines a global list of network interface names to exclude from inbound and outbound traffic interception by the sidecar proxy.

TresorProviderSpec

(Appears on:ProviderSpec)

TresorProviderSpec defines the configuration of the Tresor provider

FieldDescription
secretName
string

SecretName specifies the name of the secret storing the root certificate

VaultProviderSpec

(Appears on:ProviderSpec)

VaultProviderSpec defines the configuration of the Vault provider

FieldDescription
host
string

Host specifies the name of the Vault server

role
string

Role specifies the name of the role for use by mesh control plane

protocol
string

Protocol specifies the protocol for connections to Vault

token
string

Token specifies the name of the token to be used by mesh control plane to connect to Vault


Generated with gen-crd-api-reference-docs on git commit 407bbedd5.