From e2c1302216790ed5f69c4c03d9ff8e1b5c709145 Mon Sep 17 00:00:00 2001 From: Marcin Skalski Date: Mon, 16 Jun 2025 09:18:35 +0200 Subject: [PATCH 1/4] fix(oapi): fix generating code from oapi schema (#13732) When we generate oapi schema from proto resource, rest schema needs to be in the same directory as components definition. Thanks to this, we avoid issues with schema referencing. Previously, when we run make check, generate step was failing silently with errors: ``` error loading swagger spec in api/openapi/specs/api.yaml : failed to load OpenAPI specification: error resolving reference "/specs/protoresources/dataplaneoverview/schema.yaml#/components/schemas/DataplaneOverview": open /specs/protoresources/dataplaneoverview/schema.yaml: no such file or directory ``` Which caused skipping of go code generation from `api/openapi/specs/api.yaml` file. With this change we don't reference schema from other locations. We only combine it at the end while generating docs. --------- Signed-off-by: Marcin Skalski --- api/mesh/v1alpha1/dataplaneoverview/rest.yaml | 79 + api/openapi/specs/api.yaml | 106 +- api/openapi/specs/common/error_schema.yaml | 12 + .../types/common/zz_generated.error_schema.go | 6 + api/openapi/types/zz_generated.api.go | 11 +- docs/generated/openapi.yaml | 9250 ++++++++--------- mk/dependencies/deps.lock | 4 + mk/dev.mk | 1 + mk/generate.mk | 2 +- 9 files changed, 4747 insertions(+), 4724 deletions(-) create mode 100644 api/mesh/v1alpha1/dataplaneoverview/rest.yaml diff --git a/api/mesh/v1alpha1/dataplaneoverview/rest.yaml b/api/mesh/v1alpha1/dataplaneoverview/rest.yaml new file mode 100644 index 000000000000..6646bad46c6d --- /dev/null +++ b/api/mesh/v1alpha1/dataplaneoverview/rest.yaml @@ -0,0 +1,79 @@ +openapi: 3.1.0 +info: + version: v1alpha1 + title: Kuma API + description: Kuma API + x-ref-schema-name: "DataplaneOverview" + +paths: + /meshes/{mesh}/dataplanes/{name}/_overview: + get: + operationId: getDataplaneOverview + parameters: + - in: path + name: mesh + required: true + description: The mesh of the DPP to get the diff for. + schema: + type: string + - in: path + name: name + required: true + description: The name of the DPP within the mesh to get the diff for. + schema: + type: string + responses: + '200': + $ref: '#/components/responses/GetDataplaneOverviewResponse' + '400': + $ref: '/specs/base/specs/common/error_schema.yaml#/components/responses/BadRequest' + '500': + $ref: '/specs/base/specs/common/error_schema.yaml#/components/responses/Internal' + /meshes/{mesh}/dataplanes/_overview: + get: + operationId: getDataplaneOverviewList + parameters: + - in: path + name: mesh + required: true + description: The mesh of the DPP to get the diff for. + schema: + type: string + responses: + '200': + $ref: '#/components/responses/GetDataplaneOverviewListResponse' + '400': + $ref: '/specs/base/specs/common/error_schema.yaml#/components/responses/BadRequest' + '500': + $ref: '/specs/base/specs/common/error_schema.yaml#/components/responses/Internal' + +components: + schemas: + DataplaneOverviewWithMeta: + allOf: + - $ref: '/specs/base/specs/common/resource.yaml#/components/schemas/Meta' + - $ref: '/specs/protoresources/dataplaneoverview/schema.yaml#/components/schemas/DataplaneOverview' + + responses: + GetDataplaneOverviewResponse: + description: A response containing the overview of a dataplane. + content: + application/json: + schema: + $ref: '#/components/schemas/DataplaneOverviewWithMeta' + GetDataplaneOverviewListResponse: + description: A response containing the overview of a dataplane. + content: + application/json: + schema: + type: object + properties: + total: + type: integer + example: 200 + next: + type: string + items: + type: array + items: + $ref: '#/components/schemas/DataplaneOverviewWithMeta' diff --git a/api/openapi/specs/api.yaml b/api/openapi/specs/api.yaml index 514d932667d5..8f83d6f7b5f6 100644 --- a/api/openapi/specs/api.yaml +++ b/api/openapi/specs/api.yaml @@ -14,9 +14,9 @@ paths: '200': $ref: '#/components/responses/IndexResponse' '400': - $ref: '#/components/responses/BadRequest' + $ref: './common/error_schema.yaml#/components/responses/BadRequest' '500': - $ref: '#/components/responses/Internal' + $ref: './common/error_schema.yaml#/components/responses/Internal' /_resources: get: operationId: get-resource-type-description @@ -27,9 +27,9 @@ paths: '200': $ref: '#/components/responses/ResourceTypeDescriptionListResponse' '400': - $ref: '#/components/responses/BadRequest' + $ref: './common/error_schema.yaml#/components/responses/BadRequest' '500': - $ref: '#/components/responses/Internal' + $ref: './common/error_schema.yaml#/components/responses/Internal' /global-insight: get: operationId: get-global-insight @@ -40,9 +40,9 @@ paths: '200': $ref: '#/components/responses/GlobalInsightResponse' '400': - $ref: '#/components/responses/BadRequest' + $ref: './common/error_schema.yaml#/components/responses/BadRequest' '500': - $ref: '#/components/responses/Internal' + $ref: './common/error_schema.yaml#/components/responses/Internal' /meshes/{mesh}/{resourceType}/{resourceName}/_rules: get: operationId: inspect-dataplanes-rules @@ -76,49 +76,9 @@ paths: '200': $ref: '#/components/responses/InspectRulesResponse' '400': - $ref: '#/components/responses/BadRequest' + $ref: './common/error_schema.yaml#/components/responses/BadRequest' '500': - $ref: '#/components/responses/Internal' - /meshes/{mesh}/dataplanes/{name}/_overview: - get: - operationId: getDataplaneOverview - parameters: - - in: path - name: mesh - required: true - description: The mesh of the DPP to get the diff for. - schema: - type: string - - in: path - name: name - required: true - description: The name of the DPP within the mesh to get the diff for. - schema: - type: string - responses: - '200': - $ref: '#/components/responses/GetDataplaneOverviewResponse' - '400': - $ref: '#/components/responses/BadRequest' - '500': - $ref: '#/components/responses/Internal' - /meshes/{mesh}/dataplanes/_overview: - get: - operationId: getDataplaneOverviewList - parameters: - - in: path - name: mesh - required: true - description: The mesh of the DPP to get the diff for. - schema: - type: string - responses: - '200': - $ref: '#/components/responses/GetDataplaneOverviewListResponse' - '400': - $ref: '#/components/responses/BadRequest' - '500': - $ref: '#/components/responses/Internal' + $ref: './common/error_schema.yaml#/components/responses/Internal' /meshes/{mesh}/dataplanes/{name}/_config: get: operationId: get-dataplanes-xds-config @@ -158,9 +118,9 @@ paths: '200': $ref: '#/components/responses/GetDataplaneXDSConfigResponse' '400': - $ref: '#/components/responses/BadRequest' + $ref: './common/error_schema.yaml#/components/responses/BadRequest' '500': - $ref: '#/components/responses/Internal' + $ref: './common/error_schema.yaml#/components/responses/Internal' /meshes/{mesh}/{policyType}/{policyName}/_resources/dataplanes: get: operationId: inspect-resources @@ -211,9 +171,9 @@ paths: '200': $ref: '#/components/responses/InspectDataplanesForPolicyResponse' '400': - $ref: '#/components/responses/BadRequest' + $ref: './common/error_schema.yaml#/components/responses/BadRequest' '500': - $ref: '#/components/responses/Internal' + $ref: './common/error_schema.yaml#/components/responses/Internal' /meshes/{mesh}/{serviceType}/{serviceName}/_hostnames: get: operationId: inspect-hostnames @@ -247,11 +207,11 @@ paths: '200': $ref: '#/components/responses/InspectHostnamesResponse' '400': - $ref: '#/components/responses/BadRequest' + $ref: './common/error_schema.yaml#/components/responses/BadRequest' '404': $ref: "./common/error_schema.yaml#/components/responses/NotFound" '500': - $ref: '#/components/responses/Internal' + $ref: './common/error_schema.yaml#/components/responses/Internal' security: - BasicAuth: [] - BearerAuth: [] @@ -316,10 +276,6 @@ components: type: array items: $ref: './common/resource.yaml#/components/schemas/Meta' - DataplaneOverviewWithMeta: - allOf: - - $ref: './common/resource.yaml#/components/schemas/Meta' - - $ref: '/specs/protoresources/dataplaneoverview/schema.yaml#/components/schemas/DataplaneOverview' DataplaneXDSConfig: type: object title: DataplaneXDSConfig @@ -604,28 +560,6 @@ components: application/json: schema: $ref: '#/components/schemas/DataplaneXDSConfig' - GetDataplaneOverviewResponse: - description: A response containing the overview of a dataplane. - content: - application/json: - schema: - $ref: '#/components/schemas/DataplaneOverviewWithMeta' - GetDataplaneOverviewListResponse: - description: A response containing the overview of a dataplane. - content: - application/json: - schema: - type: object - properties: - total: - type: integer - example: 200 - next: - type: string - items: - type: array - items: - $ref: '#/components/schemas/DataplaneOverviewWithMeta' InspectRulesResponse: description: A response containing policies that match a resource content: @@ -641,18 +575,6 @@ components: examples: ResponseForHostnames: $ref: '#/components/examples/InspectHostnamesExample' - BadRequest: - description: Bad Request - content: - application/problem+json: - schema: - $ref: './common/error_schema.yaml#/components/schemas/Error' - Internal: - description: Internal Server Error - content: - application/problem+json: - schema: - $ref: './common/error_schema.yaml#/components/schemas/Error' examples: GlobalInsightExample: value: diff --git a/api/openapi/specs/common/error_schema.yaml b/api/openapi/specs/common/error_schema.yaml index c950b10596b1..3b2bd6c81fe0 100644 --- a/api/openapi/specs/common/error_schema.yaml +++ b/api/openapi/specs/common/error_schema.yaml @@ -77,3 +77,15 @@ components: application/problem+json: schema: $ref: '#/components/schemas/NotFoundError' + Internal: + description: Internal Server Error + content: + application/problem+json: + schema: + $ref: '#/components/schemas/Error' + BadRequest: + description: Bad Request + content: + application/problem+json: + schema: + $ref: '#/components/schemas/Error' diff --git a/api/openapi/types/common/zz_generated.error_schema.go b/api/openapi/types/common/zz_generated.error_schema.go index 17a62abb1bf0..11fa46672946 100644 --- a/api/openapi/types/common/zz_generated.error_schema.go +++ b/api/openapi/types/common/zz_generated.error_schema.go @@ -44,5 +44,11 @@ type NotFoundError struct { Type *interface{} `json:"type,omitempty"` } +// BadRequest standard error +type BadRequest = Error + +// Internal standard error +type Internal = Error + // NotFound defines model for NotFound. type NotFound = NotFoundError diff --git a/api/openapi/types/zz_generated.api.go b/api/openapi/types/zz_generated.api.go index 77c117963956..6ab1075e3ae1 100644 --- a/api/openapi/types/zz_generated.api.go +++ b/api/openapi/types/zz_generated.api.go @@ -9,6 +9,11 @@ import ( externalRef0 "github.com/kumahq/kuma/api/openapi/types/common" ) +const ( + BasicAuthScopes = "BasicAuth.Scopes" + BearerAuthScopes = "BearerAuth.Scopes" +) + // Defines values for GetDataplanesXdsConfigParamsInclude. const ( Diff GetDataplanesXdsConfigParamsInclude = "diff" @@ -196,9 +201,6 @@ type SchemasGlobalInsight struct { Zones ZonesStats `json:"zones"` } -// BadRequest standard error -type BadRequest = externalRef0.Error - // GetDataplaneXDSConfigResponse defines model for GetDataplaneXDSConfigResponse. type GetDataplaneXDSConfigResponse = DataplaneXDSConfig @@ -217,9 +219,6 @@ type InspectHostnamesResponse = InspectHostnames // InspectRulesResponse A list of rules for a dataplane type InspectRulesResponse = InspectRules -// Internal standard error -type Internal = externalRef0.Error - // ResourceTypeDescriptionListResponse A list of all resources install type ResourceTypeDescriptionListResponse = ResourceTypeDescriptionList diff --git a/docs/generated/openapi.yaml b/docs/generated/openapi.yaml index 6a75454af00e..b03510db4bd0 100644 --- a/docs/generated/openapi.yaml +++ b/docs/generated/openapi.yaml @@ -85,46 +85,6 @@ paths: $ref: '#/components/responses/BadRequest' '500': $ref: '#/components/responses/Internal' - /meshes/{mesh}/dataplanes/{name}/_overview: - get: - operationId: getDataplaneOverview - parameters: - - in: path - name: mesh - required: true - description: The mesh of the DPP to get the diff for. - schema: - type: string - - in: path - name: name - required: true - description: The name of the DPP within the mesh to get the diff for. - schema: - type: string - responses: - '200': - $ref: '#/components/responses/GetDataplaneOverviewResponse' - '400': - $ref: '#/components/responses/BadRequest' - '500': - $ref: '#/components/responses/Internal' - /meshes/{mesh}/dataplanes/_overview: - get: - operationId: getDataplaneOverviewList - parameters: - - in: path - name: mesh - required: true - description: The mesh of the DPP to get the diff for. - schema: - type: string - responses: - '200': - $ref: '#/components/responses/GetDataplaneOverviewListResponse' - '400': - $ref: '#/components/responses/BadRequest' - '500': - $ref: '#/components/responses/Internal' /meshes/{mesh}/dataplanes/{name}/_config: get: operationId: get-dataplanes-xds-config @@ -2575,6 +2535,46 @@ paths: responses: '200': $ref: '#/components/responses/DataplaneList' + /meshes/{mesh}/dataplanes/{name}/_overview: + get: + operationId: getDataplaneOverview + parameters: + - in: path + name: mesh + required: true + description: The mesh of the DPP to get the diff for. + schema: + type: string + - in: path + name: name + required: true + description: The name of the DPP within the mesh to get the diff for. + schema: + type: string + responses: + '200': + $ref: '#/components/responses/GetDataplaneOverviewResponse' + '400': + $ref: '#/components/responses/BadRequest' + '500': + $ref: '#/components/responses/Internal' + /meshes/{mesh}/dataplanes/_overview: + get: + operationId: getDataplaneOverviewList + parameters: + - in: path + name: mesh + required: true + description: The mesh of the DPP to get the diff for. + schema: + type: string + responses: + '200': + $ref: '#/components/responses/GetDataplaneOverviewListResponse' + '400': + $ref: '#/components/responses/BadRequest' + '500': + $ref: '#/components/responses/Internal' /meshes/{name}: get: operationId: getMesh @@ -3408,10 +3408,6 @@ components: type: array items: $ref: '#/components/schemas/Meta' - DataplaneOverviewWithMeta: - allOf: - - $ref: '#/components/schemas/Meta' - - $ref: '#/components/schemas/DataplaneOverview' DataplaneXDSConfig: type: object title: DataplaneXDSConfig @@ -4038,1951 +4034,1072 @@ components: match: type: object x-go-type: interface{} - PrometheusMetricsBackendConfig: + JsonPatchItem: + type: object + required: + - op + - path + - value properties: - aggregate: - description: >- - Map with the configuration of applications which metrics are going - to be - - scrapped by kuma-dp. - items: - description: >- - PrometheusAggregateMetricsConfig defines endpoints that should be - scrapped by kuma-dp for prometheus metrics. - properties: - address: - description: >- - Address on which a service expose HTTP endpoint with - Prometheus metrics. - type: string - enabled: - description: >- - If false then the application won't be scrapped. If nil, then - it is treated - - as true and kuma-dp scrapes metrics from the service. - type: boolean - name: - description: Name which identify given configuration. - type: string - path: - description: >- - Path on which a service expose HTTP endpoint with Prometheus - metrics. - type: string - port: - description: >- - Port on which a service expose HTTP endpoint with Prometheus - metrics. - type: integer - type: object - type: array - envoy: - description: Configuration of Envoy's metrics. - properties: - filterRegex: - description: >- - FilterRegex value that is going to be passed to Envoy for - filtering - - Envoy metrics. - type: string - usedOnly: - description: >- - If true then return metrics that Envoy has updated (counters - incremented - - at least once, gauges changed at least once, and histograms - added to at - - least once). If nil, then it is treated as false. - type: boolean - type: object + op: + type: string + description: Operation to be performed. + enum: + - add + - remove + - test path: - description: >- - Path on which a dataplane should expose HTTP endpoint with - Prometheus - - metrics. type: string - port: description: >- - Port on which a dataplane should expose HTTP endpoint with - Prometheus - - metrics. - type: integer - skipMTLS: + A JSON Pointer path indicating the part of the document to operate + on. + value: + description: The value to be used within the operations. + NotFoundError: + allOf: + - $ref: '#/components/schemas/Error' + - type: object + properties: + status: + example: 404 + title: + example: Not Found + type: + example: https://httpstatuses.com/404 + instance: + example: kong:trace:1234567890 + detail: + example: Not found + MeshAccessLogItem: + type: object + required: + - type + - name + - spec + properties: + type: + description: the type of the resource + type: string + enum: + - MeshAccessLog + mesh: description: >- - If true then endpoints for scraping metrics won't require mTLS even - if mTLS - - is enabled in Mesh. If nil, then it is treated as false. - type: boolean - tags: + Mesh is the name of the Kuma mesh this resource belongs to. It may + be omitted for cluster-scoped resources. + type: string + default: default + name: + description: Name of the Kuma resource + type: string + labels: additionalProperties: type: string - description: >- - Tags associated with an application this dataplane is deployed next - to, - - e.g. service=web, version=1.0. - - `service` tag is mandatory. + description: The labels to help identity resources type: object - tls: - description: Configuration of TLS for prometheus listener. + spec: + description: Spec is the specification of the Kuma MeshAccessLog resource. properties: - mode: + from: description: >- - mode defines how configured is the TLS for Prometheus. + From list makes a match between clients and corresponding + configurations + items: + properties: + default: + description: >- + Default is a configuration specific to the group of + clients referenced in - Supported values, delegated, disabled, activeMTLSBackend. - Default to - - `activeMTLSBackend`. - oneOf: - - type: string - - type: integer - type: object - type: object - DataplaneOverview: - properties: - dataplane: - properties: - metrics: - description: >- - Configuration for metrics that should be collected and exposed - by the - - data plane proxy. + 'targetRef' + properties: + backends: + items: + properties: + file: + description: >- + FileBackend defines configuration for file based + access logs + properties: + format: + description: >- + Format of access logs. Placeholders + available on + https://www.envoyproxy.io/docs/envoy/latest/configuration/observability/access_log/usage#command-operators + properties: + json: + example: + - key: start_time + value: '%START_TIME%' + - key: bytes_received + value: '%BYTES_RECEIVED%' + items: + properties: + key: + type: string + value: + type: string + required: + - key + - value + type: object + type: array + omitEmptyValues: + default: false + type: boolean + plain: + example: >- + [%START_TIME%] %KUMA_MESH% + %UPSTREAM_HOST% + type: string + type: + enum: + - Plain + - Json + type: string + required: + - type + type: object + path: + description: Path to a file that logs will be written to + example: /tmp/access.log + minLength: 1 + type: string + required: + - path + type: object + openTelemetry: + description: Defines an OpenTelemetry logging backend. + properties: + attributes: + description: >- + Attributes can contain placeholders + available on - Settings defined here will override their respective defaults + https://www.envoyproxy.io/docs/envoy/latest/configuration/observability/access_log/usage#command-operators + example: + - key: mesh + value: '%KUMA_MESH%' + items: + properties: + key: + type: string + value: + type: string + required: + - key + - value + type: object + type: array + body: + description: >- + Body is a raw string or an OTLP any value as + described at - defined at a Mesh level. - properties: - conf: - oneOf: - - $ref: '#/components/schemas/PrometheusMetricsBackendConfig' - type: object - name: - description: >- - Name of the backend, can be then used in - Mesh.metrics.enabledBackend - type: string - type: - description: Type of the backend (Kuma ships with 'prometheus') - type: string - type: object - networking: - description: >- - Networking describes inbound and outbound interfaces of the data - plane + https://github.com/open-telemetry/opentelemetry-specification/blob/main/specification/logs/data-model.md#field-body - proxy. - properties: - address: - description: >- - IP on which the data plane proxy is accessible to the - control plane and + It can contain placeholders available on - other data plane proxies in the same network. This can also - be a + https://www.envoyproxy.io/docs/envoy/latest/configuration/observability/access_log/usage#command-operators + example: + kvlistValue: + values: + - key: mesh + value: + stringValue: '%KUMA_MESH%' + x-kubernetes-preserve-unknown-fields: true + endpoint: + description: >- + Endpoint of OpenTelemetry collector. An + empty port defaults to 4317. + example: otel-collector:4317 + minLength: 1 + type: string + required: + - endpoint + type: object + tcp: + description: TCPBackend defines a TCP logging backend. + properties: + address: + description: Address of the TCP logging backend + example: 127.0.0.1:5000 + minLength: 1 + type: string + format: + description: >- + Format of access logs. Placeholders + available on - hostname, in which case the control plane will periodically - resolve it. - type: string - admin: - description: >- - Admin describes configuration related to Envoy Admin API. + https://www.envoyproxy.io/docs/envoy/latest/configuration/observability/access_log/usage#command-operators + properties: + json: + example: + - key: start_time + value: '%START_TIME%' + - key: bytes_received + value: '%BYTES_RECEIVED%' + items: + properties: + key: + type: string + value: + type: string + required: + - key + - value + type: object + type: array + omitEmptyValues: + default: false + type: boolean + plain: + example: >- + [%START_TIME%] %KUMA_MESH% + %UPSTREAM_HOST% + type: string + type: + enum: + - Plain + - Json + type: string + required: + - type + type: object + required: + - address + type: object + type: + enum: + - Tcp + - File + - OpenTelemetry + type: string + required: + - type + type: object + type: array + type: object + targetRef: + description: >- + TargetRef is a reference to the resource that represents a + group of - Due to security, all the Envoy Admin endpoints are exposed - only on + clients. + properties: + kind: + description: Kind of the referenced resource + enum: + - Mesh + - MeshSubset + - MeshGateway + - MeshService + - MeshExternalService + - MeshMultiZoneService + - MeshServiceSubset + - MeshHTTPRoute + - Dataplane + type: string + labels: + additionalProperties: + type: string + description: >- + Labels are used to select group of MeshServices that + match labels. Either Labels or - localhost. Additionally, Envoy will expose `/ready` endpoint - on + Name and Namespace can be used. + type: object + mesh: + description: >- + Mesh is reserved for future use to identify cross mesh + resources. + type: string + name: + description: >- + Name of the referenced resource. Can only be used with + kinds: `MeshService`, - `networking.address` for health checking systems to be able - to check the + `MeshServiceSubset` and `MeshGatewayRoute` + type: string + namespace: + description: >- + Namespace specifies the namespace of target resource. + If empty only resources in policy namespace - state of Envoy. The rest of the endpoints exposed on - `networking.address` - - are always protected by mTLS and only meant to be consumed - internally by - - the control plane. - properties: - port: - description: Port on which Envoy Admin API server will be listening - type: integer - type: object - advertisedAddress: - description: >- - In some situations, a data plane proxy resides in a private - network (e.g. - - Docker) and is not reachable via `address` to other data - plane proxies. - - `advertisedAddress` is configured with a routable address - for such data - - plane proxy so that other proxies in the mesh can connect to - it over - - `advertisedAddress` and not via address. + will be targeted. + type: string + proxyTypes: + description: >- + ProxyTypes specifies the data plane types that are + subject to the policy. When not specified, + all data plane types are targeted by the policy. + items: + enum: + - Sidecar + - Gateway + type: string + type: array + sectionName: + description: >- + SectionName is used to target specific section of + resource. - Envoy still binds to the `address`, not `advertisedAddress`. - type: string - gateway: - description: >- - Gateway describes a configuration of the gateway of the data - plane proxy. - properties: - tags: - additionalProperties: + For example, you can target port from + MeshService.ports[] by its name. Only traffic to this + port will be affected. type: string - description: >- - Tags associated with a gateway of this data plane to, - e.g. - - `kuma.io/service=gateway`, `env=prod`. `kuma.io/service` - tag is - - mandatory. - type: object - type: - description: >- - Type of gateway this data plane proxy manages. - - There are two types: `DELEGATED` and `BUILTIN`. Defaults - to - - `DELEGATED`. - - - A `DELEGATED` gateway is an independently deployed proxy - (e.g., Kong, - - Contour, etc) that receives inbound traffic that is not - proxied by - - Kuma, and it sends outbound traffic into the data plane - proxy. - - - The `BUILTIN` gateway type causes the data plane proxy - itself to be - - configured as a gateway. - - - See https://kuma.io/docs/latest/explore/gateway/ for - more information. - oneOf: - - type: string - - type: integer - type: object - inbound: - description: >- - Inbound describes a list of inbound interfaces of the data - plane proxy. - - - Inbound describes a service implemented by the data plane - proxy. - - All incoming traffic to a data plane proxy is going through - inbound + tags: + additionalProperties: + type: string + description: >- + Tags used to select a subset of proxies by tags. Can + only be used with kinds - listeners. For every defined Inbound there is a - corresponding Envoy + `MeshSubset` and `MeshServiceSubset` + type: object + required: + - kind + type: object + required: + - default + - targetRef + type: object + type: array + rules: + description: >- + Rules defines inbound access log configurations. Currently + limited to - Listener. - items: + selecting all inbound traffic, as L7 matching is not yet + implemented. + items: + properties: + default: description: >- - Inbound describes a service implemented by the data plane - proxy. + Default contains configuration of the inbound access + logging properties: - address: - description: |- - Address on which inbound listener will be exposed. - Defaults to `networking.address`. - type: string - health: - description: >- - Health describes the status of an inbound. - - If 'health' is nil we consider data plane proxy as - healthy. - - Unhealthy data plane proxies are excluded from - Endpoints Discovery - - Service (EDS). On Kubernetes, it is filled - automatically by the control - - plane if Pod has readiness probe configured. On - Universal, it can be - - set by the external health checking system, but the - most common way is + backends: + items: + properties: + file: + description: >- + FileBackend defines configuration for file based + access logs + properties: + format: + description: >- + Format of access logs. Placeholders + available on - to use service probes. + https://www.envoyproxy.io/docs/envoy/latest/configuration/observability/access_log/usage#command-operators + properties: + json: + example: + - key: start_time + value: '%START_TIME%' + - key: bytes_received + value: '%BYTES_RECEIVED%' + items: + properties: + key: + type: string + value: + type: string + required: + - key + - value + type: object + type: array + omitEmptyValues: + default: false + type: boolean + plain: + example: >- + [%START_TIME%] %KUMA_MESH% + %UPSTREAM_HOST% + type: string + type: + enum: + - Plain + - Json + type: string + required: + - type + type: object + path: + description: Path to a file that logs will be written to + example: /tmp/access.log + minLength: 1 + type: string + required: + - path + type: object + openTelemetry: + description: Defines an OpenTelemetry logging backend. + properties: + attributes: + description: >- + Attributes can contain placeholders + available on + https://www.envoyproxy.io/docs/envoy/latest/configuration/observability/access_log/usage#command-operators + example: + - key: mesh + value: '%KUMA_MESH%' + items: + properties: + key: + type: string + value: + type: string + required: + - key + - value + type: object + type: array + body: + description: >- + Body is a raw string or an OTLP any value as + described at - See https://kuma.io/docs/latest/documentation/health - for more + https://github.com/open-telemetry/opentelemetry-specification/blob/main/specification/logs/data-model.md#field-body - information. - properties: - ready: - description: >- - Ready indicates if the data plane proxy is ready - to serve the + It can contain placeholders available on - traffic. - type: boolean - type: object - name: - description: >- - Name adds another way of referencing this port, usable - with MeshService - type: string - port: - description: >- - Port of the inbound interface that will forward - requests to the - - service. - - - When transparent proxying is used, it is a port on - which the service is - - listening to. When transparent proxying is not used, - Envoy will bind to - - this port. - type: integer - serviceAddress: - description: >- - Address of the service that requests will be forwarded - to. + https://www.envoyproxy.io/docs/envoy/latest/configuration/observability/access_log/usage#command-operators + example: + kvlistValue: + values: + - key: mesh + value: + stringValue: '%KUMA_MESH%' + x-kubernetes-preserve-unknown-fields: true + endpoint: + description: >- + Endpoint of OpenTelemetry collector. An + empty port defaults to 4317. + example: otel-collector:4317 + minLength: 1 + type: string + required: + - endpoint + type: object + tcp: + description: TCPBackend defines a TCP logging backend. + properties: + address: + description: Address of the TCP logging backend + example: 127.0.0.1:5000 + minLength: 1 + type: string + format: + description: >- + Format of access logs. Placeholders + available on - Defaults to 'inbound.address', since Kuma DP should be - deployed next + https://www.envoyproxy.io/docs/envoy/latest/configuration/observability/access_log/usage#command-operators + properties: + json: + example: + - key: start_time + value: '%START_TIME%' + - key: bytes_received + value: '%BYTES_RECEIVED%' + items: + properties: + key: + type: string + value: + type: string + required: + - key + - value + type: object + type: array + omitEmptyValues: + default: false + type: boolean + plain: + example: >- + [%START_TIME%] %KUMA_MESH% + %UPSTREAM_HOST% + type: string + type: + enum: + - Plain + - Json + type: string + required: + - type + type: object + required: + - address + type: object + type: + enum: + - Tcp + - File + - OpenTelemetry + type: string + required: + - type + type: object + type: array + type: object + required: + - default + type: object + type: array + targetRef: + description: >- + TargetRef is a reference to the resource the policy takes an + effect on. - to the service. - type: string - servicePort: - description: >- - Port of the service that requests will be forwarded - to. + The resource could be either a real store object or virtual + resource - Defaults to the same value as `port`. - type: integer - serviceProbe: - description: >- - ServiceProbe defines parameters for probing the - service next to + defined in-place. + properties: + kind: + description: Kind of the referenced resource + enum: + - Mesh + - MeshSubset + - MeshGateway + - MeshService + - MeshExternalService + - MeshMultiZoneService + - MeshServiceSubset + - MeshHTTPRoute + - Dataplane + type: string + labels: + additionalProperties: + type: string + description: >- + Labels are used to select group of MeshServices that match + labels. Either Labels or - sidecar. When service probe is defined, Envoy will - periodically health + Name and Namespace can be used. + type: object + mesh: + description: >- + Mesh is reserved for future use to identify cross mesh + resources. + type: string + name: + description: >- + Name of the referenced resource. Can only be used with + kinds: `MeshService`, - check the application next to it and report the status - to the control + `MeshServiceSubset` and `MeshGatewayRoute` + type: string + namespace: + description: >- + Namespace specifies the namespace of target resource. If + empty only resources in policy namespace - plane. On Kubernetes, Kuma deployments rely on - Kubernetes probes so + will be targeted. + type: string + proxyTypes: + description: >- + ProxyTypes specifies the data plane types that are subject + to the policy. When not specified, - this is not used. + all data plane types are targeted by the policy. + items: + enum: + - Sidecar + - Gateway + type: string + type: array + sectionName: + description: >- + SectionName is used to target specific section of resource. + For example, you can target port from MeshService.ports[] by + its name. Only traffic to this port will be affected. + type: string + tags: + additionalProperties: + type: string + description: >- + Tags used to select a subset of proxies by tags. Can only be + used with kinds - See https://kuma.io/docs/latest/documentation/health - for more + `MeshSubset` and `MeshServiceSubset` + type: object + required: + - kind + type: object + to: + description: >- + To list makes a match between the consumed services and + corresponding configurations + items: + properties: + default: + description: >- + Default is a configuration specific to the group of + destinations referenced in - information. - properties: - healthyThreshold: - description: >- - Number of consecutive healthy checks before - considering a host + 'targetRef' + properties: + backends: + items: + properties: + file: + description: >- + FileBackend defines configuration for file based + access logs + properties: + format: + description: >- + Format of access logs. Placeholders + available on - healthy. - format: uint32 - type: integer - interval: - description: Interval between consecutive health checks. - properties: - nanos: - type: integer - seconds: - type: integer - type: object - tcp: - description: >- - Tcp checker tries to establish tcp connection with - destination - properties: {} - type: object - timeout: - description: Maximum time to wait for a health check response. - properties: - nanos: - type: integer - seconds: - type: integer - type: object - unhealthyThreshold: - description: >- - Number of consecutive unhealthy checks before - considering a host + https://www.envoyproxy.io/docs/envoy/latest/configuration/observability/access_log/usage#command-operators + properties: + json: + example: + - key: start_time + value: '%START_TIME%' + - key: bytes_received + value: '%BYTES_RECEIVED%' + items: + properties: + key: + type: string + value: + type: string + required: + - key + - value + type: object + type: array + omitEmptyValues: + default: false + type: boolean + plain: + example: >- + [%START_TIME%] %KUMA_MESH% + %UPSTREAM_HOST% + type: string + type: + enum: + - Plain + - Json + type: string + required: + - type + type: object + path: + description: Path to a file that logs will be written to + example: /tmp/access.log + minLength: 1 + type: string + required: + - path + type: object + openTelemetry: + description: Defines an OpenTelemetry logging backend. + properties: + attributes: + description: >- + Attributes can contain placeholders + available on - unhealthy. - format: uint32 - type: integer - type: object - state: - description: State describes the current state of the listener. - oneOf: - - type: string - - type: integer - tags: - additionalProperties: - type: string - description: >- - Tags associated with an application this data plane - proxy is deployed + https://www.envoyproxy.io/docs/envoy/latest/configuration/observability/access_log/usage#command-operators + example: + - key: mesh + value: '%KUMA_MESH%' + items: + properties: + key: + type: string + value: + type: string + required: + - key + - value + type: object + type: array + body: + description: >- + Body is a raw string or an OTLP any value as + described at - next to, e.g. `kuma.io/service=web`, `version=1.0`. - You can then + https://github.com/open-telemetry/opentelemetry-specification/blob/main/specification/logs/data-model.md#field-body - reference these tags in policies like - MeshTrafficPermission. + It can contain placeholders available on - `kuma.io/service` tag is mandatory. - type: object - type: object - type: array - outbound: - description: >- - Outbound describes a list of services consumed by the data - plane proxy. + https://www.envoyproxy.io/docs/envoy/latest/configuration/observability/access_log/usage#command-operators + example: + kvlistValue: + values: + - key: mesh + value: + stringValue: '%KUMA_MESH%' + x-kubernetes-preserve-unknown-fields: true + endpoint: + description: >- + Endpoint of OpenTelemetry collector. An + empty port defaults to 4317. + example: otel-collector:4317 + minLength: 1 + type: string + required: + - endpoint + type: object + tcp: + description: TCPBackend defines a TCP logging backend. + properties: + address: + description: Address of the TCP logging backend + example: 127.0.0.1:5000 + minLength: 1 + type: string + format: + description: >- + Format of access logs. Placeholders + available on - For every defined Outbound, there is a corresponding Envoy - Listener. - items: + https://www.envoyproxy.io/docs/envoy/latest/configuration/observability/access_log/usage#command-operators + properties: + json: + example: + - key: start_time + value: '%START_TIME%' + - key: bytes_received + value: '%BYTES_RECEIVED%' + items: + properties: + key: + type: string + value: + type: string + required: + - key + - value + type: object + type: array + omitEmptyValues: + default: false + type: boolean + plain: + example: >- + [%START_TIME%] %KUMA_MESH% + %UPSTREAM_HOST% + type: string + type: + enum: + - Plain + - Json + type: string + required: + - type + type: object + required: + - address + type: object + type: + enum: + - Tcp + - File + - OpenTelemetry + type: string + required: + - type + type: object + type: array + type: object + targetRef: description: >- - Outbound describes a service consumed by the data plane - proxy. + TargetRef is a reference to the resource that represents a + group of + + destinations. properties: - address: + kind: + description: Kind of the referenced resource + enum: + - Mesh + - MeshSubset + - MeshGateway + - MeshService + - MeshExternalService + - MeshMultiZoneService + - MeshServiceSubset + - MeshHTTPRoute + - Dataplane + type: string + labels: + additionalProperties: + type: string description: >- - IP on which the consumed service will be available to - this data plane + Labels are used to select group of MeshServices that + match labels. Either Labels or - proxy. On Kubernetes, it's usually ClusterIP of a - Service or PodIP of a + Name and Namespace can be used. + type: object + mesh: + description: >- + Mesh is reserved for future use to identify cross mesh + resources. + type: string + name: + description: >- + Name of the referenced resource. Can only be used with + kinds: `MeshService`, - Headless Service. Defaults to 127.0.0.1 + `MeshServiceSubset` and `MeshGatewayRoute` type: string - backendRef: - description: |- - BackendRef is a way to target MeshService. - Experimental. Do not use on production yet. - properties: - kind: - description: >- - Kind is a type of the object to target. Allowed: - MeshService - type: string - labels: - additionalProperties: - type: string - description: >- - Labels to select a single object. + namespace: + description: >- + Namespace specifies the namespace of target resource. + If empty only resources in policy namespace - If no object is selected then outbound is not - created. + will be targeted. + type: string + proxyTypes: + description: >- + ProxyTypes specifies the data plane types that are + subject to the policy. When not specified, - If multiple objects are selected then the oldest - one is used. - type: object - name: - description: Name of the targeted object - type: string - port: - description: >- - Port of the targeted object. Required when kind is - MeshService. - type: integer - type: object - port: + all data plane types are targeted by the policy. + items: + enum: + - Sidecar + - Gateway + type: string + type: array + sectionName: description: >- - Port on which the consumed service will be available - to this data plane - - proxy. When transparent proxying is not used, Envoy - will bind to this + SectionName is used to target specific section of + resource. - port. - type: integer + For example, you can target port from + MeshService.ports[] by its name. Only traffic to this + port will be affected. + type: string tags: additionalProperties: type: string description: >- - Tags of consumed data plane proxies. + Tags used to select a subset of proxies by tags. Can + only be used with kinds - `kuma.io/service` tag is required. + `MeshSubset` and `MeshServiceSubset` + type: object + required: + - kind + type: object + required: + - default + - targetRef + type: object + type: array + type: object + creationTime: + readOnly: true + type: string + description: Time at which the resource was created + format: date-time + example: '0001-01-01T00:00:00Z' + modificationTime: + readOnly: true + type: string + description: Time at which the resource was updated + format: date-time + example: '0001-01-01T00:00:00Z' + MeshAccessLogCreateOrUpdateSuccessResponse: + type: object + properties: + warnings: + type: array + readOnly: true + description: > + warnings is a list of warning messages to return to the requesting + Kuma API clients. - These tags can then be referenced in `destinations` - section of policies + Warning messages describe a problem the client making the API + request should correct or be aware of. + items: + type: string + MeshAccessLogDeleteSuccessResponse: + type: object + properties: {} + MeshCircuitBreakerItem: + type: object + required: + - type + - name + - spec + properties: + type: + description: the type of the resource + type: string + enum: + - MeshCircuitBreaker + mesh: + description: >- + Mesh is the name of the Kuma mesh this resource belongs to. It may + be omitted for cluster-scoped resources. + type: string + default: default + name: + description: Name of the Kuma resource + type: string + labels: + additionalProperties: + type: string + description: The labels to help identity resources + type: object + spec: + description: Spec is the specification of the Kuma MeshCircuitBreaker resource. + properties: + from: + description: >- + From list makes a match between clients and corresponding + configurations + items: + properties: + default: + description: >- + Default is a configuration specific to the group of + destinations - like TrafficRoute or in `to` section in policies like - MeshAccessLog. It + referenced in 'targetRef' + properties: + connectionLimits: + description: >- + ConnectionLimits contains configuration of each + circuit breaking limit, - is recommended to only use `kuma.io/service`. If you - need to consume + which when exceeded makes the circuit breaker to + become open (no traffic - specific data plane proxy of a service (for example: - `version=v2`) the + is allowed like no current is allowed in the circuits + when physical - better practice is to use TrafficRoute. - type: object - type: object - type: array - transparentProxying: - description: >- - TransparentProxying describes the configuration for - transparent proxying. + circuit breaker ir open) + properties: + maxConnectionPools: + description: >- + The maximum number of connection pools per cluster + that are concurrently - It is used by default on Kubernetes. - properties: - directAccessServices: - description: >- - List of services that will be accessed directly via - IP:PORT + supported at once. Set this for clusters which + create a large number of - Use `*` to indicate direct access to every service in - the Mesh. + connection pools. + format: int32 + type: integer + maxConnections: + description: >- + The maximum number of connections allowed to be + made to the upstream - Using `*` to directly access every service is a - resource-intensive + cluster. + format: int32 + type: integer + maxPendingRequests: + description: >- + The maximum number of pending requests that are + allowed to the upstream - operation, use it only if needed. - items: - type: string - type: array - ipFamilyMode: - description: >- - The IP family mode to enable for. Can be "IPv4" or - "DualStack". - oneOf: - - type: string - - type: integer - reachableBackends: - description: >- - Reachable backend via transparent proxy when running - with + cluster. This limit is applied as a connection + limit for non-HTTP - MeshExternalService, MeshService and - MeshMultiZoneService. Setting an + traffic. + format: int32 + type: integer + maxRequests: + description: >- + The maximum number of parallel requests that are + allowed to be made - explicit list of refs can dramatically improve the - performance of the + to the upstream cluster. This limit does not apply + to non-HTTP traffic. + format: int32 + type: integer + maxRetries: + description: >- + The maximum number of parallel retries that will + be allowed to - mesh. If not specified, all services in the mesh are - reachable. - properties: - refs: - items: - properties: - kind: - description: "Type of the backend: MeshService or MeshExternalService\n\n\t+required" - type: string - labels: - additionalProperties: - type: string - description: "Labels used to select backends\n\n\t+optional" - type: object - name: - description: "Name of the backend.\n\n\t+optional" - type: string - namespace: - description: "Namespace of the backend. Might be empty\n\n\t+optional" - type: string - port: - description: "Port of the backend.\n\n\t+optional" - format: uint32 - type: integer - type: object - type: array - type: object - reachableServices: - description: >- - List of reachable services (represented by the value of + the upstream cluster. + format: int32 + type: integer + type: object + outlierDetection: + description: >- + OutlierDetection contains the configuration of the + process of dynamically - `kuma.io/service`) via transparent proxying. Setting an - explicit list + determining whether some number of hosts in an + upstream cluster are - can dramatically improve the performance of the mesh. If - not specified, + performing unlike the others and removing them from + the healthy load - all services in the mesh are reachable. - items: - type: string - type: array - redirectPortInbound: - description: >- - Port on which all inbound traffic is being transparently - redirected. - type: integer - redirectPortOutbound: - description: >- - Port on which all outbound traffic is being - transparently redirected. - type: integer - type: object - type: object - probes: - description: >- - Probes describe a list of endpoints that will be exposed without - mTLS. + balancing set. Performance might be along different + axes such as - This is useful to expose the health endpoints of the application - so the + consecutive failures, temporal success rate, temporal + latency, etc. - orchestration system (e.g. Kubernetes) can still health check - the + Outlier detection is a form of passive health + checking. + properties: + baseEjectionTime: + description: >- + The base time that a host is ejected for. The real + time is equal to - application. + the base time multiplied by the number of times + the host has been + ejected. + type: string + detectors: + description: >- + Contains configuration for supported outlier + detectors + properties: + failurePercentage: + description: >- + Failure Percentage based outlier detection + functions similarly to success - See + rate detection, in that it relies on success + rate data from each host in - https://kuma.io/docs/latest/policies/service-health-probes/#virtual-probes + a cluster. However, rather than compare those + values to the mean success - for more information. + rate of the cluster as a whole, they are + compared to a flat - Deprecated: this feature will be removed for Universal; on - Kubernetes, it's + user-configured threshold. This threshold is + configured via the - not needed anymore. - properties: - endpoints: - description: List of endpoints to expose without mTLS. - items: - properties: - inboundPath: - description: >- - Inbound path is a path of the application from which - we expose the + outlierDetection.failurePercentageThreshold + field. - endpoint. It is recommended to be as specific as - possible. - type: string - inboundPort: - description: >- - Inbound port is a port of the application from which - we expose the + The other configuration fields for failure + percentage based detection are - endpoint. - type: integer - path: - description: >- - Path is a path on which we expose inbound path on the - probes port. - type: string - type: object - type: array - port: - description: >- - Port on which the probe endpoints will be exposed. This - cannot overlap + similar to the fields for success rate + detection. As with success rate - with any other ports. - type: integer - type: object - type: object - dataplaneInsight: - properties: - mTLS: - description: Insights about mTLS for Dataplane. - properties: - certificateExpirationTime: - description: >- - Expiration time of the last certificate that was generated - for a + detection, detection will not be performed for + a host if its request - Dataplane. - properties: - nanos: - type: integer - seconds: - type: integer - type: object - certificateRegenerations: - description: Number of certificate regenerations for a Dataplane. - type: integer - issuedBackend: - description: Backend that was used to generate current certificate - type: string - lastCertificateRegeneration: - description: Time on which the last certificate was generated. - properties: - nanos: - type: integer - seconds: - type: integer - type: object - supportedBackends: - description: Supported backends (CA). - items: - type: string - type: array - type: object - metadata: - properties: {} - type: object - subscriptions: - description: List of ADS subscriptions created by a given Dataplane. - items: - description: >- - DiscoverySubscription describes a single ADS subscription - created by a Dataplane to the Control Plane. - properties: - connectTime: - description: >- - Time when a given Dataplane connected to the Control - Plane. - properties: - nanos: - type: integer - seconds: - type: integer - type: object - controlPlaneInstanceId: - description: Control Plane instance that handled given subscription. - type: string - disconnectTime: - description: >- - Time when a given Dataplane disconnected from the Control - Plane. - properties: - nanos: - type: integer - seconds: - type: integer - type: object - generation: - description: >- - Generation is an integer number which is periodically - increased by the - - status sink - type: integer - id: - description: Unique id per ADS subscription. - type: string - status: - description: Status of the ADS subscription. - properties: - cds: - description: CDS defines all CDS stats. - properties: - responsesAcknowledged: - description: Number of xDS responses ACKed by the Dataplane. - type: integer - responsesRejected: - description: Number of xDS responses NACKed by the Dataplane. - type: integer - responsesSent: - description: Number of xDS responses sent to the Dataplane. - type: integer - type: object - eds: - description: EDS defines all EDS stats. - properties: - responsesAcknowledged: - description: Number of xDS responses ACKed by the Dataplane. - type: integer - responsesRejected: - description: Number of xDS responses NACKed by the Dataplane. - type: integer - responsesSent: - description: Number of xDS responses sent to the Dataplane. - type: integer - type: object - lastUpdateTime: - description: >- - Time when status of a given ADS subscription was most - recently updated. - properties: - nanos: - type: integer - seconds: - type: integer - type: object - lds: - description: LDS defines all LDS stats. - properties: - responsesAcknowledged: - description: Number of xDS responses ACKed by the Dataplane. - type: integer - responsesRejected: - description: Number of xDS responses NACKed by the Dataplane. - type: integer - responsesSent: - description: Number of xDS responses sent to the Dataplane. - type: integer - type: object - rds: - description: RDS defines all RDS stats. - properties: - responsesAcknowledged: - description: Number of xDS responses ACKed by the Dataplane. - type: integer - responsesRejected: - description: Number of xDS responses NACKed by the Dataplane. - type: integer - responsesSent: - description: Number of xDS responses sent to the Dataplane. - type: integer - type: object - total: - description: Total defines an aggregate over individual xDS stats. - properties: - responsesAcknowledged: - description: Number of xDS responses ACKed by the Dataplane. - type: integer - responsesRejected: - description: Number of xDS responses NACKed by the Dataplane. - type: integer - responsesSent: - description: Number of xDS responses sent to the Dataplane. - type: integer - type: object - type: object - version: - description: Version of Envoy and Kuma dataplane - properties: - dependencies: - additionalProperties: - type: string - description: Versions of other dependencies, i.e. CoreDNS - type: object - envoy: - description: Version of Envoy - properties: - build: - description: Full build tag of Envoy version - type: string - kumaDpCompatible: - description: >- - True iff Envoy version is compatible with Kuma DP - version - type: boolean - version: - description: Version number of Envoy - type: string - type: object - kumaDp: - description: Version of Kuma Dataplane - properties: - buildDate: - description: Build date of Kuma Dataplane version - type: string - gitCommit: - description: Git commit of Kuma Dataplane version - type: string - gitTag: - description: Git tag of Kuma Dataplane version - type: string - kumaCpCompatible: - description: >- - True iff Kuma DP version is compatible with Kuma - CP version - type: boolean - version: - description: Version number of Kuma Dataplane - type: string - type: object - type: object - type: object - type: array - type: object - type: object - JsonPatchItem: - type: object - required: - - op - - path - - value - properties: - op: - type: string - description: Operation to be performed. - enum: - - add - - remove - - test - path: - type: string - description: >- - A JSON Pointer path indicating the part of the document to operate - on. - value: - description: The value to be used within the operations. - NotFoundError: - allOf: - - $ref: '#/components/schemas/Error' - - type: object - properties: - status: - example: 404 - title: - example: Not Found - type: - example: https://httpstatuses.com/404 - instance: - example: kong:trace:1234567890 - detail: - example: Not found - MeshAccessLogItem: - type: object - required: - - type - - name - - spec - properties: - type: - description: the type of the resource - type: string - enum: - - MeshAccessLog - mesh: - description: >- - Mesh is the name of the Kuma mesh this resource belongs to. It may - be omitted for cluster-scoped resources. - type: string - default: default - name: - description: Name of the Kuma resource - type: string - labels: - additionalProperties: - type: string - description: The labels to help identity resources - type: object - spec: - description: Spec is the specification of the Kuma MeshAccessLog resource. - properties: - from: - description: >- - From list makes a match between clients and corresponding - configurations - items: - properties: - default: - description: >- - Default is a configuration specific to the group of - clients referenced in - - 'targetRef' - properties: - backends: - items: - properties: - file: - description: >- - FileBackend defines configuration for file based - access logs - properties: - format: - description: >- - Format of access logs. Placeholders - available on - - https://www.envoyproxy.io/docs/envoy/latest/configuration/observability/access_log/usage#command-operators - properties: - json: - example: - - key: start_time - value: '%START_TIME%' - - key: bytes_received - value: '%BYTES_RECEIVED%' - items: - properties: - key: - type: string - value: - type: string - required: - - key - - value - type: object - type: array - omitEmptyValues: - default: false - type: boolean - plain: - example: >- - [%START_TIME%] %KUMA_MESH% - %UPSTREAM_HOST% - type: string - type: - enum: - - Plain - - Json - type: string - required: - - type - type: object - path: - description: Path to a file that logs will be written to - example: /tmp/access.log - minLength: 1 - type: string - required: - - path - type: object - openTelemetry: - description: Defines an OpenTelemetry logging backend. - properties: - attributes: - description: >- - Attributes can contain placeholders - available on - - https://www.envoyproxy.io/docs/envoy/latest/configuration/observability/access_log/usage#command-operators - example: - - key: mesh - value: '%KUMA_MESH%' - items: - properties: - key: - type: string - value: - type: string - required: - - key - - value - type: object - type: array - body: - description: >- - Body is a raw string or an OTLP any value as - described at - - https://github.com/open-telemetry/opentelemetry-specification/blob/main/specification/logs/data-model.md#field-body - - It can contain placeholders available on - - https://www.envoyproxy.io/docs/envoy/latest/configuration/observability/access_log/usage#command-operators - example: - kvlistValue: - values: - - key: mesh - value: - stringValue: '%KUMA_MESH%' - x-kubernetes-preserve-unknown-fields: true - endpoint: - description: >- - Endpoint of OpenTelemetry collector. An - empty port defaults to 4317. - example: otel-collector:4317 - minLength: 1 - type: string - required: - - endpoint - type: object - tcp: - description: TCPBackend defines a TCP logging backend. - properties: - address: - description: Address of the TCP logging backend - example: 127.0.0.1:5000 - minLength: 1 - type: string - format: - description: >- - Format of access logs. Placeholders - available on - - https://www.envoyproxy.io/docs/envoy/latest/configuration/observability/access_log/usage#command-operators - properties: - json: - example: - - key: start_time - value: '%START_TIME%' - - key: bytes_received - value: '%BYTES_RECEIVED%' - items: - properties: - key: - type: string - value: - type: string - required: - - key - - value - type: object - type: array - omitEmptyValues: - default: false - type: boolean - plain: - example: >- - [%START_TIME%] %KUMA_MESH% - %UPSTREAM_HOST% - type: string - type: - enum: - - Plain - - Json - type: string - required: - - type - type: object - required: - - address - type: object - type: - enum: - - Tcp - - File - - OpenTelemetry - type: string - required: - - type - type: object - type: array - type: object - targetRef: - description: >- - TargetRef is a reference to the resource that represents a - group of - - clients. - properties: - kind: - description: Kind of the referenced resource - enum: - - Mesh - - MeshSubset - - MeshGateway - - MeshService - - MeshExternalService - - MeshMultiZoneService - - MeshServiceSubset - - MeshHTTPRoute - - Dataplane - type: string - labels: - additionalProperties: - type: string - description: >- - Labels are used to select group of MeshServices that - match labels. Either Labels or - - Name and Namespace can be used. - type: object - mesh: - description: >- - Mesh is reserved for future use to identify cross mesh - resources. - type: string - name: - description: >- - Name of the referenced resource. Can only be used with - kinds: `MeshService`, - - `MeshServiceSubset` and `MeshGatewayRoute` - type: string - namespace: - description: >- - Namespace specifies the namespace of target resource. - If empty only resources in policy namespace - - will be targeted. - type: string - proxyTypes: - description: >- - ProxyTypes specifies the data plane types that are - subject to the policy. When not specified, - - all data plane types are targeted by the policy. - items: - enum: - - Sidecar - - Gateway - type: string - type: array - sectionName: - description: >- - SectionName is used to target specific section of - resource. - - For example, you can target port from - MeshService.ports[] by its name. Only traffic to this - port will be affected. - type: string - tags: - additionalProperties: - type: string - description: >- - Tags used to select a subset of proxies by tags. Can - only be used with kinds - - `MeshSubset` and `MeshServiceSubset` - type: object - required: - - kind - type: object - required: - - default - - targetRef - type: object - type: array - rules: - description: >- - Rules defines inbound access log configurations. Currently - limited to - - selecting all inbound traffic, as L7 matching is not yet - implemented. - items: - properties: - default: - description: >- - Default contains configuration of the inbound access - logging - properties: - backends: - items: - properties: - file: - description: >- - FileBackend defines configuration for file based - access logs - properties: - format: - description: >- - Format of access logs. Placeholders - available on - - https://www.envoyproxy.io/docs/envoy/latest/configuration/observability/access_log/usage#command-operators - properties: - json: - example: - - key: start_time - value: '%START_TIME%' - - key: bytes_received - value: '%BYTES_RECEIVED%' - items: - properties: - key: - type: string - value: - type: string - required: - - key - - value - type: object - type: array - omitEmptyValues: - default: false - type: boolean - plain: - example: >- - [%START_TIME%] %KUMA_MESH% - %UPSTREAM_HOST% - type: string - type: - enum: - - Plain - - Json - type: string - required: - - type - type: object - path: - description: Path to a file that logs will be written to - example: /tmp/access.log - minLength: 1 - type: string - required: - - path - type: object - openTelemetry: - description: Defines an OpenTelemetry logging backend. - properties: - attributes: - description: >- - Attributes can contain placeholders - available on - - https://www.envoyproxy.io/docs/envoy/latest/configuration/observability/access_log/usage#command-operators - example: - - key: mesh - value: '%KUMA_MESH%' - items: - properties: - key: - type: string - value: - type: string - required: - - key - - value - type: object - type: array - body: - description: >- - Body is a raw string or an OTLP any value as - described at - - https://github.com/open-telemetry/opentelemetry-specification/blob/main/specification/logs/data-model.md#field-body - - It can contain placeholders available on - - https://www.envoyproxy.io/docs/envoy/latest/configuration/observability/access_log/usage#command-operators - example: - kvlistValue: - values: - - key: mesh - value: - stringValue: '%KUMA_MESH%' - x-kubernetes-preserve-unknown-fields: true - endpoint: - description: >- - Endpoint of OpenTelemetry collector. An - empty port defaults to 4317. - example: otel-collector:4317 - minLength: 1 - type: string - required: - - endpoint - type: object - tcp: - description: TCPBackend defines a TCP logging backend. - properties: - address: - description: Address of the TCP logging backend - example: 127.0.0.1:5000 - minLength: 1 - type: string - format: - description: >- - Format of access logs. Placeholders - available on - - https://www.envoyproxy.io/docs/envoy/latest/configuration/observability/access_log/usage#command-operators - properties: - json: - example: - - key: start_time - value: '%START_TIME%' - - key: bytes_received - value: '%BYTES_RECEIVED%' - items: - properties: - key: - type: string - value: - type: string - required: - - key - - value - type: object - type: array - omitEmptyValues: - default: false - type: boolean - plain: - example: >- - [%START_TIME%] %KUMA_MESH% - %UPSTREAM_HOST% - type: string - type: - enum: - - Plain - - Json - type: string - required: - - type - type: object - required: - - address - type: object - type: - enum: - - Tcp - - File - - OpenTelemetry - type: string - required: - - type - type: object - type: array - type: object - required: - - default - type: object - type: array - targetRef: - description: >- - TargetRef is a reference to the resource the policy takes an - effect on. - - The resource could be either a real store object or virtual - resource - - defined in-place. - properties: - kind: - description: Kind of the referenced resource - enum: - - Mesh - - MeshSubset - - MeshGateway - - MeshService - - MeshExternalService - - MeshMultiZoneService - - MeshServiceSubset - - MeshHTTPRoute - - Dataplane - type: string - labels: - additionalProperties: - type: string - description: >- - Labels are used to select group of MeshServices that match - labels. Either Labels or - - Name and Namespace can be used. - type: object - mesh: - description: >- - Mesh is reserved for future use to identify cross mesh - resources. - type: string - name: - description: >- - Name of the referenced resource. Can only be used with - kinds: `MeshService`, - - `MeshServiceSubset` and `MeshGatewayRoute` - type: string - namespace: - description: >- - Namespace specifies the namespace of target resource. If - empty only resources in policy namespace - - will be targeted. - type: string - proxyTypes: - description: >- - ProxyTypes specifies the data plane types that are subject - to the policy. When not specified, - - all data plane types are targeted by the policy. - items: - enum: - - Sidecar - - Gateway - type: string - type: array - sectionName: - description: >- - SectionName is used to target specific section of resource. - - For example, you can target port from MeshService.ports[] by - its name. Only traffic to this port will be affected. - type: string - tags: - additionalProperties: - type: string - description: >- - Tags used to select a subset of proxies by tags. Can only be - used with kinds - - `MeshSubset` and `MeshServiceSubset` - type: object - required: - - kind - type: object - to: - description: >- - To list makes a match between the consumed services and - corresponding configurations - items: - properties: - default: - description: >- - Default is a configuration specific to the group of - destinations referenced in - - 'targetRef' - properties: - backends: - items: - properties: - file: - description: >- - FileBackend defines configuration for file based - access logs - properties: - format: - description: >- - Format of access logs. Placeholders - available on - - https://www.envoyproxy.io/docs/envoy/latest/configuration/observability/access_log/usage#command-operators - properties: - json: - example: - - key: start_time - value: '%START_TIME%' - - key: bytes_received - value: '%BYTES_RECEIVED%' - items: - properties: - key: - type: string - value: - type: string - required: - - key - - value - type: object - type: array - omitEmptyValues: - default: false - type: boolean - plain: - example: >- - [%START_TIME%] %KUMA_MESH% - %UPSTREAM_HOST% - type: string - type: - enum: - - Plain - - Json - type: string - required: - - type - type: object - path: - description: Path to a file that logs will be written to - example: /tmp/access.log - minLength: 1 - type: string - required: - - path - type: object - openTelemetry: - description: Defines an OpenTelemetry logging backend. - properties: - attributes: - description: >- - Attributes can contain placeholders - available on - - https://www.envoyproxy.io/docs/envoy/latest/configuration/observability/access_log/usage#command-operators - example: - - key: mesh - value: '%KUMA_MESH%' - items: - properties: - key: - type: string - value: - type: string - required: - - key - - value - type: object - type: array - body: - description: >- - Body is a raw string or an OTLP any value as - described at - - https://github.com/open-telemetry/opentelemetry-specification/blob/main/specification/logs/data-model.md#field-body - - It can contain placeholders available on - - https://www.envoyproxy.io/docs/envoy/latest/configuration/observability/access_log/usage#command-operators - example: - kvlistValue: - values: - - key: mesh - value: - stringValue: '%KUMA_MESH%' - x-kubernetes-preserve-unknown-fields: true - endpoint: - description: >- - Endpoint of OpenTelemetry collector. An - empty port defaults to 4317. - example: otel-collector:4317 - minLength: 1 - type: string - required: - - endpoint - type: object - tcp: - description: TCPBackend defines a TCP logging backend. - properties: - address: - description: Address of the TCP logging backend - example: 127.0.0.1:5000 - minLength: 1 - type: string - format: - description: >- - Format of access logs. Placeholders - available on - - https://www.envoyproxy.io/docs/envoy/latest/configuration/observability/access_log/usage#command-operators - properties: - json: - example: - - key: start_time - value: '%START_TIME%' - - key: bytes_received - value: '%BYTES_RECEIVED%' - items: - properties: - key: - type: string - value: - type: string - required: - - key - - value - type: object - type: array - omitEmptyValues: - default: false - type: boolean - plain: - example: >- - [%START_TIME%] %KUMA_MESH% - %UPSTREAM_HOST% - type: string - type: - enum: - - Plain - - Json - type: string - required: - - type - type: object - required: - - address - type: object - type: - enum: - - Tcp - - File - - OpenTelemetry - type: string - required: - - type - type: object - type: array - type: object - targetRef: - description: >- - TargetRef is a reference to the resource that represents a - group of - - destinations. - properties: - kind: - description: Kind of the referenced resource - enum: - - Mesh - - MeshSubset - - MeshGateway - - MeshService - - MeshExternalService - - MeshMultiZoneService - - MeshServiceSubset - - MeshHTTPRoute - - Dataplane - type: string - labels: - additionalProperties: - type: string - description: >- - Labels are used to select group of MeshServices that - match labels. Either Labels or - - Name and Namespace can be used. - type: object - mesh: - description: >- - Mesh is reserved for future use to identify cross mesh - resources. - type: string - name: - description: >- - Name of the referenced resource. Can only be used with - kinds: `MeshService`, - - `MeshServiceSubset` and `MeshGatewayRoute` - type: string - namespace: - description: >- - Namespace specifies the namespace of target resource. - If empty only resources in policy namespace - - will be targeted. - type: string - proxyTypes: - description: >- - ProxyTypes specifies the data plane types that are - subject to the policy. When not specified, - - all data plane types are targeted by the policy. - items: - enum: - - Sidecar - - Gateway - type: string - type: array - sectionName: - description: >- - SectionName is used to target specific section of - resource. - - For example, you can target port from - MeshService.ports[] by its name. Only traffic to this - port will be affected. - type: string - tags: - additionalProperties: - type: string - description: >- - Tags used to select a subset of proxies by tags. Can - only be used with kinds - - `MeshSubset` and `MeshServiceSubset` - type: object - required: - - kind - type: object - required: - - default - - targetRef - type: object - type: array - type: object - creationTime: - readOnly: true - type: string - description: Time at which the resource was created - format: date-time - example: '0001-01-01T00:00:00Z' - modificationTime: - readOnly: true - type: string - description: Time at which the resource was updated - format: date-time - example: '0001-01-01T00:00:00Z' - MeshAccessLogCreateOrUpdateSuccessResponse: - type: object - properties: - warnings: - type: array - readOnly: true - description: > - warnings is a list of warning messages to return to the requesting - Kuma API clients. - - Warning messages describe a problem the client making the API - request should correct or be aware of. - items: - type: string - MeshAccessLogDeleteSuccessResponse: - type: object - properties: {} - MeshCircuitBreakerItem: - type: object - required: - - type - - name - - spec - properties: - type: - description: the type of the resource - type: string - enum: - - MeshCircuitBreaker - mesh: - description: >- - Mesh is the name of the Kuma mesh this resource belongs to. It may - be omitted for cluster-scoped resources. - type: string - default: default - name: - description: Name of the Kuma resource - type: string - labels: - additionalProperties: - type: string - description: The labels to help identity resources - type: object - spec: - description: Spec is the specification of the Kuma MeshCircuitBreaker resource. - properties: - from: - description: >- - From list makes a match between clients and corresponding - configurations - items: - properties: - default: - description: >- - Default is a configuration specific to the group of - destinations - - referenced in 'targetRef' - properties: - connectionLimits: - description: >- - ConnectionLimits contains configuration of each - circuit breaking limit, - - which when exceeded makes the circuit breaker to - become open (no traffic - - is allowed like no current is allowed in the circuits - when physical - - circuit breaker ir open) - properties: - maxConnectionPools: - description: >- - The maximum number of connection pools per cluster - that are concurrently - - supported at once. Set this for clusters which - create a large number of - - connection pools. - format: int32 - type: integer - maxConnections: - description: >- - The maximum number of connections allowed to be - made to the upstream - - cluster. - format: int32 - type: integer - maxPendingRequests: - description: >- - The maximum number of pending requests that are - allowed to the upstream - - cluster. This limit is applied as a connection - limit for non-HTTP - - traffic. - format: int32 - type: integer - maxRequests: - description: >- - The maximum number of parallel requests that are - allowed to be made - - to the upstream cluster. This limit does not apply - to non-HTTP traffic. - format: int32 - type: integer - maxRetries: - description: >- - The maximum number of parallel retries that will - be allowed to - - the upstream cluster. - format: int32 - type: integer - type: object - outlierDetection: - description: >- - OutlierDetection contains the configuration of the - process of dynamically - - determining whether some number of hosts in an - upstream cluster are - - performing unlike the others and removing them from - the healthy load - - balancing set. Performance might be along different - axes such as - - consecutive failures, temporal success rate, temporal - latency, etc. - - Outlier detection is a form of passive health - checking. - properties: - baseEjectionTime: - description: >- - The base time that a host is ejected for. The real - time is equal to - - the base time multiplied by the number of times - the host has been - - ejected. - type: string - detectors: - description: >- - Contains configuration for supported outlier - detectors - properties: - failurePercentage: - description: >- - Failure Percentage based outlier detection - functions similarly to success - - rate detection, in that it relies on success - rate data from each host in - - a cluster. However, rather than compare those - values to the mean success - - rate of the cluster as a whole, they are - compared to a flat - - user-configured threshold. This threshold is - configured via the - - outlierDetection.failurePercentageThreshold - field. - - The other configuration fields for failure - percentage based detection are - - similar to the fields for success rate - detection. As with success rate - - detection, detection will not be performed for - a host if its request - - volume over the aggregation interval is less - than the + volume over the aggregation interval is less + than the outlierDetection.detectors.failurePercentage.requestVolume value. @@ -11171,151 +10288,668 @@ components: ingress - resources generated for Zone Ingress. - egress - resources generated for Zone Egress. + egress - resources generated for Zone Egress. + + gateway - resources generated for MeshGateway. + + + The list is not complete, because policy + plugins can introduce new resources. + + For example MeshTrace plugin can create + Cluster with "mesh-trace" origin. + type: string + type: object + operation: + description: Operation to execute on matched listener. + enum: + - Remove + - Patch + - AddFirst + - AddBefore + - AddAfter + - AddLast + type: string + value: + description: >- + Value of xDS resource in YAML format to add or + patch. + type: string + required: + - operation + type: object + virtualHost: + description: >- + VirtualHost is a modification of Envoy's VirtualHost + + referenced in HTTP Connection Manager in a Listener + resource. + properties: + jsonPatches: + description: >- + JsonPatches specifies list of jsonpatches to apply + to on Envoy's + + VirtualHost resource + items: + description: >- + JsonPatchBlock is one json patch operation + block. + properties: + from: + description: >- + From is a jsonpatch from string, used by + move and copy operations. + type: string + op: + description: Op is a jsonpatch operation string. + enum: + - add + - remove + - replace + - move + - copy + type: string + path: + description: Path is a jsonpatch path string. + type: string + value: + description: >- + Value must be a valid json value used by + replace and add operations. + x-kubernetes-preserve-unknown-fields: true + required: + - op + - path + type: object + type: array + match: + description: >- + Match is a set of conditions that have to be + matched for modification operation to happen. + properties: + name: + description: Name of the VirtualHost to match. + type: string + origin: + description: >- + Origin is the name of the component or plugin + that generated the resource. + + + Here is the list of well-known origins: + + inbound - resources generated for handling + incoming traffic. + + outbound - resources generated for handling + outgoing traffic. + + transparent - resources generated for + transparent proxy functionality. + + prometheus - resources generated when + Prometheus metrics are enabled. + + direct-access - resources generated for Direct + Access functionality. + + ingress - resources generated for Zone + Ingress. + + egress - resources generated for Zone Egress. + + gateway - resources generated for MeshGateway. + + + The list is not complete, because policy + plugins can introduce new resources. + + For example MeshTrace plugin can create + Cluster with "mesh-trace" origin. + type: string + routeConfigurationName: + description: >- + Name of the RouteConfiguration resource to + match. + type: string + type: object + operation: + description: Operation to execute on matched listener. + enum: + - Add + - Remove + - Patch + type: string + value: + description: >- + Value of xDS resource in YAML format to add or + patch. + type: string + required: + - match + - operation + type: object + type: object + type: array + type: object + targetRef: + description: >- + TargetRef is a reference to the resource the policy takes an + effect on. + + The resource could be either a real store object or virtual + resource + + defined inplace. + properties: + kind: + description: Kind of the referenced resource + enum: + - Mesh + - MeshSubset + - MeshGateway + - MeshService + - MeshExternalService + - MeshMultiZoneService + - MeshServiceSubset + - MeshHTTPRoute + - Dataplane + type: string + labels: + additionalProperties: + type: string + description: >- + Labels are used to select group of MeshServices that match + labels. Either Labels or + + Name and Namespace can be used. + type: object + mesh: + description: >- + Mesh is reserved for future use to identify cross mesh + resources. + type: string + name: + description: >- + Name of the referenced resource. Can only be used with + kinds: `MeshService`, + + `MeshServiceSubset` and `MeshGatewayRoute` + type: string + namespace: + description: >- + Namespace specifies the namespace of target resource. If + empty only resources in policy namespace + + will be targeted. + type: string + proxyTypes: + description: >- + ProxyTypes specifies the data plane types that are subject + to the policy. When not specified, + + all data plane types are targeted by the policy. + items: + enum: + - Sidecar + - Gateway + type: string + type: array + sectionName: + description: >- + SectionName is used to target specific section of resource. - gateway - resources generated for MeshGateway. + For example, you can target port from MeshService.ports[] by + its name. Only traffic to this port will be affected. + type: string + tags: + additionalProperties: + type: string + description: >- + Tags used to select a subset of proxies by tags. Can only be + used with kinds + `MeshSubset` and `MeshServiceSubset` + type: object + required: + - kind + type: object + required: + - default + type: object + creationTime: + readOnly: true + type: string + description: Time at which the resource was created + format: date-time + example: '0001-01-01T00:00:00Z' + modificationTime: + readOnly: true + type: string + description: Time at which the resource was updated + format: date-time + example: '0001-01-01T00:00:00Z' + MeshProxyPatchCreateOrUpdateSuccessResponse: + type: object + properties: + warnings: + type: array + readOnly: true + description: > + warnings is a list of warning messages to return to the requesting + Kuma API clients. - The list is not complete, because policy - plugins can introduce new resources. + Warning messages describe a problem the client making the API + request should correct or be aware of. + items: + type: string + MeshProxyPatchDeleteSuccessResponse: + type: object + properties: {} + MeshRateLimitItem: + type: object + required: + - type + - name + - spec + properties: + type: + description: the type of the resource + type: string + enum: + - MeshRateLimit + mesh: + description: >- + Mesh is the name of the Kuma mesh this resource belongs to. It may + be omitted for cluster-scoped resources. + type: string + default: default + name: + description: Name of the Kuma resource + type: string + labels: + additionalProperties: + type: string + description: The labels to help identity resources + type: object + spec: + description: Spec is the specification of the Kuma MeshRateLimit resource. + properties: + from: + description: >- + From list makes a match between clients and corresponding + configurations + items: + properties: + default: + description: >- + Default is a configuration specific to the group of + clients referenced in - For example MeshTrace plugin can create - Cluster with "mesh-trace" origin. - type: string - type: object - operation: - description: Operation to execute on matched listener. - enum: - - Remove - - Patch - - AddFirst - - AddBefore - - AddAfter - - AddLast - type: string - value: - description: >- - Value of xDS resource in YAML format to add or - patch. - type: string - required: - - operation - type: object - virtualHost: + 'targetRef' + properties: + local: description: >- - VirtualHost is a modification of Envoy's VirtualHost - - referenced in HTTP Connection Manager in a Listener - resource. + LocalConf defines local http or/and tcp rate limit + configuration properties: - jsonPatches: + http: description: >- - JsonPatches specifies list of jsonpatches to apply - to on Envoy's + LocalHTTP defines configuration of local HTTP rate + limiting - VirtualHost resource - items: - description: >- - JsonPatchBlock is one json patch operation - block. - properties: - from: - description: >- - From is a jsonpatch from string, used by - move and copy operations. - type: string - op: - description: Op is a jsonpatch operation string. - enum: - - add - - remove - - replace - - move - - copy - type: string - path: - description: Path is a jsonpatch path string. - type: string - value: - description: >- - Value must be a valid json value used by - replace and add operations. - x-kubernetes-preserve-unknown-fields: true - required: - - op - - path - type: object - type: array - match: + https://www.envoyproxy.io/docs/envoy/latest/configuration/http/http_filters/local_rate_limit_filter + properties: + disabled: + description: Define if rate limiting should be disabled. + type: boolean + onRateLimit: + description: >- + Describes the actions to take on a rate limit + event + properties: + headers: + description: >- + The Headers to be added to the HTTP + response on a rate limit event + properties: + add: + items: + properties: + name: + maxLength: 256 + minLength: 1 + pattern: ^[a-z0-9!#$%&'*+\-.^_\x60|~]+$ + type: string + value: + type: string + required: + - name + - value + type: object + maxItems: 16 + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map + set: + items: + properties: + name: + maxLength: 256 + minLength: 1 + pattern: ^[a-z0-9!#$%&'*+\-.^_\x60|~]+$ + type: string + value: + type: string + required: + - name + - value + type: object + maxItems: 16 + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map + type: object + status: + description: >- + The HTTP status code to be set on a rate + limit event + format: int32 + type: integer + type: object + requestRate: + description: >- + Defines how many requests are allowed per + interval. + properties: + interval: + description: >- + The interval the number of units is + accounted for. + type: string + num: + description: >- + Number of units per interval (depending on + usage it can be a number of requests, + + or a number of connections). + format: int32 + type: integer + required: + - interval + - num + type: object + type: object + tcp: description: >- - Match is a set of conditions that have to be - matched for modification operation to happen. + LocalTCP defines confguration of local TCP rate + limiting + + https://www.envoyproxy.io/docs/envoy/latest/configuration/listeners/network_filters/local_rate_limit_filter properties: - name: - description: Name of the VirtualHost to match. - type: string - origin: + connectionRate: description: >- - Origin is the name of the component or plugin - that generated the resource. + Defines how many connections are allowed per + interval. + properties: + interval: + description: >- + The interval the number of units is + accounted for. + type: string + num: + description: >- + Number of units per interval (depending on + usage it can be a number of requests, + or a number of connections). + format: int32 + type: integer + required: + - interval + - num + type: object + disabled: + description: |- + Define if rate limiting should be disabled. + Default: false + type: boolean + type: object + type: object + type: object + targetRef: + description: >- + TargetRef is a reference to the resource that represents a + group of - Here is the list of well-known origins: + clients. + properties: + kind: + description: Kind of the referenced resource + enum: + - Mesh + - MeshSubset + - MeshGateway + - MeshService + - MeshExternalService + - MeshMultiZoneService + - MeshServiceSubset + - MeshHTTPRoute + - Dataplane + type: string + labels: + additionalProperties: + type: string + description: >- + Labels are used to select group of MeshServices that + match labels. Either Labels or - inbound - resources generated for handling - incoming traffic. + Name and Namespace can be used. + type: object + mesh: + description: >- + Mesh is reserved for future use to identify cross mesh + resources. + type: string + name: + description: >- + Name of the referenced resource. Can only be used with + kinds: `MeshService`, - outbound - resources generated for handling - outgoing traffic. + `MeshServiceSubset` and `MeshGatewayRoute` + type: string + namespace: + description: >- + Namespace specifies the namespace of target resource. + If empty only resources in policy namespace - transparent - resources generated for - transparent proxy functionality. + will be targeted. + type: string + proxyTypes: + description: >- + ProxyTypes specifies the data plane types that are + subject to the policy. When not specified, - prometheus - resources generated when - Prometheus metrics are enabled. + all data plane types are targeted by the policy. + items: + enum: + - Sidecar + - Gateway + type: string + type: array + sectionName: + description: >- + SectionName is used to target specific section of + resource. - direct-access - resources generated for Direct - Access functionality. + For example, you can target port from + MeshService.ports[] by its name. Only traffic to this + port will be affected. + type: string + tags: + additionalProperties: + type: string + description: >- + Tags used to select a subset of proxies by tags. Can + only be used with kinds - ingress - resources generated for Zone - Ingress. + `MeshSubset` and `MeshServiceSubset` + type: object + required: + - kind + type: object + required: + - targetRef + type: object + type: array + rules: + description: >- + Rules defines inbound rate limiting configurations. Currently + limited to - egress - resources generated for Zone Egress. + selecting all inbound traffic, as L7 matching is not yet + implemented. + items: + properties: + default: + description: Default contains configuration of the inbound rate limits + properties: + local: + description: >- + LocalConf defines local http or/and tcp rate limit + configuration + properties: + http: + description: >- + LocalHTTP defines configuration of local HTTP rate + limiting - gateway - resources generated for MeshGateway. + https://www.envoyproxy.io/docs/envoy/latest/configuration/http/http_filters/local_rate_limit_filter + properties: + disabled: + description: Define if rate limiting should be disabled. + type: boolean + onRateLimit: + description: >- + Describes the actions to take on a rate limit + event + properties: + headers: + description: >- + The Headers to be added to the HTTP + response on a rate limit event + properties: + add: + items: + properties: + name: + maxLength: 256 + minLength: 1 + pattern: ^[a-z0-9!#$%&'*+\-.^_\x60|~]+$ + type: string + value: + type: string + required: + - name + - value + type: object + maxItems: 16 + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map + set: + items: + properties: + name: + maxLength: 256 + minLength: 1 + pattern: ^[a-z0-9!#$%&'*+\-.^_\x60|~]+$ + type: string + value: + type: string + required: + - name + - value + type: object + maxItems: 16 + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map + type: object + status: + description: >- + The HTTP status code to be set on a rate + limit event + format: int32 + type: integer + type: object + requestRate: + description: >- + Defines how many requests are allowed per + interval. + properties: + interval: + description: >- + The interval the number of units is + accounted for. + type: string + num: + description: >- + Number of units per interval (depending on + usage it can be a number of requests, + or a number of connections). + format: int32 + type: integer + required: + - interval + - num + type: object + type: object + tcp: + description: >- + LocalTCP defines confguration of local TCP rate + limiting - The list is not complete, because policy - plugins can introduce new resources. + https://www.envoyproxy.io/docs/envoy/latest/configuration/listeners/network_filters/local_rate_limit_filter + properties: + connectionRate: + description: >- + Defines how many connections are allowed per + interval. + properties: + interval: + description: >- + The interval the number of units is + accounted for. + type: string + num: + description: >- + Number of units per interval (depending on + usage it can be a number of requests, - For example MeshTrace plugin can create - Cluster with "mesh-trace" origin. - type: string - routeConfigurationName: - description: >- - Name of the RouteConfiguration resource to - match. - type: string + or a number of connections). + format: int32 + type: integer + required: + - interval + - num + type: object + disabled: + description: |- + Define if rate limiting should be disabled. + Default: false + type: boolean type: object - operation: - description: Operation to execute on matched listener. - enum: - - Add - - Remove - - Patch - type: string - value: - description: >- - Value of xDS resource in YAML format to add or - patch. - type: string - required: - - match - - operation type: object type: object - type: array - type: object + type: object + type: array targetRef: description: >- TargetRef is a reference to the resource the policy takes an @@ -11398,70 +11032,9 @@ components: required: - kind type: object - required: - - default - type: object - creationTime: - readOnly: true - type: string - description: Time at which the resource was created - format: date-time - example: '0001-01-01T00:00:00Z' - modificationTime: - readOnly: true - type: string - description: Time at which the resource was updated - format: date-time - example: '0001-01-01T00:00:00Z' - MeshProxyPatchCreateOrUpdateSuccessResponse: - type: object - properties: - warnings: - type: array - readOnly: true - description: > - warnings is a list of warning messages to return to the requesting - Kuma API clients. - - Warning messages describe a problem the client making the API - request should correct or be aware of. - items: - type: string - MeshProxyPatchDeleteSuccessResponse: - type: object - properties: {} - MeshRateLimitItem: - type: object - required: - - type - - name - - spec - properties: - type: - description: the type of the resource - type: string - enum: - - MeshRateLimit - mesh: - description: >- - Mesh is the name of the Kuma mesh this resource belongs to. It may - be omitted for cluster-scoped resources. - type: string - default: default - name: - description: Name of the Kuma resource - type: string - labels: - additionalProperties: - type: string - description: The labels to help identity resources - type: object - spec: - description: Spec is the specification of the Kuma MeshRateLimit resource. - properties: - from: + to: description: >- - From list makes a match between clients and corresponding + To list makes a match between clients and corresponding configurations items: properties: @@ -11668,395 +11241,603 @@ components: SectionName is used to target specific section of resource. - For example, you can target port from - MeshService.ports[] by its name. Only traffic to this - port will be affected. - type: string - tags: - additionalProperties: - type: string - description: >- - Tags used to select a subset of proxies by tags. Can - only be used with kinds + For example, you can target port from + MeshService.ports[] by its name. Only traffic to this + port will be affected. + type: string + tags: + additionalProperties: + type: string + description: >- + Tags used to select a subset of proxies by tags. Can + only be used with kinds + + `MeshSubset` and `MeshServiceSubset` + type: object + required: + - kind + type: object + required: + - targetRef + type: object + type: array + type: object + creationTime: + readOnly: true + type: string + description: Time at which the resource was created + format: date-time + example: '0001-01-01T00:00:00Z' + modificationTime: + readOnly: true + type: string + description: Time at which the resource was updated + format: date-time + example: '0001-01-01T00:00:00Z' + MeshRateLimitCreateOrUpdateSuccessResponse: + type: object + properties: + warnings: + type: array + readOnly: true + description: > + warnings is a list of warning messages to return to the requesting + Kuma API clients. + + Warning messages describe a problem the client making the API + request should correct or be aware of. + items: + type: string + MeshRateLimitDeleteSuccessResponse: + type: object + properties: {} + MeshRetryItem: + type: object + required: + - type + - name + - spec + properties: + type: + description: the type of the resource + type: string + enum: + - MeshRetry + mesh: + description: >- + Mesh is the name of the Kuma mesh this resource belongs to. It may + be omitted for cluster-scoped resources. + type: string + default: default + name: + description: Name of the Kuma resource + type: string + labels: + additionalProperties: + type: string + description: The labels to help identity resources + type: object + spec: + description: Spec is the specification of the Kuma MeshRetry resource. + properties: + targetRef: + description: >- + TargetRef is a reference to the resource the policy takes an + effect on. + + The resource could be either a real store object or virtual + resource + + defined inplace. + properties: + kind: + description: Kind of the referenced resource + enum: + - Mesh + - MeshSubset + - MeshGateway + - MeshService + - MeshExternalService + - MeshMultiZoneService + - MeshServiceSubset + - MeshHTTPRoute + - Dataplane + type: string + labels: + additionalProperties: + type: string + description: >- + Labels are used to select group of MeshServices that match + labels. Either Labels or + + Name and Namespace can be used. + type: object + mesh: + description: >- + Mesh is reserved for future use to identify cross mesh + resources. + type: string + name: + description: >- + Name of the referenced resource. Can only be used with + kinds: `MeshService`, + + `MeshServiceSubset` and `MeshGatewayRoute` + type: string + namespace: + description: >- + Namespace specifies the namespace of target resource. If + empty only resources in policy namespace + + will be targeted. + type: string + proxyTypes: + description: >- + ProxyTypes specifies the data plane types that are subject + to the policy. When not specified, + + all data plane types are targeted by the policy. + items: + enum: + - Sidecar + - Gateway + type: string + type: array + sectionName: + description: >- + SectionName is used to target specific section of resource. + + For example, you can target port from MeshService.ports[] by + its name. Only traffic to this port will be affected. + type: string + tags: + additionalProperties: + type: string + description: >- + Tags used to select a subset of proxies by tags. Can only be + used with kinds - `MeshSubset` and `MeshServiceSubset` - type: object - required: - - kind - type: object - required: - - targetRef - type: object - type: array - rules: + `MeshSubset` and `MeshServiceSubset` + type: object + required: + - kind + type: object + to: description: >- - Rules defines inbound rate limiting configurations. Currently - limited to - - selecting all inbound traffic, as L7 matching is not yet - implemented. + To list makes a match between the consumed services and + corresponding configurations items: properties: default: - description: Default contains configuration of the inbound rate limits + description: >- + Default is a configuration specific to the group of + destinations referenced in + + 'targetRef' properties: - local: + grpc: description: >- - LocalConf defines local http or/and tcp rate limit - configuration + GRPC defines a configuration of retries for GRPC + traffic properties: - http: + backOff: description: >- - LocalHTTP defines configuration of local HTTP rate - limiting + BackOff is a configuration of durations which will + be used in an exponential - https://www.envoyproxy.io/docs/envoy/latest/configuration/http/http_filters/local_rate_limit_filter + backoff strategy between retries. properties: - disabled: - description: Define if rate limiting should be disabled. - type: boolean - onRateLimit: + baseInterval: description: >- - Describes the actions to take on a rate limit - event - properties: - headers: - description: >- - The Headers to be added to the HTTP - response on a rate limit event - properties: - add: - items: - properties: - name: - maxLength: 256 - minLength: 1 - pattern: ^[a-z0-9!#$%&'*+\-.^_\x60|~]+$ - type: string - value: - type: string - required: - - name - - value - type: object - maxItems: 16 - type: array - x-kubernetes-list-map-keys: - - name - x-kubernetes-list-type: map - set: - items: - properties: - name: - maxLength: 256 - minLength: 1 - pattern: ^[a-z0-9!#$%&'*+\-.^_\x60|~]+$ - type: string - value: - type: string - required: - - name - - value - type: object - maxItems: 16 - type: array - x-kubernetes-list-map-keys: - - name - x-kubernetes-list-type: map - type: object - status: - description: >- - The HTTP status code to be set on a rate - limit event - format: int32 - type: integer - type: object - requestRate: + BaseInterval is an amount of time which should + be taken between retries. + + Must be greater than zero. Values less than 1 + ms are rounded up to 1 ms. + + If not specified then the default value is + "25ms". + type: string + maxInterval: description: >- - Defines how many requests are allowed per - interval. - properties: - interval: - description: >- - The interval the number of units is - accounted for. - type: string - num: - description: >- - Number of units per interval (depending on - usage it can be a number of requests, + MaxInterval is a maximal amount of time which + will be taken between retries. + + Default is 10 times the "BaseInterval". + type: string + type: object + numRetries: + description: >- + NumRetries is the number of attempts that will be + made on failed (and + + retriable) requests. If not set, the default value + is 1. + format: int32 + type: integer + perTryTimeout: + description: >- + PerTryTimeout is the maximum amount of time each + retry attempt can take + + before it times out. If not set, the global + request timeout for the route + + will be used. Setting this value to 0 will disable + the per-try timeout. + type: string + rateLimitedBackOff: + description: >- + RateLimitedBackOff is a configuration of backoff + which will be used when + + the upstream returns one of the headers + configured. + properties: + maxInterval: + description: >- + MaxInterval is a maximal amount of time which + will be taken between retries. + + If not specified then the default value is + "300s". + type: string + resetHeaders: + description: >- + ResetHeaders specifies the list of headers + (like Retry-After or X-RateLimit-Reset) + + to match against the response. Headers are + tried in order, and matched + + case-insensitive. The first header to be + parsed successfully is used. + + If no headers match the default exponential + BackOff is used instead. + items: + properties: + format: + description: The format of the reset header. + enum: + - Seconds + - UnixTimestamp + type: string + name: + description: The Name of the reset header. + maxLength: 256 + minLength: 1 + pattern: ^[a-z0-9!#$%&'*+\-.^_\x60|~]+$ + type: string + required: + - format + - name + type: object + type: array + type: object + retryOn: + description: >- + RetryOn is a list of conditions which will cause a + retry. + example: + - Canceled + - DeadlineExceeded + - Internal + - ResourceExhausted + - Unavailable + items: + enum: + - Canceled + - DeadlineExceeded + - Internal + - ResourceExhausted + - Unavailable + type: string + type: array + type: object + http: + description: >- + HTTP defines a configuration of retries for HTTP + traffic + properties: + backOff: + description: >- + BackOff is a configuration of durations which will + be used in exponential + + backoff strategy between retries. + properties: + baseInterval: + description: >- + BaseInterval is an amount of time which should + be taken between retries. - or a number of connections). - format: int32 - type: integer - required: - - interval - - num - type: object + Must be greater than zero. Values less than 1 + ms are rounded up to 1 ms. + + If not specified then the default value is + "25ms". + type: string + maxInterval: + description: >- + MaxInterval is a maximal amount of time which + will be taken between retries. + + Default is 10 times the "BaseInterval". + type: string type: object - tcp: + hostSelection: description: >- - LocalTCP defines confguration of local TCP rate - limiting + HostSelection is a list of predicates that dictate + how hosts should be selected - https://www.envoyproxy.io/docs/envoy/latest/configuration/listeners/network_filters/local_rate_limit_filter + when requests are retried. + items: + properties: + predicate: + description: Type is requested predicate mode. + enum: + - OmitPreviousHosts + - OmitHostsWithTags + - OmitPreviousPriorities + type: string + tags: + additionalProperties: + type: string + description: >- + Tags is a map of metadata to match against + for selecting the omitted hosts. Required if + Type is + + OmitHostsWithTags + type: object + updateFrequency: + default: 2 + description: >- + UpdateFrequency is how often the priority + load should be updated based on previously + attempted priorities. + + Used for OmitPreviousPriorities. + format: int32 + type: integer + required: + - predicate + type: object + type: array + hostSelectionMaxAttempts: + description: >- + HostSelectionMaxAttempts is the maximum number of + times host selection will be + + reattempted before giving up, at which point the + host that was last selected will + + be routed to. If unspecified, this will default to + retrying once. + format: int64 + type: integer + numRetries: + description: >- + NumRetries is the number of attempts that will be + made on failed (and + + retriable) requests. If not set, the default + value is 1. + format: int32 + type: integer + perTryTimeout: + description: >- + PerTryTimeout is the amount of time after which + retry attempt should time out. + + If left unspecified, the global route timeout for + the request will be used. + + Consequently, when using a 5xx based retry policy, + a request that times out + + will not be retried as the total timeout budget + would have been exhausted. + + Setting this timeout to 0 will disable it. + type: string + rateLimitedBackOff: + description: >- + RateLimitedBackOff is a configuration of backoff + which will be used + + when the upstream returns one of the headers + configured. properties: - connectionRate: + maxInterval: description: >- - Defines how many connections are allowed per - interval. - properties: - interval: - description: >- - The interval the number of units is - accounted for. - type: string - num: - description: >- - Number of units per interval (depending on - usage it can be a number of requests, + MaxInterval is a maximal amount of time which + will be taken between retries. - or a number of connections). - format: int32 - type: integer - required: - - interval - - num - type: object - disabled: - description: |- - Define if rate limiting should be disabled. - Default: false - type: boolean - type: object - type: object - type: object - type: object - type: array - targetRef: - description: >- - TargetRef is a reference to the resource the policy takes an - effect on. + If not specified then the default value is + "300s". + type: string + resetHeaders: + description: >- + ResetHeaders specifies the list of headers + (like Retry-After or X-RateLimit-Reset) - The resource could be either a real store object or virtual - resource + to match against the response. Headers are + tried in order, and matched - defined inplace. - properties: - kind: - description: Kind of the referenced resource - enum: - - Mesh - - MeshSubset - - MeshGateway - - MeshService - - MeshExternalService - - MeshMultiZoneService - - MeshServiceSubset - - MeshHTTPRoute - - Dataplane - type: string - labels: - additionalProperties: - type: string - description: >- - Labels are used to select group of MeshServices that match - labels. Either Labels or + case-insensitive. The first header to be + parsed successfully is used. - Name and Namespace can be used. - type: object - mesh: - description: >- - Mesh is reserved for future use to identify cross mesh - resources. - type: string - name: - description: >- - Name of the referenced resource. Can only be used with - kinds: `MeshService`, + If no headers match the default exponential + BackOff is used instead. + items: + properties: + format: + description: The format of the reset header. + enum: + - Seconds + - UnixTimestamp + type: string + name: + description: The Name of the reset header. + maxLength: 256 + minLength: 1 + pattern: ^[a-z0-9!#$%&'*+\-.^_\x60|~]+$ + type: string + required: + - format + - name + type: object + type: array + type: object + retriableRequestHeaders: + description: >- + RetriableRequestHeaders is an HTTP headers which + must be present in the request - `MeshServiceSubset` and `MeshGatewayRoute` - type: string - namespace: - description: >- - Namespace specifies the namespace of target resource. If - empty only resources in policy namespace + for retries to be attempted. + items: + description: >- + HeaderMatch describes how to select an HTTP + route by matching HTTP request - will be targeted. - type: string - proxyTypes: - description: >- - ProxyTypes specifies the data plane types that are subject - to the policy. When not specified, + headers. + properties: + name: + description: >- + Name is the name of the HTTP Header to be + matched. Name MUST be lower case + + as they will be handled with case + insensitivity (See + https://tools.ietf.org/html/rfc7230#section-3.2). + maxLength: 256 + minLength: 1 + pattern: ^[a-z0-9!#$%&'*+\-.^_\x60|~]+$ + type: string + type: + default: Exact + description: >- + Type specifies how to match against the + value of the header. + enum: + - Exact + - Present + - RegularExpression + - Absent + - Prefix + type: string + value: + description: >- + Value is the value of HTTP Header to be + matched. + type: string + required: + - name + type: object + type: array + retriableResponseHeaders: + description: >- + RetriableResponseHeaders is an HTTP response + headers that trigger a retry - all data plane types are targeted by the policy. - items: - enum: - - Sidecar - - Gateway - type: string - type: array - sectionName: - description: >- - SectionName is used to target specific section of resource. + if present in the response. A retry will be + triggered if any of the header - For example, you can target port from MeshService.ports[] by - its name. Only traffic to this port will be affected. - type: string - tags: - additionalProperties: - type: string - description: >- - Tags used to select a subset of proxies by tags. Can only be - used with kinds + matches the upstream response headers. + items: + description: >- + HeaderMatch describes how to select an HTTP + route by matching HTTP request - `MeshSubset` and `MeshServiceSubset` - type: object - required: - - kind - type: object - to: - description: >- - To list makes a match between clients and corresponding - configurations - items: - properties: - default: - description: >- - Default is a configuration specific to the group of - clients referenced in + headers. + properties: + name: + description: >- + Name is the name of the HTTP Header to be + matched. Name MUST be lower case - 'targetRef' - properties: - local: - description: >- - LocalConf defines local http or/and tcp rate limit - configuration - properties: - http: + as they will be handled with case + insensitivity (See + https://tools.ietf.org/html/rfc7230#section-3.2). + maxLength: 256 + minLength: 1 + pattern: ^[a-z0-9!#$%&'*+\-.^_\x60|~]+$ + type: string + type: + default: Exact + description: >- + Type specifies how to match against the + value of the header. + enum: + - Exact + - Present + - RegularExpression + - Absent + - Prefix + type: string + value: + description: >- + Value is the value of HTTP Header to be + matched. + type: string + required: + - name + type: object + type: array + retryOn: description: >- - LocalHTTP defines configuration of local HTTP rate - limiting + RetryOn is a list of conditions which will cause a + retry. Available values are: - https://www.envoyproxy.io/docs/envoy/latest/configuration/http/http_filters/local_rate_limit_filter - properties: - disabled: - description: Define if rate limiting should be disabled. - type: boolean - onRateLimit: - description: >- - Describes the actions to take on a rate limit - event - properties: - headers: - description: >- - The Headers to be added to the HTTP - response on a rate limit event - properties: - add: - items: - properties: - name: - maxLength: 256 - minLength: 1 - pattern: ^[a-z0-9!#$%&'*+\-.^_\x60|~]+$ - type: string - value: - type: string - required: - - name - - value - type: object - maxItems: 16 - type: array - x-kubernetes-list-map-keys: - - name - x-kubernetes-list-type: map - set: - items: - properties: - name: - maxLength: 256 - minLength: 1 - pattern: ^[a-z0-9!#$%&'*+\-.^_\x60|~]+$ - type: string - value: - type: string - required: - - name - - value - type: object - maxItems: 16 - type: array - x-kubernetes-list-map-keys: - - name - x-kubernetes-list-type: map - type: object - status: - description: >- - The HTTP status code to be set on a rate - limit event - format: int32 - type: integer - type: object - requestRate: - description: >- - Defines how many requests are allowed per - interval. - properties: - interval: - description: >- - The interval the number of units is - accounted for. - type: string - num: - description: >- - Number of units per interval (depending on - usage it can be a number of requests, + [5XX, GatewayError, Reset, Retriable4xx, + ConnectFailure, EnvoyRatelimited, - or a number of connections). - format: int32 - type: integer - required: - - interval - - num - type: object - type: object - tcp: - description: >- - LocalTCP defines confguration of local TCP rate - limiting + RefusedStream, Http3PostConnectFailure, + HttpMethodConnect, HttpMethodDelete, - https://www.envoyproxy.io/docs/envoy/latest/configuration/listeners/network_filters/local_rate_limit_filter - properties: - connectionRate: - description: >- - Defines how many connections are allowed per - interval. - properties: - interval: - description: >- - The interval the number of units is - accounted for. - type: string - num: - description: >- - Number of units per interval (depending on - usage it can be a number of requests, + HttpMethodGet, HttpMethodHead, HttpMethodOptions, + HttpMethodPatch, - or a number of connections). - format: int32 - type: integer - required: - - interval - - num - type: object - disabled: - description: |- - Define if rate limiting should be disabled. - Default: false - type: boolean - type: object + HttpMethodPost, HttpMethodPut, HttpMethodTrace]. + + Also, any HTTP status code (500, 503, etc.). + example: + - 5XX + - GatewayError + - Reset + - Retriable4xx + - ConnectFailure + - EnvoyRatelimited + - RefusedStream + - Http3PostConnectFailure + - HttpMethodConnect + - HttpMethodDelete + - HttpMethodGet + - HttpMethodHead + - HttpMethodOptions + - HttpMethodPatch + - HttpMethodPost + - HttpMethodPut + - HttpMethodTrace + - '500' + - '503' + items: + type: string + type: array + type: object + tcp: + description: TCP defines a configuration of retries for TCP traffic + properties: + maxConnectAttempt: + description: >- + MaxConnectAttempt is a maximal amount of TCP + connection attempts + + which will be made before giving up + format: int32 + type: integer type: object type: object targetRef: @@ -12064,7 +11845,7 @@ components: TargetRef is a reference to the resource that represents a group of - clients. + destinations. properties: kind: description: Kind of the referenced resource @@ -12157,7 +11938,7 @@ components: description: Time at which the resource was updated format: date-time example: '0001-01-01T00:00:00Z' - MeshRateLimitCreateOrUpdateSuccessResponse: + MeshRetryCreateOrUpdateSuccessResponse: type: object properties: warnings: @@ -12171,10 +11952,10 @@ components: request should correct or be aware of. items: type: string - MeshRateLimitDeleteSuccessResponse: + MeshRetryDeleteSuccessResponse: type: object properties: {} - MeshRetryItem: + MeshTCPRouteItem: type: object required: - type @@ -12185,7 +11966,7 @@ components: description: the type of the resource type: string enum: - - MeshRetry + - MeshTCPRoute mesh: description: >- Mesh is the name of the Kuma mesh this resource belongs to. It may @@ -12201,7 +11982,7 @@ components: description: The labels to help identity resources type: object spec: - description: Spec is the specification of the Kuma MeshRetry resource. + description: Spec is the specification of the Kuma MeshTCPRoute resource. properties: targetRef: description: >- @@ -12211,7 +11992,7 @@ components: The resource could be either a real store object or virtual resource - defined inplace. + defined in-place. properties: kind: description: Kind of the referenced resource @@ -12280,448 +12061,716 @@ components: Tags used to select a subset of proxies by tags. Can only be used with kinds - `MeshSubset` and `MeshServiceSubset` - type: object - required: - - kind - type: object - to: + `MeshSubset` and `MeshServiceSubset` + type: object + required: + - kind + type: object + to: + description: >- + To list makes a match between the consumed services and + corresponding + + configurations + items: + properties: + rules: + description: >- + Rules contains the routing rules applies to a combination + of top-level + + targetRef and the targetRef in this entry. + items: + properties: + default: + description: >- + Default holds routing rules that can be merged with + rules from other + + policies. + properties: + backendRefs: + items: + description: BackendRef defines where to forward traffic. + properties: + kind: + description: Kind of the referenced resource + enum: + - Mesh + - MeshSubset + - MeshGateway + - MeshService + - MeshExternalService + - MeshMultiZoneService + - MeshServiceSubset + - MeshHTTPRoute + - Dataplane + type: string + labels: + additionalProperties: + type: string + description: >- + Labels are used to select group of + MeshServices that match labels. Either + Labels or + + Name and Namespace can be used. + type: object + mesh: + description: >- + Mesh is reserved for future use to + identify cross mesh resources. + type: string + name: + description: >- + Name of the referenced resource. Can only + be used with kinds: `MeshService`, + + `MeshServiceSubset` and `MeshGatewayRoute` + type: string + namespace: + description: >- + Namespace specifies the namespace of + target resource. If empty only resources + in policy namespace + + will be targeted. + type: string + port: + description: >- + Port is only supported when this ref + refers to a real MeshService object + format: int32 + type: integer + proxyTypes: + description: >- + ProxyTypes specifies the data plane types + that are subject to the policy. When not + specified, + + all data plane types are targeted by the + policy. + items: + enum: + - Sidecar + - Gateway + type: string + type: array + sectionName: + description: >- + SectionName is used to target specific + section of resource. + + For example, you can target port from + MeshService.ports[] by its name. Only + traffic to this port will be affected. + type: string + tags: + additionalProperties: + type: string + description: >- + Tags used to select a subset of proxies by + tags. Can only be used with kinds + + `MeshSubset` and `MeshServiceSubset` + type: object + weight: + default: 1 + minimum: 0 + type: integer + required: + - kind + type: object + type: array + type: object + required: + - default + type: object + maxItems: 1 + type: array + targetRef: + description: >- + TargetRef is a reference to the resource that represents a + group of + + destinations. + properties: + kind: + description: Kind of the referenced resource + enum: + - Mesh + - MeshSubset + - MeshGateway + - MeshService + - MeshExternalService + - MeshMultiZoneService + - MeshServiceSubset + - MeshHTTPRoute + - Dataplane + type: string + labels: + additionalProperties: + type: string + description: >- + Labels are used to select group of MeshServices that + match labels. Either Labels or + + Name and Namespace can be used. + type: object + mesh: + description: >- + Mesh is reserved for future use to identify cross mesh + resources. + type: string + name: + description: >- + Name of the referenced resource. Can only be used with + kinds: `MeshService`, + + `MeshServiceSubset` and `MeshGatewayRoute` + type: string + namespace: + description: >- + Namespace specifies the namespace of target resource. + If empty only resources in policy namespace + + will be targeted. + type: string + proxyTypes: + description: >- + ProxyTypes specifies the data plane types that are + subject to the policy. When not specified, + + all data plane types are targeted by the policy. + items: + enum: + - Sidecar + - Gateway + type: string + type: array + sectionName: + description: >- + SectionName is used to target specific section of + resource. + + For example, you can target port from + MeshService.ports[] by its name. Only traffic to this + port will be affected. + type: string + tags: + additionalProperties: + type: string + description: >- + Tags used to select a subset of proxies by tags. Can + only be used with kinds + + `MeshSubset` and `MeshServiceSubset` + type: object + required: + - kind + type: object + required: + - rules + - targetRef + type: object + minItems: 1 + type: array + type: object + creationTime: + readOnly: true + type: string + description: Time at which the resource was created + format: date-time + example: '0001-01-01T00:00:00Z' + modificationTime: + readOnly: true + type: string + description: Time at which the resource was updated + format: date-time + example: '0001-01-01T00:00:00Z' + MeshTCPRouteCreateOrUpdateSuccessResponse: + type: object + properties: + warnings: + type: array + readOnly: true + description: > + warnings is a list of warning messages to return to the requesting + Kuma API clients. + + Warning messages describe a problem the client making the API + request should correct or be aware of. + items: + type: string + MeshTCPRouteDeleteSuccessResponse: + type: object + properties: {} + MeshTimeoutItem: + type: object + required: + - type + - name + - spec + properties: + type: + description: the type of the resource + type: string + enum: + - MeshTimeout + mesh: + description: >- + Mesh is the name of the Kuma mesh this resource belongs to. It may + be omitted for cluster-scoped resources. + type: string + default: default + name: + description: Name of the Kuma resource + type: string + labels: + additionalProperties: + type: string + description: The labels to help identity resources + type: object + spec: + description: Spec is the specification of the Kuma MeshTimeout resource. + properties: + from: description: >- - To list makes a match between the consumed services and - corresponding configurations + From list makes a match between clients and corresponding + configurations items: properties: default: description: >- Default is a configuration specific to the group of - destinations referenced in + clients referenced in 'targetRef' properties: - grpc: + connectionTimeout: description: >- - GRPC defines a configuration of retries for GRPC - traffic + ConnectionTimeout specifies the amount of time proxy + will wait for an TCP connection to be established. + + Default value is 5 seconds. Cannot be set to 0. + type: string + http: + description: Http provides configuration for HTTP specific timeouts properties: - backOff: + maxConnectionDuration: description: >- - BackOff is a configuration of durations which will - be used in an exponential - - backoff strategy between retries. - properties: - baseInterval: - description: >- - BaseInterval is an amount of time which should - be taken between retries. + MaxConnectionDuration is the time after which a + connection will be drained and/or closed, - Must be greater than zero. Values less than 1 - ms are rounded up to 1 ms. + starting from when it was first established. + Setting this timeout to 0 will disable it. - If not specified then the default value is - "25ms". - type: string - maxInterval: - description: >- - MaxInterval is a maximal amount of time which - will be taken between retries. + Disabled by default. + type: string + maxStreamDuration: + description: >- + MaxStreamDuration is the maximum time that a + stream’s lifetime will span. - Default is 10 times the "BaseInterval". - type: string - type: object - numRetries: + Setting this timeout to 0 will disable it. + Disabled by default. + type: string + requestHeadersTimeout: description: >- - NumRetries is the number of attempts that will be - made on failed (and + RequestHeadersTimeout The amount of time that + proxy will wait for the request headers to be + received. The timer is - retriable) requests. If not set, the default value - is 1. - format: int32 - type: integer - perTryTimeout: + activated when the first byte of the headers is + received, and is disarmed when the last byte of + + the headers has been received. If not specified or + set to 0, this timeout is disabled. + + Disabled by default. + type: string + requestTimeout: description: >- - PerTryTimeout is the maximum amount of time each - retry attempt can take + RequestTimeout The amount of time that proxy will + wait for the entire request to be received. - before it times out. If not set, the global - request timeout for the route + The timer is activated when the request is + initiated, and is disarmed when the last byte of + the request is sent, - will be used. Setting this value to 0 will disable - the per-try timeout. + OR when the response is initiated. Setting this + timeout to 0 will disable it. + + Default is 15s. type: string - rateLimitedBackOff: + streamIdleTimeout: description: >- - RateLimitedBackOff is a configuration of backoff - which will be used when + StreamIdleTimeout is the amount of time that proxy + will allow a stream to exist with no activity. - the upstream returns one of the headers - configured. - properties: - maxInterval: - description: >- - MaxInterval is a maximal amount of time which - will be taken between retries. + Setting this timeout to 0 will disable it. Default + is 30m + type: string + type: object + idleTimeout: + description: >- + IdleTimeout is defined as the period in which there + are no bytes sent or received on connection - If not specified then the default value is - "300s". - type: string - resetHeaders: - description: >- - ResetHeaders specifies the list of headers - (like Retry-After or X-RateLimit-Reset) + Setting this timeout to 0 will disable it. Be cautious + when disabling it because - to match against the response. Headers are - tried in order, and matched + it can lead to connection leaking. Default value is + 1h. + type: string + type: object + targetRef: + description: >- + TargetRef is a reference to the resource that represents a + group of - case-insensitive. The first header to be - parsed successfully is used. + clients. + properties: + kind: + description: Kind of the referenced resource + enum: + - Mesh + - MeshSubset + - MeshGateway + - MeshService + - MeshExternalService + - MeshMultiZoneService + - MeshServiceSubset + - MeshHTTPRoute + - Dataplane + type: string + labels: + additionalProperties: + type: string + description: >- + Labels are used to select group of MeshServices that + match labels. Either Labels or - If no headers match the default exponential - BackOff is used instead. - items: - properties: - format: - description: The format of the reset header. - enum: - - Seconds - - UnixTimestamp - type: string - name: - description: The Name of the reset header. - maxLength: 256 - minLength: 1 - pattern: ^[a-z0-9!#$%&'*+\-.^_\x60|~]+$ - type: string - required: - - format - - name - type: object - type: array - type: object - retryOn: - description: >- - RetryOn is a list of conditions which will cause a - retry. - example: - - Canceled - - DeadlineExceeded - - Internal - - ResourceExhausted - - Unavailable - items: - enum: - - Canceled - - DeadlineExceeded - - Internal - - ResourceExhausted - - Unavailable - type: string - type: array + Name and Namespace can be used. + type: object + mesh: + description: >- + Mesh is reserved for future use to identify cross mesh + resources. + type: string + name: + description: >- + Name of the referenced resource. Can only be used with + kinds: `MeshService`, + + `MeshServiceSubset` and `MeshGatewayRoute` + type: string + namespace: + description: >- + Namespace specifies the namespace of target resource. + If empty only resources in policy namespace + + will be targeted. + type: string + proxyTypes: + description: >- + ProxyTypes specifies the data plane types that are + subject to the policy. When not specified, + + all data plane types are targeted by the policy. + items: + enum: + - Sidecar + - Gateway + type: string + type: array + sectionName: + description: >- + SectionName is used to target specific section of + resource. + + For example, you can target port from + MeshService.ports[] by its name. Only traffic to this + port will be affected. + type: string + tags: + additionalProperties: + type: string + description: >- + Tags used to select a subset of proxies by tags. Can + only be used with kinds + + `MeshSubset` and `MeshServiceSubset` type: object - http: + required: + - kind + type: object + required: + - targetRef + type: object + type: array + rules: + description: >- + Rules defines inbound timeout configurations. Currently limited + to exactly one rule containing + + default timeouts that apply to all inbound traffic, as L7 + matching is not yet implemented. + items: + properties: + default: + description: Default contains configuration of the inbound timeouts + properties: + connectionTimeout: description: >- - HTTP defines a configuration of retries for HTTP - traffic + ConnectionTimeout specifies the amount of time proxy + will wait for an TCP connection to be established. + + Default value is 5 seconds. Cannot be set to 0. + type: string + http: + description: Http provides configuration for HTTP specific timeouts properties: - backOff: + maxConnectionDuration: description: >- - BackOff is a configuration of durations which will - be used in exponential - - backoff strategy between retries. - properties: - baseInterval: - description: >- - BaseInterval is an amount of time which should - be taken between retries. + MaxConnectionDuration is the time after which a + connection will be drained and/or closed, - Must be greater than zero. Values less than 1 - ms are rounded up to 1 ms. + starting from when it was first established. + Setting this timeout to 0 will disable it. - If not specified then the default value is - "25ms". - type: string - maxInterval: - description: >- - MaxInterval is a maximal amount of time which - will be taken between retries. + Disabled by default. + type: string + maxStreamDuration: + description: >- + MaxStreamDuration is the maximum time that a + stream’s lifetime will span. - Default is 10 times the "BaseInterval". - type: string - type: object - hostSelection: + Setting this timeout to 0 will disable it. + Disabled by default. + type: string + requestHeadersTimeout: description: >- - HostSelection is a list of predicates that dictate - how hosts should be selected + RequestHeadersTimeout The amount of time that + proxy will wait for the request headers to be + received. The timer is - when requests are retried. - items: - properties: - predicate: - description: Type is requested predicate mode. - enum: - - OmitPreviousHosts - - OmitHostsWithTags - - OmitPreviousPriorities - type: string - tags: - additionalProperties: - type: string - description: >- - Tags is a map of metadata to match against - for selecting the omitted hosts. Required if - Type is + activated when the first byte of the headers is + received, and is disarmed when the last byte of - OmitHostsWithTags - type: object - updateFrequency: - default: 2 - description: >- - UpdateFrequency is how often the priority - load should be updated based on previously - attempted priorities. + the headers has been received. If not specified or + set to 0, this timeout is disabled. - Used for OmitPreviousPriorities. - format: int32 - type: integer - required: - - predicate - type: object - type: array - hostSelectionMaxAttempts: + Disabled by default. + type: string + requestTimeout: description: >- - HostSelectionMaxAttempts is the maximum number of - times host selection will be + RequestTimeout The amount of time that proxy will + wait for the entire request to be received. - reattempted before giving up, at which point the - host that was last selected will + The timer is activated when the request is + initiated, and is disarmed when the last byte of + the request is sent, - be routed to. If unspecified, this will default to - retrying once. - format: int64 - type: integer - numRetries: - description: >- - NumRetries is the number of attempts that will be - made on failed (and + OR when the response is initiated. Setting this + timeout to 0 will disable it. - retriable) requests. If not set, the default - value is 1. - format: int32 - type: integer - perTryTimeout: + Default is 15s. + type: string + streamIdleTimeout: description: >- - PerTryTimeout is the amount of time after which - retry attempt should time out. + StreamIdleTimeout is the amount of time that proxy + will allow a stream to exist with no activity. - If left unspecified, the global route timeout for - the request will be used. + Setting this timeout to 0 will disable it. Default + is 30m + type: string + type: object + idleTimeout: + description: >- + IdleTimeout is defined as the period in which there + are no bytes sent or received on connection - Consequently, when using a 5xx based retry policy, - a request that times out + Setting this timeout to 0 will disable it. Be cautious + when disabling it because - will not be retried as the total timeout budget - would have been exhausted. + it can lead to connection leaking. Default value is + 1h. + type: string + type: object + type: object + type: array + targetRef: + description: >- + TargetRef is a reference to the resource the policy takes an + effect on. - Setting this timeout to 0 will disable it. - type: string - rateLimitedBackOff: - description: >- - RateLimitedBackOff is a configuration of backoff - which will be used + The resource could be either a real store object or virtual + resource + + defined inplace. + properties: + kind: + description: Kind of the referenced resource + enum: + - Mesh + - MeshSubset + - MeshGateway + - MeshService + - MeshExternalService + - MeshMultiZoneService + - MeshServiceSubset + - MeshHTTPRoute + - Dataplane + type: string + labels: + additionalProperties: + type: string + description: >- + Labels are used to select group of MeshServices that match + labels. Either Labels or + + Name and Namespace can be used. + type: object + mesh: + description: >- + Mesh is reserved for future use to identify cross mesh + resources. + type: string + name: + description: >- + Name of the referenced resource. Can only be used with + kinds: `MeshService`, + + `MeshServiceSubset` and `MeshGatewayRoute` + type: string + namespace: + description: >- + Namespace specifies the namespace of target resource. If + empty only resources in policy namespace + + will be targeted. + type: string + proxyTypes: + description: >- + ProxyTypes specifies the data plane types that are subject + to the policy. When not specified, - when the upstream returns one of the headers - configured. - properties: - maxInterval: - description: >- - MaxInterval is a maximal amount of time which - will be taken between retries. + all data plane types are targeted by the policy. + items: + enum: + - Sidecar + - Gateway + type: string + type: array + sectionName: + description: >- + SectionName is used to target specific section of resource. - If not specified then the default value is - "300s". - type: string - resetHeaders: - description: >- - ResetHeaders specifies the list of headers - (like Retry-After or X-RateLimit-Reset) + For example, you can target port from MeshService.ports[] by + its name. Only traffic to this port will be affected. + type: string + tags: + additionalProperties: + type: string + description: >- + Tags used to select a subset of proxies by tags. Can only be + used with kinds - to match against the response. Headers are - tried in order, and matched + `MeshSubset` and `MeshServiceSubset` + type: object + required: + - kind + type: object + to: + description: >- + To list makes a match between the consumed services and + corresponding configurations + items: + properties: + default: + description: >- + Default is a configuration specific to the group of + destinations referenced in - case-insensitive. The first header to be - parsed successfully is used. + 'targetRef' + properties: + connectionTimeout: + description: >- + ConnectionTimeout specifies the amount of time proxy + will wait for an TCP connection to be established. - If no headers match the default exponential - BackOff is used instead. - items: - properties: - format: - description: The format of the reset header. - enum: - - Seconds - - UnixTimestamp - type: string - name: - description: The Name of the reset header. - maxLength: 256 - minLength: 1 - pattern: ^[a-z0-9!#$%&'*+\-.^_\x60|~]+$ - type: string - required: - - format - - name - type: object - type: array - type: object - retriableRequestHeaders: + Default value is 5 seconds. Cannot be set to 0. + type: string + http: + description: Http provides configuration for HTTP specific timeouts + properties: + maxConnectionDuration: description: >- - RetriableRequestHeaders is an HTTP headers which - must be present in the request - - for retries to be attempted. - items: - description: >- - HeaderMatch describes how to select an HTTP - route by matching HTTP request + MaxConnectionDuration is the time after which a + connection will be drained and/or closed, - headers. - properties: - name: - description: >- - Name is the name of the HTTP Header to be - matched. Name MUST be lower case + starting from when it was first established. + Setting this timeout to 0 will disable it. - as they will be handled with case - insensitivity (See - https://tools.ietf.org/html/rfc7230#section-3.2). - maxLength: 256 - minLength: 1 - pattern: ^[a-z0-9!#$%&'*+\-.^_\x60|~]+$ - type: string - type: - default: Exact - description: >- - Type specifies how to match against the - value of the header. - enum: - - Exact - - Present - - RegularExpression - - Absent - - Prefix - type: string - value: - description: >- - Value is the value of HTTP Header to be - matched. - type: string - required: - - name - type: object - type: array - retriableResponseHeaders: + Disabled by default. + type: string + maxStreamDuration: description: >- - RetriableResponseHeaders is an HTTP response - headers that trigger a retry + MaxStreamDuration is the maximum time that a + stream’s lifetime will span. - if present in the response. A retry will be - triggered if any of the header + Setting this timeout to 0 will disable it. + Disabled by default. + type: string + requestHeadersTimeout: + description: >- + RequestHeadersTimeout The amount of time that + proxy will wait for the request headers to be + received. The timer is - matches the upstream response headers. - items: - description: >- - HeaderMatch describes how to select an HTTP - route by matching HTTP request + activated when the first byte of the headers is + received, and is disarmed when the last byte of - headers. - properties: - name: - description: >- - Name is the name of the HTTP Header to be - matched. Name MUST be lower case + the headers has been received. If not specified or + set to 0, this timeout is disabled. - as they will be handled with case - insensitivity (See - https://tools.ietf.org/html/rfc7230#section-3.2). - maxLength: 256 - minLength: 1 - pattern: ^[a-z0-9!#$%&'*+\-.^_\x60|~]+$ - type: string - type: - default: Exact - description: >- - Type specifies how to match against the - value of the header. - enum: - - Exact - - Present - - RegularExpression - - Absent - - Prefix - type: string - value: - description: >- - Value is the value of HTTP Header to be - matched. - type: string - required: - - name - type: object - type: array - retryOn: + Disabled by default. + type: string + requestTimeout: description: >- - RetryOn is a list of conditions which will cause a - retry. Available values are: - - [5XX, GatewayError, Reset, Retriable4xx, - ConnectFailure, EnvoyRatelimited, - - RefusedStream, Http3PostConnectFailure, - HttpMethodConnect, HttpMethodDelete, + RequestTimeout The amount of time that proxy will + wait for the entire request to be received. - HttpMethodGet, HttpMethodHead, HttpMethodOptions, - HttpMethodPatch, + The timer is activated when the request is + initiated, and is disarmed when the last byte of + the request is sent, - HttpMethodPost, HttpMethodPut, HttpMethodTrace]. + OR when the response is initiated. Setting this + timeout to 0 will disable it. - Also, any HTTP status code (500, 503, etc.). - example: - - 5XX - - GatewayError - - Reset - - Retriable4xx - - ConnectFailure - - EnvoyRatelimited - - RefusedStream - - Http3PostConnectFailure - - HttpMethodConnect - - HttpMethodDelete - - HttpMethodGet - - HttpMethodHead - - HttpMethodOptions - - HttpMethodPatch - - HttpMethodPost - - HttpMethodPut - - HttpMethodTrace - - '500' - - '503' - items: - type: string - type: array - type: object - tcp: - description: TCP defines a configuration of retries for TCP traffic - properties: - maxConnectAttempt: + Default is 15s. + type: string + streamIdleTimeout: description: >- - MaxConnectAttempt is a maximal amount of TCP - connection attempts + StreamIdleTimeout is the amount of time that proxy + will allow a stream to exist with no activity. - which will be made before giving up - format: int32 - type: integer + Setting this timeout to 0 will disable it. Default + is 30m + type: string type: object + idleTimeout: + description: >- + IdleTimeout is defined as the period in which there + are no bytes sent or received on connection + + Setting this timeout to 0 will disable it. Be cautious + when disabling it because + + it can lead to connection leaking. Default value is + 1h. + type: string type: object targetRef: description: >- @@ -12821,7 +12870,7 @@ components: description: Time at which the resource was updated format: date-time example: '0001-01-01T00:00:00Z' - MeshRetryCreateOrUpdateSuccessResponse: + MeshTimeoutCreateOrUpdateSuccessResponse: type: object properties: warnings: @@ -12835,10 +12884,10 @@ components: request should correct or be aware of. items: type: string - MeshRetryDeleteSuccessResponse: + MeshTimeoutDeleteSuccessResponse: type: object properties: {} - MeshTCPRouteItem: + MeshTLSItem: type: object required: - type @@ -12849,7 +12898,7 @@ components: description: the type of the resource type: string enum: - - MeshTCPRoute + - MeshTLS mesh: description: >- Mesh is the name of the Kuma mesh this resource belongs to. It may @@ -12865,218 +12914,78 @@ components: description: The labels to help identity resources type: object spec: - description: Spec is the specification of the Kuma MeshTCPRoute resource. + description: Spec is the specification of the Kuma MeshTLS resource. properties: - targetRef: - description: >- - TargetRef is a reference to the resource the policy takes an - effect on. - - The resource could be either a real store object or virtual - resource - - defined in-place. - properties: - kind: - description: Kind of the referenced resource - enum: - - Mesh - - MeshSubset - - MeshGateway - - MeshService - - MeshExternalService - - MeshMultiZoneService - - MeshServiceSubset - - MeshHTTPRoute - - Dataplane - type: string - labels: - additionalProperties: - type: string - description: >- - Labels are used to select group of MeshServices that match - labels. Either Labels or - - Name and Namespace can be used. - type: object - mesh: - description: >- - Mesh is reserved for future use to identify cross mesh - resources. - type: string - name: - description: >- - Name of the referenced resource. Can only be used with - kinds: `MeshService`, - - `MeshServiceSubset` and `MeshGatewayRoute` - type: string - namespace: - description: >- - Namespace specifies the namespace of target resource. If - empty only resources in policy namespace - - will be targeted. - type: string - proxyTypes: - description: >- - ProxyTypes specifies the data plane types that are subject - to the policy. When not specified, - - all data plane types are targeted by the policy. - items: - enum: - - Sidecar - - Gateway - type: string - type: array - sectionName: - description: >- - SectionName is used to target specific section of resource. - - For example, you can target port from MeshService.ports[] by - its name. Only traffic to this port will be affected. - type: string - tags: - additionalProperties: - type: string - description: >- - Tags used to select a subset of proxies by tags. Can only be - used with kinds - - `MeshSubset` and `MeshServiceSubset` - type: object - required: - - kind - type: object - to: + from: description: >- - To list makes a match between the consumed services and - corresponding - + From list makes a match between clients and corresponding configurations items: properties: - rules: + default: description: >- - Rules contains the routing rules applies to a combination - of top-level - - targetRef and the targetRef in this entry. - items: - properties: - default: - description: >- - Default holds routing rules that can be merged with - rules from other - - policies. - properties: - backendRefs: - items: - description: BackendRef defines where to forward traffic. - properties: - kind: - description: Kind of the referenced resource - enum: - - Mesh - - MeshSubset - - MeshGateway - - MeshService - - MeshExternalService - - MeshMultiZoneService - - MeshServiceSubset - - MeshHTTPRoute - - Dataplane - type: string - labels: - additionalProperties: - type: string - description: >- - Labels are used to select group of - MeshServices that match labels. Either - Labels or - - Name and Namespace can be used. - type: object - mesh: - description: >- - Mesh is reserved for future use to - identify cross mesh resources. - type: string - name: - description: >- - Name of the referenced resource. Can only - be used with kinds: `MeshService`, - - `MeshServiceSubset` and `MeshGatewayRoute` - type: string - namespace: - description: >- - Namespace specifies the namespace of - target resource. If empty only resources - in policy namespace - - will be targeted. - type: string - port: - description: >- - Port is only supported when this ref - refers to a real MeshService object - format: int32 - type: integer - proxyTypes: - description: >- - ProxyTypes specifies the data plane types - that are subject to the policy. When not - specified, - - all data plane types are targeted by the - policy. - items: - enum: - - Sidecar - - Gateway - type: string - type: array - sectionName: - description: >- - SectionName is used to target specific - section of resource. - - For example, you can target port from - MeshService.ports[] by its name. Only - traffic to this port will be affected. - type: string - tags: - additionalProperties: - type: string - description: >- - Tags used to select a subset of proxies by - tags. Can only be used with kinds + Default is a configuration specific to the group of + clients referenced in - `MeshSubset` and `MeshServiceSubset` - type: object - weight: - default: 1 - minimum: 0 - type: integer - required: - - kind - type: object - type: array - type: object - required: - - default - type: object - maxItems: 1 - type: array + 'targetRef' + properties: + mode: + description: >- + Mode defines the behavior of inbound listeners with + regard to traffic encryption. + enum: + - Permissive + - Strict + type: string + tlsCiphers: + description: >- + TlsCiphers section for providing ciphers + specification. + items: + enum: + - ECDHE-ECDSA-AES128-GCM-SHA256 + - ECDHE-ECDSA-AES256-GCM-SHA384 + - ECDHE-ECDSA-CHACHA20-POLY1305 + - ECDHE-RSA-AES128-GCM-SHA256 + - ECDHE-RSA-AES256-GCM-SHA384 + - ECDHE-RSA-CHACHA20-POLY1305 + type: string + type: array + tlsVersion: + description: Version section for providing version specification. + properties: + max: + default: TLSAuto + description: >- + Max defines maximum supported version. One of + `TLSAuto`, `TLS10`, `TLS11`, `TLS12`, `TLS13`. + enum: + - TLSAuto + - TLS10 + - TLS11 + - TLS12 + - TLS13 + type: string + min: + default: TLSAuto + description: >- + Min defines minimum supported version. One of + `TLSAuto`, `TLS10`, `TLS11`, `TLS12`, `TLS13`. + enum: + - TLSAuto + - TLS10 + - TLS11 + - TLS12 + - TLS13 + type: string + type: object + type: object targetRef: description: >- TargetRef is a reference to the resource that represents a group of - destinations. + clients. properties: kind: description: Kind of the referenced resource @@ -13153,11 +13062,155 @@ components: - kind type: object required: - - rules - targetRef type: object - minItems: 1 type: array + rules: + description: >- + Rules defines inbound tls configurations. Currently limited to + + selecting all inbound traffic, as L7 matching is not yet + implemented. + items: + properties: + default: + description: Default contains configuration of the inbound tls + properties: + mode: + description: >- + Mode defines the behavior of inbound listeners with + regard to traffic encryption. + enum: + - Permissive + - Strict + type: string + tlsCiphers: + description: >- + TlsCiphers section for providing ciphers + specification. + items: + enum: + - ECDHE-ECDSA-AES128-GCM-SHA256 + - ECDHE-ECDSA-AES256-GCM-SHA384 + - ECDHE-ECDSA-CHACHA20-POLY1305 + - ECDHE-RSA-AES128-GCM-SHA256 + - ECDHE-RSA-AES256-GCM-SHA384 + - ECDHE-RSA-CHACHA20-POLY1305 + type: string + type: array + tlsVersion: + description: Version section for providing version specification. + properties: + max: + default: TLSAuto + description: >- + Max defines maximum supported version. One of + `TLSAuto`, `TLS10`, `TLS11`, `TLS12`, `TLS13`. + enum: + - TLSAuto + - TLS10 + - TLS11 + - TLS12 + - TLS13 + type: string + min: + default: TLSAuto + description: >- + Min defines minimum supported version. One of + `TLSAuto`, `TLS10`, `TLS11`, `TLS12`, `TLS13`. + enum: + - TLSAuto + - TLS10 + - TLS11 + - TLS12 + - TLS13 + type: string + type: object + type: object + type: object + type: array + targetRef: + description: >- + TargetRef is a reference to the resource the policy takes an + effect on. + + The resource could be either a real store object or virtual + resource + + defined in-place. + properties: + kind: + description: Kind of the referenced resource + enum: + - Mesh + - MeshSubset + - MeshGateway + - MeshService + - MeshExternalService + - MeshMultiZoneService + - MeshServiceSubset + - MeshHTTPRoute + - Dataplane + type: string + labels: + additionalProperties: + type: string + description: >- + Labels are used to select group of MeshServices that match + labels. Either Labels or + + Name and Namespace can be used. + type: object + mesh: + description: >- + Mesh is reserved for future use to identify cross mesh + resources. + type: string + name: + description: >- + Name of the referenced resource. Can only be used with + kinds: `MeshService`, + + `MeshServiceSubset` and `MeshGatewayRoute` + type: string + namespace: + description: >- + Namespace specifies the namespace of target resource. If + empty only resources in policy namespace + + will be targeted. + type: string + proxyTypes: + description: >- + ProxyTypes specifies the data plane types that are subject + to the policy. When not specified, + + all data plane types are targeted by the policy. + items: + enum: + - Sidecar + - Gateway + type: string + type: array + sectionName: + description: >- + SectionName is used to target specific section of resource. + + For example, you can target port from MeshService.ports[] by + its name. Only traffic to this port will be affected. + type: string + tags: + additionalProperties: + type: string + description: >- + Tags used to select a subset of proxies by tags. Can only be + used with kinds + + `MeshSubset` and `MeshServiceSubset` + type: object + required: + - kind + type: object type: object creationTime: readOnly: true @@ -13171,7 +13224,7 @@ components: description: Time at which the resource was updated format: date-time example: '0001-01-01T00:00:00Z' - MeshTCPRouteCreateOrUpdateSuccessResponse: + MeshTLSCreateOrUpdateSuccessResponse: type: object properties: warnings: @@ -13185,10 +13238,10 @@ components: request should correct or be aware of. items: type: string - MeshTCPRouteDeleteSuccessResponse: + MeshTLSDeleteSuccessResponse: type: object properties: {} - MeshTimeoutItem: + MeshTraceItem: type: object required: - type @@ -13199,7 +13252,7 @@ components: description: the type of the resource type: string enum: - - MeshTimeout + - MeshTrace mesh: description: >- Mesh is the name of the Kuma mesh this resource belongs to. It may @@ -13215,274 +13268,228 @@ components: description: The labels to help identity resources type: object spec: - description: Spec is the specification of the Kuma MeshTimeout resource. + description: Spec is the specification of the Kuma MeshTrace resource. properties: - from: - description: >- - From list makes a match between clients and corresponding - configurations - items: - properties: - default: - description: >- - Default is a configuration specific to the group of - clients referenced in + default: + description: MeshTrace configuration. + properties: + backends: + description: >- + A one element array of backend definition. - 'targetRef' - properties: - connectionTimeout: - description: >- - ConnectionTimeout specifies the amount of time proxy - will wait for an TCP connection to be established. + Envoy allows configuring only 1 backend, so the natural way + of - Default value is 5 seconds. Cannot be set to 0. - type: string - http: - description: Http provides configuration for HTTP specific timeouts - properties: - maxConnectionDuration: - description: >- - MaxConnectionDuration is the time after which a - connection will be drained and/or closed, + representing that would be just one object. Unfortunately + due to the - starting from when it was first established. - Setting this timeout to 0 will disable it. + reasons explained in MADR 009-tracing-policy this has to be + a one element - Disabled by default. - type: string - maxStreamDuration: + array for now. + items: + description: Only one of zipkin, datadog or openTelemetry can be used. + properties: + datadog: + description: Datadog backend configuration. + properties: + splitService: + default: false description: >- - MaxStreamDuration is the maximum time that a - stream’s lifetime will span. + Determines if datadog service name should be split + based on traffic - Setting this timeout to 0 will disable it. - Disabled by default. - type: string - requestHeadersTimeout: - description: >- - RequestHeadersTimeout The amount of time that - proxy will wait for the request headers to be - received. The timer is + direction and destination. For example, with + `splitService: true` and a - activated when the first byte of the headers is - received, and is disarmed when the last byte of + `backend` service that communicates with a couple + of databases, you would - the headers has been received. If not specified or - set to 0, this timeout is disabled. + get service names like `backend_INBOUND`, + `backend_OUTBOUND_db1`, and - Disabled by default. - type: string - requestTimeout: + `backend_OUTBOUND_db2` in Datadog. + type: boolean + url: description: >- - RequestTimeout The amount of time that proxy will - wait for the entire request to be received. - - The timer is activated when the request is - initiated, and is disarmed when the last byte of - the request is sent, + Address of Datadog collector, only host and port + are allowed (no paths, - OR when the response is initiated. Setting this - timeout to 0 will disable it. + fragments etc.) + type: string + required: + - url + type: object + openTelemetry: + description: OpenTelemetry backend configuration. + properties: + endpoint: + description: Address of OpenTelemetry collector. + example: otel-collector:4317 + minLength: 1 + type: string + required: + - endpoint + type: object + type: + enum: + - Zipkin + - Datadog + - OpenTelemetry + type: string + zipkin: + description: Zipkin backend configuration. + properties: + apiVersion: + default: httpJson + description: >- + Version of the API. - Default is 15s. + https://github.com/envoyproxy/envoy/blob/v1.22.0/api/envoy/config/trace/v3/zipkin.proto#L66 + enum: + - httpJson + - httpProto type: string - streamIdleTimeout: + sharedSpanContext: + default: true description: >- - StreamIdleTimeout is the amount of time that proxy - will allow a stream to exist with no activity. + Determines whether client and server spans will + share the same span - Setting this timeout to 0 will disable it. Default - is 30m + context. + + https://github.com/envoyproxy/envoy/blob/v1.22.0/api/envoy/config/trace/v3/zipkin.proto#L63 + type: boolean + traceId128bit: + default: false + description: Generate 128bit traces. + type: boolean + url: + description: Address of Zipkin collector. type: string + required: + - url type: object - idleTimeout: - description: >- - IdleTimeout is defined as the period in which there - are no bytes sent or received on connection + required: + - type + type: object + maxItems: 1 + type: array + sampling: + description: >- + Sampling configuration. - Setting this timeout to 0 will disable it. Be cautious - when disabling it because + Sampling is the process by which a decision is made on + whether to - it can lead to connection leaking. Default value is - 1h. - type: string - type: object - targetRef: - description: >- - TargetRef is a reference to the resource that represents a - group of + process/export a span or not. + properties: + client: + anyOf: + - type: integer + - type: string + description: >- + Target percentage of requests that will be force traced + if the - clients. - properties: - kind: - description: Kind of the referenced resource - enum: - - Mesh - - MeshSubset - - MeshGateway - - MeshService - - MeshExternalService - - MeshMultiZoneService - - MeshServiceSubset - - MeshHTTPRoute - - Dataplane - type: string - labels: - additionalProperties: - type: string - description: >- - Labels are used to select group of MeshServices that - match labels. Either Labels or + 'x-client-trace-id' header is set. Mirror of + client_sampling in Envoy - Name and Namespace can be used. - type: object - mesh: - description: >- - Mesh is reserved for future use to identify cross mesh - resources. - type: string - name: - description: >- - Name of the referenced resource. Can only be used with - kinds: `MeshService`, + https://github.com/envoyproxy/envoy/blob/v1.22.0/api/envoy/config/filter/network/http_connection_manager/v2/http_connection_manager.proto#L127-L133 - `MeshServiceSubset` and `MeshGatewayRoute` - type: string - namespace: - description: >- - Namespace specifies the namespace of target resource. - If empty only resources in policy namespace + Either int or decimal represented as string. - will be targeted. - type: string - proxyTypes: - description: >- - ProxyTypes specifies the data plane types that are - subject to the policy. When not specified, + If not specified then the default value is 100. + x-kubernetes-int-or-string: true + overall: + anyOf: + - type: integer + - type: string + description: >- + Target percentage of requests will be traced - all data plane types are targeted by the policy. - items: - enum: - - Sidecar - - Gateway - type: string - type: array - sectionName: - description: >- - SectionName is used to target specific section of - resource. + after all other sampling checks have been applied + (client, force tracing, - For example, you can target port from - MeshService.ports[] by its name. Only traffic to this - port will be affected. - type: string - tags: - additionalProperties: - type: string - description: >- - Tags used to select a subset of proxies by tags. Can - only be used with kinds + random sampling). This field functions as an upper limit + on the total - `MeshSubset` and `MeshServiceSubset` - type: object - required: - - kind - type: object - required: - - targetRef - type: object - type: array - rules: - description: >- - Rules defines inbound timeout configurations. Currently limited - to exactly one rule containing + configured sampling rate. For instance, setting client + to 100 - default timeouts that apply to all inbound traffic, as L7 - matching is not yet implemented. - items: - properties: - default: - description: Default contains configuration of the inbound timeouts - properties: - connectionTimeout: - description: >- - ConnectionTimeout specifies the amount of time proxy - will wait for an TCP connection to be established. + but overall to 1 will result in only 1% of client + requests with - Default value is 5 seconds. Cannot be set to 0. - type: string - http: - description: Http provides configuration for HTTP specific timeouts - properties: - maxConnectionDuration: - description: >- - MaxConnectionDuration is the time after which a - connection will be drained and/or closed, + the appropriate headers to be force traced. Mirror of - starting from when it was first established. - Setting this timeout to 0 will disable it. + overall_sampling in Envoy - Disabled by default. - type: string - maxStreamDuration: - description: >- - MaxStreamDuration is the maximum time that a - stream’s lifetime will span. + https://github.com/envoyproxy/envoy/blob/v1.22.0/api/envoy/config/filter/network/http_connection_manager/v2/http_connection_manager.proto#L142-L150 - Setting this timeout to 0 will disable it. - Disabled by default. - type: string - requestHeadersTimeout: - description: >- - RequestHeadersTimeout The amount of time that - proxy will wait for the request headers to be - received. The timer is + Either int or decimal represented as string. - activated when the first byte of the headers is - received, and is disarmed when the last byte of + If not specified then the default value is 100. + x-kubernetes-int-or-string: true + random: + anyOf: + - type: integer + - type: string + description: >- + Target percentage of requests that will be randomly + selected for trace + + generation, if not requested by the client or not + forced. - the headers has been received. If not specified or - set to 0, this timeout is disabled. + Mirror of random_sampling in Envoy - Disabled by default. - type: string - requestTimeout: - description: >- - RequestTimeout The amount of time that proxy will - wait for the entire request to be received. + https://github.com/envoyproxy/envoy/blob/v1.22.0/api/envoy/config/filter/network/http_connection_manager/v2/http_connection_manager.proto#L135-L140 - The timer is activated when the request is - initiated, and is disarmed when the last byte of - the request is sent, + Either int or decimal represented as string. - OR when the response is initiated. Setting this - timeout to 0 will disable it. + If not specified then the default value is 100. + x-kubernetes-int-or-string: true + type: object + tags: + description: >- + Custom tags configuration. You can add custom tags to traces + based on - Default is 15s. - type: string - streamIdleTimeout: + headers or literal values. + items: + description: |- + Custom tags configuration. + Only one of literal or header can be used. + properties: + header: + description: Tag taken from a header. + properties: + default: description: >- - StreamIdleTimeout is the amount of time that proxy - will allow a stream to exist with no activity. + Default value to use if header is missing. - Setting this timeout to 0 will disable it. Default - is 30m + If the default is missing and there is no value + the tag will not be + + included. + type: string + name: + description: Name of the header. type: string + required: + - name type: object - idleTimeout: - description: >- - IdleTimeout is defined as the period in which there - are no bytes sent or received on connection - - Setting this timeout to 0 will disable it. Be cautious - when disabling it because - - it can lead to connection leaking. Default value is - 1h. + literal: + description: Tag taken from literal value. + type: string + name: + description: Name of the tag. type: string + required: + - name type: object - type: object - type: array + type: array + type: object targetRef: description: >- TargetRef is a reference to the resource the policy takes an @@ -13508,238 +13515,63 @@ components: type: string labels: additionalProperties: - type: string - description: >- - Labels are used to select group of MeshServices that match - labels. Either Labels or - - Name and Namespace can be used. - type: object - mesh: - description: >- - Mesh is reserved for future use to identify cross mesh - resources. - type: string - name: - description: >- - Name of the referenced resource. Can only be used with - kinds: `MeshService`, - - `MeshServiceSubset` and `MeshGatewayRoute` - type: string - namespace: - description: >- - Namespace specifies the namespace of target resource. If - empty only resources in policy namespace - - will be targeted. - type: string - proxyTypes: - description: >- - ProxyTypes specifies the data plane types that are subject - to the policy. When not specified, - - all data plane types are targeted by the policy. - items: - enum: - - Sidecar - - Gateway - type: string - type: array - sectionName: - description: >- - SectionName is used to target specific section of resource. - - For example, you can target port from MeshService.ports[] by - its name. Only traffic to this port will be affected. - type: string - tags: - additionalProperties: - type: string - description: >- - Tags used to select a subset of proxies by tags. Can only be - used with kinds - - `MeshSubset` and `MeshServiceSubset` - type: object - required: - - kind - type: object - to: - description: >- - To list makes a match between the consumed services and - corresponding configurations - items: - properties: - default: - description: >- - Default is a configuration specific to the group of - destinations referenced in - - 'targetRef' - properties: - connectionTimeout: - description: >- - ConnectionTimeout specifies the amount of time proxy - will wait for an TCP connection to be established. - - Default value is 5 seconds. Cannot be set to 0. - type: string - http: - description: Http provides configuration for HTTP specific timeouts - properties: - maxConnectionDuration: - description: >- - MaxConnectionDuration is the time after which a - connection will be drained and/or closed, - - starting from when it was first established. - Setting this timeout to 0 will disable it. - - Disabled by default. - type: string - maxStreamDuration: - description: >- - MaxStreamDuration is the maximum time that a - stream’s lifetime will span. - - Setting this timeout to 0 will disable it. - Disabled by default. - type: string - requestHeadersTimeout: - description: >- - RequestHeadersTimeout The amount of time that - proxy will wait for the request headers to be - received. The timer is - - activated when the first byte of the headers is - received, and is disarmed when the last byte of - - the headers has been received. If not specified or - set to 0, this timeout is disabled. - - Disabled by default. - type: string - requestTimeout: - description: >- - RequestTimeout The amount of time that proxy will - wait for the entire request to be received. - - The timer is activated when the request is - initiated, and is disarmed when the last byte of - the request is sent, - - OR when the response is initiated. Setting this - timeout to 0 will disable it. - - Default is 15s. - type: string - streamIdleTimeout: - description: >- - StreamIdleTimeout is the amount of time that proxy - will allow a stream to exist with no activity. - - Setting this timeout to 0 will disable it. Default - is 30m - type: string - type: object - idleTimeout: - description: >- - IdleTimeout is defined as the period in which there - are no bytes sent or received on connection - - Setting this timeout to 0 will disable it. Be cautious - when disabling it because - - it can lead to connection leaking. Default value is - 1h. - type: string - type: object - targetRef: - description: >- - TargetRef is a reference to the resource that represents a - group of - - destinations. - properties: - kind: - description: Kind of the referenced resource - enum: - - Mesh - - MeshSubset - - MeshGateway - - MeshService - - MeshExternalService - - MeshMultiZoneService - - MeshServiceSubset - - MeshHTTPRoute - - Dataplane - type: string - labels: - additionalProperties: - type: string - description: >- - Labels are used to select group of MeshServices that - match labels. Either Labels or - - Name and Namespace can be used. - type: object - mesh: - description: >- - Mesh is reserved for future use to identify cross mesh - resources. - type: string - name: - description: >- - Name of the referenced resource. Can only be used with - kinds: `MeshService`, + type: string + description: >- + Labels are used to select group of MeshServices that match + labels. Either Labels or - `MeshServiceSubset` and `MeshGatewayRoute` - type: string - namespace: - description: >- - Namespace specifies the namespace of target resource. - If empty only resources in policy namespace + Name and Namespace can be used. + type: object + mesh: + description: >- + Mesh is reserved for future use to identify cross mesh + resources. + type: string + name: + description: >- + Name of the referenced resource. Can only be used with + kinds: `MeshService`, - will be targeted. - type: string - proxyTypes: - description: >- - ProxyTypes specifies the data plane types that are - subject to the policy. When not specified, + `MeshServiceSubset` and `MeshGatewayRoute` + type: string + namespace: + description: >- + Namespace specifies the namespace of target resource. If + empty only resources in policy namespace - all data plane types are targeted by the policy. - items: - enum: - - Sidecar - - Gateway - type: string - type: array - sectionName: - description: >- - SectionName is used to target specific section of - resource. + will be targeted. + type: string + proxyTypes: + description: >- + ProxyTypes specifies the data plane types that are subject + to the policy. When not specified, - For example, you can target port from - MeshService.ports[] by its name. Only traffic to this - port will be affected. - type: string - tags: - additionalProperties: - type: string - description: >- - Tags used to select a subset of proxies by tags. Can - only be used with kinds + all data plane types are targeted by the policy. + items: + enum: + - Sidecar + - Gateway + type: string + type: array + sectionName: + description: >- + SectionName is used to target specific section of resource. - `MeshSubset` and `MeshServiceSubset` - type: object - required: - - kind - type: object - required: - - targetRef - type: object - type: array + For example, you can target port from MeshService.ports[] by + its name. Only traffic to this port will be affected. + type: string + tags: + additionalProperties: + type: string + description: >- + Tags used to select a subset of proxies by tags. Can only be + used with kinds + + `MeshSubset` and `MeshServiceSubset` + type: object + required: + - kind + type: object type: object creationTime: readOnly: true @@ -13753,7 +13585,7 @@ components: description: Time at which the resource was updated format: date-time example: '0001-01-01T00:00:00Z' - MeshTimeoutCreateOrUpdateSuccessResponse: + MeshTraceCreateOrUpdateSuccessResponse: type: object properties: warnings: @@ -13767,10 +13599,10 @@ components: request should correct or be aware of. items: type: string - MeshTimeoutDeleteSuccessResponse: + MeshTraceDeleteSuccessResponse: type: object properties: {} - MeshTLSItem: + MeshTrafficPermissionItem: type: object required: - type @@ -13781,7 +13613,7 @@ components: description: the type of the resource type: string enum: - - MeshTLS + - MeshTrafficPermission mesh: description: >- Mesh is the name of the Kuma mesh this resource belongs to. It may @@ -13797,7 +13629,9 @@ components: description: The labels to help identity resources type: object spec: - description: Spec is the specification of the Kuma MeshTLS resource. + description: >- + Spec is the specification of the Kuma MeshTrafficPermission + resource. properties: from: description: >- @@ -13812,56 +13646,15 @@ components: 'targetRef' properties: - mode: + action: description: >- - Mode defines the behavior of inbound listeners with - regard to traffic encryption. + Action defines a behavior for the specified group of + clients: enum: - - Permissive - - Strict + - Allow + - Deny + - AllowWithShadowDeny type: string - tlsCiphers: - description: >- - TlsCiphers section for providing ciphers - specification. - items: - enum: - - ECDHE-ECDSA-AES128-GCM-SHA256 - - ECDHE-ECDSA-AES256-GCM-SHA384 - - ECDHE-ECDSA-CHACHA20-POLY1305 - - ECDHE-RSA-AES128-GCM-SHA256 - - ECDHE-RSA-AES256-GCM-SHA384 - - ECDHE-RSA-CHACHA20-POLY1305 - type: string - type: array - tlsVersion: - description: Version section for providing version specification. - properties: - max: - default: TLSAuto - description: >- - Max defines maximum supported version. One of - `TLSAuto`, `TLS10`, `TLS11`, `TLS12`, `TLS13`. - enum: - - TLSAuto - - TLS10 - - TLS11 - - TLS12 - - TLS13 - type: string - min: - default: TLSAuto - description: >- - Min defines minimum supported version. One of - `TLSAuto`, `TLS10`, `TLS11`, `TLS12`, `TLS13`. - enum: - - TLSAuto - - TLS10 - - TLS11 - - TLS12 - - TLS13 - type: string - type: object type: object targetRef: description: >- @@ -13911,105 +13704,41 @@ components: will be targeted. type: string - proxyTypes: - description: >- - ProxyTypes specifies the data plane types that are - subject to the policy. When not specified, - - all data plane types are targeted by the policy. - items: - enum: - - Sidecar - - Gateway - type: string - type: array - sectionName: - description: >- - SectionName is used to target specific section of - resource. - - For example, you can target port from - MeshService.ports[] by its name. Only traffic to this - port will be affected. - type: string - tags: - additionalProperties: - type: string - description: >- - Tags used to select a subset of proxies by tags. Can - only be used with kinds - - `MeshSubset` and `MeshServiceSubset` - type: object - required: - - kind - type: object - required: - - targetRef - type: object - type: array - rules: - description: >- - Rules defines inbound tls configurations. Currently limited to - - selecting all inbound traffic, as L7 matching is not yet - implemented. - items: - properties: - default: - description: Default contains configuration of the inbound tls - properties: - mode: - description: >- - Mode defines the behavior of inbound listeners with - regard to traffic encryption. - enum: - - Permissive - - Strict - type: string - tlsCiphers: - description: >- - TlsCiphers section for providing ciphers - specification. - items: - enum: - - ECDHE-ECDSA-AES128-GCM-SHA256 - - ECDHE-ECDSA-AES256-GCM-SHA384 - - ECDHE-ECDSA-CHACHA20-POLY1305 - - ECDHE-RSA-AES128-GCM-SHA256 - - ECDHE-RSA-AES256-GCM-SHA384 - - ECDHE-RSA-CHACHA20-POLY1305 - type: string - type: array - tlsVersion: - description: Version section for providing version specification. - properties: - max: - default: TLSAuto - description: >- - Max defines maximum supported version. One of - `TLSAuto`, `TLS10`, `TLS11`, `TLS12`, `TLS13`. - enum: - - TLSAuto - - TLS10 - - TLS11 - - TLS12 - - TLS13 - type: string - min: - default: TLSAuto - description: >- - Min defines minimum supported version. One of - `TLSAuto`, `TLS10`, `TLS11`, `TLS12`, `TLS13`. - enum: - - TLSAuto - - TLS10 - - TLS11 - - TLS12 - - TLS13 - type: string + proxyTypes: + description: >- + ProxyTypes specifies the data plane types that are + subject to the policy. When not specified, + + all data plane types are targeted by the policy. + items: + enum: + - Sidecar + - Gateway + type: string + type: array + sectionName: + description: >- + SectionName is used to target specific section of + resource. + + For example, you can target port from + MeshService.ports[] by its name. Only traffic to this + port will be affected. + type: string + tags: + additionalProperties: + type: string + description: >- + Tags used to select a subset of proxies by tags. Can + only be used with kinds + + `MeshSubset` and `MeshServiceSubset` type: object + required: + - kind type: object + required: + - targetRef type: object type: array targetRef: @@ -14020,7 +13749,7 @@ components: The resource could be either a real store object or virtual resource - defined in-place. + defined inplace. properties: kind: description: Kind of the referenced resource @@ -14107,7 +13836,7 @@ components: description: Time at which the resource was updated format: date-time example: '0001-01-01T00:00:00Z' - MeshTLSCreateOrUpdateSuccessResponse: + MeshTrafficPermissionCreateOrUpdateSuccessResponse: type: object properties: warnings: @@ -14121,605 +13850,604 @@ components: request should correct or be aware of. items: type: string - MeshTLSDeleteSuccessResponse: + MeshTrafficPermissionDeleteSuccessResponse: type: object properties: {} - MeshTraceItem: + BuiltinCertificateAuthorityConfig: + properties: + caCert: + properties: + expiration: + type: string + rsaBits: + format: uint32 + type: integer + type: object type: object - required: - - type - - name - - spec + DatadogTracingBackendConfig: properties: - type: - description: the type of the resource + address: + description: Address of datadog collector. type: string - enum: - - MeshTrace - mesh: + port: + description: Port of datadog collector + type: integer + splitService: description: >- - Mesh is the name of the Kuma mesh this resource belongs to. It may - be omitted for cluster-scoped resources. - type: string - default: default - name: - description: Name of the Kuma resource - type: string + Determines if datadog service name should be split based on traffic + + direction and destination. For example, with `splitService: true` + and a + + `backend` service that communicates with a couple of databases, you + would + + get service names like `backend_INBOUND`, `backend_OUTBOUND_db1`, + and + + `backend_OUTBOUND_db2` in Datadog. Default: false + type: boolean + type: object + DataplaneItem: + properties: labels: additionalProperties: type: string - description: The labels to help identity resources type: object - spec: - description: Spec is the specification of the Kuma MeshTrace resource. + mesh: + type: string + metrics: + description: >- + Configuration for metrics that should be collected and exposed by + the + + data plane proxy. + + + Settings defined here will override their respective defaults + + defined at a Mesh level. properties: - default: - description: MeshTrace configuration. - properties: - backends: - description: >- - A one element array of backend definition. + conf: + oneOf: + - $ref: '#/components/schemas/PrometheusMetricsBackendConfig' + type: object + name: + description: >- + Name of the backend, can be then used in + Mesh.metrics.enabledBackend + type: string + type: + description: Type of the backend (Kuma ships with 'prometheus') + type: string + type: object + name: + type: string + networking: + description: >- + Networking describes inbound and outbound interfaces of the data + plane - Envoy allows configuring only 1 backend, so the natural way - of + proxy. + properties: + address: + description: >- + IP on which the data plane proxy is accessible to the control + plane and - representing that would be just one object. Unfortunately - due to the + other data plane proxies in the same network. This can also be a - reasons explained in MADR 009-tracing-policy this has to be - a one element + hostname, in which case the control plane will periodically + resolve it. + type: string + admin: + description: >- + Admin describes configuration related to Envoy Admin API. - array for now. - items: - description: Only one of zipkin, datadog or openTelemetry can be used. - properties: - datadog: - description: Datadog backend configuration. - properties: - splitService: - default: false - description: >- - Determines if datadog service name should be split - based on traffic + Due to security, all the Envoy Admin endpoints are exposed only + on - direction and destination. For example, with - `splitService: true` and a + localhost. Additionally, Envoy will expose `/ready` endpoint on - `backend` service that communicates with a couple - of databases, you would + `networking.address` for health checking systems to be able to + check the - get service names like `backend_INBOUND`, - `backend_OUTBOUND_db1`, and + state of Envoy. The rest of the endpoints exposed on + `networking.address` - `backend_OUTBOUND_db2` in Datadog. - type: boolean - url: - description: >- - Address of Datadog collector, only host and port - are allowed (no paths, + are always protected by mTLS and only meant to be consumed + internally by - fragments etc.) - type: string - required: - - url - type: object - openTelemetry: - description: OpenTelemetry backend configuration. - properties: - endpoint: - description: Address of OpenTelemetry collector. - example: otel-collector:4317 - minLength: 1 - type: string - required: - - endpoint - type: object - type: - enum: - - Zipkin - - Datadog - - OpenTelemetry - type: string - zipkin: - description: Zipkin backend configuration. - properties: - apiVersion: - default: httpJson - description: >- - Version of the API. + the control plane. + properties: + port: + description: Port on which Envoy Admin API server will be listening + type: integer + type: object + advertisedAddress: + description: >- + In some situations, a data plane proxy resides in a private + network (e.g. - https://github.com/envoyproxy/envoy/blob/v1.22.0/api/envoy/config/trace/v3/zipkin.proto#L66 - enum: - - httpJson - - httpProto - type: string - sharedSpanContext: - default: true - description: >- - Determines whether client and server spans will - share the same span + Docker) and is not reachable via `address` to other data plane + proxies. - context. + `advertisedAddress` is configured with a routable address for + such data + + plane proxy so that other proxies in the mesh can connect to it + over + + `advertisedAddress` and not via address. + + + Envoy still binds to the `address`, not `advertisedAddress`. + type: string + gateway: + description: >- + Gateway describes a configuration of the gateway of the data + plane proxy. + properties: + tags: + additionalProperties: + type: string + description: >- + Tags associated with a gateway of this data plane to, e.g. + + `kuma.io/service=gateway`, `env=prod`. `kuma.io/service` tag + is - https://github.com/envoyproxy/envoy/blob/v1.22.0/api/envoy/config/trace/v3/zipkin.proto#L63 - type: boolean - traceId128bit: - default: false - description: Generate 128bit traces. - type: boolean - url: - description: Address of Zipkin collector. - type: string - required: - - url - type: object - required: - - type - type: object - maxItems: 1 - type: array - sampling: + mandatory. + type: object + type: description: >- - Sampling configuration. + Type of gateway this data plane proxy manages. - Sampling is the process by which a decision is made on - whether to + There are two types: `DELEGATED` and `BUILTIN`. Defaults to - process/export a span or not. - properties: - client: - anyOf: - - type: integer - - type: string - description: >- - Target percentage of requests that will be force traced - if the + `DELEGATED`. - 'x-client-trace-id' header is set. Mirror of - client_sampling in Envoy - https://github.com/envoyproxy/envoy/blob/v1.22.0/api/envoy/config/filter/network/http_connection_manager/v2/http_connection_manager.proto#L127-L133 + A `DELEGATED` gateway is an independently deployed proxy + (e.g., Kong, - Either int or decimal represented as string. + Contour, etc) that receives inbound traffic that is not + proxied by - If not specified then the default value is 100. - x-kubernetes-int-or-string: true - overall: - anyOf: - - type: integer - - type: string - description: >- - Target percentage of requests will be traced + Kuma, and it sends outbound traffic into the data plane + proxy. - after all other sampling checks have been applied - (client, force tracing, - random sampling). This field functions as an upper limit - on the total + The `BUILTIN` gateway type causes the data plane proxy + itself to be - configured sampling rate. For instance, setting client - to 100 + configured as a gateway. - but overall to 1 will result in only 1% of client - requests with - the appropriate headers to be force traced. Mirror of + See https://kuma.io/docs/latest/explore/gateway/ for more + information. + oneOf: + - type: string + - type: integer + type: object + inbound: + description: >- + Inbound describes a list of inbound interfaces of the data plane + proxy. - overall_sampling in Envoy - https://github.com/envoyproxy/envoy/blob/v1.22.0/api/envoy/config/filter/network/http_connection_manager/v2/http_connection_manager.proto#L142-L150 + Inbound describes a service implemented by the data plane proxy. - Either int or decimal represented as string. + All incoming traffic to a data plane proxy is going through + inbound - If not specified then the default value is 100. - x-kubernetes-int-or-string: true - random: - anyOf: - - type: integer - - type: string - description: >- - Target percentage of requests that will be randomly - selected for trace + listeners. For every defined Inbound there is a corresponding + Envoy - generation, if not requested by the client or not - forced. + Listener. + items: + description: >- + Inbound describes a service implemented by the data plane + proxy. + properties: + address: + description: |- + Address on which inbound listener will be exposed. + Defaults to `networking.address`. + type: string + health: + description: >- + Health describes the status of an inbound. - Mirror of random_sampling in Envoy + If 'health' is nil we consider data plane proxy as + healthy. - https://github.com/envoyproxy/envoy/blob/v1.22.0/api/envoy/config/filter/network/http_connection_manager/v2/http_connection_manager.proto#L135-L140 + Unhealthy data plane proxies are excluded from Endpoints + Discovery - Either int or decimal represented as string. + Service (EDS). On Kubernetes, it is filled automatically + by the control - If not specified then the default value is 100. - x-kubernetes-int-or-string: true - type: object - tags: - description: >- - Custom tags configuration. You can add custom tags to traces - based on + plane if Pod has readiness probe configured. On Universal, + it can be - headers or literal values. - items: - description: |- - Custom tags configuration. - Only one of literal or header can be used. - properties: - header: - description: Tag taken from a header. - properties: - default: - description: >- - Default value to use if header is missing. + set by the external health checking system, but the most + common way is - If the default is missing and there is no value - the tag will not be + to use service probes. - included. - type: string - name: - description: Name of the header. - type: string - required: - - name - type: object - literal: - description: Tag taken from literal value. - type: string - name: - description: Name of the tag. - type: string - required: - - name + + See https://kuma.io/docs/latest/documentation/health for + more + + information. + properties: + ready: + description: >- + Ready indicates if the data plane proxy is ready to + serve the + + traffic. + type: boolean type: object - type: array - type: object - targetRef: - description: >- - TargetRef is a reference to the resource the policy takes an - effect on. + name: + description: >- + Name adds another way of referencing this port, usable + with MeshService + type: string + port: + description: >- + Port of the inbound interface that will forward requests + to the - The resource could be either a real store object or virtual - resource + service. - defined inplace. - properties: - kind: - description: Kind of the referenced resource - enum: - - Mesh - - MeshSubset - - MeshGateway - - MeshService - - MeshExternalService - - MeshMultiZoneService - - MeshServiceSubset - - MeshHTTPRoute - - Dataplane - type: string - labels: - additionalProperties: + + When transparent proxying is used, it is a port on which + the service is + + listening to. When transparent proxying is not used, Envoy + will bind to + + this port. + type: integer + serviceAddress: + description: >- + Address of the service that requests will be forwarded to. + + Defaults to 'inbound.address', since Kuma DP should be + deployed next + + to the service. type: string - description: >- - Labels are used to select group of MeshServices that match - labels. Either Labels or + servicePort: + description: |- + Port of the service that requests will be forwarded to. + Defaults to the same value as `port`. + type: integer + serviceProbe: + description: >- + ServiceProbe defines parameters for probing the service + next to - Name and Namespace can be used. - type: object - mesh: - description: >- - Mesh is reserved for future use to identify cross mesh - resources. - type: string - name: - description: >- - Name of the referenced resource. Can only be used with - kinds: `MeshService`, + sidecar. When service probe is defined, Envoy will + periodically health + + check the application next to it and report the status to + the control + + plane. On Kubernetes, Kuma deployments rely on Kubernetes + probes so - `MeshServiceSubset` and `MeshGatewayRoute` - type: string - namespace: - description: >- - Namespace specifies the namespace of target resource. If - empty only resources in policy namespace + this is not used. - will be targeted. - type: string - proxyTypes: - description: >- - ProxyTypes specifies the data plane types that are subject - to the policy. When not specified, - all data plane types are targeted by the policy. - items: - enum: - - Sidecar - - Gateway - type: string - type: array - sectionName: - description: >- - SectionName is used to target specific section of resource. + See https://kuma.io/docs/latest/documentation/health for + more - For example, you can target port from MeshService.ports[] by - its name. Only traffic to this port will be affected. - type: string - tags: - additionalProperties: - type: string - description: >- - Tags used to select a subset of proxies by tags. Can only be - used with kinds + information. + properties: + healthyThreshold: + description: >- + Number of consecutive healthy checks before + considering a host - `MeshSubset` and `MeshServiceSubset` - type: object - required: - - kind - type: object - type: object - creationTime: - readOnly: true - type: string - description: Time at which the resource was created - format: date-time - example: '0001-01-01T00:00:00Z' - modificationTime: - readOnly: true - type: string - description: Time at which the resource was updated - format: date-time - example: '0001-01-01T00:00:00Z' - MeshTraceCreateOrUpdateSuccessResponse: - type: object - properties: - warnings: - type: array - readOnly: true - description: > - warnings is a list of warning messages to return to the requesting - Kuma API clients. + healthy. + format: uint32 + type: integer + interval: + description: Interval between consecutive health checks. + properties: + nanos: + type: integer + seconds: + type: integer + type: object + tcp: + description: >- + Tcp checker tries to establish tcp connection with + destination + properties: {} + type: object + timeout: + description: Maximum time to wait for a health check response. + properties: + nanos: + type: integer + seconds: + type: integer + type: object + unhealthyThreshold: + description: >- + Number of consecutive unhealthy checks before + considering a host - Warning messages describe a problem the client making the API - request should correct or be aware of. - items: - type: string - MeshTraceDeleteSuccessResponse: - type: object - properties: {} - MeshTrafficPermissionItem: - type: object - required: - - type - - name - - spec - properties: - type: - description: the type of the resource - type: string - enum: - - MeshTrafficPermission - mesh: - description: >- - Mesh is the name of the Kuma mesh this resource belongs to. It may - be omitted for cluster-scoped resources. - type: string - default: default - name: - description: Name of the Kuma resource - type: string - labels: - additionalProperties: - type: string - description: The labels to help identity resources - type: object - spec: - description: >- - Spec is the specification of the Kuma MeshTrafficPermission - resource. - properties: - from: + unhealthy. + format: uint32 + type: integer + type: object + state: + description: State describes the current state of the listener. + oneOf: + - type: string + - type: integer + tags: + additionalProperties: + type: string + description: >- + Tags associated with an application this data plane proxy + is deployed + + next to, e.g. `kuma.io/service=web`, `version=1.0`. You + can then + + reference these tags in policies like + MeshTrafficPermission. + + `kuma.io/service` tag is mandatory. + type: object + type: object + type: array + outbound: description: >- - From list makes a match between clients and corresponding - configurations + Outbound describes a list of services consumed by the data plane + proxy. + + For every defined Outbound, there is a corresponding Envoy + Listener. items: + description: Outbound describes a service consumed by the data plane proxy. properties: - default: + address: description: >- - Default is a configuration specific to the group of - clients referenced in + IP on which the consumed service will be available to this + data plane - 'targetRef' - properties: - action: - description: >- - Action defines a behavior for the specified group of - clients: - enum: - - Allow - - Deny - - AllowWithShadowDeny - type: string - type: object - targetRef: - description: >- - TargetRef is a reference to the resource that represents a - group of + proxy. On Kubernetes, it's usually ClusterIP of a Service + or PodIP of a - clients. + Headless Service. Defaults to 127.0.0.1 + type: string + backendRef: + description: |- + BackendRef is a way to target MeshService. + Experimental. Do not use on production yet. properties: kind: - description: Kind of the referenced resource - enum: - - Mesh - - MeshSubset - - MeshGateway - - MeshService - - MeshExternalService - - MeshMultiZoneService - - MeshServiceSubset - - MeshHTTPRoute - - Dataplane + description: >- + Kind is a type of the object to target. Allowed: + MeshService type: string labels: additionalProperties: type: string description: >- - Labels are used to select group of MeshServices that - match labels. Either Labels or + Labels to select a single object. - Name and Namespace can be used. + If no object is selected then outbound is not created. + + If multiple objects are selected then the oldest one + is used. type: object - mesh: - description: >- - Mesh is reserved for future use to identify cross mesh - resources. - type: string name: + description: Name of the targeted object + type: string + port: description: >- - Name of the referenced resource. Can only be used with - kinds: `MeshService`, + Port of the targeted object. Required when kind is + MeshService. + type: integer + type: object + port: + description: >- + Port on which the consumed service will be available to + this data plane + + proxy. When transparent proxying is not used, Envoy will + bind to this + + port. + type: integer + tags: + additionalProperties: + type: string + description: >- + Tags of consumed data plane proxies. + + `kuma.io/service` tag is required. - `MeshServiceSubset` and `MeshGatewayRoute` - type: string - namespace: - description: >- - Namespace specifies the namespace of target resource. - If empty only resources in policy namespace + These tags can then be referenced in `destinations` + section of policies - will be targeted. - type: string - proxyTypes: - description: >- - ProxyTypes specifies the data plane types that are - subject to the policy. When not specified, + like TrafficRoute or in `to` section in policies like + MeshAccessLog. It - all data plane types are targeted by the policy. - items: - enum: - - Sidecar - - Gateway - type: string - type: array - sectionName: - description: >- - SectionName is used to target specific section of - resource. + is recommended to only use `kuma.io/service`. If you need + to consume - For example, you can target port from - MeshService.ports[] by its name. Only traffic to this - port will be affected. - type: string - tags: - additionalProperties: - type: string - description: >- - Tags used to select a subset of proxies by tags. Can - only be used with kinds + specific data plane proxy of a service (for example: + `version=v2`) the - `MeshSubset` and `MeshServiceSubset` - type: object - required: - - kind + better practice is to use TrafficRoute. type: object - required: - - targetRef type: object type: array - targetRef: + transparentProxying: description: >- - TargetRef is a reference to the resource the policy takes an - effect on. - - The resource could be either a real store object or virtual - resource + TransparentProxying describes the configuration for transparent + proxying. - defined inplace. + It is used by default on Kubernetes. properties: - kind: - description: Kind of the referenced resource - enum: - - Mesh - - MeshSubset - - MeshGateway - - MeshService - - MeshExternalService - - MeshMultiZoneService - - MeshServiceSubset - - MeshHTTPRoute - - Dataplane - type: string - labels: - additionalProperties: - type: string + directAccessServices: description: >- - Labels are used to select group of MeshServices that match - labels. Either Labels or + List of services that will be accessed directly via IP:PORT - Name and Namespace can be used. - type: object - mesh: + Use `*` to indicate direct access to every service in the + Mesh. + + Using `*` to directly access every service is a + resource-intensive + + operation, use it only if needed. + items: + type: string + type: array + ipFamilyMode: description: >- - Mesh is reserved for future use to identify cross mesh - resources. - type: string - name: + The IP family mode to enable for. Can be "IPv4" or + "DualStack". + oneOf: + - type: string + - type: integer + reachableBackends: description: >- - Name of the referenced resource. Can only be used with - kinds: `MeshService`, + Reachable backend via transparent proxy when running with - `MeshServiceSubset` and `MeshGatewayRoute` - type: string - namespace: - description: >- - Namespace specifies the namespace of target resource. If - empty only resources in policy namespace + MeshExternalService, MeshService and MeshMultiZoneService. + Setting an - will be targeted. - type: string - proxyTypes: + explicit list of refs can dramatically improve the + performance of the + + mesh. If not specified, all services in the mesh are + reachable. + properties: + refs: + items: + properties: + kind: + description: "Type of the backend: MeshService or MeshExternalService\n\n\t+required" + type: string + labels: + additionalProperties: + type: string + description: "Labels used to select backends\n\n\t+optional" + type: object + name: + description: "Name of the backend.\n\n\t+optional" + type: string + namespace: + description: "Namespace of the backend. Might be empty\n\n\t+optional" + type: string + port: + description: "Port of the backend.\n\n\t+optional" + format: uint32 + type: integer + type: object + type: array + type: object + reachableServices: description: >- - ProxyTypes specifies the data plane types that are subject - to the policy. When not specified, + List of reachable services (represented by the value of - all data plane types are targeted by the policy. + `kuma.io/service`) via transparent proxying. Setting an + explicit list + + can dramatically improve the performance of the mesh. If not + specified, + + all services in the mesh are reachable. items: - enum: - - Sidecar - - Gateway type: string type: array - sectionName: + redirectPortInbound: description: >- - SectionName is used to target specific section of resource. + Port on which all inbound traffic is being transparently + redirected. + type: integer + redirectPortOutbound: + description: >- + Port on which all outbound traffic is being transparently + redirected. + type: integer + type: object + type: object + probes: + description: >- + Probes describe a list of endpoints that will be exposed without + mTLS. - For example, you can target port from MeshService.ports[] by - its name. Only traffic to this port will be affected. - type: string - tags: - additionalProperties: + This is useful to expose the health endpoints of the application so + the + + orchestration system (e.g. Kubernetes) can still health check the + + application. + + + See + + https://kuma.io/docs/latest/policies/service-health-probes/#virtual-probes + + for more information. + + Deprecated: this feature will be removed for Universal; on + Kubernetes, it's + + not needed anymore. + properties: + endpoints: + description: List of endpoints to expose without mTLS. + items: + properties: + inboundPath: + description: >- + Inbound path is a path of the application from which we + expose the + + endpoint. It is recommended to be as specific as possible. type: string - description: >- - Tags used to select a subset of proxies by tags. Can only be - used with kinds + inboundPort: + description: >- + Inbound port is a port of the application from which we + expose the - `MeshSubset` and `MeshServiceSubset` - type: object - required: - - kind - type: object + endpoint. + type: integer + path: + description: >- + Path is a path on which we expose inbound path on the + probes port. + type: string + type: object + type: array + port: + description: >- + Port on which the probe endpoints will be exposed. This cannot + overlap + + with any other ports. + type: integer type: object - creationTime: - readOnly: true - type: string - description: Time at which the resource was created - format: date-time - example: '0001-01-01T00:00:00Z' - modificationTime: - readOnly: true + type: type: string - description: Time at which the resource was updated - format: date-time - example: '0001-01-01T00:00:00Z' - MeshTrafficPermissionCreateOrUpdateSuccessResponse: + required: + - type + - name + - mesh + type: object + DataplaneCreateOrUpdateSuccessResponse: type: object properties: warnings: @@ -14733,620 +14461,892 @@ components: request should correct or be aware of. items: type: string - MeshTrafficPermissionDeleteSuccessResponse: + DataplaneDeleteSuccessResponse: type: object properties: {} - BuiltinCertificateAuthorityConfig: + PrometheusMetricsBackendConfig: properties: - caCert: + aggregate: + description: >- + Map with the configuration of applications which metrics are going + to be + + scrapped by kuma-dp. + items: + description: >- + PrometheusAggregateMetricsConfig defines endpoints that should be + scrapped by kuma-dp for prometheus metrics. + properties: + address: + description: >- + Address on which a service expose HTTP endpoint with + Prometheus metrics. + type: string + enabled: + description: >- + If false then the application won't be scrapped. If nil, then + it is treated + + as true and kuma-dp scrapes metrics from the service. + type: boolean + name: + description: Name which identify given configuration. + type: string + path: + description: >- + Path on which a service expose HTTP endpoint with Prometheus + metrics. + type: string + port: + description: >- + Port on which a service expose HTTP endpoint with Prometheus + metrics. + type: integer + type: object + type: array + envoy: + description: Configuration of Envoy's metrics. properties: - expiration: + filterRegex: + description: >- + FilterRegex value that is going to be passed to Envoy for + filtering + + Envoy metrics. type: string - rsaBits: - format: uint32 - type: integer + usedOnly: + description: >- + If true then return metrics that Envoy has updated (counters + incremented + + at least once, gauges changed at least once, and histograms + added to at + + least once). If nil, then it is treated as false. + type: boolean type: object - type: object - DatadogTracingBackendConfig: - properties: - address: - description: Address of datadog collector. + path: + description: >- + Path on which a dataplane should expose HTTP endpoint with + Prometheus + + metrics. type: string port: - description: Port of datadog collector - type: integer - splitService: description: >- - Determines if datadog service name should be split based on traffic - - direction and destination. For example, with `splitService: true` - and a - - `backend` service that communicates with a couple of databases, you - would + Port on which a dataplane should expose HTTP endpoint with + Prometheus - get service names like `backend_INBOUND`, `backend_OUTBOUND_db1`, - and + metrics. + type: integer + skipMTLS: + description: >- + If true then endpoints for scraping metrics won't require mTLS even + if mTLS - `backend_OUTBOUND_db2` in Datadog. Default: false + is enabled in Mesh. If nil, then it is treated as false. type: boolean - type: object - DataplaneItem: - properties: - labels: + tags: additionalProperties: type: string - type: object - mesh: - type: string - metrics: description: >- - Configuration for metrics that should be collected and exposed by - the - - data plane proxy. - + Tags associated with an application this dataplane is deployed next + to, - Settings defined here will override their respective defaults + e.g. service=web, version=1.0. - defined at a Mesh level. - properties: - conf: - oneOf: - - $ref: '#/components/schemas/PrometheusMetricsBackendConfig' - type: object - name: - description: >- - Name of the backend, can be then used in - Mesh.metrics.enabledBackend - type: string - type: - description: Type of the backend (Kuma ships with 'prometheus') - type: string + `service` tag is mandatory. type: object - name: - type: string - networking: - description: >- - Networking describes inbound and outbound interfaces of the data - plane - - proxy. + tls: + description: Configuration of TLS for prometheus listener. properties: - address: - description: >- - IP on which the data plane proxy is accessible to the control - plane and - - other data plane proxies in the same network. This can also be a - - hostname, in which case the control plane will periodically - resolve it. - type: string - admin: - description: >- - Admin describes configuration related to Envoy Admin API. - - Due to security, all the Envoy Admin endpoints are exposed only - on - - localhost. Additionally, Envoy will expose `/ready` endpoint on - - `networking.address` for health checking systems to be able to - check the - - state of Envoy. The rest of the endpoints exposed on - `networking.address` - - are always protected by mTLS and only meant to be consumed - internally by - - the control plane. - properties: - port: - description: Port on which Envoy Admin API server will be listening - type: integer - type: object - advertisedAddress: + mode: description: >- - In some situations, a data plane proxy resides in a private - network (e.g. - - Docker) and is not reachable via `address` to other data plane - proxies. - - `advertisedAddress` is configured with a routable address for - such data - - plane proxy so that other proxies in the mesh can connect to it - over - - `advertisedAddress` and not via address. + mode defines how configured is the TLS for Prometheus. + Supported values, delegated, disabled, activeMTLSBackend. + Default to - Envoy still binds to the `address`, not `advertisedAddress`. - type: string - gateway: + `activeMTLSBackend`. + oneOf: + - type: string + - type: integer + type: object + type: object + DataplaneOverviewWithMeta: + allOf: + - $ref: '#/components/schemas/Meta' + - $ref: '#/components/schemas/DataplaneOverview' + DataplaneOverview: + properties: + dataplane: + properties: + metrics: description: >- - Gateway describes a configuration of the gateway of the data - plane proxy. - properties: - tags: - additionalProperties: - type: string - description: >- - Tags associated with a gateway of this data plane to, e.g. - - `kuma.io/service=gateway`, `env=prod`. `kuma.io/service` tag - is - - mandatory. - type: object - type: - description: >- - Type of gateway this data plane proxy manages. - - There are two types: `DELEGATED` and `BUILTIN`. Defaults to - - `DELEGATED`. - - - A `DELEGATED` gateway is an independently deployed proxy - (e.g., Kong, - - Contour, etc) that receives inbound traffic that is not - proxied by - - Kuma, and it sends outbound traffic into the data plane - proxy. - + Configuration for metrics that should be collected and exposed + by the - The `BUILTIN` gateway type causes the data plane proxy - itself to be + data plane proxy. - configured as a gateway. + Settings defined here will override their respective defaults - See https://kuma.io/docs/latest/explore/gateway/ for more - information. + defined at a Mesh level. + properties: + conf: oneOf: - - type: string - - type: integer + - $ref: '#/components/schemas/PrometheusMetricsBackendConfig' + type: object + name: + description: >- + Name of the backend, can be then used in + Mesh.metrics.enabledBackend + type: string + type: + description: Type of the backend (Kuma ships with 'prometheus') + type: string type: object - inbound: + networking: description: >- - Inbound describes a list of inbound interfaces of the data plane + Networking describes inbound and outbound interfaces of the data + plane + proxy. + properties: + address: + description: >- + IP on which the data plane proxy is accessible to the + control plane and + other data plane proxies in the same network. This can also + be a - Inbound describes a service implemented by the data plane proxy. + hostname, in which case the control plane will periodically + resolve it. + type: string + admin: + description: >- + Admin describes configuration related to Envoy Admin API. - All incoming traffic to a data plane proxy is going through - inbound + Due to security, all the Envoy Admin endpoints are exposed + only on - listeners. For every defined Inbound there is a corresponding - Envoy + localhost. Additionally, Envoy will expose `/ready` endpoint + on - Listener. - items: - description: >- - Inbound describes a service implemented by the data plane - proxy. - properties: - address: - description: |- - Address on which inbound listener will be exposed. - Defaults to `networking.address`. - type: string - health: - description: >- - Health describes the status of an inbound. + `networking.address` for health checking systems to be able + to check the - If 'health' is nil we consider data plane proxy as - healthy. + state of Envoy. The rest of the endpoints exposed on + `networking.address` - Unhealthy data plane proxies are excluded from Endpoints - Discovery + are always protected by mTLS and only meant to be consumed + internally by - Service (EDS). On Kubernetes, it is filled automatically - by the control + the control plane. + properties: + port: + description: Port on which Envoy Admin API server will be listening + type: integer + type: object + advertisedAddress: + description: >- + In some situations, a data plane proxy resides in a private + network (e.g. - plane if Pod has readiness probe configured. On Universal, - it can be + Docker) and is not reachable via `address` to other data + plane proxies. - set by the external health checking system, but the most - common way is + `advertisedAddress` is configured with a routable address + for such data - to use service probes. + plane proxy so that other proxies in the mesh can connect to + it over + `advertisedAddress` and not via address. - See https://kuma.io/docs/latest/documentation/health for - more - information. - properties: - ready: - description: >- - Ready indicates if the data plane proxy is ready to - serve the + Envoy still binds to the `address`, not `advertisedAddress`. + type: string + gateway: + description: >- + Gateway describes a configuration of the gateway of the data + plane proxy. + properties: + tags: + additionalProperties: + type: string + description: >- + Tags associated with a gateway of this data plane to, + e.g. - traffic. - type: boolean - type: object - name: - description: >- - Name adds another way of referencing this port, usable - with MeshService - type: string - port: - description: >- - Port of the inbound interface that will forward requests - to the + `kuma.io/service=gateway`, `env=prod`. `kuma.io/service` + tag is - service. + mandatory. + type: object + type: + description: >- + Type of gateway this data plane proxy manages. + There are two types: `DELEGATED` and `BUILTIN`. Defaults + to - When transparent proxying is used, it is a port on which - the service is + `DELEGATED`. - listening to. When transparent proxying is not used, Envoy - will bind to - this port. - type: integer - serviceAddress: - description: >- - Address of the service that requests will be forwarded to. + A `DELEGATED` gateway is an independently deployed proxy + (e.g., Kong, - Defaults to 'inbound.address', since Kuma DP should be - deployed next + Contour, etc) that receives inbound traffic that is not + proxied by - to the service. - type: string - servicePort: - description: |- - Port of the service that requests will be forwarded to. - Defaults to the same value as `port`. - type: integer - serviceProbe: - description: >- - ServiceProbe defines parameters for probing the service - next to + Kuma, and it sends outbound traffic into the data plane + proxy. - sidecar. When service probe is defined, Envoy will - periodically health - check the application next to it and report the status to - the control + The `BUILTIN` gateway type causes the data plane proxy + itself to be - plane. On Kubernetes, Kuma deployments rely on Kubernetes - probes so + configured as a gateway. - this is not used. + See https://kuma.io/docs/latest/explore/gateway/ for + more information. + oneOf: + - type: string + - type: integer + type: object + inbound: + description: >- + Inbound describes a list of inbound interfaces of the data + plane proxy. - See https://kuma.io/docs/latest/documentation/health for - more - information. - properties: - healthyThreshold: - description: >- - Number of consecutive healthy checks before - considering a host + Inbound describes a service implemented by the data plane + proxy. - healthy. - format: uint32 - type: integer - interval: - description: Interval between consecutive health checks. - properties: - nanos: - type: integer - seconds: - type: integer - type: object - tcp: - description: >- - Tcp checker tries to establish tcp connection with - destination - properties: {} - type: object - timeout: - description: Maximum time to wait for a health check response. - properties: - nanos: - type: integer - seconds: - type: integer - type: object - unhealthyThreshold: - description: >- - Number of consecutive unhealthy checks before - considering a host + All incoming traffic to a data plane proxy is going through + inbound - unhealthy. - format: uint32 - type: integer - type: object - state: - description: State describes the current state of the listener. - oneOf: - - type: string - - type: integer - tags: - additionalProperties: - type: string + listeners. For every defined Inbound there is a + corresponding Envoy + + Listener. + items: description: >- - Tags associated with an application this data plane proxy - is deployed + Inbound describes a service implemented by the data plane + proxy. + properties: + address: + description: |- + Address on which inbound listener will be exposed. + Defaults to `networking.address`. + type: string + health: + description: >- + Health describes the status of an inbound. + + If 'health' is nil we consider data plane proxy as + healthy. - next to, e.g. `kuma.io/service=web`, `version=1.0`. You - can then + Unhealthy data plane proxies are excluded from + Endpoints Discovery - reference these tags in policies like - MeshTrafficPermission. + Service (EDS). On Kubernetes, it is filled + automatically by the control - `kuma.io/service` tag is mandatory. - type: object - type: object - type: array - outbound: - description: >- - Outbound describes a list of services consumed by the data plane - proxy. + plane if Pod has readiness probe configured. On + Universal, it can be - For every defined Outbound, there is a corresponding Envoy - Listener. - items: - description: Outbound describes a service consumed by the data plane proxy. - properties: - address: - description: >- - IP on which the consumed service will be available to this - data plane + set by the external health checking system, but the + most common way is - proxy. On Kubernetes, it's usually ClusterIP of a Service - or PodIP of a + to use service probes. - Headless Service. Defaults to 127.0.0.1 - type: string - backendRef: - description: |- - BackendRef is a way to target MeshService. - Experimental. Do not use on production yet. - properties: - kind: - description: >- - Kind is a type of the object to target. Allowed: - MeshService - type: string - labels: - additionalProperties: - type: string - description: >- - Labels to select a single object. - If no object is selected then outbound is not created. + See https://kuma.io/docs/latest/documentation/health + for more - If multiple objects are selected then the oldest one - is used. + information. + properties: + ready: + description: >- + Ready indicates if the data plane proxy is ready + to serve the + + traffic. + type: boolean type: object name: - description: Name of the targeted object + description: >- + Name adds another way of referencing this port, usable + with MeshService type: string port: description: >- - Port of the targeted object. Required when kind is - MeshService. + Port of the inbound interface that will forward + requests to the + + service. + + + When transparent proxying is used, it is a port on + which the service is + + listening to. When transparent proxying is not used, + Envoy will bind to + + this port. type: integer - type: object - port: - description: >- - Port on which the consumed service will be available to - this data plane + serviceAddress: + description: >- + Address of the service that requests will be forwarded + to. - proxy. When transparent proxying is not used, Envoy will - bind to this + Defaults to 'inbound.address', since Kuma DP should be + deployed next - port. - type: integer - tags: - additionalProperties: - type: string - description: >- - Tags of consumed data plane proxies. + to the service. + type: string + servicePort: + description: >- + Port of the service that requests will be forwarded + to. - `kuma.io/service` tag is required. + Defaults to the same value as `port`. + type: integer + serviceProbe: + description: >- + ServiceProbe defines parameters for probing the + service next to - These tags can then be referenced in `destinations` - section of policies + sidecar. When service probe is defined, Envoy will + periodically health - like TrafficRoute or in `to` section in policies like - MeshAccessLog. It + check the application next to it and report the status + to the control - is recommended to only use `kuma.io/service`. If you need - to consume + plane. On Kubernetes, Kuma deployments rely on + Kubernetes probes so - specific data plane proxy of a service (for example: - `version=v2`) the + this is not used. - better practice is to use TrafficRoute. - type: object - type: object - type: array - transparentProxying: - description: >- - TransparentProxying describes the configuration for transparent - proxying. - It is used by default on Kubernetes. - properties: - directAccessServices: - description: >- - List of services that will be accessed directly via IP:PORT + See https://kuma.io/docs/latest/documentation/health + for more - Use `*` to indicate direct access to every service in the - Mesh. + information. + properties: + healthyThreshold: + description: >- + Number of consecutive healthy checks before + considering a host - Using `*` to directly access every service is a - resource-intensive + healthy. + format: uint32 + type: integer + interval: + description: Interval between consecutive health checks. + properties: + nanos: + type: integer + seconds: + type: integer + type: object + tcp: + description: >- + Tcp checker tries to establish tcp connection with + destination + properties: {} + type: object + timeout: + description: Maximum time to wait for a health check response. + properties: + nanos: + type: integer + seconds: + type: integer + type: object + unhealthyThreshold: + description: >- + Number of consecutive unhealthy checks before + considering a host - operation, use it only if needed. - items: - type: string + unhealthy. + format: uint32 + type: integer + type: object + state: + description: State describes the current state of the listener. + oneOf: + - type: string + - type: integer + tags: + additionalProperties: + type: string + description: >- + Tags associated with an application this data plane + proxy is deployed + + next to, e.g. `kuma.io/service=web`, `version=1.0`. + You can then + + reference these tags in policies like + MeshTrafficPermission. + + `kuma.io/service` tag is mandatory. + type: object + type: object type: array - ipFamilyMode: - description: >- - The IP family mode to enable for. Can be "IPv4" or - "DualStack". - oneOf: - - type: string - - type: integer - reachableBackends: + outbound: description: >- - Reachable backend via transparent proxy when running with + Outbound describes a list of services consumed by the data + plane proxy. - MeshExternalService, MeshService and MeshMultiZoneService. - Setting an + For every defined Outbound, there is a corresponding Envoy + Listener. + items: + description: >- + Outbound describes a service consumed by the data plane + proxy. + properties: + address: + description: >- + IP on which the consumed service will be available to + this data plane - explicit list of refs can dramatically improve the - performance of the + proxy. On Kubernetes, it's usually ClusterIP of a + Service or PodIP of a - mesh. If not specified, all services in the mesh are - reachable. - properties: - refs: - items: + Headless Service. Defaults to 127.0.0.1 + type: string + backendRef: + description: |- + BackendRef is a way to target MeshService. + Experimental. Do not use on production yet. properties: kind: - description: "Type of the backend: MeshService or MeshExternalService\n\n\t+required" + description: >- + Kind is a type of the object to target. Allowed: + MeshService type: string labels: additionalProperties: type: string - description: "Labels used to select backends\n\n\t+optional" + description: >- + Labels to select a single object. + + If no object is selected then outbound is not + created. + + If multiple objects are selected then the oldest + one is used. type: object name: - description: "Name of the backend.\n\n\t+optional" - type: string - namespace: - description: "Namespace of the backend. Might be empty\n\n\t+optional" + description: Name of the targeted object type: string port: - description: "Port of the backend.\n\n\t+optional" - format: uint32 + description: >- + Port of the targeted object. Required when kind is + MeshService. type: integer type: object - type: array - type: object - reachableServices: - description: >- - List of reachable services (represented by the value of + port: + description: >- + Port on which the consumed service will be available + to this data plane - `kuma.io/service`) via transparent proxying. Setting an - explicit list + proxy. When transparent proxying is not used, Envoy + will bind to this - can dramatically improve the performance of the mesh. If not - specified, + port. + type: integer + tags: + additionalProperties: + type: string + description: >- + Tags of consumed data plane proxies. - all services in the mesh are reachable. - items: - type: string + `kuma.io/service` tag is required. + + These tags can then be referenced in `destinations` + section of policies + + like TrafficRoute or in `to` section in policies like + MeshAccessLog. It + + is recommended to only use `kuma.io/service`. If you + need to consume + + specific data plane proxy of a service (for example: + `version=v2`) the + + better practice is to use TrafficRoute. + type: object + type: object type: array - redirectPortInbound: - description: >- - Port on which all inbound traffic is being transparently - redirected. - type: integer - redirectPortOutbound: + transparentProxying: description: >- - Port on which all outbound traffic is being transparently - redirected. - type: integer + TransparentProxying describes the configuration for + transparent proxying. + + It is used by default on Kubernetes. + properties: + directAccessServices: + description: >- + List of services that will be accessed directly via + IP:PORT + + Use `*` to indicate direct access to every service in + the Mesh. + + Using `*` to directly access every service is a + resource-intensive + + operation, use it only if needed. + items: + type: string + type: array + ipFamilyMode: + description: >- + The IP family mode to enable for. Can be "IPv4" or + "DualStack". + oneOf: + - type: string + - type: integer + reachableBackends: + description: >- + Reachable backend via transparent proxy when running + with + + MeshExternalService, MeshService and + MeshMultiZoneService. Setting an + + explicit list of refs can dramatically improve the + performance of the + + mesh. If not specified, all services in the mesh are + reachable. + properties: + refs: + items: + properties: + kind: + description: "Type of the backend: MeshService or MeshExternalService\n\n\t+required" + type: string + labels: + additionalProperties: + type: string + description: "Labels used to select backends\n\n\t+optional" + type: object + name: + description: "Name of the backend.\n\n\t+optional" + type: string + namespace: + description: "Namespace of the backend. Might be empty\n\n\t+optional" + type: string + port: + description: "Port of the backend.\n\n\t+optional" + format: uint32 + type: integer + type: object + type: array + type: object + reachableServices: + description: >- + List of reachable services (represented by the value of + + `kuma.io/service`) via transparent proxying. Setting an + explicit list + + can dramatically improve the performance of the mesh. If + not specified, + + all services in the mesh are reachable. + items: + type: string + type: array + redirectPortInbound: + description: >- + Port on which all inbound traffic is being transparently + redirected. + type: integer + redirectPortOutbound: + description: >- + Port on which all outbound traffic is being + transparently redirected. + type: integer + type: object type: object - type: object - probes: - description: >- - Probes describe a list of endpoints that will be exposed without - mTLS. + probes: + description: >- + Probes describe a list of endpoints that will be exposed without + mTLS. - This is useful to expose the health endpoints of the application so - the + This is useful to expose the health endpoints of the application + so the - orchestration system (e.g. Kubernetes) can still health check the + orchestration system (e.g. Kubernetes) can still health check + the - application. + application. - See + See - https://kuma.io/docs/latest/policies/service-health-probes/#virtual-probes + https://kuma.io/docs/latest/policies/service-health-probes/#virtual-probes - for more information. + for more information. - Deprecated: this feature will be removed for Universal; on - Kubernetes, it's + Deprecated: this feature will be removed for Universal; on + Kubernetes, it's - not needed anymore. + not needed anymore. + properties: + endpoints: + description: List of endpoints to expose without mTLS. + items: + properties: + inboundPath: + description: >- + Inbound path is a path of the application from which + we expose the + + endpoint. It is recommended to be as specific as + possible. + type: string + inboundPort: + description: >- + Inbound port is a port of the application from which + we expose the + + endpoint. + type: integer + path: + description: >- + Path is a path on which we expose inbound path on the + probes port. + type: string + type: object + type: array + port: + description: >- + Port on which the probe endpoints will be exposed. This + cannot overlap + + with any other ports. + type: integer + type: object + type: object + dataplaneInsight: properties: - endpoints: - description: List of endpoints to expose without mTLS. + mTLS: + description: Insights about mTLS for Dataplane. + properties: + certificateExpirationTime: + description: >- + Expiration time of the last certificate that was generated + for a + + Dataplane. + properties: + nanos: + type: integer + seconds: + type: integer + type: object + certificateRegenerations: + description: Number of certificate regenerations for a Dataplane. + type: integer + issuedBackend: + description: Backend that was used to generate current certificate + type: string + lastCertificateRegeneration: + description: Time on which the last certificate was generated. + properties: + nanos: + type: integer + seconds: + type: integer + type: object + supportedBackends: + description: Supported backends (CA). + items: + type: string + type: array + type: object + metadata: + properties: {} + type: object + subscriptions: + description: List of ADS subscriptions created by a given Dataplane. items: + description: >- + DiscoverySubscription describes a single ADS subscription + created by a Dataplane to the Control Plane. properties: - inboundPath: + connectTime: description: >- - Inbound path is a path of the application from which we - expose the - - endpoint. It is recommended to be as specific as possible. + Time when a given Dataplane connected to the Control + Plane. + properties: + nanos: + type: integer + seconds: + type: integer + type: object + controlPlaneInstanceId: + description: Control Plane instance that handled given subscription. type: string - inboundPort: + disconnectTime: description: >- - Inbound port is a port of the application from which we - expose the + Time when a given Dataplane disconnected from the Control + Plane. + properties: + nanos: + type: integer + seconds: + type: integer + type: object + generation: + description: >- + Generation is an integer number which is periodically + increased by the - endpoint. + status sink type: integer - path: - description: >- - Path is a path on which we expose inbound path on the - probes port. + id: + description: Unique id per ADS subscription. type: string + status: + description: Status of the ADS subscription. + properties: + cds: + description: CDS defines all CDS stats. + properties: + responsesAcknowledged: + description: Number of xDS responses ACKed by the Dataplane. + type: integer + responsesRejected: + description: Number of xDS responses NACKed by the Dataplane. + type: integer + responsesSent: + description: Number of xDS responses sent to the Dataplane. + type: integer + type: object + eds: + description: EDS defines all EDS stats. + properties: + responsesAcknowledged: + description: Number of xDS responses ACKed by the Dataplane. + type: integer + responsesRejected: + description: Number of xDS responses NACKed by the Dataplane. + type: integer + responsesSent: + description: Number of xDS responses sent to the Dataplane. + type: integer + type: object + lastUpdateTime: + description: >- + Time when status of a given ADS subscription was most + recently updated. + properties: + nanos: + type: integer + seconds: + type: integer + type: object + lds: + description: LDS defines all LDS stats. + properties: + responsesAcknowledged: + description: Number of xDS responses ACKed by the Dataplane. + type: integer + responsesRejected: + description: Number of xDS responses NACKed by the Dataplane. + type: integer + responsesSent: + description: Number of xDS responses sent to the Dataplane. + type: integer + type: object + rds: + description: RDS defines all RDS stats. + properties: + responsesAcknowledged: + description: Number of xDS responses ACKed by the Dataplane. + type: integer + responsesRejected: + description: Number of xDS responses NACKed by the Dataplane. + type: integer + responsesSent: + description: Number of xDS responses sent to the Dataplane. + type: integer + type: object + total: + description: Total defines an aggregate over individual xDS stats. + properties: + responsesAcknowledged: + description: Number of xDS responses ACKed by the Dataplane. + type: integer + responsesRejected: + description: Number of xDS responses NACKed by the Dataplane. + type: integer + responsesSent: + description: Number of xDS responses sent to the Dataplane. + type: integer + type: object + type: object + version: + description: Version of Envoy and Kuma dataplane + properties: + dependencies: + additionalProperties: + type: string + description: Versions of other dependencies, i.e. CoreDNS + type: object + envoy: + description: Version of Envoy + properties: + build: + description: Full build tag of Envoy version + type: string + kumaDpCompatible: + description: >- + True iff Envoy version is compatible with Kuma DP + version + type: boolean + version: + description: Version number of Envoy + type: string + type: object + kumaDp: + description: Version of Kuma Dataplane + properties: + buildDate: + description: Build date of Kuma Dataplane version + type: string + gitCommit: + description: Git commit of Kuma Dataplane version + type: string + gitTag: + description: Git tag of Kuma Dataplane version + type: string + kumaCpCompatible: + description: >- + True iff Kuma DP version is compatible with Kuma + CP version + type: boolean + version: + description: Version number of Kuma Dataplane + type: string + type: object + type: object type: object type: array - port: - description: >- - Port on which the probe endpoints will be exposed. This cannot - overlap - - with any other ports. - type: integer type: object - type: - type: string - required: - - type - - name - - mesh - type: object - DataplaneCreateOrUpdateSuccessResponse: - type: object - properties: - warnings: - type: array - readOnly: true - description: > - warnings is a list of warning messages to return to the requesting - Kuma API clients. - - Warning messages describe a problem the client making the API - request should correct or be aware of. - items: - type: string - DataplaneDeleteSuccessResponse: type: object - properties: {} FileLoggingBackendConfig: properties: path: @@ -16908,28 +16908,6 @@ components: application/json: schema: $ref: '#/components/schemas/DataplaneXDSConfig' - GetDataplaneOverviewResponse: - description: A response containing the overview of a dataplane. - content: - application/json: - schema: - $ref: '#/components/schemas/DataplaneOverviewWithMeta' - GetDataplaneOverviewListResponse: - description: A response containing the overview of a dataplane. - content: - application/json: - schema: - type: object - properties: - total: - type: integer - example: 200 - next: - type: string - items: - type: array - items: - $ref: '#/components/schemas/DataplaneOverviewWithMeta' InspectRulesResponse: description: A response containing policies that match a resource content: @@ -17354,6 +17332,28 @@ components: next: type: string description: URL to the next page + GetDataplaneOverviewResponse: + description: A response containing the overview of a dataplane. + content: + application/json: + schema: + $ref: '#/components/schemas/DataplaneOverviewWithMeta' + GetDataplaneOverviewListResponse: + description: A response containing the overview of a dataplane. + content: + application/json: + schema: + type: object + properties: + total: + type: integer + example: 200 + next: + type: string + items: + type: array + items: + $ref: '#/components/schemas/DataplaneOverviewWithMeta' MeshItem: description: Successful response content: diff --git a/mk/dependencies/deps.lock b/mk/dependencies/deps.lock index aaf2a518ad7f..74be16dd9ca1 100644 --- a/mk/dependencies/deps.lock +++ b/mk/dependencies/deps.lock @@ -1 +1,5 @@ +<<<<<<< HEAD ef5b19242b4aabf347386a0fe11e7684de133d1a +======= +35373ba1ad60083966f3b85434fbf5d33b9fa172 +>>>>>>> a7c5cf965 (fix(oapi): fix generating code from oapi schema (#13732)) diff --git a/mk/dev.mk b/mk/dev.mk index 34e5eb541a53..ab86c0e1fe70 100644 --- a/mk/dev.mk +++ b/mk/dev.mk @@ -63,6 +63,7 @@ GOLANGCI_LINT=$(CI_TOOLS_BIN_DIR)/golangci-lint HELM_DOCS=$(CI_TOOLS_BIN_DIR)/helm-docs KUBE_LINTER=$(CI_TOOLS_BIN_DIR)/kube-linter HADOLINT=$(CI_TOOLS_BIN_DIR)/hadolint +OAPI_CODEGEN=$(CI_TOOLS_BIN_DIR)/oapi-codegen TOOLS_DEPS_DIRS=$(KUMA_DIR)/mk/dependencies TOOLS_DEPS_LOCK_FILE=mk/dependencies/deps.lock diff --git a/mk/generate.mk b/mk/generate.mk index 049a39b70008..7cb7f8142f89 100644 --- a/mk/generate.mk +++ b/mk/generate.mk @@ -107,7 +107,7 @@ endpoints = $(foreach dir,$(shell find api/openapi/specs -type f | sort),$(basen generate/oas: $(GENERATE_OAS_PREREQUISITES) $(RESOURCE_GEN) for endpoint in $(endpoints); do \ DEST=$${endpoint#"api/openapi/specs"}; \ - PATH=$(CI_TOOLS_BIN_DIR):$$PATH oapi-codegen -config api/openapi/openapi.cfg.yaml -o api/openapi/types/$$(dirname $${DEST}})/zz_generated.$$(basename $${DEST}).go $${endpoint}.yaml; \ + $(OAPI_CODEGEN) -config api/openapi/openapi.cfg.yaml -o api/openapi/types/$$(dirname $${DEST}})/zz_generated.$$(basename $${DEST}).go $${endpoint}.yaml || { echo "Failed to generate $$endpoint"; exit 1; }; \ done $(RESOURCE_GEN) -package mesh -generator openapi -readDir $(KUMA_DIR) -writeDir . From f75fb3cbf38310c9ff13948d39c205edb1da3d32 Mon Sep 17 00:00:00 2001 From: Marcin Skalski Date: Mon, 16 Jun 2025 09:49:33 +0200 Subject: [PATCH 2/4] fix(backport): fix check Signed-off-by: Marcin Skalski --- mk/dependencies/deps.lock | 4 ---- 1 file changed, 4 deletions(-) diff --git a/mk/dependencies/deps.lock b/mk/dependencies/deps.lock index 74be16dd9ca1..bc03bb26e005 100644 --- a/mk/dependencies/deps.lock +++ b/mk/dependencies/deps.lock @@ -1,5 +1 @@ -<<<<<<< HEAD -ef5b19242b4aabf347386a0fe11e7684de133d1a -======= 35373ba1ad60083966f3b85434fbf5d33b9fa172 ->>>>>>> a7c5cf965 (fix(oapi): fix generating code from oapi schema (#13732)) From 2e1240f8c02b3da9a7c6981a67a4987f3b54d61c Mon Sep 17 00:00:00 2001 From: Marcin Skalski Date: Mon, 16 Jun 2025 10:11:38 +0200 Subject: [PATCH 3/4] fix(backport): fix check Signed-off-by: Marcin Skalski --- docs/generated/openapi.yaml | 17586 ---------------------------------- mk/dependencies/deps.lock | 2 +- 2 files changed, 1 insertion(+), 17587 deletions(-) diff --git a/docs/generated/openapi.yaml b/docs/generated/openapi.yaml index b03510db4bd0..e69de29bb2d1 100644 --- a/docs/generated/openapi.yaml +++ b/docs/generated/openapi.yaml @@ -1,17586 +0,0 @@ -openapi: 3.1.0 -info: - title: Kuma API - description: Kuma API - version: v1alpha1 -paths: - /: - get: - operationId: index - summary: The index endpoint - description: The index endpoint, some common metadata - tags: - - System - responses: - '200': - $ref: '#/components/responses/IndexResponse' - '400': - $ref: '#/components/responses/BadRequest' - '500': - $ref: '#/components/responses/Internal' - /_resources: - get: - operationId: get-resource-type-description - summary: A list of all resources that exist - description: Returns a Global Insight object - tags: - - System - responses: - '200': - $ref: '#/components/responses/ResourceTypeDescriptionListResponse' - '400': - $ref: '#/components/responses/BadRequest' - '500': - $ref: '#/components/responses/Internal' - /global-insight: - get: - operationId: get-global-insight - description: Returns a Global Insight object - summary: Get Global Insight - tags: - - GlobalInsight - responses: - '200': - $ref: '#/components/responses/GlobalInsightResponse' - '400': - $ref: '#/components/responses/BadRequest' - '500': - $ref: '#/components/responses/Internal' - /meshes/{mesh}/{resourceType}/{resourceName}/_rules: - get: - operationId: inspect-dataplanes-rules - summary: Returns rules matching this dataplane - description: Returns rules matching this dataplane - tags: - - Inspect - parameters: - - in: path - name: mesh - example: default - schema: - type: string - required: true - description: The mesh the policy is part of - - in: path - name: resourceType - example: dataplanes - required: true - schema: - type: string - enum: - - dataplanes - - meshgateways - description: The type of resource (only some resources support rules api) - - in: path - name: resourceName - example: my-dp - schema: - type: string - required: true - description: The name of the resource - responses: - '200': - $ref: '#/components/responses/InspectRulesResponse' - '400': - $ref: '#/components/responses/BadRequest' - '500': - $ref: '#/components/responses/Internal' - /meshes/{mesh}/dataplanes/{name}/_config: - get: - operationId: get-dataplanes-xds-config - summary: >- - Get a proxy XDS config on a CP, this endpoint is only available on zone - CPs. - description: >- - Returns the - [xds](https://www.envoyproxy.io/docs/envoy/latest/api-docs/xds_protocol) - configuration of the proxy. - parameters: - - in: path - name: mesh - required: true - description: The mesh of the DPP to get the diff for. - schema: - type: string - - in: path - name: name - required: true - description: The name of the DPP within the mesh to get the diff for. - schema: - type: string - - in: query - name: shadow - description: > - When computing XDS config the CP take into account policies with - 'kuma.io/effect: shadow' label - schema: - type: boolean - default: false - - in: query - name: include - description: > - An array of extra fields to include in the response. When - `include=diff` the server computes a diff in JSONPatch format - - between the current proxy XDS config and the config returned in the - 'xds' field. - schema: - type: array - items: - type: string - enum: - - diff - responses: - '200': - $ref: '#/components/responses/GetDataplaneXDSConfigResponse' - '400': - $ref: '#/components/responses/BadRequest' - '500': - $ref: '#/components/responses/Internal' - /meshes/{mesh}/{policyType}/{policyName}/_resources/dataplanes: - get: - operationId: inspect-resources - summary: Returns resources matched by this policy - description: >- - Returns resources matched by this policy. In the case of `targetRef` - policies we'll match using the top level `targetRef` - tags: - - Inspect - parameters: - - in: path - name: mesh - example: default - schema: - type: string - required: true - description: The mesh the policy is part of - - in: path - name: policyType - example: meshretries - schema: - type: string - required: true - description: The type of the policy - - in: path - name: policyName - example: retry-all - schema: - type: string - required: true - description: The type of the policy - - in: query - name: size - schema: - type: integer - required: false - description: The max number of items to return - - in: query - name: offset - schema: - type: integer - required: false - description: The offset of result - - in: query - name: name - schema: - type: string - required: false - description: A sub string to filter resources by name - responses: - '200': - $ref: '#/components/responses/InspectDataplanesForPolicyResponse' - '400': - $ref: '#/components/responses/BadRequest' - '500': - $ref: '#/components/responses/Internal' - /meshes/{mesh}/{serviceType}/{serviceName}/_hostnames: - get: - operationId: inspect-hostnames - summary: Returns hostnames for service - description: Returns hostnames for a service - tags: - - Inspect - parameters: - - in: path - name: mesh - example: default - schema: - type: string - required: true - description: The mesh the service is part of - - in: path - name: serviceType - example: meshservices - schema: - type: string - enum: - - meshservices - - meshmultizoneservices - - meshexternalservices - required: true - description: The type of the service - - in: path - name: serviceName - example: redis - schema: - type: string - required: true - description: The name of the service - responses: - '200': - $ref: '#/components/responses/InspectHostnamesResponse' - '400': - $ref: '#/components/responses/BadRequest' - '404': - $ref: '#/components/responses/NotFound' - '500': - $ref: '#/components/responses/Internal' - /meshes/{mesh}/meshaccesslogs/{name}: - get: - operationId: getMeshAccessLog - summary: Returns MeshAccessLog entity - tags: - - MeshAccessLog - parameters: - - in: path - name: mesh - schema: - type: string - required: true - description: name of the mesh - - in: path - name: name - schema: - type: string - required: true - description: name of the MeshAccessLog - responses: - '200': - $ref: '#/components/responses/MeshAccessLogItem' - '404': - $ref: '#/components/responses/NotFound' - put: - operationId: putMeshAccessLog - summary: Creates or Updates MeshAccessLog entity - tags: - - MeshAccessLog - parameters: - - in: path - name: mesh - schema: - type: string - required: true - description: name of the mesh - - in: path - name: name - schema: - type: string - required: true - description: name of the MeshAccessLog - requestBody: - description: Put request - required: true - content: - application/json: - schema: - $ref: '#/components/schemas/MeshAccessLogItem' - responses: - '200': - description: Updated - content: - application/json: - schema: - $ref: >- - #/components/schemas/MeshAccessLogCreateOrUpdateSuccessResponse - '201': - description: Created - content: - application/json: - schema: - $ref: >- - #/components/schemas/MeshAccessLogCreateOrUpdateSuccessResponse - delete: - operationId: deleteMeshAccessLog - summary: Deletes MeshAccessLog entity - tags: - - MeshAccessLog - parameters: - - in: path - name: mesh - schema: - type: string - required: true - description: name of the mesh - - in: path - name: name - schema: - type: string - required: true - description: name of the MeshAccessLog - responses: - '200': - content: - application/json: - schema: - $ref: '#/components/schemas/MeshAccessLogDeleteSuccessResponse' - description: Successful response - '404': - $ref: '#/components/responses/NotFound' - /meshes/{mesh}/meshaccesslogs: - get: - operationId: getMeshAccessLogList - summary: Returns a list of MeshAccessLog in the mesh. - tags: - - MeshAccessLog - parameters: - - in: query - name: offset - description: offset in the list of entities - required: false - schema: - type: integer - example: 0 - - in: query - name: size - description: the number of items per page - required: false - schema: - type: integer - default: 100 - maximum: 1000 - minimum: 1 - - in: query - name: filter - description: filter by labels when multiple filters are present, they are ANDed - required: false - schema: - type: object - properties: - key: - type: string - value: - type: string - example: - label.k8s.kuma.io/namespace: my-ns - - in: path - name: mesh - schema: - type: string - required: true - description: name of the mesh - responses: - '200': - $ref: '#/components/responses/MeshAccessLogList' - /meshes/{mesh}/meshcircuitbreakers/{name}: - get: - operationId: getMeshCircuitBreaker - summary: Returns MeshCircuitBreaker entity - tags: - - MeshCircuitBreaker - parameters: - - in: path - name: mesh - schema: - type: string - required: true - description: name of the mesh - - in: path - name: name - schema: - type: string - required: true - description: name of the MeshCircuitBreaker - responses: - '200': - $ref: '#/components/responses/MeshCircuitBreakerItem' - '404': - $ref: '#/components/responses/NotFound' - put: - operationId: putMeshCircuitBreaker - summary: Creates or Updates MeshCircuitBreaker entity - tags: - - MeshCircuitBreaker - parameters: - - in: path - name: mesh - schema: - type: string - required: true - description: name of the mesh - - in: path - name: name - schema: - type: string - required: true - description: name of the MeshCircuitBreaker - requestBody: - description: Put request - required: true - content: - application/json: - schema: - $ref: '#/components/schemas/MeshCircuitBreakerItem' - responses: - '200': - description: Updated - content: - application/json: - schema: - $ref: >- - #/components/schemas/MeshCircuitBreakerCreateOrUpdateSuccessResponse - '201': - description: Created - content: - application/json: - schema: - $ref: >- - #/components/schemas/MeshCircuitBreakerCreateOrUpdateSuccessResponse - delete: - operationId: deleteMeshCircuitBreaker - summary: Deletes MeshCircuitBreaker entity - tags: - - MeshCircuitBreaker - parameters: - - in: path - name: mesh - schema: - type: string - required: true - description: name of the mesh - - in: path - name: name - schema: - type: string - required: true - description: name of the MeshCircuitBreaker - responses: - '200': - content: - application/json: - schema: - $ref: '#/components/schemas/MeshCircuitBreakerDeleteSuccessResponse' - description: Successful response - '404': - $ref: '#/components/responses/NotFound' - /meshes/{mesh}/meshcircuitbreakers: - get: - operationId: getMeshCircuitBreakerList - summary: Returns a list of MeshCircuitBreaker in the mesh. - tags: - - MeshCircuitBreaker - parameters: - - in: query - name: offset - description: offset in the list of entities - required: false - schema: - type: integer - example: 0 - - in: query - name: size - description: the number of items per page - required: false - schema: - type: integer - default: 100 - maximum: 1000 - minimum: 1 - - in: query - name: filter - description: filter by labels when multiple filters are present, they are ANDed - required: false - schema: - type: object - properties: - key: - type: string - value: - type: string - example: - label.k8s.kuma.io/namespace: my-ns - - in: path - name: mesh - schema: - type: string - required: true - description: name of the mesh - responses: - '200': - $ref: '#/components/responses/MeshCircuitBreakerList' - /meshes/{mesh}/meshfaultinjections/{name}: - get: - operationId: getMeshFaultInjection - summary: Returns MeshFaultInjection entity - tags: - - MeshFaultInjection - parameters: - - in: path - name: mesh - schema: - type: string - required: true - description: name of the mesh - - in: path - name: name - schema: - type: string - required: true - description: name of the MeshFaultInjection - responses: - '200': - $ref: '#/components/responses/MeshFaultInjectionItem' - '404': - $ref: '#/components/responses/NotFound' - put: - operationId: putMeshFaultInjection - summary: Creates or Updates MeshFaultInjection entity - tags: - - MeshFaultInjection - parameters: - - in: path - name: mesh - schema: - type: string - required: true - description: name of the mesh - - in: path - name: name - schema: - type: string - required: true - description: name of the MeshFaultInjection - requestBody: - description: Put request - required: true - content: - application/json: - schema: - $ref: '#/components/schemas/MeshFaultInjectionItem' - responses: - '200': - description: Updated - content: - application/json: - schema: - $ref: >- - #/components/schemas/MeshFaultInjectionCreateOrUpdateSuccessResponse - '201': - description: Created - content: - application/json: - schema: - $ref: >- - #/components/schemas/MeshFaultInjectionCreateOrUpdateSuccessResponse - delete: - operationId: deleteMeshFaultInjection - summary: Deletes MeshFaultInjection entity - tags: - - MeshFaultInjection - parameters: - - in: path - name: mesh - schema: - type: string - required: true - description: name of the mesh - - in: path - name: name - schema: - type: string - required: true - description: name of the MeshFaultInjection - responses: - '200': - content: - application/json: - schema: - $ref: '#/components/schemas/MeshFaultInjectionDeleteSuccessResponse' - description: Successful response - '404': - $ref: '#/components/responses/NotFound' - /meshes/{mesh}/meshfaultinjections: - get: - operationId: getMeshFaultInjectionList - summary: Returns a list of MeshFaultInjection in the mesh. - tags: - - MeshFaultInjection - parameters: - - in: query - name: offset - description: offset in the list of entities - required: false - schema: - type: integer - example: 0 - - in: query - name: size - description: the number of items per page - required: false - schema: - type: integer - default: 100 - maximum: 1000 - minimum: 1 - - in: query - name: filter - description: filter by labels when multiple filters are present, they are ANDed - required: false - schema: - type: object - properties: - key: - type: string - value: - type: string - example: - label.k8s.kuma.io/namespace: my-ns - - in: path - name: mesh - schema: - type: string - required: true - description: name of the mesh - responses: - '200': - $ref: '#/components/responses/MeshFaultInjectionList' - /meshes/{mesh}/meshhealthchecks/{name}: - get: - operationId: getMeshHealthCheck - summary: Returns MeshHealthCheck entity - tags: - - MeshHealthCheck - parameters: - - in: path - name: mesh - schema: - type: string - required: true - description: name of the mesh - - in: path - name: name - schema: - type: string - required: true - description: name of the MeshHealthCheck - responses: - '200': - $ref: '#/components/responses/MeshHealthCheckItem' - '404': - $ref: '#/components/responses/NotFound' - put: - operationId: putMeshHealthCheck - summary: Creates or Updates MeshHealthCheck entity - tags: - - MeshHealthCheck - parameters: - - in: path - name: mesh - schema: - type: string - required: true - description: name of the mesh - - in: path - name: name - schema: - type: string - required: true - description: name of the MeshHealthCheck - requestBody: - description: Put request - required: true - content: - application/json: - schema: - $ref: '#/components/schemas/MeshHealthCheckItem' - responses: - '200': - description: Updated - content: - application/json: - schema: - $ref: >- - #/components/schemas/MeshHealthCheckCreateOrUpdateSuccessResponse - '201': - description: Created - content: - application/json: - schema: - $ref: >- - #/components/schemas/MeshHealthCheckCreateOrUpdateSuccessResponse - delete: - operationId: deleteMeshHealthCheck - summary: Deletes MeshHealthCheck entity - tags: - - MeshHealthCheck - parameters: - - in: path - name: mesh - schema: - type: string - required: true - description: name of the mesh - - in: path - name: name - schema: - type: string - required: true - description: name of the MeshHealthCheck - responses: - '200': - content: - application/json: - schema: - $ref: '#/components/schemas/MeshHealthCheckDeleteSuccessResponse' - description: Successful response - '404': - $ref: '#/components/responses/NotFound' - /meshes/{mesh}/meshhealthchecks: - get: - operationId: getMeshHealthCheckList - summary: Returns a list of MeshHealthCheck in the mesh. - tags: - - MeshHealthCheck - parameters: - - in: query - name: offset - description: offset in the list of entities - required: false - schema: - type: integer - example: 0 - - in: query - name: size - description: the number of items per page - required: false - schema: - type: integer - default: 100 - maximum: 1000 - minimum: 1 - - in: query - name: filter - description: filter by labels when multiple filters are present, they are ANDed - required: false - schema: - type: object - properties: - key: - type: string - value: - type: string - example: - label.k8s.kuma.io/namespace: my-ns - - in: path - name: mesh - schema: - type: string - required: true - description: name of the mesh - responses: - '200': - $ref: '#/components/responses/MeshHealthCheckList' - /meshes/{mesh}/meshhttproutes/{name}: - get: - operationId: getMeshHTTPRoute - summary: Returns MeshHTTPRoute entity - tags: - - MeshHTTPRoute - parameters: - - in: path - name: mesh - schema: - type: string - required: true - description: name of the mesh - - in: path - name: name - schema: - type: string - required: true - description: name of the MeshHTTPRoute - responses: - '200': - $ref: '#/components/responses/MeshHTTPRouteItem' - '404': - $ref: '#/components/responses/NotFound' - put: - operationId: putMeshHTTPRoute - summary: Creates or Updates MeshHTTPRoute entity - tags: - - MeshHTTPRoute - parameters: - - in: path - name: mesh - schema: - type: string - required: true - description: name of the mesh - - in: path - name: name - schema: - type: string - required: true - description: name of the MeshHTTPRoute - requestBody: - description: Put request - required: true - content: - application/json: - schema: - $ref: '#/components/schemas/MeshHTTPRouteItem' - responses: - '200': - description: Updated - content: - application/json: - schema: - $ref: >- - #/components/schemas/MeshHTTPRouteCreateOrUpdateSuccessResponse - '201': - description: Created - content: - application/json: - schema: - $ref: >- - #/components/schemas/MeshHTTPRouteCreateOrUpdateSuccessResponse - delete: - operationId: deleteMeshHTTPRoute - summary: Deletes MeshHTTPRoute entity - tags: - - MeshHTTPRoute - parameters: - - in: path - name: mesh - schema: - type: string - required: true - description: name of the mesh - - in: path - name: name - schema: - type: string - required: true - description: name of the MeshHTTPRoute - responses: - '200': - content: - application/json: - schema: - $ref: '#/components/schemas/MeshHTTPRouteDeleteSuccessResponse' - description: Successful response - '404': - $ref: '#/components/responses/NotFound' - /meshes/{mesh}/meshhttproutes: - get: - operationId: getMeshHTTPRouteList - summary: Returns a list of MeshHTTPRoute in the mesh. - tags: - - MeshHTTPRoute - parameters: - - in: query - name: offset - description: offset in the list of entities - required: false - schema: - type: integer - example: 0 - - in: query - name: size - description: the number of items per page - required: false - schema: - type: integer - default: 100 - maximum: 1000 - minimum: 1 - - in: query - name: filter - description: filter by labels when multiple filters are present, they are ANDed - required: false - schema: - type: object - properties: - key: - type: string - value: - type: string - example: - label.k8s.kuma.io/namespace: my-ns - - in: path - name: mesh - schema: - type: string - required: true - description: name of the mesh - responses: - '200': - $ref: '#/components/responses/MeshHTTPRouteList' - /meshes/{mesh}/meshloadbalancingstrategies/{name}: - get: - operationId: getMeshLoadBalancingStrategy - summary: Returns MeshLoadBalancingStrategy entity - tags: - - MeshLoadBalancingStrategy - parameters: - - in: path - name: mesh - schema: - type: string - required: true - description: name of the mesh - - in: path - name: name - schema: - type: string - required: true - description: name of the MeshLoadBalancingStrategy - responses: - '200': - $ref: '#/components/responses/MeshLoadBalancingStrategyItem' - '404': - $ref: '#/components/responses/NotFound' - put: - operationId: putMeshLoadBalancingStrategy - summary: Creates or Updates MeshLoadBalancingStrategy entity - tags: - - MeshLoadBalancingStrategy - parameters: - - in: path - name: mesh - schema: - type: string - required: true - description: name of the mesh - - in: path - name: name - schema: - type: string - required: true - description: name of the MeshLoadBalancingStrategy - requestBody: - description: Put request - required: true - content: - application/json: - schema: - $ref: '#/components/schemas/MeshLoadBalancingStrategyItem' - responses: - '200': - description: Updated - content: - application/json: - schema: - $ref: >- - #/components/schemas/MeshLoadBalancingStrategyCreateOrUpdateSuccessResponse - '201': - description: Created - content: - application/json: - schema: - $ref: >- - #/components/schemas/MeshLoadBalancingStrategyCreateOrUpdateSuccessResponse - delete: - operationId: deleteMeshLoadBalancingStrategy - summary: Deletes MeshLoadBalancingStrategy entity - tags: - - MeshLoadBalancingStrategy - parameters: - - in: path - name: mesh - schema: - type: string - required: true - description: name of the mesh - - in: path - name: name - schema: - type: string - required: true - description: name of the MeshLoadBalancingStrategy - responses: - '200': - content: - application/json: - schema: - $ref: >- - #/components/schemas/MeshLoadBalancingStrategyDeleteSuccessResponse - description: Successful response - '404': - $ref: '#/components/responses/NotFound' - /meshes/{mesh}/meshloadbalancingstrategies: - get: - operationId: getMeshLoadBalancingStrategyList - summary: Returns a list of MeshLoadBalancingStrategy in the mesh. - tags: - - MeshLoadBalancingStrategy - parameters: - - in: query - name: offset - description: offset in the list of entities - required: false - schema: - type: integer - example: 0 - - in: query - name: size - description: the number of items per page - required: false - schema: - type: integer - default: 100 - maximum: 1000 - minimum: 1 - - in: query - name: filter - description: filter by labels when multiple filters are present, they are ANDed - required: false - schema: - type: object - properties: - key: - type: string - value: - type: string - example: - label.k8s.kuma.io/namespace: my-ns - - in: path - name: mesh - schema: - type: string - required: true - description: name of the mesh - responses: - '200': - $ref: '#/components/responses/MeshLoadBalancingStrategyList' - /meshes/{mesh}/meshmetrics/{name}: - get: - operationId: getMeshMetric - summary: Returns MeshMetric entity - tags: - - MeshMetric - parameters: - - in: path - name: mesh - schema: - type: string - required: true - description: name of the mesh - - in: path - name: name - schema: - type: string - required: true - description: name of the MeshMetric - responses: - '200': - $ref: '#/components/responses/MeshMetricItem' - '404': - $ref: '#/components/responses/NotFound' - put: - operationId: putMeshMetric - summary: Creates or Updates MeshMetric entity - tags: - - MeshMetric - parameters: - - in: path - name: mesh - schema: - type: string - required: true - description: name of the mesh - - in: path - name: name - schema: - type: string - required: true - description: name of the MeshMetric - requestBody: - description: Put request - required: true - content: - application/json: - schema: - $ref: '#/components/schemas/MeshMetricItem' - responses: - '200': - description: Updated - content: - application/json: - schema: - $ref: '#/components/schemas/MeshMetricCreateOrUpdateSuccessResponse' - '201': - description: Created - content: - application/json: - schema: - $ref: '#/components/schemas/MeshMetricCreateOrUpdateSuccessResponse' - delete: - operationId: deleteMeshMetric - summary: Deletes MeshMetric entity - tags: - - MeshMetric - parameters: - - in: path - name: mesh - schema: - type: string - required: true - description: name of the mesh - - in: path - name: name - schema: - type: string - required: true - description: name of the MeshMetric - responses: - '200': - content: - application/json: - schema: - $ref: '#/components/schemas/MeshMetricDeleteSuccessResponse' - description: Successful response - '404': - $ref: '#/components/responses/NotFound' - /meshes/{mesh}/meshmetrics: - get: - operationId: getMeshMetricList - summary: Returns a list of MeshMetric in the mesh. - tags: - - MeshMetric - parameters: - - in: query - name: offset - description: offset in the list of entities - required: false - schema: - type: integer - example: 0 - - in: query - name: size - description: the number of items per page - required: false - schema: - type: integer - default: 100 - maximum: 1000 - minimum: 1 - - in: query - name: filter - description: filter by labels when multiple filters are present, they are ANDed - required: false - schema: - type: object - properties: - key: - type: string - value: - type: string - example: - label.k8s.kuma.io/namespace: my-ns - - in: path - name: mesh - schema: - type: string - required: true - description: name of the mesh - responses: - '200': - $ref: '#/components/responses/MeshMetricList' - /meshes/{mesh}/meshpassthroughs/{name}: - get: - operationId: getMeshPassthrough - summary: Returns MeshPassthrough entity - tags: - - MeshPassthrough - parameters: - - in: path - name: mesh - schema: - type: string - required: true - description: name of the mesh - - in: path - name: name - schema: - type: string - required: true - description: name of the MeshPassthrough - responses: - '200': - $ref: '#/components/responses/MeshPassthroughItem' - '404': - $ref: '#/components/responses/NotFound' - put: - operationId: putMeshPassthrough - summary: Creates or Updates MeshPassthrough entity - tags: - - MeshPassthrough - parameters: - - in: path - name: mesh - schema: - type: string - required: true - description: name of the mesh - - in: path - name: name - schema: - type: string - required: true - description: name of the MeshPassthrough - requestBody: - description: Put request - required: true - content: - application/json: - schema: - $ref: '#/components/schemas/MeshPassthroughItem' - responses: - '200': - description: Updated - content: - application/json: - schema: - $ref: >- - #/components/schemas/MeshPassthroughCreateOrUpdateSuccessResponse - '201': - description: Created - content: - application/json: - schema: - $ref: >- - #/components/schemas/MeshPassthroughCreateOrUpdateSuccessResponse - delete: - operationId: deleteMeshPassthrough - summary: Deletes MeshPassthrough entity - tags: - - MeshPassthrough - parameters: - - in: path - name: mesh - schema: - type: string - required: true - description: name of the mesh - - in: path - name: name - schema: - type: string - required: true - description: name of the MeshPassthrough - responses: - '200': - content: - application/json: - schema: - $ref: '#/components/schemas/MeshPassthroughDeleteSuccessResponse' - description: Successful response - '404': - $ref: '#/components/responses/NotFound' - /meshes/{mesh}/meshpassthroughs: - get: - operationId: getMeshPassthroughList - summary: Returns a list of MeshPassthrough in the mesh. - tags: - - MeshPassthrough - parameters: - - in: query - name: offset - description: offset in the list of entities - required: false - schema: - type: integer - example: 0 - - in: query - name: size - description: the number of items per page - required: false - schema: - type: integer - default: 100 - maximum: 1000 - minimum: 1 - - in: query - name: filter - description: filter by labels when multiple filters are present, they are ANDed - required: false - schema: - type: object - properties: - key: - type: string - value: - type: string - example: - label.k8s.kuma.io/namespace: my-ns - - in: path - name: mesh - schema: - type: string - required: true - description: name of the mesh - responses: - '200': - $ref: '#/components/responses/MeshPassthroughList' - /meshes/{mesh}/meshproxypatches/{name}: - get: - operationId: getMeshProxyPatch - summary: Returns MeshProxyPatch entity - tags: - - MeshProxyPatch - parameters: - - in: path - name: mesh - schema: - type: string - required: true - description: name of the mesh - - in: path - name: name - schema: - type: string - required: true - description: name of the MeshProxyPatch - responses: - '200': - $ref: '#/components/responses/MeshProxyPatchItem' - '404': - $ref: '#/components/responses/NotFound' - put: - operationId: putMeshProxyPatch - summary: Creates or Updates MeshProxyPatch entity - tags: - - MeshProxyPatch - parameters: - - in: path - name: mesh - schema: - type: string - required: true - description: name of the mesh - - in: path - name: name - schema: - type: string - required: true - description: name of the MeshProxyPatch - requestBody: - description: Put request - required: true - content: - application/json: - schema: - $ref: '#/components/schemas/MeshProxyPatchItem' - responses: - '200': - description: Updated - content: - application/json: - schema: - $ref: >- - #/components/schemas/MeshProxyPatchCreateOrUpdateSuccessResponse - '201': - description: Created - content: - application/json: - schema: - $ref: >- - #/components/schemas/MeshProxyPatchCreateOrUpdateSuccessResponse - delete: - operationId: deleteMeshProxyPatch - summary: Deletes MeshProxyPatch entity - tags: - - MeshProxyPatch - parameters: - - in: path - name: mesh - schema: - type: string - required: true - description: name of the mesh - - in: path - name: name - schema: - type: string - required: true - description: name of the MeshProxyPatch - responses: - '200': - content: - application/json: - schema: - $ref: '#/components/schemas/MeshProxyPatchDeleteSuccessResponse' - description: Successful response - '404': - $ref: '#/components/responses/NotFound' - /meshes/{mesh}/meshproxypatches: - get: - operationId: getMeshProxyPatchList - summary: Returns a list of MeshProxyPatch in the mesh. - tags: - - MeshProxyPatch - parameters: - - in: query - name: offset - description: offset in the list of entities - required: false - schema: - type: integer - example: 0 - - in: query - name: size - description: the number of items per page - required: false - schema: - type: integer - default: 100 - maximum: 1000 - minimum: 1 - - in: query - name: filter - description: filter by labels when multiple filters are present, they are ANDed - required: false - schema: - type: object - properties: - key: - type: string - value: - type: string - example: - label.k8s.kuma.io/namespace: my-ns - - in: path - name: mesh - schema: - type: string - required: true - description: name of the mesh - responses: - '200': - $ref: '#/components/responses/MeshProxyPatchList' - /meshes/{mesh}/meshratelimits/{name}: - get: - operationId: getMeshRateLimit - summary: Returns MeshRateLimit entity - tags: - - MeshRateLimit - parameters: - - in: path - name: mesh - schema: - type: string - required: true - description: name of the mesh - - in: path - name: name - schema: - type: string - required: true - description: name of the MeshRateLimit - responses: - '200': - $ref: '#/components/responses/MeshRateLimitItem' - '404': - $ref: '#/components/responses/NotFound' - put: - operationId: putMeshRateLimit - summary: Creates or Updates MeshRateLimit entity - tags: - - MeshRateLimit - parameters: - - in: path - name: mesh - schema: - type: string - required: true - description: name of the mesh - - in: path - name: name - schema: - type: string - required: true - description: name of the MeshRateLimit - requestBody: - description: Put request - required: true - content: - application/json: - schema: - $ref: '#/components/schemas/MeshRateLimitItem' - responses: - '200': - description: Updated - content: - application/json: - schema: - $ref: >- - #/components/schemas/MeshRateLimitCreateOrUpdateSuccessResponse - '201': - description: Created - content: - application/json: - schema: - $ref: >- - #/components/schemas/MeshRateLimitCreateOrUpdateSuccessResponse - delete: - operationId: deleteMeshRateLimit - summary: Deletes MeshRateLimit entity - tags: - - MeshRateLimit - parameters: - - in: path - name: mesh - schema: - type: string - required: true - description: name of the mesh - - in: path - name: name - schema: - type: string - required: true - description: name of the MeshRateLimit - responses: - '200': - content: - application/json: - schema: - $ref: '#/components/schemas/MeshRateLimitDeleteSuccessResponse' - description: Successful response - '404': - $ref: '#/components/responses/NotFound' - /meshes/{mesh}/meshratelimits: - get: - operationId: getMeshRateLimitList - summary: Returns a list of MeshRateLimit in the mesh. - tags: - - MeshRateLimit - parameters: - - in: query - name: offset - description: offset in the list of entities - required: false - schema: - type: integer - example: 0 - - in: query - name: size - description: the number of items per page - required: false - schema: - type: integer - default: 100 - maximum: 1000 - minimum: 1 - - in: query - name: filter - description: filter by labels when multiple filters are present, they are ANDed - required: false - schema: - type: object - properties: - key: - type: string - value: - type: string - example: - label.k8s.kuma.io/namespace: my-ns - - in: path - name: mesh - schema: - type: string - required: true - description: name of the mesh - responses: - '200': - $ref: '#/components/responses/MeshRateLimitList' - /meshes/{mesh}/meshretries/{name}: - get: - operationId: getMeshRetry - summary: Returns MeshRetry entity - tags: - - MeshRetry - parameters: - - in: path - name: mesh - schema: - type: string - required: true - description: name of the mesh - - in: path - name: name - schema: - type: string - required: true - description: name of the MeshRetry - responses: - '200': - $ref: '#/components/responses/MeshRetryItem' - '404': - $ref: '#/components/responses/NotFound' - put: - operationId: putMeshRetry - summary: Creates or Updates MeshRetry entity - tags: - - MeshRetry - parameters: - - in: path - name: mesh - schema: - type: string - required: true - description: name of the mesh - - in: path - name: name - schema: - type: string - required: true - description: name of the MeshRetry - requestBody: - description: Put request - required: true - content: - application/json: - schema: - $ref: '#/components/schemas/MeshRetryItem' - responses: - '200': - description: Updated - content: - application/json: - schema: - $ref: '#/components/schemas/MeshRetryCreateOrUpdateSuccessResponse' - '201': - description: Created - content: - application/json: - schema: - $ref: '#/components/schemas/MeshRetryCreateOrUpdateSuccessResponse' - delete: - operationId: deleteMeshRetry - summary: Deletes MeshRetry entity - tags: - - MeshRetry - parameters: - - in: path - name: mesh - schema: - type: string - required: true - description: name of the mesh - - in: path - name: name - schema: - type: string - required: true - description: name of the MeshRetry - responses: - '200': - content: - application/json: - schema: - $ref: '#/components/schemas/MeshRetryDeleteSuccessResponse' - description: Successful response - '404': - $ref: '#/components/responses/NotFound' - /meshes/{mesh}/meshretries: - get: - operationId: getMeshRetryList - summary: Returns a list of MeshRetry in the mesh. - tags: - - MeshRetry - parameters: - - in: query - name: offset - description: offset in the list of entities - required: false - schema: - type: integer - example: 0 - - in: query - name: size - description: the number of items per page - required: false - schema: - type: integer - default: 100 - maximum: 1000 - minimum: 1 - - in: query - name: filter - description: filter by labels when multiple filters are present, they are ANDed - required: false - schema: - type: object - properties: - key: - type: string - value: - type: string - example: - label.k8s.kuma.io/namespace: my-ns - - in: path - name: mesh - schema: - type: string - required: true - description: name of the mesh - responses: - '200': - $ref: '#/components/responses/MeshRetryList' - /meshes/{mesh}/meshtcproutes/{name}: - get: - operationId: getMeshTCPRoute - summary: Returns MeshTCPRoute entity - tags: - - MeshTCPRoute - parameters: - - in: path - name: mesh - schema: - type: string - required: true - description: name of the mesh - - in: path - name: name - schema: - type: string - required: true - description: name of the MeshTCPRoute - responses: - '200': - $ref: '#/components/responses/MeshTCPRouteItem' - '404': - $ref: '#/components/responses/NotFound' - put: - operationId: putMeshTCPRoute - summary: Creates or Updates MeshTCPRoute entity - tags: - - MeshTCPRoute - parameters: - - in: path - name: mesh - schema: - type: string - required: true - description: name of the mesh - - in: path - name: name - schema: - type: string - required: true - description: name of the MeshTCPRoute - requestBody: - description: Put request - required: true - content: - application/json: - schema: - $ref: '#/components/schemas/MeshTCPRouteItem' - responses: - '200': - description: Updated - content: - application/json: - schema: - $ref: '#/components/schemas/MeshTCPRouteCreateOrUpdateSuccessResponse' - '201': - description: Created - content: - application/json: - schema: - $ref: '#/components/schemas/MeshTCPRouteCreateOrUpdateSuccessResponse' - delete: - operationId: deleteMeshTCPRoute - summary: Deletes MeshTCPRoute entity - tags: - - MeshTCPRoute - parameters: - - in: path - name: mesh - schema: - type: string - required: true - description: name of the mesh - - in: path - name: name - schema: - type: string - required: true - description: name of the MeshTCPRoute - responses: - '200': - content: - application/json: - schema: - $ref: '#/components/schemas/MeshTCPRouteDeleteSuccessResponse' - description: Successful response - '404': - $ref: '#/components/responses/NotFound' - /meshes/{mesh}/meshtcproutes: - get: - operationId: getMeshTCPRouteList - summary: Returns a list of MeshTCPRoute in the mesh. - tags: - - MeshTCPRoute - parameters: - - in: query - name: offset - description: offset in the list of entities - required: false - schema: - type: integer - example: 0 - - in: query - name: size - description: the number of items per page - required: false - schema: - type: integer - default: 100 - maximum: 1000 - minimum: 1 - - in: query - name: filter - description: filter by labels when multiple filters are present, they are ANDed - required: false - schema: - type: object - properties: - key: - type: string - value: - type: string - example: - label.k8s.kuma.io/namespace: my-ns - - in: path - name: mesh - schema: - type: string - required: true - description: name of the mesh - responses: - '200': - $ref: '#/components/responses/MeshTCPRouteList' - /meshes/{mesh}/meshtimeouts/{name}: - get: - operationId: getMeshTimeout - summary: Returns MeshTimeout entity - tags: - - MeshTimeout - parameters: - - in: path - name: mesh - schema: - type: string - required: true - description: name of the mesh - - in: path - name: name - schema: - type: string - required: true - description: name of the MeshTimeout - responses: - '200': - $ref: '#/components/responses/MeshTimeoutItem' - '404': - $ref: '#/components/responses/NotFound' - put: - operationId: putMeshTimeout - summary: Creates or Updates MeshTimeout entity - tags: - - MeshTimeout - parameters: - - in: path - name: mesh - schema: - type: string - required: true - description: name of the mesh - - in: path - name: name - schema: - type: string - required: true - description: name of the MeshTimeout - requestBody: - description: Put request - required: true - content: - application/json: - schema: - $ref: '#/components/schemas/MeshTimeoutItem' - responses: - '200': - description: Updated - content: - application/json: - schema: - $ref: '#/components/schemas/MeshTimeoutCreateOrUpdateSuccessResponse' - '201': - description: Created - content: - application/json: - schema: - $ref: '#/components/schemas/MeshTimeoutCreateOrUpdateSuccessResponse' - delete: - operationId: deleteMeshTimeout - summary: Deletes MeshTimeout entity - tags: - - MeshTimeout - parameters: - - in: path - name: mesh - schema: - type: string - required: true - description: name of the mesh - - in: path - name: name - schema: - type: string - required: true - description: name of the MeshTimeout - responses: - '200': - content: - application/json: - schema: - $ref: '#/components/schemas/MeshTimeoutDeleteSuccessResponse' - description: Successful response - '404': - $ref: '#/components/responses/NotFound' - /meshes/{mesh}/meshtimeouts: - get: - operationId: getMeshTimeoutList - summary: Returns a list of MeshTimeout in the mesh. - tags: - - MeshTimeout - parameters: - - in: query - name: offset - description: offset in the list of entities - required: false - schema: - type: integer - example: 0 - - in: query - name: size - description: the number of items per page - required: false - schema: - type: integer - default: 100 - maximum: 1000 - minimum: 1 - - in: query - name: filter - description: filter by labels when multiple filters are present, they are ANDed - required: false - schema: - type: object - properties: - key: - type: string - value: - type: string - example: - label.k8s.kuma.io/namespace: my-ns - - in: path - name: mesh - schema: - type: string - required: true - description: name of the mesh - responses: - '200': - $ref: '#/components/responses/MeshTimeoutList' - /meshes/{mesh}/meshtlses/{name}: - get: - operationId: getMeshTLS - summary: Returns MeshTLS entity - tags: - - MeshTLS - parameters: - - in: path - name: mesh - schema: - type: string - required: true - description: name of the mesh - - in: path - name: name - schema: - type: string - required: true - description: name of the MeshTLS - responses: - '200': - $ref: '#/components/responses/MeshTLSItem' - '404': - $ref: '#/components/responses/NotFound' - put: - operationId: putMeshTLS - summary: Creates or Updates MeshTLS entity - tags: - - MeshTLS - parameters: - - in: path - name: mesh - schema: - type: string - required: true - description: name of the mesh - - in: path - name: name - schema: - type: string - required: true - description: name of the MeshTLS - requestBody: - description: Put request - required: true - content: - application/json: - schema: - $ref: '#/components/schemas/MeshTLSItem' - responses: - '200': - description: Updated - content: - application/json: - schema: - $ref: '#/components/schemas/MeshTLSCreateOrUpdateSuccessResponse' - '201': - description: Created - content: - application/json: - schema: - $ref: '#/components/schemas/MeshTLSCreateOrUpdateSuccessResponse' - delete: - operationId: deleteMeshTLS - summary: Deletes MeshTLS entity - tags: - - MeshTLS - parameters: - - in: path - name: mesh - schema: - type: string - required: true - description: name of the mesh - - in: path - name: name - schema: - type: string - required: true - description: name of the MeshTLS - responses: - '200': - content: - application/json: - schema: - $ref: '#/components/schemas/MeshTLSDeleteSuccessResponse' - description: Successful response - '404': - $ref: '#/components/responses/NotFound' - /meshes/{mesh}/meshtlses: - get: - operationId: getMeshTLSList - summary: Returns a list of MeshTLS in the mesh. - tags: - - MeshTLS - parameters: - - in: query - name: offset - description: offset in the list of entities - required: false - schema: - type: integer - example: 0 - - in: query - name: size - description: the number of items per page - required: false - schema: - type: integer - default: 100 - maximum: 1000 - minimum: 1 - - in: query - name: filter - description: filter by labels when multiple filters are present, they are ANDed - required: false - schema: - type: object - properties: - key: - type: string - value: - type: string - example: - label.k8s.kuma.io/namespace: my-ns - - in: path - name: mesh - schema: - type: string - required: true - description: name of the mesh - responses: - '200': - $ref: '#/components/responses/MeshTLSList' - /meshes/{mesh}/meshtraces/{name}: - get: - operationId: getMeshTrace - summary: Returns MeshTrace entity - tags: - - MeshTrace - parameters: - - in: path - name: mesh - schema: - type: string - required: true - description: name of the mesh - - in: path - name: name - schema: - type: string - required: true - description: name of the MeshTrace - responses: - '200': - $ref: '#/components/responses/MeshTraceItem' - '404': - $ref: '#/components/responses/NotFound' - put: - operationId: putMeshTrace - summary: Creates or Updates MeshTrace entity - tags: - - MeshTrace - parameters: - - in: path - name: mesh - schema: - type: string - required: true - description: name of the mesh - - in: path - name: name - schema: - type: string - required: true - description: name of the MeshTrace - requestBody: - description: Put request - required: true - content: - application/json: - schema: - $ref: '#/components/schemas/MeshTraceItem' - responses: - '200': - description: Updated - content: - application/json: - schema: - $ref: '#/components/schemas/MeshTraceCreateOrUpdateSuccessResponse' - '201': - description: Created - content: - application/json: - schema: - $ref: '#/components/schemas/MeshTraceCreateOrUpdateSuccessResponse' - delete: - operationId: deleteMeshTrace - summary: Deletes MeshTrace entity - tags: - - MeshTrace - parameters: - - in: path - name: mesh - schema: - type: string - required: true - description: name of the mesh - - in: path - name: name - schema: - type: string - required: true - description: name of the MeshTrace - responses: - '200': - content: - application/json: - schema: - $ref: '#/components/schemas/MeshTraceDeleteSuccessResponse' - description: Successful response - '404': - $ref: '#/components/responses/NotFound' - /meshes/{mesh}/meshtraces: - get: - operationId: getMeshTraceList - summary: Returns a list of MeshTrace in the mesh. - tags: - - MeshTrace - parameters: - - in: query - name: offset - description: offset in the list of entities - required: false - schema: - type: integer - example: 0 - - in: query - name: size - description: the number of items per page - required: false - schema: - type: integer - default: 100 - maximum: 1000 - minimum: 1 - - in: query - name: filter - description: filter by labels when multiple filters are present, they are ANDed - required: false - schema: - type: object - properties: - key: - type: string - value: - type: string - example: - label.k8s.kuma.io/namespace: my-ns - - in: path - name: mesh - schema: - type: string - required: true - description: name of the mesh - responses: - '200': - $ref: '#/components/responses/MeshTraceList' - /meshes/{mesh}/meshtrafficpermissions/{name}: - get: - operationId: getMeshTrafficPermission - summary: Returns MeshTrafficPermission entity - tags: - - MeshTrafficPermission - parameters: - - in: path - name: mesh - schema: - type: string - required: true - description: name of the mesh - - in: path - name: name - schema: - type: string - required: true - description: name of the MeshTrafficPermission - responses: - '200': - $ref: '#/components/responses/MeshTrafficPermissionItem' - '404': - $ref: '#/components/responses/NotFound' - put: - operationId: putMeshTrafficPermission - summary: Creates or Updates MeshTrafficPermission entity - tags: - - MeshTrafficPermission - parameters: - - in: path - name: mesh - schema: - type: string - required: true - description: name of the mesh - - in: path - name: name - schema: - type: string - required: true - description: name of the MeshTrafficPermission - requestBody: - description: Put request - required: true - content: - application/json: - schema: - $ref: '#/components/schemas/MeshTrafficPermissionItem' - responses: - '200': - description: Updated - content: - application/json: - schema: - $ref: >- - #/components/schemas/MeshTrafficPermissionCreateOrUpdateSuccessResponse - '201': - description: Created - content: - application/json: - schema: - $ref: >- - #/components/schemas/MeshTrafficPermissionCreateOrUpdateSuccessResponse - delete: - operationId: deleteMeshTrafficPermission - summary: Deletes MeshTrafficPermission entity - tags: - - MeshTrafficPermission - parameters: - - in: path - name: mesh - schema: - type: string - required: true - description: name of the mesh - - in: path - name: name - schema: - type: string - required: true - description: name of the MeshTrafficPermission - responses: - '200': - content: - application/json: - schema: - $ref: >- - #/components/schemas/MeshTrafficPermissionDeleteSuccessResponse - description: Successful response - '404': - $ref: '#/components/responses/NotFound' - /meshes/{mesh}/meshtrafficpermissions: - get: - operationId: getMeshTrafficPermissionList - summary: Returns a list of MeshTrafficPermission in the mesh. - tags: - - MeshTrafficPermission - parameters: - - in: query - name: offset - description: offset in the list of entities - required: false - schema: - type: integer - example: 0 - - in: query - name: size - description: the number of items per page - required: false - schema: - type: integer - default: 100 - maximum: 1000 - minimum: 1 - - in: query - name: filter - description: filter by labels when multiple filters are present, they are ANDed - required: false - schema: - type: object - properties: - key: - type: string - value: - type: string - example: - label.k8s.kuma.io/namespace: my-ns - - in: path - name: mesh - schema: - type: string - required: true - description: name of the mesh - responses: - '200': - $ref: '#/components/responses/MeshTrafficPermissionList' - /meshes/{mesh}/dataplanes/{name}: - get: - operationId: getDataplane - summary: Returns Dataplane entity - tags: - - Dataplane - parameters: - - in: path - name: mesh - schema: - type: string - required: true - description: name of the mesh - - in: path - name: name - schema: - type: string - required: true - description: name of the Dataplane - responses: - '200': - $ref: '#/components/responses/DataplaneItem' - '404': - $ref: '#/components/responses/NotFound' - put: - operationId: putDataplane - summary: Creates or Updates Dataplane entity - tags: - - Dataplane - parameters: - - in: path - name: mesh - schema: - type: string - required: true - description: name of the mesh - - in: path - name: name - schema: - type: string - required: true - description: name of the Dataplane - requestBody: - description: Put request - required: true - content: - application/json: - schema: - $ref: '#/components/schemas/DataplaneItem' - responses: - '200': - description: Updated - content: - application/json: - schema: - $ref: '#/components/schemas/DataplaneCreateOrUpdateSuccessResponse' - '201': - description: Created - content: - application/json: - schema: - $ref: '#/components/schemas/DataplaneCreateOrUpdateSuccessResponse' - delete: - operationId: deleteDataplane - summary: Deletes Dataplane entity - tags: - - Dataplane - parameters: - - in: path - name: mesh - schema: - type: string - required: true - description: name of the mesh - - in: path - name: name - schema: - type: string - required: true - description: name of the Dataplane - responses: - '200': - content: - application/json: - schema: - $ref: '#/components/schemas/DataplaneDeleteSuccessResponse' - description: Successful response - '404': - $ref: '#/components/responses/NotFound' - /meshes/{mesh}/dataplanes: - get: - operationId: getDataplaneList - summary: Returns a list of Dataplane in the mesh. - tags: - - Dataplane - parameters: - - in: query - name: offset - description: offset in the list of entities - required: false - schema: - type: integer - example: 0 - - in: query - name: size - description: the number of items per page - required: false - schema: - type: integer - default: 100 - maximum: 1000 - minimum: 1 - - in: query - name: filter - description: filter by labels when multiple filters are present, they are ANDed - required: false - schema: - type: object - properties: - key: - type: string - value: - type: string - example: - label.k8s.kuma.io/namespace: my-ns - - in: path - name: mesh - schema: - type: string - required: true - description: name of the mesh - responses: - '200': - $ref: '#/components/responses/DataplaneList' - /meshes/{mesh}/dataplanes/{name}/_overview: - get: - operationId: getDataplaneOverview - parameters: - - in: path - name: mesh - required: true - description: The mesh of the DPP to get the diff for. - schema: - type: string - - in: path - name: name - required: true - description: The name of the DPP within the mesh to get the diff for. - schema: - type: string - responses: - '200': - $ref: '#/components/responses/GetDataplaneOverviewResponse' - '400': - $ref: '#/components/responses/BadRequest' - '500': - $ref: '#/components/responses/Internal' - /meshes/{mesh}/dataplanes/_overview: - get: - operationId: getDataplaneOverviewList - parameters: - - in: path - name: mesh - required: true - description: The mesh of the DPP to get the diff for. - schema: - type: string - responses: - '200': - $ref: '#/components/responses/GetDataplaneOverviewListResponse' - '400': - $ref: '#/components/responses/BadRequest' - '500': - $ref: '#/components/responses/Internal' - /meshes/{name}: - get: - operationId: getMesh - summary: Returns Mesh entity - tags: - - Mesh - parameters: - - in: path - name: name - schema: - type: string - required: true - description: name of the Mesh - responses: - '200': - $ref: '#/components/responses/MeshItem' - '404': - $ref: '#/components/responses/NotFound' - put: - operationId: putMesh - summary: Creates or Updates Mesh entity - tags: - - Mesh - parameters: - - in: path - name: name - schema: - type: string - required: true - description: name of the Mesh - requestBody: - description: Put request - required: true - content: - application/json: - schema: - $ref: '#/components/schemas/MeshItem' - responses: - '200': - description: Updated - content: - application/json: - schema: - $ref: '#/components/schemas/MeshCreateOrUpdateSuccessResponse' - '201': - description: Created - content: - application/json: - schema: - $ref: '#/components/schemas/MeshCreateOrUpdateSuccessResponse' - delete: - operationId: deleteMesh - summary: Deletes Mesh entity - tags: - - Mesh - parameters: - - in: path - name: name - schema: - type: string - required: true - description: name of the Mesh - responses: - '200': - content: - application/json: - schema: - $ref: '#/components/schemas/MeshDeleteSuccessResponse' - description: Successful response - '404': - $ref: '#/components/responses/NotFound' - /meshes: - get: - operationId: getMeshList - summary: Returns a list of Mesh in the mesh. - tags: - - Mesh - parameters: - - in: query - name: offset - description: offset in the list of entities - required: false - schema: - type: integer - example: 0 - - in: query - name: size - description: the number of items per page - required: false - schema: - type: integer - default: 100 - maximum: 1000 - minimum: 1 - - in: query - name: filter - description: filter by labels when multiple filters are present, they are ANDed - required: false - schema: - type: object - properties: - key: - type: string - value: - type: string - example: - label.k8s.kuma.io/namespace: my-ns - responses: - '200': - $ref: '#/components/responses/MeshList' - /meshes/{mesh}/meshgateways/{name}: - get: - operationId: getMeshGateway - summary: Returns MeshGateway entity - tags: - - MeshGateway - parameters: - - in: path - name: mesh - schema: - type: string - required: true - description: name of the mesh - - in: path - name: name - schema: - type: string - required: true - description: name of the MeshGateway - responses: - '200': - $ref: '#/components/responses/MeshGatewayItem' - '404': - $ref: '#/components/responses/NotFound' - put: - operationId: putMeshGateway - summary: Creates or Updates MeshGateway entity - tags: - - MeshGateway - parameters: - - in: path - name: mesh - schema: - type: string - required: true - description: name of the mesh - - in: path - name: name - schema: - type: string - required: true - description: name of the MeshGateway - requestBody: - description: Put request - required: true - content: - application/json: - schema: - $ref: '#/components/schemas/MeshGatewayItem' - responses: - '200': - description: Updated - content: - application/json: - schema: - $ref: '#/components/schemas/MeshGatewayCreateOrUpdateSuccessResponse' - '201': - description: Created - content: - application/json: - schema: - $ref: '#/components/schemas/MeshGatewayCreateOrUpdateSuccessResponse' - delete: - operationId: deleteMeshGateway - summary: Deletes MeshGateway entity - tags: - - MeshGateway - parameters: - - in: path - name: mesh - schema: - type: string - required: true - description: name of the mesh - - in: path - name: name - schema: - type: string - required: true - description: name of the MeshGateway - responses: - '200': - content: - application/json: - schema: - $ref: '#/components/schemas/MeshGatewayDeleteSuccessResponse' - description: Successful response - '404': - $ref: '#/components/responses/NotFound' - /meshes/{mesh}/meshgateways: - get: - operationId: getMeshGatewayList - summary: Returns a list of MeshGateway in the mesh. - tags: - - MeshGateway - parameters: - - in: query - name: offset - description: offset in the list of entities - required: false - schema: - type: integer - example: 0 - - in: query - name: size - description: the number of items per page - required: false - schema: - type: integer - default: 100 - maximum: 1000 - minimum: 1 - - in: query - name: filter - description: filter by labels when multiple filters are present, they are ANDed - required: false - schema: - type: object - properties: - key: - type: string - value: - type: string - example: - label.k8s.kuma.io/namespace: my-ns - - in: path - name: mesh - schema: - type: string - required: true - description: name of the mesh - responses: - '200': - $ref: '#/components/responses/MeshGatewayList' - /hostnamegenerators/{name}: - get: - operationId: getHostnameGenerator - summary: Returns HostnameGenerator entity - tags: - - HostnameGenerator - parameters: - - in: path - name: name - schema: - type: string - required: true - description: name of the HostnameGenerator - responses: - '200': - $ref: '#/components/responses/HostnameGeneratorItem' - '404': - $ref: '#/components/responses/NotFound' - put: - operationId: putHostnameGenerator - summary: Creates or Updates HostnameGenerator entity - tags: - - HostnameGenerator - parameters: - - in: path - name: name - schema: - type: string - required: true - description: name of the HostnameGenerator - requestBody: - description: Put request - required: true - content: - application/json: - schema: - $ref: '#/components/schemas/HostnameGeneratorItem' - responses: - '200': - description: Updated - content: - application/json: - schema: - $ref: >- - #/components/schemas/HostnameGeneratorCreateOrUpdateSuccessResponse - '201': - description: Created - content: - application/json: - schema: - $ref: >- - #/components/schemas/HostnameGeneratorCreateOrUpdateSuccessResponse - delete: - operationId: deleteHostnameGenerator - summary: Deletes HostnameGenerator entity - tags: - - HostnameGenerator - parameters: - - in: path - name: name - schema: - type: string - required: true - description: name of the HostnameGenerator - responses: - '200': - content: - application/json: - schema: - $ref: '#/components/schemas/HostnameGeneratorDeleteSuccessResponse' - description: Successful response - '404': - $ref: '#/components/responses/NotFound' - /hostnamegenerators: - get: - operationId: getHostnameGeneratorList - summary: Returns a list of HostnameGenerator in the mesh. - tags: - - HostnameGenerator - parameters: - - in: query - name: offset - description: offset in the list of entities - required: false - schema: - type: integer - example: 0 - - in: query - name: size - description: the number of items per page - required: false - schema: - type: integer - default: 100 - maximum: 1000 - minimum: 1 - - in: query - name: filter - description: filter by labels when multiple filters are present, they are ANDed - required: false - schema: - type: object - properties: - key: - type: string - value: - type: string - example: - label.k8s.kuma.io/namespace: my-ns - responses: - '200': - $ref: '#/components/responses/HostnameGeneratorList' - /meshes/{mesh}/meshexternalservices/{name}: - get: - operationId: getMeshExternalService - summary: Returns MeshExternalService entity - tags: - - MeshExternalService - parameters: - - in: path - name: mesh - schema: - type: string - required: true - description: name of the mesh - - in: path - name: name - schema: - type: string - required: true - description: name of the MeshExternalService - responses: - '200': - $ref: '#/components/responses/MeshExternalServiceItem' - '404': - $ref: '#/components/responses/NotFound' - put: - operationId: putMeshExternalService - summary: Creates or Updates MeshExternalService entity - tags: - - MeshExternalService - parameters: - - in: path - name: mesh - schema: - type: string - required: true - description: name of the mesh - - in: path - name: name - schema: - type: string - required: true - description: name of the MeshExternalService - requestBody: - description: Put request - required: true - content: - application/json: - schema: - $ref: '#/components/schemas/MeshExternalServiceItem' - responses: - '200': - description: Updated - content: - application/json: - schema: - $ref: >- - #/components/schemas/MeshExternalServiceCreateOrUpdateSuccessResponse - '201': - description: Created - content: - application/json: - schema: - $ref: >- - #/components/schemas/MeshExternalServiceCreateOrUpdateSuccessResponse - delete: - operationId: deleteMeshExternalService - summary: Deletes MeshExternalService entity - tags: - - MeshExternalService - parameters: - - in: path - name: mesh - schema: - type: string - required: true - description: name of the mesh - - in: path - name: name - schema: - type: string - required: true - description: name of the MeshExternalService - responses: - '200': - content: - application/json: - schema: - $ref: '#/components/schemas/MeshExternalServiceDeleteSuccessResponse' - description: Successful response - '404': - $ref: '#/components/responses/NotFound' - /meshes/{mesh}/meshexternalservices: - get: - operationId: getMeshExternalServiceList - summary: Returns a list of MeshExternalService in the mesh. - tags: - - MeshExternalService - parameters: - - in: query - name: offset - description: offset in the list of entities - required: false - schema: - type: integer - example: 0 - - in: query - name: size - description: the number of items per page - required: false - schema: - type: integer - default: 100 - maximum: 1000 - minimum: 1 - - in: query - name: filter - description: filter by labels when multiple filters are present, they are ANDed - required: false - schema: - type: object - properties: - key: - type: string - value: - type: string - example: - label.k8s.kuma.io/namespace: my-ns - - in: path - name: mesh - schema: - type: string - required: true - description: name of the mesh - responses: - '200': - $ref: '#/components/responses/MeshExternalServiceList' - /meshes/{mesh}/meshmultizoneservices/{name}: - get: - operationId: getMeshMultiZoneService - summary: Returns MeshMultiZoneService entity - tags: - - MeshMultiZoneService - parameters: - - in: path - name: mesh - schema: - type: string - required: true - description: name of the mesh - - in: path - name: name - schema: - type: string - required: true - description: name of the MeshMultiZoneService - responses: - '200': - $ref: '#/components/responses/MeshMultiZoneServiceItem' - '404': - $ref: '#/components/responses/NotFound' - put: - operationId: putMeshMultiZoneService - summary: Creates or Updates MeshMultiZoneService entity - tags: - - MeshMultiZoneService - parameters: - - in: path - name: mesh - schema: - type: string - required: true - description: name of the mesh - - in: path - name: name - schema: - type: string - required: true - description: name of the MeshMultiZoneService - requestBody: - description: Put request - required: true - content: - application/json: - schema: - $ref: '#/components/schemas/MeshMultiZoneServiceItem' - responses: - '200': - description: Updated - content: - application/json: - schema: - $ref: >- - #/components/schemas/MeshMultiZoneServiceCreateOrUpdateSuccessResponse - '201': - description: Created - content: - application/json: - schema: - $ref: >- - #/components/schemas/MeshMultiZoneServiceCreateOrUpdateSuccessResponse - delete: - operationId: deleteMeshMultiZoneService - summary: Deletes MeshMultiZoneService entity - tags: - - MeshMultiZoneService - parameters: - - in: path - name: mesh - schema: - type: string - required: true - description: name of the mesh - - in: path - name: name - schema: - type: string - required: true - description: name of the MeshMultiZoneService - responses: - '200': - content: - application/json: - schema: - $ref: '#/components/schemas/MeshMultiZoneServiceDeleteSuccessResponse' - description: Successful response - '404': - $ref: '#/components/responses/NotFound' - /meshes/{mesh}/meshmultizoneservices: - get: - operationId: getMeshMultiZoneServiceList - summary: Returns a list of MeshMultiZoneService in the mesh. - tags: - - MeshMultiZoneService - parameters: - - in: query - name: offset - description: offset in the list of entities - required: false - schema: - type: integer - example: 0 - - in: query - name: size - description: the number of items per page - required: false - schema: - type: integer - default: 100 - maximum: 1000 - minimum: 1 - - in: query - name: filter - description: filter by labels when multiple filters are present, they are ANDed - required: false - schema: - type: object - properties: - key: - type: string - value: - type: string - example: - label.k8s.kuma.io/namespace: my-ns - - in: path - name: mesh - schema: - type: string - required: true - description: name of the mesh - responses: - '200': - $ref: '#/components/responses/MeshMultiZoneServiceList' - /meshes/{mesh}/meshservices/{name}: - get: - operationId: getMeshService - summary: Returns MeshService entity - tags: - - MeshService - parameters: - - in: path - name: mesh - schema: - type: string - required: true - description: name of the mesh - - in: path - name: name - schema: - type: string - required: true - description: name of the MeshService - responses: - '200': - $ref: '#/components/responses/MeshServiceItem' - '404': - $ref: '#/components/responses/NotFound' - put: - operationId: putMeshService - summary: Creates or Updates MeshService entity - tags: - - MeshService - parameters: - - in: path - name: mesh - schema: - type: string - required: true - description: name of the mesh - - in: path - name: name - schema: - type: string - required: true - description: name of the MeshService - requestBody: - description: Put request - required: true - content: - application/json: - schema: - $ref: '#/components/schemas/MeshServiceItem' - responses: - '200': - description: Updated - content: - application/json: - schema: - $ref: '#/components/schemas/MeshServiceCreateOrUpdateSuccessResponse' - '201': - description: Created - content: - application/json: - schema: - $ref: '#/components/schemas/MeshServiceCreateOrUpdateSuccessResponse' - delete: - operationId: deleteMeshService - summary: Deletes MeshService entity - tags: - - MeshService - parameters: - - in: path - name: mesh - schema: - type: string - required: true - description: name of the mesh - - in: path - name: name - schema: - type: string - required: true - description: name of the MeshService - responses: - '200': - content: - application/json: - schema: - $ref: '#/components/schemas/MeshServiceDeleteSuccessResponse' - description: Successful response - '404': - $ref: '#/components/responses/NotFound' - /meshes/{mesh}/meshservices: - get: - operationId: getMeshServiceList - summary: Returns a list of MeshService in the mesh. - tags: - - MeshService - parameters: - - in: query - name: offset - description: offset in the list of entities - required: false - schema: - type: integer - example: 0 - - in: query - name: size - description: the number of items per page - required: false - schema: - type: integer - default: 100 - maximum: 1000 - minimum: 1 - - in: query - name: filter - description: filter by labels when multiple filters are present, they are ANDed - required: false - schema: - type: object - properties: - key: - type: string - value: - type: string - example: - label.k8s.kuma.io/namespace: my-ns - - in: path - name: mesh - schema: - type: string - required: true - description: name of the mesh - responses: - '200': - $ref: '#/components/responses/MeshServiceList' -components: - securitySchemes: - BasicAuth: - type: http - scheme: basic - BearerAuth: - type: http - scheme: bearer - schemas: - Index: - type: object - title: Index - description: Some metadata about the service - required: - - hostname - - product - - version - - instanceId - - clusterId - - gui - properties: - hostname: - type: string - product: - type: string - description: The product line (Kuma for OSS, different for other distributions) - version: - type: string - description: The semantic version of the server running - instanceId: - type: string - description: A unique id to identify the instance requested - clusterId: - type: string - description: A unique id to identify the cluster being connected to - gui: - type: string - description: The path to the GUI - basedOnKuma: - type: string - description: >- - In case of an alternative distribution of Kuma the Kuma version this - release is based on - ResourceTypeDescriptionList: - type: object - title: ResourceTypeDescriptionList - description: A list of all resources install - required: - - resources - properties: - resources: - type: array - items: - $ref: '#/components/schemas/ResourceTypeDescription' - InspectDataplanesForPolicy: - type: object - title: InspectDataplanesForPolicy - description: A list of proxies - required: - - total - - items - properties: - total: - type: integer - example: 200 - next: - type: string - items: - type: array - items: - $ref: '#/components/schemas/Meta' - DataplaneXDSConfig: - type: object - title: DataplaneXDSConfig - required: - - xds - properties: - xds: - description: The raw XDS config as an inline JSON object - type: object - diff: - description: > - Contains a diff in a JSONPatch format between the XDS config - returned in 'xds' and the current proxy XDS config. - - By default, the field is empty. To include the diff in the response, - use the `include=diff` query parameter. - type: array - items: - $ref: '#/components/schemas/JsonPatchItem' - InspectRules: - type: object - title: InspectRules - description: A list of rules for a dataplane - required: - - rules - - resource - - httpMatches - properties: - resource: - $ref: '#/components/schemas/Meta' - rules: - type: array - items: - $ref: '#/components/schemas/InspectRule' - httpMatches: - type: array - items: - $ref: '#/components/schemas/HttpMatch' - BaseStatus: - type: object - title: Status - required: - - online - - total - properties: - online: - type: integer - example: 10 - total: - type: integer - example: 30 - FullStatus: - allOf: - - $ref: '#/components/schemas/BaseStatus' - - type: object - required: - - offline - - partiallyDegraded - properties: - offline: - type: integer - example: 15 - partiallyDegraded: - type: integer - example: 5 - ServicesStats: - type: object - title: ServicesStats - description: Services statistics - required: - - total - - internal - - external - - gatewayBuiltin - - gatewayDelegated - properties: - internal: - description: Internal services statistics - allOf: - - $ref: '#/components/schemas/FullStatus' - external: - type: object - description: External services statistics - required: - - total - properties: - total: - type: integer - example: 5 - gatewayBuiltin: - description: Builtin Gateway services statistics - allOf: - - $ref: '#/components/schemas/FullStatus' - gatewayDelegated: - description: Delegated Gateway services statistics - allOf: - - $ref: '#/components/schemas/FullStatus' - ZonesStats: - type: object - title: Zones Stats - description: Zone statistics - required: - - controlPlanes - - zoneEgresses - - zoneIngresses - properties: - controlPlanes: - description: Control Planes statistics - allOf: - - $ref: '#/components/schemas/BaseStatus' - zoneEgresses: - description: Zone Egresses statistics - allOf: - - $ref: '#/components/schemas/BaseStatus' - zoneIngresses: - description: Zone Ingresses statistics - allOf: - - $ref: '#/components/schemas/BaseStatus' - DataplanesStats: - type: object - title: Dataplanes Stats - description: Dataplanes statistics - required: - - standard - - gatewayBuiltin - - gatewayDelegated - properties: - standard: - description: Standard dataplane proxy statistics - allOf: - - $ref: '#/components/schemas/FullStatus' - gatewayBuiltin: - description: Builtin Gateway dataplane proxy statistics - allOf: - - $ref: '#/components/schemas/FullStatus' - gatewayDelegated: - description: Delegated Gateway dataplane proxy statistics - allOf: - - $ref: '#/components/schemas/FullStatus' - PoliciesStats: - type: object - title: Policies Stats - description: Policies statistics - required: - - total - properties: - total: - type: integer - description: Number of policies - example: 30 - ResourceStats: - type: object - title: Resource Stats - description: Resource statistics - required: - - total - properties: - total: - type: integer - description: Number of resources - example: 30 - MeshesStats: - type: object - title: Meshes Stats - description: Mesh statistics - required: - - total - properties: - total: - type: integer - description: Number of meshes - example: 3 - schemas-GlobalInsight: - type: object - title: GlobalInsight - description: Global Insight contains statistics for all main resources - required: - - createdAt - - services - - zones - - dataplanes - - policies - - meshes - - resources - properties: - createdAt: - type: string - description: Time of Global Insight creation - format: date-time - example: '2023-01-11T02:30:42.227Z' - services: - description: Mesh services statistics - allOf: - - $ref: '#/components/schemas/ServicesStats' - zones: - description: Zones statistics - allOf: - - $ref: '#/components/schemas/ZonesStats' - dataplanes: - description: Dataplane proxy statistics - allOf: - - $ref: '#/components/schemas/DataplanesStats' - policies: - description: Policies statistics - allOf: - - $ref: '#/components/schemas/PoliciesStats' - meshes: - description: Mesh statistics - allOf: - - $ref: '#/components/schemas/MeshesStats' - resources: - type: object - additionalProperties: - $ref: '#/components/schemas/ResourceStats' - description: A map of resource names to their corresponding statistics - GlobalInsight: - allOf: - - $ref: '#/components/schemas/schemas-GlobalInsight' - InspectHostnames: - type: object - title: InspectHostnames - description: A list of hostnames - required: - - total - - items - properties: - total: - type: integer - example: 200 - items: - type: array - items: - $ref: '#/components/schemas/InspectHostname' - InspectHostname: - type: object - title: InspectHostname - description: An supported hostname along with the zones it exists in - required: - - hostname - - zones - properties: - hostname: - type: string - description: Generated hostname - example: redis.redis-system.svc.east.mesh.local - zones: - type: array - items: - $ref: '#/components/schemas/InspectHostnameZone' - InspectHostnameZone: - type: object - title: InspectHostnameZone - description: A name of the zone in which the hostname is available - required: - - name - properties: - name: - type: string - example: east - InvalidParameters: - type: object - title: Invalid Parameters - properties: - field: - type: string - reason: - type: string - rule: - type: string - choices: - type: array - items: - type: string - Error: - type: object - title: Error - description: standard error - x-examples: - Example 1: - status: 404 - title: Not Found - type: https://kongapi.info/konnect/not-found - instance: portal:trace:2287285207635123011 - detail: The requested document was not found - required: - - status - - title - - instance - properties: - status: - type: integer - description: The HTTP status code. - example: 404 - title: - type: string - description: The error response code. - example: Not Found - type: - type: string - description: The error type. - example: Not Found - instance: - type: string - example: portal:trace:2287285207635123011 - description: The portal traceback code - detail: - type: string - example: The requested team was not found - description: Details about the error. - invalid_parameters: - type: array - description: TODO - items: - $ref: '#/components/schemas/InvalidParameters' - PolicyDescription: - type: object - required: - - hasToTargetRef - - hasFromTargetRef - - isTargetRef - - isFromAsRules - description: information about a policy - properties: - isTargetRef: - description: whether this policy uses targetRef matching - type: boolean - hasToTargetRef: - description: indicates that this policy can be used as an outbound policy - type: boolean - hasFromTargetRef: - description: indicates that this policy can be used as an inbound policy - type: boolean - isFromAsRules: - description: >- - If set to `true`, performs a backward compatibility conversion from - the deprecated 'from' array to the new 'rules' array. This ensures - older policies remain functional under the updated schema. - type: boolean - ResourceTypeDescription: - description: >- - Description of a resource type, this is useful for dynamically generated - clients and the gui - type: object - required: - - name - - scope - - readOnly - - path - - singularDisplayName - - pluralDisplayName - - includeInFederation - properties: - name: - description: the name of the resource type - type: string - scope: - type: string - enum: - - Global - - Mesh - readOnly: - type: boolean - path: - description: >- - the path to use for accessing this resource. If scope is `Global` - then it will be `/` otherwise it will be `/meshes/` - type: string - singularDisplayName: - type: string - pluralDisplayName: - type: string - includeInFederation: - description: >- - description resources of this type should be included in - federetion-with-policies export profile (especially useful for - moving from non-federated to federated or migrating to a new - global). - type: boolean - policy: - $ref: '#/components/schemas/PolicyDescription' - Meta: - type: object - required: - - type - - mesh - - name - - labels - properties: - type: - type: string - example: Dataplane - description: the type of this resource - mesh: - type: string - example: default - description: the mesh this resource is part of - name: - type: string - example: my-resource - description: the name of the resource - labels: - type: object - additionalProperties: - type: string - example: - k8s.kuma.io/namespace: kuma-system - kuma.io/display-name: mtp - kuma.io/mesh: default - kuma.io/origin: zone - description: the label of the resource - ProxyRule: - description: a rule that affects the entire proxy - type: object - required: - - conf - - origin - properties: - conf: - description: The actual conf generated - type: object - additionalProperties: true - x-go-type: interface{} - origin: - type: array - items: - $ref: '#/components/schemas/Meta' - RuleMatcher: - type: object - required: - - key - - value - - not - description: A matcher to select which traffic this conf applies to - properties: - key: - type: string - description: the key to match against - example: kuma.io/service - value: - type: string - description: the value for the key to match against - example: my-cool-service - not: - type: boolean - description: whether we check on the absence of this key:value pair - Rule: - type: object - required: - - matchers - - conf - - origin - properties: - matchers: - type: array - items: - $ref: '#/components/schemas/RuleMatcher' - conf: - description: The actual conf generated - type: object - additionalProperties: true - x-go-type: interface{} - origin: - type: array - items: - $ref: '#/components/schemas/Meta' - ResourceRuleOrigin: - type: object - properties: - resourceMeta: - $ref: '#/components/schemas/Meta' - ruleIndex: - description: index of the to-item in the policy - type: integer - ResourceRule: - type: object - required: - - resourceMeta - - conf - - origin - properties: - resourceMeta: - $ref: '#/components/schemas/Meta' - resourceSectionName: - type: string - conf: - description: The actual conf generated - type: array - items: - type: object - additionalProperties: true - x-go-type: interface{} - origin: - type: array - description: >- - The list of policies that contributed to the 'conf'. The order is - important as it reflects in what order confs were merged to get the - resulting 'conf'. - items: - $ref: '#/components/schemas/ResourceRuleOrigin' - Inbound: - type: object - required: - - tags - - port - properties: - name: - type: string - tags: - type: object - additionalProperties: - type: string - x-go-type: map[string]string - port: - type: integer - FromRule: - type: object - required: - - rules - - inbound - properties: - inbound: - $ref: '#/components/schemas/Inbound' - rules: - type: array - items: - $ref: '#/components/schemas/Rule' - InboundRule: - type: object - required: - - conf - - origin - properties: - conf: - description: >- - The final computed configuration for the data plane proxy, derived - by merging all policies whose 'targetRef' field matches the proxy. - The merging process follows [RFC 7396 (JSON Merge - Patch)](https://datatracker.ietf.org/doc/html/rfc7396), with the - order of merging influenced by factors such as where the policy was - applied (e.g., custom namespace, system, or global control plane), - policy role, and targetRef specificity. - type: array - items: - type: object - additionalProperties: true - x-go-type: interface{} - origin: - type: array - description: >- - The list of policies that contributed to the 'conf'. The order is - important as it reflects in what order confs were merged to get the - resulting 'conf'. - items: - $ref: '#/components/schemas/ResourceRuleOrigin' - InboundRulesEntry: - type: object - required: - - inbound - - rules - properties: - inbound: - $ref: '#/components/schemas/Inbound' - rules: - type: array - description: >- - The 'rules' field is an array to allow for future expansion when - 'matches' conditions are added. Currently, it contains a single - item. - items: - $ref: '#/components/schemas/InboundRule' - InspectRule: - type: object - required: - - type - properties: - type: - type: string - example: MeshRetry - description: the type of the policy - proxyRule: - $ref: '#/components/schemas/ProxyRule' - toRules: - type: array - description: >- - a set of rules for the outbounds of this proxy. The field is not set - when 'meshService.mode' on Mesh is set to 'Exclusive'. - items: - $ref: '#/components/schemas/Rule' - toResourceRules: - type: array - description: >- - a set of rules for the outbounds produced by real resources (i.e - MeshService, MeshExternalService, MeshMultiZoneService). - items: - $ref: '#/components/schemas/ResourceRule' - fromRules: - type: array - description: a set of rules for each inbound of this proxy - items: - $ref: '#/components/schemas/FromRule' - inboundRules: - type: array - description: >- - a set of rules for each inbound port of the proxy. When the policy - descriptor has 'isFromAsRules' set to true, this field supersedes - 'fromRules' and should be used instead. - items: - $ref: '#/components/schemas/InboundRulesEntry' - warnings: - type: array - description: a set of warnings to show in policy matching - example: - - Mesh is not Mtls enabled this policy will have no effect - items: - type: string - HttpMatch: - type: object - required: - - hash - - match - properties: - hash: - type: string - match: - type: object - x-go-type: interface{} - JsonPatchItem: - type: object - required: - - op - - path - - value - properties: - op: - type: string - description: Operation to be performed. - enum: - - add - - remove - - test - path: - type: string - description: >- - A JSON Pointer path indicating the part of the document to operate - on. - value: - description: The value to be used within the operations. - NotFoundError: - allOf: - - $ref: '#/components/schemas/Error' - - type: object - properties: - status: - example: 404 - title: - example: Not Found - type: - example: https://httpstatuses.com/404 - instance: - example: kong:trace:1234567890 - detail: - example: Not found - MeshAccessLogItem: - type: object - required: - - type - - name - - spec - properties: - type: - description: the type of the resource - type: string - enum: - - MeshAccessLog - mesh: - description: >- - Mesh is the name of the Kuma mesh this resource belongs to. It may - be omitted for cluster-scoped resources. - type: string - default: default - name: - description: Name of the Kuma resource - type: string - labels: - additionalProperties: - type: string - description: The labels to help identity resources - type: object - spec: - description: Spec is the specification of the Kuma MeshAccessLog resource. - properties: - from: - description: >- - From list makes a match between clients and corresponding - configurations - items: - properties: - default: - description: >- - Default is a configuration specific to the group of - clients referenced in - - 'targetRef' - properties: - backends: - items: - properties: - file: - description: >- - FileBackend defines configuration for file based - access logs - properties: - format: - description: >- - Format of access logs. Placeholders - available on - - https://www.envoyproxy.io/docs/envoy/latest/configuration/observability/access_log/usage#command-operators - properties: - json: - example: - - key: start_time - value: '%START_TIME%' - - key: bytes_received - value: '%BYTES_RECEIVED%' - items: - properties: - key: - type: string - value: - type: string - required: - - key - - value - type: object - type: array - omitEmptyValues: - default: false - type: boolean - plain: - example: >- - [%START_TIME%] %KUMA_MESH% - %UPSTREAM_HOST% - type: string - type: - enum: - - Plain - - Json - type: string - required: - - type - type: object - path: - description: Path to a file that logs will be written to - example: /tmp/access.log - minLength: 1 - type: string - required: - - path - type: object - openTelemetry: - description: Defines an OpenTelemetry logging backend. - properties: - attributes: - description: >- - Attributes can contain placeholders - available on - - https://www.envoyproxy.io/docs/envoy/latest/configuration/observability/access_log/usage#command-operators - example: - - key: mesh - value: '%KUMA_MESH%' - items: - properties: - key: - type: string - value: - type: string - required: - - key - - value - type: object - type: array - body: - description: >- - Body is a raw string or an OTLP any value as - described at - - https://github.com/open-telemetry/opentelemetry-specification/blob/main/specification/logs/data-model.md#field-body - - It can contain placeholders available on - - https://www.envoyproxy.io/docs/envoy/latest/configuration/observability/access_log/usage#command-operators - example: - kvlistValue: - values: - - key: mesh - value: - stringValue: '%KUMA_MESH%' - x-kubernetes-preserve-unknown-fields: true - endpoint: - description: >- - Endpoint of OpenTelemetry collector. An - empty port defaults to 4317. - example: otel-collector:4317 - minLength: 1 - type: string - required: - - endpoint - type: object - tcp: - description: TCPBackend defines a TCP logging backend. - properties: - address: - description: Address of the TCP logging backend - example: 127.0.0.1:5000 - minLength: 1 - type: string - format: - description: >- - Format of access logs. Placeholders - available on - - https://www.envoyproxy.io/docs/envoy/latest/configuration/observability/access_log/usage#command-operators - properties: - json: - example: - - key: start_time - value: '%START_TIME%' - - key: bytes_received - value: '%BYTES_RECEIVED%' - items: - properties: - key: - type: string - value: - type: string - required: - - key - - value - type: object - type: array - omitEmptyValues: - default: false - type: boolean - plain: - example: >- - [%START_TIME%] %KUMA_MESH% - %UPSTREAM_HOST% - type: string - type: - enum: - - Plain - - Json - type: string - required: - - type - type: object - required: - - address - type: object - type: - enum: - - Tcp - - File - - OpenTelemetry - type: string - required: - - type - type: object - type: array - type: object - targetRef: - description: >- - TargetRef is a reference to the resource that represents a - group of - - clients. - properties: - kind: - description: Kind of the referenced resource - enum: - - Mesh - - MeshSubset - - MeshGateway - - MeshService - - MeshExternalService - - MeshMultiZoneService - - MeshServiceSubset - - MeshHTTPRoute - - Dataplane - type: string - labels: - additionalProperties: - type: string - description: >- - Labels are used to select group of MeshServices that - match labels. Either Labels or - - Name and Namespace can be used. - type: object - mesh: - description: >- - Mesh is reserved for future use to identify cross mesh - resources. - type: string - name: - description: >- - Name of the referenced resource. Can only be used with - kinds: `MeshService`, - - `MeshServiceSubset` and `MeshGatewayRoute` - type: string - namespace: - description: >- - Namespace specifies the namespace of target resource. - If empty only resources in policy namespace - - will be targeted. - type: string - proxyTypes: - description: >- - ProxyTypes specifies the data plane types that are - subject to the policy. When not specified, - - all data plane types are targeted by the policy. - items: - enum: - - Sidecar - - Gateway - type: string - type: array - sectionName: - description: >- - SectionName is used to target specific section of - resource. - - For example, you can target port from - MeshService.ports[] by its name. Only traffic to this - port will be affected. - type: string - tags: - additionalProperties: - type: string - description: >- - Tags used to select a subset of proxies by tags. Can - only be used with kinds - - `MeshSubset` and `MeshServiceSubset` - type: object - required: - - kind - type: object - required: - - default - - targetRef - type: object - type: array - rules: - description: >- - Rules defines inbound access log configurations. Currently - limited to - - selecting all inbound traffic, as L7 matching is not yet - implemented. - items: - properties: - default: - description: >- - Default contains configuration of the inbound access - logging - properties: - backends: - items: - properties: - file: - description: >- - FileBackend defines configuration for file based - access logs - properties: - format: - description: >- - Format of access logs. Placeholders - available on - - https://www.envoyproxy.io/docs/envoy/latest/configuration/observability/access_log/usage#command-operators - properties: - json: - example: - - key: start_time - value: '%START_TIME%' - - key: bytes_received - value: '%BYTES_RECEIVED%' - items: - properties: - key: - type: string - value: - type: string - required: - - key - - value - type: object - type: array - omitEmptyValues: - default: false - type: boolean - plain: - example: >- - [%START_TIME%] %KUMA_MESH% - %UPSTREAM_HOST% - type: string - type: - enum: - - Plain - - Json - type: string - required: - - type - type: object - path: - description: Path to a file that logs will be written to - example: /tmp/access.log - minLength: 1 - type: string - required: - - path - type: object - openTelemetry: - description: Defines an OpenTelemetry logging backend. - properties: - attributes: - description: >- - Attributes can contain placeholders - available on - - https://www.envoyproxy.io/docs/envoy/latest/configuration/observability/access_log/usage#command-operators - example: - - key: mesh - value: '%KUMA_MESH%' - items: - properties: - key: - type: string - value: - type: string - required: - - key - - value - type: object - type: array - body: - description: >- - Body is a raw string or an OTLP any value as - described at - - https://github.com/open-telemetry/opentelemetry-specification/blob/main/specification/logs/data-model.md#field-body - - It can contain placeholders available on - - https://www.envoyproxy.io/docs/envoy/latest/configuration/observability/access_log/usage#command-operators - example: - kvlistValue: - values: - - key: mesh - value: - stringValue: '%KUMA_MESH%' - x-kubernetes-preserve-unknown-fields: true - endpoint: - description: >- - Endpoint of OpenTelemetry collector. An - empty port defaults to 4317. - example: otel-collector:4317 - minLength: 1 - type: string - required: - - endpoint - type: object - tcp: - description: TCPBackend defines a TCP logging backend. - properties: - address: - description: Address of the TCP logging backend - example: 127.0.0.1:5000 - minLength: 1 - type: string - format: - description: >- - Format of access logs. Placeholders - available on - - https://www.envoyproxy.io/docs/envoy/latest/configuration/observability/access_log/usage#command-operators - properties: - json: - example: - - key: start_time - value: '%START_TIME%' - - key: bytes_received - value: '%BYTES_RECEIVED%' - items: - properties: - key: - type: string - value: - type: string - required: - - key - - value - type: object - type: array - omitEmptyValues: - default: false - type: boolean - plain: - example: >- - [%START_TIME%] %KUMA_MESH% - %UPSTREAM_HOST% - type: string - type: - enum: - - Plain - - Json - type: string - required: - - type - type: object - required: - - address - type: object - type: - enum: - - Tcp - - File - - OpenTelemetry - type: string - required: - - type - type: object - type: array - type: object - required: - - default - type: object - type: array - targetRef: - description: >- - TargetRef is a reference to the resource the policy takes an - effect on. - - The resource could be either a real store object or virtual - resource - - defined in-place. - properties: - kind: - description: Kind of the referenced resource - enum: - - Mesh - - MeshSubset - - MeshGateway - - MeshService - - MeshExternalService - - MeshMultiZoneService - - MeshServiceSubset - - MeshHTTPRoute - - Dataplane - type: string - labels: - additionalProperties: - type: string - description: >- - Labels are used to select group of MeshServices that match - labels. Either Labels or - - Name and Namespace can be used. - type: object - mesh: - description: >- - Mesh is reserved for future use to identify cross mesh - resources. - type: string - name: - description: >- - Name of the referenced resource. Can only be used with - kinds: `MeshService`, - - `MeshServiceSubset` and `MeshGatewayRoute` - type: string - namespace: - description: >- - Namespace specifies the namespace of target resource. If - empty only resources in policy namespace - - will be targeted. - type: string - proxyTypes: - description: >- - ProxyTypes specifies the data plane types that are subject - to the policy. When not specified, - - all data plane types are targeted by the policy. - items: - enum: - - Sidecar - - Gateway - type: string - type: array - sectionName: - description: >- - SectionName is used to target specific section of resource. - - For example, you can target port from MeshService.ports[] by - its name. Only traffic to this port will be affected. - type: string - tags: - additionalProperties: - type: string - description: >- - Tags used to select a subset of proxies by tags. Can only be - used with kinds - - `MeshSubset` and `MeshServiceSubset` - type: object - required: - - kind - type: object - to: - description: >- - To list makes a match between the consumed services and - corresponding configurations - items: - properties: - default: - description: >- - Default is a configuration specific to the group of - destinations referenced in - - 'targetRef' - properties: - backends: - items: - properties: - file: - description: >- - FileBackend defines configuration for file based - access logs - properties: - format: - description: >- - Format of access logs. Placeholders - available on - - https://www.envoyproxy.io/docs/envoy/latest/configuration/observability/access_log/usage#command-operators - properties: - json: - example: - - key: start_time - value: '%START_TIME%' - - key: bytes_received - value: '%BYTES_RECEIVED%' - items: - properties: - key: - type: string - value: - type: string - required: - - key - - value - type: object - type: array - omitEmptyValues: - default: false - type: boolean - plain: - example: >- - [%START_TIME%] %KUMA_MESH% - %UPSTREAM_HOST% - type: string - type: - enum: - - Plain - - Json - type: string - required: - - type - type: object - path: - description: Path to a file that logs will be written to - example: /tmp/access.log - minLength: 1 - type: string - required: - - path - type: object - openTelemetry: - description: Defines an OpenTelemetry logging backend. - properties: - attributes: - description: >- - Attributes can contain placeholders - available on - - https://www.envoyproxy.io/docs/envoy/latest/configuration/observability/access_log/usage#command-operators - example: - - key: mesh - value: '%KUMA_MESH%' - items: - properties: - key: - type: string - value: - type: string - required: - - key - - value - type: object - type: array - body: - description: >- - Body is a raw string or an OTLP any value as - described at - - https://github.com/open-telemetry/opentelemetry-specification/blob/main/specification/logs/data-model.md#field-body - - It can contain placeholders available on - - https://www.envoyproxy.io/docs/envoy/latest/configuration/observability/access_log/usage#command-operators - example: - kvlistValue: - values: - - key: mesh - value: - stringValue: '%KUMA_MESH%' - x-kubernetes-preserve-unknown-fields: true - endpoint: - description: >- - Endpoint of OpenTelemetry collector. An - empty port defaults to 4317. - example: otel-collector:4317 - minLength: 1 - type: string - required: - - endpoint - type: object - tcp: - description: TCPBackend defines a TCP logging backend. - properties: - address: - description: Address of the TCP logging backend - example: 127.0.0.1:5000 - minLength: 1 - type: string - format: - description: >- - Format of access logs. Placeholders - available on - - https://www.envoyproxy.io/docs/envoy/latest/configuration/observability/access_log/usage#command-operators - properties: - json: - example: - - key: start_time - value: '%START_TIME%' - - key: bytes_received - value: '%BYTES_RECEIVED%' - items: - properties: - key: - type: string - value: - type: string - required: - - key - - value - type: object - type: array - omitEmptyValues: - default: false - type: boolean - plain: - example: >- - [%START_TIME%] %KUMA_MESH% - %UPSTREAM_HOST% - type: string - type: - enum: - - Plain - - Json - type: string - required: - - type - type: object - required: - - address - type: object - type: - enum: - - Tcp - - File - - OpenTelemetry - type: string - required: - - type - type: object - type: array - type: object - targetRef: - description: >- - TargetRef is a reference to the resource that represents a - group of - - destinations. - properties: - kind: - description: Kind of the referenced resource - enum: - - Mesh - - MeshSubset - - MeshGateway - - MeshService - - MeshExternalService - - MeshMultiZoneService - - MeshServiceSubset - - MeshHTTPRoute - - Dataplane - type: string - labels: - additionalProperties: - type: string - description: >- - Labels are used to select group of MeshServices that - match labels. Either Labels or - - Name and Namespace can be used. - type: object - mesh: - description: >- - Mesh is reserved for future use to identify cross mesh - resources. - type: string - name: - description: >- - Name of the referenced resource. Can only be used with - kinds: `MeshService`, - - `MeshServiceSubset` and `MeshGatewayRoute` - type: string - namespace: - description: >- - Namespace specifies the namespace of target resource. - If empty only resources in policy namespace - - will be targeted. - type: string - proxyTypes: - description: >- - ProxyTypes specifies the data plane types that are - subject to the policy. When not specified, - - all data plane types are targeted by the policy. - items: - enum: - - Sidecar - - Gateway - type: string - type: array - sectionName: - description: >- - SectionName is used to target specific section of - resource. - - For example, you can target port from - MeshService.ports[] by its name. Only traffic to this - port will be affected. - type: string - tags: - additionalProperties: - type: string - description: >- - Tags used to select a subset of proxies by tags. Can - only be used with kinds - - `MeshSubset` and `MeshServiceSubset` - type: object - required: - - kind - type: object - required: - - default - - targetRef - type: object - type: array - type: object - creationTime: - readOnly: true - type: string - description: Time at which the resource was created - format: date-time - example: '0001-01-01T00:00:00Z' - modificationTime: - readOnly: true - type: string - description: Time at which the resource was updated - format: date-time - example: '0001-01-01T00:00:00Z' - MeshAccessLogCreateOrUpdateSuccessResponse: - type: object - properties: - warnings: - type: array - readOnly: true - description: > - warnings is a list of warning messages to return to the requesting - Kuma API clients. - - Warning messages describe a problem the client making the API - request should correct or be aware of. - items: - type: string - MeshAccessLogDeleteSuccessResponse: - type: object - properties: {} - MeshCircuitBreakerItem: - type: object - required: - - type - - name - - spec - properties: - type: - description: the type of the resource - type: string - enum: - - MeshCircuitBreaker - mesh: - description: >- - Mesh is the name of the Kuma mesh this resource belongs to. It may - be omitted for cluster-scoped resources. - type: string - default: default - name: - description: Name of the Kuma resource - type: string - labels: - additionalProperties: - type: string - description: The labels to help identity resources - type: object - spec: - description: Spec is the specification of the Kuma MeshCircuitBreaker resource. - properties: - from: - description: >- - From list makes a match between clients and corresponding - configurations - items: - properties: - default: - description: >- - Default is a configuration specific to the group of - destinations - - referenced in 'targetRef' - properties: - connectionLimits: - description: >- - ConnectionLimits contains configuration of each - circuit breaking limit, - - which when exceeded makes the circuit breaker to - become open (no traffic - - is allowed like no current is allowed in the circuits - when physical - - circuit breaker ir open) - properties: - maxConnectionPools: - description: >- - The maximum number of connection pools per cluster - that are concurrently - - supported at once. Set this for clusters which - create a large number of - - connection pools. - format: int32 - type: integer - maxConnections: - description: >- - The maximum number of connections allowed to be - made to the upstream - - cluster. - format: int32 - type: integer - maxPendingRequests: - description: >- - The maximum number of pending requests that are - allowed to the upstream - - cluster. This limit is applied as a connection - limit for non-HTTP - - traffic. - format: int32 - type: integer - maxRequests: - description: >- - The maximum number of parallel requests that are - allowed to be made - - to the upstream cluster. This limit does not apply - to non-HTTP traffic. - format: int32 - type: integer - maxRetries: - description: >- - The maximum number of parallel retries that will - be allowed to - - the upstream cluster. - format: int32 - type: integer - type: object - outlierDetection: - description: >- - OutlierDetection contains the configuration of the - process of dynamically - - determining whether some number of hosts in an - upstream cluster are - - performing unlike the others and removing them from - the healthy load - - balancing set. Performance might be along different - axes such as - - consecutive failures, temporal success rate, temporal - latency, etc. - - Outlier detection is a form of passive health - checking. - properties: - baseEjectionTime: - description: >- - The base time that a host is ejected for. The real - time is equal to - - the base time multiplied by the number of times - the host has been - - ejected. - type: string - detectors: - description: >- - Contains configuration for supported outlier - detectors - properties: - failurePercentage: - description: >- - Failure Percentage based outlier detection - functions similarly to success - - rate detection, in that it relies on success - rate data from each host in - - a cluster. However, rather than compare those - values to the mean success - - rate of the cluster as a whole, they are - compared to a flat - - user-configured threshold. This threshold is - configured via the - - outlierDetection.failurePercentageThreshold - field. - - The other configuration fields for failure - percentage based detection are - - similar to the fields for success rate - detection. As with success rate - - detection, detection will not be performed for - a host if its request - - volume over the aggregation interval is less - than the - - outlierDetection.detectors.failurePercentage.requestVolume - value. - - Detection also will not be performed for a - cluster if the number of hosts - - with the minimum required request volume in an - interval is less than the - - outlierDetection.detectors.failurePercentage.minimumHosts - value. - properties: - minimumHosts: - description: >- - The minimum number of hosts in a cluster - in order to perform failure - - percentage-based ejection. If the total - number of hosts in the cluster is - - less than this value, failure - percentage-based ejection will not be - - performed. - format: int32 - type: integer - requestVolume: - description: >- - The minimum number of total requests that - must be collected in one - - interval (as defined by the interval - duration above) to perform failure - - percentage-based ejection for this host. - If the volume is lower than this - - setting, failure percentage-based ejection - will not be performed for this - - host. - format: int32 - type: integer - threshold: - description: >- - The failure percentage to use when - determining failure percentage-based - - outlier detection. If the failure - percentage of a given host is greater - - than or equal to this value, it will be - ejected. - format: int32 - type: integer - type: object - gatewayFailures: - description: >- - In the default mode - (outlierDetection.splitExternalLocalOriginErrors - is - - false) this detection type takes into account - a subset of 5xx errors, - - called "gateway errors" (502, 503 or 504 - status code) and local origin - - failures, such as timeout, TCP reset etc. - - In split mode - (outlierDetection.splitExternalLocalOriginErrors - is true) - - this detection type takes into account a - subset of 5xx errors, called - - "gateway errors" (502, 503 or 504 status code) - and is supported only by - - the http router. - properties: - consecutive: - description: >- - The number of consecutive gateway failures - (502, 503, 504 status codes) - - before a consecutive gateway failure - ejection occurs. - format: int32 - type: integer - type: object - localOriginFailures: - description: >- - This detection type is enabled only when - - outlierDetection.splitExternalLocalOriginErrors - is true and takes into - - account only locally originated errors - (timeout, reset, etc). - - If Envoy repeatedly cannot connect to an - upstream host or communication - - with the upstream host is repeatedly - interrupted, it will be ejected. - - Various locally originated problems are - detected: timeout, TCP reset, - - ICMP errors, etc. This detection type is - supported by http router and - - tcp proxy. - properties: - consecutive: - description: >- - The number of consecutive locally - originated failures before ejection - - occurs. Parameter takes effect only when - splitExternalAndLocalErrors - - is set to true. - format: int32 - type: integer - type: object - successRate: - description: >- - Success Rate based outlier detection - aggregates success rate data from - - every host in a cluster. Then at given - intervals ejects hosts based on - - statistical outlier detection. Success Rate - outlier detection will not be - - calculated for a host if its request volume - over the aggregation interval - - is less than the - outlierDetection.detectors.successRate.requestVolume - - value. - - Moreover, detection will not be performed for - a cluster if the number of - - hosts with the minimum required request volume - in an interval is less - - than the - outlierDetection.detectors.successRate.minimumHosts - value. - - In the default configuration mode - - (outlierDetection.splitExternalLocalOriginErrors - is false) this detection - - type takes into account all types of errors: - locally and externally - - originated. - - In split mode - (outlierDetection.splitExternalLocalOriginErrors - is true), - - locally originated errors and externally - originated (transaction) errors - - are counted and treated separately. - properties: - minimumHosts: - description: >- - The number of hosts in a cluster that must - have enough request volume to - - detect success rate outliers. If the - number of hosts is less than this - - setting, outlier detection via success - rate statistics is not performed - - for any host in the cluster. - format: int32 - type: integer - requestVolume: - description: >- - The minimum number of total requests that - must be collected in one - - interval (as defined by the interval - duration configured in - - outlierDetection section) to include this - host in success rate based - - outlier detection. If the volume is lower - than this setting, outlier - - detection via success rate statistics is - not performed for that host. - format: int32 - type: integer - standardDeviationFactor: - anyOf: - - type: integer - - type: string - description: >- - This factor is used to determine the - ejection threshold for success rate - - outlier ejection. The ejection threshold - is the difference between - - the mean success rate, and the product of - this factor and the standard - - deviation of the mean success rate: mean - - (standard_deviation * - - success_rate_standard_deviation_factor). - - Either int or decimal represented as - string. - x-kubernetes-int-or-string: true - type: object - totalFailures: - description: >- - In the default mode - (outlierDetection.splitExternalAndLocalErrors - is - - false) this detection type takes into account - all generated errors: - - locally originated and externally originated - (transaction) errors. - - In split mode - (outlierDetection.splitExternalLocalOriginErrors - is true) - - this detection type takes into account only - externally originated - - (transaction) errors, ignoring locally - originated errors. - - If an upstream host is an HTTP-server, only - 5xx types of error are taken - - into account (see Consecutive Gateway Failure - for exceptions). - - Properly formatted responses, even when they - carry an operational error - - (like index not found, access denied) are not - taken into account. - properties: - consecutive: - description: >- - The number of consecutive server-side - error responses (for HTTP traffic, - - 5xx responses; for TCP traffic, connection - failures; for Redis, failure - - to respond PONG; etc.) before a - consecutive total failure ejection - - occurs. - format: int32 - type: integer - type: object - type: object - disabled: - description: >- - When set to true, outlierDetection configuration - won't take any effect - type: boolean - healthyPanicThreshold: - anyOf: - - type: integer - - type: string - description: >- - Allows to configure panic threshold for Envoy - cluster. If not specified, - - the default is 50%. To disable panic mode, set to - 0%. - - Either int or decimal represented as string. - x-kubernetes-int-or-string: true - interval: - description: >- - The time interval between ejection analysis - sweeps. This can result in - - both new ejections and hosts being returned to - service. - type: string - maxEjectionPercent: - description: >- - The maximum % of an upstream cluster that can be - ejected due to outlier - - detection. Defaults to 10% but will eject at least - one host regardless of - - the value. - format: int32 - type: integer - splitExternalAndLocalErrors: - description: >- - Determines whether to distinguish local origin - failures from external - - errors. If set to true the following configuration - parameters are taken - - into account: - detectors.localOriginFailures.consecutive - type: boolean - type: object - type: object - targetRef: - description: >- - TargetRef is a reference to the resource that represents a - group of - - destinations. - properties: - kind: - description: Kind of the referenced resource - enum: - - Mesh - - MeshSubset - - MeshGateway - - MeshService - - MeshExternalService - - MeshMultiZoneService - - MeshServiceSubset - - MeshHTTPRoute - - Dataplane - type: string - labels: - additionalProperties: - type: string - description: >- - Labels are used to select group of MeshServices that - match labels. Either Labels or - - Name and Namespace can be used. - type: object - mesh: - description: >- - Mesh is reserved for future use to identify cross mesh - resources. - type: string - name: - description: >- - Name of the referenced resource. Can only be used with - kinds: `MeshService`, - - `MeshServiceSubset` and `MeshGatewayRoute` - type: string - namespace: - description: >- - Namespace specifies the namespace of target resource. - If empty only resources in policy namespace - - will be targeted. - type: string - proxyTypes: - description: >- - ProxyTypes specifies the data plane types that are - subject to the policy. When not specified, - - all data plane types are targeted by the policy. - items: - enum: - - Sidecar - - Gateway - type: string - type: array - sectionName: - description: >- - SectionName is used to target specific section of - resource. - - For example, you can target port from - MeshService.ports[] by its name. Only traffic to this - port will be affected. - type: string - tags: - additionalProperties: - type: string - description: >- - Tags used to select a subset of proxies by tags. Can - only be used with kinds - - `MeshSubset` and `MeshServiceSubset` - type: object - required: - - kind - type: object - required: - - targetRef - type: object - type: array - rules: - description: >- - Rules defines inbound circuit breaker configurations. Currently - limited to - - selecting all inbound traffic, as L7 matching is not yet - implemented. - items: - properties: - default: - description: >- - Default contains configuration of the inbound circuit - breaker - properties: - connectionLimits: - description: >- - ConnectionLimits contains configuration of each - circuit breaking limit, - - which when exceeded makes the circuit breaker to - become open (no traffic - - is allowed like no current is allowed in the circuits - when physical - - circuit breaker ir open) - properties: - maxConnectionPools: - description: >- - The maximum number of connection pools per cluster - that are concurrently - - supported at once. Set this for clusters which - create a large number of - - connection pools. - format: int32 - type: integer - maxConnections: - description: >- - The maximum number of connections allowed to be - made to the upstream - - cluster. - format: int32 - type: integer - maxPendingRequests: - description: >- - The maximum number of pending requests that are - allowed to the upstream - - cluster. This limit is applied as a connection - limit for non-HTTP - - traffic. - format: int32 - type: integer - maxRequests: - description: >- - The maximum number of parallel requests that are - allowed to be made - - to the upstream cluster. This limit does not apply - to non-HTTP traffic. - format: int32 - type: integer - maxRetries: - description: >- - The maximum number of parallel retries that will - be allowed to - - the upstream cluster. - format: int32 - type: integer - type: object - outlierDetection: - description: >- - OutlierDetection contains the configuration of the - process of dynamically - - determining whether some number of hosts in an - upstream cluster are - - performing unlike the others and removing them from - the healthy load - - balancing set. Performance might be along different - axes such as - - consecutive failures, temporal success rate, temporal - latency, etc. - - Outlier detection is a form of passive health - checking. - properties: - baseEjectionTime: - description: >- - The base time that a host is ejected for. The real - time is equal to - - the base time multiplied by the number of times - the host has been - - ejected. - type: string - detectors: - description: >- - Contains configuration for supported outlier - detectors - properties: - failurePercentage: - description: >- - Failure Percentage based outlier detection - functions similarly to success - - rate detection, in that it relies on success - rate data from each host in - - a cluster. However, rather than compare those - values to the mean success - - rate of the cluster as a whole, they are - compared to a flat - - user-configured threshold. This threshold is - configured via the - - outlierDetection.failurePercentageThreshold - field. - - The other configuration fields for failure - percentage based detection are - - similar to the fields for success rate - detection. As with success rate - - detection, detection will not be performed for - a host if its request - - volume over the aggregation interval is less - than the - - outlierDetection.detectors.failurePercentage.requestVolume - value. - - Detection also will not be performed for a - cluster if the number of hosts - - with the minimum required request volume in an - interval is less than the - - outlierDetection.detectors.failurePercentage.minimumHosts - value. - properties: - minimumHosts: - description: >- - The minimum number of hosts in a cluster - in order to perform failure - - percentage-based ejection. If the total - number of hosts in the cluster is - - less than this value, failure - percentage-based ejection will not be - - performed. - format: int32 - type: integer - requestVolume: - description: >- - The minimum number of total requests that - must be collected in one - - interval (as defined by the interval - duration above) to perform failure - - percentage-based ejection for this host. - If the volume is lower than this - - setting, failure percentage-based ejection - will not be performed for this - - host. - format: int32 - type: integer - threshold: - description: >- - The failure percentage to use when - determining failure percentage-based - - outlier detection. If the failure - percentage of a given host is greater - - than or equal to this value, it will be - ejected. - format: int32 - type: integer - type: object - gatewayFailures: - description: >- - In the default mode - (outlierDetection.splitExternalLocalOriginErrors - is - - false) this detection type takes into account - a subset of 5xx errors, - - called "gateway errors" (502, 503 or 504 - status code) and local origin - - failures, such as timeout, TCP reset etc. - - In split mode - (outlierDetection.splitExternalLocalOriginErrors - is true) - - this detection type takes into account a - subset of 5xx errors, called - - "gateway errors" (502, 503 or 504 status code) - and is supported only by - - the http router. - properties: - consecutive: - description: >- - The number of consecutive gateway failures - (502, 503, 504 status codes) - - before a consecutive gateway failure - ejection occurs. - format: int32 - type: integer - type: object - localOriginFailures: - description: >- - This detection type is enabled only when - - outlierDetection.splitExternalLocalOriginErrors - is true and takes into - - account only locally originated errors - (timeout, reset, etc). - - If Envoy repeatedly cannot connect to an - upstream host or communication - - with the upstream host is repeatedly - interrupted, it will be ejected. - - Various locally originated problems are - detected: timeout, TCP reset, - - ICMP errors, etc. This detection type is - supported by http router and - - tcp proxy. - properties: - consecutive: - description: >- - The number of consecutive locally - originated failures before ejection - - occurs. Parameter takes effect only when - splitExternalAndLocalErrors - - is set to true. - format: int32 - type: integer - type: object - successRate: - description: >- - Success Rate based outlier detection - aggregates success rate data from - - every host in a cluster. Then at given - intervals ejects hosts based on - - statistical outlier detection. Success Rate - outlier detection will not be - - calculated for a host if its request volume - over the aggregation interval - - is less than the - outlierDetection.detectors.successRate.requestVolume - - value. - - Moreover, detection will not be performed for - a cluster if the number of - - hosts with the minimum required request volume - in an interval is less - - than the - outlierDetection.detectors.successRate.minimumHosts - value. - - In the default configuration mode - - (outlierDetection.splitExternalLocalOriginErrors - is false) this detection - - type takes into account all types of errors: - locally and externally - - originated. - - In split mode - (outlierDetection.splitExternalLocalOriginErrors - is true), - - locally originated errors and externally - originated (transaction) errors - - are counted and treated separately. - properties: - minimumHosts: - description: >- - The number of hosts in a cluster that must - have enough request volume to - - detect success rate outliers. If the - number of hosts is less than this - - setting, outlier detection via success - rate statistics is not performed - - for any host in the cluster. - format: int32 - type: integer - requestVolume: - description: >- - The minimum number of total requests that - must be collected in one - - interval (as defined by the interval - duration configured in - - outlierDetection section) to include this - host in success rate based - - outlier detection. If the volume is lower - than this setting, outlier - - detection via success rate statistics is - not performed for that host. - format: int32 - type: integer - standardDeviationFactor: - anyOf: - - type: integer - - type: string - description: >- - This factor is used to determine the - ejection threshold for success rate - - outlier ejection. The ejection threshold - is the difference between - - the mean success rate, and the product of - this factor and the standard - - deviation of the mean success rate: mean - - (standard_deviation * - - success_rate_standard_deviation_factor). - - Either int or decimal represented as - string. - x-kubernetes-int-or-string: true - type: object - totalFailures: - description: >- - In the default mode - (outlierDetection.splitExternalAndLocalErrors - is - - false) this detection type takes into account - all generated errors: - - locally originated and externally originated - (transaction) errors. - - In split mode - (outlierDetection.splitExternalLocalOriginErrors - is true) - - this detection type takes into account only - externally originated - - (transaction) errors, ignoring locally - originated errors. - - If an upstream host is an HTTP-server, only - 5xx types of error are taken - - into account (see Consecutive Gateway Failure - for exceptions). - - Properly formatted responses, even when they - carry an operational error - - (like index not found, access denied) are not - taken into account. - properties: - consecutive: - description: >- - The number of consecutive server-side - error responses (for HTTP traffic, - - 5xx responses; for TCP traffic, connection - failures; for Redis, failure - - to respond PONG; etc.) before a - consecutive total failure ejection - - occurs. - format: int32 - type: integer - type: object - type: object - disabled: - description: >- - When set to true, outlierDetection configuration - won't take any effect - type: boolean - healthyPanicThreshold: - anyOf: - - type: integer - - type: string - description: >- - Allows to configure panic threshold for Envoy - cluster. If not specified, - - the default is 50%. To disable panic mode, set to - 0%. - - Either int or decimal represented as string. - x-kubernetes-int-or-string: true - interval: - description: >- - The time interval between ejection analysis - sweeps. This can result in - - both new ejections and hosts being returned to - service. - type: string - maxEjectionPercent: - description: >- - The maximum % of an upstream cluster that can be - ejected due to outlier - - detection. Defaults to 10% but will eject at least - one host regardless of - - the value. - format: int32 - type: integer - splitExternalAndLocalErrors: - description: >- - Determines whether to distinguish local origin - failures from external - - errors. If set to true the following configuration - parameters are taken - - into account: - detectors.localOriginFailures.consecutive - type: boolean - type: object - type: object - type: object - type: array - targetRef: - description: >- - TargetRef is a reference to the resource the policy takes an - effect on. - - The resource could be either a real store object or virtual - resource - - defined in place. - properties: - kind: - description: Kind of the referenced resource - enum: - - Mesh - - MeshSubset - - MeshGateway - - MeshService - - MeshExternalService - - MeshMultiZoneService - - MeshServiceSubset - - MeshHTTPRoute - - Dataplane - type: string - labels: - additionalProperties: - type: string - description: >- - Labels are used to select group of MeshServices that match - labels. Either Labels or - - Name and Namespace can be used. - type: object - mesh: - description: >- - Mesh is reserved for future use to identify cross mesh - resources. - type: string - name: - description: >- - Name of the referenced resource. Can only be used with - kinds: `MeshService`, - - `MeshServiceSubset` and `MeshGatewayRoute` - type: string - namespace: - description: >- - Namespace specifies the namespace of target resource. If - empty only resources in policy namespace - - will be targeted. - type: string - proxyTypes: - description: >- - ProxyTypes specifies the data plane types that are subject - to the policy. When not specified, - - all data plane types are targeted by the policy. - items: - enum: - - Sidecar - - Gateway - type: string - type: array - sectionName: - description: >- - SectionName is used to target specific section of resource. - - For example, you can target port from MeshService.ports[] by - its name. Only traffic to this port will be affected. - type: string - tags: - additionalProperties: - type: string - description: >- - Tags used to select a subset of proxies by tags. Can only be - used with kinds - - `MeshSubset` and `MeshServiceSubset` - type: object - required: - - kind - type: object - to: - description: >- - To list makes a match between the consumed services and - corresponding - - configurations - items: - properties: - default: - description: >- - Default is a configuration specific to the group of - destinations - - referenced in 'targetRef' - properties: - connectionLimits: - description: >- - ConnectionLimits contains configuration of each - circuit breaking limit, - - which when exceeded makes the circuit breaker to - become open (no traffic - - is allowed like no current is allowed in the circuits - when physical - - circuit breaker ir open) - properties: - maxConnectionPools: - description: >- - The maximum number of connection pools per cluster - that are concurrently - - supported at once. Set this for clusters which - create a large number of - - connection pools. - format: int32 - type: integer - maxConnections: - description: >- - The maximum number of connections allowed to be - made to the upstream - - cluster. - format: int32 - type: integer - maxPendingRequests: - description: >- - The maximum number of pending requests that are - allowed to the upstream - - cluster. This limit is applied as a connection - limit for non-HTTP - - traffic. - format: int32 - type: integer - maxRequests: - description: >- - The maximum number of parallel requests that are - allowed to be made - - to the upstream cluster. This limit does not apply - to non-HTTP traffic. - format: int32 - type: integer - maxRetries: - description: >- - The maximum number of parallel retries that will - be allowed to - - the upstream cluster. - format: int32 - type: integer - type: object - outlierDetection: - description: >- - OutlierDetection contains the configuration of the - process of dynamically - - determining whether some number of hosts in an - upstream cluster are - - performing unlike the others and removing them from - the healthy load - - balancing set. Performance might be along different - axes such as - - consecutive failures, temporal success rate, temporal - latency, etc. - - Outlier detection is a form of passive health - checking. - properties: - baseEjectionTime: - description: >- - The base time that a host is ejected for. The real - time is equal to - - the base time multiplied by the number of times - the host has been - - ejected. - type: string - detectors: - description: >- - Contains configuration for supported outlier - detectors - properties: - failurePercentage: - description: >- - Failure Percentage based outlier detection - functions similarly to success - - rate detection, in that it relies on success - rate data from each host in - - a cluster. However, rather than compare those - values to the mean success - - rate of the cluster as a whole, they are - compared to a flat - - user-configured threshold. This threshold is - configured via the - - outlierDetection.failurePercentageThreshold - field. - - The other configuration fields for failure - percentage based detection are - - similar to the fields for success rate - detection. As with success rate - - detection, detection will not be performed for - a host if its request - - volume over the aggregation interval is less - than the - - outlierDetection.detectors.failurePercentage.requestVolume - value. - - Detection also will not be performed for a - cluster if the number of hosts - - with the minimum required request volume in an - interval is less than the - - outlierDetection.detectors.failurePercentage.minimumHosts - value. - properties: - minimumHosts: - description: >- - The minimum number of hosts in a cluster - in order to perform failure - - percentage-based ejection. If the total - number of hosts in the cluster is - - less than this value, failure - percentage-based ejection will not be - - performed. - format: int32 - type: integer - requestVolume: - description: >- - The minimum number of total requests that - must be collected in one - - interval (as defined by the interval - duration above) to perform failure - - percentage-based ejection for this host. - If the volume is lower than this - - setting, failure percentage-based ejection - will not be performed for this - - host. - format: int32 - type: integer - threshold: - description: >- - The failure percentage to use when - determining failure percentage-based - - outlier detection. If the failure - percentage of a given host is greater - - than or equal to this value, it will be - ejected. - format: int32 - type: integer - type: object - gatewayFailures: - description: >- - In the default mode - (outlierDetection.splitExternalLocalOriginErrors - is - - false) this detection type takes into account - a subset of 5xx errors, - - called "gateway errors" (502, 503 or 504 - status code) and local origin - - failures, such as timeout, TCP reset etc. - - In split mode - (outlierDetection.splitExternalLocalOriginErrors - is true) - - this detection type takes into account a - subset of 5xx errors, called - - "gateway errors" (502, 503 or 504 status code) - and is supported only by - - the http router. - properties: - consecutive: - description: >- - The number of consecutive gateway failures - (502, 503, 504 status codes) - - before a consecutive gateway failure - ejection occurs. - format: int32 - type: integer - type: object - localOriginFailures: - description: >- - This detection type is enabled only when - - outlierDetection.splitExternalLocalOriginErrors - is true and takes into - - account only locally originated errors - (timeout, reset, etc). - - If Envoy repeatedly cannot connect to an - upstream host or communication - - with the upstream host is repeatedly - interrupted, it will be ejected. - - Various locally originated problems are - detected: timeout, TCP reset, - - ICMP errors, etc. This detection type is - supported by http router and - - tcp proxy. - properties: - consecutive: - description: >- - The number of consecutive locally - originated failures before ejection - - occurs. Parameter takes effect only when - splitExternalAndLocalErrors - - is set to true. - format: int32 - type: integer - type: object - successRate: - description: >- - Success Rate based outlier detection - aggregates success rate data from - - every host in a cluster. Then at given - intervals ejects hosts based on - - statistical outlier detection. Success Rate - outlier detection will not be - - calculated for a host if its request volume - over the aggregation interval - - is less than the - outlierDetection.detectors.successRate.requestVolume - - value. - - Moreover, detection will not be performed for - a cluster if the number of - - hosts with the minimum required request volume - in an interval is less - - than the - outlierDetection.detectors.successRate.minimumHosts - value. - - In the default configuration mode - - (outlierDetection.splitExternalLocalOriginErrors - is false) this detection - - type takes into account all types of errors: - locally and externally - - originated. - - In split mode - (outlierDetection.splitExternalLocalOriginErrors - is true), - - locally originated errors and externally - originated (transaction) errors - - are counted and treated separately. - properties: - minimumHosts: - description: >- - The number of hosts in a cluster that must - have enough request volume to - - detect success rate outliers. If the - number of hosts is less than this - - setting, outlier detection via success - rate statistics is not performed - - for any host in the cluster. - format: int32 - type: integer - requestVolume: - description: >- - The minimum number of total requests that - must be collected in one - - interval (as defined by the interval - duration configured in - - outlierDetection section) to include this - host in success rate based - - outlier detection. If the volume is lower - than this setting, outlier - - detection via success rate statistics is - not performed for that host. - format: int32 - type: integer - standardDeviationFactor: - anyOf: - - type: integer - - type: string - description: >- - This factor is used to determine the - ejection threshold for success rate - - outlier ejection. The ejection threshold - is the difference between - - the mean success rate, and the product of - this factor and the standard - - deviation of the mean success rate: mean - - (standard_deviation * - - success_rate_standard_deviation_factor). - - Either int or decimal represented as - string. - x-kubernetes-int-or-string: true - type: object - totalFailures: - description: >- - In the default mode - (outlierDetection.splitExternalAndLocalErrors - is - - false) this detection type takes into account - all generated errors: - - locally originated and externally originated - (transaction) errors. - - In split mode - (outlierDetection.splitExternalLocalOriginErrors - is true) - - this detection type takes into account only - externally originated - - (transaction) errors, ignoring locally - originated errors. - - If an upstream host is an HTTP-server, only - 5xx types of error are taken - - into account (see Consecutive Gateway Failure - for exceptions). - - Properly formatted responses, even when they - carry an operational error - - (like index not found, access denied) are not - taken into account. - properties: - consecutive: - description: >- - The number of consecutive server-side - error responses (for HTTP traffic, - - 5xx responses; for TCP traffic, connection - failures; for Redis, failure - - to respond PONG; etc.) before a - consecutive total failure ejection - - occurs. - format: int32 - type: integer - type: object - type: object - disabled: - description: >- - When set to true, outlierDetection configuration - won't take any effect - type: boolean - healthyPanicThreshold: - anyOf: - - type: integer - - type: string - description: >- - Allows to configure panic threshold for Envoy - cluster. If not specified, - - the default is 50%. To disable panic mode, set to - 0%. - - Either int or decimal represented as string. - x-kubernetes-int-or-string: true - interval: - description: >- - The time interval between ejection analysis - sweeps. This can result in - - both new ejections and hosts being returned to - service. - type: string - maxEjectionPercent: - description: >- - The maximum % of an upstream cluster that can be - ejected due to outlier - - detection. Defaults to 10% but will eject at least - one host regardless of - - the value. - format: int32 - type: integer - splitExternalAndLocalErrors: - description: >- - Determines whether to distinguish local origin - failures from external - - errors. If set to true the following configuration - parameters are taken - - into account: - detectors.localOriginFailures.consecutive - type: boolean - type: object - type: object - targetRef: - description: >- - TargetRef is a reference to the resource that represents a - group of - - destinations. - properties: - kind: - description: Kind of the referenced resource - enum: - - Mesh - - MeshSubset - - MeshGateway - - MeshService - - MeshExternalService - - MeshMultiZoneService - - MeshServiceSubset - - MeshHTTPRoute - - Dataplane - type: string - labels: - additionalProperties: - type: string - description: >- - Labels are used to select group of MeshServices that - match labels. Either Labels or - - Name and Namespace can be used. - type: object - mesh: - description: >- - Mesh is reserved for future use to identify cross mesh - resources. - type: string - name: - description: >- - Name of the referenced resource. Can only be used with - kinds: `MeshService`, - - `MeshServiceSubset` and `MeshGatewayRoute` - type: string - namespace: - description: >- - Namespace specifies the namespace of target resource. - If empty only resources in policy namespace - - will be targeted. - type: string - proxyTypes: - description: >- - ProxyTypes specifies the data plane types that are - subject to the policy. When not specified, - - all data plane types are targeted by the policy. - items: - enum: - - Sidecar - - Gateway - type: string - type: array - sectionName: - description: >- - SectionName is used to target specific section of - resource. - - For example, you can target port from - MeshService.ports[] by its name. Only traffic to this - port will be affected. - type: string - tags: - additionalProperties: - type: string - description: >- - Tags used to select a subset of proxies by tags. Can - only be used with kinds - - `MeshSubset` and `MeshServiceSubset` - type: object - required: - - kind - type: object - required: - - targetRef - type: object - type: array - type: object - creationTime: - readOnly: true - type: string - description: Time at which the resource was created - format: date-time - example: '0001-01-01T00:00:00Z' - modificationTime: - readOnly: true - type: string - description: Time at which the resource was updated - format: date-time - example: '0001-01-01T00:00:00Z' - MeshCircuitBreakerCreateOrUpdateSuccessResponse: - type: object - properties: - warnings: - type: array - readOnly: true - description: > - warnings is a list of warning messages to return to the requesting - Kuma API clients. - - Warning messages describe a problem the client making the API - request should correct or be aware of. - items: - type: string - MeshCircuitBreakerDeleteSuccessResponse: - type: object - properties: {} - MeshFaultInjectionItem: - type: object - required: - - type - - name - - spec - properties: - type: - description: the type of the resource - type: string - enum: - - MeshFaultInjection - mesh: - description: >- - Mesh is the name of the Kuma mesh this resource belongs to. It may - be omitted for cluster-scoped resources. - type: string - default: default - name: - description: Name of the Kuma resource - type: string - labels: - additionalProperties: - type: string - description: The labels to help identity resources - type: object - spec: - description: Spec is the specification of the Kuma MeshFaultInjection resource. - properties: - from: - description: >- - From list makes a match between clients and corresponding - configurations - items: - properties: - default: - description: >- - Default is a configuration specific to the group of - destinations referenced in - - 'targetRef' - properties: - http: - description: >- - Http allows to define list of Http faults between - dataplanes. - items: - description: >- - FaultInjection defines the configuration of faults - between dataplanes. - properties: - abort: - description: >- - Abort defines a configuration of not delivering - requests to destination - - service and replacing the responses from - destination dataplane by - - predefined status code - properties: - httpStatus: - description: >- - HTTP status code which will be returned to - source side - format: int32 - type: integer - percentage: - anyOf: - - type: integer - - type: string - description: >- - Percentage of requests on which abort will - be injected, has to be - - either int or decimal represented as string. - x-kubernetes-int-or-string: true - required: - - httpStatus - - percentage - type: object - delay: - description: >- - Delay defines configuration of delaying a - response from a destination - properties: - percentage: - anyOf: - - type: integer - - type: string - description: >- - Percentage of requests on which delay will - be injected, has to be - - either int or decimal represented as string. - x-kubernetes-int-or-string: true - value: - description: >- - The duration during which the response will - be delayed - type: string - required: - - percentage - - value - type: object - responseBandwidth: - description: >- - ResponseBandwidth defines a configuration to - limit the speed of - - responding to the requests - properties: - limit: - description: >- - Limit is represented by value measure in - Gbps, Mbps, kbps, e.g. - - 10kbps - type: string - percentage: - anyOf: - - type: integer - - type: string - description: >- - Percentage of requests on which response - bandwidth limit will be - - either int or decimal represented as string. - x-kubernetes-int-or-string: true - required: - - limit - - percentage - type: object - type: object - type: array - type: object - targetRef: - description: >- - TargetRef is a reference to the resource that represents a - group of - - destinations. - properties: - kind: - description: Kind of the referenced resource - enum: - - Mesh - - MeshSubset - - MeshGateway - - MeshService - - MeshExternalService - - MeshMultiZoneService - - MeshServiceSubset - - MeshHTTPRoute - - Dataplane - type: string - labels: - additionalProperties: - type: string - description: >- - Labels are used to select group of MeshServices that - match labels. Either Labels or - - Name and Namespace can be used. - type: object - mesh: - description: >- - Mesh is reserved for future use to identify cross mesh - resources. - type: string - name: - description: >- - Name of the referenced resource. Can only be used with - kinds: `MeshService`, - - `MeshServiceSubset` and `MeshGatewayRoute` - type: string - namespace: - description: >- - Namespace specifies the namespace of target resource. - If empty only resources in policy namespace - - will be targeted. - type: string - proxyTypes: - description: >- - ProxyTypes specifies the data plane types that are - subject to the policy. When not specified, - - all data plane types are targeted by the policy. - items: - enum: - - Sidecar - - Gateway - type: string - type: array - sectionName: - description: >- - SectionName is used to target specific section of - resource. - - For example, you can target port from - MeshService.ports[] by its name. Only traffic to this - port will be affected. - type: string - tags: - additionalProperties: - type: string - description: >- - Tags used to select a subset of proxies by tags. Can - only be used with kinds - - `MeshSubset` and `MeshServiceSubset` - type: object - required: - - kind - type: object - required: - - targetRef - type: object - type: array - targetRef: - description: >- - TargetRef is a reference to the resource the policy takes an - effect on. - - The resource could be either a real store object or virtual - resource - - defined inplace. - properties: - kind: - description: Kind of the referenced resource - enum: - - Mesh - - MeshSubset - - MeshGateway - - MeshService - - MeshExternalService - - MeshMultiZoneService - - MeshServiceSubset - - MeshHTTPRoute - - Dataplane - type: string - labels: - additionalProperties: - type: string - description: >- - Labels are used to select group of MeshServices that match - labels. Either Labels or - - Name and Namespace can be used. - type: object - mesh: - description: >- - Mesh is reserved for future use to identify cross mesh - resources. - type: string - name: - description: >- - Name of the referenced resource. Can only be used with - kinds: `MeshService`, - - `MeshServiceSubset` and `MeshGatewayRoute` - type: string - namespace: - description: >- - Namespace specifies the namespace of target resource. If - empty only resources in policy namespace - - will be targeted. - type: string - proxyTypes: - description: >- - ProxyTypes specifies the data plane types that are subject - to the policy. When not specified, - - all data plane types are targeted by the policy. - items: - enum: - - Sidecar - - Gateway - type: string - type: array - sectionName: - description: >- - SectionName is used to target specific section of resource. - - For example, you can target port from MeshService.ports[] by - its name. Only traffic to this port will be affected. - type: string - tags: - additionalProperties: - type: string - description: >- - Tags used to select a subset of proxies by tags. Can only be - used with kinds - - `MeshSubset` and `MeshServiceSubset` - type: object - required: - - kind - type: object - to: - description: >- - To list makes a match between clients and corresponding - configurations - items: - properties: - default: - description: >- - Default is a configuration specific to the group of - destinations referenced in - - 'targetRef' - properties: - http: - description: >- - Http allows to define list of Http faults between - dataplanes. - items: - description: >- - FaultInjection defines the configuration of faults - between dataplanes. - properties: - abort: - description: >- - Abort defines a configuration of not delivering - requests to destination - - service and replacing the responses from - destination dataplane by - - predefined status code - properties: - httpStatus: - description: >- - HTTP status code which will be returned to - source side - format: int32 - type: integer - percentage: - anyOf: - - type: integer - - type: string - description: >- - Percentage of requests on which abort will - be injected, has to be - - either int or decimal represented as string. - x-kubernetes-int-or-string: true - required: - - httpStatus - - percentage - type: object - delay: - description: >- - Delay defines configuration of delaying a - response from a destination - properties: - percentage: - anyOf: - - type: integer - - type: string - description: >- - Percentage of requests on which delay will - be injected, has to be - - either int or decimal represented as string. - x-kubernetes-int-or-string: true - value: - description: >- - The duration during which the response will - be delayed - type: string - required: - - percentage - - value - type: object - responseBandwidth: - description: >- - ResponseBandwidth defines a configuration to - limit the speed of - - responding to the requests - properties: - limit: - description: >- - Limit is represented by value measure in - Gbps, Mbps, kbps, e.g. - - 10kbps - type: string - percentage: - anyOf: - - type: integer - - type: string - description: >- - Percentage of requests on which response - bandwidth limit will be - - either int or decimal represented as string. - x-kubernetes-int-or-string: true - required: - - limit - - percentage - type: object - type: object - type: array - type: object - targetRef: - description: >- - TargetRef is a reference to the resource that represents a - group of - - destinations. - properties: - kind: - description: Kind of the referenced resource - enum: - - Mesh - - MeshSubset - - MeshGateway - - MeshService - - MeshExternalService - - MeshMultiZoneService - - MeshServiceSubset - - MeshHTTPRoute - - Dataplane - type: string - labels: - additionalProperties: - type: string - description: >- - Labels are used to select group of MeshServices that - match labels. Either Labels or - - Name and Namespace can be used. - type: object - mesh: - description: >- - Mesh is reserved for future use to identify cross mesh - resources. - type: string - name: - description: >- - Name of the referenced resource. Can only be used with - kinds: `MeshService`, - - `MeshServiceSubset` and `MeshGatewayRoute` - type: string - namespace: - description: >- - Namespace specifies the namespace of target resource. - If empty only resources in policy namespace - - will be targeted. - type: string - proxyTypes: - description: >- - ProxyTypes specifies the data plane types that are - subject to the policy. When not specified, - - all data plane types are targeted by the policy. - items: - enum: - - Sidecar - - Gateway - type: string - type: array - sectionName: - description: >- - SectionName is used to target specific section of - resource. - - For example, you can target port from - MeshService.ports[] by its name. Only traffic to this - port will be affected. - type: string - tags: - additionalProperties: - type: string - description: >- - Tags used to select a subset of proxies by tags. Can - only be used with kinds - - `MeshSubset` and `MeshServiceSubset` - type: object - required: - - kind - type: object - required: - - targetRef - type: object - type: array - type: object - creationTime: - readOnly: true - type: string - description: Time at which the resource was created - format: date-time - example: '0001-01-01T00:00:00Z' - modificationTime: - readOnly: true - type: string - description: Time at which the resource was updated - format: date-time - example: '0001-01-01T00:00:00Z' - MeshFaultInjectionCreateOrUpdateSuccessResponse: - type: object - properties: - warnings: - type: array - readOnly: true - description: > - warnings is a list of warning messages to return to the requesting - Kuma API clients. - - Warning messages describe a problem the client making the API - request should correct or be aware of. - items: - type: string - MeshFaultInjectionDeleteSuccessResponse: - type: object - properties: {} - MeshHealthCheckItem: - type: object - required: - - type - - name - - spec - properties: - type: - description: the type of the resource - type: string - enum: - - MeshHealthCheck - mesh: - description: >- - Mesh is the name of the Kuma mesh this resource belongs to. It may - be omitted for cluster-scoped resources. - type: string - default: default - name: - description: Name of the Kuma resource - type: string - labels: - additionalProperties: - type: string - description: The labels to help identity resources - type: object - spec: - description: Spec is the specification of the Kuma MeshHealthCheck resource. - properties: - targetRef: - description: >- - TargetRef is a reference to the resource the policy takes an - effect on. - - The resource could be either a real store object or virtual - resource - - defined inplace. - properties: - kind: - description: Kind of the referenced resource - enum: - - Mesh - - MeshSubset - - MeshGateway - - MeshService - - MeshExternalService - - MeshMultiZoneService - - MeshServiceSubset - - MeshHTTPRoute - - Dataplane - type: string - labels: - additionalProperties: - type: string - description: >- - Labels are used to select group of MeshServices that match - labels. Either Labels or - - Name and Namespace can be used. - type: object - mesh: - description: >- - Mesh is reserved for future use to identify cross mesh - resources. - type: string - name: - description: >- - Name of the referenced resource. Can only be used with - kinds: `MeshService`, - - `MeshServiceSubset` and `MeshGatewayRoute` - type: string - namespace: - description: >- - Namespace specifies the namespace of target resource. If - empty only resources in policy namespace - - will be targeted. - type: string - proxyTypes: - description: >- - ProxyTypes specifies the data plane types that are subject - to the policy. When not specified, - - all data plane types are targeted by the policy. - items: - enum: - - Sidecar - - Gateway - type: string - type: array - sectionName: - description: >- - SectionName is used to target specific section of resource. - - For example, you can target port from MeshService.ports[] by - its name. Only traffic to this port will be affected. - type: string - tags: - additionalProperties: - type: string - description: >- - Tags used to select a subset of proxies by tags. Can only be - used with kinds - - `MeshSubset` and `MeshServiceSubset` - type: object - required: - - kind - type: object - to: - description: >- - To list makes a match between the consumed services and - corresponding configurations - items: - properties: - default: - description: >- - Default is a configuration specific to the group of - destinations referenced in - - 'targetRef' - properties: - alwaysLogHealthCheckFailures: - description: >- - If set to true, health check failure events will - always be logged. If set - - to false, only the initial health check failure event - will be logged. The - - default value is false. - type: boolean - eventLogPath: - description: >- - Specifies the path to the file where Envoy can log - health check events. - - If empty, no event log will be written. - type: string - failTrafficOnPanic: - description: >- - If set to true, Envoy will not consider any hosts when - the cluster is in - - 'panic mode'. Instead, the cluster will fail all - requests as if all hosts - - are unhealthy. This can help avoid potentially - overwhelming a failing - - service. - type: boolean - grpc: - description: >- - GrpcHealthCheck defines gRPC configuration which will - instruct the service - - the health check will be made for is a gRPC service. - properties: - authority: - description: >- - The value of the :authority header in the gRPC - health check request, - - by default name of the cluster this health check - is associated with - type: string - disabled: - description: If true the GrpcHealthCheck is disabled - type: boolean - serviceName: - description: >- - Service name parameter which will be sent to gRPC - service - type: string - type: object - healthyPanicThreshold: - anyOf: - - type: integer - - type: string - description: >- - Allows to configure panic threshold for Envoy cluster. - If not specified, - - the default is 50%. To disable panic mode, set to 0%. - - Either int or decimal represented as string. - - Deprecated: the setting has been moved to - MeshCircuitBreaker policy, - - please use MeshCircuitBreaker policy instead. - x-kubernetes-int-or-string: true - healthyThreshold: - description: >- - Number of consecutive healthy checks before - considering a host healthy. - - If not specified then the default value is 1 - format: int32 - type: integer - http: - description: >- - HttpHealthCheck defines HTTP configuration which will - instruct the service - - the health check will be made for is an HTTP service. - properties: - disabled: - description: If true the HttpHealthCheck is disabled - type: boolean - expectedStatuses: - description: >- - List of HTTP response statuses which are - considered healthy - items: - format: int32 - type: integer - type: array - path: - description: >- - The HTTP path which will be requested during the - health check - - (ie. /health) - - If not specified then the default value is "/" - type: string - requestHeadersToAdd: - description: >- - The list of HTTP headers which should be added to - each health check - - request - properties: - add: - items: - properties: - name: - maxLength: 256 - minLength: 1 - pattern: ^[a-z0-9!#$%&'*+\-.^_\x60|~]+$ - type: string - value: - type: string - required: - - name - - value - type: object - maxItems: 16 - type: array - x-kubernetes-list-map-keys: - - name - x-kubernetes-list-type: map - set: - items: - properties: - name: - maxLength: 256 - minLength: 1 - pattern: ^[a-z0-9!#$%&'*+\-.^_\x60|~]+$ - type: string - value: - type: string - required: - - name - - value - type: object - maxItems: 16 - type: array - x-kubernetes-list-map-keys: - - name - x-kubernetes-list-type: map - type: object - type: object - initialJitter: - description: >- - If specified, Envoy will start health checking after a - random time in - - ms between 0 and initialJitter. This only applies to - the first health - - check. - type: string - interval: - description: |- - Interval between consecutive health checks. - If not specified then the default value is 1m - type: string - intervalJitter: - description: >- - If specified, during every interval Envoy will add - IntervalJitter to the - - wait time. - type: string - intervalJitterPercent: - description: >- - If specified, during every interval Envoy will add - IntervalJitter * - - IntervalJitterPercent / 100 to the wait time. If - IntervalJitter and - - IntervalJitterPercent are both set, both of them will - be used to - - increase the wait time. - format: int32 - type: integer - noTrafficInterval: - description: >- - The "no traffic interval" is a special health check - interval that is used - - when a cluster has never had traffic routed to it. - This lower interval - - allows cluster information to be kept up to date, - without sending a - - potentially large amount of active health checking - traffic for no reason. - - Once a cluster has been used for traffic routing, - Envoy will shift back - - to using the standard health check interval that is - defined. Note that - - this interval takes precedence over any other. The - default value for "no - - traffic interval" is 60 seconds. - type: string - reuseConnection: - description: >- - Reuse health check connection between health checks. - Default is true. - type: boolean - tcp: - description: >- - TcpHealthCheck defines configuration for specifying - bytes to send and - - expected response during the health check - properties: - disabled: - description: If true the TcpHealthCheck is disabled - type: boolean - receive: - description: >- - List of Base64 encoded blocks of strings expected - as a response. When checking the response, - - "fuzzy" matching is performed such that each block - must be found, and - - in the order specified, but not necessarily - contiguous. - - If not provided or empty, checks will be performed - as "connect only" and be marked as successful when - TCP connection is successfully established. - items: - type: string - type: array - send: - description: >- - Base64 encoded content of the message which will - be sent during the health check to the target - type: string - type: object - timeout: - description: |- - Maximum time to wait for a health check response. - If not specified then the default value is 15s - type: string - unhealthyThreshold: - description: >- - Number of consecutive unhealthy checks before - considering a host - - unhealthy. - - If not specified then the default value is 5 - format: int32 - type: integer - type: object - targetRef: - description: >- - TargetRef is a reference to the resource that represents a - group of - - destinations. - properties: - kind: - description: Kind of the referenced resource - enum: - - Mesh - - MeshSubset - - MeshGateway - - MeshService - - MeshExternalService - - MeshMultiZoneService - - MeshServiceSubset - - MeshHTTPRoute - - Dataplane - type: string - labels: - additionalProperties: - type: string - description: >- - Labels are used to select group of MeshServices that - match labels. Either Labels or - - Name and Namespace can be used. - type: object - mesh: - description: >- - Mesh is reserved for future use to identify cross mesh - resources. - type: string - name: - description: >- - Name of the referenced resource. Can only be used with - kinds: `MeshService`, - - `MeshServiceSubset` and `MeshGatewayRoute` - type: string - namespace: - description: >- - Namespace specifies the namespace of target resource. - If empty only resources in policy namespace - - will be targeted. - type: string - proxyTypes: - description: >- - ProxyTypes specifies the data plane types that are - subject to the policy. When not specified, - - all data plane types are targeted by the policy. - items: - enum: - - Sidecar - - Gateway - type: string - type: array - sectionName: - description: >- - SectionName is used to target specific section of - resource. - - For example, you can target port from - MeshService.ports[] by its name. Only traffic to this - port will be affected. - type: string - tags: - additionalProperties: - type: string - description: >- - Tags used to select a subset of proxies by tags. Can - only be used with kinds - - `MeshSubset` and `MeshServiceSubset` - type: object - required: - - kind - type: object - required: - - targetRef - type: object - type: array - type: object - creationTime: - readOnly: true - type: string - description: Time at which the resource was created - format: date-time - example: '0001-01-01T00:00:00Z' - modificationTime: - readOnly: true - type: string - description: Time at which the resource was updated - format: date-time - example: '0001-01-01T00:00:00Z' - MeshHealthCheckCreateOrUpdateSuccessResponse: - type: object - properties: - warnings: - type: array - readOnly: true - description: > - warnings is a list of warning messages to return to the requesting - Kuma API clients. - - Warning messages describe a problem the client making the API - request should correct or be aware of. - items: - type: string - MeshHealthCheckDeleteSuccessResponse: - type: object - properties: {} - MeshHTTPRouteItem: - type: object - required: - - type - - name - - spec - properties: - type: - description: the type of the resource - type: string - enum: - - MeshHTTPRoute - mesh: - description: >- - Mesh is the name of the Kuma mesh this resource belongs to. It may - be omitted for cluster-scoped resources. - type: string - default: default - name: - description: Name of the Kuma resource - type: string - labels: - additionalProperties: - type: string - description: The labels to help identity resources - type: object - spec: - description: Spec is the specification of the Kuma MeshHTTPRoute resource. - properties: - targetRef: - description: >- - TargetRef is a reference to the resource the policy takes an - effect on. - - The resource could be either a real store object or virtual - resource - - defined inplace. - properties: - kind: - description: Kind of the referenced resource - enum: - - Mesh - - MeshSubset - - MeshGateway - - MeshService - - MeshExternalService - - MeshMultiZoneService - - MeshServiceSubset - - MeshHTTPRoute - - Dataplane - type: string - labels: - additionalProperties: - type: string - description: >- - Labels are used to select group of MeshServices that match - labels. Either Labels or - - Name and Namespace can be used. - type: object - mesh: - description: >- - Mesh is reserved for future use to identify cross mesh - resources. - type: string - name: - description: >- - Name of the referenced resource. Can only be used with - kinds: `MeshService`, - - `MeshServiceSubset` and `MeshGatewayRoute` - type: string - namespace: - description: >- - Namespace specifies the namespace of target resource. If - empty only resources in policy namespace - - will be targeted. - type: string - proxyTypes: - description: >- - ProxyTypes specifies the data plane types that are subject - to the policy. When not specified, - - all data plane types are targeted by the policy. - items: - enum: - - Sidecar - - Gateway - type: string - type: array - sectionName: - description: >- - SectionName is used to target specific section of resource. - - For example, you can target port from MeshService.ports[] by - its name. Only traffic to this port will be affected. - type: string - tags: - additionalProperties: - type: string - description: >- - Tags used to select a subset of proxies by tags. Can only be - used with kinds - - `MeshSubset` and `MeshServiceSubset` - type: object - required: - - kind - type: object - to: - description: >- - To matches destination services of requests and holds - configuration. - items: - properties: - hostnames: - description: >- - Hostnames is only valid when targeting MeshGateway and - limits the - - effects of the rules to requests to this hostname. - - Given hostnames must intersect with the hostname of the - listeners the - - route attaches to. - items: - type: string - type: array - rules: - description: >- - Rules contains the routing rules applies to a combination - of top-level - - targetRef and the targetRef in this entry. - items: - properties: - default: - description: >- - Default holds routing rules that can be merged with - rules from other - - policies. - properties: - backendRefs: - items: - description: BackendRef defines where to forward traffic. - properties: - kind: - description: Kind of the referenced resource - enum: - - Mesh - - MeshSubset - - MeshGateway - - MeshService - - MeshExternalService - - MeshMultiZoneService - - MeshServiceSubset - - MeshHTTPRoute - - Dataplane - type: string - labels: - additionalProperties: - type: string - description: >- - Labels are used to select group of - MeshServices that match labels. Either - Labels or - - Name and Namespace can be used. - type: object - mesh: - description: >- - Mesh is reserved for future use to - identify cross mesh resources. - type: string - name: - description: >- - Name of the referenced resource. Can only - be used with kinds: `MeshService`, - - `MeshServiceSubset` and `MeshGatewayRoute` - type: string - namespace: - description: >- - Namespace specifies the namespace of - target resource. If empty only resources - in policy namespace - - will be targeted. - type: string - port: - description: >- - Port is only supported when this ref - refers to a real MeshService object - format: int32 - type: integer - proxyTypes: - description: >- - ProxyTypes specifies the data plane types - that are subject to the policy. When not - specified, - - all data plane types are targeted by the - policy. - items: - enum: - - Sidecar - - Gateway - type: string - type: array - sectionName: - description: >- - SectionName is used to target specific - section of resource. - - For example, you can target port from - MeshService.ports[] by its name. Only - traffic to this port will be affected. - type: string - tags: - additionalProperties: - type: string - description: >- - Tags used to select a subset of proxies by - tags. Can only be used with kinds - - `MeshSubset` and `MeshServiceSubset` - type: object - weight: - default: 1 - minimum: 0 - type: integer - required: - - kind - type: object - type: array - filters: - items: - properties: - requestHeaderModifier: - description: >- - Only one action is supported per header - name. - - Configuration to set or add multiple - values for a header must use RFC 7230 - - header value formatting, separating each - value with a comma. - properties: - add: - items: - properties: - name: - maxLength: 256 - minLength: 1 - pattern: ^[a-z0-9!#$%&'*+\-.^_\x60|~]+$ - type: string - value: - type: string - required: - - name - - value - type: object - maxItems: 16 - type: array - x-kubernetes-list-map-keys: - - name - x-kubernetes-list-type: map - remove: - items: - type: string - maxItems: 16 - type: array - set: - items: - properties: - name: - maxLength: 256 - minLength: 1 - pattern: ^[a-z0-9!#$%&'*+\-.^_\x60|~]+$ - type: string - value: - type: string - required: - - name - - value - type: object - maxItems: 16 - type: array - x-kubernetes-list-map-keys: - - name - x-kubernetes-list-type: map - type: object - requestMirror: - properties: - backendRef: - description: >- - BackendRef defines where to forward - traffic. - properties: - kind: - description: Kind of the referenced resource - enum: - - Mesh - - MeshSubset - - MeshGateway - - MeshService - - MeshExternalService - - MeshMultiZoneService - - MeshServiceSubset - - MeshHTTPRoute - - Dataplane - type: string - labels: - additionalProperties: - type: string - description: >- - Labels are used to select group of - MeshServices that match labels. Either - Labels or - - Name and Namespace can be used. - type: object - mesh: - description: >- - Mesh is reserved for future use to - identify cross mesh resources. - type: string - name: - description: >- - Name of the referenced resource. Can - only be used with kinds: `MeshService`, - - `MeshServiceSubset` and - `MeshGatewayRoute` - type: string - namespace: - description: >- - Namespace specifies the namespace of - target resource. If empty only resources - in policy namespace - - will be targeted. - type: string - port: - description: >- - Port is only supported when this ref - refers to a real MeshService object - format: int32 - type: integer - proxyTypes: - description: >- - ProxyTypes specifies the data plane - types that are subject to the policy. - When not specified, - - all data plane types are targeted by the - policy. - items: - enum: - - Sidecar - - Gateway - type: string - type: array - sectionName: - description: >- - SectionName is used to target specific - section of resource. - - For example, you can target port from - MeshService.ports[] by its name. Only - traffic to this port will be affected. - type: string - tags: - additionalProperties: - type: string - description: >- - Tags used to select a subset of proxies - by tags. Can only be used with kinds - - `MeshSubset` and `MeshServiceSubset` - type: object - weight: - default: 1 - minimum: 0 - type: integer - required: - - kind - type: object - percentage: - anyOf: - - type: integer - - type: string - description: >- - Percentage of requests to mirror. If not - specified, all requests - - to the target cluster will be mirrored. - x-kubernetes-int-or-string: true - required: - - backendRef - type: object - requestRedirect: - properties: - hostname: - description: >- - PreciseHostname is the fully qualified - domain name of a network host. This - - matches the RFC 1123 definition of a - hostname with 1 notable exception that - - numeric IP addresses are not allowed. - - - Note that as per RFC1035 and RFC1123, a - *label* must consist of lower case - - alphanumeric characters or '-', and must - start and end with an alphanumeric - - character. No other punctuation is - allowed. - maxLength: 253 - minLength: 1 - pattern: >- - ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$ - type: string - path: - description: >- - Path defines parameters used to modify - the path of the incoming request. - - The modified path is then used to - construct the location header. - - When empty, the request path is used - as-is. - properties: - replaceFullPath: - type: string - replacePrefixMatch: - type: string - type: - enum: - - ReplaceFullPath - - ReplacePrefixMatch - type: string - required: - - type - type: object - port: - description: >- - Port is the port to be used in the value - of the `Location` - - header in the response. - - When empty, port (if specified) of the - request is used. - format: int32 - maximum: 65535 - minimum: 1 - type: integer - scheme: - enum: - - http - - https - type: string - statusCode: - default: 302 - description: >- - StatusCode is the HTTP status code to be - used in response. - enum: - - 301 - - 302 - - 303 - - 307 - - 308 - type: integer - type: object - responseHeaderModifier: - description: >- - Only one action is supported per header - name. - - Configuration to set or add multiple - values for a header must use RFC 7230 - - header value formatting, separating each - value with a comma. - properties: - add: - items: - properties: - name: - maxLength: 256 - minLength: 1 - pattern: ^[a-z0-9!#$%&'*+\-.^_\x60|~]+$ - type: string - value: - type: string - required: - - name - - value - type: object - maxItems: 16 - type: array - x-kubernetes-list-map-keys: - - name - x-kubernetes-list-type: map - remove: - items: - type: string - maxItems: 16 - type: array - set: - items: - properties: - name: - maxLength: 256 - minLength: 1 - pattern: ^[a-z0-9!#$%&'*+\-.^_\x60|~]+$ - type: string - value: - type: string - required: - - name - - value - type: object - maxItems: 16 - type: array - x-kubernetes-list-map-keys: - - name - x-kubernetes-list-type: map - type: object - type: - enum: - - RequestHeaderModifier - - ResponseHeaderModifier - - RequestRedirect - - URLRewrite - - RequestMirror - type: string - urlRewrite: - properties: - hostToBackendHostname: - description: >- - HostToBackendHostname rewrites the - hostname to the hostname of the - - upstream host. This option is only - available when targeting MeshGateways. - type: boolean - hostname: - description: >- - Hostname is the value to be used to - replace the host header value during - forwarding. - maxLength: 253 - minLength: 1 - pattern: >- - ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$ - type: string - path: - description: Path defines a path rewrite. - properties: - replaceFullPath: - type: string - replacePrefixMatch: - type: string - type: - enum: - - ReplaceFullPath - - ReplacePrefixMatch - type: string - required: - - type - type: object - type: object - required: - - type - type: object - type: array - type: object - matches: - description: >- - Matches describes how to match HTTP requests this - rule should be applied - - to. - items: - properties: - headers: - items: - description: >- - HeaderMatch describes how to select an HTTP - route by matching HTTP request - - headers. - properties: - name: - description: >- - Name is the name of the HTTP Header to - be matched. Name MUST be lower case - - as they will be handled with case - insensitivity (See - https://tools.ietf.org/html/rfc7230#section-3.2). - maxLength: 256 - minLength: 1 - pattern: ^[a-z0-9!#$%&'*+\-.^_\x60|~]+$ - type: string - type: - default: Exact - description: >- - Type specifies how to match against the - value of the header. - enum: - - Exact - - Present - - RegularExpression - - Absent - - Prefix - type: string - value: - description: >- - Value is the value of HTTP Header to be - matched. - type: string - required: - - name - type: object - type: array - method: - enum: - - CONNECT - - DELETE - - GET - - HEAD - - OPTIONS - - PATCH - - POST - - PUT - - TRACE - type: string - path: - properties: - type: - enum: - - Exact - - PathPrefix - - RegularExpression - type: string - value: - description: >- - Exact or prefix matches must be an - absolute path. A prefix matches only - - if separated by a slash or the entire - path. - minLength: 1 - type: string - required: - - type - - value - type: object - queryParams: - description: >- - QueryParams matches based on HTTP URL query - parameters. Multiple matches - - are ANDed together such that all listed - matches must succeed. - items: - properties: - name: - minLength: 1 - type: string - type: - enum: - - Exact - - RegularExpression - type: string - value: - type: string - required: - - name - - type - - value - type: object - type: array - type: object - minItems: 1 - type: array - required: - - default - - matches - type: object - type: array - targetRef: - description: >- - TargetRef is a reference to the resource that represents a - group of - - request destinations. - properties: - kind: - description: Kind of the referenced resource - enum: - - Mesh - - MeshSubset - - MeshGateway - - MeshService - - MeshExternalService - - MeshMultiZoneService - - MeshServiceSubset - - MeshHTTPRoute - - Dataplane - type: string - labels: - additionalProperties: - type: string - description: >- - Labels are used to select group of MeshServices that - match labels. Either Labels or - - Name and Namespace can be used. - type: object - mesh: - description: >- - Mesh is reserved for future use to identify cross mesh - resources. - type: string - name: - description: >- - Name of the referenced resource. Can only be used with - kinds: `MeshService`, - - `MeshServiceSubset` and `MeshGatewayRoute` - type: string - namespace: - description: >- - Namespace specifies the namespace of target resource. - If empty only resources in policy namespace - - will be targeted. - type: string - proxyTypes: - description: >- - ProxyTypes specifies the data plane types that are - subject to the policy. When not specified, - - all data plane types are targeted by the policy. - items: - enum: - - Sidecar - - Gateway - type: string - type: array - sectionName: - description: >- - SectionName is used to target specific section of - resource. - - For example, you can target port from - MeshService.ports[] by its name. Only traffic to this - port will be affected. - type: string - tags: - additionalProperties: - type: string - description: >- - Tags used to select a subset of proxies by tags. Can - only be used with kinds - - `MeshSubset` and `MeshServiceSubset` - type: object - required: - - kind - type: object - required: - - rules - - targetRef - type: object - type: array - type: object - creationTime: - readOnly: true - type: string - description: Time at which the resource was created - format: date-time - example: '0001-01-01T00:00:00Z' - modificationTime: - readOnly: true - type: string - description: Time at which the resource was updated - format: date-time - example: '0001-01-01T00:00:00Z' - MeshHTTPRouteCreateOrUpdateSuccessResponse: - type: object - properties: - warnings: - type: array - readOnly: true - description: > - warnings is a list of warning messages to return to the requesting - Kuma API clients. - - Warning messages describe a problem the client making the API - request should correct or be aware of. - items: - type: string - MeshHTTPRouteDeleteSuccessResponse: - type: object - properties: {} - MeshLoadBalancingStrategyItem: - type: object - required: - - type - - name - - spec - properties: - type: - description: the type of the resource - type: string - enum: - - MeshLoadBalancingStrategy - mesh: - description: >- - Mesh is the name of the Kuma mesh this resource belongs to. It may - be omitted for cluster-scoped resources. - type: string - default: default - name: - description: Name of the Kuma resource - type: string - labels: - additionalProperties: - type: string - description: The labels to help identity resources - type: object - spec: - description: >- - Spec is the specification of the Kuma MeshLoadBalancingStrategy - resource. - properties: - targetRef: - description: >- - TargetRef is a reference to the resource the policy takes an - effect on. - - The resource could be either a real store object or virtual - resource - - defined inplace. - properties: - kind: - description: Kind of the referenced resource - enum: - - Mesh - - MeshSubset - - MeshGateway - - MeshService - - MeshExternalService - - MeshMultiZoneService - - MeshServiceSubset - - MeshHTTPRoute - - Dataplane - type: string - labels: - additionalProperties: - type: string - description: >- - Labels are used to select group of MeshServices that match - labels. Either Labels or - - Name and Namespace can be used. - type: object - mesh: - description: >- - Mesh is reserved for future use to identify cross mesh - resources. - type: string - name: - description: >- - Name of the referenced resource. Can only be used with - kinds: `MeshService`, - - `MeshServiceSubset` and `MeshGatewayRoute` - type: string - namespace: - description: >- - Namespace specifies the namespace of target resource. If - empty only resources in policy namespace - - will be targeted. - type: string - proxyTypes: - description: >- - ProxyTypes specifies the data plane types that are subject - to the policy. When not specified, - - all data plane types are targeted by the policy. - items: - enum: - - Sidecar - - Gateway - type: string - type: array - sectionName: - description: >- - SectionName is used to target specific section of resource. - - For example, you can target port from MeshService.ports[] by - its name. Only traffic to this port will be affected. - type: string - tags: - additionalProperties: - type: string - description: >- - Tags used to select a subset of proxies by tags. Can only be - used with kinds - - `MeshSubset` and `MeshServiceSubset` - type: object - required: - - kind - type: object - to: - description: >- - To list makes a match between the consumed services and - corresponding configurations - items: - properties: - default: - description: >- - Default is a configuration specific to the group of - destinations referenced in - - 'targetRef' - properties: - loadBalancer: - description: >- - LoadBalancer allows to specify load balancing - algorithm. - properties: - leastRequest: - description: >- - LeastRequest selects N random available hosts as - specified in 'choiceCount' (2 by default) - - and picks the host which has the fewest active - requests - properties: - activeRequestBias: - anyOf: - - type: integer - - type: string - description: >- - ActiveRequestBias refers to dynamic weights - applied when hosts have varying load - - balancing weights. A higher value here - aggressively reduces the weight of endpoints - - that are currently handling active requests. - In essence, the higher the ActiveRequestBias - - value, the more forcefully it reduces the load - balancing weight of endpoints that are - - actively serving requests. - x-kubernetes-int-or-string: true - choiceCount: - description: >- - ChoiceCount is the number of random healthy - hosts from which the host with - - the fewest active requests will be chosen. - Defaults to 2 so that Envoy performs - - two-choice selection if the field is not set. - format: int32 - minimum: 2 - type: integer - type: object - maglev: - description: >- - Maglev implements consistent hashing to upstream - hosts. Maglev can be used as - - a drop in replacement for the ring hash load - balancer any place in which - - consistent hashing is desired. - properties: - hashPolicies: - description: >- - HashPolicies specify a list of - request/connection properties that are used to - calculate a hash. - - These hash policies are executed in the - specified order. If a hash policy has the - “terminal” attribute - - set to true, and there is already a hash - generated, the hash is returned immediately, - - ignoring the rest of the hash policy list. - items: - properties: - connection: - properties: - sourceIP: - description: Hash on source IP address. - type: boolean - type: object - cookie: - properties: - name: - description: >- - The name of the cookie that will be used - to obtain the hash key. - minLength: 1 - type: string - path: - description: The name of the path for the cookie. - type: string - ttl: - description: >- - If specified, a cookie with the TTL will - be generated if the cookie is not - present. - type: string - required: - - name - type: object - filterState: - properties: - key: - description: >- - The name of the Object in the - per-request filterState, which is - - an Envoy::Hashable object. If there is - no data associated with the key, - - or the stored object is not - Envoy::Hashable, no hash will be - produced. - minLength: 1 - type: string - required: - - key - type: object - header: - properties: - name: - description: >- - The name of the request header that will - be used to obtain the hash key. - minLength: 1 - type: string - required: - - name - type: object - queryParameter: - properties: - name: - description: >- - The name of the URL query parameter that - will be used to obtain the hash key. - - If the parameter is not present, no hash - will be produced. Query parameter names - - are case-sensitive. - minLength: 1 - type: string - required: - - name - type: object - terminal: - description: >- - Terminal is a flag that short-circuits - the hash computing. This field provides - - a ‘fallback’ style of configuration: “if - a terminal policy doesn’t work, fallback - - to rest of the policy list”, it saves - time when the terminal policy works. - - If true, and there is already a hash - computed, ignore rest of the list of - hash polices. - type: boolean - type: - enum: - - Header - - Cookie - - Connection - - SourceIP - - QueryParameter - - FilterState - type: string - required: - - type - type: object - type: array - tableSize: - description: >- - The table size for Maglev hashing. Maglev aims - for “minimal disruption” - - rather than an absolute guarantee. Minimal - disruption means that when - - the set of upstream hosts change, a connection - will likely be sent - - to the same upstream as it was before. - Increasing the table size reduces - - the amount of disruption. The table size must - be prime number limited to 5000011. - - If it is not specified, the default is 65537. - format: int32 - maximum: 5000011 - minimum: 1 - type: integer - type: object - random: - description: >- - Random selects a random available host. The random - load balancer generally - - performs better than round-robin if no health - checking policy is configured. - - Random selection avoids bias towards the host in - the set that comes after a failed host. - type: object - ringHash: - description: >- - RingHash implements consistent hashing to - upstream hosts. Each host is mapped - - onto a circle (the “ring”) by hashing its address; - each request is then routed - - to a host by hashing some property of the request, - and finding the nearest - - corresponding host clockwise around the ring. - properties: - hashFunction: - description: >- - HashFunction is a function used to hash hosts - onto the ketama ring. - - The value defaults to XX_HASH. Available - values – XX_HASH, MURMUR_HASH_2. - enum: - - XXHash - - MurmurHash2 - type: string - hashPolicies: - description: >- - HashPolicies specify a list of - request/connection properties that are used to - calculate a hash. - - These hash policies are executed in the - specified order. If a hash policy has the - “terminal” attribute - - set to true, and there is already a hash - generated, the hash is returned immediately, - - ignoring the rest of the hash policy list. - items: - properties: - connection: - properties: - sourceIP: - description: Hash on source IP address. - type: boolean - type: object - cookie: - properties: - name: - description: >- - The name of the cookie that will be used - to obtain the hash key. - minLength: 1 - type: string - path: - description: The name of the path for the cookie. - type: string - ttl: - description: >- - If specified, a cookie with the TTL will - be generated if the cookie is not - present. - type: string - required: - - name - type: object - filterState: - properties: - key: - description: >- - The name of the Object in the - per-request filterState, which is - - an Envoy::Hashable object. If there is - no data associated with the key, - - or the stored object is not - Envoy::Hashable, no hash will be - produced. - minLength: 1 - type: string - required: - - key - type: object - header: - properties: - name: - description: >- - The name of the request header that will - be used to obtain the hash key. - minLength: 1 - type: string - required: - - name - type: object - queryParameter: - properties: - name: - description: >- - The name of the URL query parameter that - will be used to obtain the hash key. - - If the parameter is not present, no hash - will be produced. Query parameter names - - are case-sensitive. - minLength: 1 - type: string - required: - - name - type: object - terminal: - description: >- - Terminal is a flag that short-circuits - the hash computing. This field provides - - a ‘fallback’ style of configuration: “if - a terminal policy doesn’t work, fallback - - to rest of the policy list”, it saves - time when the terminal policy works. - - If true, and there is already a hash - computed, ignore rest of the list of - hash polices. - type: boolean - type: - enum: - - Header - - Cookie - - Connection - - SourceIP - - QueryParameter - - FilterState - type: string - required: - - type - type: object - type: array - maxRingSize: - description: >- - Maximum hash ring size. Defaults to 8M - entries, and limited to 8M entries, - - but can be lowered to further constrain - resource use. - format: int32 - maximum: 8000000 - minimum: 1 - type: integer - minRingSize: - description: >- - Minimum hash ring size. The larger the ring is - (that is, - - the more hashes there are for each provided - host) the better the request distribution - - will reflect the desired weights. Defaults to - 1024 entries, and limited to 8M entries. - format: int32 - maximum: 8000000 - minimum: 1 - type: integer - type: object - roundRobin: - description: >- - RoundRobin is a load balancing algorithm that - distributes requests - - across available upstream hosts in round-robin - order. - type: object - type: - enum: - - RoundRobin - - LeastRequest - - RingHash - - Random - - Maglev - type: string - required: - - type - type: object - localityAwareness: - description: >- - LocalityAwareness contains configuration for locality - aware load balancing. - properties: - crossZone: - description: >- - CrossZone defines locality aware load balancing - priorities when dataplane proxies inside local - zone - - are unavailable - properties: - failover: - description: >- - Failover defines list of load balancing rules - in order of priority - items: - properties: - from: - description: >- - From defines the list of zones to which - the rule applies - properties: - zones: - items: - type: string - type: array - required: - - zones - type: object - to: - description: >- - To defines to which zones the traffic - should be load balanced - properties: - type: - description: >- - Type defines how target zones will be - picked from available zones - enum: - - None - - Only - - Any - - AnyExcept - type: string - zones: - items: - type: string - type: array - required: - - type - type: object - required: - - to - type: object - type: array - failoverThreshold: - description: >- - FailoverThreshold defines the percentage of - live destination dataplane proxies below which - load balancing to the - - next priority starts. - - Example: If you configure failoverThreshold to - 70, and you have deployed 10 destination - dataplane proxies. - - Load balancing to next priority will start - when number of live destination dataplane - proxies drops below 7. - - Default 50 - properties: - percentage: - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - required: - - percentage - type: object - type: object - disabled: - description: >- - Disabled allows to disable locality-aware load - balancing. - - When disabled requests are distributed across all - endpoints regardless of locality. - type: boolean - localZone: - description: >- - LocalZone defines locality aware load balancing - priorities between dataplane proxies inside a zone - properties: - affinityTags: - description: >- - AffinityTags list of tags for local zone load - balancing. - items: - properties: - key: - description: >- - Key defines tag for which affinity is - configured - type: string - weight: - description: >- - Weight of the tag used for load - balancing. The bigger the weight the - bigger the priority. - - Percentage of local traffic load - balanced to tag is computed by dividing - weight by sum of weights from all tags. - - For example with two affinity tags first - with weight 80 and second with weight - 20, - - then 80% of traffic will be redirected - to the first tag, and 20% of traffic - will be redirected to second one. - - Setting weights is not mandatory. When - weights are not set control plane will - compute default weight based on list - order. - - Default: If you do not specify weight we - will adjust them so that 90% traffic - goes to first tag, 9% to next, and 1% to - third and so on. - format: int32 - type: integer - required: - - key - type: object - type: array - type: object - type: object - type: object - targetRef: - description: >- - TargetRef is a reference to the resource that represents a - group of - - destinations. - properties: - kind: - description: Kind of the referenced resource - enum: - - Mesh - - MeshSubset - - MeshGateway - - MeshService - - MeshExternalService - - MeshMultiZoneService - - MeshServiceSubset - - MeshHTTPRoute - - Dataplane - type: string - labels: - additionalProperties: - type: string - description: >- - Labels are used to select group of MeshServices that - match labels. Either Labels or - - Name and Namespace can be used. - type: object - mesh: - description: >- - Mesh is reserved for future use to identify cross mesh - resources. - type: string - name: - description: >- - Name of the referenced resource. Can only be used with - kinds: `MeshService`, - - `MeshServiceSubset` and `MeshGatewayRoute` - type: string - namespace: - description: >- - Namespace specifies the namespace of target resource. - If empty only resources in policy namespace - - will be targeted. - type: string - proxyTypes: - description: >- - ProxyTypes specifies the data plane types that are - subject to the policy. When not specified, - - all data plane types are targeted by the policy. - items: - enum: - - Sidecar - - Gateway - type: string - type: array - sectionName: - description: >- - SectionName is used to target specific section of - resource. - - For example, you can target port from - MeshService.ports[] by its name. Only traffic to this - port will be affected. - type: string - tags: - additionalProperties: - type: string - description: >- - Tags used to select a subset of proxies by tags. Can - only be used with kinds - - `MeshSubset` and `MeshServiceSubset` - type: object - required: - - kind - type: object - required: - - targetRef - type: object - type: array - type: object - creationTime: - readOnly: true - type: string - description: Time at which the resource was created - format: date-time - example: '0001-01-01T00:00:00Z' - modificationTime: - readOnly: true - type: string - description: Time at which the resource was updated - format: date-time - example: '0001-01-01T00:00:00Z' - MeshLoadBalancingStrategyCreateOrUpdateSuccessResponse: - type: object - properties: - warnings: - type: array - readOnly: true - description: > - warnings is a list of warning messages to return to the requesting - Kuma API clients. - - Warning messages describe a problem the client making the API - request should correct or be aware of. - items: - type: string - MeshLoadBalancingStrategyDeleteSuccessResponse: - type: object - properties: {} - MeshMetricItem: - type: object - required: - - type - - name - - spec - properties: - type: - description: the type of the resource - type: string - enum: - - MeshMetric - mesh: - description: >- - Mesh is the name of the Kuma mesh this resource belongs to. It may - be omitted for cluster-scoped resources. - type: string - default: default - name: - description: Name of the Kuma resource - type: string - labels: - additionalProperties: - type: string - description: The labels to help identity resources - type: object - spec: - description: Spec is the specification of the Kuma MeshMetric resource. - properties: - default: - description: MeshMetric configuration. - properties: - applications: - description: >- - Applications is a list of application that Dataplane Proxy - will scrape - items: - properties: - address: - description: Address on which an application listens. - type: string - name: - description: Name of the application to scrape - type: string - path: - default: /metrics - description: >- - Path on which an application expose HTTP endpoint with - metrics. - type: string - port: - description: >- - Port on which an application expose HTTP endpoint with - metrics. - format: int32 - type: integer - required: - - port - type: object - type: array - backends: - description: Backends list that will be used to collect metrics. - items: - properties: - openTelemetry: - description: OpenTelemetry backend configuration - properties: - endpoint: - description: Endpoint for OpenTelemetry collector - type: string - refreshInterval: - description: >- - RefreshInterval defines how frequent metrics - should be pushed to collector - type: string - required: - - endpoint - type: object - prometheus: - description: Prometheus backend configuration. - properties: - clientId: - description: >- - ClientId of the Prometheus backend. Needed when - using MADS for DP discovery. - type: string - path: - default: /metrics - description: >- - Path on which a dataplane should expose HTTP - endpoint with Prometheus metrics. - type: string - port: - default: 5670 - description: >- - Port on which a dataplane should expose HTTP - endpoint with Prometheus metrics. - format: int32 - type: integer - tls: - description: Configuration of TLS for prometheus listener. - properties: - mode: - default: Disabled - description: Configuration of TLS for Prometheus listener. - enum: - - Disabled - - ProvidedTLS - - ActiveMTLSBackend - type: string - type: object - type: object - type: - description: >- - Type of the backend that will be used to collect - metrics. At the moment only Prometheus backend is - available. - enum: - - Prometheus - - OpenTelemetry - type: string - required: - - type - type: object - type: array - sidecar: - description: Sidecar metrics collection configuration - properties: - includeUnused: - description: >- - IncludeUnused if false will scrape only metrics that has - been by sidecar (counters incremented - - at least once, gauges changed at least once, and - histograms added to at - - least once). If true will scrape all metrics (even the - ones with zeros). - - If not specified then the default value is false. - type: boolean - profiles: - description: >- - Profiles allows to customize which metrics are - published. - properties: - appendProfiles: - description: >- - AppendProfiles allows to combine the metrics from - multiple predefined profiles. - items: - properties: - name: - description: >- - Name of the predefined profile, one of: all, - basic, none - enum: - - All - - Basic - - None - type: string - required: - - name - type: object - type: array - exclude: - description: >- - Exclude makes it possible to exclude groups of - metrics from a resulting profile. - - Exclude is subordinate to Include. - items: - properties: - match: - description: >- - Match is the value used to match using - particular Type - type: string - type: - description: >- - Type defined the type of selector, one of: - prefix, regex, exact - enum: - - Prefix - - Regex - - Exact - - Contains - type: string - required: - - match - - type - type: object - type: array - include: - description: >- - Include makes it possible to include additional - metrics in a selected profiles. - - Include takes precedence over Exclude. - items: - properties: - match: - description: >- - Match is the value used to match using - particular Type - type: string - type: - description: >- - Type defined the type of selector, one of: - prefix, regex, exact - enum: - - Prefix - - Regex - - Exact - - Contains - type: string - required: - - match - - type - type: object - type: array - type: object - type: object - type: object - targetRef: - description: >- - TargetRef is a reference to the resource the policy takes an - effect on. - - The resource could be either a real store object or virtual - resource - - defined in-place. - properties: - kind: - description: Kind of the referenced resource - enum: - - Mesh - - MeshSubset - - MeshGateway - - MeshService - - MeshExternalService - - MeshMultiZoneService - - MeshServiceSubset - - MeshHTTPRoute - - Dataplane - type: string - labels: - additionalProperties: - type: string - description: >- - Labels are used to select group of MeshServices that match - labels. Either Labels or - - Name and Namespace can be used. - type: object - mesh: - description: >- - Mesh is reserved for future use to identify cross mesh - resources. - type: string - name: - description: >- - Name of the referenced resource. Can only be used with - kinds: `MeshService`, - - `MeshServiceSubset` and `MeshGatewayRoute` - type: string - namespace: - description: >- - Namespace specifies the namespace of target resource. If - empty only resources in policy namespace - - will be targeted. - type: string - proxyTypes: - description: >- - ProxyTypes specifies the data plane types that are subject - to the policy. When not specified, - - all data plane types are targeted by the policy. - items: - enum: - - Sidecar - - Gateway - type: string - type: array - sectionName: - description: >- - SectionName is used to target specific section of resource. - - For example, you can target port from MeshService.ports[] by - its name. Only traffic to this port will be affected. - type: string - tags: - additionalProperties: - type: string - description: >- - Tags used to select a subset of proxies by tags. Can only be - used with kinds - - `MeshSubset` and `MeshServiceSubset` - type: object - required: - - kind - type: object - type: object - creationTime: - readOnly: true - type: string - description: Time at which the resource was created - format: date-time - example: '0001-01-01T00:00:00Z' - modificationTime: - readOnly: true - type: string - description: Time at which the resource was updated - format: date-time - example: '0001-01-01T00:00:00Z' - MeshMetricCreateOrUpdateSuccessResponse: - type: object - properties: - warnings: - type: array - readOnly: true - description: > - warnings is a list of warning messages to return to the requesting - Kuma API clients. - - Warning messages describe a problem the client making the API - request should correct or be aware of. - items: - type: string - MeshMetricDeleteSuccessResponse: - type: object - properties: {} - MeshPassthroughItem: - type: object - required: - - type - - name - - spec - properties: - type: - description: the type of the resource - type: string - enum: - - MeshPassthrough - mesh: - description: >- - Mesh is the name of the Kuma mesh this resource belongs to. It may - be omitted for cluster-scoped resources. - type: string - default: default - name: - description: Name of the Kuma resource - type: string - labels: - additionalProperties: - type: string - description: The labels to help identity resources - type: object - spec: - description: Spec is the specification of the Kuma MeshPassthrough resource. - properties: - default: - description: MeshPassthrough configuration. - properties: - appendMatch: - description: >- - AppendMatch is a list of destinations that should be allowed - through the sidecar. - items: - properties: - port: - description: Port defines the port to which a user makes a request. - format: int32 - type: integer - protocol: - default: tcp - description: >- - Protocol defines the communication protocol. Possible - values: `tcp`, `tls`, `grpc`, `http`, `http2`, - `mysql`. - enum: - - tcp - - tls - - grpc - - http - - http2 - - mysql - type: string - type: - description: >- - Type of the match, one of `Domain`, `IP` or `CIDR` is - available. - enum: - - Domain - - IP - - CIDR - type: string - value: - description: Value for the specified Type. - type: string - required: - - type - - value - type: object - type: array - passthroughMode: - description: >- - Defines the passthrough behavior. Possible values: `All`, - `None`, `Matched` - - When `All` or `None` `appendMatch` has no effect. - - If not specified then the default value is "Matched". - enum: - - All - - Matched - - None - type: string - type: object - targetRef: - description: >- - TargetRef is a reference to the resource the policy takes an - effect on. - - The resource could be either a real store object or virtual - resource - - defined in-place. - properties: - kind: - description: Kind of the referenced resource - enum: - - Mesh - - MeshSubset - - MeshGateway - - MeshService - - MeshExternalService - - MeshMultiZoneService - - MeshServiceSubset - - MeshHTTPRoute - - Dataplane - type: string - labels: - additionalProperties: - type: string - description: >- - Labels are used to select group of MeshServices that match - labels. Either Labels or - - Name and Namespace can be used. - type: object - mesh: - description: >- - Mesh is reserved for future use to identify cross mesh - resources. - type: string - name: - description: >- - Name of the referenced resource. Can only be used with - kinds: `MeshService`, - - `MeshServiceSubset` and `MeshGatewayRoute` - type: string - namespace: - description: >- - Namespace specifies the namespace of target resource. If - empty only resources in policy namespace - - will be targeted. - type: string - proxyTypes: - description: >- - ProxyTypes specifies the data plane types that are subject - to the policy. When not specified, - - all data plane types are targeted by the policy. - items: - enum: - - Sidecar - - Gateway - type: string - type: array - sectionName: - description: >- - SectionName is used to target specific section of resource. - - For example, you can target port from MeshService.ports[] by - its name. Only traffic to this port will be affected. - type: string - tags: - additionalProperties: - type: string - description: >- - Tags used to select a subset of proxies by tags. Can only be - used with kinds - - `MeshSubset` and `MeshServiceSubset` - type: object - required: - - kind - type: object - type: object - creationTime: - readOnly: true - type: string - description: Time at which the resource was created - format: date-time - example: '0001-01-01T00:00:00Z' - modificationTime: - readOnly: true - type: string - description: Time at which the resource was updated - format: date-time - example: '0001-01-01T00:00:00Z' - MeshPassthroughCreateOrUpdateSuccessResponse: - type: object - properties: - warnings: - type: array - readOnly: true - description: > - warnings is a list of warning messages to return to the requesting - Kuma API clients. - - Warning messages describe a problem the client making the API - request should correct or be aware of. - items: - type: string - MeshPassthroughDeleteSuccessResponse: - type: object - properties: {} - MeshProxyPatchItem: - type: object - required: - - type - - name - - spec - properties: - type: - description: the type of the resource - type: string - enum: - - MeshProxyPatch - mesh: - description: >- - Mesh is the name of the Kuma mesh this resource belongs to. It may - be omitted for cluster-scoped resources. - type: string - default: default - name: - description: Name of the Kuma resource - type: string - labels: - additionalProperties: - type: string - description: The labels to help identity resources - type: object - spec: - description: Spec is the specification of the Kuma MeshProxyPatch resource. - properties: - default: - description: |- - Default is a configuration specific to the group of destinations - referenced in 'targetRef'. - properties: - appendModifications: - description: >- - AppendModifications is a list of modifications applied on - the selected proxy. - items: - properties: - cluster: - description: Cluster is a modification of Envoy's Cluster resource. - properties: - jsonPatches: - description: >- - JsonPatches specifies list of jsonpatches to apply - to on Envoy's Cluster - - resource - items: - description: >- - JsonPatchBlock is one json patch operation - block. - properties: - from: - description: >- - From is a jsonpatch from string, used by - move and copy operations. - type: string - op: - description: Op is a jsonpatch operation string. - enum: - - add - - remove - - replace - - move - - copy - type: string - path: - description: Path is a jsonpatch path string. - type: string - value: - description: >- - Value must be a valid json value used by - replace and add operations. - x-kubernetes-preserve-unknown-fields: true - required: - - op - - path - type: object - type: array - match: - description: >- - Match is a set of conditions that have to be - matched for modification operation to happen. - properties: - name: - description: Name of the cluster to match. - type: string - origin: - description: >- - Origin is the name of the component or plugin - that generated the resource. - - - Here is the list of well-known origins: - - inbound - resources generated for handling - incoming traffic. - - outbound - resources generated for handling - outgoing traffic. - - transparent - resources generated for - transparent proxy functionality. - - prometheus - resources generated when - Prometheus metrics are enabled. - - direct-access - resources generated for Direct - Access functionality. - - ingress - resources generated for Zone - Ingress. - - egress - resources generated for Zone Egress. - - gateway - resources generated for MeshGateway. - - - The list is not complete, because policy - plugins can introduce new resources. - - For example MeshTrace plugin can create - Cluster with "mesh-trace" origin. - type: string - type: object - operation: - description: Operation to execute on matched cluster. - enum: - - Add - - Remove - - Patch - type: string - value: - description: >- - Value of xDS resource in YAML format to add or - patch. - type: string - required: - - operation - type: object - httpFilter: - description: >- - HTTPFilter is a modification of Envoy HTTP Filter - - available in HTTP Connection Manager in a Listener - resource. - properties: - jsonPatches: - description: >- - JsonPatches specifies list of jsonpatches to apply - to on Envoy's - - HTTP Filter available in HTTP Connection Manager - in a Listener resource. - items: - description: >- - JsonPatchBlock is one json patch operation - block. - properties: - from: - description: >- - From is a jsonpatch from string, used by - move and copy operations. - type: string - op: - description: Op is a jsonpatch operation string. - enum: - - add - - remove - - replace - - move - - copy - type: string - path: - description: Path is a jsonpatch path string. - type: string - value: - description: >- - Value must be a valid json value used by - replace and add operations. - x-kubernetes-preserve-unknown-fields: true - required: - - op - - path - type: object - type: array - match: - description: >- - Match is a set of conditions that have to be - matched for modification operation to happen. - properties: - listenerName: - description: Name of the listener to match. - type: string - listenerTags: - additionalProperties: - type: string - description: >- - Listener tags available in - Listener#Metadata#FilterMetadata[io.kuma.tags] - type: object - name: - description: >- - Name of the HTTP filter. For example - "envoy.filters.http.local_ratelimit" - type: string - origin: - description: >- - Origin is the name of the component or plugin - that generated the resource. - - - Here is the list of well-known origins: - - inbound - resources generated for handling - incoming traffic. - - outbound - resources generated for handling - outgoing traffic. - - transparent - resources generated for - transparent proxy functionality. - - prometheus - resources generated when - Prometheus metrics are enabled. - - direct-access - resources generated for Direct - Access functionality. - - ingress - resources generated for Zone - Ingress. - - egress - resources generated for Zone Egress. - - gateway - resources generated for MeshGateway. - - - The list is not complete, because policy - plugins can introduce new resources. - - For example MeshTrace plugin can create - Cluster with "mesh-trace" origin. - type: string - type: object - operation: - description: Operation to execute on matched listener. - enum: - - Remove - - Patch - - AddFirst - - AddBefore - - AddAfter - - AddLast - type: string - value: - description: >- - Value of xDS resource in YAML format to add or - patch. - type: string - required: - - operation - type: object - listener: - description: >- - Listener is a modification of Envoy's Listener - resource. - properties: - jsonPatches: - description: >- - JsonPatches specifies list of jsonpatches to apply - to on Envoy's Listener - - resource - items: - description: >- - JsonPatchBlock is one json patch operation - block. - properties: - from: - description: >- - From is a jsonpatch from string, used by - move and copy operations. - type: string - op: - description: Op is a jsonpatch operation string. - enum: - - add - - remove - - replace - - move - - copy - type: string - path: - description: Path is a jsonpatch path string. - type: string - value: - description: >- - Value must be a valid json value used by - replace and add operations. - x-kubernetes-preserve-unknown-fields: true - required: - - op - - path - type: object - type: array - match: - description: >- - Match is a set of conditions that have to be - matched for modification operation to happen. - properties: - name: - description: Name of the listener to match. - type: string - origin: - description: >- - Origin is the name of the component or plugin - that generated the resource. - - - Here is the list of well-known origins: - - inbound - resources generated for handling - incoming traffic. - - outbound - resources generated for handling - outgoing traffic. - - transparent - resources generated for - transparent proxy functionality. - - prometheus - resources generated when - Prometheus metrics are enabled. - - direct-access - resources generated for Direct - Access functionality. - - ingress - resources generated for Zone - Ingress. - - egress - resources generated for Zone Egress. - - gateway - resources generated for MeshGateway. - - - The list is not complete, because policy - plugins can introduce new resources. - - For example MeshTrace plugin can create - Cluster with "mesh-trace" origin. - type: string - tags: - additionalProperties: - type: string - description: >- - Tags available in - Listener#Metadata#FilterMetadata[io.kuma.tags] - type: object - type: object - operation: - description: Operation to execute on matched listener. - enum: - - Add - - Remove - - Patch - type: string - value: - description: >- - Value of xDS resource in YAML format to add or - patch. - type: string - required: - - operation - type: object - networkFilter: - description: >- - NetworkFilter is a modification of Envoy Listener's - filter. - properties: - jsonPatches: - description: >- - JsonPatches specifies list of jsonpatches to apply - to on Envoy Listener's - - filter. - items: - description: >- - JsonPatchBlock is one json patch operation - block. - properties: - from: - description: >- - From is a jsonpatch from string, used by - move and copy operations. - type: string - op: - description: Op is a jsonpatch operation string. - enum: - - add - - remove - - replace - - move - - copy - type: string - path: - description: Path is a jsonpatch path string. - type: string - value: - description: >- - Value must be a valid json value used by - replace and add operations. - x-kubernetes-preserve-unknown-fields: true - required: - - op - - path - type: object - type: array - match: - description: >- - Match is a set of conditions that have to be - matched for modification operation to happen. - properties: - listenerName: - description: Name of the listener to match. - type: string - listenerTags: - additionalProperties: - type: string - description: >- - Listener tags available in - Listener#Metadata#FilterMetadata[io.kuma.tags] - type: object - name: - description: >- - Name of the network filter. For example - "envoy.filters.network.ratelimit" - type: string - origin: - description: >- - Origin is the name of the component or plugin - that generated the resource. - - - Here is the list of well-known origins: - - inbound - resources generated for handling - incoming traffic. - - outbound - resources generated for handling - outgoing traffic. - - transparent - resources generated for - transparent proxy functionality. - - prometheus - resources generated when - Prometheus metrics are enabled. - - direct-access - resources generated for Direct - Access functionality. - - ingress - resources generated for Zone - Ingress. - - egress - resources generated for Zone Egress. - - gateway - resources generated for MeshGateway. - - - The list is not complete, because policy - plugins can introduce new resources. - - For example MeshTrace plugin can create - Cluster with "mesh-trace" origin. - type: string - type: object - operation: - description: Operation to execute on matched listener. - enum: - - Remove - - Patch - - AddFirst - - AddBefore - - AddAfter - - AddLast - type: string - value: - description: >- - Value of xDS resource in YAML format to add or - patch. - type: string - required: - - operation - type: object - virtualHost: - description: >- - VirtualHost is a modification of Envoy's VirtualHost - - referenced in HTTP Connection Manager in a Listener - resource. - properties: - jsonPatches: - description: >- - JsonPatches specifies list of jsonpatches to apply - to on Envoy's - - VirtualHost resource - items: - description: >- - JsonPatchBlock is one json patch operation - block. - properties: - from: - description: >- - From is a jsonpatch from string, used by - move and copy operations. - type: string - op: - description: Op is a jsonpatch operation string. - enum: - - add - - remove - - replace - - move - - copy - type: string - path: - description: Path is a jsonpatch path string. - type: string - value: - description: >- - Value must be a valid json value used by - replace and add operations. - x-kubernetes-preserve-unknown-fields: true - required: - - op - - path - type: object - type: array - match: - description: >- - Match is a set of conditions that have to be - matched for modification operation to happen. - properties: - name: - description: Name of the VirtualHost to match. - type: string - origin: - description: >- - Origin is the name of the component or plugin - that generated the resource. - - - Here is the list of well-known origins: - - inbound - resources generated for handling - incoming traffic. - - outbound - resources generated for handling - outgoing traffic. - - transparent - resources generated for - transparent proxy functionality. - - prometheus - resources generated when - Prometheus metrics are enabled. - - direct-access - resources generated for Direct - Access functionality. - - ingress - resources generated for Zone - Ingress. - - egress - resources generated for Zone Egress. - - gateway - resources generated for MeshGateway. - - - The list is not complete, because policy - plugins can introduce new resources. - - For example MeshTrace plugin can create - Cluster with "mesh-trace" origin. - type: string - routeConfigurationName: - description: >- - Name of the RouteConfiguration resource to - match. - type: string - type: object - operation: - description: Operation to execute on matched listener. - enum: - - Add - - Remove - - Patch - type: string - value: - description: >- - Value of xDS resource in YAML format to add or - patch. - type: string - required: - - match - - operation - type: object - type: object - type: array - type: object - targetRef: - description: >- - TargetRef is a reference to the resource the policy takes an - effect on. - - The resource could be either a real store object or virtual - resource - - defined inplace. - properties: - kind: - description: Kind of the referenced resource - enum: - - Mesh - - MeshSubset - - MeshGateway - - MeshService - - MeshExternalService - - MeshMultiZoneService - - MeshServiceSubset - - MeshHTTPRoute - - Dataplane - type: string - labels: - additionalProperties: - type: string - description: >- - Labels are used to select group of MeshServices that match - labels. Either Labels or - - Name and Namespace can be used. - type: object - mesh: - description: >- - Mesh is reserved for future use to identify cross mesh - resources. - type: string - name: - description: >- - Name of the referenced resource. Can only be used with - kinds: `MeshService`, - - `MeshServiceSubset` and `MeshGatewayRoute` - type: string - namespace: - description: >- - Namespace specifies the namespace of target resource. If - empty only resources in policy namespace - - will be targeted. - type: string - proxyTypes: - description: >- - ProxyTypes specifies the data plane types that are subject - to the policy. When not specified, - - all data plane types are targeted by the policy. - items: - enum: - - Sidecar - - Gateway - type: string - type: array - sectionName: - description: >- - SectionName is used to target specific section of resource. - - For example, you can target port from MeshService.ports[] by - its name. Only traffic to this port will be affected. - type: string - tags: - additionalProperties: - type: string - description: >- - Tags used to select a subset of proxies by tags. Can only be - used with kinds - - `MeshSubset` and `MeshServiceSubset` - type: object - required: - - kind - type: object - required: - - default - type: object - creationTime: - readOnly: true - type: string - description: Time at which the resource was created - format: date-time - example: '0001-01-01T00:00:00Z' - modificationTime: - readOnly: true - type: string - description: Time at which the resource was updated - format: date-time - example: '0001-01-01T00:00:00Z' - MeshProxyPatchCreateOrUpdateSuccessResponse: - type: object - properties: - warnings: - type: array - readOnly: true - description: > - warnings is a list of warning messages to return to the requesting - Kuma API clients. - - Warning messages describe a problem the client making the API - request should correct or be aware of. - items: - type: string - MeshProxyPatchDeleteSuccessResponse: - type: object - properties: {} - MeshRateLimitItem: - type: object - required: - - type - - name - - spec - properties: - type: - description: the type of the resource - type: string - enum: - - MeshRateLimit - mesh: - description: >- - Mesh is the name of the Kuma mesh this resource belongs to. It may - be omitted for cluster-scoped resources. - type: string - default: default - name: - description: Name of the Kuma resource - type: string - labels: - additionalProperties: - type: string - description: The labels to help identity resources - type: object - spec: - description: Spec is the specification of the Kuma MeshRateLimit resource. - properties: - from: - description: >- - From list makes a match between clients and corresponding - configurations - items: - properties: - default: - description: >- - Default is a configuration specific to the group of - clients referenced in - - 'targetRef' - properties: - local: - description: >- - LocalConf defines local http or/and tcp rate limit - configuration - properties: - http: - description: >- - LocalHTTP defines configuration of local HTTP rate - limiting - - https://www.envoyproxy.io/docs/envoy/latest/configuration/http/http_filters/local_rate_limit_filter - properties: - disabled: - description: Define if rate limiting should be disabled. - type: boolean - onRateLimit: - description: >- - Describes the actions to take on a rate limit - event - properties: - headers: - description: >- - The Headers to be added to the HTTP - response on a rate limit event - properties: - add: - items: - properties: - name: - maxLength: 256 - minLength: 1 - pattern: ^[a-z0-9!#$%&'*+\-.^_\x60|~]+$ - type: string - value: - type: string - required: - - name - - value - type: object - maxItems: 16 - type: array - x-kubernetes-list-map-keys: - - name - x-kubernetes-list-type: map - set: - items: - properties: - name: - maxLength: 256 - minLength: 1 - pattern: ^[a-z0-9!#$%&'*+\-.^_\x60|~]+$ - type: string - value: - type: string - required: - - name - - value - type: object - maxItems: 16 - type: array - x-kubernetes-list-map-keys: - - name - x-kubernetes-list-type: map - type: object - status: - description: >- - The HTTP status code to be set on a rate - limit event - format: int32 - type: integer - type: object - requestRate: - description: >- - Defines how many requests are allowed per - interval. - properties: - interval: - description: >- - The interval the number of units is - accounted for. - type: string - num: - description: >- - Number of units per interval (depending on - usage it can be a number of requests, - - or a number of connections). - format: int32 - type: integer - required: - - interval - - num - type: object - type: object - tcp: - description: >- - LocalTCP defines confguration of local TCP rate - limiting - - https://www.envoyproxy.io/docs/envoy/latest/configuration/listeners/network_filters/local_rate_limit_filter - properties: - connectionRate: - description: >- - Defines how many connections are allowed per - interval. - properties: - interval: - description: >- - The interval the number of units is - accounted for. - type: string - num: - description: >- - Number of units per interval (depending on - usage it can be a number of requests, - - or a number of connections). - format: int32 - type: integer - required: - - interval - - num - type: object - disabled: - description: |- - Define if rate limiting should be disabled. - Default: false - type: boolean - type: object - type: object - type: object - targetRef: - description: >- - TargetRef is a reference to the resource that represents a - group of - - clients. - properties: - kind: - description: Kind of the referenced resource - enum: - - Mesh - - MeshSubset - - MeshGateway - - MeshService - - MeshExternalService - - MeshMultiZoneService - - MeshServiceSubset - - MeshHTTPRoute - - Dataplane - type: string - labels: - additionalProperties: - type: string - description: >- - Labels are used to select group of MeshServices that - match labels. Either Labels or - - Name and Namespace can be used. - type: object - mesh: - description: >- - Mesh is reserved for future use to identify cross mesh - resources. - type: string - name: - description: >- - Name of the referenced resource. Can only be used with - kinds: `MeshService`, - - `MeshServiceSubset` and `MeshGatewayRoute` - type: string - namespace: - description: >- - Namespace specifies the namespace of target resource. - If empty only resources in policy namespace - - will be targeted. - type: string - proxyTypes: - description: >- - ProxyTypes specifies the data plane types that are - subject to the policy. When not specified, - - all data plane types are targeted by the policy. - items: - enum: - - Sidecar - - Gateway - type: string - type: array - sectionName: - description: >- - SectionName is used to target specific section of - resource. - - For example, you can target port from - MeshService.ports[] by its name. Only traffic to this - port will be affected. - type: string - tags: - additionalProperties: - type: string - description: >- - Tags used to select a subset of proxies by tags. Can - only be used with kinds - - `MeshSubset` and `MeshServiceSubset` - type: object - required: - - kind - type: object - required: - - targetRef - type: object - type: array - rules: - description: >- - Rules defines inbound rate limiting configurations. Currently - limited to - - selecting all inbound traffic, as L7 matching is not yet - implemented. - items: - properties: - default: - description: Default contains configuration of the inbound rate limits - properties: - local: - description: >- - LocalConf defines local http or/and tcp rate limit - configuration - properties: - http: - description: >- - LocalHTTP defines configuration of local HTTP rate - limiting - - https://www.envoyproxy.io/docs/envoy/latest/configuration/http/http_filters/local_rate_limit_filter - properties: - disabled: - description: Define if rate limiting should be disabled. - type: boolean - onRateLimit: - description: >- - Describes the actions to take on a rate limit - event - properties: - headers: - description: >- - The Headers to be added to the HTTP - response on a rate limit event - properties: - add: - items: - properties: - name: - maxLength: 256 - minLength: 1 - pattern: ^[a-z0-9!#$%&'*+\-.^_\x60|~]+$ - type: string - value: - type: string - required: - - name - - value - type: object - maxItems: 16 - type: array - x-kubernetes-list-map-keys: - - name - x-kubernetes-list-type: map - set: - items: - properties: - name: - maxLength: 256 - minLength: 1 - pattern: ^[a-z0-9!#$%&'*+\-.^_\x60|~]+$ - type: string - value: - type: string - required: - - name - - value - type: object - maxItems: 16 - type: array - x-kubernetes-list-map-keys: - - name - x-kubernetes-list-type: map - type: object - status: - description: >- - The HTTP status code to be set on a rate - limit event - format: int32 - type: integer - type: object - requestRate: - description: >- - Defines how many requests are allowed per - interval. - properties: - interval: - description: >- - The interval the number of units is - accounted for. - type: string - num: - description: >- - Number of units per interval (depending on - usage it can be a number of requests, - - or a number of connections). - format: int32 - type: integer - required: - - interval - - num - type: object - type: object - tcp: - description: >- - LocalTCP defines confguration of local TCP rate - limiting - - https://www.envoyproxy.io/docs/envoy/latest/configuration/listeners/network_filters/local_rate_limit_filter - properties: - connectionRate: - description: >- - Defines how many connections are allowed per - interval. - properties: - interval: - description: >- - The interval the number of units is - accounted for. - type: string - num: - description: >- - Number of units per interval (depending on - usage it can be a number of requests, - - or a number of connections). - format: int32 - type: integer - required: - - interval - - num - type: object - disabled: - description: |- - Define if rate limiting should be disabled. - Default: false - type: boolean - type: object - type: object - type: object - type: object - type: array - targetRef: - description: >- - TargetRef is a reference to the resource the policy takes an - effect on. - - The resource could be either a real store object or virtual - resource - - defined inplace. - properties: - kind: - description: Kind of the referenced resource - enum: - - Mesh - - MeshSubset - - MeshGateway - - MeshService - - MeshExternalService - - MeshMultiZoneService - - MeshServiceSubset - - MeshHTTPRoute - - Dataplane - type: string - labels: - additionalProperties: - type: string - description: >- - Labels are used to select group of MeshServices that match - labels. Either Labels or - - Name and Namespace can be used. - type: object - mesh: - description: >- - Mesh is reserved for future use to identify cross mesh - resources. - type: string - name: - description: >- - Name of the referenced resource. Can only be used with - kinds: `MeshService`, - - `MeshServiceSubset` and `MeshGatewayRoute` - type: string - namespace: - description: >- - Namespace specifies the namespace of target resource. If - empty only resources in policy namespace - - will be targeted. - type: string - proxyTypes: - description: >- - ProxyTypes specifies the data plane types that are subject - to the policy. When not specified, - - all data plane types are targeted by the policy. - items: - enum: - - Sidecar - - Gateway - type: string - type: array - sectionName: - description: >- - SectionName is used to target specific section of resource. - - For example, you can target port from MeshService.ports[] by - its name. Only traffic to this port will be affected. - type: string - tags: - additionalProperties: - type: string - description: >- - Tags used to select a subset of proxies by tags. Can only be - used with kinds - - `MeshSubset` and `MeshServiceSubset` - type: object - required: - - kind - type: object - to: - description: >- - To list makes a match between clients and corresponding - configurations - items: - properties: - default: - description: >- - Default is a configuration specific to the group of - clients referenced in - - 'targetRef' - properties: - local: - description: >- - LocalConf defines local http or/and tcp rate limit - configuration - properties: - http: - description: >- - LocalHTTP defines configuration of local HTTP rate - limiting - - https://www.envoyproxy.io/docs/envoy/latest/configuration/http/http_filters/local_rate_limit_filter - properties: - disabled: - description: Define if rate limiting should be disabled. - type: boolean - onRateLimit: - description: >- - Describes the actions to take on a rate limit - event - properties: - headers: - description: >- - The Headers to be added to the HTTP - response on a rate limit event - properties: - add: - items: - properties: - name: - maxLength: 256 - minLength: 1 - pattern: ^[a-z0-9!#$%&'*+\-.^_\x60|~]+$ - type: string - value: - type: string - required: - - name - - value - type: object - maxItems: 16 - type: array - x-kubernetes-list-map-keys: - - name - x-kubernetes-list-type: map - set: - items: - properties: - name: - maxLength: 256 - minLength: 1 - pattern: ^[a-z0-9!#$%&'*+\-.^_\x60|~]+$ - type: string - value: - type: string - required: - - name - - value - type: object - maxItems: 16 - type: array - x-kubernetes-list-map-keys: - - name - x-kubernetes-list-type: map - type: object - status: - description: >- - The HTTP status code to be set on a rate - limit event - format: int32 - type: integer - type: object - requestRate: - description: >- - Defines how many requests are allowed per - interval. - properties: - interval: - description: >- - The interval the number of units is - accounted for. - type: string - num: - description: >- - Number of units per interval (depending on - usage it can be a number of requests, - - or a number of connections). - format: int32 - type: integer - required: - - interval - - num - type: object - type: object - tcp: - description: >- - LocalTCP defines confguration of local TCP rate - limiting - - https://www.envoyproxy.io/docs/envoy/latest/configuration/listeners/network_filters/local_rate_limit_filter - properties: - connectionRate: - description: >- - Defines how many connections are allowed per - interval. - properties: - interval: - description: >- - The interval the number of units is - accounted for. - type: string - num: - description: >- - Number of units per interval (depending on - usage it can be a number of requests, - - or a number of connections). - format: int32 - type: integer - required: - - interval - - num - type: object - disabled: - description: |- - Define if rate limiting should be disabled. - Default: false - type: boolean - type: object - type: object - type: object - targetRef: - description: >- - TargetRef is a reference to the resource that represents a - group of - - clients. - properties: - kind: - description: Kind of the referenced resource - enum: - - Mesh - - MeshSubset - - MeshGateway - - MeshService - - MeshExternalService - - MeshMultiZoneService - - MeshServiceSubset - - MeshHTTPRoute - - Dataplane - type: string - labels: - additionalProperties: - type: string - description: >- - Labels are used to select group of MeshServices that - match labels. Either Labels or - - Name and Namespace can be used. - type: object - mesh: - description: >- - Mesh is reserved for future use to identify cross mesh - resources. - type: string - name: - description: >- - Name of the referenced resource. Can only be used with - kinds: `MeshService`, - - `MeshServiceSubset` and `MeshGatewayRoute` - type: string - namespace: - description: >- - Namespace specifies the namespace of target resource. - If empty only resources in policy namespace - - will be targeted. - type: string - proxyTypes: - description: >- - ProxyTypes specifies the data plane types that are - subject to the policy. When not specified, - - all data plane types are targeted by the policy. - items: - enum: - - Sidecar - - Gateway - type: string - type: array - sectionName: - description: >- - SectionName is used to target specific section of - resource. - - For example, you can target port from - MeshService.ports[] by its name. Only traffic to this - port will be affected. - type: string - tags: - additionalProperties: - type: string - description: >- - Tags used to select a subset of proxies by tags. Can - only be used with kinds - - `MeshSubset` and `MeshServiceSubset` - type: object - required: - - kind - type: object - required: - - targetRef - type: object - type: array - type: object - creationTime: - readOnly: true - type: string - description: Time at which the resource was created - format: date-time - example: '0001-01-01T00:00:00Z' - modificationTime: - readOnly: true - type: string - description: Time at which the resource was updated - format: date-time - example: '0001-01-01T00:00:00Z' - MeshRateLimitCreateOrUpdateSuccessResponse: - type: object - properties: - warnings: - type: array - readOnly: true - description: > - warnings is a list of warning messages to return to the requesting - Kuma API clients. - - Warning messages describe a problem the client making the API - request should correct or be aware of. - items: - type: string - MeshRateLimitDeleteSuccessResponse: - type: object - properties: {} - MeshRetryItem: - type: object - required: - - type - - name - - spec - properties: - type: - description: the type of the resource - type: string - enum: - - MeshRetry - mesh: - description: >- - Mesh is the name of the Kuma mesh this resource belongs to. It may - be omitted for cluster-scoped resources. - type: string - default: default - name: - description: Name of the Kuma resource - type: string - labels: - additionalProperties: - type: string - description: The labels to help identity resources - type: object - spec: - description: Spec is the specification of the Kuma MeshRetry resource. - properties: - targetRef: - description: >- - TargetRef is a reference to the resource the policy takes an - effect on. - - The resource could be either a real store object or virtual - resource - - defined inplace. - properties: - kind: - description: Kind of the referenced resource - enum: - - Mesh - - MeshSubset - - MeshGateway - - MeshService - - MeshExternalService - - MeshMultiZoneService - - MeshServiceSubset - - MeshHTTPRoute - - Dataplane - type: string - labels: - additionalProperties: - type: string - description: >- - Labels are used to select group of MeshServices that match - labels. Either Labels or - - Name and Namespace can be used. - type: object - mesh: - description: >- - Mesh is reserved for future use to identify cross mesh - resources. - type: string - name: - description: >- - Name of the referenced resource. Can only be used with - kinds: `MeshService`, - - `MeshServiceSubset` and `MeshGatewayRoute` - type: string - namespace: - description: >- - Namespace specifies the namespace of target resource. If - empty only resources in policy namespace - - will be targeted. - type: string - proxyTypes: - description: >- - ProxyTypes specifies the data plane types that are subject - to the policy. When not specified, - - all data plane types are targeted by the policy. - items: - enum: - - Sidecar - - Gateway - type: string - type: array - sectionName: - description: >- - SectionName is used to target specific section of resource. - - For example, you can target port from MeshService.ports[] by - its name. Only traffic to this port will be affected. - type: string - tags: - additionalProperties: - type: string - description: >- - Tags used to select a subset of proxies by tags. Can only be - used with kinds - - `MeshSubset` and `MeshServiceSubset` - type: object - required: - - kind - type: object - to: - description: >- - To list makes a match between the consumed services and - corresponding configurations - items: - properties: - default: - description: >- - Default is a configuration specific to the group of - destinations referenced in - - 'targetRef' - properties: - grpc: - description: >- - GRPC defines a configuration of retries for GRPC - traffic - properties: - backOff: - description: >- - BackOff is a configuration of durations which will - be used in an exponential - - backoff strategy between retries. - properties: - baseInterval: - description: >- - BaseInterval is an amount of time which should - be taken between retries. - - Must be greater than zero. Values less than 1 - ms are rounded up to 1 ms. - - If not specified then the default value is - "25ms". - type: string - maxInterval: - description: >- - MaxInterval is a maximal amount of time which - will be taken between retries. - - Default is 10 times the "BaseInterval". - type: string - type: object - numRetries: - description: >- - NumRetries is the number of attempts that will be - made on failed (and - - retriable) requests. If not set, the default value - is 1. - format: int32 - type: integer - perTryTimeout: - description: >- - PerTryTimeout is the maximum amount of time each - retry attempt can take - - before it times out. If not set, the global - request timeout for the route - - will be used. Setting this value to 0 will disable - the per-try timeout. - type: string - rateLimitedBackOff: - description: >- - RateLimitedBackOff is a configuration of backoff - which will be used when - - the upstream returns one of the headers - configured. - properties: - maxInterval: - description: >- - MaxInterval is a maximal amount of time which - will be taken between retries. - - If not specified then the default value is - "300s". - type: string - resetHeaders: - description: >- - ResetHeaders specifies the list of headers - (like Retry-After or X-RateLimit-Reset) - - to match against the response. Headers are - tried in order, and matched - - case-insensitive. The first header to be - parsed successfully is used. - - If no headers match the default exponential - BackOff is used instead. - items: - properties: - format: - description: The format of the reset header. - enum: - - Seconds - - UnixTimestamp - type: string - name: - description: The Name of the reset header. - maxLength: 256 - minLength: 1 - pattern: ^[a-z0-9!#$%&'*+\-.^_\x60|~]+$ - type: string - required: - - format - - name - type: object - type: array - type: object - retryOn: - description: >- - RetryOn is a list of conditions which will cause a - retry. - example: - - Canceled - - DeadlineExceeded - - Internal - - ResourceExhausted - - Unavailable - items: - enum: - - Canceled - - DeadlineExceeded - - Internal - - ResourceExhausted - - Unavailable - type: string - type: array - type: object - http: - description: >- - HTTP defines a configuration of retries for HTTP - traffic - properties: - backOff: - description: >- - BackOff is a configuration of durations which will - be used in exponential - - backoff strategy between retries. - properties: - baseInterval: - description: >- - BaseInterval is an amount of time which should - be taken between retries. - - Must be greater than zero. Values less than 1 - ms are rounded up to 1 ms. - - If not specified then the default value is - "25ms". - type: string - maxInterval: - description: >- - MaxInterval is a maximal amount of time which - will be taken between retries. - - Default is 10 times the "BaseInterval". - type: string - type: object - hostSelection: - description: >- - HostSelection is a list of predicates that dictate - how hosts should be selected - - when requests are retried. - items: - properties: - predicate: - description: Type is requested predicate mode. - enum: - - OmitPreviousHosts - - OmitHostsWithTags - - OmitPreviousPriorities - type: string - tags: - additionalProperties: - type: string - description: >- - Tags is a map of metadata to match against - for selecting the omitted hosts. Required if - Type is - - OmitHostsWithTags - type: object - updateFrequency: - default: 2 - description: >- - UpdateFrequency is how often the priority - load should be updated based on previously - attempted priorities. - - Used for OmitPreviousPriorities. - format: int32 - type: integer - required: - - predicate - type: object - type: array - hostSelectionMaxAttempts: - description: >- - HostSelectionMaxAttempts is the maximum number of - times host selection will be - - reattempted before giving up, at which point the - host that was last selected will - - be routed to. If unspecified, this will default to - retrying once. - format: int64 - type: integer - numRetries: - description: >- - NumRetries is the number of attempts that will be - made on failed (and - - retriable) requests. If not set, the default - value is 1. - format: int32 - type: integer - perTryTimeout: - description: >- - PerTryTimeout is the amount of time after which - retry attempt should time out. - - If left unspecified, the global route timeout for - the request will be used. - - Consequently, when using a 5xx based retry policy, - a request that times out - - will not be retried as the total timeout budget - would have been exhausted. - - Setting this timeout to 0 will disable it. - type: string - rateLimitedBackOff: - description: >- - RateLimitedBackOff is a configuration of backoff - which will be used - - when the upstream returns one of the headers - configured. - properties: - maxInterval: - description: >- - MaxInterval is a maximal amount of time which - will be taken between retries. - - If not specified then the default value is - "300s". - type: string - resetHeaders: - description: >- - ResetHeaders specifies the list of headers - (like Retry-After or X-RateLimit-Reset) - - to match against the response. Headers are - tried in order, and matched - - case-insensitive. The first header to be - parsed successfully is used. - - If no headers match the default exponential - BackOff is used instead. - items: - properties: - format: - description: The format of the reset header. - enum: - - Seconds - - UnixTimestamp - type: string - name: - description: The Name of the reset header. - maxLength: 256 - minLength: 1 - pattern: ^[a-z0-9!#$%&'*+\-.^_\x60|~]+$ - type: string - required: - - format - - name - type: object - type: array - type: object - retriableRequestHeaders: - description: >- - RetriableRequestHeaders is an HTTP headers which - must be present in the request - - for retries to be attempted. - items: - description: >- - HeaderMatch describes how to select an HTTP - route by matching HTTP request - - headers. - properties: - name: - description: >- - Name is the name of the HTTP Header to be - matched. Name MUST be lower case - - as they will be handled with case - insensitivity (See - https://tools.ietf.org/html/rfc7230#section-3.2). - maxLength: 256 - minLength: 1 - pattern: ^[a-z0-9!#$%&'*+\-.^_\x60|~]+$ - type: string - type: - default: Exact - description: >- - Type specifies how to match against the - value of the header. - enum: - - Exact - - Present - - RegularExpression - - Absent - - Prefix - type: string - value: - description: >- - Value is the value of HTTP Header to be - matched. - type: string - required: - - name - type: object - type: array - retriableResponseHeaders: - description: >- - RetriableResponseHeaders is an HTTP response - headers that trigger a retry - - if present in the response. A retry will be - triggered if any of the header - - matches the upstream response headers. - items: - description: >- - HeaderMatch describes how to select an HTTP - route by matching HTTP request - - headers. - properties: - name: - description: >- - Name is the name of the HTTP Header to be - matched. Name MUST be lower case - - as they will be handled with case - insensitivity (See - https://tools.ietf.org/html/rfc7230#section-3.2). - maxLength: 256 - minLength: 1 - pattern: ^[a-z0-9!#$%&'*+\-.^_\x60|~]+$ - type: string - type: - default: Exact - description: >- - Type specifies how to match against the - value of the header. - enum: - - Exact - - Present - - RegularExpression - - Absent - - Prefix - type: string - value: - description: >- - Value is the value of HTTP Header to be - matched. - type: string - required: - - name - type: object - type: array - retryOn: - description: >- - RetryOn is a list of conditions which will cause a - retry. Available values are: - - [5XX, GatewayError, Reset, Retriable4xx, - ConnectFailure, EnvoyRatelimited, - - RefusedStream, Http3PostConnectFailure, - HttpMethodConnect, HttpMethodDelete, - - HttpMethodGet, HttpMethodHead, HttpMethodOptions, - HttpMethodPatch, - - HttpMethodPost, HttpMethodPut, HttpMethodTrace]. - - Also, any HTTP status code (500, 503, etc.). - example: - - 5XX - - GatewayError - - Reset - - Retriable4xx - - ConnectFailure - - EnvoyRatelimited - - RefusedStream - - Http3PostConnectFailure - - HttpMethodConnect - - HttpMethodDelete - - HttpMethodGet - - HttpMethodHead - - HttpMethodOptions - - HttpMethodPatch - - HttpMethodPost - - HttpMethodPut - - HttpMethodTrace - - '500' - - '503' - items: - type: string - type: array - type: object - tcp: - description: TCP defines a configuration of retries for TCP traffic - properties: - maxConnectAttempt: - description: >- - MaxConnectAttempt is a maximal amount of TCP - connection attempts - - which will be made before giving up - format: int32 - type: integer - type: object - type: object - targetRef: - description: >- - TargetRef is a reference to the resource that represents a - group of - - destinations. - properties: - kind: - description: Kind of the referenced resource - enum: - - Mesh - - MeshSubset - - MeshGateway - - MeshService - - MeshExternalService - - MeshMultiZoneService - - MeshServiceSubset - - MeshHTTPRoute - - Dataplane - type: string - labels: - additionalProperties: - type: string - description: >- - Labels are used to select group of MeshServices that - match labels. Either Labels or - - Name and Namespace can be used. - type: object - mesh: - description: >- - Mesh is reserved for future use to identify cross mesh - resources. - type: string - name: - description: >- - Name of the referenced resource. Can only be used with - kinds: `MeshService`, - - `MeshServiceSubset` and `MeshGatewayRoute` - type: string - namespace: - description: >- - Namespace specifies the namespace of target resource. - If empty only resources in policy namespace - - will be targeted. - type: string - proxyTypes: - description: >- - ProxyTypes specifies the data plane types that are - subject to the policy. When not specified, - - all data plane types are targeted by the policy. - items: - enum: - - Sidecar - - Gateway - type: string - type: array - sectionName: - description: >- - SectionName is used to target specific section of - resource. - - For example, you can target port from - MeshService.ports[] by its name. Only traffic to this - port will be affected. - type: string - tags: - additionalProperties: - type: string - description: >- - Tags used to select a subset of proxies by tags. Can - only be used with kinds - - `MeshSubset` and `MeshServiceSubset` - type: object - required: - - kind - type: object - required: - - targetRef - type: object - type: array - type: object - creationTime: - readOnly: true - type: string - description: Time at which the resource was created - format: date-time - example: '0001-01-01T00:00:00Z' - modificationTime: - readOnly: true - type: string - description: Time at which the resource was updated - format: date-time - example: '0001-01-01T00:00:00Z' - MeshRetryCreateOrUpdateSuccessResponse: - type: object - properties: - warnings: - type: array - readOnly: true - description: > - warnings is a list of warning messages to return to the requesting - Kuma API clients. - - Warning messages describe a problem the client making the API - request should correct or be aware of. - items: - type: string - MeshRetryDeleteSuccessResponse: - type: object - properties: {} - MeshTCPRouteItem: - type: object - required: - - type - - name - - spec - properties: - type: - description: the type of the resource - type: string - enum: - - MeshTCPRoute - mesh: - description: >- - Mesh is the name of the Kuma mesh this resource belongs to. It may - be omitted for cluster-scoped resources. - type: string - default: default - name: - description: Name of the Kuma resource - type: string - labels: - additionalProperties: - type: string - description: The labels to help identity resources - type: object - spec: - description: Spec is the specification of the Kuma MeshTCPRoute resource. - properties: - targetRef: - description: >- - TargetRef is a reference to the resource the policy takes an - effect on. - - The resource could be either a real store object or virtual - resource - - defined in-place. - properties: - kind: - description: Kind of the referenced resource - enum: - - Mesh - - MeshSubset - - MeshGateway - - MeshService - - MeshExternalService - - MeshMultiZoneService - - MeshServiceSubset - - MeshHTTPRoute - - Dataplane - type: string - labels: - additionalProperties: - type: string - description: >- - Labels are used to select group of MeshServices that match - labels. Either Labels or - - Name and Namespace can be used. - type: object - mesh: - description: >- - Mesh is reserved for future use to identify cross mesh - resources. - type: string - name: - description: >- - Name of the referenced resource. Can only be used with - kinds: `MeshService`, - - `MeshServiceSubset` and `MeshGatewayRoute` - type: string - namespace: - description: >- - Namespace specifies the namespace of target resource. If - empty only resources in policy namespace - - will be targeted. - type: string - proxyTypes: - description: >- - ProxyTypes specifies the data plane types that are subject - to the policy. When not specified, - - all data plane types are targeted by the policy. - items: - enum: - - Sidecar - - Gateway - type: string - type: array - sectionName: - description: >- - SectionName is used to target specific section of resource. - - For example, you can target port from MeshService.ports[] by - its name. Only traffic to this port will be affected. - type: string - tags: - additionalProperties: - type: string - description: >- - Tags used to select a subset of proxies by tags. Can only be - used with kinds - - `MeshSubset` and `MeshServiceSubset` - type: object - required: - - kind - type: object - to: - description: >- - To list makes a match between the consumed services and - corresponding - - configurations - items: - properties: - rules: - description: >- - Rules contains the routing rules applies to a combination - of top-level - - targetRef and the targetRef in this entry. - items: - properties: - default: - description: >- - Default holds routing rules that can be merged with - rules from other - - policies. - properties: - backendRefs: - items: - description: BackendRef defines where to forward traffic. - properties: - kind: - description: Kind of the referenced resource - enum: - - Mesh - - MeshSubset - - MeshGateway - - MeshService - - MeshExternalService - - MeshMultiZoneService - - MeshServiceSubset - - MeshHTTPRoute - - Dataplane - type: string - labels: - additionalProperties: - type: string - description: >- - Labels are used to select group of - MeshServices that match labels. Either - Labels or - - Name and Namespace can be used. - type: object - mesh: - description: >- - Mesh is reserved for future use to - identify cross mesh resources. - type: string - name: - description: >- - Name of the referenced resource. Can only - be used with kinds: `MeshService`, - - `MeshServiceSubset` and `MeshGatewayRoute` - type: string - namespace: - description: >- - Namespace specifies the namespace of - target resource. If empty only resources - in policy namespace - - will be targeted. - type: string - port: - description: >- - Port is only supported when this ref - refers to a real MeshService object - format: int32 - type: integer - proxyTypes: - description: >- - ProxyTypes specifies the data plane types - that are subject to the policy. When not - specified, - - all data plane types are targeted by the - policy. - items: - enum: - - Sidecar - - Gateway - type: string - type: array - sectionName: - description: >- - SectionName is used to target specific - section of resource. - - For example, you can target port from - MeshService.ports[] by its name. Only - traffic to this port will be affected. - type: string - tags: - additionalProperties: - type: string - description: >- - Tags used to select a subset of proxies by - tags. Can only be used with kinds - - `MeshSubset` and `MeshServiceSubset` - type: object - weight: - default: 1 - minimum: 0 - type: integer - required: - - kind - type: object - type: array - type: object - required: - - default - type: object - maxItems: 1 - type: array - targetRef: - description: >- - TargetRef is a reference to the resource that represents a - group of - - destinations. - properties: - kind: - description: Kind of the referenced resource - enum: - - Mesh - - MeshSubset - - MeshGateway - - MeshService - - MeshExternalService - - MeshMultiZoneService - - MeshServiceSubset - - MeshHTTPRoute - - Dataplane - type: string - labels: - additionalProperties: - type: string - description: >- - Labels are used to select group of MeshServices that - match labels. Either Labels or - - Name and Namespace can be used. - type: object - mesh: - description: >- - Mesh is reserved for future use to identify cross mesh - resources. - type: string - name: - description: >- - Name of the referenced resource. Can only be used with - kinds: `MeshService`, - - `MeshServiceSubset` and `MeshGatewayRoute` - type: string - namespace: - description: >- - Namespace specifies the namespace of target resource. - If empty only resources in policy namespace - - will be targeted. - type: string - proxyTypes: - description: >- - ProxyTypes specifies the data plane types that are - subject to the policy. When not specified, - - all data plane types are targeted by the policy. - items: - enum: - - Sidecar - - Gateway - type: string - type: array - sectionName: - description: >- - SectionName is used to target specific section of - resource. - - For example, you can target port from - MeshService.ports[] by its name. Only traffic to this - port will be affected. - type: string - tags: - additionalProperties: - type: string - description: >- - Tags used to select a subset of proxies by tags. Can - only be used with kinds - - `MeshSubset` and `MeshServiceSubset` - type: object - required: - - kind - type: object - required: - - rules - - targetRef - type: object - minItems: 1 - type: array - type: object - creationTime: - readOnly: true - type: string - description: Time at which the resource was created - format: date-time - example: '0001-01-01T00:00:00Z' - modificationTime: - readOnly: true - type: string - description: Time at which the resource was updated - format: date-time - example: '0001-01-01T00:00:00Z' - MeshTCPRouteCreateOrUpdateSuccessResponse: - type: object - properties: - warnings: - type: array - readOnly: true - description: > - warnings is a list of warning messages to return to the requesting - Kuma API clients. - - Warning messages describe a problem the client making the API - request should correct or be aware of. - items: - type: string - MeshTCPRouteDeleteSuccessResponse: - type: object - properties: {} - MeshTimeoutItem: - type: object - required: - - type - - name - - spec - properties: - type: - description: the type of the resource - type: string - enum: - - MeshTimeout - mesh: - description: >- - Mesh is the name of the Kuma mesh this resource belongs to. It may - be omitted for cluster-scoped resources. - type: string - default: default - name: - description: Name of the Kuma resource - type: string - labels: - additionalProperties: - type: string - description: The labels to help identity resources - type: object - spec: - description: Spec is the specification of the Kuma MeshTimeout resource. - properties: - from: - description: >- - From list makes a match between clients and corresponding - configurations - items: - properties: - default: - description: >- - Default is a configuration specific to the group of - clients referenced in - - 'targetRef' - properties: - connectionTimeout: - description: >- - ConnectionTimeout specifies the amount of time proxy - will wait for an TCP connection to be established. - - Default value is 5 seconds. Cannot be set to 0. - type: string - http: - description: Http provides configuration for HTTP specific timeouts - properties: - maxConnectionDuration: - description: >- - MaxConnectionDuration is the time after which a - connection will be drained and/or closed, - - starting from when it was first established. - Setting this timeout to 0 will disable it. - - Disabled by default. - type: string - maxStreamDuration: - description: >- - MaxStreamDuration is the maximum time that a - stream’s lifetime will span. - - Setting this timeout to 0 will disable it. - Disabled by default. - type: string - requestHeadersTimeout: - description: >- - RequestHeadersTimeout The amount of time that - proxy will wait for the request headers to be - received. The timer is - - activated when the first byte of the headers is - received, and is disarmed when the last byte of - - the headers has been received. If not specified or - set to 0, this timeout is disabled. - - Disabled by default. - type: string - requestTimeout: - description: >- - RequestTimeout The amount of time that proxy will - wait for the entire request to be received. - - The timer is activated when the request is - initiated, and is disarmed when the last byte of - the request is sent, - - OR when the response is initiated. Setting this - timeout to 0 will disable it. - - Default is 15s. - type: string - streamIdleTimeout: - description: >- - StreamIdleTimeout is the amount of time that proxy - will allow a stream to exist with no activity. - - Setting this timeout to 0 will disable it. Default - is 30m - type: string - type: object - idleTimeout: - description: >- - IdleTimeout is defined as the period in which there - are no bytes sent or received on connection - - Setting this timeout to 0 will disable it. Be cautious - when disabling it because - - it can lead to connection leaking. Default value is - 1h. - type: string - type: object - targetRef: - description: >- - TargetRef is a reference to the resource that represents a - group of - - clients. - properties: - kind: - description: Kind of the referenced resource - enum: - - Mesh - - MeshSubset - - MeshGateway - - MeshService - - MeshExternalService - - MeshMultiZoneService - - MeshServiceSubset - - MeshHTTPRoute - - Dataplane - type: string - labels: - additionalProperties: - type: string - description: >- - Labels are used to select group of MeshServices that - match labels. Either Labels or - - Name and Namespace can be used. - type: object - mesh: - description: >- - Mesh is reserved for future use to identify cross mesh - resources. - type: string - name: - description: >- - Name of the referenced resource. Can only be used with - kinds: `MeshService`, - - `MeshServiceSubset` and `MeshGatewayRoute` - type: string - namespace: - description: >- - Namespace specifies the namespace of target resource. - If empty only resources in policy namespace - - will be targeted. - type: string - proxyTypes: - description: >- - ProxyTypes specifies the data plane types that are - subject to the policy. When not specified, - - all data plane types are targeted by the policy. - items: - enum: - - Sidecar - - Gateway - type: string - type: array - sectionName: - description: >- - SectionName is used to target specific section of - resource. - - For example, you can target port from - MeshService.ports[] by its name. Only traffic to this - port will be affected. - type: string - tags: - additionalProperties: - type: string - description: >- - Tags used to select a subset of proxies by tags. Can - only be used with kinds - - `MeshSubset` and `MeshServiceSubset` - type: object - required: - - kind - type: object - required: - - targetRef - type: object - type: array - rules: - description: >- - Rules defines inbound timeout configurations. Currently limited - to exactly one rule containing - - default timeouts that apply to all inbound traffic, as L7 - matching is not yet implemented. - items: - properties: - default: - description: Default contains configuration of the inbound timeouts - properties: - connectionTimeout: - description: >- - ConnectionTimeout specifies the amount of time proxy - will wait for an TCP connection to be established. - - Default value is 5 seconds. Cannot be set to 0. - type: string - http: - description: Http provides configuration for HTTP specific timeouts - properties: - maxConnectionDuration: - description: >- - MaxConnectionDuration is the time after which a - connection will be drained and/or closed, - - starting from when it was first established. - Setting this timeout to 0 will disable it. - - Disabled by default. - type: string - maxStreamDuration: - description: >- - MaxStreamDuration is the maximum time that a - stream’s lifetime will span. - - Setting this timeout to 0 will disable it. - Disabled by default. - type: string - requestHeadersTimeout: - description: >- - RequestHeadersTimeout The amount of time that - proxy will wait for the request headers to be - received. The timer is - - activated when the first byte of the headers is - received, and is disarmed when the last byte of - - the headers has been received. If not specified or - set to 0, this timeout is disabled. - - Disabled by default. - type: string - requestTimeout: - description: >- - RequestTimeout The amount of time that proxy will - wait for the entire request to be received. - - The timer is activated when the request is - initiated, and is disarmed when the last byte of - the request is sent, - - OR when the response is initiated. Setting this - timeout to 0 will disable it. - - Default is 15s. - type: string - streamIdleTimeout: - description: >- - StreamIdleTimeout is the amount of time that proxy - will allow a stream to exist with no activity. - - Setting this timeout to 0 will disable it. Default - is 30m - type: string - type: object - idleTimeout: - description: >- - IdleTimeout is defined as the period in which there - are no bytes sent or received on connection - - Setting this timeout to 0 will disable it. Be cautious - when disabling it because - - it can lead to connection leaking. Default value is - 1h. - type: string - type: object - type: object - type: array - targetRef: - description: >- - TargetRef is a reference to the resource the policy takes an - effect on. - - The resource could be either a real store object or virtual - resource - - defined inplace. - properties: - kind: - description: Kind of the referenced resource - enum: - - Mesh - - MeshSubset - - MeshGateway - - MeshService - - MeshExternalService - - MeshMultiZoneService - - MeshServiceSubset - - MeshHTTPRoute - - Dataplane - type: string - labels: - additionalProperties: - type: string - description: >- - Labels are used to select group of MeshServices that match - labels. Either Labels or - - Name and Namespace can be used. - type: object - mesh: - description: >- - Mesh is reserved for future use to identify cross mesh - resources. - type: string - name: - description: >- - Name of the referenced resource. Can only be used with - kinds: `MeshService`, - - `MeshServiceSubset` and `MeshGatewayRoute` - type: string - namespace: - description: >- - Namespace specifies the namespace of target resource. If - empty only resources in policy namespace - - will be targeted. - type: string - proxyTypes: - description: >- - ProxyTypes specifies the data plane types that are subject - to the policy. When not specified, - - all data plane types are targeted by the policy. - items: - enum: - - Sidecar - - Gateway - type: string - type: array - sectionName: - description: >- - SectionName is used to target specific section of resource. - - For example, you can target port from MeshService.ports[] by - its name. Only traffic to this port will be affected. - type: string - tags: - additionalProperties: - type: string - description: >- - Tags used to select a subset of proxies by tags. Can only be - used with kinds - - `MeshSubset` and `MeshServiceSubset` - type: object - required: - - kind - type: object - to: - description: >- - To list makes a match between the consumed services and - corresponding configurations - items: - properties: - default: - description: >- - Default is a configuration specific to the group of - destinations referenced in - - 'targetRef' - properties: - connectionTimeout: - description: >- - ConnectionTimeout specifies the amount of time proxy - will wait for an TCP connection to be established. - - Default value is 5 seconds. Cannot be set to 0. - type: string - http: - description: Http provides configuration for HTTP specific timeouts - properties: - maxConnectionDuration: - description: >- - MaxConnectionDuration is the time after which a - connection will be drained and/or closed, - - starting from when it was first established. - Setting this timeout to 0 will disable it. - - Disabled by default. - type: string - maxStreamDuration: - description: >- - MaxStreamDuration is the maximum time that a - stream’s lifetime will span. - - Setting this timeout to 0 will disable it. - Disabled by default. - type: string - requestHeadersTimeout: - description: >- - RequestHeadersTimeout The amount of time that - proxy will wait for the request headers to be - received. The timer is - - activated when the first byte of the headers is - received, and is disarmed when the last byte of - - the headers has been received. If not specified or - set to 0, this timeout is disabled. - - Disabled by default. - type: string - requestTimeout: - description: >- - RequestTimeout The amount of time that proxy will - wait for the entire request to be received. - - The timer is activated when the request is - initiated, and is disarmed when the last byte of - the request is sent, - - OR when the response is initiated. Setting this - timeout to 0 will disable it. - - Default is 15s. - type: string - streamIdleTimeout: - description: >- - StreamIdleTimeout is the amount of time that proxy - will allow a stream to exist with no activity. - - Setting this timeout to 0 will disable it. Default - is 30m - type: string - type: object - idleTimeout: - description: >- - IdleTimeout is defined as the period in which there - are no bytes sent or received on connection - - Setting this timeout to 0 will disable it. Be cautious - when disabling it because - - it can lead to connection leaking. Default value is - 1h. - type: string - type: object - targetRef: - description: >- - TargetRef is a reference to the resource that represents a - group of - - destinations. - properties: - kind: - description: Kind of the referenced resource - enum: - - Mesh - - MeshSubset - - MeshGateway - - MeshService - - MeshExternalService - - MeshMultiZoneService - - MeshServiceSubset - - MeshHTTPRoute - - Dataplane - type: string - labels: - additionalProperties: - type: string - description: >- - Labels are used to select group of MeshServices that - match labels. Either Labels or - - Name and Namespace can be used. - type: object - mesh: - description: >- - Mesh is reserved for future use to identify cross mesh - resources. - type: string - name: - description: >- - Name of the referenced resource. Can only be used with - kinds: `MeshService`, - - `MeshServiceSubset` and `MeshGatewayRoute` - type: string - namespace: - description: >- - Namespace specifies the namespace of target resource. - If empty only resources in policy namespace - - will be targeted. - type: string - proxyTypes: - description: >- - ProxyTypes specifies the data plane types that are - subject to the policy. When not specified, - - all data plane types are targeted by the policy. - items: - enum: - - Sidecar - - Gateway - type: string - type: array - sectionName: - description: >- - SectionName is used to target specific section of - resource. - - For example, you can target port from - MeshService.ports[] by its name. Only traffic to this - port will be affected. - type: string - tags: - additionalProperties: - type: string - description: >- - Tags used to select a subset of proxies by tags. Can - only be used with kinds - - `MeshSubset` and `MeshServiceSubset` - type: object - required: - - kind - type: object - required: - - targetRef - type: object - type: array - type: object - creationTime: - readOnly: true - type: string - description: Time at which the resource was created - format: date-time - example: '0001-01-01T00:00:00Z' - modificationTime: - readOnly: true - type: string - description: Time at which the resource was updated - format: date-time - example: '0001-01-01T00:00:00Z' - MeshTimeoutCreateOrUpdateSuccessResponse: - type: object - properties: - warnings: - type: array - readOnly: true - description: > - warnings is a list of warning messages to return to the requesting - Kuma API clients. - - Warning messages describe a problem the client making the API - request should correct or be aware of. - items: - type: string - MeshTimeoutDeleteSuccessResponse: - type: object - properties: {} - MeshTLSItem: - type: object - required: - - type - - name - - spec - properties: - type: - description: the type of the resource - type: string - enum: - - MeshTLS - mesh: - description: >- - Mesh is the name of the Kuma mesh this resource belongs to. It may - be omitted for cluster-scoped resources. - type: string - default: default - name: - description: Name of the Kuma resource - type: string - labels: - additionalProperties: - type: string - description: The labels to help identity resources - type: object - spec: - description: Spec is the specification of the Kuma MeshTLS resource. - properties: - from: - description: >- - From list makes a match between clients and corresponding - configurations - items: - properties: - default: - description: >- - Default is a configuration specific to the group of - clients referenced in - - 'targetRef' - properties: - mode: - description: >- - Mode defines the behavior of inbound listeners with - regard to traffic encryption. - enum: - - Permissive - - Strict - type: string - tlsCiphers: - description: >- - TlsCiphers section for providing ciphers - specification. - items: - enum: - - ECDHE-ECDSA-AES128-GCM-SHA256 - - ECDHE-ECDSA-AES256-GCM-SHA384 - - ECDHE-ECDSA-CHACHA20-POLY1305 - - ECDHE-RSA-AES128-GCM-SHA256 - - ECDHE-RSA-AES256-GCM-SHA384 - - ECDHE-RSA-CHACHA20-POLY1305 - type: string - type: array - tlsVersion: - description: Version section for providing version specification. - properties: - max: - default: TLSAuto - description: >- - Max defines maximum supported version. One of - `TLSAuto`, `TLS10`, `TLS11`, `TLS12`, `TLS13`. - enum: - - TLSAuto - - TLS10 - - TLS11 - - TLS12 - - TLS13 - type: string - min: - default: TLSAuto - description: >- - Min defines minimum supported version. One of - `TLSAuto`, `TLS10`, `TLS11`, `TLS12`, `TLS13`. - enum: - - TLSAuto - - TLS10 - - TLS11 - - TLS12 - - TLS13 - type: string - type: object - type: object - targetRef: - description: >- - TargetRef is a reference to the resource that represents a - group of - - clients. - properties: - kind: - description: Kind of the referenced resource - enum: - - Mesh - - MeshSubset - - MeshGateway - - MeshService - - MeshExternalService - - MeshMultiZoneService - - MeshServiceSubset - - MeshHTTPRoute - - Dataplane - type: string - labels: - additionalProperties: - type: string - description: >- - Labels are used to select group of MeshServices that - match labels. Either Labels or - - Name and Namespace can be used. - type: object - mesh: - description: >- - Mesh is reserved for future use to identify cross mesh - resources. - type: string - name: - description: >- - Name of the referenced resource. Can only be used with - kinds: `MeshService`, - - `MeshServiceSubset` and `MeshGatewayRoute` - type: string - namespace: - description: >- - Namespace specifies the namespace of target resource. - If empty only resources in policy namespace - - will be targeted. - type: string - proxyTypes: - description: >- - ProxyTypes specifies the data plane types that are - subject to the policy. When not specified, - - all data plane types are targeted by the policy. - items: - enum: - - Sidecar - - Gateway - type: string - type: array - sectionName: - description: >- - SectionName is used to target specific section of - resource. - - For example, you can target port from - MeshService.ports[] by its name. Only traffic to this - port will be affected. - type: string - tags: - additionalProperties: - type: string - description: >- - Tags used to select a subset of proxies by tags. Can - only be used with kinds - - `MeshSubset` and `MeshServiceSubset` - type: object - required: - - kind - type: object - required: - - targetRef - type: object - type: array - rules: - description: >- - Rules defines inbound tls configurations. Currently limited to - - selecting all inbound traffic, as L7 matching is not yet - implemented. - items: - properties: - default: - description: Default contains configuration of the inbound tls - properties: - mode: - description: >- - Mode defines the behavior of inbound listeners with - regard to traffic encryption. - enum: - - Permissive - - Strict - type: string - tlsCiphers: - description: >- - TlsCiphers section for providing ciphers - specification. - items: - enum: - - ECDHE-ECDSA-AES128-GCM-SHA256 - - ECDHE-ECDSA-AES256-GCM-SHA384 - - ECDHE-ECDSA-CHACHA20-POLY1305 - - ECDHE-RSA-AES128-GCM-SHA256 - - ECDHE-RSA-AES256-GCM-SHA384 - - ECDHE-RSA-CHACHA20-POLY1305 - type: string - type: array - tlsVersion: - description: Version section for providing version specification. - properties: - max: - default: TLSAuto - description: >- - Max defines maximum supported version. One of - `TLSAuto`, `TLS10`, `TLS11`, `TLS12`, `TLS13`. - enum: - - TLSAuto - - TLS10 - - TLS11 - - TLS12 - - TLS13 - type: string - min: - default: TLSAuto - description: >- - Min defines minimum supported version. One of - `TLSAuto`, `TLS10`, `TLS11`, `TLS12`, `TLS13`. - enum: - - TLSAuto - - TLS10 - - TLS11 - - TLS12 - - TLS13 - type: string - type: object - type: object - type: object - type: array - targetRef: - description: >- - TargetRef is a reference to the resource the policy takes an - effect on. - - The resource could be either a real store object or virtual - resource - - defined in-place. - properties: - kind: - description: Kind of the referenced resource - enum: - - Mesh - - MeshSubset - - MeshGateway - - MeshService - - MeshExternalService - - MeshMultiZoneService - - MeshServiceSubset - - MeshHTTPRoute - - Dataplane - type: string - labels: - additionalProperties: - type: string - description: >- - Labels are used to select group of MeshServices that match - labels. Either Labels or - - Name and Namespace can be used. - type: object - mesh: - description: >- - Mesh is reserved for future use to identify cross mesh - resources. - type: string - name: - description: >- - Name of the referenced resource. Can only be used with - kinds: `MeshService`, - - `MeshServiceSubset` and `MeshGatewayRoute` - type: string - namespace: - description: >- - Namespace specifies the namespace of target resource. If - empty only resources in policy namespace - - will be targeted. - type: string - proxyTypes: - description: >- - ProxyTypes specifies the data plane types that are subject - to the policy. When not specified, - - all data plane types are targeted by the policy. - items: - enum: - - Sidecar - - Gateway - type: string - type: array - sectionName: - description: >- - SectionName is used to target specific section of resource. - - For example, you can target port from MeshService.ports[] by - its name. Only traffic to this port will be affected. - type: string - tags: - additionalProperties: - type: string - description: >- - Tags used to select a subset of proxies by tags. Can only be - used with kinds - - `MeshSubset` and `MeshServiceSubset` - type: object - required: - - kind - type: object - type: object - creationTime: - readOnly: true - type: string - description: Time at which the resource was created - format: date-time - example: '0001-01-01T00:00:00Z' - modificationTime: - readOnly: true - type: string - description: Time at which the resource was updated - format: date-time - example: '0001-01-01T00:00:00Z' - MeshTLSCreateOrUpdateSuccessResponse: - type: object - properties: - warnings: - type: array - readOnly: true - description: > - warnings is a list of warning messages to return to the requesting - Kuma API clients. - - Warning messages describe a problem the client making the API - request should correct or be aware of. - items: - type: string - MeshTLSDeleteSuccessResponse: - type: object - properties: {} - MeshTraceItem: - type: object - required: - - type - - name - - spec - properties: - type: - description: the type of the resource - type: string - enum: - - MeshTrace - mesh: - description: >- - Mesh is the name of the Kuma mesh this resource belongs to. It may - be omitted for cluster-scoped resources. - type: string - default: default - name: - description: Name of the Kuma resource - type: string - labels: - additionalProperties: - type: string - description: The labels to help identity resources - type: object - spec: - description: Spec is the specification of the Kuma MeshTrace resource. - properties: - default: - description: MeshTrace configuration. - properties: - backends: - description: >- - A one element array of backend definition. - - Envoy allows configuring only 1 backend, so the natural way - of - - representing that would be just one object. Unfortunately - due to the - - reasons explained in MADR 009-tracing-policy this has to be - a one element - - array for now. - items: - description: Only one of zipkin, datadog or openTelemetry can be used. - properties: - datadog: - description: Datadog backend configuration. - properties: - splitService: - default: false - description: >- - Determines if datadog service name should be split - based on traffic - - direction and destination. For example, with - `splitService: true` and a - - `backend` service that communicates with a couple - of databases, you would - - get service names like `backend_INBOUND`, - `backend_OUTBOUND_db1`, and - - `backend_OUTBOUND_db2` in Datadog. - type: boolean - url: - description: >- - Address of Datadog collector, only host and port - are allowed (no paths, - - fragments etc.) - type: string - required: - - url - type: object - openTelemetry: - description: OpenTelemetry backend configuration. - properties: - endpoint: - description: Address of OpenTelemetry collector. - example: otel-collector:4317 - minLength: 1 - type: string - required: - - endpoint - type: object - type: - enum: - - Zipkin - - Datadog - - OpenTelemetry - type: string - zipkin: - description: Zipkin backend configuration. - properties: - apiVersion: - default: httpJson - description: >- - Version of the API. - - https://github.com/envoyproxy/envoy/blob/v1.22.0/api/envoy/config/trace/v3/zipkin.proto#L66 - enum: - - httpJson - - httpProto - type: string - sharedSpanContext: - default: true - description: >- - Determines whether client and server spans will - share the same span - - context. - - https://github.com/envoyproxy/envoy/blob/v1.22.0/api/envoy/config/trace/v3/zipkin.proto#L63 - type: boolean - traceId128bit: - default: false - description: Generate 128bit traces. - type: boolean - url: - description: Address of Zipkin collector. - type: string - required: - - url - type: object - required: - - type - type: object - maxItems: 1 - type: array - sampling: - description: >- - Sampling configuration. - - Sampling is the process by which a decision is made on - whether to - - process/export a span or not. - properties: - client: - anyOf: - - type: integer - - type: string - description: >- - Target percentage of requests that will be force traced - if the - - 'x-client-trace-id' header is set. Mirror of - client_sampling in Envoy - - https://github.com/envoyproxy/envoy/blob/v1.22.0/api/envoy/config/filter/network/http_connection_manager/v2/http_connection_manager.proto#L127-L133 - - Either int or decimal represented as string. - - If not specified then the default value is 100. - x-kubernetes-int-or-string: true - overall: - anyOf: - - type: integer - - type: string - description: >- - Target percentage of requests will be traced - - after all other sampling checks have been applied - (client, force tracing, - - random sampling). This field functions as an upper limit - on the total - - configured sampling rate. For instance, setting client - to 100 - - but overall to 1 will result in only 1% of client - requests with - - the appropriate headers to be force traced. Mirror of - - overall_sampling in Envoy - - https://github.com/envoyproxy/envoy/blob/v1.22.0/api/envoy/config/filter/network/http_connection_manager/v2/http_connection_manager.proto#L142-L150 - - Either int or decimal represented as string. - - If not specified then the default value is 100. - x-kubernetes-int-or-string: true - random: - anyOf: - - type: integer - - type: string - description: >- - Target percentage of requests that will be randomly - selected for trace - - generation, if not requested by the client or not - forced. - - Mirror of random_sampling in Envoy - - https://github.com/envoyproxy/envoy/blob/v1.22.0/api/envoy/config/filter/network/http_connection_manager/v2/http_connection_manager.proto#L135-L140 - - Either int or decimal represented as string. - - If not specified then the default value is 100. - x-kubernetes-int-or-string: true - type: object - tags: - description: >- - Custom tags configuration. You can add custom tags to traces - based on - - headers or literal values. - items: - description: |- - Custom tags configuration. - Only one of literal or header can be used. - properties: - header: - description: Tag taken from a header. - properties: - default: - description: >- - Default value to use if header is missing. - - If the default is missing and there is no value - the tag will not be - - included. - type: string - name: - description: Name of the header. - type: string - required: - - name - type: object - literal: - description: Tag taken from literal value. - type: string - name: - description: Name of the tag. - type: string - required: - - name - type: object - type: array - type: object - targetRef: - description: >- - TargetRef is a reference to the resource the policy takes an - effect on. - - The resource could be either a real store object or virtual - resource - - defined inplace. - properties: - kind: - description: Kind of the referenced resource - enum: - - Mesh - - MeshSubset - - MeshGateway - - MeshService - - MeshExternalService - - MeshMultiZoneService - - MeshServiceSubset - - MeshHTTPRoute - - Dataplane - type: string - labels: - additionalProperties: - type: string - description: >- - Labels are used to select group of MeshServices that match - labels. Either Labels or - - Name and Namespace can be used. - type: object - mesh: - description: >- - Mesh is reserved for future use to identify cross mesh - resources. - type: string - name: - description: >- - Name of the referenced resource. Can only be used with - kinds: `MeshService`, - - `MeshServiceSubset` and `MeshGatewayRoute` - type: string - namespace: - description: >- - Namespace specifies the namespace of target resource. If - empty only resources in policy namespace - - will be targeted. - type: string - proxyTypes: - description: >- - ProxyTypes specifies the data plane types that are subject - to the policy. When not specified, - - all data plane types are targeted by the policy. - items: - enum: - - Sidecar - - Gateway - type: string - type: array - sectionName: - description: >- - SectionName is used to target specific section of resource. - - For example, you can target port from MeshService.ports[] by - its name. Only traffic to this port will be affected. - type: string - tags: - additionalProperties: - type: string - description: >- - Tags used to select a subset of proxies by tags. Can only be - used with kinds - - `MeshSubset` and `MeshServiceSubset` - type: object - required: - - kind - type: object - type: object - creationTime: - readOnly: true - type: string - description: Time at which the resource was created - format: date-time - example: '0001-01-01T00:00:00Z' - modificationTime: - readOnly: true - type: string - description: Time at which the resource was updated - format: date-time - example: '0001-01-01T00:00:00Z' - MeshTraceCreateOrUpdateSuccessResponse: - type: object - properties: - warnings: - type: array - readOnly: true - description: > - warnings is a list of warning messages to return to the requesting - Kuma API clients. - - Warning messages describe a problem the client making the API - request should correct or be aware of. - items: - type: string - MeshTraceDeleteSuccessResponse: - type: object - properties: {} - MeshTrafficPermissionItem: - type: object - required: - - type - - name - - spec - properties: - type: - description: the type of the resource - type: string - enum: - - MeshTrafficPermission - mesh: - description: >- - Mesh is the name of the Kuma mesh this resource belongs to. It may - be omitted for cluster-scoped resources. - type: string - default: default - name: - description: Name of the Kuma resource - type: string - labels: - additionalProperties: - type: string - description: The labels to help identity resources - type: object - spec: - description: >- - Spec is the specification of the Kuma MeshTrafficPermission - resource. - properties: - from: - description: >- - From list makes a match between clients and corresponding - configurations - items: - properties: - default: - description: >- - Default is a configuration specific to the group of - clients referenced in - - 'targetRef' - properties: - action: - description: >- - Action defines a behavior for the specified group of - clients: - enum: - - Allow - - Deny - - AllowWithShadowDeny - type: string - type: object - targetRef: - description: >- - TargetRef is a reference to the resource that represents a - group of - - clients. - properties: - kind: - description: Kind of the referenced resource - enum: - - Mesh - - MeshSubset - - MeshGateway - - MeshService - - MeshExternalService - - MeshMultiZoneService - - MeshServiceSubset - - MeshHTTPRoute - - Dataplane - type: string - labels: - additionalProperties: - type: string - description: >- - Labels are used to select group of MeshServices that - match labels. Either Labels or - - Name and Namespace can be used. - type: object - mesh: - description: >- - Mesh is reserved for future use to identify cross mesh - resources. - type: string - name: - description: >- - Name of the referenced resource. Can only be used with - kinds: `MeshService`, - - `MeshServiceSubset` and `MeshGatewayRoute` - type: string - namespace: - description: >- - Namespace specifies the namespace of target resource. - If empty only resources in policy namespace - - will be targeted. - type: string - proxyTypes: - description: >- - ProxyTypes specifies the data plane types that are - subject to the policy. When not specified, - - all data plane types are targeted by the policy. - items: - enum: - - Sidecar - - Gateway - type: string - type: array - sectionName: - description: >- - SectionName is used to target specific section of - resource. - - For example, you can target port from - MeshService.ports[] by its name. Only traffic to this - port will be affected. - type: string - tags: - additionalProperties: - type: string - description: >- - Tags used to select a subset of proxies by tags. Can - only be used with kinds - - `MeshSubset` and `MeshServiceSubset` - type: object - required: - - kind - type: object - required: - - targetRef - type: object - type: array - targetRef: - description: >- - TargetRef is a reference to the resource the policy takes an - effect on. - - The resource could be either a real store object or virtual - resource - - defined inplace. - properties: - kind: - description: Kind of the referenced resource - enum: - - Mesh - - MeshSubset - - MeshGateway - - MeshService - - MeshExternalService - - MeshMultiZoneService - - MeshServiceSubset - - MeshHTTPRoute - - Dataplane - type: string - labels: - additionalProperties: - type: string - description: >- - Labels are used to select group of MeshServices that match - labels. Either Labels or - - Name and Namespace can be used. - type: object - mesh: - description: >- - Mesh is reserved for future use to identify cross mesh - resources. - type: string - name: - description: >- - Name of the referenced resource. Can only be used with - kinds: `MeshService`, - - `MeshServiceSubset` and `MeshGatewayRoute` - type: string - namespace: - description: >- - Namespace specifies the namespace of target resource. If - empty only resources in policy namespace - - will be targeted. - type: string - proxyTypes: - description: >- - ProxyTypes specifies the data plane types that are subject - to the policy. When not specified, - - all data plane types are targeted by the policy. - items: - enum: - - Sidecar - - Gateway - type: string - type: array - sectionName: - description: >- - SectionName is used to target specific section of resource. - - For example, you can target port from MeshService.ports[] by - its name. Only traffic to this port will be affected. - type: string - tags: - additionalProperties: - type: string - description: >- - Tags used to select a subset of proxies by tags. Can only be - used with kinds - - `MeshSubset` and `MeshServiceSubset` - type: object - required: - - kind - type: object - type: object - creationTime: - readOnly: true - type: string - description: Time at which the resource was created - format: date-time - example: '0001-01-01T00:00:00Z' - modificationTime: - readOnly: true - type: string - description: Time at which the resource was updated - format: date-time - example: '0001-01-01T00:00:00Z' - MeshTrafficPermissionCreateOrUpdateSuccessResponse: - type: object - properties: - warnings: - type: array - readOnly: true - description: > - warnings is a list of warning messages to return to the requesting - Kuma API clients. - - Warning messages describe a problem the client making the API - request should correct or be aware of. - items: - type: string - MeshTrafficPermissionDeleteSuccessResponse: - type: object - properties: {} - BuiltinCertificateAuthorityConfig: - properties: - caCert: - properties: - expiration: - type: string - rsaBits: - format: uint32 - type: integer - type: object - type: object - DatadogTracingBackendConfig: - properties: - address: - description: Address of datadog collector. - type: string - port: - description: Port of datadog collector - type: integer - splitService: - description: >- - Determines if datadog service name should be split based on traffic - - direction and destination. For example, with `splitService: true` - and a - - `backend` service that communicates with a couple of databases, you - would - - get service names like `backend_INBOUND`, `backend_OUTBOUND_db1`, - and - - `backend_OUTBOUND_db2` in Datadog. Default: false - type: boolean - type: object - DataplaneItem: - properties: - labels: - additionalProperties: - type: string - type: object - mesh: - type: string - metrics: - description: >- - Configuration for metrics that should be collected and exposed by - the - - data plane proxy. - - - Settings defined here will override their respective defaults - - defined at a Mesh level. - properties: - conf: - oneOf: - - $ref: '#/components/schemas/PrometheusMetricsBackendConfig' - type: object - name: - description: >- - Name of the backend, can be then used in - Mesh.metrics.enabledBackend - type: string - type: - description: Type of the backend (Kuma ships with 'prometheus') - type: string - type: object - name: - type: string - networking: - description: >- - Networking describes inbound and outbound interfaces of the data - plane - - proxy. - properties: - address: - description: >- - IP on which the data plane proxy is accessible to the control - plane and - - other data plane proxies in the same network. This can also be a - - hostname, in which case the control plane will periodically - resolve it. - type: string - admin: - description: >- - Admin describes configuration related to Envoy Admin API. - - Due to security, all the Envoy Admin endpoints are exposed only - on - - localhost. Additionally, Envoy will expose `/ready` endpoint on - - `networking.address` for health checking systems to be able to - check the - - state of Envoy. The rest of the endpoints exposed on - `networking.address` - - are always protected by mTLS and only meant to be consumed - internally by - - the control plane. - properties: - port: - description: Port on which Envoy Admin API server will be listening - type: integer - type: object - advertisedAddress: - description: >- - In some situations, a data plane proxy resides in a private - network (e.g. - - Docker) and is not reachable via `address` to other data plane - proxies. - - `advertisedAddress` is configured with a routable address for - such data - - plane proxy so that other proxies in the mesh can connect to it - over - - `advertisedAddress` and not via address. - - - Envoy still binds to the `address`, not `advertisedAddress`. - type: string - gateway: - description: >- - Gateway describes a configuration of the gateway of the data - plane proxy. - properties: - tags: - additionalProperties: - type: string - description: >- - Tags associated with a gateway of this data plane to, e.g. - - `kuma.io/service=gateway`, `env=prod`. `kuma.io/service` tag - is - - mandatory. - type: object - type: - description: >- - Type of gateway this data plane proxy manages. - - There are two types: `DELEGATED` and `BUILTIN`. Defaults to - - `DELEGATED`. - - - A `DELEGATED` gateway is an independently deployed proxy - (e.g., Kong, - - Contour, etc) that receives inbound traffic that is not - proxied by - - Kuma, and it sends outbound traffic into the data plane - proxy. - - - The `BUILTIN` gateway type causes the data plane proxy - itself to be - - configured as a gateway. - - - See https://kuma.io/docs/latest/explore/gateway/ for more - information. - oneOf: - - type: string - - type: integer - type: object - inbound: - description: >- - Inbound describes a list of inbound interfaces of the data plane - proxy. - - - Inbound describes a service implemented by the data plane proxy. - - All incoming traffic to a data plane proxy is going through - inbound - - listeners. For every defined Inbound there is a corresponding - Envoy - - Listener. - items: - description: >- - Inbound describes a service implemented by the data plane - proxy. - properties: - address: - description: |- - Address on which inbound listener will be exposed. - Defaults to `networking.address`. - type: string - health: - description: >- - Health describes the status of an inbound. - - If 'health' is nil we consider data plane proxy as - healthy. - - Unhealthy data plane proxies are excluded from Endpoints - Discovery - - Service (EDS). On Kubernetes, it is filled automatically - by the control - - plane if Pod has readiness probe configured. On Universal, - it can be - - set by the external health checking system, but the most - common way is - - to use service probes. - - - See https://kuma.io/docs/latest/documentation/health for - more - - information. - properties: - ready: - description: >- - Ready indicates if the data plane proxy is ready to - serve the - - traffic. - type: boolean - type: object - name: - description: >- - Name adds another way of referencing this port, usable - with MeshService - type: string - port: - description: >- - Port of the inbound interface that will forward requests - to the - - service. - - - When transparent proxying is used, it is a port on which - the service is - - listening to. When transparent proxying is not used, Envoy - will bind to - - this port. - type: integer - serviceAddress: - description: >- - Address of the service that requests will be forwarded to. - - Defaults to 'inbound.address', since Kuma DP should be - deployed next - - to the service. - type: string - servicePort: - description: |- - Port of the service that requests will be forwarded to. - Defaults to the same value as `port`. - type: integer - serviceProbe: - description: >- - ServiceProbe defines parameters for probing the service - next to - - sidecar. When service probe is defined, Envoy will - periodically health - - check the application next to it and report the status to - the control - - plane. On Kubernetes, Kuma deployments rely on Kubernetes - probes so - - this is not used. - - - See https://kuma.io/docs/latest/documentation/health for - more - - information. - properties: - healthyThreshold: - description: >- - Number of consecutive healthy checks before - considering a host - - healthy. - format: uint32 - type: integer - interval: - description: Interval between consecutive health checks. - properties: - nanos: - type: integer - seconds: - type: integer - type: object - tcp: - description: >- - Tcp checker tries to establish tcp connection with - destination - properties: {} - type: object - timeout: - description: Maximum time to wait for a health check response. - properties: - nanos: - type: integer - seconds: - type: integer - type: object - unhealthyThreshold: - description: >- - Number of consecutive unhealthy checks before - considering a host - - unhealthy. - format: uint32 - type: integer - type: object - state: - description: State describes the current state of the listener. - oneOf: - - type: string - - type: integer - tags: - additionalProperties: - type: string - description: >- - Tags associated with an application this data plane proxy - is deployed - - next to, e.g. `kuma.io/service=web`, `version=1.0`. You - can then - - reference these tags in policies like - MeshTrafficPermission. - - `kuma.io/service` tag is mandatory. - type: object - type: object - type: array - outbound: - description: >- - Outbound describes a list of services consumed by the data plane - proxy. - - For every defined Outbound, there is a corresponding Envoy - Listener. - items: - description: Outbound describes a service consumed by the data plane proxy. - properties: - address: - description: >- - IP on which the consumed service will be available to this - data plane - - proxy. On Kubernetes, it's usually ClusterIP of a Service - or PodIP of a - - Headless Service. Defaults to 127.0.0.1 - type: string - backendRef: - description: |- - BackendRef is a way to target MeshService. - Experimental. Do not use on production yet. - properties: - kind: - description: >- - Kind is a type of the object to target. Allowed: - MeshService - type: string - labels: - additionalProperties: - type: string - description: >- - Labels to select a single object. - - If no object is selected then outbound is not created. - - If multiple objects are selected then the oldest one - is used. - type: object - name: - description: Name of the targeted object - type: string - port: - description: >- - Port of the targeted object. Required when kind is - MeshService. - type: integer - type: object - port: - description: >- - Port on which the consumed service will be available to - this data plane - - proxy. When transparent proxying is not used, Envoy will - bind to this - - port. - type: integer - tags: - additionalProperties: - type: string - description: >- - Tags of consumed data plane proxies. - - `kuma.io/service` tag is required. - - These tags can then be referenced in `destinations` - section of policies - - like TrafficRoute or in `to` section in policies like - MeshAccessLog. It - - is recommended to only use `kuma.io/service`. If you need - to consume - - specific data plane proxy of a service (for example: - `version=v2`) the - - better practice is to use TrafficRoute. - type: object - type: object - type: array - transparentProxying: - description: >- - TransparentProxying describes the configuration for transparent - proxying. - - It is used by default on Kubernetes. - properties: - directAccessServices: - description: >- - List of services that will be accessed directly via IP:PORT - - Use `*` to indicate direct access to every service in the - Mesh. - - Using `*` to directly access every service is a - resource-intensive - - operation, use it only if needed. - items: - type: string - type: array - ipFamilyMode: - description: >- - The IP family mode to enable for. Can be "IPv4" or - "DualStack". - oneOf: - - type: string - - type: integer - reachableBackends: - description: >- - Reachable backend via transparent proxy when running with - - MeshExternalService, MeshService and MeshMultiZoneService. - Setting an - - explicit list of refs can dramatically improve the - performance of the - - mesh. If not specified, all services in the mesh are - reachable. - properties: - refs: - items: - properties: - kind: - description: "Type of the backend: MeshService or MeshExternalService\n\n\t+required" - type: string - labels: - additionalProperties: - type: string - description: "Labels used to select backends\n\n\t+optional" - type: object - name: - description: "Name of the backend.\n\n\t+optional" - type: string - namespace: - description: "Namespace of the backend. Might be empty\n\n\t+optional" - type: string - port: - description: "Port of the backend.\n\n\t+optional" - format: uint32 - type: integer - type: object - type: array - type: object - reachableServices: - description: >- - List of reachable services (represented by the value of - - `kuma.io/service`) via transparent proxying. Setting an - explicit list - - can dramatically improve the performance of the mesh. If not - specified, - - all services in the mesh are reachable. - items: - type: string - type: array - redirectPortInbound: - description: >- - Port on which all inbound traffic is being transparently - redirected. - type: integer - redirectPortOutbound: - description: >- - Port on which all outbound traffic is being transparently - redirected. - type: integer - type: object - type: object - probes: - description: >- - Probes describe a list of endpoints that will be exposed without - mTLS. - - This is useful to expose the health endpoints of the application so - the - - orchestration system (e.g. Kubernetes) can still health check the - - application. - - - See - - https://kuma.io/docs/latest/policies/service-health-probes/#virtual-probes - - for more information. - - Deprecated: this feature will be removed for Universal; on - Kubernetes, it's - - not needed anymore. - properties: - endpoints: - description: List of endpoints to expose without mTLS. - items: - properties: - inboundPath: - description: >- - Inbound path is a path of the application from which we - expose the - - endpoint. It is recommended to be as specific as possible. - type: string - inboundPort: - description: >- - Inbound port is a port of the application from which we - expose the - - endpoint. - type: integer - path: - description: >- - Path is a path on which we expose inbound path on the - probes port. - type: string - type: object - type: array - port: - description: >- - Port on which the probe endpoints will be exposed. This cannot - overlap - - with any other ports. - type: integer - type: object - type: - type: string - required: - - type - - name - - mesh - type: object - DataplaneCreateOrUpdateSuccessResponse: - type: object - properties: - warnings: - type: array - readOnly: true - description: > - warnings is a list of warning messages to return to the requesting - Kuma API clients. - - Warning messages describe a problem the client making the API - request should correct or be aware of. - items: - type: string - DataplaneDeleteSuccessResponse: - type: object - properties: {} - PrometheusMetricsBackendConfig: - properties: - aggregate: - description: >- - Map with the configuration of applications which metrics are going - to be - - scrapped by kuma-dp. - items: - description: >- - PrometheusAggregateMetricsConfig defines endpoints that should be - scrapped by kuma-dp for prometheus metrics. - properties: - address: - description: >- - Address on which a service expose HTTP endpoint with - Prometheus metrics. - type: string - enabled: - description: >- - If false then the application won't be scrapped. If nil, then - it is treated - - as true and kuma-dp scrapes metrics from the service. - type: boolean - name: - description: Name which identify given configuration. - type: string - path: - description: >- - Path on which a service expose HTTP endpoint with Prometheus - metrics. - type: string - port: - description: >- - Port on which a service expose HTTP endpoint with Prometheus - metrics. - type: integer - type: object - type: array - envoy: - description: Configuration of Envoy's metrics. - properties: - filterRegex: - description: >- - FilterRegex value that is going to be passed to Envoy for - filtering - - Envoy metrics. - type: string - usedOnly: - description: >- - If true then return metrics that Envoy has updated (counters - incremented - - at least once, gauges changed at least once, and histograms - added to at - - least once). If nil, then it is treated as false. - type: boolean - type: object - path: - description: >- - Path on which a dataplane should expose HTTP endpoint with - Prometheus - - metrics. - type: string - port: - description: >- - Port on which a dataplane should expose HTTP endpoint with - Prometheus - - metrics. - type: integer - skipMTLS: - description: >- - If true then endpoints for scraping metrics won't require mTLS even - if mTLS - - is enabled in Mesh. If nil, then it is treated as false. - type: boolean - tags: - additionalProperties: - type: string - description: >- - Tags associated with an application this dataplane is deployed next - to, - - e.g. service=web, version=1.0. - - `service` tag is mandatory. - type: object - tls: - description: Configuration of TLS for prometheus listener. - properties: - mode: - description: >- - mode defines how configured is the TLS for Prometheus. - - Supported values, delegated, disabled, activeMTLSBackend. - Default to - - `activeMTLSBackend`. - oneOf: - - type: string - - type: integer - type: object - type: object - DataplaneOverviewWithMeta: - allOf: - - $ref: '#/components/schemas/Meta' - - $ref: '#/components/schemas/DataplaneOverview' - DataplaneOverview: - properties: - dataplane: - properties: - metrics: - description: >- - Configuration for metrics that should be collected and exposed - by the - - data plane proxy. - - - Settings defined here will override their respective defaults - - defined at a Mesh level. - properties: - conf: - oneOf: - - $ref: '#/components/schemas/PrometheusMetricsBackendConfig' - type: object - name: - description: >- - Name of the backend, can be then used in - Mesh.metrics.enabledBackend - type: string - type: - description: Type of the backend (Kuma ships with 'prometheus') - type: string - type: object - networking: - description: >- - Networking describes inbound and outbound interfaces of the data - plane - - proxy. - properties: - address: - description: >- - IP on which the data plane proxy is accessible to the - control plane and - - other data plane proxies in the same network. This can also - be a - - hostname, in which case the control plane will periodically - resolve it. - type: string - admin: - description: >- - Admin describes configuration related to Envoy Admin API. - - Due to security, all the Envoy Admin endpoints are exposed - only on - - localhost. Additionally, Envoy will expose `/ready` endpoint - on - - `networking.address` for health checking systems to be able - to check the - - state of Envoy. The rest of the endpoints exposed on - `networking.address` - - are always protected by mTLS and only meant to be consumed - internally by - - the control plane. - properties: - port: - description: Port on which Envoy Admin API server will be listening - type: integer - type: object - advertisedAddress: - description: >- - In some situations, a data plane proxy resides in a private - network (e.g. - - Docker) and is not reachable via `address` to other data - plane proxies. - - `advertisedAddress` is configured with a routable address - for such data - - plane proxy so that other proxies in the mesh can connect to - it over - - `advertisedAddress` and not via address. - - - Envoy still binds to the `address`, not `advertisedAddress`. - type: string - gateway: - description: >- - Gateway describes a configuration of the gateway of the data - plane proxy. - properties: - tags: - additionalProperties: - type: string - description: >- - Tags associated with a gateway of this data plane to, - e.g. - - `kuma.io/service=gateway`, `env=prod`. `kuma.io/service` - tag is - - mandatory. - type: object - type: - description: >- - Type of gateway this data plane proxy manages. - - There are two types: `DELEGATED` and `BUILTIN`. Defaults - to - - `DELEGATED`. - - - A `DELEGATED` gateway is an independently deployed proxy - (e.g., Kong, - - Contour, etc) that receives inbound traffic that is not - proxied by - - Kuma, and it sends outbound traffic into the data plane - proxy. - - - The `BUILTIN` gateway type causes the data plane proxy - itself to be - - configured as a gateway. - - - See https://kuma.io/docs/latest/explore/gateway/ for - more information. - oneOf: - - type: string - - type: integer - type: object - inbound: - description: >- - Inbound describes a list of inbound interfaces of the data - plane proxy. - - - Inbound describes a service implemented by the data plane - proxy. - - All incoming traffic to a data plane proxy is going through - inbound - - listeners. For every defined Inbound there is a - corresponding Envoy - - Listener. - items: - description: >- - Inbound describes a service implemented by the data plane - proxy. - properties: - address: - description: |- - Address on which inbound listener will be exposed. - Defaults to `networking.address`. - type: string - health: - description: >- - Health describes the status of an inbound. - - If 'health' is nil we consider data plane proxy as - healthy. - - Unhealthy data plane proxies are excluded from - Endpoints Discovery - - Service (EDS). On Kubernetes, it is filled - automatically by the control - - plane if Pod has readiness probe configured. On - Universal, it can be - - set by the external health checking system, but the - most common way is - - to use service probes. - - - See https://kuma.io/docs/latest/documentation/health - for more - - information. - properties: - ready: - description: >- - Ready indicates if the data plane proxy is ready - to serve the - - traffic. - type: boolean - type: object - name: - description: >- - Name adds another way of referencing this port, usable - with MeshService - type: string - port: - description: >- - Port of the inbound interface that will forward - requests to the - - service. - - - When transparent proxying is used, it is a port on - which the service is - - listening to. When transparent proxying is not used, - Envoy will bind to - - this port. - type: integer - serviceAddress: - description: >- - Address of the service that requests will be forwarded - to. - - Defaults to 'inbound.address', since Kuma DP should be - deployed next - - to the service. - type: string - servicePort: - description: >- - Port of the service that requests will be forwarded - to. - - Defaults to the same value as `port`. - type: integer - serviceProbe: - description: >- - ServiceProbe defines parameters for probing the - service next to - - sidecar. When service probe is defined, Envoy will - periodically health - - check the application next to it and report the status - to the control - - plane. On Kubernetes, Kuma deployments rely on - Kubernetes probes so - - this is not used. - - - See https://kuma.io/docs/latest/documentation/health - for more - - information. - properties: - healthyThreshold: - description: >- - Number of consecutive healthy checks before - considering a host - - healthy. - format: uint32 - type: integer - interval: - description: Interval between consecutive health checks. - properties: - nanos: - type: integer - seconds: - type: integer - type: object - tcp: - description: >- - Tcp checker tries to establish tcp connection with - destination - properties: {} - type: object - timeout: - description: Maximum time to wait for a health check response. - properties: - nanos: - type: integer - seconds: - type: integer - type: object - unhealthyThreshold: - description: >- - Number of consecutive unhealthy checks before - considering a host - - unhealthy. - format: uint32 - type: integer - type: object - state: - description: State describes the current state of the listener. - oneOf: - - type: string - - type: integer - tags: - additionalProperties: - type: string - description: >- - Tags associated with an application this data plane - proxy is deployed - - next to, e.g. `kuma.io/service=web`, `version=1.0`. - You can then - - reference these tags in policies like - MeshTrafficPermission. - - `kuma.io/service` tag is mandatory. - type: object - type: object - type: array - outbound: - description: >- - Outbound describes a list of services consumed by the data - plane proxy. - - For every defined Outbound, there is a corresponding Envoy - Listener. - items: - description: >- - Outbound describes a service consumed by the data plane - proxy. - properties: - address: - description: >- - IP on which the consumed service will be available to - this data plane - - proxy. On Kubernetes, it's usually ClusterIP of a - Service or PodIP of a - - Headless Service. Defaults to 127.0.0.1 - type: string - backendRef: - description: |- - BackendRef is a way to target MeshService. - Experimental. Do not use on production yet. - properties: - kind: - description: >- - Kind is a type of the object to target. Allowed: - MeshService - type: string - labels: - additionalProperties: - type: string - description: >- - Labels to select a single object. - - If no object is selected then outbound is not - created. - - If multiple objects are selected then the oldest - one is used. - type: object - name: - description: Name of the targeted object - type: string - port: - description: >- - Port of the targeted object. Required when kind is - MeshService. - type: integer - type: object - port: - description: >- - Port on which the consumed service will be available - to this data plane - - proxy. When transparent proxying is not used, Envoy - will bind to this - - port. - type: integer - tags: - additionalProperties: - type: string - description: >- - Tags of consumed data plane proxies. - - `kuma.io/service` tag is required. - - These tags can then be referenced in `destinations` - section of policies - - like TrafficRoute or in `to` section in policies like - MeshAccessLog. It - - is recommended to only use `kuma.io/service`. If you - need to consume - - specific data plane proxy of a service (for example: - `version=v2`) the - - better practice is to use TrafficRoute. - type: object - type: object - type: array - transparentProxying: - description: >- - TransparentProxying describes the configuration for - transparent proxying. - - It is used by default on Kubernetes. - properties: - directAccessServices: - description: >- - List of services that will be accessed directly via - IP:PORT - - Use `*` to indicate direct access to every service in - the Mesh. - - Using `*` to directly access every service is a - resource-intensive - - operation, use it only if needed. - items: - type: string - type: array - ipFamilyMode: - description: >- - The IP family mode to enable for. Can be "IPv4" or - "DualStack". - oneOf: - - type: string - - type: integer - reachableBackends: - description: >- - Reachable backend via transparent proxy when running - with - - MeshExternalService, MeshService and - MeshMultiZoneService. Setting an - - explicit list of refs can dramatically improve the - performance of the - - mesh. If not specified, all services in the mesh are - reachable. - properties: - refs: - items: - properties: - kind: - description: "Type of the backend: MeshService or MeshExternalService\n\n\t+required" - type: string - labels: - additionalProperties: - type: string - description: "Labels used to select backends\n\n\t+optional" - type: object - name: - description: "Name of the backend.\n\n\t+optional" - type: string - namespace: - description: "Namespace of the backend. Might be empty\n\n\t+optional" - type: string - port: - description: "Port of the backend.\n\n\t+optional" - format: uint32 - type: integer - type: object - type: array - type: object - reachableServices: - description: >- - List of reachable services (represented by the value of - - `kuma.io/service`) via transparent proxying. Setting an - explicit list - - can dramatically improve the performance of the mesh. If - not specified, - - all services in the mesh are reachable. - items: - type: string - type: array - redirectPortInbound: - description: >- - Port on which all inbound traffic is being transparently - redirected. - type: integer - redirectPortOutbound: - description: >- - Port on which all outbound traffic is being - transparently redirected. - type: integer - type: object - type: object - probes: - description: >- - Probes describe a list of endpoints that will be exposed without - mTLS. - - This is useful to expose the health endpoints of the application - so the - - orchestration system (e.g. Kubernetes) can still health check - the - - application. - - - See - - https://kuma.io/docs/latest/policies/service-health-probes/#virtual-probes - - for more information. - - Deprecated: this feature will be removed for Universal; on - Kubernetes, it's - - not needed anymore. - properties: - endpoints: - description: List of endpoints to expose without mTLS. - items: - properties: - inboundPath: - description: >- - Inbound path is a path of the application from which - we expose the - - endpoint. It is recommended to be as specific as - possible. - type: string - inboundPort: - description: >- - Inbound port is a port of the application from which - we expose the - - endpoint. - type: integer - path: - description: >- - Path is a path on which we expose inbound path on the - probes port. - type: string - type: object - type: array - port: - description: >- - Port on which the probe endpoints will be exposed. This - cannot overlap - - with any other ports. - type: integer - type: object - type: object - dataplaneInsight: - properties: - mTLS: - description: Insights about mTLS for Dataplane. - properties: - certificateExpirationTime: - description: >- - Expiration time of the last certificate that was generated - for a - - Dataplane. - properties: - nanos: - type: integer - seconds: - type: integer - type: object - certificateRegenerations: - description: Number of certificate regenerations for a Dataplane. - type: integer - issuedBackend: - description: Backend that was used to generate current certificate - type: string - lastCertificateRegeneration: - description: Time on which the last certificate was generated. - properties: - nanos: - type: integer - seconds: - type: integer - type: object - supportedBackends: - description: Supported backends (CA). - items: - type: string - type: array - type: object - metadata: - properties: {} - type: object - subscriptions: - description: List of ADS subscriptions created by a given Dataplane. - items: - description: >- - DiscoverySubscription describes a single ADS subscription - created by a Dataplane to the Control Plane. - properties: - connectTime: - description: >- - Time when a given Dataplane connected to the Control - Plane. - properties: - nanos: - type: integer - seconds: - type: integer - type: object - controlPlaneInstanceId: - description: Control Plane instance that handled given subscription. - type: string - disconnectTime: - description: >- - Time when a given Dataplane disconnected from the Control - Plane. - properties: - nanos: - type: integer - seconds: - type: integer - type: object - generation: - description: >- - Generation is an integer number which is periodically - increased by the - - status sink - type: integer - id: - description: Unique id per ADS subscription. - type: string - status: - description: Status of the ADS subscription. - properties: - cds: - description: CDS defines all CDS stats. - properties: - responsesAcknowledged: - description: Number of xDS responses ACKed by the Dataplane. - type: integer - responsesRejected: - description: Number of xDS responses NACKed by the Dataplane. - type: integer - responsesSent: - description: Number of xDS responses sent to the Dataplane. - type: integer - type: object - eds: - description: EDS defines all EDS stats. - properties: - responsesAcknowledged: - description: Number of xDS responses ACKed by the Dataplane. - type: integer - responsesRejected: - description: Number of xDS responses NACKed by the Dataplane. - type: integer - responsesSent: - description: Number of xDS responses sent to the Dataplane. - type: integer - type: object - lastUpdateTime: - description: >- - Time when status of a given ADS subscription was most - recently updated. - properties: - nanos: - type: integer - seconds: - type: integer - type: object - lds: - description: LDS defines all LDS stats. - properties: - responsesAcknowledged: - description: Number of xDS responses ACKed by the Dataplane. - type: integer - responsesRejected: - description: Number of xDS responses NACKed by the Dataplane. - type: integer - responsesSent: - description: Number of xDS responses sent to the Dataplane. - type: integer - type: object - rds: - description: RDS defines all RDS stats. - properties: - responsesAcknowledged: - description: Number of xDS responses ACKed by the Dataplane. - type: integer - responsesRejected: - description: Number of xDS responses NACKed by the Dataplane. - type: integer - responsesSent: - description: Number of xDS responses sent to the Dataplane. - type: integer - type: object - total: - description: Total defines an aggregate over individual xDS stats. - properties: - responsesAcknowledged: - description: Number of xDS responses ACKed by the Dataplane. - type: integer - responsesRejected: - description: Number of xDS responses NACKed by the Dataplane. - type: integer - responsesSent: - description: Number of xDS responses sent to the Dataplane. - type: integer - type: object - type: object - version: - description: Version of Envoy and Kuma dataplane - properties: - dependencies: - additionalProperties: - type: string - description: Versions of other dependencies, i.e. CoreDNS - type: object - envoy: - description: Version of Envoy - properties: - build: - description: Full build tag of Envoy version - type: string - kumaDpCompatible: - description: >- - True iff Envoy version is compatible with Kuma DP - version - type: boolean - version: - description: Version number of Envoy - type: string - type: object - kumaDp: - description: Version of Kuma Dataplane - properties: - buildDate: - description: Build date of Kuma Dataplane version - type: string - gitCommit: - description: Git commit of Kuma Dataplane version - type: string - gitTag: - description: Git tag of Kuma Dataplane version - type: string - kumaCpCompatible: - description: >- - True iff Kuma DP version is compatible with Kuma - CP version - type: boolean - version: - description: Version number of Kuma Dataplane - type: string - type: object - type: object - type: object - type: array - type: object - type: object - FileLoggingBackendConfig: - properties: - path: - description: Path to a file that logs will be written to - type: string - type: object - MeshItem: - properties: - constraints: - description: Constraints that applies to the mesh and its entities - properties: - dataplaneProxy: - description: >- - DataplaneProxyMembership defines a set of requirements for data - plane - - proxies to be a member of the mesh. - properties: - requirements: - description: >- - Requirements defines a set of requirements that data plane - proxies must - - fulfill in order to join the mesh. A data plane proxy must - fulfill at - - least one requirement in order to join the mesh. Empty list - of allowed - - requirements means that any proxy that is not explicitly - denied can join. - items: - description: >- - Rules defines a set of rules for data plane proxies to be - member of the mesh. - properties: - tags: - additionalProperties: - type: string - description: >- - Tags defines set of required tags. You can specify '*' - in value to - - require non empty value of tag - type: object - type: object - type: array - restrictions: - description: >- - Restrictions defines a set of restrictions that data plane - proxies cannot - - fulfill in order to join the mesh. A data plane proxy cannot - fulfill any - - requirement in order to join the mesh. - - Restrictions takes precedence over requirements. - items: - description: >- - Rules defines a set of rules for data plane proxies to be - member of the mesh. - properties: - tags: - additionalProperties: - type: string - description: >- - Tags defines set of required tags. You can specify '*' - in value to - - require non empty value of tag - type: object - type: object - type: array - type: object - type: object - labels: - additionalProperties: - type: string - type: object - logging: - description: |- - Logging settings. - +optional - properties: - backends: - description: List of available logging backends - items: - description: LoggingBackend defines logging backend available to mesh. - properties: - conf: - oneOf: - - $ref: '#/components/schemas/FileLoggingBackendConfig' - - $ref: '#/components/schemas/TcpLoggingBackendConfig' - type: object - format: - description: >- - Format of access logs. Placeholders available on - - https://www.envoyproxy.io/docs/envoy/latest/configuration/observability/access_log - type: string - name: - description: >- - Name of the backend, can be then used in - Mesh.logging.defaultBackend or in - - TrafficLogging - type: string - type: - description: Type of the backend (Kuma ships with 'tcp' and 'file') - type: string - type: object - type: array - defaultBackend: - description: Name of the default backend - type: string - type: object - meshServices: - properties: - mode: - oneOf: - - type: string - - type: integer - type: object - metrics: - description: >- - Configuration for metrics collected and exposed by dataplanes. - - - Settings defined here become defaults for every dataplane in a given - Mesh. - - Additionally, it is also possible to further customize this - configuration - - for each dataplane individually using Dataplane resource. - - +optional - properties: - backends: - description: List of available Metrics backends - items: - description: MetricsBackend defines metric backends - properties: - conf: - oneOf: - - $ref: '#/components/schemas/PrometheusMetricsBackendConfig' - type: object - name: - description: >- - Name of the backend, can be then used in - Mesh.metrics.enabledBackend - type: string - type: - description: Type of the backend (Kuma ships with 'prometheus') - type: string - type: object - type: array - enabledBackend: - description: Name of the enabled backend - type: string - type: object - mtls: - description: |- - mTLS settings. - +optional - properties: - backends: - description: List of available Certificate Authority backends - items: - description: >- - CertificateAuthorityBackend defines Certificate Authority - backend - properties: - conf: - oneOf: - - $ref: >- - #/components/schemas/ProvidedCertificateAuthorityConfig - - $ref: '#/components/schemas/BuiltinCertificateAuthorityConfig' - type: object - dpCert: - description: Dataplane certificate settings - properties: - requestTimeout: - description: >- - Timeout on request to CA for DP certificate generation - and retrieval - properties: - nanos: - type: integer - seconds: - type: integer - type: object - rotation: - description: Rotation settings - properties: - expiration: - description: >- - Time after which generated certificate for - Dataplane will expire - type: string - type: object - type: object - mode: - description: >- - Mode defines the behaviour of inbound listeners with - regard to traffic - - encryption - oneOf: - - type: string - - type: integer - name: - description: Name of the backend - type: string - rootChain: - properties: - requestTimeout: - description: >- - Timeout on request for to CA for root certificate - chain. - - If not specified, defaults to 10s. - properties: - nanos: - type: integer - seconds: - type: integer - type: object - type: object - type: - description: >- - Type of the backend. Has to be one of the loaded plugins - (Kuma ships with - - builtin and provided) - type: string - type: object - type: array - enabledBackend: - description: Name of the enabled backend - type: string - skipValidation: - description: If enabled, skips CA validation. - type: boolean - type: object - name: - type: string - networking: - description: Networking settings of the mesh - properties: - outbound: - description: Outbound settings - properties: - passthrough: - description: Control the passthrough cluster - type: boolean - type: object - type: object - routing: - description: Routing settings of the mesh - properties: - defaultForbidMeshExternalServiceAccess: - description: |- - If true, blocks traffic to MeshExternalServices. - Default: false - type: boolean - localityAwareLoadBalancing: - description: Enable the Locality Aware Load Balancing - type: boolean - zoneEgress: - description: >- - Enable routing traffic to services in other zone or external - services - - through ZoneEgress. Default: false - type: boolean - type: object - skipCreatingInitialPolicies: - description: >- - List of policies to skip creating by default when the mesh is - created. - - e.g. TrafficPermission, MeshRetry, etc. An '*' can be used to skip - all - - policies. - items: - type: string - type: array - tracing: - description: |- - Tracing settings. - +optional - properties: - backends: - description: List of available tracing backends - items: - description: TracingBackend defines tracing backend available to mesh. - properties: - conf: - oneOf: - - $ref: '#/components/schemas/DatadogTracingBackendConfig' - - $ref: '#/components/schemas/ZipkinTracingBackendConfig' - type: object - name: - description: >- - Name of the backend, can be then used in - Mesh.tracing.defaultBackend or in - - TrafficTrace - type: string - sampling: - description: >- - Percentage of traces that will be sent to the backend - (range 0.0 - 100.0). - - Empty value defaults to 100.0% - type: number - type: - description: Type of the backend (Kuma ships with 'zipkin') - type: string - type: object - type: array - defaultBackend: - description: Name of the default backend - type: string - type: object - type: - type: string - required: - - type - - name - type: object - MeshCreateOrUpdateSuccessResponse: - type: object - properties: - warnings: - type: array - readOnly: true - description: > - warnings is a list of warning messages to return to the requesting - Kuma API clients. - - Warning messages describe a problem the client making the API - request should correct or be aware of. - items: - type: string - MeshDeleteSuccessResponse: - type: object - properties: {} - TcpLoggingBackendConfig: - properties: - address: - description: Address to TCP service that will receive logs - type: string - type: object - ProvidedCertificateAuthorityConfig: - properties: - cert: - properties: - Type: - description: "Types that are assignable to Type:\n\n\t*DataSource_Secret\n\t*DataSource_File\n\t*DataSource_Inline\n\t*DataSource_InlineString" - required: - - Type - type: object - key: - properties: - Type: - description: "Types that are assignable to Type:\n\n\t*DataSource_Secret\n\t*DataSource_File\n\t*DataSource_Inline\n\t*DataSource_InlineString" - required: - - Type - type: object - type: object - ZipkinTracingBackendConfig: - properties: - apiVersion: - description: >- - Version of the API. values: httpJson, httpJsonV1, httpProto. - Default: - - httpJson see - - https://www.envoyproxy.io/docs/envoy/latest/api-v3/config/trace/v3/trace.proto#envoy-v3-api-enum-config-trace-v3-zipkinconfig-collectorendpointversion - type: string - sharedSpanContext: - description: >- - Determines whether client and server spans will share the same span - - context. Default: true. - - https://www.envoyproxy.io/docs/envoy/latest/api-v3/config/trace/v3/zipkin.proto#config-trace-v3-zipkinconfig - type: boolean - traceId128bit: - description: 'Generate 128bit traces. Default: false' - type: boolean - url: - description: Address of Zipkin collector. - type: string - type: object - MeshGatewayItem: - properties: - conf: - description: The desired configuration of the MeshGateway. - properties: - listeners: - description: >- - Listeners define logical endpoints that are bound on this - MeshGateway's - - address(es). - items: - properties: - crossMesh: - description: >- - CrossMesh enables traffic to flow to this listener only - from other - - meshes. - type: boolean - hostname: - description: >- - Hostname specifies the virtual hostname to match for - protocol types that - - define this concept. When unspecified, "", or `*`, all - hostnames are - - matched. This field can be omitted for protocols that - don't require - - hostname based matching. - type: string - port: - description: |- - Port is the network port. Multiple listeners may use the - same port, subject to the Listener compatibility rules. - type: integer - protocol: - description: >- - Protocol specifies the network protocol this listener - expects to receive. - oneOf: - - type: string - - type: integer - resources: - description: >- - Resources is used to specify listener-specific resource - settings. - properties: - connectionLimit: - type: integer - type: object - tags: - additionalProperties: - type: string - description: >- - Tags specifies a unique combination of tags that routes - can use - - to match themselves to this listener. - - - When matching routes to listeners, the control plane - constructs a - - set of matching tags for each listener by forming the - union of the - - gateway tags and the listener tags. A route will be - attached to the - - listener if all of the route's tags are preset in the - matching tags - type: object - tls: - description: |- - TLS is the TLS configuration for the Listener. This field - is required if the Protocol field is "HTTPS" or "TLS" and - ignored otherwise. - properties: - certificates: - description: >- - Certificates is an array of datasources that contain - TLS - - certificates and private keys. Each datasource must - contain a - - sequence of PEM-encoded objects. The server - certificate and private - - key are required, but additional certificates are - allowed and will - - be added to the certificate chain. The server - certificate must - - be the first certificate in the datasource. - - - When multiple certificate datasources are configured, - they must have - - different key types. In practice, this means that one - datasource - - should contain an RSA key and certificate, and the - other an - - ECDSA key and certificate. - items: - description: DataSource defines the source of bytes to use. - properties: - Type: - description: "Types that are assignable to Type:\n\n\t*DataSource_Secret\n\t*DataSource_File\n\t*DataSource_Inline\n\t*DataSource_InlineString" - required: - - Type - type: object - type: array - mode: - description: >- - Mode defines the TLS behavior for the TLS session - initiated - - by the client. - oneOf: - - type: string - - type: integer - options: - description: >- - Options should eventually configure how TLS is - configured. This - - is where cipher suite and version configuration can be - specified, - - client certificates enforced, and so on. - properties: {} - type: object - type: object - type: object - type: array - type: object - labels: - additionalProperties: - type: string - type: object - mesh: - type: string - name: - type: string - selectors: - description: |- - Selectors is a list of selectors that are used to match builtin - gateway dataplanes that will receive this MeshGateway configuration. - items: - description: Selector defines structure for selecting tags for given dataplane - properties: - match: - additionalProperties: - type: string - description: Tags to match, can be used for both source and destinations - type: object - type: object - type: array - tags: - additionalProperties: - type: string - description: >- - Tags is the set of tags common to all of the gateway's listeners. - - - This field must not include a `kuma.io/service` tag (the service is - always - - defined on the dataplanes). - type: object - type: - type: string - required: - - type - - name - - mesh - type: object - MeshGatewayCreateOrUpdateSuccessResponse: - type: object - properties: - warnings: - type: array - readOnly: true - description: > - warnings is a list of warning messages to return to the requesting - Kuma API clients. - - Warning messages describe a problem the client making the API - request should correct or be aware of. - items: - type: string - MeshGatewayDeleteSuccessResponse: - type: object - properties: {} - HostnameGeneratorItem: - type: object - required: - - type - - name - - spec - properties: - type: - description: the type of the resource - type: string - enum: - - HostnameGenerator - name: - description: Name of the Kuma resource - type: string - labels: - additionalProperties: - type: string - description: The labels to help identity resources - type: object - spec: - description: Spec is the specification of the Kuma HostnameGenerator resource. - properties: - extension: - description: Extension struct for a plugin configuration - properties: - config: - description: Config freeform configuration for the extension. - x-kubernetes-preserve-unknown-fields: true - type: - description: Type of the extension. - type: string - required: - - type - type: object - selector: - properties: - meshExternalService: - properties: - matchLabels: - additionalProperties: - type: string - type: object - type: object - meshMultiZoneService: - properties: - matchLabels: - additionalProperties: - type: string - type: object - type: object - meshService: - properties: - matchLabels: - additionalProperties: - type: string - type: object - type: object - type: object - template: - type: string - type: object - creationTime: - readOnly: true - type: string - description: Time at which the resource was created - format: date-time - example: '0001-01-01T00:00:00Z' - modificationTime: - readOnly: true - type: string - description: Time at which the resource was updated - format: date-time - example: '0001-01-01T00:00:00Z' - HostnameGeneratorCreateOrUpdateSuccessResponse: - type: object - properties: - warnings: - type: array - readOnly: true - description: > - warnings is a list of warning messages to return to the requesting - Kuma API clients. - - Warning messages describe a problem the client making the API - request should correct or be aware of. - items: - type: string - HostnameGeneratorDeleteSuccessResponse: - type: object - properties: {} - MeshExternalServiceItem: - type: object - required: - - type - - name - - spec - properties: - type: - description: the type of the resource - type: string - enum: - - MeshExternalService - mesh: - description: >- - Mesh is the name of the Kuma mesh this resource belongs to. It may - be omitted for cluster-scoped resources. - type: string - default: default - name: - description: Name of the Kuma resource - type: string - labels: - additionalProperties: - type: string - description: The labels to help identity resources - type: object - spec: - description: Spec is the specification of the Kuma MeshExternalService resource. - properties: - endpoints: - description: Endpoints defines a list of destinations to send traffic to. - items: - properties: - address: - description: >- - Address defines an address to which a user want to send a - request. Is possible to provide `domain`, `ip`. - example: example.com - minLength: 1 - type: string - port: - description: Port of the endpoint - maximum: 65535 - minimum: 1 - type: integer - required: - - address - - port - type: object - type: array - extension: - description: >- - Extension struct for a plugin configuration, in the presence of - an extension `endpoints` and `tls` are not required anymore - - it's up to the extension to validate them independently. - properties: - config: - description: Config freeform configuration for the extension. - x-kubernetes-preserve-unknown-fields: true - type: - description: Type of the extension. - type: string - required: - - type - type: object - match: - description: Match defines traffic that should be routed through the sidecar. - properties: - port: - description: Port defines a port to which a user does request. - maximum: 65535 - minimum: 1 - type: integer - protocol: - default: tcp - description: >- - Protocol defines a protocol of the communication. Possible - values: `tcp`, `grpc`, `http`, `http2`. - enum: - - tcp - - grpc - - http - - http2 - type: string - type: - default: HostnameGenerator - description: >- - Type of the match, only `HostnameGenerator` is available at - the moment. - enum: - - HostnameGenerator - type: string - required: - - port - type: object - tls: - description: >- - Tls provides a TLS configuration when proxy is resposible for a - TLS origination - properties: - allowRenegotiation: - default: false - description: >- - AllowRenegotiation defines if TLS sessions will allow - renegotiation. - - Setting this to true is not recommended for security - reasons. - type: boolean - enabled: - default: false - description: Enabled defines if proxy should originate TLS. - type: boolean - verification: - description: Verification section for providing TLS verification details. - properties: - caCert: - description: CaCert defines a certificate of CA. - properties: - inline: - description: Data source is inline bytes. - format: byte - type: string - inlineString: - description: Data source is inline string` - type: string - secret: - description: Data source is a secret with given Secret key. - type: string - type: object - clientCert: - description: ClientCert defines a certificate of a client. - properties: - inline: - description: Data source is inline bytes. - format: byte - type: string - inlineString: - description: Data source is inline string` - type: string - secret: - description: Data source is a secret with given Secret key. - type: string - type: object - clientKey: - description: ClientKey defines a client private key. - properties: - inline: - description: Data source is inline bytes. - format: byte - type: string - inlineString: - description: Data source is inline string` - type: string - secret: - description: Data source is a secret with given Secret key. - type: string - type: object - mode: - default: Secured - description: >- - Mode defines if proxy should skip verification, one of - `SkipSAN`, `SkipCA`, `Secured`, `SkipAll`. Default - `Secured`. - enum: - - SkipSAN - - SkipCA - - Secured - - SkipAll - type: string - serverName: - description: >- - ServerName overrides the default Server Name Indicator - set by Kuma. - type: string - subjectAltNames: - description: >- - SubjectAltNames list of names to verify in the - certificate. - items: - properties: - type: - default: Exact - description: >- - Type specifies matching type, one of `Exact`, - `Prefix`. Default: `Exact` - enum: - - Exact - - Prefix - type: string - value: - description: Value to match. - type: string - required: - - value - type: object - type: array - type: object - version: - description: Version section for providing version specification. - properties: - max: - default: TLSAuto - description: >- - Max defines maximum supported version. One of `TLSAuto`, - `TLS10`, `TLS11`, `TLS12`, `TLS13`. - enum: - - TLSAuto - - TLS10 - - TLS11 - - TLS12 - - TLS13 - type: string - min: - default: TLSAuto - description: >- - Min defines minimum supported version. One of `TLSAuto`, - `TLS10`, `TLS11`, `TLS12`, `TLS13`. - enum: - - TLSAuto - - TLS10 - - TLS11 - - TLS12 - - TLS13 - type: string - type: object - type: object - required: - - match - type: object - creationTime: - readOnly: true - type: string - description: Time at which the resource was created - format: date-time - example: '0001-01-01T00:00:00Z' - modificationTime: - readOnly: true - type: string - description: Time at which the resource was updated - format: date-time - example: '0001-01-01T00:00:00Z' - status: - description: >- - Status is the current status of the Kuma MeshExternalService - resource. - properties: - addresses: - description: Addresses section for generated domains - items: - properties: - hostname: - type: string - hostnameGeneratorRef: - properties: - coreName: - type: string - required: - - coreName - type: object - origin: - type: string - type: object - type: array - hostnameGenerators: - items: - properties: - conditions: - description: Conditions is an array of hostname generator conditions. - items: - properties: - message: - description: >- - message is a human readable message indicating - details about the transition. - - This may be an empty string. - maxLength: 32768 - type: string - reason: - description: >- - reason contains a programmatic identifier indicating - the reason for the condition's last transition. - - Producers of specific condition types may define - expected values and meanings for this field, - - and whether the values are considered a guaranteed - API. - - The value should be a CamelCase string. - - This field may not be empty. - maxLength: 1024 - minLength: 1 - pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$ - type: string - status: - description: >- - status of the condition, one of True, False, - Unknown. - enum: - - 'True' - - 'False' - - Unknown - type: string - type: - description: >- - type of condition in CamelCase or in - foo.example.com/CamelCase. - maxLength: 316 - pattern: >- - ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$ - type: string - required: - - message - - reason - - status - - type - type: object - type: array - x-kubernetes-list-map-keys: - - type - x-kubernetes-list-type: map - hostnameGeneratorRef: - properties: - coreName: - type: string - required: - - coreName - type: object - required: - - hostnameGeneratorRef - type: object - type: array - vip: - description: Vip section for allocated IP - properties: - ip: - description: >- - Value allocated IP for a provided domain with - `HostnameGenerator` type in a match section. - type: string - type: object - type: object - readOnly: true - MeshExternalServiceCreateOrUpdateSuccessResponse: - type: object - properties: - warnings: - type: array - readOnly: true - description: > - warnings is a list of warning messages to return to the requesting - Kuma API clients. - - Warning messages describe a problem the client making the API - request should correct or be aware of. - items: - type: string - MeshExternalServiceDeleteSuccessResponse: - type: object - properties: {} - MeshMultiZoneServiceItem: - type: object - required: - - type - - name - - spec - properties: - type: - description: the type of the resource - type: string - enum: - - MeshMultiZoneService - mesh: - description: >- - Mesh is the name of the Kuma mesh this resource belongs to. It may - be omitted for cluster-scoped resources. - type: string - default: default - name: - description: Name of the Kuma resource - type: string - labels: - additionalProperties: - type: string - description: The labels to help identity resources - type: object - spec: - description: Spec is the specification of the Kuma MeshMultiZoneService resource. - properties: - ports: - description: Ports is a list of ports from selected MeshServices - items: - properties: - appProtocol: - default: tcp - description: Protocol identifies a protocol supported by a service. - type: string - name: - type: string - port: - format: int32 - type: integer - required: - - port - type: object - minItems: 1 - type: array - selector: - description: Selector is a way to select multiple MeshServices - properties: - meshService: - description: MeshService selects MeshServices - properties: - matchLabels: - additionalProperties: - type: string - description: MatchLabels matches multiple MeshServices by labels - type: object - required: - - matchLabels - type: object - required: - - meshService - type: object - required: - - ports - - selector - type: object - creationTime: - readOnly: true - type: string - description: Time at which the resource was created - format: date-time - example: '0001-01-01T00:00:00Z' - modificationTime: - readOnly: true - type: string - description: Time at which the resource was updated - format: date-time - example: '0001-01-01T00:00:00Z' - status: - description: >- - Status is the current status of the Kuma MeshMultiZoneService - resource. - properties: - addresses: - description: Addresses is a list of addresses generated by HostnameGenerator - items: - properties: - hostname: - type: string - hostnameGeneratorRef: - properties: - coreName: - type: string - required: - - coreName - type: object - origin: - type: string - type: object - type: array - hostnameGenerators: - description: Status of hostnames generator applied on this resource - items: - properties: - conditions: - description: Conditions is an array of hostname generator conditions. - items: - properties: - message: - description: >- - message is a human readable message indicating - details about the transition. - - This may be an empty string. - maxLength: 32768 - type: string - reason: - description: >- - reason contains a programmatic identifier indicating - the reason for the condition's last transition. - - Producers of specific condition types may define - expected values and meanings for this field, - - and whether the values are considered a guaranteed - API. - - The value should be a CamelCase string. - - This field may not be empty. - maxLength: 1024 - minLength: 1 - pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$ - type: string - status: - description: >- - status of the condition, one of True, False, - Unknown. - enum: - - 'True' - - 'False' - - Unknown - type: string - type: - description: >- - type of condition in CamelCase or in - foo.example.com/CamelCase. - maxLength: 316 - pattern: >- - ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$ - type: string - required: - - message - - reason - - status - - type - type: object - type: array - x-kubernetes-list-map-keys: - - type - x-kubernetes-list-type: map - hostnameGeneratorRef: - properties: - coreName: - type: string - required: - - coreName - type: object - required: - - hostnameGeneratorRef - type: object - type: array - meshServices: - description: MeshServices is a list of matched MeshServices - items: - properties: - mesh: - type: string - name: - description: Name is a core name of MeshService - type: string - namespace: - type: string - zone: - type: string - required: - - mesh - - name - - namespace - - zone - type: object - type: array - vips: - description: VIPs is a list of assigned Kuma VIPs. - items: - properties: - ip: - type: string - type: object - type: array - type: object - readOnly: true - MeshMultiZoneServiceCreateOrUpdateSuccessResponse: - type: object - properties: - warnings: - type: array - readOnly: true - description: > - warnings is a list of warning messages to return to the requesting - Kuma API clients. - - Warning messages describe a problem the client making the API - request should correct or be aware of. - items: - type: string - MeshMultiZoneServiceDeleteSuccessResponse: - type: object - properties: {} - MeshServiceItem: - type: object - required: - - type - - name - - spec - properties: - type: - description: the type of the resource - type: string - enum: - - MeshService - mesh: - description: >- - Mesh is the name of the Kuma mesh this resource belongs to. It may - be omitted for cluster-scoped resources. - type: string - default: default - name: - description: Name of the Kuma resource - type: string - labels: - additionalProperties: - type: string - description: The labels to help identity resources - type: object - spec: - description: Spec is the specification of the Kuma MeshService resource. - properties: - identities: - items: - properties: - type: - enum: - - ServiceTag - type: string - value: - type: string - required: - - type - - value - type: object - type: array - ports: - items: - properties: - appProtocol: - default: tcp - description: Protocol identifies a protocol supported by a service. - type: string - name: - type: string - port: - format: int32 - type: integer - targetPort: - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - required: - - port - type: object - type: array - x-kubernetes-list-map-keys: - - port - - appProtocol - x-kubernetes-list-type: map - selector: - properties: - dataplaneRef: - properties: - name: - type: string - type: object - dataplaneTags: - additionalProperties: - type: string - type: object - type: object - state: - default: Unavailable - description: >- - State of MeshService. Available if there is at least one healthy - endpoint. Otherwise, Unavailable. - - It's used for cross zone communication to check if we should - send traffic to it, when MeshService is aggregated into - MeshMultiZoneService. - enum: - - Available - - Unavailable - type: string - type: object - creationTime: - readOnly: true - type: string - description: Time at which the resource was created - format: date-time - example: '0001-01-01T00:00:00Z' - modificationTime: - readOnly: true - type: string - description: Time at which the resource was updated - format: date-time - example: '0001-01-01T00:00:00Z' - status: - description: Status is the current status of the Kuma MeshService resource. - properties: - addresses: - items: - properties: - hostname: - type: string - hostnameGeneratorRef: - properties: - coreName: - type: string - required: - - coreName - type: object - origin: - type: string - type: object - type: array - dataplaneProxies: - description: Data plane proxies statistics selected by this MeshService. - properties: - connected: - description: >- - Number of data plane proxies connected to the zone control - plane - type: integer - healthy: - description: >- - Number of data plane proxies with all healthy inbounds - selected by this MeshService. - type: integer - total: - description: Total number of data plane proxies. - type: integer - type: object - hostnameGenerators: - items: - properties: - conditions: - description: Conditions is an array of hostname generator conditions. - items: - properties: - message: - description: >- - message is a human readable message indicating - details about the transition. - - This may be an empty string. - maxLength: 32768 - type: string - reason: - description: >- - reason contains a programmatic identifier indicating - the reason for the condition's last transition. - - Producers of specific condition types may define - expected values and meanings for this field, - - and whether the values are considered a guaranteed - API. - - The value should be a CamelCase string. - - This field may not be empty. - maxLength: 1024 - minLength: 1 - pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$ - type: string - status: - description: >- - status of the condition, one of True, False, - Unknown. - enum: - - 'True' - - 'False' - - Unknown - type: string - type: - description: >- - type of condition in CamelCase or in - foo.example.com/CamelCase. - maxLength: 316 - pattern: >- - ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$ - type: string - required: - - message - - reason - - status - - type - type: object - type: array - x-kubernetes-list-map-keys: - - type - x-kubernetes-list-type: map - hostnameGeneratorRef: - properties: - coreName: - type: string - required: - - coreName - type: object - required: - - hostnameGeneratorRef - type: object - type: array - tls: - properties: - status: - enum: - - Ready - - NotReady - type: string - type: object - vips: - items: - properties: - ip: - type: string - type: object - type: array - type: object - readOnly: true - MeshServiceCreateOrUpdateSuccessResponse: - type: object - properties: - warnings: - type: array - readOnly: true - description: > - warnings is a list of warning messages to return to the requesting - Kuma API clients. - - Warning messages describe a problem the client making the API - request should correct or be aware of. - items: - type: string - MeshServiceDeleteSuccessResponse: - type: object - properties: {} - responses: - IndexResponse: - description: A response for the index endpoint - content: - application/json: - schema: - $ref: '#/components/schemas/Index' - ResourceTypeDescriptionListResponse: - description: A response containing a list of all resources installed in Kuma - content: - application/json: - schema: - $ref: '#/components/schemas/ResourceTypeDescriptionList' - GlobalInsightResponse: - description: A response containing global insight. - content: - application/json: - schema: - $ref: '#/components/schemas/GlobalInsight' - examples: - Single control plane response: - $ref: '#/components/examples/GlobalInsightExample' - InspectDataplanesForPolicyResponse: - description: A response containing dataplanes that match a policy. - content: - application/json: - schema: - $ref: '#/components/schemas/InspectDataplanesForPolicy' - examples: - ResponseForDataplane: - $ref: '#/components/examples/InspectDataplanesForPolicyExample' - GetDataplaneXDSConfigResponse: - description: Successfully retrieved proxy XDS config. - content: - application/json: - schema: - $ref: '#/components/schemas/DataplaneXDSConfig' - InspectRulesResponse: - description: A response containing policies that match a resource - content: - application/json: - schema: - $ref: '#/components/schemas/InspectRules' - InspectHostnamesResponse: - description: A response containing hostnames that match a service. - content: - application/json: - schema: - $ref: '#/components/schemas/InspectHostnames' - examples: - ResponseForHostnames: - $ref: '#/components/examples/InspectHostnamesExample' - BadRequest: - description: Bad Request - content: - application/problem+json: - schema: - $ref: '#/components/schemas/Error' - Internal: - description: Internal Server Error - content: - application/problem+json: - schema: - $ref: '#/components/schemas/Error' - NotFound: - description: Not Found - content: - application/problem+json: - schema: - $ref: '#/components/schemas/NotFoundError' - MeshAccessLogItem: - description: Successful response - content: - application/json: - schema: - $ref: '#/components/schemas/MeshAccessLogItem' - MeshAccessLogList: - description: List - content: - application/json: - schema: - type: object - properties: - items: - type: array - items: - $ref: '#/components/schemas/MeshAccessLogItem' - total: - type: number - description: The total number of entities - next: - type: string - description: URL to the next page - MeshCircuitBreakerItem: - description: Successful response - content: - application/json: - schema: - $ref: '#/components/schemas/MeshCircuitBreakerItem' - MeshCircuitBreakerList: - description: List - content: - application/json: - schema: - type: object - properties: - items: - type: array - items: - $ref: '#/components/schemas/MeshCircuitBreakerItem' - total: - type: number - description: The total number of entities - next: - type: string - description: URL to the next page - MeshFaultInjectionItem: - description: Successful response - content: - application/json: - schema: - $ref: '#/components/schemas/MeshFaultInjectionItem' - MeshFaultInjectionList: - description: List - content: - application/json: - schema: - type: object - properties: - items: - type: array - items: - $ref: '#/components/schemas/MeshFaultInjectionItem' - total: - type: number - description: The total number of entities - next: - type: string - description: URL to the next page - MeshHealthCheckItem: - description: Successful response - content: - application/json: - schema: - $ref: '#/components/schemas/MeshHealthCheckItem' - MeshHealthCheckList: - description: List - content: - application/json: - schema: - type: object - properties: - items: - type: array - items: - $ref: '#/components/schemas/MeshHealthCheckItem' - total: - type: number - description: The total number of entities - next: - type: string - description: URL to the next page - MeshHTTPRouteItem: - description: Successful response - content: - application/json: - schema: - $ref: '#/components/schemas/MeshHTTPRouteItem' - MeshHTTPRouteList: - description: List - content: - application/json: - schema: - type: object - properties: - items: - type: array - items: - $ref: '#/components/schemas/MeshHTTPRouteItem' - total: - type: number - description: The total number of entities - next: - type: string - description: URL to the next page - MeshLoadBalancingStrategyItem: - description: Successful response - content: - application/json: - schema: - $ref: '#/components/schemas/MeshLoadBalancingStrategyItem' - MeshLoadBalancingStrategyList: - description: List - content: - application/json: - schema: - type: object - properties: - items: - type: array - items: - $ref: '#/components/schemas/MeshLoadBalancingStrategyItem' - total: - type: number - description: The total number of entities - next: - type: string - description: URL to the next page - MeshMetricItem: - description: Successful response - content: - application/json: - schema: - $ref: '#/components/schemas/MeshMetricItem' - MeshMetricList: - description: List - content: - application/json: - schema: - type: object - properties: - items: - type: array - items: - $ref: '#/components/schemas/MeshMetricItem' - total: - type: number - description: The total number of entities - next: - type: string - description: URL to the next page - MeshPassthroughItem: - description: Successful response - content: - application/json: - schema: - $ref: '#/components/schemas/MeshPassthroughItem' - MeshPassthroughList: - description: List - content: - application/json: - schema: - type: object - properties: - items: - type: array - items: - $ref: '#/components/schemas/MeshPassthroughItem' - total: - type: number - description: The total number of entities - next: - type: string - description: URL to the next page - MeshProxyPatchItem: - description: Successful response - content: - application/json: - schema: - $ref: '#/components/schemas/MeshProxyPatchItem' - MeshProxyPatchList: - description: List - content: - application/json: - schema: - type: object - properties: - items: - type: array - items: - $ref: '#/components/schemas/MeshProxyPatchItem' - total: - type: number - description: The total number of entities - next: - type: string - description: URL to the next page - MeshRateLimitItem: - description: Successful response - content: - application/json: - schema: - $ref: '#/components/schemas/MeshRateLimitItem' - MeshRateLimitList: - description: List - content: - application/json: - schema: - type: object - properties: - items: - type: array - items: - $ref: '#/components/schemas/MeshRateLimitItem' - total: - type: number - description: The total number of entities - next: - type: string - description: URL to the next page - MeshRetryItem: - description: Successful response - content: - application/json: - schema: - $ref: '#/components/schemas/MeshRetryItem' - MeshRetryList: - description: List - content: - application/json: - schema: - type: object - properties: - items: - type: array - items: - $ref: '#/components/schemas/MeshRetryItem' - total: - type: number - description: The total number of entities - next: - type: string - description: URL to the next page - MeshTCPRouteItem: - description: Successful response - content: - application/json: - schema: - $ref: '#/components/schemas/MeshTCPRouteItem' - MeshTCPRouteList: - description: List - content: - application/json: - schema: - type: object - properties: - items: - type: array - items: - $ref: '#/components/schemas/MeshTCPRouteItem' - total: - type: number - description: The total number of entities - next: - type: string - description: URL to the next page - MeshTimeoutItem: - description: Successful response - content: - application/json: - schema: - $ref: '#/components/schemas/MeshTimeoutItem' - MeshTimeoutList: - description: List - content: - application/json: - schema: - type: object - properties: - items: - type: array - items: - $ref: '#/components/schemas/MeshTimeoutItem' - total: - type: number - description: The total number of entities - next: - type: string - description: URL to the next page - MeshTLSItem: - description: Successful response - content: - application/json: - schema: - $ref: '#/components/schemas/MeshTLSItem' - MeshTLSList: - description: List - content: - application/json: - schema: - type: object - properties: - items: - type: array - items: - $ref: '#/components/schemas/MeshTLSItem' - total: - type: number - description: The total number of entities - next: - type: string - description: URL to the next page - MeshTraceItem: - description: Successful response - content: - application/json: - schema: - $ref: '#/components/schemas/MeshTraceItem' - MeshTraceList: - description: List - content: - application/json: - schema: - type: object - properties: - items: - type: array - items: - $ref: '#/components/schemas/MeshTraceItem' - total: - type: number - description: The total number of entities - next: - type: string - description: URL to the next page - MeshTrafficPermissionItem: - description: Successful response - content: - application/json: - schema: - $ref: '#/components/schemas/MeshTrafficPermissionItem' - MeshTrafficPermissionList: - description: List - content: - application/json: - schema: - type: object - properties: - items: - type: array - items: - $ref: '#/components/schemas/MeshTrafficPermissionItem' - total: - type: number - description: The total number of entities - next: - type: string - description: URL to the next page - DataplaneItem: - description: Successful response - content: - application/json: - schema: - $ref: '#/components/schemas/DataplaneItem' - DataplaneList: - description: List - content: - application/json: - schema: - type: object - properties: - items: - type: array - items: - $ref: '#/components/schemas/DataplaneItem' - total: - type: number - description: The total number of entities - next: - type: string - description: URL to the next page - GetDataplaneOverviewResponse: - description: A response containing the overview of a dataplane. - content: - application/json: - schema: - $ref: '#/components/schemas/DataplaneOverviewWithMeta' - GetDataplaneOverviewListResponse: - description: A response containing the overview of a dataplane. - content: - application/json: - schema: - type: object - properties: - total: - type: integer - example: 200 - next: - type: string - items: - type: array - items: - $ref: '#/components/schemas/DataplaneOverviewWithMeta' - MeshItem: - description: Successful response - content: - application/json: - schema: - $ref: '#/components/schemas/MeshItem' - MeshList: - description: List - content: - application/json: - schema: - type: object - properties: - items: - type: array - items: - $ref: '#/components/schemas/MeshItem' - total: - type: number - description: The total number of entities - next: - type: string - description: URL to the next page - MeshGatewayItem: - description: Successful response - content: - application/json: - schema: - $ref: '#/components/schemas/MeshGatewayItem' - MeshGatewayList: - description: List - content: - application/json: - schema: - type: object - properties: - items: - type: array - items: - $ref: '#/components/schemas/MeshGatewayItem' - total: - type: number - description: The total number of entities - next: - type: string - description: URL to the next page - HostnameGeneratorItem: - description: Successful response - content: - application/json: - schema: - $ref: '#/components/schemas/HostnameGeneratorItem' - HostnameGeneratorList: - description: List - content: - application/json: - schema: - type: object - properties: - items: - type: array - items: - $ref: '#/components/schemas/HostnameGeneratorItem' - total: - type: number - description: The total number of entities - next: - type: string - description: URL to the next page - MeshExternalServiceItem: - description: Successful response - content: - application/json: - schema: - $ref: '#/components/schemas/MeshExternalServiceItem' - MeshExternalServiceList: - description: List - content: - application/json: - schema: - type: object - properties: - items: - type: array - items: - $ref: '#/components/schemas/MeshExternalServiceItem' - total: - type: number - description: The total number of entities - next: - type: string - description: URL to the next page - MeshMultiZoneServiceItem: - description: Successful response - content: - application/json: - schema: - $ref: '#/components/schemas/MeshMultiZoneServiceItem' - MeshMultiZoneServiceList: - description: List - content: - application/json: - schema: - type: object - properties: - items: - type: array - items: - $ref: '#/components/schemas/MeshMultiZoneServiceItem' - total: - type: number - description: The total number of entities - next: - type: string - description: URL to the next page - MeshServiceItem: - description: Successful response - content: - application/json: - schema: - $ref: '#/components/schemas/MeshServiceItem' - MeshServiceList: - description: List - content: - application/json: - schema: - type: object - properties: - items: - type: array - items: - $ref: '#/components/schemas/MeshServiceItem' - total: - type: number - description: The total number of entities - next: - type: string - description: URL to the next page - examples: - GlobalInsightExample: - value: - createdAt: '2023-01-11T02:30:42.227Z' - services: - total: 5 - internal: - total: 4 - online: 2 - offline: 1 - partiallyDegraded: 1 - external: - total: 1 - gatewayDelegated: - total: 4 - online: 2 - offline: 1 - partiallyDegraded: 1 - gatewayBuiltin: - total: 4 - online: 2 - offline: 1 - partiallyDegraded: 1 - internalByStatus: - total: 4 - online: 2 - offline: 1 - partiallyDegraded: 1 - zones: - controlPlanes: - online: 1 - total: 1 - zoneEgresses: - online: 1 - total: 1 - zoneIngresses: - online: 1 - total: 1 - dataplanes: - standard: - total: 4 - online: 2 - offline: 1 - partiallyDegraded: 1 - gatewayBuiltin: - total: 4 - online: 2 - offline: 1 - partiallyDegraded: 1 - gatewayDelegated: - total: 4 - online: 2 - offline: 1 - partiallyDegraded: 1 - policies: - total: 100 - meshes: - total: 3 - resources: - MeshTrafficPermission: - total: 42 - MeshService: - total: 84 - InspectDataplanesForPolicyExample: - value: - total: 100 - next: >- - http://localhost:5681/meshes/default/meshretries/_resources/dataplanes?offset=100 - items: - - type: Dataplane - mesh: default - name: dp-1 - labels: - k8s.kuma.io/namespace: kuma-system - - type: Dataplane - mesh: default - name: dp-2 - labels: - k8s.kuma.io/namespace: kuma-system - InspectHostnamesExample: - value: - total: 100 - items: - - hostname: redis.redis-system.svc.east.mesh.local - zones: - - name: east - - name: west -security: - - BasicAuth: [] - - BearerAuth: [] - - {} - diff --git a/mk/dependencies/deps.lock b/mk/dependencies/deps.lock index bc03bb26e005..2e4253075ae2 100644 --- a/mk/dependencies/deps.lock +++ b/mk/dependencies/deps.lock @@ -1 +1 @@ -35373ba1ad60083966f3b85434fbf5d33b9fa172 +b9e2329f7d670ed886c55482a61673f196479216 From 451a3274456a4bc9bb0cd16fc465671dc02c73d2 Mon Sep 17 00:00:00 2001 From: Marcin Skalski Date: Mon, 16 Jun 2025 11:30:05 +0200 Subject: [PATCH 4/4] fix(backport): fix check Signed-off-by: Marcin Skalski --- docs/generated/openapi.yaml | 17586 ++++++++++++++++++++++++++++++++++ 1 file changed, 17586 insertions(+) diff --git a/docs/generated/openapi.yaml b/docs/generated/openapi.yaml index e69de29bb2d1..b03510db4bd0 100644 --- a/docs/generated/openapi.yaml +++ b/docs/generated/openapi.yaml @@ -0,0 +1,17586 @@ +openapi: 3.1.0 +info: + title: Kuma API + description: Kuma API + version: v1alpha1 +paths: + /: + get: + operationId: index + summary: The index endpoint + description: The index endpoint, some common metadata + tags: + - System + responses: + '200': + $ref: '#/components/responses/IndexResponse' + '400': + $ref: '#/components/responses/BadRequest' + '500': + $ref: '#/components/responses/Internal' + /_resources: + get: + operationId: get-resource-type-description + summary: A list of all resources that exist + description: Returns a Global Insight object + tags: + - System + responses: + '200': + $ref: '#/components/responses/ResourceTypeDescriptionListResponse' + '400': + $ref: '#/components/responses/BadRequest' + '500': + $ref: '#/components/responses/Internal' + /global-insight: + get: + operationId: get-global-insight + description: Returns a Global Insight object + summary: Get Global Insight + tags: + - GlobalInsight + responses: + '200': + $ref: '#/components/responses/GlobalInsightResponse' + '400': + $ref: '#/components/responses/BadRequest' + '500': + $ref: '#/components/responses/Internal' + /meshes/{mesh}/{resourceType}/{resourceName}/_rules: + get: + operationId: inspect-dataplanes-rules + summary: Returns rules matching this dataplane + description: Returns rules matching this dataplane + tags: + - Inspect + parameters: + - in: path + name: mesh + example: default + schema: + type: string + required: true + description: The mesh the policy is part of + - in: path + name: resourceType + example: dataplanes + required: true + schema: + type: string + enum: + - dataplanes + - meshgateways + description: The type of resource (only some resources support rules api) + - in: path + name: resourceName + example: my-dp + schema: + type: string + required: true + description: The name of the resource + responses: + '200': + $ref: '#/components/responses/InspectRulesResponse' + '400': + $ref: '#/components/responses/BadRequest' + '500': + $ref: '#/components/responses/Internal' + /meshes/{mesh}/dataplanes/{name}/_config: + get: + operationId: get-dataplanes-xds-config + summary: >- + Get a proxy XDS config on a CP, this endpoint is only available on zone + CPs. + description: >- + Returns the + [xds](https://www.envoyproxy.io/docs/envoy/latest/api-docs/xds_protocol) + configuration of the proxy. + parameters: + - in: path + name: mesh + required: true + description: The mesh of the DPP to get the diff for. + schema: + type: string + - in: path + name: name + required: true + description: The name of the DPP within the mesh to get the diff for. + schema: + type: string + - in: query + name: shadow + description: > + When computing XDS config the CP take into account policies with + 'kuma.io/effect: shadow' label + schema: + type: boolean + default: false + - in: query + name: include + description: > + An array of extra fields to include in the response. When + `include=diff` the server computes a diff in JSONPatch format + + between the current proxy XDS config and the config returned in the + 'xds' field. + schema: + type: array + items: + type: string + enum: + - diff + responses: + '200': + $ref: '#/components/responses/GetDataplaneXDSConfigResponse' + '400': + $ref: '#/components/responses/BadRequest' + '500': + $ref: '#/components/responses/Internal' + /meshes/{mesh}/{policyType}/{policyName}/_resources/dataplanes: + get: + operationId: inspect-resources + summary: Returns resources matched by this policy + description: >- + Returns resources matched by this policy. In the case of `targetRef` + policies we'll match using the top level `targetRef` + tags: + - Inspect + parameters: + - in: path + name: mesh + example: default + schema: + type: string + required: true + description: The mesh the policy is part of + - in: path + name: policyType + example: meshretries + schema: + type: string + required: true + description: The type of the policy + - in: path + name: policyName + example: retry-all + schema: + type: string + required: true + description: The type of the policy + - in: query + name: size + schema: + type: integer + required: false + description: The max number of items to return + - in: query + name: offset + schema: + type: integer + required: false + description: The offset of result + - in: query + name: name + schema: + type: string + required: false + description: A sub string to filter resources by name + responses: + '200': + $ref: '#/components/responses/InspectDataplanesForPolicyResponse' + '400': + $ref: '#/components/responses/BadRequest' + '500': + $ref: '#/components/responses/Internal' + /meshes/{mesh}/{serviceType}/{serviceName}/_hostnames: + get: + operationId: inspect-hostnames + summary: Returns hostnames for service + description: Returns hostnames for a service + tags: + - Inspect + parameters: + - in: path + name: mesh + example: default + schema: + type: string + required: true + description: The mesh the service is part of + - in: path + name: serviceType + example: meshservices + schema: + type: string + enum: + - meshservices + - meshmultizoneservices + - meshexternalservices + required: true + description: The type of the service + - in: path + name: serviceName + example: redis + schema: + type: string + required: true + description: The name of the service + responses: + '200': + $ref: '#/components/responses/InspectHostnamesResponse' + '400': + $ref: '#/components/responses/BadRequest' + '404': + $ref: '#/components/responses/NotFound' + '500': + $ref: '#/components/responses/Internal' + /meshes/{mesh}/meshaccesslogs/{name}: + get: + operationId: getMeshAccessLog + summary: Returns MeshAccessLog entity + tags: + - MeshAccessLog + parameters: + - in: path + name: mesh + schema: + type: string + required: true + description: name of the mesh + - in: path + name: name + schema: + type: string + required: true + description: name of the MeshAccessLog + responses: + '200': + $ref: '#/components/responses/MeshAccessLogItem' + '404': + $ref: '#/components/responses/NotFound' + put: + operationId: putMeshAccessLog + summary: Creates or Updates MeshAccessLog entity + tags: + - MeshAccessLog + parameters: + - in: path + name: mesh + schema: + type: string + required: true + description: name of the mesh + - in: path + name: name + schema: + type: string + required: true + description: name of the MeshAccessLog + requestBody: + description: Put request + required: true + content: + application/json: + schema: + $ref: '#/components/schemas/MeshAccessLogItem' + responses: + '200': + description: Updated + content: + application/json: + schema: + $ref: >- + #/components/schemas/MeshAccessLogCreateOrUpdateSuccessResponse + '201': + description: Created + content: + application/json: + schema: + $ref: >- + #/components/schemas/MeshAccessLogCreateOrUpdateSuccessResponse + delete: + operationId: deleteMeshAccessLog + summary: Deletes MeshAccessLog entity + tags: + - MeshAccessLog + parameters: + - in: path + name: mesh + schema: + type: string + required: true + description: name of the mesh + - in: path + name: name + schema: + type: string + required: true + description: name of the MeshAccessLog + responses: + '200': + content: + application/json: + schema: + $ref: '#/components/schemas/MeshAccessLogDeleteSuccessResponse' + description: Successful response + '404': + $ref: '#/components/responses/NotFound' + /meshes/{mesh}/meshaccesslogs: + get: + operationId: getMeshAccessLogList + summary: Returns a list of MeshAccessLog in the mesh. + tags: + - MeshAccessLog + parameters: + - in: query + name: offset + description: offset in the list of entities + required: false + schema: + type: integer + example: 0 + - in: query + name: size + description: the number of items per page + required: false + schema: + type: integer + default: 100 + maximum: 1000 + minimum: 1 + - in: query + name: filter + description: filter by labels when multiple filters are present, they are ANDed + required: false + schema: + type: object + properties: + key: + type: string + value: + type: string + example: + label.k8s.kuma.io/namespace: my-ns + - in: path + name: mesh + schema: + type: string + required: true + description: name of the mesh + responses: + '200': + $ref: '#/components/responses/MeshAccessLogList' + /meshes/{mesh}/meshcircuitbreakers/{name}: + get: + operationId: getMeshCircuitBreaker + summary: Returns MeshCircuitBreaker entity + tags: + - MeshCircuitBreaker + parameters: + - in: path + name: mesh + schema: + type: string + required: true + description: name of the mesh + - in: path + name: name + schema: + type: string + required: true + description: name of the MeshCircuitBreaker + responses: + '200': + $ref: '#/components/responses/MeshCircuitBreakerItem' + '404': + $ref: '#/components/responses/NotFound' + put: + operationId: putMeshCircuitBreaker + summary: Creates or Updates MeshCircuitBreaker entity + tags: + - MeshCircuitBreaker + parameters: + - in: path + name: mesh + schema: + type: string + required: true + description: name of the mesh + - in: path + name: name + schema: + type: string + required: true + description: name of the MeshCircuitBreaker + requestBody: + description: Put request + required: true + content: + application/json: + schema: + $ref: '#/components/schemas/MeshCircuitBreakerItem' + responses: + '200': + description: Updated + content: + application/json: + schema: + $ref: >- + #/components/schemas/MeshCircuitBreakerCreateOrUpdateSuccessResponse + '201': + description: Created + content: + application/json: + schema: + $ref: >- + #/components/schemas/MeshCircuitBreakerCreateOrUpdateSuccessResponse + delete: + operationId: deleteMeshCircuitBreaker + summary: Deletes MeshCircuitBreaker entity + tags: + - MeshCircuitBreaker + parameters: + - in: path + name: mesh + schema: + type: string + required: true + description: name of the mesh + - in: path + name: name + schema: + type: string + required: true + description: name of the MeshCircuitBreaker + responses: + '200': + content: + application/json: + schema: + $ref: '#/components/schemas/MeshCircuitBreakerDeleteSuccessResponse' + description: Successful response + '404': + $ref: '#/components/responses/NotFound' + /meshes/{mesh}/meshcircuitbreakers: + get: + operationId: getMeshCircuitBreakerList + summary: Returns a list of MeshCircuitBreaker in the mesh. + tags: + - MeshCircuitBreaker + parameters: + - in: query + name: offset + description: offset in the list of entities + required: false + schema: + type: integer + example: 0 + - in: query + name: size + description: the number of items per page + required: false + schema: + type: integer + default: 100 + maximum: 1000 + minimum: 1 + - in: query + name: filter + description: filter by labels when multiple filters are present, they are ANDed + required: false + schema: + type: object + properties: + key: + type: string + value: + type: string + example: + label.k8s.kuma.io/namespace: my-ns + - in: path + name: mesh + schema: + type: string + required: true + description: name of the mesh + responses: + '200': + $ref: '#/components/responses/MeshCircuitBreakerList' + /meshes/{mesh}/meshfaultinjections/{name}: + get: + operationId: getMeshFaultInjection + summary: Returns MeshFaultInjection entity + tags: + - MeshFaultInjection + parameters: + - in: path + name: mesh + schema: + type: string + required: true + description: name of the mesh + - in: path + name: name + schema: + type: string + required: true + description: name of the MeshFaultInjection + responses: + '200': + $ref: '#/components/responses/MeshFaultInjectionItem' + '404': + $ref: '#/components/responses/NotFound' + put: + operationId: putMeshFaultInjection + summary: Creates or Updates MeshFaultInjection entity + tags: + - MeshFaultInjection + parameters: + - in: path + name: mesh + schema: + type: string + required: true + description: name of the mesh + - in: path + name: name + schema: + type: string + required: true + description: name of the MeshFaultInjection + requestBody: + description: Put request + required: true + content: + application/json: + schema: + $ref: '#/components/schemas/MeshFaultInjectionItem' + responses: + '200': + description: Updated + content: + application/json: + schema: + $ref: >- + #/components/schemas/MeshFaultInjectionCreateOrUpdateSuccessResponse + '201': + description: Created + content: + application/json: + schema: + $ref: >- + #/components/schemas/MeshFaultInjectionCreateOrUpdateSuccessResponse + delete: + operationId: deleteMeshFaultInjection + summary: Deletes MeshFaultInjection entity + tags: + - MeshFaultInjection + parameters: + - in: path + name: mesh + schema: + type: string + required: true + description: name of the mesh + - in: path + name: name + schema: + type: string + required: true + description: name of the MeshFaultInjection + responses: + '200': + content: + application/json: + schema: + $ref: '#/components/schemas/MeshFaultInjectionDeleteSuccessResponse' + description: Successful response + '404': + $ref: '#/components/responses/NotFound' + /meshes/{mesh}/meshfaultinjections: + get: + operationId: getMeshFaultInjectionList + summary: Returns a list of MeshFaultInjection in the mesh. + tags: + - MeshFaultInjection + parameters: + - in: query + name: offset + description: offset in the list of entities + required: false + schema: + type: integer + example: 0 + - in: query + name: size + description: the number of items per page + required: false + schema: + type: integer + default: 100 + maximum: 1000 + minimum: 1 + - in: query + name: filter + description: filter by labels when multiple filters are present, they are ANDed + required: false + schema: + type: object + properties: + key: + type: string + value: + type: string + example: + label.k8s.kuma.io/namespace: my-ns + - in: path + name: mesh + schema: + type: string + required: true + description: name of the mesh + responses: + '200': + $ref: '#/components/responses/MeshFaultInjectionList' + /meshes/{mesh}/meshhealthchecks/{name}: + get: + operationId: getMeshHealthCheck + summary: Returns MeshHealthCheck entity + tags: + - MeshHealthCheck + parameters: + - in: path + name: mesh + schema: + type: string + required: true + description: name of the mesh + - in: path + name: name + schema: + type: string + required: true + description: name of the MeshHealthCheck + responses: + '200': + $ref: '#/components/responses/MeshHealthCheckItem' + '404': + $ref: '#/components/responses/NotFound' + put: + operationId: putMeshHealthCheck + summary: Creates or Updates MeshHealthCheck entity + tags: + - MeshHealthCheck + parameters: + - in: path + name: mesh + schema: + type: string + required: true + description: name of the mesh + - in: path + name: name + schema: + type: string + required: true + description: name of the MeshHealthCheck + requestBody: + description: Put request + required: true + content: + application/json: + schema: + $ref: '#/components/schemas/MeshHealthCheckItem' + responses: + '200': + description: Updated + content: + application/json: + schema: + $ref: >- + #/components/schemas/MeshHealthCheckCreateOrUpdateSuccessResponse + '201': + description: Created + content: + application/json: + schema: + $ref: >- + #/components/schemas/MeshHealthCheckCreateOrUpdateSuccessResponse + delete: + operationId: deleteMeshHealthCheck + summary: Deletes MeshHealthCheck entity + tags: + - MeshHealthCheck + parameters: + - in: path + name: mesh + schema: + type: string + required: true + description: name of the mesh + - in: path + name: name + schema: + type: string + required: true + description: name of the MeshHealthCheck + responses: + '200': + content: + application/json: + schema: + $ref: '#/components/schemas/MeshHealthCheckDeleteSuccessResponse' + description: Successful response + '404': + $ref: '#/components/responses/NotFound' + /meshes/{mesh}/meshhealthchecks: + get: + operationId: getMeshHealthCheckList + summary: Returns a list of MeshHealthCheck in the mesh. + tags: + - MeshHealthCheck + parameters: + - in: query + name: offset + description: offset in the list of entities + required: false + schema: + type: integer + example: 0 + - in: query + name: size + description: the number of items per page + required: false + schema: + type: integer + default: 100 + maximum: 1000 + minimum: 1 + - in: query + name: filter + description: filter by labels when multiple filters are present, they are ANDed + required: false + schema: + type: object + properties: + key: + type: string + value: + type: string + example: + label.k8s.kuma.io/namespace: my-ns + - in: path + name: mesh + schema: + type: string + required: true + description: name of the mesh + responses: + '200': + $ref: '#/components/responses/MeshHealthCheckList' + /meshes/{mesh}/meshhttproutes/{name}: + get: + operationId: getMeshHTTPRoute + summary: Returns MeshHTTPRoute entity + tags: + - MeshHTTPRoute + parameters: + - in: path + name: mesh + schema: + type: string + required: true + description: name of the mesh + - in: path + name: name + schema: + type: string + required: true + description: name of the MeshHTTPRoute + responses: + '200': + $ref: '#/components/responses/MeshHTTPRouteItem' + '404': + $ref: '#/components/responses/NotFound' + put: + operationId: putMeshHTTPRoute + summary: Creates or Updates MeshHTTPRoute entity + tags: + - MeshHTTPRoute + parameters: + - in: path + name: mesh + schema: + type: string + required: true + description: name of the mesh + - in: path + name: name + schema: + type: string + required: true + description: name of the MeshHTTPRoute + requestBody: + description: Put request + required: true + content: + application/json: + schema: + $ref: '#/components/schemas/MeshHTTPRouteItem' + responses: + '200': + description: Updated + content: + application/json: + schema: + $ref: >- + #/components/schemas/MeshHTTPRouteCreateOrUpdateSuccessResponse + '201': + description: Created + content: + application/json: + schema: + $ref: >- + #/components/schemas/MeshHTTPRouteCreateOrUpdateSuccessResponse + delete: + operationId: deleteMeshHTTPRoute + summary: Deletes MeshHTTPRoute entity + tags: + - MeshHTTPRoute + parameters: + - in: path + name: mesh + schema: + type: string + required: true + description: name of the mesh + - in: path + name: name + schema: + type: string + required: true + description: name of the MeshHTTPRoute + responses: + '200': + content: + application/json: + schema: + $ref: '#/components/schemas/MeshHTTPRouteDeleteSuccessResponse' + description: Successful response + '404': + $ref: '#/components/responses/NotFound' + /meshes/{mesh}/meshhttproutes: + get: + operationId: getMeshHTTPRouteList + summary: Returns a list of MeshHTTPRoute in the mesh. + tags: + - MeshHTTPRoute + parameters: + - in: query + name: offset + description: offset in the list of entities + required: false + schema: + type: integer + example: 0 + - in: query + name: size + description: the number of items per page + required: false + schema: + type: integer + default: 100 + maximum: 1000 + minimum: 1 + - in: query + name: filter + description: filter by labels when multiple filters are present, they are ANDed + required: false + schema: + type: object + properties: + key: + type: string + value: + type: string + example: + label.k8s.kuma.io/namespace: my-ns + - in: path + name: mesh + schema: + type: string + required: true + description: name of the mesh + responses: + '200': + $ref: '#/components/responses/MeshHTTPRouteList' + /meshes/{mesh}/meshloadbalancingstrategies/{name}: + get: + operationId: getMeshLoadBalancingStrategy + summary: Returns MeshLoadBalancingStrategy entity + tags: + - MeshLoadBalancingStrategy + parameters: + - in: path + name: mesh + schema: + type: string + required: true + description: name of the mesh + - in: path + name: name + schema: + type: string + required: true + description: name of the MeshLoadBalancingStrategy + responses: + '200': + $ref: '#/components/responses/MeshLoadBalancingStrategyItem' + '404': + $ref: '#/components/responses/NotFound' + put: + operationId: putMeshLoadBalancingStrategy + summary: Creates or Updates MeshLoadBalancingStrategy entity + tags: + - MeshLoadBalancingStrategy + parameters: + - in: path + name: mesh + schema: + type: string + required: true + description: name of the mesh + - in: path + name: name + schema: + type: string + required: true + description: name of the MeshLoadBalancingStrategy + requestBody: + description: Put request + required: true + content: + application/json: + schema: + $ref: '#/components/schemas/MeshLoadBalancingStrategyItem' + responses: + '200': + description: Updated + content: + application/json: + schema: + $ref: >- + #/components/schemas/MeshLoadBalancingStrategyCreateOrUpdateSuccessResponse + '201': + description: Created + content: + application/json: + schema: + $ref: >- + #/components/schemas/MeshLoadBalancingStrategyCreateOrUpdateSuccessResponse + delete: + operationId: deleteMeshLoadBalancingStrategy + summary: Deletes MeshLoadBalancingStrategy entity + tags: + - MeshLoadBalancingStrategy + parameters: + - in: path + name: mesh + schema: + type: string + required: true + description: name of the mesh + - in: path + name: name + schema: + type: string + required: true + description: name of the MeshLoadBalancingStrategy + responses: + '200': + content: + application/json: + schema: + $ref: >- + #/components/schemas/MeshLoadBalancingStrategyDeleteSuccessResponse + description: Successful response + '404': + $ref: '#/components/responses/NotFound' + /meshes/{mesh}/meshloadbalancingstrategies: + get: + operationId: getMeshLoadBalancingStrategyList + summary: Returns a list of MeshLoadBalancingStrategy in the mesh. + tags: + - MeshLoadBalancingStrategy + parameters: + - in: query + name: offset + description: offset in the list of entities + required: false + schema: + type: integer + example: 0 + - in: query + name: size + description: the number of items per page + required: false + schema: + type: integer + default: 100 + maximum: 1000 + minimum: 1 + - in: query + name: filter + description: filter by labels when multiple filters are present, they are ANDed + required: false + schema: + type: object + properties: + key: + type: string + value: + type: string + example: + label.k8s.kuma.io/namespace: my-ns + - in: path + name: mesh + schema: + type: string + required: true + description: name of the mesh + responses: + '200': + $ref: '#/components/responses/MeshLoadBalancingStrategyList' + /meshes/{mesh}/meshmetrics/{name}: + get: + operationId: getMeshMetric + summary: Returns MeshMetric entity + tags: + - MeshMetric + parameters: + - in: path + name: mesh + schema: + type: string + required: true + description: name of the mesh + - in: path + name: name + schema: + type: string + required: true + description: name of the MeshMetric + responses: + '200': + $ref: '#/components/responses/MeshMetricItem' + '404': + $ref: '#/components/responses/NotFound' + put: + operationId: putMeshMetric + summary: Creates or Updates MeshMetric entity + tags: + - MeshMetric + parameters: + - in: path + name: mesh + schema: + type: string + required: true + description: name of the mesh + - in: path + name: name + schema: + type: string + required: true + description: name of the MeshMetric + requestBody: + description: Put request + required: true + content: + application/json: + schema: + $ref: '#/components/schemas/MeshMetricItem' + responses: + '200': + description: Updated + content: + application/json: + schema: + $ref: '#/components/schemas/MeshMetricCreateOrUpdateSuccessResponse' + '201': + description: Created + content: + application/json: + schema: + $ref: '#/components/schemas/MeshMetricCreateOrUpdateSuccessResponse' + delete: + operationId: deleteMeshMetric + summary: Deletes MeshMetric entity + tags: + - MeshMetric + parameters: + - in: path + name: mesh + schema: + type: string + required: true + description: name of the mesh + - in: path + name: name + schema: + type: string + required: true + description: name of the MeshMetric + responses: + '200': + content: + application/json: + schema: + $ref: '#/components/schemas/MeshMetricDeleteSuccessResponse' + description: Successful response + '404': + $ref: '#/components/responses/NotFound' + /meshes/{mesh}/meshmetrics: + get: + operationId: getMeshMetricList + summary: Returns a list of MeshMetric in the mesh. + tags: + - MeshMetric + parameters: + - in: query + name: offset + description: offset in the list of entities + required: false + schema: + type: integer + example: 0 + - in: query + name: size + description: the number of items per page + required: false + schema: + type: integer + default: 100 + maximum: 1000 + minimum: 1 + - in: query + name: filter + description: filter by labels when multiple filters are present, they are ANDed + required: false + schema: + type: object + properties: + key: + type: string + value: + type: string + example: + label.k8s.kuma.io/namespace: my-ns + - in: path + name: mesh + schema: + type: string + required: true + description: name of the mesh + responses: + '200': + $ref: '#/components/responses/MeshMetricList' + /meshes/{mesh}/meshpassthroughs/{name}: + get: + operationId: getMeshPassthrough + summary: Returns MeshPassthrough entity + tags: + - MeshPassthrough + parameters: + - in: path + name: mesh + schema: + type: string + required: true + description: name of the mesh + - in: path + name: name + schema: + type: string + required: true + description: name of the MeshPassthrough + responses: + '200': + $ref: '#/components/responses/MeshPassthroughItem' + '404': + $ref: '#/components/responses/NotFound' + put: + operationId: putMeshPassthrough + summary: Creates or Updates MeshPassthrough entity + tags: + - MeshPassthrough + parameters: + - in: path + name: mesh + schema: + type: string + required: true + description: name of the mesh + - in: path + name: name + schema: + type: string + required: true + description: name of the MeshPassthrough + requestBody: + description: Put request + required: true + content: + application/json: + schema: + $ref: '#/components/schemas/MeshPassthroughItem' + responses: + '200': + description: Updated + content: + application/json: + schema: + $ref: >- + #/components/schemas/MeshPassthroughCreateOrUpdateSuccessResponse + '201': + description: Created + content: + application/json: + schema: + $ref: >- + #/components/schemas/MeshPassthroughCreateOrUpdateSuccessResponse + delete: + operationId: deleteMeshPassthrough + summary: Deletes MeshPassthrough entity + tags: + - MeshPassthrough + parameters: + - in: path + name: mesh + schema: + type: string + required: true + description: name of the mesh + - in: path + name: name + schema: + type: string + required: true + description: name of the MeshPassthrough + responses: + '200': + content: + application/json: + schema: + $ref: '#/components/schemas/MeshPassthroughDeleteSuccessResponse' + description: Successful response + '404': + $ref: '#/components/responses/NotFound' + /meshes/{mesh}/meshpassthroughs: + get: + operationId: getMeshPassthroughList + summary: Returns a list of MeshPassthrough in the mesh. + tags: + - MeshPassthrough + parameters: + - in: query + name: offset + description: offset in the list of entities + required: false + schema: + type: integer + example: 0 + - in: query + name: size + description: the number of items per page + required: false + schema: + type: integer + default: 100 + maximum: 1000 + minimum: 1 + - in: query + name: filter + description: filter by labels when multiple filters are present, they are ANDed + required: false + schema: + type: object + properties: + key: + type: string + value: + type: string + example: + label.k8s.kuma.io/namespace: my-ns + - in: path + name: mesh + schema: + type: string + required: true + description: name of the mesh + responses: + '200': + $ref: '#/components/responses/MeshPassthroughList' + /meshes/{mesh}/meshproxypatches/{name}: + get: + operationId: getMeshProxyPatch + summary: Returns MeshProxyPatch entity + tags: + - MeshProxyPatch + parameters: + - in: path + name: mesh + schema: + type: string + required: true + description: name of the mesh + - in: path + name: name + schema: + type: string + required: true + description: name of the MeshProxyPatch + responses: + '200': + $ref: '#/components/responses/MeshProxyPatchItem' + '404': + $ref: '#/components/responses/NotFound' + put: + operationId: putMeshProxyPatch + summary: Creates or Updates MeshProxyPatch entity + tags: + - MeshProxyPatch + parameters: + - in: path + name: mesh + schema: + type: string + required: true + description: name of the mesh + - in: path + name: name + schema: + type: string + required: true + description: name of the MeshProxyPatch + requestBody: + description: Put request + required: true + content: + application/json: + schema: + $ref: '#/components/schemas/MeshProxyPatchItem' + responses: + '200': + description: Updated + content: + application/json: + schema: + $ref: >- + #/components/schemas/MeshProxyPatchCreateOrUpdateSuccessResponse + '201': + description: Created + content: + application/json: + schema: + $ref: >- + #/components/schemas/MeshProxyPatchCreateOrUpdateSuccessResponse + delete: + operationId: deleteMeshProxyPatch + summary: Deletes MeshProxyPatch entity + tags: + - MeshProxyPatch + parameters: + - in: path + name: mesh + schema: + type: string + required: true + description: name of the mesh + - in: path + name: name + schema: + type: string + required: true + description: name of the MeshProxyPatch + responses: + '200': + content: + application/json: + schema: + $ref: '#/components/schemas/MeshProxyPatchDeleteSuccessResponse' + description: Successful response + '404': + $ref: '#/components/responses/NotFound' + /meshes/{mesh}/meshproxypatches: + get: + operationId: getMeshProxyPatchList + summary: Returns a list of MeshProxyPatch in the mesh. + tags: + - MeshProxyPatch + parameters: + - in: query + name: offset + description: offset in the list of entities + required: false + schema: + type: integer + example: 0 + - in: query + name: size + description: the number of items per page + required: false + schema: + type: integer + default: 100 + maximum: 1000 + minimum: 1 + - in: query + name: filter + description: filter by labels when multiple filters are present, they are ANDed + required: false + schema: + type: object + properties: + key: + type: string + value: + type: string + example: + label.k8s.kuma.io/namespace: my-ns + - in: path + name: mesh + schema: + type: string + required: true + description: name of the mesh + responses: + '200': + $ref: '#/components/responses/MeshProxyPatchList' + /meshes/{mesh}/meshratelimits/{name}: + get: + operationId: getMeshRateLimit + summary: Returns MeshRateLimit entity + tags: + - MeshRateLimit + parameters: + - in: path + name: mesh + schema: + type: string + required: true + description: name of the mesh + - in: path + name: name + schema: + type: string + required: true + description: name of the MeshRateLimit + responses: + '200': + $ref: '#/components/responses/MeshRateLimitItem' + '404': + $ref: '#/components/responses/NotFound' + put: + operationId: putMeshRateLimit + summary: Creates or Updates MeshRateLimit entity + tags: + - MeshRateLimit + parameters: + - in: path + name: mesh + schema: + type: string + required: true + description: name of the mesh + - in: path + name: name + schema: + type: string + required: true + description: name of the MeshRateLimit + requestBody: + description: Put request + required: true + content: + application/json: + schema: + $ref: '#/components/schemas/MeshRateLimitItem' + responses: + '200': + description: Updated + content: + application/json: + schema: + $ref: >- + #/components/schemas/MeshRateLimitCreateOrUpdateSuccessResponse + '201': + description: Created + content: + application/json: + schema: + $ref: >- + #/components/schemas/MeshRateLimitCreateOrUpdateSuccessResponse + delete: + operationId: deleteMeshRateLimit + summary: Deletes MeshRateLimit entity + tags: + - MeshRateLimit + parameters: + - in: path + name: mesh + schema: + type: string + required: true + description: name of the mesh + - in: path + name: name + schema: + type: string + required: true + description: name of the MeshRateLimit + responses: + '200': + content: + application/json: + schema: + $ref: '#/components/schemas/MeshRateLimitDeleteSuccessResponse' + description: Successful response + '404': + $ref: '#/components/responses/NotFound' + /meshes/{mesh}/meshratelimits: + get: + operationId: getMeshRateLimitList + summary: Returns a list of MeshRateLimit in the mesh. + tags: + - MeshRateLimit + parameters: + - in: query + name: offset + description: offset in the list of entities + required: false + schema: + type: integer + example: 0 + - in: query + name: size + description: the number of items per page + required: false + schema: + type: integer + default: 100 + maximum: 1000 + minimum: 1 + - in: query + name: filter + description: filter by labels when multiple filters are present, they are ANDed + required: false + schema: + type: object + properties: + key: + type: string + value: + type: string + example: + label.k8s.kuma.io/namespace: my-ns + - in: path + name: mesh + schema: + type: string + required: true + description: name of the mesh + responses: + '200': + $ref: '#/components/responses/MeshRateLimitList' + /meshes/{mesh}/meshretries/{name}: + get: + operationId: getMeshRetry + summary: Returns MeshRetry entity + tags: + - MeshRetry + parameters: + - in: path + name: mesh + schema: + type: string + required: true + description: name of the mesh + - in: path + name: name + schema: + type: string + required: true + description: name of the MeshRetry + responses: + '200': + $ref: '#/components/responses/MeshRetryItem' + '404': + $ref: '#/components/responses/NotFound' + put: + operationId: putMeshRetry + summary: Creates or Updates MeshRetry entity + tags: + - MeshRetry + parameters: + - in: path + name: mesh + schema: + type: string + required: true + description: name of the mesh + - in: path + name: name + schema: + type: string + required: true + description: name of the MeshRetry + requestBody: + description: Put request + required: true + content: + application/json: + schema: + $ref: '#/components/schemas/MeshRetryItem' + responses: + '200': + description: Updated + content: + application/json: + schema: + $ref: '#/components/schemas/MeshRetryCreateOrUpdateSuccessResponse' + '201': + description: Created + content: + application/json: + schema: + $ref: '#/components/schemas/MeshRetryCreateOrUpdateSuccessResponse' + delete: + operationId: deleteMeshRetry + summary: Deletes MeshRetry entity + tags: + - MeshRetry + parameters: + - in: path + name: mesh + schema: + type: string + required: true + description: name of the mesh + - in: path + name: name + schema: + type: string + required: true + description: name of the MeshRetry + responses: + '200': + content: + application/json: + schema: + $ref: '#/components/schemas/MeshRetryDeleteSuccessResponse' + description: Successful response + '404': + $ref: '#/components/responses/NotFound' + /meshes/{mesh}/meshretries: + get: + operationId: getMeshRetryList + summary: Returns a list of MeshRetry in the mesh. + tags: + - MeshRetry + parameters: + - in: query + name: offset + description: offset in the list of entities + required: false + schema: + type: integer + example: 0 + - in: query + name: size + description: the number of items per page + required: false + schema: + type: integer + default: 100 + maximum: 1000 + minimum: 1 + - in: query + name: filter + description: filter by labels when multiple filters are present, they are ANDed + required: false + schema: + type: object + properties: + key: + type: string + value: + type: string + example: + label.k8s.kuma.io/namespace: my-ns + - in: path + name: mesh + schema: + type: string + required: true + description: name of the mesh + responses: + '200': + $ref: '#/components/responses/MeshRetryList' + /meshes/{mesh}/meshtcproutes/{name}: + get: + operationId: getMeshTCPRoute + summary: Returns MeshTCPRoute entity + tags: + - MeshTCPRoute + parameters: + - in: path + name: mesh + schema: + type: string + required: true + description: name of the mesh + - in: path + name: name + schema: + type: string + required: true + description: name of the MeshTCPRoute + responses: + '200': + $ref: '#/components/responses/MeshTCPRouteItem' + '404': + $ref: '#/components/responses/NotFound' + put: + operationId: putMeshTCPRoute + summary: Creates or Updates MeshTCPRoute entity + tags: + - MeshTCPRoute + parameters: + - in: path + name: mesh + schema: + type: string + required: true + description: name of the mesh + - in: path + name: name + schema: + type: string + required: true + description: name of the MeshTCPRoute + requestBody: + description: Put request + required: true + content: + application/json: + schema: + $ref: '#/components/schemas/MeshTCPRouteItem' + responses: + '200': + description: Updated + content: + application/json: + schema: + $ref: '#/components/schemas/MeshTCPRouteCreateOrUpdateSuccessResponse' + '201': + description: Created + content: + application/json: + schema: + $ref: '#/components/schemas/MeshTCPRouteCreateOrUpdateSuccessResponse' + delete: + operationId: deleteMeshTCPRoute + summary: Deletes MeshTCPRoute entity + tags: + - MeshTCPRoute + parameters: + - in: path + name: mesh + schema: + type: string + required: true + description: name of the mesh + - in: path + name: name + schema: + type: string + required: true + description: name of the MeshTCPRoute + responses: + '200': + content: + application/json: + schema: + $ref: '#/components/schemas/MeshTCPRouteDeleteSuccessResponse' + description: Successful response + '404': + $ref: '#/components/responses/NotFound' + /meshes/{mesh}/meshtcproutes: + get: + operationId: getMeshTCPRouteList + summary: Returns a list of MeshTCPRoute in the mesh. + tags: + - MeshTCPRoute + parameters: + - in: query + name: offset + description: offset in the list of entities + required: false + schema: + type: integer + example: 0 + - in: query + name: size + description: the number of items per page + required: false + schema: + type: integer + default: 100 + maximum: 1000 + minimum: 1 + - in: query + name: filter + description: filter by labels when multiple filters are present, they are ANDed + required: false + schema: + type: object + properties: + key: + type: string + value: + type: string + example: + label.k8s.kuma.io/namespace: my-ns + - in: path + name: mesh + schema: + type: string + required: true + description: name of the mesh + responses: + '200': + $ref: '#/components/responses/MeshTCPRouteList' + /meshes/{mesh}/meshtimeouts/{name}: + get: + operationId: getMeshTimeout + summary: Returns MeshTimeout entity + tags: + - MeshTimeout + parameters: + - in: path + name: mesh + schema: + type: string + required: true + description: name of the mesh + - in: path + name: name + schema: + type: string + required: true + description: name of the MeshTimeout + responses: + '200': + $ref: '#/components/responses/MeshTimeoutItem' + '404': + $ref: '#/components/responses/NotFound' + put: + operationId: putMeshTimeout + summary: Creates or Updates MeshTimeout entity + tags: + - MeshTimeout + parameters: + - in: path + name: mesh + schema: + type: string + required: true + description: name of the mesh + - in: path + name: name + schema: + type: string + required: true + description: name of the MeshTimeout + requestBody: + description: Put request + required: true + content: + application/json: + schema: + $ref: '#/components/schemas/MeshTimeoutItem' + responses: + '200': + description: Updated + content: + application/json: + schema: + $ref: '#/components/schemas/MeshTimeoutCreateOrUpdateSuccessResponse' + '201': + description: Created + content: + application/json: + schema: + $ref: '#/components/schemas/MeshTimeoutCreateOrUpdateSuccessResponse' + delete: + operationId: deleteMeshTimeout + summary: Deletes MeshTimeout entity + tags: + - MeshTimeout + parameters: + - in: path + name: mesh + schema: + type: string + required: true + description: name of the mesh + - in: path + name: name + schema: + type: string + required: true + description: name of the MeshTimeout + responses: + '200': + content: + application/json: + schema: + $ref: '#/components/schemas/MeshTimeoutDeleteSuccessResponse' + description: Successful response + '404': + $ref: '#/components/responses/NotFound' + /meshes/{mesh}/meshtimeouts: + get: + operationId: getMeshTimeoutList + summary: Returns a list of MeshTimeout in the mesh. + tags: + - MeshTimeout + parameters: + - in: query + name: offset + description: offset in the list of entities + required: false + schema: + type: integer + example: 0 + - in: query + name: size + description: the number of items per page + required: false + schema: + type: integer + default: 100 + maximum: 1000 + minimum: 1 + - in: query + name: filter + description: filter by labels when multiple filters are present, they are ANDed + required: false + schema: + type: object + properties: + key: + type: string + value: + type: string + example: + label.k8s.kuma.io/namespace: my-ns + - in: path + name: mesh + schema: + type: string + required: true + description: name of the mesh + responses: + '200': + $ref: '#/components/responses/MeshTimeoutList' + /meshes/{mesh}/meshtlses/{name}: + get: + operationId: getMeshTLS + summary: Returns MeshTLS entity + tags: + - MeshTLS + parameters: + - in: path + name: mesh + schema: + type: string + required: true + description: name of the mesh + - in: path + name: name + schema: + type: string + required: true + description: name of the MeshTLS + responses: + '200': + $ref: '#/components/responses/MeshTLSItem' + '404': + $ref: '#/components/responses/NotFound' + put: + operationId: putMeshTLS + summary: Creates or Updates MeshTLS entity + tags: + - MeshTLS + parameters: + - in: path + name: mesh + schema: + type: string + required: true + description: name of the mesh + - in: path + name: name + schema: + type: string + required: true + description: name of the MeshTLS + requestBody: + description: Put request + required: true + content: + application/json: + schema: + $ref: '#/components/schemas/MeshTLSItem' + responses: + '200': + description: Updated + content: + application/json: + schema: + $ref: '#/components/schemas/MeshTLSCreateOrUpdateSuccessResponse' + '201': + description: Created + content: + application/json: + schema: + $ref: '#/components/schemas/MeshTLSCreateOrUpdateSuccessResponse' + delete: + operationId: deleteMeshTLS + summary: Deletes MeshTLS entity + tags: + - MeshTLS + parameters: + - in: path + name: mesh + schema: + type: string + required: true + description: name of the mesh + - in: path + name: name + schema: + type: string + required: true + description: name of the MeshTLS + responses: + '200': + content: + application/json: + schema: + $ref: '#/components/schemas/MeshTLSDeleteSuccessResponse' + description: Successful response + '404': + $ref: '#/components/responses/NotFound' + /meshes/{mesh}/meshtlses: + get: + operationId: getMeshTLSList + summary: Returns a list of MeshTLS in the mesh. + tags: + - MeshTLS + parameters: + - in: query + name: offset + description: offset in the list of entities + required: false + schema: + type: integer + example: 0 + - in: query + name: size + description: the number of items per page + required: false + schema: + type: integer + default: 100 + maximum: 1000 + minimum: 1 + - in: query + name: filter + description: filter by labels when multiple filters are present, they are ANDed + required: false + schema: + type: object + properties: + key: + type: string + value: + type: string + example: + label.k8s.kuma.io/namespace: my-ns + - in: path + name: mesh + schema: + type: string + required: true + description: name of the mesh + responses: + '200': + $ref: '#/components/responses/MeshTLSList' + /meshes/{mesh}/meshtraces/{name}: + get: + operationId: getMeshTrace + summary: Returns MeshTrace entity + tags: + - MeshTrace + parameters: + - in: path + name: mesh + schema: + type: string + required: true + description: name of the mesh + - in: path + name: name + schema: + type: string + required: true + description: name of the MeshTrace + responses: + '200': + $ref: '#/components/responses/MeshTraceItem' + '404': + $ref: '#/components/responses/NotFound' + put: + operationId: putMeshTrace + summary: Creates or Updates MeshTrace entity + tags: + - MeshTrace + parameters: + - in: path + name: mesh + schema: + type: string + required: true + description: name of the mesh + - in: path + name: name + schema: + type: string + required: true + description: name of the MeshTrace + requestBody: + description: Put request + required: true + content: + application/json: + schema: + $ref: '#/components/schemas/MeshTraceItem' + responses: + '200': + description: Updated + content: + application/json: + schema: + $ref: '#/components/schemas/MeshTraceCreateOrUpdateSuccessResponse' + '201': + description: Created + content: + application/json: + schema: + $ref: '#/components/schemas/MeshTraceCreateOrUpdateSuccessResponse' + delete: + operationId: deleteMeshTrace + summary: Deletes MeshTrace entity + tags: + - MeshTrace + parameters: + - in: path + name: mesh + schema: + type: string + required: true + description: name of the mesh + - in: path + name: name + schema: + type: string + required: true + description: name of the MeshTrace + responses: + '200': + content: + application/json: + schema: + $ref: '#/components/schemas/MeshTraceDeleteSuccessResponse' + description: Successful response + '404': + $ref: '#/components/responses/NotFound' + /meshes/{mesh}/meshtraces: + get: + operationId: getMeshTraceList + summary: Returns a list of MeshTrace in the mesh. + tags: + - MeshTrace + parameters: + - in: query + name: offset + description: offset in the list of entities + required: false + schema: + type: integer + example: 0 + - in: query + name: size + description: the number of items per page + required: false + schema: + type: integer + default: 100 + maximum: 1000 + minimum: 1 + - in: query + name: filter + description: filter by labels when multiple filters are present, they are ANDed + required: false + schema: + type: object + properties: + key: + type: string + value: + type: string + example: + label.k8s.kuma.io/namespace: my-ns + - in: path + name: mesh + schema: + type: string + required: true + description: name of the mesh + responses: + '200': + $ref: '#/components/responses/MeshTraceList' + /meshes/{mesh}/meshtrafficpermissions/{name}: + get: + operationId: getMeshTrafficPermission + summary: Returns MeshTrafficPermission entity + tags: + - MeshTrafficPermission + parameters: + - in: path + name: mesh + schema: + type: string + required: true + description: name of the mesh + - in: path + name: name + schema: + type: string + required: true + description: name of the MeshTrafficPermission + responses: + '200': + $ref: '#/components/responses/MeshTrafficPermissionItem' + '404': + $ref: '#/components/responses/NotFound' + put: + operationId: putMeshTrafficPermission + summary: Creates or Updates MeshTrafficPermission entity + tags: + - MeshTrafficPermission + parameters: + - in: path + name: mesh + schema: + type: string + required: true + description: name of the mesh + - in: path + name: name + schema: + type: string + required: true + description: name of the MeshTrafficPermission + requestBody: + description: Put request + required: true + content: + application/json: + schema: + $ref: '#/components/schemas/MeshTrafficPermissionItem' + responses: + '200': + description: Updated + content: + application/json: + schema: + $ref: >- + #/components/schemas/MeshTrafficPermissionCreateOrUpdateSuccessResponse + '201': + description: Created + content: + application/json: + schema: + $ref: >- + #/components/schemas/MeshTrafficPermissionCreateOrUpdateSuccessResponse + delete: + operationId: deleteMeshTrafficPermission + summary: Deletes MeshTrafficPermission entity + tags: + - MeshTrafficPermission + parameters: + - in: path + name: mesh + schema: + type: string + required: true + description: name of the mesh + - in: path + name: name + schema: + type: string + required: true + description: name of the MeshTrafficPermission + responses: + '200': + content: + application/json: + schema: + $ref: >- + #/components/schemas/MeshTrafficPermissionDeleteSuccessResponse + description: Successful response + '404': + $ref: '#/components/responses/NotFound' + /meshes/{mesh}/meshtrafficpermissions: + get: + operationId: getMeshTrafficPermissionList + summary: Returns a list of MeshTrafficPermission in the mesh. + tags: + - MeshTrafficPermission + parameters: + - in: query + name: offset + description: offset in the list of entities + required: false + schema: + type: integer + example: 0 + - in: query + name: size + description: the number of items per page + required: false + schema: + type: integer + default: 100 + maximum: 1000 + minimum: 1 + - in: query + name: filter + description: filter by labels when multiple filters are present, they are ANDed + required: false + schema: + type: object + properties: + key: + type: string + value: + type: string + example: + label.k8s.kuma.io/namespace: my-ns + - in: path + name: mesh + schema: + type: string + required: true + description: name of the mesh + responses: + '200': + $ref: '#/components/responses/MeshTrafficPermissionList' + /meshes/{mesh}/dataplanes/{name}: + get: + operationId: getDataplane + summary: Returns Dataplane entity + tags: + - Dataplane + parameters: + - in: path + name: mesh + schema: + type: string + required: true + description: name of the mesh + - in: path + name: name + schema: + type: string + required: true + description: name of the Dataplane + responses: + '200': + $ref: '#/components/responses/DataplaneItem' + '404': + $ref: '#/components/responses/NotFound' + put: + operationId: putDataplane + summary: Creates or Updates Dataplane entity + tags: + - Dataplane + parameters: + - in: path + name: mesh + schema: + type: string + required: true + description: name of the mesh + - in: path + name: name + schema: + type: string + required: true + description: name of the Dataplane + requestBody: + description: Put request + required: true + content: + application/json: + schema: + $ref: '#/components/schemas/DataplaneItem' + responses: + '200': + description: Updated + content: + application/json: + schema: + $ref: '#/components/schemas/DataplaneCreateOrUpdateSuccessResponse' + '201': + description: Created + content: + application/json: + schema: + $ref: '#/components/schemas/DataplaneCreateOrUpdateSuccessResponse' + delete: + operationId: deleteDataplane + summary: Deletes Dataplane entity + tags: + - Dataplane + parameters: + - in: path + name: mesh + schema: + type: string + required: true + description: name of the mesh + - in: path + name: name + schema: + type: string + required: true + description: name of the Dataplane + responses: + '200': + content: + application/json: + schema: + $ref: '#/components/schemas/DataplaneDeleteSuccessResponse' + description: Successful response + '404': + $ref: '#/components/responses/NotFound' + /meshes/{mesh}/dataplanes: + get: + operationId: getDataplaneList + summary: Returns a list of Dataplane in the mesh. + tags: + - Dataplane + parameters: + - in: query + name: offset + description: offset in the list of entities + required: false + schema: + type: integer + example: 0 + - in: query + name: size + description: the number of items per page + required: false + schema: + type: integer + default: 100 + maximum: 1000 + minimum: 1 + - in: query + name: filter + description: filter by labels when multiple filters are present, they are ANDed + required: false + schema: + type: object + properties: + key: + type: string + value: + type: string + example: + label.k8s.kuma.io/namespace: my-ns + - in: path + name: mesh + schema: + type: string + required: true + description: name of the mesh + responses: + '200': + $ref: '#/components/responses/DataplaneList' + /meshes/{mesh}/dataplanes/{name}/_overview: + get: + operationId: getDataplaneOverview + parameters: + - in: path + name: mesh + required: true + description: The mesh of the DPP to get the diff for. + schema: + type: string + - in: path + name: name + required: true + description: The name of the DPP within the mesh to get the diff for. + schema: + type: string + responses: + '200': + $ref: '#/components/responses/GetDataplaneOverviewResponse' + '400': + $ref: '#/components/responses/BadRequest' + '500': + $ref: '#/components/responses/Internal' + /meshes/{mesh}/dataplanes/_overview: + get: + operationId: getDataplaneOverviewList + parameters: + - in: path + name: mesh + required: true + description: The mesh of the DPP to get the diff for. + schema: + type: string + responses: + '200': + $ref: '#/components/responses/GetDataplaneOverviewListResponse' + '400': + $ref: '#/components/responses/BadRequest' + '500': + $ref: '#/components/responses/Internal' + /meshes/{name}: + get: + operationId: getMesh + summary: Returns Mesh entity + tags: + - Mesh + parameters: + - in: path + name: name + schema: + type: string + required: true + description: name of the Mesh + responses: + '200': + $ref: '#/components/responses/MeshItem' + '404': + $ref: '#/components/responses/NotFound' + put: + operationId: putMesh + summary: Creates or Updates Mesh entity + tags: + - Mesh + parameters: + - in: path + name: name + schema: + type: string + required: true + description: name of the Mesh + requestBody: + description: Put request + required: true + content: + application/json: + schema: + $ref: '#/components/schemas/MeshItem' + responses: + '200': + description: Updated + content: + application/json: + schema: + $ref: '#/components/schemas/MeshCreateOrUpdateSuccessResponse' + '201': + description: Created + content: + application/json: + schema: + $ref: '#/components/schemas/MeshCreateOrUpdateSuccessResponse' + delete: + operationId: deleteMesh + summary: Deletes Mesh entity + tags: + - Mesh + parameters: + - in: path + name: name + schema: + type: string + required: true + description: name of the Mesh + responses: + '200': + content: + application/json: + schema: + $ref: '#/components/schemas/MeshDeleteSuccessResponse' + description: Successful response + '404': + $ref: '#/components/responses/NotFound' + /meshes: + get: + operationId: getMeshList + summary: Returns a list of Mesh in the mesh. + tags: + - Mesh + parameters: + - in: query + name: offset + description: offset in the list of entities + required: false + schema: + type: integer + example: 0 + - in: query + name: size + description: the number of items per page + required: false + schema: + type: integer + default: 100 + maximum: 1000 + minimum: 1 + - in: query + name: filter + description: filter by labels when multiple filters are present, they are ANDed + required: false + schema: + type: object + properties: + key: + type: string + value: + type: string + example: + label.k8s.kuma.io/namespace: my-ns + responses: + '200': + $ref: '#/components/responses/MeshList' + /meshes/{mesh}/meshgateways/{name}: + get: + operationId: getMeshGateway + summary: Returns MeshGateway entity + tags: + - MeshGateway + parameters: + - in: path + name: mesh + schema: + type: string + required: true + description: name of the mesh + - in: path + name: name + schema: + type: string + required: true + description: name of the MeshGateway + responses: + '200': + $ref: '#/components/responses/MeshGatewayItem' + '404': + $ref: '#/components/responses/NotFound' + put: + operationId: putMeshGateway + summary: Creates or Updates MeshGateway entity + tags: + - MeshGateway + parameters: + - in: path + name: mesh + schema: + type: string + required: true + description: name of the mesh + - in: path + name: name + schema: + type: string + required: true + description: name of the MeshGateway + requestBody: + description: Put request + required: true + content: + application/json: + schema: + $ref: '#/components/schemas/MeshGatewayItem' + responses: + '200': + description: Updated + content: + application/json: + schema: + $ref: '#/components/schemas/MeshGatewayCreateOrUpdateSuccessResponse' + '201': + description: Created + content: + application/json: + schema: + $ref: '#/components/schemas/MeshGatewayCreateOrUpdateSuccessResponse' + delete: + operationId: deleteMeshGateway + summary: Deletes MeshGateway entity + tags: + - MeshGateway + parameters: + - in: path + name: mesh + schema: + type: string + required: true + description: name of the mesh + - in: path + name: name + schema: + type: string + required: true + description: name of the MeshGateway + responses: + '200': + content: + application/json: + schema: + $ref: '#/components/schemas/MeshGatewayDeleteSuccessResponse' + description: Successful response + '404': + $ref: '#/components/responses/NotFound' + /meshes/{mesh}/meshgateways: + get: + operationId: getMeshGatewayList + summary: Returns a list of MeshGateway in the mesh. + tags: + - MeshGateway + parameters: + - in: query + name: offset + description: offset in the list of entities + required: false + schema: + type: integer + example: 0 + - in: query + name: size + description: the number of items per page + required: false + schema: + type: integer + default: 100 + maximum: 1000 + minimum: 1 + - in: query + name: filter + description: filter by labels when multiple filters are present, they are ANDed + required: false + schema: + type: object + properties: + key: + type: string + value: + type: string + example: + label.k8s.kuma.io/namespace: my-ns + - in: path + name: mesh + schema: + type: string + required: true + description: name of the mesh + responses: + '200': + $ref: '#/components/responses/MeshGatewayList' + /hostnamegenerators/{name}: + get: + operationId: getHostnameGenerator + summary: Returns HostnameGenerator entity + tags: + - HostnameGenerator + parameters: + - in: path + name: name + schema: + type: string + required: true + description: name of the HostnameGenerator + responses: + '200': + $ref: '#/components/responses/HostnameGeneratorItem' + '404': + $ref: '#/components/responses/NotFound' + put: + operationId: putHostnameGenerator + summary: Creates or Updates HostnameGenerator entity + tags: + - HostnameGenerator + parameters: + - in: path + name: name + schema: + type: string + required: true + description: name of the HostnameGenerator + requestBody: + description: Put request + required: true + content: + application/json: + schema: + $ref: '#/components/schemas/HostnameGeneratorItem' + responses: + '200': + description: Updated + content: + application/json: + schema: + $ref: >- + #/components/schemas/HostnameGeneratorCreateOrUpdateSuccessResponse + '201': + description: Created + content: + application/json: + schema: + $ref: >- + #/components/schemas/HostnameGeneratorCreateOrUpdateSuccessResponse + delete: + operationId: deleteHostnameGenerator + summary: Deletes HostnameGenerator entity + tags: + - HostnameGenerator + parameters: + - in: path + name: name + schema: + type: string + required: true + description: name of the HostnameGenerator + responses: + '200': + content: + application/json: + schema: + $ref: '#/components/schemas/HostnameGeneratorDeleteSuccessResponse' + description: Successful response + '404': + $ref: '#/components/responses/NotFound' + /hostnamegenerators: + get: + operationId: getHostnameGeneratorList + summary: Returns a list of HostnameGenerator in the mesh. + tags: + - HostnameGenerator + parameters: + - in: query + name: offset + description: offset in the list of entities + required: false + schema: + type: integer + example: 0 + - in: query + name: size + description: the number of items per page + required: false + schema: + type: integer + default: 100 + maximum: 1000 + minimum: 1 + - in: query + name: filter + description: filter by labels when multiple filters are present, they are ANDed + required: false + schema: + type: object + properties: + key: + type: string + value: + type: string + example: + label.k8s.kuma.io/namespace: my-ns + responses: + '200': + $ref: '#/components/responses/HostnameGeneratorList' + /meshes/{mesh}/meshexternalservices/{name}: + get: + operationId: getMeshExternalService + summary: Returns MeshExternalService entity + tags: + - MeshExternalService + parameters: + - in: path + name: mesh + schema: + type: string + required: true + description: name of the mesh + - in: path + name: name + schema: + type: string + required: true + description: name of the MeshExternalService + responses: + '200': + $ref: '#/components/responses/MeshExternalServiceItem' + '404': + $ref: '#/components/responses/NotFound' + put: + operationId: putMeshExternalService + summary: Creates or Updates MeshExternalService entity + tags: + - MeshExternalService + parameters: + - in: path + name: mesh + schema: + type: string + required: true + description: name of the mesh + - in: path + name: name + schema: + type: string + required: true + description: name of the MeshExternalService + requestBody: + description: Put request + required: true + content: + application/json: + schema: + $ref: '#/components/schemas/MeshExternalServiceItem' + responses: + '200': + description: Updated + content: + application/json: + schema: + $ref: >- + #/components/schemas/MeshExternalServiceCreateOrUpdateSuccessResponse + '201': + description: Created + content: + application/json: + schema: + $ref: >- + #/components/schemas/MeshExternalServiceCreateOrUpdateSuccessResponse + delete: + operationId: deleteMeshExternalService + summary: Deletes MeshExternalService entity + tags: + - MeshExternalService + parameters: + - in: path + name: mesh + schema: + type: string + required: true + description: name of the mesh + - in: path + name: name + schema: + type: string + required: true + description: name of the MeshExternalService + responses: + '200': + content: + application/json: + schema: + $ref: '#/components/schemas/MeshExternalServiceDeleteSuccessResponse' + description: Successful response + '404': + $ref: '#/components/responses/NotFound' + /meshes/{mesh}/meshexternalservices: + get: + operationId: getMeshExternalServiceList + summary: Returns a list of MeshExternalService in the mesh. + tags: + - MeshExternalService + parameters: + - in: query + name: offset + description: offset in the list of entities + required: false + schema: + type: integer + example: 0 + - in: query + name: size + description: the number of items per page + required: false + schema: + type: integer + default: 100 + maximum: 1000 + minimum: 1 + - in: query + name: filter + description: filter by labels when multiple filters are present, they are ANDed + required: false + schema: + type: object + properties: + key: + type: string + value: + type: string + example: + label.k8s.kuma.io/namespace: my-ns + - in: path + name: mesh + schema: + type: string + required: true + description: name of the mesh + responses: + '200': + $ref: '#/components/responses/MeshExternalServiceList' + /meshes/{mesh}/meshmultizoneservices/{name}: + get: + operationId: getMeshMultiZoneService + summary: Returns MeshMultiZoneService entity + tags: + - MeshMultiZoneService + parameters: + - in: path + name: mesh + schema: + type: string + required: true + description: name of the mesh + - in: path + name: name + schema: + type: string + required: true + description: name of the MeshMultiZoneService + responses: + '200': + $ref: '#/components/responses/MeshMultiZoneServiceItem' + '404': + $ref: '#/components/responses/NotFound' + put: + operationId: putMeshMultiZoneService + summary: Creates or Updates MeshMultiZoneService entity + tags: + - MeshMultiZoneService + parameters: + - in: path + name: mesh + schema: + type: string + required: true + description: name of the mesh + - in: path + name: name + schema: + type: string + required: true + description: name of the MeshMultiZoneService + requestBody: + description: Put request + required: true + content: + application/json: + schema: + $ref: '#/components/schemas/MeshMultiZoneServiceItem' + responses: + '200': + description: Updated + content: + application/json: + schema: + $ref: >- + #/components/schemas/MeshMultiZoneServiceCreateOrUpdateSuccessResponse + '201': + description: Created + content: + application/json: + schema: + $ref: >- + #/components/schemas/MeshMultiZoneServiceCreateOrUpdateSuccessResponse + delete: + operationId: deleteMeshMultiZoneService + summary: Deletes MeshMultiZoneService entity + tags: + - MeshMultiZoneService + parameters: + - in: path + name: mesh + schema: + type: string + required: true + description: name of the mesh + - in: path + name: name + schema: + type: string + required: true + description: name of the MeshMultiZoneService + responses: + '200': + content: + application/json: + schema: + $ref: '#/components/schemas/MeshMultiZoneServiceDeleteSuccessResponse' + description: Successful response + '404': + $ref: '#/components/responses/NotFound' + /meshes/{mesh}/meshmultizoneservices: + get: + operationId: getMeshMultiZoneServiceList + summary: Returns a list of MeshMultiZoneService in the mesh. + tags: + - MeshMultiZoneService + parameters: + - in: query + name: offset + description: offset in the list of entities + required: false + schema: + type: integer + example: 0 + - in: query + name: size + description: the number of items per page + required: false + schema: + type: integer + default: 100 + maximum: 1000 + minimum: 1 + - in: query + name: filter + description: filter by labels when multiple filters are present, they are ANDed + required: false + schema: + type: object + properties: + key: + type: string + value: + type: string + example: + label.k8s.kuma.io/namespace: my-ns + - in: path + name: mesh + schema: + type: string + required: true + description: name of the mesh + responses: + '200': + $ref: '#/components/responses/MeshMultiZoneServiceList' + /meshes/{mesh}/meshservices/{name}: + get: + operationId: getMeshService + summary: Returns MeshService entity + tags: + - MeshService + parameters: + - in: path + name: mesh + schema: + type: string + required: true + description: name of the mesh + - in: path + name: name + schema: + type: string + required: true + description: name of the MeshService + responses: + '200': + $ref: '#/components/responses/MeshServiceItem' + '404': + $ref: '#/components/responses/NotFound' + put: + operationId: putMeshService + summary: Creates or Updates MeshService entity + tags: + - MeshService + parameters: + - in: path + name: mesh + schema: + type: string + required: true + description: name of the mesh + - in: path + name: name + schema: + type: string + required: true + description: name of the MeshService + requestBody: + description: Put request + required: true + content: + application/json: + schema: + $ref: '#/components/schemas/MeshServiceItem' + responses: + '200': + description: Updated + content: + application/json: + schema: + $ref: '#/components/schemas/MeshServiceCreateOrUpdateSuccessResponse' + '201': + description: Created + content: + application/json: + schema: + $ref: '#/components/schemas/MeshServiceCreateOrUpdateSuccessResponse' + delete: + operationId: deleteMeshService + summary: Deletes MeshService entity + tags: + - MeshService + parameters: + - in: path + name: mesh + schema: + type: string + required: true + description: name of the mesh + - in: path + name: name + schema: + type: string + required: true + description: name of the MeshService + responses: + '200': + content: + application/json: + schema: + $ref: '#/components/schemas/MeshServiceDeleteSuccessResponse' + description: Successful response + '404': + $ref: '#/components/responses/NotFound' + /meshes/{mesh}/meshservices: + get: + operationId: getMeshServiceList + summary: Returns a list of MeshService in the mesh. + tags: + - MeshService + parameters: + - in: query + name: offset + description: offset in the list of entities + required: false + schema: + type: integer + example: 0 + - in: query + name: size + description: the number of items per page + required: false + schema: + type: integer + default: 100 + maximum: 1000 + minimum: 1 + - in: query + name: filter + description: filter by labels when multiple filters are present, they are ANDed + required: false + schema: + type: object + properties: + key: + type: string + value: + type: string + example: + label.k8s.kuma.io/namespace: my-ns + - in: path + name: mesh + schema: + type: string + required: true + description: name of the mesh + responses: + '200': + $ref: '#/components/responses/MeshServiceList' +components: + securitySchemes: + BasicAuth: + type: http + scheme: basic + BearerAuth: + type: http + scheme: bearer + schemas: + Index: + type: object + title: Index + description: Some metadata about the service + required: + - hostname + - product + - version + - instanceId + - clusterId + - gui + properties: + hostname: + type: string + product: + type: string + description: The product line (Kuma for OSS, different for other distributions) + version: + type: string + description: The semantic version of the server running + instanceId: + type: string + description: A unique id to identify the instance requested + clusterId: + type: string + description: A unique id to identify the cluster being connected to + gui: + type: string + description: The path to the GUI + basedOnKuma: + type: string + description: >- + In case of an alternative distribution of Kuma the Kuma version this + release is based on + ResourceTypeDescriptionList: + type: object + title: ResourceTypeDescriptionList + description: A list of all resources install + required: + - resources + properties: + resources: + type: array + items: + $ref: '#/components/schemas/ResourceTypeDescription' + InspectDataplanesForPolicy: + type: object + title: InspectDataplanesForPolicy + description: A list of proxies + required: + - total + - items + properties: + total: + type: integer + example: 200 + next: + type: string + items: + type: array + items: + $ref: '#/components/schemas/Meta' + DataplaneXDSConfig: + type: object + title: DataplaneXDSConfig + required: + - xds + properties: + xds: + description: The raw XDS config as an inline JSON object + type: object + diff: + description: > + Contains a diff in a JSONPatch format between the XDS config + returned in 'xds' and the current proxy XDS config. + + By default, the field is empty. To include the diff in the response, + use the `include=diff` query parameter. + type: array + items: + $ref: '#/components/schemas/JsonPatchItem' + InspectRules: + type: object + title: InspectRules + description: A list of rules for a dataplane + required: + - rules + - resource + - httpMatches + properties: + resource: + $ref: '#/components/schemas/Meta' + rules: + type: array + items: + $ref: '#/components/schemas/InspectRule' + httpMatches: + type: array + items: + $ref: '#/components/schemas/HttpMatch' + BaseStatus: + type: object + title: Status + required: + - online + - total + properties: + online: + type: integer + example: 10 + total: + type: integer + example: 30 + FullStatus: + allOf: + - $ref: '#/components/schemas/BaseStatus' + - type: object + required: + - offline + - partiallyDegraded + properties: + offline: + type: integer + example: 15 + partiallyDegraded: + type: integer + example: 5 + ServicesStats: + type: object + title: ServicesStats + description: Services statistics + required: + - total + - internal + - external + - gatewayBuiltin + - gatewayDelegated + properties: + internal: + description: Internal services statistics + allOf: + - $ref: '#/components/schemas/FullStatus' + external: + type: object + description: External services statistics + required: + - total + properties: + total: + type: integer + example: 5 + gatewayBuiltin: + description: Builtin Gateway services statistics + allOf: + - $ref: '#/components/schemas/FullStatus' + gatewayDelegated: + description: Delegated Gateway services statistics + allOf: + - $ref: '#/components/schemas/FullStatus' + ZonesStats: + type: object + title: Zones Stats + description: Zone statistics + required: + - controlPlanes + - zoneEgresses + - zoneIngresses + properties: + controlPlanes: + description: Control Planes statistics + allOf: + - $ref: '#/components/schemas/BaseStatus' + zoneEgresses: + description: Zone Egresses statistics + allOf: + - $ref: '#/components/schemas/BaseStatus' + zoneIngresses: + description: Zone Ingresses statistics + allOf: + - $ref: '#/components/schemas/BaseStatus' + DataplanesStats: + type: object + title: Dataplanes Stats + description: Dataplanes statistics + required: + - standard + - gatewayBuiltin + - gatewayDelegated + properties: + standard: + description: Standard dataplane proxy statistics + allOf: + - $ref: '#/components/schemas/FullStatus' + gatewayBuiltin: + description: Builtin Gateway dataplane proxy statistics + allOf: + - $ref: '#/components/schemas/FullStatus' + gatewayDelegated: + description: Delegated Gateway dataplane proxy statistics + allOf: + - $ref: '#/components/schemas/FullStatus' + PoliciesStats: + type: object + title: Policies Stats + description: Policies statistics + required: + - total + properties: + total: + type: integer + description: Number of policies + example: 30 + ResourceStats: + type: object + title: Resource Stats + description: Resource statistics + required: + - total + properties: + total: + type: integer + description: Number of resources + example: 30 + MeshesStats: + type: object + title: Meshes Stats + description: Mesh statistics + required: + - total + properties: + total: + type: integer + description: Number of meshes + example: 3 + schemas-GlobalInsight: + type: object + title: GlobalInsight + description: Global Insight contains statistics for all main resources + required: + - createdAt + - services + - zones + - dataplanes + - policies + - meshes + - resources + properties: + createdAt: + type: string + description: Time of Global Insight creation + format: date-time + example: '2023-01-11T02:30:42.227Z' + services: + description: Mesh services statistics + allOf: + - $ref: '#/components/schemas/ServicesStats' + zones: + description: Zones statistics + allOf: + - $ref: '#/components/schemas/ZonesStats' + dataplanes: + description: Dataplane proxy statistics + allOf: + - $ref: '#/components/schemas/DataplanesStats' + policies: + description: Policies statistics + allOf: + - $ref: '#/components/schemas/PoliciesStats' + meshes: + description: Mesh statistics + allOf: + - $ref: '#/components/schemas/MeshesStats' + resources: + type: object + additionalProperties: + $ref: '#/components/schemas/ResourceStats' + description: A map of resource names to their corresponding statistics + GlobalInsight: + allOf: + - $ref: '#/components/schemas/schemas-GlobalInsight' + InspectHostnames: + type: object + title: InspectHostnames + description: A list of hostnames + required: + - total + - items + properties: + total: + type: integer + example: 200 + items: + type: array + items: + $ref: '#/components/schemas/InspectHostname' + InspectHostname: + type: object + title: InspectHostname + description: An supported hostname along with the zones it exists in + required: + - hostname + - zones + properties: + hostname: + type: string + description: Generated hostname + example: redis.redis-system.svc.east.mesh.local + zones: + type: array + items: + $ref: '#/components/schemas/InspectHostnameZone' + InspectHostnameZone: + type: object + title: InspectHostnameZone + description: A name of the zone in which the hostname is available + required: + - name + properties: + name: + type: string + example: east + InvalidParameters: + type: object + title: Invalid Parameters + properties: + field: + type: string + reason: + type: string + rule: + type: string + choices: + type: array + items: + type: string + Error: + type: object + title: Error + description: standard error + x-examples: + Example 1: + status: 404 + title: Not Found + type: https://kongapi.info/konnect/not-found + instance: portal:trace:2287285207635123011 + detail: The requested document was not found + required: + - status + - title + - instance + properties: + status: + type: integer + description: The HTTP status code. + example: 404 + title: + type: string + description: The error response code. + example: Not Found + type: + type: string + description: The error type. + example: Not Found + instance: + type: string + example: portal:trace:2287285207635123011 + description: The portal traceback code + detail: + type: string + example: The requested team was not found + description: Details about the error. + invalid_parameters: + type: array + description: TODO + items: + $ref: '#/components/schemas/InvalidParameters' + PolicyDescription: + type: object + required: + - hasToTargetRef + - hasFromTargetRef + - isTargetRef + - isFromAsRules + description: information about a policy + properties: + isTargetRef: + description: whether this policy uses targetRef matching + type: boolean + hasToTargetRef: + description: indicates that this policy can be used as an outbound policy + type: boolean + hasFromTargetRef: + description: indicates that this policy can be used as an inbound policy + type: boolean + isFromAsRules: + description: >- + If set to `true`, performs a backward compatibility conversion from + the deprecated 'from' array to the new 'rules' array. This ensures + older policies remain functional under the updated schema. + type: boolean + ResourceTypeDescription: + description: >- + Description of a resource type, this is useful for dynamically generated + clients and the gui + type: object + required: + - name + - scope + - readOnly + - path + - singularDisplayName + - pluralDisplayName + - includeInFederation + properties: + name: + description: the name of the resource type + type: string + scope: + type: string + enum: + - Global + - Mesh + readOnly: + type: boolean + path: + description: >- + the path to use for accessing this resource. If scope is `Global` + then it will be `/` otherwise it will be `/meshes/` + type: string + singularDisplayName: + type: string + pluralDisplayName: + type: string + includeInFederation: + description: >- + description resources of this type should be included in + federetion-with-policies export profile (especially useful for + moving from non-federated to federated or migrating to a new + global). + type: boolean + policy: + $ref: '#/components/schemas/PolicyDescription' + Meta: + type: object + required: + - type + - mesh + - name + - labels + properties: + type: + type: string + example: Dataplane + description: the type of this resource + mesh: + type: string + example: default + description: the mesh this resource is part of + name: + type: string + example: my-resource + description: the name of the resource + labels: + type: object + additionalProperties: + type: string + example: + k8s.kuma.io/namespace: kuma-system + kuma.io/display-name: mtp + kuma.io/mesh: default + kuma.io/origin: zone + description: the label of the resource + ProxyRule: + description: a rule that affects the entire proxy + type: object + required: + - conf + - origin + properties: + conf: + description: The actual conf generated + type: object + additionalProperties: true + x-go-type: interface{} + origin: + type: array + items: + $ref: '#/components/schemas/Meta' + RuleMatcher: + type: object + required: + - key + - value + - not + description: A matcher to select which traffic this conf applies to + properties: + key: + type: string + description: the key to match against + example: kuma.io/service + value: + type: string + description: the value for the key to match against + example: my-cool-service + not: + type: boolean + description: whether we check on the absence of this key:value pair + Rule: + type: object + required: + - matchers + - conf + - origin + properties: + matchers: + type: array + items: + $ref: '#/components/schemas/RuleMatcher' + conf: + description: The actual conf generated + type: object + additionalProperties: true + x-go-type: interface{} + origin: + type: array + items: + $ref: '#/components/schemas/Meta' + ResourceRuleOrigin: + type: object + properties: + resourceMeta: + $ref: '#/components/schemas/Meta' + ruleIndex: + description: index of the to-item in the policy + type: integer + ResourceRule: + type: object + required: + - resourceMeta + - conf + - origin + properties: + resourceMeta: + $ref: '#/components/schemas/Meta' + resourceSectionName: + type: string + conf: + description: The actual conf generated + type: array + items: + type: object + additionalProperties: true + x-go-type: interface{} + origin: + type: array + description: >- + The list of policies that contributed to the 'conf'. The order is + important as it reflects in what order confs were merged to get the + resulting 'conf'. + items: + $ref: '#/components/schemas/ResourceRuleOrigin' + Inbound: + type: object + required: + - tags + - port + properties: + name: + type: string + tags: + type: object + additionalProperties: + type: string + x-go-type: map[string]string + port: + type: integer + FromRule: + type: object + required: + - rules + - inbound + properties: + inbound: + $ref: '#/components/schemas/Inbound' + rules: + type: array + items: + $ref: '#/components/schemas/Rule' + InboundRule: + type: object + required: + - conf + - origin + properties: + conf: + description: >- + The final computed configuration for the data plane proxy, derived + by merging all policies whose 'targetRef' field matches the proxy. + The merging process follows [RFC 7396 (JSON Merge + Patch)](https://datatracker.ietf.org/doc/html/rfc7396), with the + order of merging influenced by factors such as where the policy was + applied (e.g., custom namespace, system, or global control plane), + policy role, and targetRef specificity. + type: array + items: + type: object + additionalProperties: true + x-go-type: interface{} + origin: + type: array + description: >- + The list of policies that contributed to the 'conf'. The order is + important as it reflects in what order confs were merged to get the + resulting 'conf'. + items: + $ref: '#/components/schemas/ResourceRuleOrigin' + InboundRulesEntry: + type: object + required: + - inbound + - rules + properties: + inbound: + $ref: '#/components/schemas/Inbound' + rules: + type: array + description: >- + The 'rules' field is an array to allow for future expansion when + 'matches' conditions are added. Currently, it contains a single + item. + items: + $ref: '#/components/schemas/InboundRule' + InspectRule: + type: object + required: + - type + properties: + type: + type: string + example: MeshRetry + description: the type of the policy + proxyRule: + $ref: '#/components/schemas/ProxyRule' + toRules: + type: array + description: >- + a set of rules for the outbounds of this proxy. The field is not set + when 'meshService.mode' on Mesh is set to 'Exclusive'. + items: + $ref: '#/components/schemas/Rule' + toResourceRules: + type: array + description: >- + a set of rules for the outbounds produced by real resources (i.e + MeshService, MeshExternalService, MeshMultiZoneService). + items: + $ref: '#/components/schemas/ResourceRule' + fromRules: + type: array + description: a set of rules for each inbound of this proxy + items: + $ref: '#/components/schemas/FromRule' + inboundRules: + type: array + description: >- + a set of rules for each inbound port of the proxy. When the policy + descriptor has 'isFromAsRules' set to true, this field supersedes + 'fromRules' and should be used instead. + items: + $ref: '#/components/schemas/InboundRulesEntry' + warnings: + type: array + description: a set of warnings to show in policy matching + example: + - Mesh is not Mtls enabled this policy will have no effect + items: + type: string + HttpMatch: + type: object + required: + - hash + - match + properties: + hash: + type: string + match: + type: object + x-go-type: interface{} + JsonPatchItem: + type: object + required: + - op + - path + - value + properties: + op: + type: string + description: Operation to be performed. + enum: + - add + - remove + - test + path: + type: string + description: >- + A JSON Pointer path indicating the part of the document to operate + on. + value: + description: The value to be used within the operations. + NotFoundError: + allOf: + - $ref: '#/components/schemas/Error' + - type: object + properties: + status: + example: 404 + title: + example: Not Found + type: + example: https://httpstatuses.com/404 + instance: + example: kong:trace:1234567890 + detail: + example: Not found + MeshAccessLogItem: + type: object + required: + - type + - name + - spec + properties: + type: + description: the type of the resource + type: string + enum: + - MeshAccessLog + mesh: + description: >- + Mesh is the name of the Kuma mesh this resource belongs to. It may + be omitted for cluster-scoped resources. + type: string + default: default + name: + description: Name of the Kuma resource + type: string + labels: + additionalProperties: + type: string + description: The labels to help identity resources + type: object + spec: + description: Spec is the specification of the Kuma MeshAccessLog resource. + properties: + from: + description: >- + From list makes a match between clients and corresponding + configurations + items: + properties: + default: + description: >- + Default is a configuration specific to the group of + clients referenced in + + 'targetRef' + properties: + backends: + items: + properties: + file: + description: >- + FileBackend defines configuration for file based + access logs + properties: + format: + description: >- + Format of access logs. Placeholders + available on + + https://www.envoyproxy.io/docs/envoy/latest/configuration/observability/access_log/usage#command-operators + properties: + json: + example: + - key: start_time + value: '%START_TIME%' + - key: bytes_received + value: '%BYTES_RECEIVED%' + items: + properties: + key: + type: string + value: + type: string + required: + - key + - value + type: object + type: array + omitEmptyValues: + default: false + type: boolean + plain: + example: >- + [%START_TIME%] %KUMA_MESH% + %UPSTREAM_HOST% + type: string + type: + enum: + - Plain + - Json + type: string + required: + - type + type: object + path: + description: Path to a file that logs will be written to + example: /tmp/access.log + minLength: 1 + type: string + required: + - path + type: object + openTelemetry: + description: Defines an OpenTelemetry logging backend. + properties: + attributes: + description: >- + Attributes can contain placeholders + available on + + https://www.envoyproxy.io/docs/envoy/latest/configuration/observability/access_log/usage#command-operators + example: + - key: mesh + value: '%KUMA_MESH%' + items: + properties: + key: + type: string + value: + type: string + required: + - key + - value + type: object + type: array + body: + description: >- + Body is a raw string or an OTLP any value as + described at + + https://github.com/open-telemetry/opentelemetry-specification/blob/main/specification/logs/data-model.md#field-body + + It can contain placeholders available on + + https://www.envoyproxy.io/docs/envoy/latest/configuration/observability/access_log/usage#command-operators + example: + kvlistValue: + values: + - key: mesh + value: + stringValue: '%KUMA_MESH%' + x-kubernetes-preserve-unknown-fields: true + endpoint: + description: >- + Endpoint of OpenTelemetry collector. An + empty port defaults to 4317. + example: otel-collector:4317 + minLength: 1 + type: string + required: + - endpoint + type: object + tcp: + description: TCPBackend defines a TCP logging backend. + properties: + address: + description: Address of the TCP logging backend + example: 127.0.0.1:5000 + minLength: 1 + type: string + format: + description: >- + Format of access logs. Placeholders + available on + + https://www.envoyproxy.io/docs/envoy/latest/configuration/observability/access_log/usage#command-operators + properties: + json: + example: + - key: start_time + value: '%START_TIME%' + - key: bytes_received + value: '%BYTES_RECEIVED%' + items: + properties: + key: + type: string + value: + type: string + required: + - key + - value + type: object + type: array + omitEmptyValues: + default: false + type: boolean + plain: + example: >- + [%START_TIME%] %KUMA_MESH% + %UPSTREAM_HOST% + type: string + type: + enum: + - Plain + - Json + type: string + required: + - type + type: object + required: + - address + type: object + type: + enum: + - Tcp + - File + - OpenTelemetry + type: string + required: + - type + type: object + type: array + type: object + targetRef: + description: >- + TargetRef is a reference to the resource that represents a + group of + + clients. + properties: + kind: + description: Kind of the referenced resource + enum: + - Mesh + - MeshSubset + - MeshGateway + - MeshService + - MeshExternalService + - MeshMultiZoneService + - MeshServiceSubset + - MeshHTTPRoute + - Dataplane + type: string + labels: + additionalProperties: + type: string + description: >- + Labels are used to select group of MeshServices that + match labels. Either Labels or + + Name and Namespace can be used. + type: object + mesh: + description: >- + Mesh is reserved for future use to identify cross mesh + resources. + type: string + name: + description: >- + Name of the referenced resource. Can only be used with + kinds: `MeshService`, + + `MeshServiceSubset` and `MeshGatewayRoute` + type: string + namespace: + description: >- + Namespace specifies the namespace of target resource. + If empty only resources in policy namespace + + will be targeted. + type: string + proxyTypes: + description: >- + ProxyTypes specifies the data plane types that are + subject to the policy. When not specified, + + all data plane types are targeted by the policy. + items: + enum: + - Sidecar + - Gateway + type: string + type: array + sectionName: + description: >- + SectionName is used to target specific section of + resource. + + For example, you can target port from + MeshService.ports[] by its name. Only traffic to this + port will be affected. + type: string + tags: + additionalProperties: + type: string + description: >- + Tags used to select a subset of proxies by tags. Can + only be used with kinds + + `MeshSubset` and `MeshServiceSubset` + type: object + required: + - kind + type: object + required: + - default + - targetRef + type: object + type: array + rules: + description: >- + Rules defines inbound access log configurations. Currently + limited to + + selecting all inbound traffic, as L7 matching is not yet + implemented. + items: + properties: + default: + description: >- + Default contains configuration of the inbound access + logging + properties: + backends: + items: + properties: + file: + description: >- + FileBackend defines configuration for file based + access logs + properties: + format: + description: >- + Format of access logs. Placeholders + available on + + https://www.envoyproxy.io/docs/envoy/latest/configuration/observability/access_log/usage#command-operators + properties: + json: + example: + - key: start_time + value: '%START_TIME%' + - key: bytes_received + value: '%BYTES_RECEIVED%' + items: + properties: + key: + type: string + value: + type: string + required: + - key + - value + type: object + type: array + omitEmptyValues: + default: false + type: boolean + plain: + example: >- + [%START_TIME%] %KUMA_MESH% + %UPSTREAM_HOST% + type: string + type: + enum: + - Plain + - Json + type: string + required: + - type + type: object + path: + description: Path to a file that logs will be written to + example: /tmp/access.log + minLength: 1 + type: string + required: + - path + type: object + openTelemetry: + description: Defines an OpenTelemetry logging backend. + properties: + attributes: + description: >- + Attributes can contain placeholders + available on + + https://www.envoyproxy.io/docs/envoy/latest/configuration/observability/access_log/usage#command-operators + example: + - key: mesh + value: '%KUMA_MESH%' + items: + properties: + key: + type: string + value: + type: string + required: + - key + - value + type: object + type: array + body: + description: >- + Body is a raw string or an OTLP any value as + described at + + https://github.com/open-telemetry/opentelemetry-specification/blob/main/specification/logs/data-model.md#field-body + + It can contain placeholders available on + + https://www.envoyproxy.io/docs/envoy/latest/configuration/observability/access_log/usage#command-operators + example: + kvlistValue: + values: + - key: mesh + value: + stringValue: '%KUMA_MESH%' + x-kubernetes-preserve-unknown-fields: true + endpoint: + description: >- + Endpoint of OpenTelemetry collector. An + empty port defaults to 4317. + example: otel-collector:4317 + minLength: 1 + type: string + required: + - endpoint + type: object + tcp: + description: TCPBackend defines a TCP logging backend. + properties: + address: + description: Address of the TCP logging backend + example: 127.0.0.1:5000 + minLength: 1 + type: string + format: + description: >- + Format of access logs. Placeholders + available on + + https://www.envoyproxy.io/docs/envoy/latest/configuration/observability/access_log/usage#command-operators + properties: + json: + example: + - key: start_time + value: '%START_TIME%' + - key: bytes_received + value: '%BYTES_RECEIVED%' + items: + properties: + key: + type: string + value: + type: string + required: + - key + - value + type: object + type: array + omitEmptyValues: + default: false + type: boolean + plain: + example: >- + [%START_TIME%] %KUMA_MESH% + %UPSTREAM_HOST% + type: string + type: + enum: + - Plain + - Json + type: string + required: + - type + type: object + required: + - address + type: object + type: + enum: + - Tcp + - File + - OpenTelemetry + type: string + required: + - type + type: object + type: array + type: object + required: + - default + type: object + type: array + targetRef: + description: >- + TargetRef is a reference to the resource the policy takes an + effect on. + + The resource could be either a real store object or virtual + resource + + defined in-place. + properties: + kind: + description: Kind of the referenced resource + enum: + - Mesh + - MeshSubset + - MeshGateway + - MeshService + - MeshExternalService + - MeshMultiZoneService + - MeshServiceSubset + - MeshHTTPRoute + - Dataplane + type: string + labels: + additionalProperties: + type: string + description: >- + Labels are used to select group of MeshServices that match + labels. Either Labels or + + Name and Namespace can be used. + type: object + mesh: + description: >- + Mesh is reserved for future use to identify cross mesh + resources. + type: string + name: + description: >- + Name of the referenced resource. Can only be used with + kinds: `MeshService`, + + `MeshServiceSubset` and `MeshGatewayRoute` + type: string + namespace: + description: >- + Namespace specifies the namespace of target resource. If + empty only resources in policy namespace + + will be targeted. + type: string + proxyTypes: + description: >- + ProxyTypes specifies the data plane types that are subject + to the policy. When not specified, + + all data plane types are targeted by the policy. + items: + enum: + - Sidecar + - Gateway + type: string + type: array + sectionName: + description: >- + SectionName is used to target specific section of resource. + + For example, you can target port from MeshService.ports[] by + its name. Only traffic to this port will be affected. + type: string + tags: + additionalProperties: + type: string + description: >- + Tags used to select a subset of proxies by tags. Can only be + used with kinds + + `MeshSubset` and `MeshServiceSubset` + type: object + required: + - kind + type: object + to: + description: >- + To list makes a match between the consumed services and + corresponding configurations + items: + properties: + default: + description: >- + Default is a configuration specific to the group of + destinations referenced in + + 'targetRef' + properties: + backends: + items: + properties: + file: + description: >- + FileBackend defines configuration for file based + access logs + properties: + format: + description: >- + Format of access logs. Placeholders + available on + + https://www.envoyproxy.io/docs/envoy/latest/configuration/observability/access_log/usage#command-operators + properties: + json: + example: + - key: start_time + value: '%START_TIME%' + - key: bytes_received + value: '%BYTES_RECEIVED%' + items: + properties: + key: + type: string + value: + type: string + required: + - key + - value + type: object + type: array + omitEmptyValues: + default: false + type: boolean + plain: + example: >- + [%START_TIME%] %KUMA_MESH% + %UPSTREAM_HOST% + type: string + type: + enum: + - Plain + - Json + type: string + required: + - type + type: object + path: + description: Path to a file that logs will be written to + example: /tmp/access.log + minLength: 1 + type: string + required: + - path + type: object + openTelemetry: + description: Defines an OpenTelemetry logging backend. + properties: + attributes: + description: >- + Attributes can contain placeholders + available on + + https://www.envoyproxy.io/docs/envoy/latest/configuration/observability/access_log/usage#command-operators + example: + - key: mesh + value: '%KUMA_MESH%' + items: + properties: + key: + type: string + value: + type: string + required: + - key + - value + type: object + type: array + body: + description: >- + Body is a raw string or an OTLP any value as + described at + + https://github.com/open-telemetry/opentelemetry-specification/blob/main/specification/logs/data-model.md#field-body + + It can contain placeholders available on + + https://www.envoyproxy.io/docs/envoy/latest/configuration/observability/access_log/usage#command-operators + example: + kvlistValue: + values: + - key: mesh + value: + stringValue: '%KUMA_MESH%' + x-kubernetes-preserve-unknown-fields: true + endpoint: + description: >- + Endpoint of OpenTelemetry collector. An + empty port defaults to 4317. + example: otel-collector:4317 + minLength: 1 + type: string + required: + - endpoint + type: object + tcp: + description: TCPBackend defines a TCP logging backend. + properties: + address: + description: Address of the TCP logging backend + example: 127.0.0.1:5000 + minLength: 1 + type: string + format: + description: >- + Format of access logs. Placeholders + available on + + https://www.envoyproxy.io/docs/envoy/latest/configuration/observability/access_log/usage#command-operators + properties: + json: + example: + - key: start_time + value: '%START_TIME%' + - key: bytes_received + value: '%BYTES_RECEIVED%' + items: + properties: + key: + type: string + value: + type: string + required: + - key + - value + type: object + type: array + omitEmptyValues: + default: false + type: boolean + plain: + example: >- + [%START_TIME%] %KUMA_MESH% + %UPSTREAM_HOST% + type: string + type: + enum: + - Plain + - Json + type: string + required: + - type + type: object + required: + - address + type: object + type: + enum: + - Tcp + - File + - OpenTelemetry + type: string + required: + - type + type: object + type: array + type: object + targetRef: + description: >- + TargetRef is a reference to the resource that represents a + group of + + destinations. + properties: + kind: + description: Kind of the referenced resource + enum: + - Mesh + - MeshSubset + - MeshGateway + - MeshService + - MeshExternalService + - MeshMultiZoneService + - MeshServiceSubset + - MeshHTTPRoute + - Dataplane + type: string + labels: + additionalProperties: + type: string + description: >- + Labels are used to select group of MeshServices that + match labels. Either Labels or + + Name and Namespace can be used. + type: object + mesh: + description: >- + Mesh is reserved for future use to identify cross mesh + resources. + type: string + name: + description: >- + Name of the referenced resource. Can only be used with + kinds: `MeshService`, + + `MeshServiceSubset` and `MeshGatewayRoute` + type: string + namespace: + description: >- + Namespace specifies the namespace of target resource. + If empty only resources in policy namespace + + will be targeted. + type: string + proxyTypes: + description: >- + ProxyTypes specifies the data plane types that are + subject to the policy. When not specified, + + all data plane types are targeted by the policy. + items: + enum: + - Sidecar + - Gateway + type: string + type: array + sectionName: + description: >- + SectionName is used to target specific section of + resource. + + For example, you can target port from + MeshService.ports[] by its name. Only traffic to this + port will be affected. + type: string + tags: + additionalProperties: + type: string + description: >- + Tags used to select a subset of proxies by tags. Can + only be used with kinds + + `MeshSubset` and `MeshServiceSubset` + type: object + required: + - kind + type: object + required: + - default + - targetRef + type: object + type: array + type: object + creationTime: + readOnly: true + type: string + description: Time at which the resource was created + format: date-time + example: '0001-01-01T00:00:00Z' + modificationTime: + readOnly: true + type: string + description: Time at which the resource was updated + format: date-time + example: '0001-01-01T00:00:00Z' + MeshAccessLogCreateOrUpdateSuccessResponse: + type: object + properties: + warnings: + type: array + readOnly: true + description: > + warnings is a list of warning messages to return to the requesting + Kuma API clients. + + Warning messages describe a problem the client making the API + request should correct or be aware of. + items: + type: string + MeshAccessLogDeleteSuccessResponse: + type: object + properties: {} + MeshCircuitBreakerItem: + type: object + required: + - type + - name + - spec + properties: + type: + description: the type of the resource + type: string + enum: + - MeshCircuitBreaker + mesh: + description: >- + Mesh is the name of the Kuma mesh this resource belongs to. It may + be omitted for cluster-scoped resources. + type: string + default: default + name: + description: Name of the Kuma resource + type: string + labels: + additionalProperties: + type: string + description: The labels to help identity resources + type: object + spec: + description: Spec is the specification of the Kuma MeshCircuitBreaker resource. + properties: + from: + description: >- + From list makes a match between clients and corresponding + configurations + items: + properties: + default: + description: >- + Default is a configuration specific to the group of + destinations + + referenced in 'targetRef' + properties: + connectionLimits: + description: >- + ConnectionLimits contains configuration of each + circuit breaking limit, + + which when exceeded makes the circuit breaker to + become open (no traffic + + is allowed like no current is allowed in the circuits + when physical + + circuit breaker ir open) + properties: + maxConnectionPools: + description: >- + The maximum number of connection pools per cluster + that are concurrently + + supported at once. Set this for clusters which + create a large number of + + connection pools. + format: int32 + type: integer + maxConnections: + description: >- + The maximum number of connections allowed to be + made to the upstream + + cluster. + format: int32 + type: integer + maxPendingRequests: + description: >- + The maximum number of pending requests that are + allowed to the upstream + + cluster. This limit is applied as a connection + limit for non-HTTP + + traffic. + format: int32 + type: integer + maxRequests: + description: >- + The maximum number of parallel requests that are + allowed to be made + + to the upstream cluster. This limit does not apply + to non-HTTP traffic. + format: int32 + type: integer + maxRetries: + description: >- + The maximum number of parallel retries that will + be allowed to + + the upstream cluster. + format: int32 + type: integer + type: object + outlierDetection: + description: >- + OutlierDetection contains the configuration of the + process of dynamically + + determining whether some number of hosts in an + upstream cluster are + + performing unlike the others and removing them from + the healthy load + + balancing set. Performance might be along different + axes such as + + consecutive failures, temporal success rate, temporal + latency, etc. + + Outlier detection is a form of passive health + checking. + properties: + baseEjectionTime: + description: >- + The base time that a host is ejected for. The real + time is equal to + + the base time multiplied by the number of times + the host has been + + ejected. + type: string + detectors: + description: >- + Contains configuration for supported outlier + detectors + properties: + failurePercentage: + description: >- + Failure Percentage based outlier detection + functions similarly to success + + rate detection, in that it relies on success + rate data from each host in + + a cluster. However, rather than compare those + values to the mean success + + rate of the cluster as a whole, they are + compared to a flat + + user-configured threshold. This threshold is + configured via the + + outlierDetection.failurePercentageThreshold + field. + + The other configuration fields for failure + percentage based detection are + + similar to the fields for success rate + detection. As with success rate + + detection, detection will not be performed for + a host if its request + + volume over the aggregation interval is less + than the + + outlierDetection.detectors.failurePercentage.requestVolume + value. + + Detection also will not be performed for a + cluster if the number of hosts + + with the minimum required request volume in an + interval is less than the + + outlierDetection.detectors.failurePercentage.minimumHosts + value. + properties: + minimumHosts: + description: >- + The minimum number of hosts in a cluster + in order to perform failure + + percentage-based ejection. If the total + number of hosts in the cluster is + + less than this value, failure + percentage-based ejection will not be + + performed. + format: int32 + type: integer + requestVolume: + description: >- + The minimum number of total requests that + must be collected in one + + interval (as defined by the interval + duration above) to perform failure + + percentage-based ejection for this host. + If the volume is lower than this + + setting, failure percentage-based ejection + will not be performed for this + + host. + format: int32 + type: integer + threshold: + description: >- + The failure percentage to use when + determining failure percentage-based + + outlier detection. If the failure + percentage of a given host is greater + + than or equal to this value, it will be + ejected. + format: int32 + type: integer + type: object + gatewayFailures: + description: >- + In the default mode + (outlierDetection.splitExternalLocalOriginErrors + is + + false) this detection type takes into account + a subset of 5xx errors, + + called "gateway errors" (502, 503 or 504 + status code) and local origin + + failures, such as timeout, TCP reset etc. + + In split mode + (outlierDetection.splitExternalLocalOriginErrors + is true) + + this detection type takes into account a + subset of 5xx errors, called + + "gateway errors" (502, 503 or 504 status code) + and is supported only by + + the http router. + properties: + consecutive: + description: >- + The number of consecutive gateway failures + (502, 503, 504 status codes) + + before a consecutive gateway failure + ejection occurs. + format: int32 + type: integer + type: object + localOriginFailures: + description: >- + This detection type is enabled only when + + outlierDetection.splitExternalLocalOriginErrors + is true and takes into + + account only locally originated errors + (timeout, reset, etc). + + If Envoy repeatedly cannot connect to an + upstream host or communication + + with the upstream host is repeatedly + interrupted, it will be ejected. + + Various locally originated problems are + detected: timeout, TCP reset, + + ICMP errors, etc. This detection type is + supported by http router and + + tcp proxy. + properties: + consecutive: + description: >- + The number of consecutive locally + originated failures before ejection + + occurs. Parameter takes effect only when + splitExternalAndLocalErrors + + is set to true. + format: int32 + type: integer + type: object + successRate: + description: >- + Success Rate based outlier detection + aggregates success rate data from + + every host in a cluster. Then at given + intervals ejects hosts based on + + statistical outlier detection. Success Rate + outlier detection will not be + + calculated for a host if its request volume + over the aggregation interval + + is less than the + outlierDetection.detectors.successRate.requestVolume + + value. + + Moreover, detection will not be performed for + a cluster if the number of + + hosts with the minimum required request volume + in an interval is less + + than the + outlierDetection.detectors.successRate.minimumHosts + value. + + In the default configuration mode + + (outlierDetection.splitExternalLocalOriginErrors + is false) this detection + + type takes into account all types of errors: + locally and externally + + originated. + + In split mode + (outlierDetection.splitExternalLocalOriginErrors + is true), + + locally originated errors and externally + originated (transaction) errors + + are counted and treated separately. + properties: + minimumHosts: + description: >- + The number of hosts in a cluster that must + have enough request volume to + + detect success rate outliers. If the + number of hosts is less than this + + setting, outlier detection via success + rate statistics is not performed + + for any host in the cluster. + format: int32 + type: integer + requestVolume: + description: >- + The minimum number of total requests that + must be collected in one + + interval (as defined by the interval + duration configured in + + outlierDetection section) to include this + host in success rate based + + outlier detection. If the volume is lower + than this setting, outlier + + detection via success rate statistics is + not performed for that host. + format: int32 + type: integer + standardDeviationFactor: + anyOf: + - type: integer + - type: string + description: >- + This factor is used to determine the + ejection threshold for success rate + + outlier ejection. The ejection threshold + is the difference between + + the mean success rate, and the product of + this factor and the standard + + deviation of the mean success rate: mean - + (standard_deviation * + + success_rate_standard_deviation_factor). + + Either int or decimal represented as + string. + x-kubernetes-int-or-string: true + type: object + totalFailures: + description: >- + In the default mode + (outlierDetection.splitExternalAndLocalErrors + is + + false) this detection type takes into account + all generated errors: + + locally originated and externally originated + (transaction) errors. + + In split mode + (outlierDetection.splitExternalLocalOriginErrors + is true) + + this detection type takes into account only + externally originated + + (transaction) errors, ignoring locally + originated errors. + + If an upstream host is an HTTP-server, only + 5xx types of error are taken + + into account (see Consecutive Gateway Failure + for exceptions). + + Properly formatted responses, even when they + carry an operational error + + (like index not found, access denied) are not + taken into account. + properties: + consecutive: + description: >- + The number of consecutive server-side + error responses (for HTTP traffic, + + 5xx responses; for TCP traffic, connection + failures; for Redis, failure + + to respond PONG; etc.) before a + consecutive total failure ejection + + occurs. + format: int32 + type: integer + type: object + type: object + disabled: + description: >- + When set to true, outlierDetection configuration + won't take any effect + type: boolean + healthyPanicThreshold: + anyOf: + - type: integer + - type: string + description: >- + Allows to configure panic threshold for Envoy + cluster. If not specified, + + the default is 50%. To disable panic mode, set to + 0%. + + Either int or decimal represented as string. + x-kubernetes-int-or-string: true + interval: + description: >- + The time interval between ejection analysis + sweeps. This can result in + + both new ejections and hosts being returned to + service. + type: string + maxEjectionPercent: + description: >- + The maximum % of an upstream cluster that can be + ejected due to outlier + + detection. Defaults to 10% but will eject at least + one host regardless of + + the value. + format: int32 + type: integer + splitExternalAndLocalErrors: + description: >- + Determines whether to distinguish local origin + failures from external + + errors. If set to true the following configuration + parameters are taken + + into account: + detectors.localOriginFailures.consecutive + type: boolean + type: object + type: object + targetRef: + description: >- + TargetRef is a reference to the resource that represents a + group of + + destinations. + properties: + kind: + description: Kind of the referenced resource + enum: + - Mesh + - MeshSubset + - MeshGateway + - MeshService + - MeshExternalService + - MeshMultiZoneService + - MeshServiceSubset + - MeshHTTPRoute + - Dataplane + type: string + labels: + additionalProperties: + type: string + description: >- + Labels are used to select group of MeshServices that + match labels. Either Labels or + + Name and Namespace can be used. + type: object + mesh: + description: >- + Mesh is reserved for future use to identify cross mesh + resources. + type: string + name: + description: >- + Name of the referenced resource. Can only be used with + kinds: `MeshService`, + + `MeshServiceSubset` and `MeshGatewayRoute` + type: string + namespace: + description: >- + Namespace specifies the namespace of target resource. + If empty only resources in policy namespace + + will be targeted. + type: string + proxyTypes: + description: >- + ProxyTypes specifies the data plane types that are + subject to the policy. When not specified, + + all data plane types are targeted by the policy. + items: + enum: + - Sidecar + - Gateway + type: string + type: array + sectionName: + description: >- + SectionName is used to target specific section of + resource. + + For example, you can target port from + MeshService.ports[] by its name. Only traffic to this + port will be affected. + type: string + tags: + additionalProperties: + type: string + description: >- + Tags used to select a subset of proxies by tags. Can + only be used with kinds + + `MeshSubset` and `MeshServiceSubset` + type: object + required: + - kind + type: object + required: + - targetRef + type: object + type: array + rules: + description: >- + Rules defines inbound circuit breaker configurations. Currently + limited to + + selecting all inbound traffic, as L7 matching is not yet + implemented. + items: + properties: + default: + description: >- + Default contains configuration of the inbound circuit + breaker + properties: + connectionLimits: + description: >- + ConnectionLimits contains configuration of each + circuit breaking limit, + + which when exceeded makes the circuit breaker to + become open (no traffic + + is allowed like no current is allowed in the circuits + when physical + + circuit breaker ir open) + properties: + maxConnectionPools: + description: >- + The maximum number of connection pools per cluster + that are concurrently + + supported at once. Set this for clusters which + create a large number of + + connection pools. + format: int32 + type: integer + maxConnections: + description: >- + The maximum number of connections allowed to be + made to the upstream + + cluster. + format: int32 + type: integer + maxPendingRequests: + description: >- + The maximum number of pending requests that are + allowed to the upstream + + cluster. This limit is applied as a connection + limit for non-HTTP + + traffic. + format: int32 + type: integer + maxRequests: + description: >- + The maximum number of parallel requests that are + allowed to be made + + to the upstream cluster. This limit does not apply + to non-HTTP traffic. + format: int32 + type: integer + maxRetries: + description: >- + The maximum number of parallel retries that will + be allowed to + + the upstream cluster. + format: int32 + type: integer + type: object + outlierDetection: + description: >- + OutlierDetection contains the configuration of the + process of dynamically + + determining whether some number of hosts in an + upstream cluster are + + performing unlike the others and removing them from + the healthy load + + balancing set. Performance might be along different + axes such as + + consecutive failures, temporal success rate, temporal + latency, etc. + + Outlier detection is a form of passive health + checking. + properties: + baseEjectionTime: + description: >- + The base time that a host is ejected for. The real + time is equal to + + the base time multiplied by the number of times + the host has been + + ejected. + type: string + detectors: + description: >- + Contains configuration for supported outlier + detectors + properties: + failurePercentage: + description: >- + Failure Percentage based outlier detection + functions similarly to success + + rate detection, in that it relies on success + rate data from each host in + + a cluster. However, rather than compare those + values to the mean success + + rate of the cluster as a whole, they are + compared to a flat + + user-configured threshold. This threshold is + configured via the + + outlierDetection.failurePercentageThreshold + field. + + The other configuration fields for failure + percentage based detection are + + similar to the fields for success rate + detection. As with success rate + + detection, detection will not be performed for + a host if its request + + volume over the aggregation interval is less + than the + + outlierDetection.detectors.failurePercentage.requestVolume + value. + + Detection also will not be performed for a + cluster if the number of hosts + + with the minimum required request volume in an + interval is less than the + + outlierDetection.detectors.failurePercentage.minimumHosts + value. + properties: + minimumHosts: + description: >- + The minimum number of hosts in a cluster + in order to perform failure + + percentage-based ejection. If the total + number of hosts in the cluster is + + less than this value, failure + percentage-based ejection will not be + + performed. + format: int32 + type: integer + requestVolume: + description: >- + The minimum number of total requests that + must be collected in one + + interval (as defined by the interval + duration above) to perform failure + + percentage-based ejection for this host. + If the volume is lower than this + + setting, failure percentage-based ejection + will not be performed for this + + host. + format: int32 + type: integer + threshold: + description: >- + The failure percentage to use when + determining failure percentage-based + + outlier detection. If the failure + percentage of a given host is greater + + than or equal to this value, it will be + ejected. + format: int32 + type: integer + type: object + gatewayFailures: + description: >- + In the default mode + (outlierDetection.splitExternalLocalOriginErrors + is + + false) this detection type takes into account + a subset of 5xx errors, + + called "gateway errors" (502, 503 or 504 + status code) and local origin + + failures, such as timeout, TCP reset etc. + + In split mode + (outlierDetection.splitExternalLocalOriginErrors + is true) + + this detection type takes into account a + subset of 5xx errors, called + + "gateway errors" (502, 503 or 504 status code) + and is supported only by + + the http router. + properties: + consecutive: + description: >- + The number of consecutive gateway failures + (502, 503, 504 status codes) + + before a consecutive gateway failure + ejection occurs. + format: int32 + type: integer + type: object + localOriginFailures: + description: >- + This detection type is enabled only when + + outlierDetection.splitExternalLocalOriginErrors + is true and takes into + + account only locally originated errors + (timeout, reset, etc). + + If Envoy repeatedly cannot connect to an + upstream host or communication + + with the upstream host is repeatedly + interrupted, it will be ejected. + + Various locally originated problems are + detected: timeout, TCP reset, + + ICMP errors, etc. This detection type is + supported by http router and + + tcp proxy. + properties: + consecutive: + description: >- + The number of consecutive locally + originated failures before ejection + + occurs. Parameter takes effect only when + splitExternalAndLocalErrors + + is set to true. + format: int32 + type: integer + type: object + successRate: + description: >- + Success Rate based outlier detection + aggregates success rate data from + + every host in a cluster. Then at given + intervals ejects hosts based on + + statistical outlier detection. Success Rate + outlier detection will not be + + calculated for a host if its request volume + over the aggregation interval + + is less than the + outlierDetection.detectors.successRate.requestVolume + + value. + + Moreover, detection will not be performed for + a cluster if the number of + + hosts with the minimum required request volume + in an interval is less + + than the + outlierDetection.detectors.successRate.minimumHosts + value. + + In the default configuration mode + + (outlierDetection.splitExternalLocalOriginErrors + is false) this detection + + type takes into account all types of errors: + locally and externally + + originated. + + In split mode + (outlierDetection.splitExternalLocalOriginErrors + is true), + + locally originated errors and externally + originated (transaction) errors + + are counted and treated separately. + properties: + minimumHosts: + description: >- + The number of hosts in a cluster that must + have enough request volume to + + detect success rate outliers. If the + number of hosts is less than this + + setting, outlier detection via success + rate statistics is not performed + + for any host in the cluster. + format: int32 + type: integer + requestVolume: + description: >- + The minimum number of total requests that + must be collected in one + + interval (as defined by the interval + duration configured in + + outlierDetection section) to include this + host in success rate based + + outlier detection. If the volume is lower + than this setting, outlier + + detection via success rate statistics is + not performed for that host. + format: int32 + type: integer + standardDeviationFactor: + anyOf: + - type: integer + - type: string + description: >- + This factor is used to determine the + ejection threshold for success rate + + outlier ejection. The ejection threshold + is the difference between + + the mean success rate, and the product of + this factor and the standard + + deviation of the mean success rate: mean - + (standard_deviation * + + success_rate_standard_deviation_factor). + + Either int or decimal represented as + string. + x-kubernetes-int-or-string: true + type: object + totalFailures: + description: >- + In the default mode + (outlierDetection.splitExternalAndLocalErrors + is + + false) this detection type takes into account + all generated errors: + + locally originated and externally originated + (transaction) errors. + + In split mode + (outlierDetection.splitExternalLocalOriginErrors + is true) + + this detection type takes into account only + externally originated + + (transaction) errors, ignoring locally + originated errors. + + If an upstream host is an HTTP-server, only + 5xx types of error are taken + + into account (see Consecutive Gateway Failure + for exceptions). + + Properly formatted responses, even when they + carry an operational error + + (like index not found, access denied) are not + taken into account. + properties: + consecutive: + description: >- + The number of consecutive server-side + error responses (for HTTP traffic, + + 5xx responses; for TCP traffic, connection + failures; for Redis, failure + + to respond PONG; etc.) before a + consecutive total failure ejection + + occurs. + format: int32 + type: integer + type: object + type: object + disabled: + description: >- + When set to true, outlierDetection configuration + won't take any effect + type: boolean + healthyPanicThreshold: + anyOf: + - type: integer + - type: string + description: >- + Allows to configure panic threshold for Envoy + cluster. If not specified, + + the default is 50%. To disable panic mode, set to + 0%. + + Either int or decimal represented as string. + x-kubernetes-int-or-string: true + interval: + description: >- + The time interval between ejection analysis + sweeps. This can result in + + both new ejections and hosts being returned to + service. + type: string + maxEjectionPercent: + description: >- + The maximum % of an upstream cluster that can be + ejected due to outlier + + detection. Defaults to 10% but will eject at least + one host regardless of + + the value. + format: int32 + type: integer + splitExternalAndLocalErrors: + description: >- + Determines whether to distinguish local origin + failures from external + + errors. If set to true the following configuration + parameters are taken + + into account: + detectors.localOriginFailures.consecutive + type: boolean + type: object + type: object + type: object + type: array + targetRef: + description: >- + TargetRef is a reference to the resource the policy takes an + effect on. + + The resource could be either a real store object or virtual + resource + + defined in place. + properties: + kind: + description: Kind of the referenced resource + enum: + - Mesh + - MeshSubset + - MeshGateway + - MeshService + - MeshExternalService + - MeshMultiZoneService + - MeshServiceSubset + - MeshHTTPRoute + - Dataplane + type: string + labels: + additionalProperties: + type: string + description: >- + Labels are used to select group of MeshServices that match + labels. Either Labels or + + Name and Namespace can be used. + type: object + mesh: + description: >- + Mesh is reserved for future use to identify cross mesh + resources. + type: string + name: + description: >- + Name of the referenced resource. Can only be used with + kinds: `MeshService`, + + `MeshServiceSubset` and `MeshGatewayRoute` + type: string + namespace: + description: >- + Namespace specifies the namespace of target resource. If + empty only resources in policy namespace + + will be targeted. + type: string + proxyTypes: + description: >- + ProxyTypes specifies the data plane types that are subject + to the policy. When not specified, + + all data plane types are targeted by the policy. + items: + enum: + - Sidecar + - Gateway + type: string + type: array + sectionName: + description: >- + SectionName is used to target specific section of resource. + + For example, you can target port from MeshService.ports[] by + its name. Only traffic to this port will be affected. + type: string + tags: + additionalProperties: + type: string + description: >- + Tags used to select a subset of proxies by tags. Can only be + used with kinds + + `MeshSubset` and `MeshServiceSubset` + type: object + required: + - kind + type: object + to: + description: >- + To list makes a match between the consumed services and + corresponding + + configurations + items: + properties: + default: + description: >- + Default is a configuration specific to the group of + destinations + + referenced in 'targetRef' + properties: + connectionLimits: + description: >- + ConnectionLimits contains configuration of each + circuit breaking limit, + + which when exceeded makes the circuit breaker to + become open (no traffic + + is allowed like no current is allowed in the circuits + when physical + + circuit breaker ir open) + properties: + maxConnectionPools: + description: >- + The maximum number of connection pools per cluster + that are concurrently + + supported at once. Set this for clusters which + create a large number of + + connection pools. + format: int32 + type: integer + maxConnections: + description: >- + The maximum number of connections allowed to be + made to the upstream + + cluster. + format: int32 + type: integer + maxPendingRequests: + description: >- + The maximum number of pending requests that are + allowed to the upstream + + cluster. This limit is applied as a connection + limit for non-HTTP + + traffic. + format: int32 + type: integer + maxRequests: + description: >- + The maximum number of parallel requests that are + allowed to be made + + to the upstream cluster. This limit does not apply + to non-HTTP traffic. + format: int32 + type: integer + maxRetries: + description: >- + The maximum number of parallel retries that will + be allowed to + + the upstream cluster. + format: int32 + type: integer + type: object + outlierDetection: + description: >- + OutlierDetection contains the configuration of the + process of dynamically + + determining whether some number of hosts in an + upstream cluster are + + performing unlike the others and removing them from + the healthy load + + balancing set. Performance might be along different + axes such as + + consecutive failures, temporal success rate, temporal + latency, etc. + + Outlier detection is a form of passive health + checking. + properties: + baseEjectionTime: + description: >- + The base time that a host is ejected for. The real + time is equal to + + the base time multiplied by the number of times + the host has been + + ejected. + type: string + detectors: + description: >- + Contains configuration for supported outlier + detectors + properties: + failurePercentage: + description: >- + Failure Percentage based outlier detection + functions similarly to success + + rate detection, in that it relies on success + rate data from each host in + + a cluster. However, rather than compare those + values to the mean success + + rate of the cluster as a whole, they are + compared to a flat + + user-configured threshold. This threshold is + configured via the + + outlierDetection.failurePercentageThreshold + field. + + The other configuration fields for failure + percentage based detection are + + similar to the fields for success rate + detection. As with success rate + + detection, detection will not be performed for + a host if its request + + volume over the aggregation interval is less + than the + + outlierDetection.detectors.failurePercentage.requestVolume + value. + + Detection also will not be performed for a + cluster if the number of hosts + + with the minimum required request volume in an + interval is less than the + + outlierDetection.detectors.failurePercentage.minimumHosts + value. + properties: + minimumHosts: + description: >- + The minimum number of hosts in a cluster + in order to perform failure + + percentage-based ejection. If the total + number of hosts in the cluster is + + less than this value, failure + percentage-based ejection will not be + + performed. + format: int32 + type: integer + requestVolume: + description: >- + The minimum number of total requests that + must be collected in one + + interval (as defined by the interval + duration above) to perform failure + + percentage-based ejection for this host. + If the volume is lower than this + + setting, failure percentage-based ejection + will not be performed for this + + host. + format: int32 + type: integer + threshold: + description: >- + The failure percentage to use when + determining failure percentage-based + + outlier detection. If the failure + percentage of a given host is greater + + than or equal to this value, it will be + ejected. + format: int32 + type: integer + type: object + gatewayFailures: + description: >- + In the default mode + (outlierDetection.splitExternalLocalOriginErrors + is + + false) this detection type takes into account + a subset of 5xx errors, + + called "gateway errors" (502, 503 or 504 + status code) and local origin + + failures, such as timeout, TCP reset etc. + + In split mode + (outlierDetection.splitExternalLocalOriginErrors + is true) + + this detection type takes into account a + subset of 5xx errors, called + + "gateway errors" (502, 503 or 504 status code) + and is supported only by + + the http router. + properties: + consecutive: + description: >- + The number of consecutive gateway failures + (502, 503, 504 status codes) + + before a consecutive gateway failure + ejection occurs. + format: int32 + type: integer + type: object + localOriginFailures: + description: >- + This detection type is enabled only when + + outlierDetection.splitExternalLocalOriginErrors + is true and takes into + + account only locally originated errors + (timeout, reset, etc). + + If Envoy repeatedly cannot connect to an + upstream host or communication + + with the upstream host is repeatedly + interrupted, it will be ejected. + + Various locally originated problems are + detected: timeout, TCP reset, + + ICMP errors, etc. This detection type is + supported by http router and + + tcp proxy. + properties: + consecutive: + description: >- + The number of consecutive locally + originated failures before ejection + + occurs. Parameter takes effect only when + splitExternalAndLocalErrors + + is set to true. + format: int32 + type: integer + type: object + successRate: + description: >- + Success Rate based outlier detection + aggregates success rate data from + + every host in a cluster. Then at given + intervals ejects hosts based on + + statistical outlier detection. Success Rate + outlier detection will not be + + calculated for a host if its request volume + over the aggregation interval + + is less than the + outlierDetection.detectors.successRate.requestVolume + + value. + + Moreover, detection will not be performed for + a cluster if the number of + + hosts with the minimum required request volume + in an interval is less + + than the + outlierDetection.detectors.successRate.minimumHosts + value. + + In the default configuration mode + + (outlierDetection.splitExternalLocalOriginErrors + is false) this detection + + type takes into account all types of errors: + locally and externally + + originated. + + In split mode + (outlierDetection.splitExternalLocalOriginErrors + is true), + + locally originated errors and externally + originated (transaction) errors + + are counted and treated separately. + properties: + minimumHosts: + description: >- + The number of hosts in a cluster that must + have enough request volume to + + detect success rate outliers. If the + number of hosts is less than this + + setting, outlier detection via success + rate statistics is not performed + + for any host in the cluster. + format: int32 + type: integer + requestVolume: + description: >- + The minimum number of total requests that + must be collected in one + + interval (as defined by the interval + duration configured in + + outlierDetection section) to include this + host in success rate based + + outlier detection. If the volume is lower + than this setting, outlier + + detection via success rate statistics is + not performed for that host. + format: int32 + type: integer + standardDeviationFactor: + anyOf: + - type: integer + - type: string + description: >- + This factor is used to determine the + ejection threshold for success rate + + outlier ejection. The ejection threshold + is the difference between + + the mean success rate, and the product of + this factor and the standard + + deviation of the mean success rate: mean - + (standard_deviation * + + success_rate_standard_deviation_factor). + + Either int or decimal represented as + string. + x-kubernetes-int-or-string: true + type: object + totalFailures: + description: >- + In the default mode + (outlierDetection.splitExternalAndLocalErrors + is + + false) this detection type takes into account + all generated errors: + + locally originated and externally originated + (transaction) errors. + + In split mode + (outlierDetection.splitExternalLocalOriginErrors + is true) + + this detection type takes into account only + externally originated + + (transaction) errors, ignoring locally + originated errors. + + If an upstream host is an HTTP-server, only + 5xx types of error are taken + + into account (see Consecutive Gateway Failure + for exceptions). + + Properly formatted responses, even when they + carry an operational error + + (like index not found, access denied) are not + taken into account. + properties: + consecutive: + description: >- + The number of consecutive server-side + error responses (for HTTP traffic, + + 5xx responses; for TCP traffic, connection + failures; for Redis, failure + + to respond PONG; etc.) before a + consecutive total failure ejection + + occurs. + format: int32 + type: integer + type: object + type: object + disabled: + description: >- + When set to true, outlierDetection configuration + won't take any effect + type: boolean + healthyPanicThreshold: + anyOf: + - type: integer + - type: string + description: >- + Allows to configure panic threshold for Envoy + cluster. If not specified, + + the default is 50%. To disable panic mode, set to + 0%. + + Either int or decimal represented as string. + x-kubernetes-int-or-string: true + interval: + description: >- + The time interval between ejection analysis + sweeps. This can result in + + both new ejections and hosts being returned to + service. + type: string + maxEjectionPercent: + description: >- + The maximum % of an upstream cluster that can be + ejected due to outlier + + detection. Defaults to 10% but will eject at least + one host regardless of + + the value. + format: int32 + type: integer + splitExternalAndLocalErrors: + description: >- + Determines whether to distinguish local origin + failures from external + + errors. If set to true the following configuration + parameters are taken + + into account: + detectors.localOriginFailures.consecutive + type: boolean + type: object + type: object + targetRef: + description: >- + TargetRef is a reference to the resource that represents a + group of + + destinations. + properties: + kind: + description: Kind of the referenced resource + enum: + - Mesh + - MeshSubset + - MeshGateway + - MeshService + - MeshExternalService + - MeshMultiZoneService + - MeshServiceSubset + - MeshHTTPRoute + - Dataplane + type: string + labels: + additionalProperties: + type: string + description: >- + Labels are used to select group of MeshServices that + match labels. Either Labels or + + Name and Namespace can be used. + type: object + mesh: + description: >- + Mesh is reserved for future use to identify cross mesh + resources. + type: string + name: + description: >- + Name of the referenced resource. Can only be used with + kinds: `MeshService`, + + `MeshServiceSubset` and `MeshGatewayRoute` + type: string + namespace: + description: >- + Namespace specifies the namespace of target resource. + If empty only resources in policy namespace + + will be targeted. + type: string + proxyTypes: + description: >- + ProxyTypes specifies the data plane types that are + subject to the policy. When not specified, + + all data plane types are targeted by the policy. + items: + enum: + - Sidecar + - Gateway + type: string + type: array + sectionName: + description: >- + SectionName is used to target specific section of + resource. + + For example, you can target port from + MeshService.ports[] by its name. Only traffic to this + port will be affected. + type: string + tags: + additionalProperties: + type: string + description: >- + Tags used to select a subset of proxies by tags. Can + only be used with kinds + + `MeshSubset` and `MeshServiceSubset` + type: object + required: + - kind + type: object + required: + - targetRef + type: object + type: array + type: object + creationTime: + readOnly: true + type: string + description: Time at which the resource was created + format: date-time + example: '0001-01-01T00:00:00Z' + modificationTime: + readOnly: true + type: string + description: Time at which the resource was updated + format: date-time + example: '0001-01-01T00:00:00Z' + MeshCircuitBreakerCreateOrUpdateSuccessResponse: + type: object + properties: + warnings: + type: array + readOnly: true + description: > + warnings is a list of warning messages to return to the requesting + Kuma API clients. + + Warning messages describe a problem the client making the API + request should correct or be aware of. + items: + type: string + MeshCircuitBreakerDeleteSuccessResponse: + type: object + properties: {} + MeshFaultInjectionItem: + type: object + required: + - type + - name + - spec + properties: + type: + description: the type of the resource + type: string + enum: + - MeshFaultInjection + mesh: + description: >- + Mesh is the name of the Kuma mesh this resource belongs to. It may + be omitted for cluster-scoped resources. + type: string + default: default + name: + description: Name of the Kuma resource + type: string + labels: + additionalProperties: + type: string + description: The labels to help identity resources + type: object + spec: + description: Spec is the specification of the Kuma MeshFaultInjection resource. + properties: + from: + description: >- + From list makes a match between clients and corresponding + configurations + items: + properties: + default: + description: >- + Default is a configuration specific to the group of + destinations referenced in + + 'targetRef' + properties: + http: + description: >- + Http allows to define list of Http faults between + dataplanes. + items: + description: >- + FaultInjection defines the configuration of faults + between dataplanes. + properties: + abort: + description: >- + Abort defines a configuration of not delivering + requests to destination + + service and replacing the responses from + destination dataplane by + + predefined status code + properties: + httpStatus: + description: >- + HTTP status code which will be returned to + source side + format: int32 + type: integer + percentage: + anyOf: + - type: integer + - type: string + description: >- + Percentage of requests on which abort will + be injected, has to be + + either int or decimal represented as string. + x-kubernetes-int-or-string: true + required: + - httpStatus + - percentage + type: object + delay: + description: >- + Delay defines configuration of delaying a + response from a destination + properties: + percentage: + anyOf: + - type: integer + - type: string + description: >- + Percentage of requests on which delay will + be injected, has to be + + either int or decimal represented as string. + x-kubernetes-int-or-string: true + value: + description: >- + The duration during which the response will + be delayed + type: string + required: + - percentage + - value + type: object + responseBandwidth: + description: >- + ResponseBandwidth defines a configuration to + limit the speed of + + responding to the requests + properties: + limit: + description: >- + Limit is represented by value measure in + Gbps, Mbps, kbps, e.g. + + 10kbps + type: string + percentage: + anyOf: + - type: integer + - type: string + description: >- + Percentage of requests on which response + bandwidth limit will be + + either int or decimal represented as string. + x-kubernetes-int-or-string: true + required: + - limit + - percentage + type: object + type: object + type: array + type: object + targetRef: + description: >- + TargetRef is a reference to the resource that represents a + group of + + destinations. + properties: + kind: + description: Kind of the referenced resource + enum: + - Mesh + - MeshSubset + - MeshGateway + - MeshService + - MeshExternalService + - MeshMultiZoneService + - MeshServiceSubset + - MeshHTTPRoute + - Dataplane + type: string + labels: + additionalProperties: + type: string + description: >- + Labels are used to select group of MeshServices that + match labels. Either Labels or + + Name and Namespace can be used. + type: object + mesh: + description: >- + Mesh is reserved for future use to identify cross mesh + resources. + type: string + name: + description: >- + Name of the referenced resource. Can only be used with + kinds: `MeshService`, + + `MeshServiceSubset` and `MeshGatewayRoute` + type: string + namespace: + description: >- + Namespace specifies the namespace of target resource. + If empty only resources in policy namespace + + will be targeted. + type: string + proxyTypes: + description: >- + ProxyTypes specifies the data plane types that are + subject to the policy. When not specified, + + all data plane types are targeted by the policy. + items: + enum: + - Sidecar + - Gateway + type: string + type: array + sectionName: + description: >- + SectionName is used to target specific section of + resource. + + For example, you can target port from + MeshService.ports[] by its name. Only traffic to this + port will be affected. + type: string + tags: + additionalProperties: + type: string + description: >- + Tags used to select a subset of proxies by tags. Can + only be used with kinds + + `MeshSubset` and `MeshServiceSubset` + type: object + required: + - kind + type: object + required: + - targetRef + type: object + type: array + targetRef: + description: >- + TargetRef is a reference to the resource the policy takes an + effect on. + + The resource could be either a real store object or virtual + resource + + defined inplace. + properties: + kind: + description: Kind of the referenced resource + enum: + - Mesh + - MeshSubset + - MeshGateway + - MeshService + - MeshExternalService + - MeshMultiZoneService + - MeshServiceSubset + - MeshHTTPRoute + - Dataplane + type: string + labels: + additionalProperties: + type: string + description: >- + Labels are used to select group of MeshServices that match + labels. Either Labels or + + Name and Namespace can be used. + type: object + mesh: + description: >- + Mesh is reserved for future use to identify cross mesh + resources. + type: string + name: + description: >- + Name of the referenced resource. Can only be used with + kinds: `MeshService`, + + `MeshServiceSubset` and `MeshGatewayRoute` + type: string + namespace: + description: >- + Namespace specifies the namespace of target resource. If + empty only resources in policy namespace + + will be targeted. + type: string + proxyTypes: + description: >- + ProxyTypes specifies the data plane types that are subject + to the policy. When not specified, + + all data plane types are targeted by the policy. + items: + enum: + - Sidecar + - Gateway + type: string + type: array + sectionName: + description: >- + SectionName is used to target specific section of resource. + + For example, you can target port from MeshService.ports[] by + its name. Only traffic to this port will be affected. + type: string + tags: + additionalProperties: + type: string + description: >- + Tags used to select a subset of proxies by tags. Can only be + used with kinds + + `MeshSubset` and `MeshServiceSubset` + type: object + required: + - kind + type: object + to: + description: >- + To list makes a match between clients and corresponding + configurations + items: + properties: + default: + description: >- + Default is a configuration specific to the group of + destinations referenced in + + 'targetRef' + properties: + http: + description: >- + Http allows to define list of Http faults between + dataplanes. + items: + description: >- + FaultInjection defines the configuration of faults + between dataplanes. + properties: + abort: + description: >- + Abort defines a configuration of not delivering + requests to destination + + service and replacing the responses from + destination dataplane by + + predefined status code + properties: + httpStatus: + description: >- + HTTP status code which will be returned to + source side + format: int32 + type: integer + percentage: + anyOf: + - type: integer + - type: string + description: >- + Percentage of requests on which abort will + be injected, has to be + + either int or decimal represented as string. + x-kubernetes-int-or-string: true + required: + - httpStatus + - percentage + type: object + delay: + description: >- + Delay defines configuration of delaying a + response from a destination + properties: + percentage: + anyOf: + - type: integer + - type: string + description: >- + Percentage of requests on which delay will + be injected, has to be + + either int or decimal represented as string. + x-kubernetes-int-or-string: true + value: + description: >- + The duration during which the response will + be delayed + type: string + required: + - percentage + - value + type: object + responseBandwidth: + description: >- + ResponseBandwidth defines a configuration to + limit the speed of + + responding to the requests + properties: + limit: + description: >- + Limit is represented by value measure in + Gbps, Mbps, kbps, e.g. + + 10kbps + type: string + percentage: + anyOf: + - type: integer + - type: string + description: >- + Percentage of requests on which response + bandwidth limit will be + + either int or decimal represented as string. + x-kubernetes-int-or-string: true + required: + - limit + - percentage + type: object + type: object + type: array + type: object + targetRef: + description: >- + TargetRef is a reference to the resource that represents a + group of + + destinations. + properties: + kind: + description: Kind of the referenced resource + enum: + - Mesh + - MeshSubset + - MeshGateway + - MeshService + - MeshExternalService + - MeshMultiZoneService + - MeshServiceSubset + - MeshHTTPRoute + - Dataplane + type: string + labels: + additionalProperties: + type: string + description: >- + Labels are used to select group of MeshServices that + match labels. Either Labels or + + Name and Namespace can be used. + type: object + mesh: + description: >- + Mesh is reserved for future use to identify cross mesh + resources. + type: string + name: + description: >- + Name of the referenced resource. Can only be used with + kinds: `MeshService`, + + `MeshServiceSubset` and `MeshGatewayRoute` + type: string + namespace: + description: >- + Namespace specifies the namespace of target resource. + If empty only resources in policy namespace + + will be targeted. + type: string + proxyTypes: + description: >- + ProxyTypes specifies the data plane types that are + subject to the policy. When not specified, + + all data plane types are targeted by the policy. + items: + enum: + - Sidecar + - Gateway + type: string + type: array + sectionName: + description: >- + SectionName is used to target specific section of + resource. + + For example, you can target port from + MeshService.ports[] by its name. Only traffic to this + port will be affected. + type: string + tags: + additionalProperties: + type: string + description: >- + Tags used to select a subset of proxies by tags. Can + only be used with kinds + + `MeshSubset` and `MeshServiceSubset` + type: object + required: + - kind + type: object + required: + - targetRef + type: object + type: array + type: object + creationTime: + readOnly: true + type: string + description: Time at which the resource was created + format: date-time + example: '0001-01-01T00:00:00Z' + modificationTime: + readOnly: true + type: string + description: Time at which the resource was updated + format: date-time + example: '0001-01-01T00:00:00Z' + MeshFaultInjectionCreateOrUpdateSuccessResponse: + type: object + properties: + warnings: + type: array + readOnly: true + description: > + warnings is a list of warning messages to return to the requesting + Kuma API clients. + + Warning messages describe a problem the client making the API + request should correct or be aware of. + items: + type: string + MeshFaultInjectionDeleteSuccessResponse: + type: object + properties: {} + MeshHealthCheckItem: + type: object + required: + - type + - name + - spec + properties: + type: + description: the type of the resource + type: string + enum: + - MeshHealthCheck + mesh: + description: >- + Mesh is the name of the Kuma mesh this resource belongs to. It may + be omitted for cluster-scoped resources. + type: string + default: default + name: + description: Name of the Kuma resource + type: string + labels: + additionalProperties: + type: string + description: The labels to help identity resources + type: object + spec: + description: Spec is the specification of the Kuma MeshHealthCheck resource. + properties: + targetRef: + description: >- + TargetRef is a reference to the resource the policy takes an + effect on. + + The resource could be either a real store object or virtual + resource + + defined inplace. + properties: + kind: + description: Kind of the referenced resource + enum: + - Mesh + - MeshSubset + - MeshGateway + - MeshService + - MeshExternalService + - MeshMultiZoneService + - MeshServiceSubset + - MeshHTTPRoute + - Dataplane + type: string + labels: + additionalProperties: + type: string + description: >- + Labels are used to select group of MeshServices that match + labels. Either Labels or + + Name and Namespace can be used. + type: object + mesh: + description: >- + Mesh is reserved for future use to identify cross mesh + resources. + type: string + name: + description: >- + Name of the referenced resource. Can only be used with + kinds: `MeshService`, + + `MeshServiceSubset` and `MeshGatewayRoute` + type: string + namespace: + description: >- + Namespace specifies the namespace of target resource. If + empty only resources in policy namespace + + will be targeted. + type: string + proxyTypes: + description: >- + ProxyTypes specifies the data plane types that are subject + to the policy. When not specified, + + all data plane types are targeted by the policy. + items: + enum: + - Sidecar + - Gateway + type: string + type: array + sectionName: + description: >- + SectionName is used to target specific section of resource. + + For example, you can target port from MeshService.ports[] by + its name. Only traffic to this port will be affected. + type: string + tags: + additionalProperties: + type: string + description: >- + Tags used to select a subset of proxies by tags. Can only be + used with kinds + + `MeshSubset` and `MeshServiceSubset` + type: object + required: + - kind + type: object + to: + description: >- + To list makes a match between the consumed services and + corresponding configurations + items: + properties: + default: + description: >- + Default is a configuration specific to the group of + destinations referenced in + + 'targetRef' + properties: + alwaysLogHealthCheckFailures: + description: >- + If set to true, health check failure events will + always be logged. If set + + to false, only the initial health check failure event + will be logged. The + + default value is false. + type: boolean + eventLogPath: + description: >- + Specifies the path to the file where Envoy can log + health check events. + + If empty, no event log will be written. + type: string + failTrafficOnPanic: + description: >- + If set to true, Envoy will not consider any hosts when + the cluster is in + + 'panic mode'. Instead, the cluster will fail all + requests as if all hosts + + are unhealthy. This can help avoid potentially + overwhelming a failing + + service. + type: boolean + grpc: + description: >- + GrpcHealthCheck defines gRPC configuration which will + instruct the service + + the health check will be made for is a gRPC service. + properties: + authority: + description: >- + The value of the :authority header in the gRPC + health check request, + + by default name of the cluster this health check + is associated with + type: string + disabled: + description: If true the GrpcHealthCheck is disabled + type: boolean + serviceName: + description: >- + Service name parameter which will be sent to gRPC + service + type: string + type: object + healthyPanicThreshold: + anyOf: + - type: integer + - type: string + description: >- + Allows to configure panic threshold for Envoy cluster. + If not specified, + + the default is 50%. To disable panic mode, set to 0%. + + Either int or decimal represented as string. + + Deprecated: the setting has been moved to + MeshCircuitBreaker policy, + + please use MeshCircuitBreaker policy instead. + x-kubernetes-int-or-string: true + healthyThreshold: + description: >- + Number of consecutive healthy checks before + considering a host healthy. + + If not specified then the default value is 1 + format: int32 + type: integer + http: + description: >- + HttpHealthCheck defines HTTP configuration which will + instruct the service + + the health check will be made for is an HTTP service. + properties: + disabled: + description: If true the HttpHealthCheck is disabled + type: boolean + expectedStatuses: + description: >- + List of HTTP response statuses which are + considered healthy + items: + format: int32 + type: integer + type: array + path: + description: >- + The HTTP path which will be requested during the + health check + + (ie. /health) + + If not specified then the default value is "/" + type: string + requestHeadersToAdd: + description: >- + The list of HTTP headers which should be added to + each health check + + request + properties: + add: + items: + properties: + name: + maxLength: 256 + minLength: 1 + pattern: ^[a-z0-9!#$%&'*+\-.^_\x60|~]+$ + type: string + value: + type: string + required: + - name + - value + type: object + maxItems: 16 + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map + set: + items: + properties: + name: + maxLength: 256 + minLength: 1 + pattern: ^[a-z0-9!#$%&'*+\-.^_\x60|~]+$ + type: string + value: + type: string + required: + - name + - value + type: object + maxItems: 16 + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map + type: object + type: object + initialJitter: + description: >- + If specified, Envoy will start health checking after a + random time in + + ms between 0 and initialJitter. This only applies to + the first health + + check. + type: string + interval: + description: |- + Interval between consecutive health checks. + If not specified then the default value is 1m + type: string + intervalJitter: + description: >- + If specified, during every interval Envoy will add + IntervalJitter to the + + wait time. + type: string + intervalJitterPercent: + description: >- + If specified, during every interval Envoy will add + IntervalJitter * + + IntervalJitterPercent / 100 to the wait time. If + IntervalJitter and + + IntervalJitterPercent are both set, both of them will + be used to + + increase the wait time. + format: int32 + type: integer + noTrafficInterval: + description: >- + The "no traffic interval" is a special health check + interval that is used + + when a cluster has never had traffic routed to it. + This lower interval + + allows cluster information to be kept up to date, + without sending a + + potentially large amount of active health checking + traffic for no reason. + + Once a cluster has been used for traffic routing, + Envoy will shift back + + to using the standard health check interval that is + defined. Note that + + this interval takes precedence over any other. The + default value for "no + + traffic interval" is 60 seconds. + type: string + reuseConnection: + description: >- + Reuse health check connection between health checks. + Default is true. + type: boolean + tcp: + description: >- + TcpHealthCheck defines configuration for specifying + bytes to send and + + expected response during the health check + properties: + disabled: + description: If true the TcpHealthCheck is disabled + type: boolean + receive: + description: >- + List of Base64 encoded blocks of strings expected + as a response. When checking the response, + + "fuzzy" matching is performed such that each block + must be found, and + + in the order specified, but not necessarily + contiguous. + + If not provided or empty, checks will be performed + as "connect only" and be marked as successful when + TCP connection is successfully established. + items: + type: string + type: array + send: + description: >- + Base64 encoded content of the message which will + be sent during the health check to the target + type: string + type: object + timeout: + description: |- + Maximum time to wait for a health check response. + If not specified then the default value is 15s + type: string + unhealthyThreshold: + description: >- + Number of consecutive unhealthy checks before + considering a host + + unhealthy. + + If not specified then the default value is 5 + format: int32 + type: integer + type: object + targetRef: + description: >- + TargetRef is a reference to the resource that represents a + group of + + destinations. + properties: + kind: + description: Kind of the referenced resource + enum: + - Mesh + - MeshSubset + - MeshGateway + - MeshService + - MeshExternalService + - MeshMultiZoneService + - MeshServiceSubset + - MeshHTTPRoute + - Dataplane + type: string + labels: + additionalProperties: + type: string + description: >- + Labels are used to select group of MeshServices that + match labels. Either Labels or + + Name and Namespace can be used. + type: object + mesh: + description: >- + Mesh is reserved for future use to identify cross mesh + resources. + type: string + name: + description: >- + Name of the referenced resource. Can only be used with + kinds: `MeshService`, + + `MeshServiceSubset` and `MeshGatewayRoute` + type: string + namespace: + description: >- + Namespace specifies the namespace of target resource. + If empty only resources in policy namespace + + will be targeted. + type: string + proxyTypes: + description: >- + ProxyTypes specifies the data plane types that are + subject to the policy. When not specified, + + all data plane types are targeted by the policy. + items: + enum: + - Sidecar + - Gateway + type: string + type: array + sectionName: + description: >- + SectionName is used to target specific section of + resource. + + For example, you can target port from + MeshService.ports[] by its name. Only traffic to this + port will be affected. + type: string + tags: + additionalProperties: + type: string + description: >- + Tags used to select a subset of proxies by tags. Can + only be used with kinds + + `MeshSubset` and `MeshServiceSubset` + type: object + required: + - kind + type: object + required: + - targetRef + type: object + type: array + type: object + creationTime: + readOnly: true + type: string + description: Time at which the resource was created + format: date-time + example: '0001-01-01T00:00:00Z' + modificationTime: + readOnly: true + type: string + description: Time at which the resource was updated + format: date-time + example: '0001-01-01T00:00:00Z' + MeshHealthCheckCreateOrUpdateSuccessResponse: + type: object + properties: + warnings: + type: array + readOnly: true + description: > + warnings is a list of warning messages to return to the requesting + Kuma API clients. + + Warning messages describe a problem the client making the API + request should correct or be aware of. + items: + type: string + MeshHealthCheckDeleteSuccessResponse: + type: object + properties: {} + MeshHTTPRouteItem: + type: object + required: + - type + - name + - spec + properties: + type: + description: the type of the resource + type: string + enum: + - MeshHTTPRoute + mesh: + description: >- + Mesh is the name of the Kuma mesh this resource belongs to. It may + be omitted for cluster-scoped resources. + type: string + default: default + name: + description: Name of the Kuma resource + type: string + labels: + additionalProperties: + type: string + description: The labels to help identity resources + type: object + spec: + description: Spec is the specification of the Kuma MeshHTTPRoute resource. + properties: + targetRef: + description: >- + TargetRef is a reference to the resource the policy takes an + effect on. + + The resource could be either a real store object or virtual + resource + + defined inplace. + properties: + kind: + description: Kind of the referenced resource + enum: + - Mesh + - MeshSubset + - MeshGateway + - MeshService + - MeshExternalService + - MeshMultiZoneService + - MeshServiceSubset + - MeshHTTPRoute + - Dataplane + type: string + labels: + additionalProperties: + type: string + description: >- + Labels are used to select group of MeshServices that match + labels. Either Labels or + + Name and Namespace can be used. + type: object + mesh: + description: >- + Mesh is reserved for future use to identify cross mesh + resources. + type: string + name: + description: >- + Name of the referenced resource. Can only be used with + kinds: `MeshService`, + + `MeshServiceSubset` and `MeshGatewayRoute` + type: string + namespace: + description: >- + Namespace specifies the namespace of target resource. If + empty only resources in policy namespace + + will be targeted. + type: string + proxyTypes: + description: >- + ProxyTypes specifies the data plane types that are subject + to the policy. When not specified, + + all data plane types are targeted by the policy. + items: + enum: + - Sidecar + - Gateway + type: string + type: array + sectionName: + description: >- + SectionName is used to target specific section of resource. + + For example, you can target port from MeshService.ports[] by + its name. Only traffic to this port will be affected. + type: string + tags: + additionalProperties: + type: string + description: >- + Tags used to select a subset of proxies by tags. Can only be + used with kinds + + `MeshSubset` and `MeshServiceSubset` + type: object + required: + - kind + type: object + to: + description: >- + To matches destination services of requests and holds + configuration. + items: + properties: + hostnames: + description: >- + Hostnames is only valid when targeting MeshGateway and + limits the + + effects of the rules to requests to this hostname. + + Given hostnames must intersect with the hostname of the + listeners the + + route attaches to. + items: + type: string + type: array + rules: + description: >- + Rules contains the routing rules applies to a combination + of top-level + + targetRef and the targetRef in this entry. + items: + properties: + default: + description: >- + Default holds routing rules that can be merged with + rules from other + + policies. + properties: + backendRefs: + items: + description: BackendRef defines where to forward traffic. + properties: + kind: + description: Kind of the referenced resource + enum: + - Mesh + - MeshSubset + - MeshGateway + - MeshService + - MeshExternalService + - MeshMultiZoneService + - MeshServiceSubset + - MeshHTTPRoute + - Dataplane + type: string + labels: + additionalProperties: + type: string + description: >- + Labels are used to select group of + MeshServices that match labels. Either + Labels or + + Name and Namespace can be used. + type: object + mesh: + description: >- + Mesh is reserved for future use to + identify cross mesh resources. + type: string + name: + description: >- + Name of the referenced resource. Can only + be used with kinds: `MeshService`, + + `MeshServiceSubset` and `MeshGatewayRoute` + type: string + namespace: + description: >- + Namespace specifies the namespace of + target resource. If empty only resources + in policy namespace + + will be targeted. + type: string + port: + description: >- + Port is only supported when this ref + refers to a real MeshService object + format: int32 + type: integer + proxyTypes: + description: >- + ProxyTypes specifies the data plane types + that are subject to the policy. When not + specified, + + all data plane types are targeted by the + policy. + items: + enum: + - Sidecar + - Gateway + type: string + type: array + sectionName: + description: >- + SectionName is used to target specific + section of resource. + + For example, you can target port from + MeshService.ports[] by its name. Only + traffic to this port will be affected. + type: string + tags: + additionalProperties: + type: string + description: >- + Tags used to select a subset of proxies by + tags. Can only be used with kinds + + `MeshSubset` and `MeshServiceSubset` + type: object + weight: + default: 1 + minimum: 0 + type: integer + required: + - kind + type: object + type: array + filters: + items: + properties: + requestHeaderModifier: + description: >- + Only one action is supported per header + name. + + Configuration to set or add multiple + values for a header must use RFC 7230 + + header value formatting, separating each + value with a comma. + properties: + add: + items: + properties: + name: + maxLength: 256 + minLength: 1 + pattern: ^[a-z0-9!#$%&'*+\-.^_\x60|~]+$ + type: string + value: + type: string + required: + - name + - value + type: object + maxItems: 16 + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map + remove: + items: + type: string + maxItems: 16 + type: array + set: + items: + properties: + name: + maxLength: 256 + minLength: 1 + pattern: ^[a-z0-9!#$%&'*+\-.^_\x60|~]+$ + type: string + value: + type: string + required: + - name + - value + type: object + maxItems: 16 + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map + type: object + requestMirror: + properties: + backendRef: + description: >- + BackendRef defines where to forward + traffic. + properties: + kind: + description: Kind of the referenced resource + enum: + - Mesh + - MeshSubset + - MeshGateway + - MeshService + - MeshExternalService + - MeshMultiZoneService + - MeshServiceSubset + - MeshHTTPRoute + - Dataplane + type: string + labels: + additionalProperties: + type: string + description: >- + Labels are used to select group of + MeshServices that match labels. Either + Labels or + + Name and Namespace can be used. + type: object + mesh: + description: >- + Mesh is reserved for future use to + identify cross mesh resources. + type: string + name: + description: >- + Name of the referenced resource. Can + only be used with kinds: `MeshService`, + + `MeshServiceSubset` and + `MeshGatewayRoute` + type: string + namespace: + description: >- + Namespace specifies the namespace of + target resource. If empty only resources + in policy namespace + + will be targeted. + type: string + port: + description: >- + Port is only supported when this ref + refers to a real MeshService object + format: int32 + type: integer + proxyTypes: + description: >- + ProxyTypes specifies the data plane + types that are subject to the policy. + When not specified, + + all data plane types are targeted by the + policy. + items: + enum: + - Sidecar + - Gateway + type: string + type: array + sectionName: + description: >- + SectionName is used to target specific + section of resource. + + For example, you can target port from + MeshService.ports[] by its name. Only + traffic to this port will be affected. + type: string + tags: + additionalProperties: + type: string + description: >- + Tags used to select a subset of proxies + by tags. Can only be used with kinds + + `MeshSubset` and `MeshServiceSubset` + type: object + weight: + default: 1 + minimum: 0 + type: integer + required: + - kind + type: object + percentage: + anyOf: + - type: integer + - type: string + description: >- + Percentage of requests to mirror. If not + specified, all requests + + to the target cluster will be mirrored. + x-kubernetes-int-or-string: true + required: + - backendRef + type: object + requestRedirect: + properties: + hostname: + description: >- + PreciseHostname is the fully qualified + domain name of a network host. This + + matches the RFC 1123 definition of a + hostname with 1 notable exception that + + numeric IP addresses are not allowed. + + + Note that as per RFC1035 and RFC1123, a + *label* must consist of lower case + + alphanumeric characters or '-', and must + start and end with an alphanumeric + + character. No other punctuation is + allowed. + maxLength: 253 + minLength: 1 + pattern: >- + ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$ + type: string + path: + description: >- + Path defines parameters used to modify + the path of the incoming request. + + The modified path is then used to + construct the location header. + + When empty, the request path is used + as-is. + properties: + replaceFullPath: + type: string + replacePrefixMatch: + type: string + type: + enum: + - ReplaceFullPath + - ReplacePrefixMatch + type: string + required: + - type + type: object + port: + description: >- + Port is the port to be used in the value + of the `Location` + + header in the response. + + When empty, port (if specified) of the + request is used. + format: int32 + maximum: 65535 + minimum: 1 + type: integer + scheme: + enum: + - http + - https + type: string + statusCode: + default: 302 + description: >- + StatusCode is the HTTP status code to be + used in response. + enum: + - 301 + - 302 + - 303 + - 307 + - 308 + type: integer + type: object + responseHeaderModifier: + description: >- + Only one action is supported per header + name. + + Configuration to set or add multiple + values for a header must use RFC 7230 + + header value formatting, separating each + value with a comma. + properties: + add: + items: + properties: + name: + maxLength: 256 + minLength: 1 + pattern: ^[a-z0-9!#$%&'*+\-.^_\x60|~]+$ + type: string + value: + type: string + required: + - name + - value + type: object + maxItems: 16 + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map + remove: + items: + type: string + maxItems: 16 + type: array + set: + items: + properties: + name: + maxLength: 256 + minLength: 1 + pattern: ^[a-z0-9!#$%&'*+\-.^_\x60|~]+$ + type: string + value: + type: string + required: + - name + - value + type: object + maxItems: 16 + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map + type: object + type: + enum: + - RequestHeaderModifier + - ResponseHeaderModifier + - RequestRedirect + - URLRewrite + - RequestMirror + type: string + urlRewrite: + properties: + hostToBackendHostname: + description: >- + HostToBackendHostname rewrites the + hostname to the hostname of the + + upstream host. This option is only + available when targeting MeshGateways. + type: boolean + hostname: + description: >- + Hostname is the value to be used to + replace the host header value during + forwarding. + maxLength: 253 + minLength: 1 + pattern: >- + ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$ + type: string + path: + description: Path defines a path rewrite. + properties: + replaceFullPath: + type: string + replacePrefixMatch: + type: string + type: + enum: + - ReplaceFullPath + - ReplacePrefixMatch + type: string + required: + - type + type: object + type: object + required: + - type + type: object + type: array + type: object + matches: + description: >- + Matches describes how to match HTTP requests this + rule should be applied + + to. + items: + properties: + headers: + items: + description: >- + HeaderMatch describes how to select an HTTP + route by matching HTTP request + + headers. + properties: + name: + description: >- + Name is the name of the HTTP Header to + be matched. Name MUST be lower case + + as they will be handled with case + insensitivity (See + https://tools.ietf.org/html/rfc7230#section-3.2). + maxLength: 256 + minLength: 1 + pattern: ^[a-z0-9!#$%&'*+\-.^_\x60|~]+$ + type: string + type: + default: Exact + description: >- + Type specifies how to match against the + value of the header. + enum: + - Exact + - Present + - RegularExpression + - Absent + - Prefix + type: string + value: + description: >- + Value is the value of HTTP Header to be + matched. + type: string + required: + - name + type: object + type: array + method: + enum: + - CONNECT + - DELETE + - GET + - HEAD + - OPTIONS + - PATCH + - POST + - PUT + - TRACE + type: string + path: + properties: + type: + enum: + - Exact + - PathPrefix + - RegularExpression + type: string + value: + description: >- + Exact or prefix matches must be an + absolute path. A prefix matches only + + if separated by a slash or the entire + path. + minLength: 1 + type: string + required: + - type + - value + type: object + queryParams: + description: >- + QueryParams matches based on HTTP URL query + parameters. Multiple matches + + are ANDed together such that all listed + matches must succeed. + items: + properties: + name: + minLength: 1 + type: string + type: + enum: + - Exact + - RegularExpression + type: string + value: + type: string + required: + - name + - type + - value + type: object + type: array + type: object + minItems: 1 + type: array + required: + - default + - matches + type: object + type: array + targetRef: + description: >- + TargetRef is a reference to the resource that represents a + group of + + request destinations. + properties: + kind: + description: Kind of the referenced resource + enum: + - Mesh + - MeshSubset + - MeshGateway + - MeshService + - MeshExternalService + - MeshMultiZoneService + - MeshServiceSubset + - MeshHTTPRoute + - Dataplane + type: string + labels: + additionalProperties: + type: string + description: >- + Labels are used to select group of MeshServices that + match labels. Either Labels or + + Name and Namespace can be used. + type: object + mesh: + description: >- + Mesh is reserved for future use to identify cross mesh + resources. + type: string + name: + description: >- + Name of the referenced resource. Can only be used with + kinds: `MeshService`, + + `MeshServiceSubset` and `MeshGatewayRoute` + type: string + namespace: + description: >- + Namespace specifies the namespace of target resource. + If empty only resources in policy namespace + + will be targeted. + type: string + proxyTypes: + description: >- + ProxyTypes specifies the data plane types that are + subject to the policy. When not specified, + + all data plane types are targeted by the policy. + items: + enum: + - Sidecar + - Gateway + type: string + type: array + sectionName: + description: >- + SectionName is used to target specific section of + resource. + + For example, you can target port from + MeshService.ports[] by its name. Only traffic to this + port will be affected. + type: string + tags: + additionalProperties: + type: string + description: >- + Tags used to select a subset of proxies by tags. Can + only be used with kinds + + `MeshSubset` and `MeshServiceSubset` + type: object + required: + - kind + type: object + required: + - rules + - targetRef + type: object + type: array + type: object + creationTime: + readOnly: true + type: string + description: Time at which the resource was created + format: date-time + example: '0001-01-01T00:00:00Z' + modificationTime: + readOnly: true + type: string + description: Time at which the resource was updated + format: date-time + example: '0001-01-01T00:00:00Z' + MeshHTTPRouteCreateOrUpdateSuccessResponse: + type: object + properties: + warnings: + type: array + readOnly: true + description: > + warnings is a list of warning messages to return to the requesting + Kuma API clients. + + Warning messages describe a problem the client making the API + request should correct or be aware of. + items: + type: string + MeshHTTPRouteDeleteSuccessResponse: + type: object + properties: {} + MeshLoadBalancingStrategyItem: + type: object + required: + - type + - name + - spec + properties: + type: + description: the type of the resource + type: string + enum: + - MeshLoadBalancingStrategy + mesh: + description: >- + Mesh is the name of the Kuma mesh this resource belongs to. It may + be omitted for cluster-scoped resources. + type: string + default: default + name: + description: Name of the Kuma resource + type: string + labels: + additionalProperties: + type: string + description: The labels to help identity resources + type: object + spec: + description: >- + Spec is the specification of the Kuma MeshLoadBalancingStrategy + resource. + properties: + targetRef: + description: >- + TargetRef is a reference to the resource the policy takes an + effect on. + + The resource could be either a real store object or virtual + resource + + defined inplace. + properties: + kind: + description: Kind of the referenced resource + enum: + - Mesh + - MeshSubset + - MeshGateway + - MeshService + - MeshExternalService + - MeshMultiZoneService + - MeshServiceSubset + - MeshHTTPRoute + - Dataplane + type: string + labels: + additionalProperties: + type: string + description: >- + Labels are used to select group of MeshServices that match + labels. Either Labels or + + Name and Namespace can be used. + type: object + mesh: + description: >- + Mesh is reserved for future use to identify cross mesh + resources. + type: string + name: + description: >- + Name of the referenced resource. Can only be used with + kinds: `MeshService`, + + `MeshServiceSubset` and `MeshGatewayRoute` + type: string + namespace: + description: >- + Namespace specifies the namespace of target resource. If + empty only resources in policy namespace + + will be targeted. + type: string + proxyTypes: + description: >- + ProxyTypes specifies the data plane types that are subject + to the policy. When not specified, + + all data plane types are targeted by the policy. + items: + enum: + - Sidecar + - Gateway + type: string + type: array + sectionName: + description: >- + SectionName is used to target specific section of resource. + + For example, you can target port from MeshService.ports[] by + its name. Only traffic to this port will be affected. + type: string + tags: + additionalProperties: + type: string + description: >- + Tags used to select a subset of proxies by tags. Can only be + used with kinds + + `MeshSubset` and `MeshServiceSubset` + type: object + required: + - kind + type: object + to: + description: >- + To list makes a match between the consumed services and + corresponding configurations + items: + properties: + default: + description: >- + Default is a configuration specific to the group of + destinations referenced in + + 'targetRef' + properties: + loadBalancer: + description: >- + LoadBalancer allows to specify load balancing + algorithm. + properties: + leastRequest: + description: >- + LeastRequest selects N random available hosts as + specified in 'choiceCount' (2 by default) + + and picks the host which has the fewest active + requests + properties: + activeRequestBias: + anyOf: + - type: integer + - type: string + description: >- + ActiveRequestBias refers to dynamic weights + applied when hosts have varying load + + balancing weights. A higher value here + aggressively reduces the weight of endpoints + + that are currently handling active requests. + In essence, the higher the ActiveRequestBias + + value, the more forcefully it reduces the load + balancing weight of endpoints that are + + actively serving requests. + x-kubernetes-int-or-string: true + choiceCount: + description: >- + ChoiceCount is the number of random healthy + hosts from which the host with + + the fewest active requests will be chosen. + Defaults to 2 so that Envoy performs + + two-choice selection if the field is not set. + format: int32 + minimum: 2 + type: integer + type: object + maglev: + description: >- + Maglev implements consistent hashing to upstream + hosts. Maglev can be used as + + a drop in replacement for the ring hash load + balancer any place in which + + consistent hashing is desired. + properties: + hashPolicies: + description: >- + HashPolicies specify a list of + request/connection properties that are used to + calculate a hash. + + These hash policies are executed in the + specified order. If a hash policy has the + “terminal” attribute + + set to true, and there is already a hash + generated, the hash is returned immediately, + + ignoring the rest of the hash policy list. + items: + properties: + connection: + properties: + sourceIP: + description: Hash on source IP address. + type: boolean + type: object + cookie: + properties: + name: + description: >- + The name of the cookie that will be used + to obtain the hash key. + minLength: 1 + type: string + path: + description: The name of the path for the cookie. + type: string + ttl: + description: >- + If specified, a cookie with the TTL will + be generated if the cookie is not + present. + type: string + required: + - name + type: object + filterState: + properties: + key: + description: >- + The name of the Object in the + per-request filterState, which is + + an Envoy::Hashable object. If there is + no data associated with the key, + + or the stored object is not + Envoy::Hashable, no hash will be + produced. + minLength: 1 + type: string + required: + - key + type: object + header: + properties: + name: + description: >- + The name of the request header that will + be used to obtain the hash key. + minLength: 1 + type: string + required: + - name + type: object + queryParameter: + properties: + name: + description: >- + The name of the URL query parameter that + will be used to obtain the hash key. + + If the parameter is not present, no hash + will be produced. Query parameter names + + are case-sensitive. + minLength: 1 + type: string + required: + - name + type: object + terminal: + description: >- + Terminal is a flag that short-circuits + the hash computing. This field provides + + a ‘fallback’ style of configuration: “if + a terminal policy doesn’t work, fallback + + to rest of the policy list”, it saves + time when the terminal policy works. + + If true, and there is already a hash + computed, ignore rest of the list of + hash polices. + type: boolean + type: + enum: + - Header + - Cookie + - Connection + - SourceIP + - QueryParameter + - FilterState + type: string + required: + - type + type: object + type: array + tableSize: + description: >- + The table size for Maglev hashing. Maglev aims + for “minimal disruption” + + rather than an absolute guarantee. Minimal + disruption means that when + + the set of upstream hosts change, a connection + will likely be sent + + to the same upstream as it was before. + Increasing the table size reduces + + the amount of disruption. The table size must + be prime number limited to 5000011. + + If it is not specified, the default is 65537. + format: int32 + maximum: 5000011 + minimum: 1 + type: integer + type: object + random: + description: >- + Random selects a random available host. The random + load balancer generally + + performs better than round-robin if no health + checking policy is configured. + + Random selection avoids bias towards the host in + the set that comes after a failed host. + type: object + ringHash: + description: >- + RingHash implements consistent hashing to + upstream hosts. Each host is mapped + + onto a circle (the “ring”) by hashing its address; + each request is then routed + + to a host by hashing some property of the request, + and finding the nearest + + corresponding host clockwise around the ring. + properties: + hashFunction: + description: >- + HashFunction is a function used to hash hosts + onto the ketama ring. + + The value defaults to XX_HASH. Available + values – XX_HASH, MURMUR_HASH_2. + enum: + - XXHash + - MurmurHash2 + type: string + hashPolicies: + description: >- + HashPolicies specify a list of + request/connection properties that are used to + calculate a hash. + + These hash policies are executed in the + specified order. If a hash policy has the + “terminal” attribute + + set to true, and there is already a hash + generated, the hash is returned immediately, + + ignoring the rest of the hash policy list. + items: + properties: + connection: + properties: + sourceIP: + description: Hash on source IP address. + type: boolean + type: object + cookie: + properties: + name: + description: >- + The name of the cookie that will be used + to obtain the hash key. + minLength: 1 + type: string + path: + description: The name of the path for the cookie. + type: string + ttl: + description: >- + If specified, a cookie with the TTL will + be generated if the cookie is not + present. + type: string + required: + - name + type: object + filterState: + properties: + key: + description: >- + The name of the Object in the + per-request filterState, which is + + an Envoy::Hashable object. If there is + no data associated with the key, + + or the stored object is not + Envoy::Hashable, no hash will be + produced. + minLength: 1 + type: string + required: + - key + type: object + header: + properties: + name: + description: >- + The name of the request header that will + be used to obtain the hash key. + minLength: 1 + type: string + required: + - name + type: object + queryParameter: + properties: + name: + description: >- + The name of the URL query parameter that + will be used to obtain the hash key. + + If the parameter is not present, no hash + will be produced. Query parameter names + + are case-sensitive. + minLength: 1 + type: string + required: + - name + type: object + terminal: + description: >- + Terminal is a flag that short-circuits + the hash computing. This field provides + + a ‘fallback’ style of configuration: “if + a terminal policy doesn’t work, fallback + + to rest of the policy list”, it saves + time when the terminal policy works. + + If true, and there is already a hash + computed, ignore rest of the list of + hash polices. + type: boolean + type: + enum: + - Header + - Cookie + - Connection + - SourceIP + - QueryParameter + - FilterState + type: string + required: + - type + type: object + type: array + maxRingSize: + description: >- + Maximum hash ring size. Defaults to 8M + entries, and limited to 8M entries, + + but can be lowered to further constrain + resource use. + format: int32 + maximum: 8000000 + minimum: 1 + type: integer + minRingSize: + description: >- + Minimum hash ring size. The larger the ring is + (that is, + + the more hashes there are for each provided + host) the better the request distribution + + will reflect the desired weights. Defaults to + 1024 entries, and limited to 8M entries. + format: int32 + maximum: 8000000 + minimum: 1 + type: integer + type: object + roundRobin: + description: >- + RoundRobin is a load balancing algorithm that + distributes requests + + across available upstream hosts in round-robin + order. + type: object + type: + enum: + - RoundRobin + - LeastRequest + - RingHash + - Random + - Maglev + type: string + required: + - type + type: object + localityAwareness: + description: >- + LocalityAwareness contains configuration for locality + aware load balancing. + properties: + crossZone: + description: >- + CrossZone defines locality aware load balancing + priorities when dataplane proxies inside local + zone + + are unavailable + properties: + failover: + description: >- + Failover defines list of load balancing rules + in order of priority + items: + properties: + from: + description: >- + From defines the list of zones to which + the rule applies + properties: + zones: + items: + type: string + type: array + required: + - zones + type: object + to: + description: >- + To defines to which zones the traffic + should be load balanced + properties: + type: + description: >- + Type defines how target zones will be + picked from available zones + enum: + - None + - Only + - Any + - AnyExcept + type: string + zones: + items: + type: string + type: array + required: + - type + type: object + required: + - to + type: object + type: array + failoverThreshold: + description: >- + FailoverThreshold defines the percentage of + live destination dataplane proxies below which + load balancing to the + + next priority starts. + + Example: If you configure failoverThreshold to + 70, and you have deployed 10 destination + dataplane proxies. + + Load balancing to next priority will start + when number of live destination dataplane + proxies drops below 7. + + Default 50 + properties: + percentage: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + required: + - percentage + type: object + type: object + disabled: + description: >- + Disabled allows to disable locality-aware load + balancing. + + When disabled requests are distributed across all + endpoints regardless of locality. + type: boolean + localZone: + description: >- + LocalZone defines locality aware load balancing + priorities between dataplane proxies inside a zone + properties: + affinityTags: + description: >- + AffinityTags list of tags for local zone load + balancing. + items: + properties: + key: + description: >- + Key defines tag for which affinity is + configured + type: string + weight: + description: >- + Weight of the tag used for load + balancing. The bigger the weight the + bigger the priority. + + Percentage of local traffic load + balanced to tag is computed by dividing + weight by sum of weights from all tags. + + For example with two affinity tags first + with weight 80 and second with weight + 20, + + then 80% of traffic will be redirected + to the first tag, and 20% of traffic + will be redirected to second one. + + Setting weights is not mandatory. When + weights are not set control plane will + compute default weight based on list + order. + + Default: If you do not specify weight we + will adjust them so that 90% traffic + goes to first tag, 9% to next, and 1% to + third and so on. + format: int32 + type: integer + required: + - key + type: object + type: array + type: object + type: object + type: object + targetRef: + description: >- + TargetRef is a reference to the resource that represents a + group of + + destinations. + properties: + kind: + description: Kind of the referenced resource + enum: + - Mesh + - MeshSubset + - MeshGateway + - MeshService + - MeshExternalService + - MeshMultiZoneService + - MeshServiceSubset + - MeshHTTPRoute + - Dataplane + type: string + labels: + additionalProperties: + type: string + description: >- + Labels are used to select group of MeshServices that + match labels. Either Labels or + + Name and Namespace can be used. + type: object + mesh: + description: >- + Mesh is reserved for future use to identify cross mesh + resources. + type: string + name: + description: >- + Name of the referenced resource. Can only be used with + kinds: `MeshService`, + + `MeshServiceSubset` and `MeshGatewayRoute` + type: string + namespace: + description: >- + Namespace specifies the namespace of target resource. + If empty only resources in policy namespace + + will be targeted. + type: string + proxyTypes: + description: >- + ProxyTypes specifies the data plane types that are + subject to the policy. When not specified, + + all data plane types are targeted by the policy. + items: + enum: + - Sidecar + - Gateway + type: string + type: array + sectionName: + description: >- + SectionName is used to target specific section of + resource. + + For example, you can target port from + MeshService.ports[] by its name. Only traffic to this + port will be affected. + type: string + tags: + additionalProperties: + type: string + description: >- + Tags used to select a subset of proxies by tags. Can + only be used with kinds + + `MeshSubset` and `MeshServiceSubset` + type: object + required: + - kind + type: object + required: + - targetRef + type: object + type: array + type: object + creationTime: + readOnly: true + type: string + description: Time at which the resource was created + format: date-time + example: '0001-01-01T00:00:00Z' + modificationTime: + readOnly: true + type: string + description: Time at which the resource was updated + format: date-time + example: '0001-01-01T00:00:00Z' + MeshLoadBalancingStrategyCreateOrUpdateSuccessResponse: + type: object + properties: + warnings: + type: array + readOnly: true + description: > + warnings is a list of warning messages to return to the requesting + Kuma API clients. + + Warning messages describe a problem the client making the API + request should correct or be aware of. + items: + type: string + MeshLoadBalancingStrategyDeleteSuccessResponse: + type: object + properties: {} + MeshMetricItem: + type: object + required: + - type + - name + - spec + properties: + type: + description: the type of the resource + type: string + enum: + - MeshMetric + mesh: + description: >- + Mesh is the name of the Kuma mesh this resource belongs to. It may + be omitted for cluster-scoped resources. + type: string + default: default + name: + description: Name of the Kuma resource + type: string + labels: + additionalProperties: + type: string + description: The labels to help identity resources + type: object + spec: + description: Spec is the specification of the Kuma MeshMetric resource. + properties: + default: + description: MeshMetric configuration. + properties: + applications: + description: >- + Applications is a list of application that Dataplane Proxy + will scrape + items: + properties: + address: + description: Address on which an application listens. + type: string + name: + description: Name of the application to scrape + type: string + path: + default: /metrics + description: >- + Path on which an application expose HTTP endpoint with + metrics. + type: string + port: + description: >- + Port on which an application expose HTTP endpoint with + metrics. + format: int32 + type: integer + required: + - port + type: object + type: array + backends: + description: Backends list that will be used to collect metrics. + items: + properties: + openTelemetry: + description: OpenTelemetry backend configuration + properties: + endpoint: + description: Endpoint for OpenTelemetry collector + type: string + refreshInterval: + description: >- + RefreshInterval defines how frequent metrics + should be pushed to collector + type: string + required: + - endpoint + type: object + prometheus: + description: Prometheus backend configuration. + properties: + clientId: + description: >- + ClientId of the Prometheus backend. Needed when + using MADS for DP discovery. + type: string + path: + default: /metrics + description: >- + Path on which a dataplane should expose HTTP + endpoint with Prometheus metrics. + type: string + port: + default: 5670 + description: >- + Port on which a dataplane should expose HTTP + endpoint with Prometheus metrics. + format: int32 + type: integer + tls: + description: Configuration of TLS for prometheus listener. + properties: + mode: + default: Disabled + description: Configuration of TLS for Prometheus listener. + enum: + - Disabled + - ProvidedTLS + - ActiveMTLSBackend + type: string + type: object + type: object + type: + description: >- + Type of the backend that will be used to collect + metrics. At the moment only Prometheus backend is + available. + enum: + - Prometheus + - OpenTelemetry + type: string + required: + - type + type: object + type: array + sidecar: + description: Sidecar metrics collection configuration + properties: + includeUnused: + description: >- + IncludeUnused if false will scrape only metrics that has + been by sidecar (counters incremented + + at least once, gauges changed at least once, and + histograms added to at + + least once). If true will scrape all metrics (even the + ones with zeros). + + If not specified then the default value is false. + type: boolean + profiles: + description: >- + Profiles allows to customize which metrics are + published. + properties: + appendProfiles: + description: >- + AppendProfiles allows to combine the metrics from + multiple predefined profiles. + items: + properties: + name: + description: >- + Name of the predefined profile, one of: all, + basic, none + enum: + - All + - Basic + - None + type: string + required: + - name + type: object + type: array + exclude: + description: >- + Exclude makes it possible to exclude groups of + metrics from a resulting profile. + + Exclude is subordinate to Include. + items: + properties: + match: + description: >- + Match is the value used to match using + particular Type + type: string + type: + description: >- + Type defined the type of selector, one of: + prefix, regex, exact + enum: + - Prefix + - Regex + - Exact + - Contains + type: string + required: + - match + - type + type: object + type: array + include: + description: >- + Include makes it possible to include additional + metrics in a selected profiles. + + Include takes precedence over Exclude. + items: + properties: + match: + description: >- + Match is the value used to match using + particular Type + type: string + type: + description: >- + Type defined the type of selector, one of: + prefix, regex, exact + enum: + - Prefix + - Regex + - Exact + - Contains + type: string + required: + - match + - type + type: object + type: array + type: object + type: object + type: object + targetRef: + description: >- + TargetRef is a reference to the resource the policy takes an + effect on. + + The resource could be either a real store object or virtual + resource + + defined in-place. + properties: + kind: + description: Kind of the referenced resource + enum: + - Mesh + - MeshSubset + - MeshGateway + - MeshService + - MeshExternalService + - MeshMultiZoneService + - MeshServiceSubset + - MeshHTTPRoute + - Dataplane + type: string + labels: + additionalProperties: + type: string + description: >- + Labels are used to select group of MeshServices that match + labels. Either Labels or + + Name and Namespace can be used. + type: object + mesh: + description: >- + Mesh is reserved for future use to identify cross mesh + resources. + type: string + name: + description: >- + Name of the referenced resource. Can only be used with + kinds: `MeshService`, + + `MeshServiceSubset` and `MeshGatewayRoute` + type: string + namespace: + description: >- + Namespace specifies the namespace of target resource. If + empty only resources in policy namespace + + will be targeted. + type: string + proxyTypes: + description: >- + ProxyTypes specifies the data plane types that are subject + to the policy. When not specified, + + all data plane types are targeted by the policy. + items: + enum: + - Sidecar + - Gateway + type: string + type: array + sectionName: + description: >- + SectionName is used to target specific section of resource. + + For example, you can target port from MeshService.ports[] by + its name. Only traffic to this port will be affected. + type: string + tags: + additionalProperties: + type: string + description: >- + Tags used to select a subset of proxies by tags. Can only be + used with kinds + + `MeshSubset` and `MeshServiceSubset` + type: object + required: + - kind + type: object + type: object + creationTime: + readOnly: true + type: string + description: Time at which the resource was created + format: date-time + example: '0001-01-01T00:00:00Z' + modificationTime: + readOnly: true + type: string + description: Time at which the resource was updated + format: date-time + example: '0001-01-01T00:00:00Z' + MeshMetricCreateOrUpdateSuccessResponse: + type: object + properties: + warnings: + type: array + readOnly: true + description: > + warnings is a list of warning messages to return to the requesting + Kuma API clients. + + Warning messages describe a problem the client making the API + request should correct or be aware of. + items: + type: string + MeshMetricDeleteSuccessResponse: + type: object + properties: {} + MeshPassthroughItem: + type: object + required: + - type + - name + - spec + properties: + type: + description: the type of the resource + type: string + enum: + - MeshPassthrough + mesh: + description: >- + Mesh is the name of the Kuma mesh this resource belongs to. It may + be omitted for cluster-scoped resources. + type: string + default: default + name: + description: Name of the Kuma resource + type: string + labels: + additionalProperties: + type: string + description: The labels to help identity resources + type: object + spec: + description: Spec is the specification of the Kuma MeshPassthrough resource. + properties: + default: + description: MeshPassthrough configuration. + properties: + appendMatch: + description: >- + AppendMatch is a list of destinations that should be allowed + through the sidecar. + items: + properties: + port: + description: Port defines the port to which a user makes a request. + format: int32 + type: integer + protocol: + default: tcp + description: >- + Protocol defines the communication protocol. Possible + values: `tcp`, `tls`, `grpc`, `http`, `http2`, + `mysql`. + enum: + - tcp + - tls + - grpc + - http + - http2 + - mysql + type: string + type: + description: >- + Type of the match, one of `Domain`, `IP` or `CIDR` is + available. + enum: + - Domain + - IP + - CIDR + type: string + value: + description: Value for the specified Type. + type: string + required: + - type + - value + type: object + type: array + passthroughMode: + description: >- + Defines the passthrough behavior. Possible values: `All`, + `None`, `Matched` + + When `All` or `None` `appendMatch` has no effect. + + If not specified then the default value is "Matched". + enum: + - All + - Matched + - None + type: string + type: object + targetRef: + description: >- + TargetRef is a reference to the resource the policy takes an + effect on. + + The resource could be either a real store object or virtual + resource + + defined in-place. + properties: + kind: + description: Kind of the referenced resource + enum: + - Mesh + - MeshSubset + - MeshGateway + - MeshService + - MeshExternalService + - MeshMultiZoneService + - MeshServiceSubset + - MeshHTTPRoute + - Dataplane + type: string + labels: + additionalProperties: + type: string + description: >- + Labels are used to select group of MeshServices that match + labels. Either Labels or + + Name and Namespace can be used. + type: object + mesh: + description: >- + Mesh is reserved for future use to identify cross mesh + resources. + type: string + name: + description: >- + Name of the referenced resource. Can only be used with + kinds: `MeshService`, + + `MeshServiceSubset` and `MeshGatewayRoute` + type: string + namespace: + description: >- + Namespace specifies the namespace of target resource. If + empty only resources in policy namespace + + will be targeted. + type: string + proxyTypes: + description: >- + ProxyTypes specifies the data plane types that are subject + to the policy. When not specified, + + all data plane types are targeted by the policy. + items: + enum: + - Sidecar + - Gateway + type: string + type: array + sectionName: + description: >- + SectionName is used to target specific section of resource. + + For example, you can target port from MeshService.ports[] by + its name. Only traffic to this port will be affected. + type: string + tags: + additionalProperties: + type: string + description: >- + Tags used to select a subset of proxies by tags. Can only be + used with kinds + + `MeshSubset` and `MeshServiceSubset` + type: object + required: + - kind + type: object + type: object + creationTime: + readOnly: true + type: string + description: Time at which the resource was created + format: date-time + example: '0001-01-01T00:00:00Z' + modificationTime: + readOnly: true + type: string + description: Time at which the resource was updated + format: date-time + example: '0001-01-01T00:00:00Z' + MeshPassthroughCreateOrUpdateSuccessResponse: + type: object + properties: + warnings: + type: array + readOnly: true + description: > + warnings is a list of warning messages to return to the requesting + Kuma API clients. + + Warning messages describe a problem the client making the API + request should correct or be aware of. + items: + type: string + MeshPassthroughDeleteSuccessResponse: + type: object + properties: {} + MeshProxyPatchItem: + type: object + required: + - type + - name + - spec + properties: + type: + description: the type of the resource + type: string + enum: + - MeshProxyPatch + mesh: + description: >- + Mesh is the name of the Kuma mesh this resource belongs to. It may + be omitted for cluster-scoped resources. + type: string + default: default + name: + description: Name of the Kuma resource + type: string + labels: + additionalProperties: + type: string + description: The labels to help identity resources + type: object + spec: + description: Spec is the specification of the Kuma MeshProxyPatch resource. + properties: + default: + description: |- + Default is a configuration specific to the group of destinations + referenced in 'targetRef'. + properties: + appendModifications: + description: >- + AppendModifications is a list of modifications applied on + the selected proxy. + items: + properties: + cluster: + description: Cluster is a modification of Envoy's Cluster resource. + properties: + jsonPatches: + description: >- + JsonPatches specifies list of jsonpatches to apply + to on Envoy's Cluster + + resource + items: + description: >- + JsonPatchBlock is one json patch operation + block. + properties: + from: + description: >- + From is a jsonpatch from string, used by + move and copy operations. + type: string + op: + description: Op is a jsonpatch operation string. + enum: + - add + - remove + - replace + - move + - copy + type: string + path: + description: Path is a jsonpatch path string. + type: string + value: + description: >- + Value must be a valid json value used by + replace and add operations. + x-kubernetes-preserve-unknown-fields: true + required: + - op + - path + type: object + type: array + match: + description: >- + Match is a set of conditions that have to be + matched for modification operation to happen. + properties: + name: + description: Name of the cluster to match. + type: string + origin: + description: >- + Origin is the name of the component or plugin + that generated the resource. + + + Here is the list of well-known origins: + + inbound - resources generated for handling + incoming traffic. + + outbound - resources generated for handling + outgoing traffic. + + transparent - resources generated for + transparent proxy functionality. + + prometheus - resources generated when + Prometheus metrics are enabled. + + direct-access - resources generated for Direct + Access functionality. + + ingress - resources generated for Zone + Ingress. + + egress - resources generated for Zone Egress. + + gateway - resources generated for MeshGateway. + + + The list is not complete, because policy + plugins can introduce new resources. + + For example MeshTrace plugin can create + Cluster with "mesh-trace" origin. + type: string + type: object + operation: + description: Operation to execute on matched cluster. + enum: + - Add + - Remove + - Patch + type: string + value: + description: >- + Value of xDS resource in YAML format to add or + patch. + type: string + required: + - operation + type: object + httpFilter: + description: >- + HTTPFilter is a modification of Envoy HTTP Filter + + available in HTTP Connection Manager in a Listener + resource. + properties: + jsonPatches: + description: >- + JsonPatches specifies list of jsonpatches to apply + to on Envoy's + + HTTP Filter available in HTTP Connection Manager + in a Listener resource. + items: + description: >- + JsonPatchBlock is one json patch operation + block. + properties: + from: + description: >- + From is a jsonpatch from string, used by + move and copy operations. + type: string + op: + description: Op is a jsonpatch operation string. + enum: + - add + - remove + - replace + - move + - copy + type: string + path: + description: Path is a jsonpatch path string. + type: string + value: + description: >- + Value must be a valid json value used by + replace and add operations. + x-kubernetes-preserve-unknown-fields: true + required: + - op + - path + type: object + type: array + match: + description: >- + Match is a set of conditions that have to be + matched for modification operation to happen. + properties: + listenerName: + description: Name of the listener to match. + type: string + listenerTags: + additionalProperties: + type: string + description: >- + Listener tags available in + Listener#Metadata#FilterMetadata[io.kuma.tags] + type: object + name: + description: >- + Name of the HTTP filter. For example + "envoy.filters.http.local_ratelimit" + type: string + origin: + description: >- + Origin is the name of the component or plugin + that generated the resource. + + + Here is the list of well-known origins: + + inbound - resources generated for handling + incoming traffic. + + outbound - resources generated for handling + outgoing traffic. + + transparent - resources generated for + transparent proxy functionality. + + prometheus - resources generated when + Prometheus metrics are enabled. + + direct-access - resources generated for Direct + Access functionality. + + ingress - resources generated for Zone + Ingress. + + egress - resources generated for Zone Egress. + + gateway - resources generated for MeshGateway. + + + The list is not complete, because policy + plugins can introduce new resources. + + For example MeshTrace plugin can create + Cluster with "mesh-trace" origin. + type: string + type: object + operation: + description: Operation to execute on matched listener. + enum: + - Remove + - Patch + - AddFirst + - AddBefore + - AddAfter + - AddLast + type: string + value: + description: >- + Value of xDS resource in YAML format to add or + patch. + type: string + required: + - operation + type: object + listener: + description: >- + Listener is a modification of Envoy's Listener + resource. + properties: + jsonPatches: + description: >- + JsonPatches specifies list of jsonpatches to apply + to on Envoy's Listener + + resource + items: + description: >- + JsonPatchBlock is one json patch operation + block. + properties: + from: + description: >- + From is a jsonpatch from string, used by + move and copy operations. + type: string + op: + description: Op is a jsonpatch operation string. + enum: + - add + - remove + - replace + - move + - copy + type: string + path: + description: Path is a jsonpatch path string. + type: string + value: + description: >- + Value must be a valid json value used by + replace and add operations. + x-kubernetes-preserve-unknown-fields: true + required: + - op + - path + type: object + type: array + match: + description: >- + Match is a set of conditions that have to be + matched for modification operation to happen. + properties: + name: + description: Name of the listener to match. + type: string + origin: + description: >- + Origin is the name of the component or plugin + that generated the resource. + + + Here is the list of well-known origins: + + inbound - resources generated for handling + incoming traffic. + + outbound - resources generated for handling + outgoing traffic. + + transparent - resources generated for + transparent proxy functionality. + + prometheus - resources generated when + Prometheus metrics are enabled. + + direct-access - resources generated for Direct + Access functionality. + + ingress - resources generated for Zone + Ingress. + + egress - resources generated for Zone Egress. + + gateway - resources generated for MeshGateway. + + + The list is not complete, because policy + plugins can introduce new resources. + + For example MeshTrace plugin can create + Cluster with "mesh-trace" origin. + type: string + tags: + additionalProperties: + type: string + description: >- + Tags available in + Listener#Metadata#FilterMetadata[io.kuma.tags] + type: object + type: object + operation: + description: Operation to execute on matched listener. + enum: + - Add + - Remove + - Patch + type: string + value: + description: >- + Value of xDS resource in YAML format to add or + patch. + type: string + required: + - operation + type: object + networkFilter: + description: >- + NetworkFilter is a modification of Envoy Listener's + filter. + properties: + jsonPatches: + description: >- + JsonPatches specifies list of jsonpatches to apply + to on Envoy Listener's + + filter. + items: + description: >- + JsonPatchBlock is one json patch operation + block. + properties: + from: + description: >- + From is a jsonpatch from string, used by + move and copy operations. + type: string + op: + description: Op is a jsonpatch operation string. + enum: + - add + - remove + - replace + - move + - copy + type: string + path: + description: Path is a jsonpatch path string. + type: string + value: + description: >- + Value must be a valid json value used by + replace and add operations. + x-kubernetes-preserve-unknown-fields: true + required: + - op + - path + type: object + type: array + match: + description: >- + Match is a set of conditions that have to be + matched for modification operation to happen. + properties: + listenerName: + description: Name of the listener to match. + type: string + listenerTags: + additionalProperties: + type: string + description: >- + Listener tags available in + Listener#Metadata#FilterMetadata[io.kuma.tags] + type: object + name: + description: >- + Name of the network filter. For example + "envoy.filters.network.ratelimit" + type: string + origin: + description: >- + Origin is the name of the component or plugin + that generated the resource. + + + Here is the list of well-known origins: + + inbound - resources generated for handling + incoming traffic. + + outbound - resources generated for handling + outgoing traffic. + + transparent - resources generated for + transparent proxy functionality. + + prometheus - resources generated when + Prometheus metrics are enabled. + + direct-access - resources generated for Direct + Access functionality. + + ingress - resources generated for Zone + Ingress. + + egress - resources generated for Zone Egress. + + gateway - resources generated for MeshGateway. + + + The list is not complete, because policy + plugins can introduce new resources. + + For example MeshTrace plugin can create + Cluster with "mesh-trace" origin. + type: string + type: object + operation: + description: Operation to execute on matched listener. + enum: + - Remove + - Patch + - AddFirst + - AddBefore + - AddAfter + - AddLast + type: string + value: + description: >- + Value of xDS resource in YAML format to add or + patch. + type: string + required: + - operation + type: object + virtualHost: + description: >- + VirtualHost is a modification of Envoy's VirtualHost + + referenced in HTTP Connection Manager in a Listener + resource. + properties: + jsonPatches: + description: >- + JsonPatches specifies list of jsonpatches to apply + to on Envoy's + + VirtualHost resource + items: + description: >- + JsonPatchBlock is one json patch operation + block. + properties: + from: + description: >- + From is a jsonpatch from string, used by + move and copy operations. + type: string + op: + description: Op is a jsonpatch operation string. + enum: + - add + - remove + - replace + - move + - copy + type: string + path: + description: Path is a jsonpatch path string. + type: string + value: + description: >- + Value must be a valid json value used by + replace and add operations. + x-kubernetes-preserve-unknown-fields: true + required: + - op + - path + type: object + type: array + match: + description: >- + Match is a set of conditions that have to be + matched for modification operation to happen. + properties: + name: + description: Name of the VirtualHost to match. + type: string + origin: + description: >- + Origin is the name of the component or plugin + that generated the resource. + + + Here is the list of well-known origins: + + inbound - resources generated for handling + incoming traffic. + + outbound - resources generated for handling + outgoing traffic. + + transparent - resources generated for + transparent proxy functionality. + + prometheus - resources generated when + Prometheus metrics are enabled. + + direct-access - resources generated for Direct + Access functionality. + + ingress - resources generated for Zone + Ingress. + + egress - resources generated for Zone Egress. + + gateway - resources generated for MeshGateway. + + + The list is not complete, because policy + plugins can introduce new resources. + + For example MeshTrace plugin can create + Cluster with "mesh-trace" origin. + type: string + routeConfigurationName: + description: >- + Name of the RouteConfiguration resource to + match. + type: string + type: object + operation: + description: Operation to execute on matched listener. + enum: + - Add + - Remove + - Patch + type: string + value: + description: >- + Value of xDS resource in YAML format to add or + patch. + type: string + required: + - match + - operation + type: object + type: object + type: array + type: object + targetRef: + description: >- + TargetRef is a reference to the resource the policy takes an + effect on. + + The resource could be either a real store object or virtual + resource + + defined inplace. + properties: + kind: + description: Kind of the referenced resource + enum: + - Mesh + - MeshSubset + - MeshGateway + - MeshService + - MeshExternalService + - MeshMultiZoneService + - MeshServiceSubset + - MeshHTTPRoute + - Dataplane + type: string + labels: + additionalProperties: + type: string + description: >- + Labels are used to select group of MeshServices that match + labels. Either Labels or + + Name and Namespace can be used. + type: object + mesh: + description: >- + Mesh is reserved for future use to identify cross mesh + resources. + type: string + name: + description: >- + Name of the referenced resource. Can only be used with + kinds: `MeshService`, + + `MeshServiceSubset` and `MeshGatewayRoute` + type: string + namespace: + description: >- + Namespace specifies the namespace of target resource. If + empty only resources in policy namespace + + will be targeted. + type: string + proxyTypes: + description: >- + ProxyTypes specifies the data plane types that are subject + to the policy. When not specified, + + all data plane types are targeted by the policy. + items: + enum: + - Sidecar + - Gateway + type: string + type: array + sectionName: + description: >- + SectionName is used to target specific section of resource. + + For example, you can target port from MeshService.ports[] by + its name. Only traffic to this port will be affected. + type: string + tags: + additionalProperties: + type: string + description: >- + Tags used to select a subset of proxies by tags. Can only be + used with kinds + + `MeshSubset` and `MeshServiceSubset` + type: object + required: + - kind + type: object + required: + - default + type: object + creationTime: + readOnly: true + type: string + description: Time at which the resource was created + format: date-time + example: '0001-01-01T00:00:00Z' + modificationTime: + readOnly: true + type: string + description: Time at which the resource was updated + format: date-time + example: '0001-01-01T00:00:00Z' + MeshProxyPatchCreateOrUpdateSuccessResponse: + type: object + properties: + warnings: + type: array + readOnly: true + description: > + warnings is a list of warning messages to return to the requesting + Kuma API clients. + + Warning messages describe a problem the client making the API + request should correct or be aware of. + items: + type: string + MeshProxyPatchDeleteSuccessResponse: + type: object + properties: {} + MeshRateLimitItem: + type: object + required: + - type + - name + - spec + properties: + type: + description: the type of the resource + type: string + enum: + - MeshRateLimit + mesh: + description: >- + Mesh is the name of the Kuma mesh this resource belongs to. It may + be omitted for cluster-scoped resources. + type: string + default: default + name: + description: Name of the Kuma resource + type: string + labels: + additionalProperties: + type: string + description: The labels to help identity resources + type: object + spec: + description: Spec is the specification of the Kuma MeshRateLimit resource. + properties: + from: + description: >- + From list makes a match between clients and corresponding + configurations + items: + properties: + default: + description: >- + Default is a configuration specific to the group of + clients referenced in + + 'targetRef' + properties: + local: + description: >- + LocalConf defines local http or/and tcp rate limit + configuration + properties: + http: + description: >- + LocalHTTP defines configuration of local HTTP rate + limiting + + https://www.envoyproxy.io/docs/envoy/latest/configuration/http/http_filters/local_rate_limit_filter + properties: + disabled: + description: Define if rate limiting should be disabled. + type: boolean + onRateLimit: + description: >- + Describes the actions to take on a rate limit + event + properties: + headers: + description: >- + The Headers to be added to the HTTP + response on a rate limit event + properties: + add: + items: + properties: + name: + maxLength: 256 + minLength: 1 + pattern: ^[a-z0-9!#$%&'*+\-.^_\x60|~]+$ + type: string + value: + type: string + required: + - name + - value + type: object + maxItems: 16 + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map + set: + items: + properties: + name: + maxLength: 256 + minLength: 1 + pattern: ^[a-z0-9!#$%&'*+\-.^_\x60|~]+$ + type: string + value: + type: string + required: + - name + - value + type: object + maxItems: 16 + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map + type: object + status: + description: >- + The HTTP status code to be set on a rate + limit event + format: int32 + type: integer + type: object + requestRate: + description: >- + Defines how many requests are allowed per + interval. + properties: + interval: + description: >- + The interval the number of units is + accounted for. + type: string + num: + description: >- + Number of units per interval (depending on + usage it can be a number of requests, + + or a number of connections). + format: int32 + type: integer + required: + - interval + - num + type: object + type: object + tcp: + description: >- + LocalTCP defines confguration of local TCP rate + limiting + + https://www.envoyproxy.io/docs/envoy/latest/configuration/listeners/network_filters/local_rate_limit_filter + properties: + connectionRate: + description: >- + Defines how many connections are allowed per + interval. + properties: + interval: + description: >- + The interval the number of units is + accounted for. + type: string + num: + description: >- + Number of units per interval (depending on + usage it can be a number of requests, + + or a number of connections). + format: int32 + type: integer + required: + - interval + - num + type: object + disabled: + description: |- + Define if rate limiting should be disabled. + Default: false + type: boolean + type: object + type: object + type: object + targetRef: + description: >- + TargetRef is a reference to the resource that represents a + group of + + clients. + properties: + kind: + description: Kind of the referenced resource + enum: + - Mesh + - MeshSubset + - MeshGateway + - MeshService + - MeshExternalService + - MeshMultiZoneService + - MeshServiceSubset + - MeshHTTPRoute + - Dataplane + type: string + labels: + additionalProperties: + type: string + description: >- + Labels are used to select group of MeshServices that + match labels. Either Labels or + + Name and Namespace can be used. + type: object + mesh: + description: >- + Mesh is reserved for future use to identify cross mesh + resources. + type: string + name: + description: >- + Name of the referenced resource. Can only be used with + kinds: `MeshService`, + + `MeshServiceSubset` and `MeshGatewayRoute` + type: string + namespace: + description: >- + Namespace specifies the namespace of target resource. + If empty only resources in policy namespace + + will be targeted. + type: string + proxyTypes: + description: >- + ProxyTypes specifies the data plane types that are + subject to the policy. When not specified, + + all data plane types are targeted by the policy. + items: + enum: + - Sidecar + - Gateway + type: string + type: array + sectionName: + description: >- + SectionName is used to target specific section of + resource. + + For example, you can target port from + MeshService.ports[] by its name. Only traffic to this + port will be affected. + type: string + tags: + additionalProperties: + type: string + description: >- + Tags used to select a subset of proxies by tags. Can + only be used with kinds + + `MeshSubset` and `MeshServiceSubset` + type: object + required: + - kind + type: object + required: + - targetRef + type: object + type: array + rules: + description: >- + Rules defines inbound rate limiting configurations. Currently + limited to + + selecting all inbound traffic, as L7 matching is not yet + implemented. + items: + properties: + default: + description: Default contains configuration of the inbound rate limits + properties: + local: + description: >- + LocalConf defines local http or/and tcp rate limit + configuration + properties: + http: + description: >- + LocalHTTP defines configuration of local HTTP rate + limiting + + https://www.envoyproxy.io/docs/envoy/latest/configuration/http/http_filters/local_rate_limit_filter + properties: + disabled: + description: Define if rate limiting should be disabled. + type: boolean + onRateLimit: + description: >- + Describes the actions to take on a rate limit + event + properties: + headers: + description: >- + The Headers to be added to the HTTP + response on a rate limit event + properties: + add: + items: + properties: + name: + maxLength: 256 + minLength: 1 + pattern: ^[a-z0-9!#$%&'*+\-.^_\x60|~]+$ + type: string + value: + type: string + required: + - name + - value + type: object + maxItems: 16 + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map + set: + items: + properties: + name: + maxLength: 256 + minLength: 1 + pattern: ^[a-z0-9!#$%&'*+\-.^_\x60|~]+$ + type: string + value: + type: string + required: + - name + - value + type: object + maxItems: 16 + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map + type: object + status: + description: >- + The HTTP status code to be set on a rate + limit event + format: int32 + type: integer + type: object + requestRate: + description: >- + Defines how many requests are allowed per + interval. + properties: + interval: + description: >- + The interval the number of units is + accounted for. + type: string + num: + description: >- + Number of units per interval (depending on + usage it can be a number of requests, + + or a number of connections). + format: int32 + type: integer + required: + - interval + - num + type: object + type: object + tcp: + description: >- + LocalTCP defines confguration of local TCP rate + limiting + + https://www.envoyproxy.io/docs/envoy/latest/configuration/listeners/network_filters/local_rate_limit_filter + properties: + connectionRate: + description: >- + Defines how many connections are allowed per + interval. + properties: + interval: + description: >- + The interval the number of units is + accounted for. + type: string + num: + description: >- + Number of units per interval (depending on + usage it can be a number of requests, + + or a number of connections). + format: int32 + type: integer + required: + - interval + - num + type: object + disabled: + description: |- + Define if rate limiting should be disabled. + Default: false + type: boolean + type: object + type: object + type: object + type: object + type: array + targetRef: + description: >- + TargetRef is a reference to the resource the policy takes an + effect on. + + The resource could be either a real store object or virtual + resource + + defined inplace. + properties: + kind: + description: Kind of the referenced resource + enum: + - Mesh + - MeshSubset + - MeshGateway + - MeshService + - MeshExternalService + - MeshMultiZoneService + - MeshServiceSubset + - MeshHTTPRoute + - Dataplane + type: string + labels: + additionalProperties: + type: string + description: >- + Labels are used to select group of MeshServices that match + labels. Either Labels or + + Name and Namespace can be used. + type: object + mesh: + description: >- + Mesh is reserved for future use to identify cross mesh + resources. + type: string + name: + description: >- + Name of the referenced resource. Can only be used with + kinds: `MeshService`, + + `MeshServiceSubset` and `MeshGatewayRoute` + type: string + namespace: + description: >- + Namespace specifies the namespace of target resource. If + empty only resources in policy namespace + + will be targeted. + type: string + proxyTypes: + description: >- + ProxyTypes specifies the data plane types that are subject + to the policy. When not specified, + + all data plane types are targeted by the policy. + items: + enum: + - Sidecar + - Gateway + type: string + type: array + sectionName: + description: >- + SectionName is used to target specific section of resource. + + For example, you can target port from MeshService.ports[] by + its name. Only traffic to this port will be affected. + type: string + tags: + additionalProperties: + type: string + description: >- + Tags used to select a subset of proxies by tags. Can only be + used with kinds + + `MeshSubset` and `MeshServiceSubset` + type: object + required: + - kind + type: object + to: + description: >- + To list makes a match between clients and corresponding + configurations + items: + properties: + default: + description: >- + Default is a configuration specific to the group of + clients referenced in + + 'targetRef' + properties: + local: + description: >- + LocalConf defines local http or/and tcp rate limit + configuration + properties: + http: + description: >- + LocalHTTP defines configuration of local HTTP rate + limiting + + https://www.envoyproxy.io/docs/envoy/latest/configuration/http/http_filters/local_rate_limit_filter + properties: + disabled: + description: Define if rate limiting should be disabled. + type: boolean + onRateLimit: + description: >- + Describes the actions to take on a rate limit + event + properties: + headers: + description: >- + The Headers to be added to the HTTP + response on a rate limit event + properties: + add: + items: + properties: + name: + maxLength: 256 + minLength: 1 + pattern: ^[a-z0-9!#$%&'*+\-.^_\x60|~]+$ + type: string + value: + type: string + required: + - name + - value + type: object + maxItems: 16 + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map + set: + items: + properties: + name: + maxLength: 256 + minLength: 1 + pattern: ^[a-z0-9!#$%&'*+\-.^_\x60|~]+$ + type: string + value: + type: string + required: + - name + - value + type: object + maxItems: 16 + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map + type: object + status: + description: >- + The HTTP status code to be set on a rate + limit event + format: int32 + type: integer + type: object + requestRate: + description: >- + Defines how many requests are allowed per + interval. + properties: + interval: + description: >- + The interval the number of units is + accounted for. + type: string + num: + description: >- + Number of units per interval (depending on + usage it can be a number of requests, + + or a number of connections). + format: int32 + type: integer + required: + - interval + - num + type: object + type: object + tcp: + description: >- + LocalTCP defines confguration of local TCP rate + limiting + + https://www.envoyproxy.io/docs/envoy/latest/configuration/listeners/network_filters/local_rate_limit_filter + properties: + connectionRate: + description: >- + Defines how many connections are allowed per + interval. + properties: + interval: + description: >- + The interval the number of units is + accounted for. + type: string + num: + description: >- + Number of units per interval (depending on + usage it can be a number of requests, + + or a number of connections). + format: int32 + type: integer + required: + - interval + - num + type: object + disabled: + description: |- + Define if rate limiting should be disabled. + Default: false + type: boolean + type: object + type: object + type: object + targetRef: + description: >- + TargetRef is a reference to the resource that represents a + group of + + clients. + properties: + kind: + description: Kind of the referenced resource + enum: + - Mesh + - MeshSubset + - MeshGateway + - MeshService + - MeshExternalService + - MeshMultiZoneService + - MeshServiceSubset + - MeshHTTPRoute + - Dataplane + type: string + labels: + additionalProperties: + type: string + description: >- + Labels are used to select group of MeshServices that + match labels. Either Labels or + + Name and Namespace can be used. + type: object + mesh: + description: >- + Mesh is reserved for future use to identify cross mesh + resources. + type: string + name: + description: >- + Name of the referenced resource. Can only be used with + kinds: `MeshService`, + + `MeshServiceSubset` and `MeshGatewayRoute` + type: string + namespace: + description: >- + Namespace specifies the namespace of target resource. + If empty only resources in policy namespace + + will be targeted. + type: string + proxyTypes: + description: >- + ProxyTypes specifies the data plane types that are + subject to the policy. When not specified, + + all data plane types are targeted by the policy. + items: + enum: + - Sidecar + - Gateway + type: string + type: array + sectionName: + description: >- + SectionName is used to target specific section of + resource. + + For example, you can target port from + MeshService.ports[] by its name. Only traffic to this + port will be affected. + type: string + tags: + additionalProperties: + type: string + description: >- + Tags used to select a subset of proxies by tags. Can + only be used with kinds + + `MeshSubset` and `MeshServiceSubset` + type: object + required: + - kind + type: object + required: + - targetRef + type: object + type: array + type: object + creationTime: + readOnly: true + type: string + description: Time at which the resource was created + format: date-time + example: '0001-01-01T00:00:00Z' + modificationTime: + readOnly: true + type: string + description: Time at which the resource was updated + format: date-time + example: '0001-01-01T00:00:00Z' + MeshRateLimitCreateOrUpdateSuccessResponse: + type: object + properties: + warnings: + type: array + readOnly: true + description: > + warnings is a list of warning messages to return to the requesting + Kuma API clients. + + Warning messages describe a problem the client making the API + request should correct or be aware of. + items: + type: string + MeshRateLimitDeleteSuccessResponse: + type: object + properties: {} + MeshRetryItem: + type: object + required: + - type + - name + - spec + properties: + type: + description: the type of the resource + type: string + enum: + - MeshRetry + mesh: + description: >- + Mesh is the name of the Kuma mesh this resource belongs to. It may + be omitted for cluster-scoped resources. + type: string + default: default + name: + description: Name of the Kuma resource + type: string + labels: + additionalProperties: + type: string + description: The labels to help identity resources + type: object + spec: + description: Spec is the specification of the Kuma MeshRetry resource. + properties: + targetRef: + description: >- + TargetRef is a reference to the resource the policy takes an + effect on. + + The resource could be either a real store object or virtual + resource + + defined inplace. + properties: + kind: + description: Kind of the referenced resource + enum: + - Mesh + - MeshSubset + - MeshGateway + - MeshService + - MeshExternalService + - MeshMultiZoneService + - MeshServiceSubset + - MeshHTTPRoute + - Dataplane + type: string + labels: + additionalProperties: + type: string + description: >- + Labels are used to select group of MeshServices that match + labels. Either Labels or + + Name and Namespace can be used. + type: object + mesh: + description: >- + Mesh is reserved for future use to identify cross mesh + resources. + type: string + name: + description: >- + Name of the referenced resource. Can only be used with + kinds: `MeshService`, + + `MeshServiceSubset` and `MeshGatewayRoute` + type: string + namespace: + description: >- + Namespace specifies the namespace of target resource. If + empty only resources in policy namespace + + will be targeted. + type: string + proxyTypes: + description: >- + ProxyTypes specifies the data plane types that are subject + to the policy. When not specified, + + all data plane types are targeted by the policy. + items: + enum: + - Sidecar + - Gateway + type: string + type: array + sectionName: + description: >- + SectionName is used to target specific section of resource. + + For example, you can target port from MeshService.ports[] by + its name. Only traffic to this port will be affected. + type: string + tags: + additionalProperties: + type: string + description: >- + Tags used to select a subset of proxies by tags. Can only be + used with kinds + + `MeshSubset` and `MeshServiceSubset` + type: object + required: + - kind + type: object + to: + description: >- + To list makes a match between the consumed services and + corresponding configurations + items: + properties: + default: + description: >- + Default is a configuration specific to the group of + destinations referenced in + + 'targetRef' + properties: + grpc: + description: >- + GRPC defines a configuration of retries for GRPC + traffic + properties: + backOff: + description: >- + BackOff is a configuration of durations which will + be used in an exponential + + backoff strategy between retries. + properties: + baseInterval: + description: >- + BaseInterval is an amount of time which should + be taken between retries. + + Must be greater than zero. Values less than 1 + ms are rounded up to 1 ms. + + If not specified then the default value is + "25ms". + type: string + maxInterval: + description: >- + MaxInterval is a maximal amount of time which + will be taken between retries. + + Default is 10 times the "BaseInterval". + type: string + type: object + numRetries: + description: >- + NumRetries is the number of attempts that will be + made on failed (and + + retriable) requests. If not set, the default value + is 1. + format: int32 + type: integer + perTryTimeout: + description: >- + PerTryTimeout is the maximum amount of time each + retry attempt can take + + before it times out. If not set, the global + request timeout for the route + + will be used. Setting this value to 0 will disable + the per-try timeout. + type: string + rateLimitedBackOff: + description: >- + RateLimitedBackOff is a configuration of backoff + which will be used when + + the upstream returns one of the headers + configured. + properties: + maxInterval: + description: >- + MaxInterval is a maximal amount of time which + will be taken between retries. + + If not specified then the default value is + "300s". + type: string + resetHeaders: + description: >- + ResetHeaders specifies the list of headers + (like Retry-After or X-RateLimit-Reset) + + to match against the response. Headers are + tried in order, and matched + + case-insensitive. The first header to be + parsed successfully is used. + + If no headers match the default exponential + BackOff is used instead. + items: + properties: + format: + description: The format of the reset header. + enum: + - Seconds + - UnixTimestamp + type: string + name: + description: The Name of the reset header. + maxLength: 256 + minLength: 1 + pattern: ^[a-z0-9!#$%&'*+\-.^_\x60|~]+$ + type: string + required: + - format + - name + type: object + type: array + type: object + retryOn: + description: >- + RetryOn is a list of conditions which will cause a + retry. + example: + - Canceled + - DeadlineExceeded + - Internal + - ResourceExhausted + - Unavailable + items: + enum: + - Canceled + - DeadlineExceeded + - Internal + - ResourceExhausted + - Unavailable + type: string + type: array + type: object + http: + description: >- + HTTP defines a configuration of retries for HTTP + traffic + properties: + backOff: + description: >- + BackOff is a configuration of durations which will + be used in exponential + + backoff strategy between retries. + properties: + baseInterval: + description: >- + BaseInterval is an amount of time which should + be taken between retries. + + Must be greater than zero. Values less than 1 + ms are rounded up to 1 ms. + + If not specified then the default value is + "25ms". + type: string + maxInterval: + description: >- + MaxInterval is a maximal amount of time which + will be taken between retries. + + Default is 10 times the "BaseInterval". + type: string + type: object + hostSelection: + description: >- + HostSelection is a list of predicates that dictate + how hosts should be selected + + when requests are retried. + items: + properties: + predicate: + description: Type is requested predicate mode. + enum: + - OmitPreviousHosts + - OmitHostsWithTags + - OmitPreviousPriorities + type: string + tags: + additionalProperties: + type: string + description: >- + Tags is a map of metadata to match against + for selecting the omitted hosts. Required if + Type is + + OmitHostsWithTags + type: object + updateFrequency: + default: 2 + description: >- + UpdateFrequency is how often the priority + load should be updated based on previously + attempted priorities. + + Used for OmitPreviousPriorities. + format: int32 + type: integer + required: + - predicate + type: object + type: array + hostSelectionMaxAttempts: + description: >- + HostSelectionMaxAttempts is the maximum number of + times host selection will be + + reattempted before giving up, at which point the + host that was last selected will + + be routed to. If unspecified, this will default to + retrying once. + format: int64 + type: integer + numRetries: + description: >- + NumRetries is the number of attempts that will be + made on failed (and + + retriable) requests. If not set, the default + value is 1. + format: int32 + type: integer + perTryTimeout: + description: >- + PerTryTimeout is the amount of time after which + retry attempt should time out. + + If left unspecified, the global route timeout for + the request will be used. + + Consequently, when using a 5xx based retry policy, + a request that times out + + will not be retried as the total timeout budget + would have been exhausted. + + Setting this timeout to 0 will disable it. + type: string + rateLimitedBackOff: + description: >- + RateLimitedBackOff is a configuration of backoff + which will be used + + when the upstream returns one of the headers + configured. + properties: + maxInterval: + description: >- + MaxInterval is a maximal amount of time which + will be taken between retries. + + If not specified then the default value is + "300s". + type: string + resetHeaders: + description: >- + ResetHeaders specifies the list of headers + (like Retry-After or X-RateLimit-Reset) + + to match against the response. Headers are + tried in order, and matched + + case-insensitive. The first header to be + parsed successfully is used. + + If no headers match the default exponential + BackOff is used instead. + items: + properties: + format: + description: The format of the reset header. + enum: + - Seconds + - UnixTimestamp + type: string + name: + description: The Name of the reset header. + maxLength: 256 + minLength: 1 + pattern: ^[a-z0-9!#$%&'*+\-.^_\x60|~]+$ + type: string + required: + - format + - name + type: object + type: array + type: object + retriableRequestHeaders: + description: >- + RetriableRequestHeaders is an HTTP headers which + must be present in the request + + for retries to be attempted. + items: + description: >- + HeaderMatch describes how to select an HTTP + route by matching HTTP request + + headers. + properties: + name: + description: >- + Name is the name of the HTTP Header to be + matched. Name MUST be lower case + + as they will be handled with case + insensitivity (See + https://tools.ietf.org/html/rfc7230#section-3.2). + maxLength: 256 + minLength: 1 + pattern: ^[a-z0-9!#$%&'*+\-.^_\x60|~]+$ + type: string + type: + default: Exact + description: >- + Type specifies how to match against the + value of the header. + enum: + - Exact + - Present + - RegularExpression + - Absent + - Prefix + type: string + value: + description: >- + Value is the value of HTTP Header to be + matched. + type: string + required: + - name + type: object + type: array + retriableResponseHeaders: + description: >- + RetriableResponseHeaders is an HTTP response + headers that trigger a retry + + if present in the response. A retry will be + triggered if any of the header + + matches the upstream response headers. + items: + description: >- + HeaderMatch describes how to select an HTTP + route by matching HTTP request + + headers. + properties: + name: + description: >- + Name is the name of the HTTP Header to be + matched. Name MUST be lower case + + as they will be handled with case + insensitivity (See + https://tools.ietf.org/html/rfc7230#section-3.2). + maxLength: 256 + minLength: 1 + pattern: ^[a-z0-9!#$%&'*+\-.^_\x60|~]+$ + type: string + type: + default: Exact + description: >- + Type specifies how to match against the + value of the header. + enum: + - Exact + - Present + - RegularExpression + - Absent + - Prefix + type: string + value: + description: >- + Value is the value of HTTP Header to be + matched. + type: string + required: + - name + type: object + type: array + retryOn: + description: >- + RetryOn is a list of conditions which will cause a + retry. Available values are: + + [5XX, GatewayError, Reset, Retriable4xx, + ConnectFailure, EnvoyRatelimited, + + RefusedStream, Http3PostConnectFailure, + HttpMethodConnect, HttpMethodDelete, + + HttpMethodGet, HttpMethodHead, HttpMethodOptions, + HttpMethodPatch, + + HttpMethodPost, HttpMethodPut, HttpMethodTrace]. + + Also, any HTTP status code (500, 503, etc.). + example: + - 5XX + - GatewayError + - Reset + - Retriable4xx + - ConnectFailure + - EnvoyRatelimited + - RefusedStream + - Http3PostConnectFailure + - HttpMethodConnect + - HttpMethodDelete + - HttpMethodGet + - HttpMethodHead + - HttpMethodOptions + - HttpMethodPatch + - HttpMethodPost + - HttpMethodPut + - HttpMethodTrace + - '500' + - '503' + items: + type: string + type: array + type: object + tcp: + description: TCP defines a configuration of retries for TCP traffic + properties: + maxConnectAttempt: + description: >- + MaxConnectAttempt is a maximal amount of TCP + connection attempts + + which will be made before giving up + format: int32 + type: integer + type: object + type: object + targetRef: + description: >- + TargetRef is a reference to the resource that represents a + group of + + destinations. + properties: + kind: + description: Kind of the referenced resource + enum: + - Mesh + - MeshSubset + - MeshGateway + - MeshService + - MeshExternalService + - MeshMultiZoneService + - MeshServiceSubset + - MeshHTTPRoute + - Dataplane + type: string + labels: + additionalProperties: + type: string + description: >- + Labels are used to select group of MeshServices that + match labels. Either Labels or + + Name and Namespace can be used. + type: object + mesh: + description: >- + Mesh is reserved for future use to identify cross mesh + resources. + type: string + name: + description: >- + Name of the referenced resource. Can only be used with + kinds: `MeshService`, + + `MeshServiceSubset` and `MeshGatewayRoute` + type: string + namespace: + description: >- + Namespace specifies the namespace of target resource. + If empty only resources in policy namespace + + will be targeted. + type: string + proxyTypes: + description: >- + ProxyTypes specifies the data plane types that are + subject to the policy. When not specified, + + all data plane types are targeted by the policy. + items: + enum: + - Sidecar + - Gateway + type: string + type: array + sectionName: + description: >- + SectionName is used to target specific section of + resource. + + For example, you can target port from + MeshService.ports[] by its name. Only traffic to this + port will be affected. + type: string + tags: + additionalProperties: + type: string + description: >- + Tags used to select a subset of proxies by tags. Can + only be used with kinds + + `MeshSubset` and `MeshServiceSubset` + type: object + required: + - kind + type: object + required: + - targetRef + type: object + type: array + type: object + creationTime: + readOnly: true + type: string + description: Time at which the resource was created + format: date-time + example: '0001-01-01T00:00:00Z' + modificationTime: + readOnly: true + type: string + description: Time at which the resource was updated + format: date-time + example: '0001-01-01T00:00:00Z' + MeshRetryCreateOrUpdateSuccessResponse: + type: object + properties: + warnings: + type: array + readOnly: true + description: > + warnings is a list of warning messages to return to the requesting + Kuma API clients. + + Warning messages describe a problem the client making the API + request should correct or be aware of. + items: + type: string + MeshRetryDeleteSuccessResponse: + type: object + properties: {} + MeshTCPRouteItem: + type: object + required: + - type + - name + - spec + properties: + type: + description: the type of the resource + type: string + enum: + - MeshTCPRoute + mesh: + description: >- + Mesh is the name of the Kuma mesh this resource belongs to. It may + be omitted for cluster-scoped resources. + type: string + default: default + name: + description: Name of the Kuma resource + type: string + labels: + additionalProperties: + type: string + description: The labels to help identity resources + type: object + spec: + description: Spec is the specification of the Kuma MeshTCPRoute resource. + properties: + targetRef: + description: >- + TargetRef is a reference to the resource the policy takes an + effect on. + + The resource could be either a real store object or virtual + resource + + defined in-place. + properties: + kind: + description: Kind of the referenced resource + enum: + - Mesh + - MeshSubset + - MeshGateway + - MeshService + - MeshExternalService + - MeshMultiZoneService + - MeshServiceSubset + - MeshHTTPRoute + - Dataplane + type: string + labels: + additionalProperties: + type: string + description: >- + Labels are used to select group of MeshServices that match + labels. Either Labels or + + Name and Namespace can be used. + type: object + mesh: + description: >- + Mesh is reserved for future use to identify cross mesh + resources. + type: string + name: + description: >- + Name of the referenced resource. Can only be used with + kinds: `MeshService`, + + `MeshServiceSubset` and `MeshGatewayRoute` + type: string + namespace: + description: >- + Namespace specifies the namespace of target resource. If + empty only resources in policy namespace + + will be targeted. + type: string + proxyTypes: + description: >- + ProxyTypes specifies the data plane types that are subject + to the policy. When not specified, + + all data plane types are targeted by the policy. + items: + enum: + - Sidecar + - Gateway + type: string + type: array + sectionName: + description: >- + SectionName is used to target specific section of resource. + + For example, you can target port from MeshService.ports[] by + its name. Only traffic to this port will be affected. + type: string + tags: + additionalProperties: + type: string + description: >- + Tags used to select a subset of proxies by tags. Can only be + used with kinds + + `MeshSubset` and `MeshServiceSubset` + type: object + required: + - kind + type: object + to: + description: >- + To list makes a match between the consumed services and + corresponding + + configurations + items: + properties: + rules: + description: >- + Rules contains the routing rules applies to a combination + of top-level + + targetRef and the targetRef in this entry. + items: + properties: + default: + description: >- + Default holds routing rules that can be merged with + rules from other + + policies. + properties: + backendRefs: + items: + description: BackendRef defines where to forward traffic. + properties: + kind: + description: Kind of the referenced resource + enum: + - Mesh + - MeshSubset + - MeshGateway + - MeshService + - MeshExternalService + - MeshMultiZoneService + - MeshServiceSubset + - MeshHTTPRoute + - Dataplane + type: string + labels: + additionalProperties: + type: string + description: >- + Labels are used to select group of + MeshServices that match labels. Either + Labels or + + Name and Namespace can be used. + type: object + mesh: + description: >- + Mesh is reserved for future use to + identify cross mesh resources. + type: string + name: + description: >- + Name of the referenced resource. Can only + be used with kinds: `MeshService`, + + `MeshServiceSubset` and `MeshGatewayRoute` + type: string + namespace: + description: >- + Namespace specifies the namespace of + target resource. If empty only resources + in policy namespace + + will be targeted. + type: string + port: + description: >- + Port is only supported when this ref + refers to a real MeshService object + format: int32 + type: integer + proxyTypes: + description: >- + ProxyTypes specifies the data plane types + that are subject to the policy. When not + specified, + + all data plane types are targeted by the + policy. + items: + enum: + - Sidecar + - Gateway + type: string + type: array + sectionName: + description: >- + SectionName is used to target specific + section of resource. + + For example, you can target port from + MeshService.ports[] by its name. Only + traffic to this port will be affected. + type: string + tags: + additionalProperties: + type: string + description: >- + Tags used to select a subset of proxies by + tags. Can only be used with kinds + + `MeshSubset` and `MeshServiceSubset` + type: object + weight: + default: 1 + minimum: 0 + type: integer + required: + - kind + type: object + type: array + type: object + required: + - default + type: object + maxItems: 1 + type: array + targetRef: + description: >- + TargetRef is a reference to the resource that represents a + group of + + destinations. + properties: + kind: + description: Kind of the referenced resource + enum: + - Mesh + - MeshSubset + - MeshGateway + - MeshService + - MeshExternalService + - MeshMultiZoneService + - MeshServiceSubset + - MeshHTTPRoute + - Dataplane + type: string + labels: + additionalProperties: + type: string + description: >- + Labels are used to select group of MeshServices that + match labels. Either Labels or + + Name and Namespace can be used. + type: object + mesh: + description: >- + Mesh is reserved for future use to identify cross mesh + resources. + type: string + name: + description: >- + Name of the referenced resource. Can only be used with + kinds: `MeshService`, + + `MeshServiceSubset` and `MeshGatewayRoute` + type: string + namespace: + description: >- + Namespace specifies the namespace of target resource. + If empty only resources in policy namespace + + will be targeted. + type: string + proxyTypes: + description: >- + ProxyTypes specifies the data plane types that are + subject to the policy. When not specified, + + all data plane types are targeted by the policy. + items: + enum: + - Sidecar + - Gateway + type: string + type: array + sectionName: + description: >- + SectionName is used to target specific section of + resource. + + For example, you can target port from + MeshService.ports[] by its name. Only traffic to this + port will be affected. + type: string + tags: + additionalProperties: + type: string + description: >- + Tags used to select a subset of proxies by tags. Can + only be used with kinds + + `MeshSubset` and `MeshServiceSubset` + type: object + required: + - kind + type: object + required: + - rules + - targetRef + type: object + minItems: 1 + type: array + type: object + creationTime: + readOnly: true + type: string + description: Time at which the resource was created + format: date-time + example: '0001-01-01T00:00:00Z' + modificationTime: + readOnly: true + type: string + description: Time at which the resource was updated + format: date-time + example: '0001-01-01T00:00:00Z' + MeshTCPRouteCreateOrUpdateSuccessResponse: + type: object + properties: + warnings: + type: array + readOnly: true + description: > + warnings is a list of warning messages to return to the requesting + Kuma API clients. + + Warning messages describe a problem the client making the API + request should correct or be aware of. + items: + type: string + MeshTCPRouteDeleteSuccessResponse: + type: object + properties: {} + MeshTimeoutItem: + type: object + required: + - type + - name + - spec + properties: + type: + description: the type of the resource + type: string + enum: + - MeshTimeout + mesh: + description: >- + Mesh is the name of the Kuma mesh this resource belongs to. It may + be omitted for cluster-scoped resources. + type: string + default: default + name: + description: Name of the Kuma resource + type: string + labels: + additionalProperties: + type: string + description: The labels to help identity resources + type: object + spec: + description: Spec is the specification of the Kuma MeshTimeout resource. + properties: + from: + description: >- + From list makes a match between clients and corresponding + configurations + items: + properties: + default: + description: >- + Default is a configuration specific to the group of + clients referenced in + + 'targetRef' + properties: + connectionTimeout: + description: >- + ConnectionTimeout specifies the amount of time proxy + will wait for an TCP connection to be established. + + Default value is 5 seconds. Cannot be set to 0. + type: string + http: + description: Http provides configuration for HTTP specific timeouts + properties: + maxConnectionDuration: + description: >- + MaxConnectionDuration is the time after which a + connection will be drained and/or closed, + + starting from when it was first established. + Setting this timeout to 0 will disable it. + + Disabled by default. + type: string + maxStreamDuration: + description: >- + MaxStreamDuration is the maximum time that a + stream’s lifetime will span. + + Setting this timeout to 0 will disable it. + Disabled by default. + type: string + requestHeadersTimeout: + description: >- + RequestHeadersTimeout The amount of time that + proxy will wait for the request headers to be + received. The timer is + + activated when the first byte of the headers is + received, and is disarmed when the last byte of + + the headers has been received. If not specified or + set to 0, this timeout is disabled. + + Disabled by default. + type: string + requestTimeout: + description: >- + RequestTimeout The amount of time that proxy will + wait for the entire request to be received. + + The timer is activated when the request is + initiated, and is disarmed when the last byte of + the request is sent, + + OR when the response is initiated. Setting this + timeout to 0 will disable it. + + Default is 15s. + type: string + streamIdleTimeout: + description: >- + StreamIdleTimeout is the amount of time that proxy + will allow a stream to exist with no activity. + + Setting this timeout to 0 will disable it. Default + is 30m + type: string + type: object + idleTimeout: + description: >- + IdleTimeout is defined as the period in which there + are no bytes sent or received on connection + + Setting this timeout to 0 will disable it. Be cautious + when disabling it because + + it can lead to connection leaking. Default value is + 1h. + type: string + type: object + targetRef: + description: >- + TargetRef is a reference to the resource that represents a + group of + + clients. + properties: + kind: + description: Kind of the referenced resource + enum: + - Mesh + - MeshSubset + - MeshGateway + - MeshService + - MeshExternalService + - MeshMultiZoneService + - MeshServiceSubset + - MeshHTTPRoute + - Dataplane + type: string + labels: + additionalProperties: + type: string + description: >- + Labels are used to select group of MeshServices that + match labels. Either Labels or + + Name and Namespace can be used. + type: object + mesh: + description: >- + Mesh is reserved for future use to identify cross mesh + resources. + type: string + name: + description: >- + Name of the referenced resource. Can only be used with + kinds: `MeshService`, + + `MeshServiceSubset` and `MeshGatewayRoute` + type: string + namespace: + description: >- + Namespace specifies the namespace of target resource. + If empty only resources in policy namespace + + will be targeted. + type: string + proxyTypes: + description: >- + ProxyTypes specifies the data plane types that are + subject to the policy. When not specified, + + all data plane types are targeted by the policy. + items: + enum: + - Sidecar + - Gateway + type: string + type: array + sectionName: + description: >- + SectionName is used to target specific section of + resource. + + For example, you can target port from + MeshService.ports[] by its name. Only traffic to this + port will be affected. + type: string + tags: + additionalProperties: + type: string + description: >- + Tags used to select a subset of proxies by tags. Can + only be used with kinds + + `MeshSubset` and `MeshServiceSubset` + type: object + required: + - kind + type: object + required: + - targetRef + type: object + type: array + rules: + description: >- + Rules defines inbound timeout configurations. Currently limited + to exactly one rule containing + + default timeouts that apply to all inbound traffic, as L7 + matching is not yet implemented. + items: + properties: + default: + description: Default contains configuration of the inbound timeouts + properties: + connectionTimeout: + description: >- + ConnectionTimeout specifies the amount of time proxy + will wait for an TCP connection to be established. + + Default value is 5 seconds. Cannot be set to 0. + type: string + http: + description: Http provides configuration for HTTP specific timeouts + properties: + maxConnectionDuration: + description: >- + MaxConnectionDuration is the time after which a + connection will be drained and/or closed, + + starting from when it was first established. + Setting this timeout to 0 will disable it. + + Disabled by default. + type: string + maxStreamDuration: + description: >- + MaxStreamDuration is the maximum time that a + stream’s lifetime will span. + + Setting this timeout to 0 will disable it. + Disabled by default. + type: string + requestHeadersTimeout: + description: >- + RequestHeadersTimeout The amount of time that + proxy will wait for the request headers to be + received. The timer is + + activated when the first byte of the headers is + received, and is disarmed when the last byte of + + the headers has been received. If not specified or + set to 0, this timeout is disabled. + + Disabled by default. + type: string + requestTimeout: + description: >- + RequestTimeout The amount of time that proxy will + wait for the entire request to be received. + + The timer is activated when the request is + initiated, and is disarmed when the last byte of + the request is sent, + + OR when the response is initiated. Setting this + timeout to 0 will disable it. + + Default is 15s. + type: string + streamIdleTimeout: + description: >- + StreamIdleTimeout is the amount of time that proxy + will allow a stream to exist with no activity. + + Setting this timeout to 0 will disable it. Default + is 30m + type: string + type: object + idleTimeout: + description: >- + IdleTimeout is defined as the period in which there + are no bytes sent or received on connection + + Setting this timeout to 0 will disable it. Be cautious + when disabling it because + + it can lead to connection leaking. Default value is + 1h. + type: string + type: object + type: object + type: array + targetRef: + description: >- + TargetRef is a reference to the resource the policy takes an + effect on. + + The resource could be either a real store object or virtual + resource + + defined inplace. + properties: + kind: + description: Kind of the referenced resource + enum: + - Mesh + - MeshSubset + - MeshGateway + - MeshService + - MeshExternalService + - MeshMultiZoneService + - MeshServiceSubset + - MeshHTTPRoute + - Dataplane + type: string + labels: + additionalProperties: + type: string + description: >- + Labels are used to select group of MeshServices that match + labels. Either Labels or + + Name and Namespace can be used. + type: object + mesh: + description: >- + Mesh is reserved for future use to identify cross mesh + resources. + type: string + name: + description: >- + Name of the referenced resource. Can only be used with + kinds: `MeshService`, + + `MeshServiceSubset` and `MeshGatewayRoute` + type: string + namespace: + description: >- + Namespace specifies the namespace of target resource. If + empty only resources in policy namespace + + will be targeted. + type: string + proxyTypes: + description: >- + ProxyTypes specifies the data plane types that are subject + to the policy. When not specified, + + all data plane types are targeted by the policy. + items: + enum: + - Sidecar + - Gateway + type: string + type: array + sectionName: + description: >- + SectionName is used to target specific section of resource. + + For example, you can target port from MeshService.ports[] by + its name. Only traffic to this port will be affected. + type: string + tags: + additionalProperties: + type: string + description: >- + Tags used to select a subset of proxies by tags. Can only be + used with kinds + + `MeshSubset` and `MeshServiceSubset` + type: object + required: + - kind + type: object + to: + description: >- + To list makes a match between the consumed services and + corresponding configurations + items: + properties: + default: + description: >- + Default is a configuration specific to the group of + destinations referenced in + + 'targetRef' + properties: + connectionTimeout: + description: >- + ConnectionTimeout specifies the amount of time proxy + will wait for an TCP connection to be established. + + Default value is 5 seconds. Cannot be set to 0. + type: string + http: + description: Http provides configuration for HTTP specific timeouts + properties: + maxConnectionDuration: + description: >- + MaxConnectionDuration is the time after which a + connection will be drained and/or closed, + + starting from when it was first established. + Setting this timeout to 0 will disable it. + + Disabled by default. + type: string + maxStreamDuration: + description: >- + MaxStreamDuration is the maximum time that a + stream’s lifetime will span. + + Setting this timeout to 0 will disable it. + Disabled by default. + type: string + requestHeadersTimeout: + description: >- + RequestHeadersTimeout The amount of time that + proxy will wait for the request headers to be + received. The timer is + + activated when the first byte of the headers is + received, and is disarmed when the last byte of + + the headers has been received. If not specified or + set to 0, this timeout is disabled. + + Disabled by default. + type: string + requestTimeout: + description: >- + RequestTimeout The amount of time that proxy will + wait for the entire request to be received. + + The timer is activated when the request is + initiated, and is disarmed when the last byte of + the request is sent, + + OR when the response is initiated. Setting this + timeout to 0 will disable it. + + Default is 15s. + type: string + streamIdleTimeout: + description: >- + StreamIdleTimeout is the amount of time that proxy + will allow a stream to exist with no activity. + + Setting this timeout to 0 will disable it. Default + is 30m + type: string + type: object + idleTimeout: + description: >- + IdleTimeout is defined as the period in which there + are no bytes sent or received on connection + + Setting this timeout to 0 will disable it. Be cautious + when disabling it because + + it can lead to connection leaking. Default value is + 1h. + type: string + type: object + targetRef: + description: >- + TargetRef is a reference to the resource that represents a + group of + + destinations. + properties: + kind: + description: Kind of the referenced resource + enum: + - Mesh + - MeshSubset + - MeshGateway + - MeshService + - MeshExternalService + - MeshMultiZoneService + - MeshServiceSubset + - MeshHTTPRoute + - Dataplane + type: string + labels: + additionalProperties: + type: string + description: >- + Labels are used to select group of MeshServices that + match labels. Either Labels or + + Name and Namespace can be used. + type: object + mesh: + description: >- + Mesh is reserved for future use to identify cross mesh + resources. + type: string + name: + description: >- + Name of the referenced resource. Can only be used with + kinds: `MeshService`, + + `MeshServiceSubset` and `MeshGatewayRoute` + type: string + namespace: + description: >- + Namespace specifies the namespace of target resource. + If empty only resources in policy namespace + + will be targeted. + type: string + proxyTypes: + description: >- + ProxyTypes specifies the data plane types that are + subject to the policy. When not specified, + + all data plane types are targeted by the policy. + items: + enum: + - Sidecar + - Gateway + type: string + type: array + sectionName: + description: >- + SectionName is used to target specific section of + resource. + + For example, you can target port from + MeshService.ports[] by its name. Only traffic to this + port will be affected. + type: string + tags: + additionalProperties: + type: string + description: >- + Tags used to select a subset of proxies by tags. Can + only be used with kinds + + `MeshSubset` and `MeshServiceSubset` + type: object + required: + - kind + type: object + required: + - targetRef + type: object + type: array + type: object + creationTime: + readOnly: true + type: string + description: Time at which the resource was created + format: date-time + example: '0001-01-01T00:00:00Z' + modificationTime: + readOnly: true + type: string + description: Time at which the resource was updated + format: date-time + example: '0001-01-01T00:00:00Z' + MeshTimeoutCreateOrUpdateSuccessResponse: + type: object + properties: + warnings: + type: array + readOnly: true + description: > + warnings is a list of warning messages to return to the requesting + Kuma API clients. + + Warning messages describe a problem the client making the API + request should correct or be aware of. + items: + type: string + MeshTimeoutDeleteSuccessResponse: + type: object + properties: {} + MeshTLSItem: + type: object + required: + - type + - name + - spec + properties: + type: + description: the type of the resource + type: string + enum: + - MeshTLS + mesh: + description: >- + Mesh is the name of the Kuma mesh this resource belongs to. It may + be omitted for cluster-scoped resources. + type: string + default: default + name: + description: Name of the Kuma resource + type: string + labels: + additionalProperties: + type: string + description: The labels to help identity resources + type: object + spec: + description: Spec is the specification of the Kuma MeshTLS resource. + properties: + from: + description: >- + From list makes a match between clients and corresponding + configurations + items: + properties: + default: + description: >- + Default is a configuration specific to the group of + clients referenced in + + 'targetRef' + properties: + mode: + description: >- + Mode defines the behavior of inbound listeners with + regard to traffic encryption. + enum: + - Permissive + - Strict + type: string + tlsCiphers: + description: >- + TlsCiphers section for providing ciphers + specification. + items: + enum: + - ECDHE-ECDSA-AES128-GCM-SHA256 + - ECDHE-ECDSA-AES256-GCM-SHA384 + - ECDHE-ECDSA-CHACHA20-POLY1305 + - ECDHE-RSA-AES128-GCM-SHA256 + - ECDHE-RSA-AES256-GCM-SHA384 + - ECDHE-RSA-CHACHA20-POLY1305 + type: string + type: array + tlsVersion: + description: Version section for providing version specification. + properties: + max: + default: TLSAuto + description: >- + Max defines maximum supported version. One of + `TLSAuto`, `TLS10`, `TLS11`, `TLS12`, `TLS13`. + enum: + - TLSAuto + - TLS10 + - TLS11 + - TLS12 + - TLS13 + type: string + min: + default: TLSAuto + description: >- + Min defines minimum supported version. One of + `TLSAuto`, `TLS10`, `TLS11`, `TLS12`, `TLS13`. + enum: + - TLSAuto + - TLS10 + - TLS11 + - TLS12 + - TLS13 + type: string + type: object + type: object + targetRef: + description: >- + TargetRef is a reference to the resource that represents a + group of + + clients. + properties: + kind: + description: Kind of the referenced resource + enum: + - Mesh + - MeshSubset + - MeshGateway + - MeshService + - MeshExternalService + - MeshMultiZoneService + - MeshServiceSubset + - MeshHTTPRoute + - Dataplane + type: string + labels: + additionalProperties: + type: string + description: >- + Labels are used to select group of MeshServices that + match labels. Either Labels or + + Name and Namespace can be used. + type: object + mesh: + description: >- + Mesh is reserved for future use to identify cross mesh + resources. + type: string + name: + description: >- + Name of the referenced resource. Can only be used with + kinds: `MeshService`, + + `MeshServiceSubset` and `MeshGatewayRoute` + type: string + namespace: + description: >- + Namespace specifies the namespace of target resource. + If empty only resources in policy namespace + + will be targeted. + type: string + proxyTypes: + description: >- + ProxyTypes specifies the data plane types that are + subject to the policy. When not specified, + + all data plane types are targeted by the policy. + items: + enum: + - Sidecar + - Gateway + type: string + type: array + sectionName: + description: >- + SectionName is used to target specific section of + resource. + + For example, you can target port from + MeshService.ports[] by its name. Only traffic to this + port will be affected. + type: string + tags: + additionalProperties: + type: string + description: >- + Tags used to select a subset of proxies by tags. Can + only be used with kinds + + `MeshSubset` and `MeshServiceSubset` + type: object + required: + - kind + type: object + required: + - targetRef + type: object + type: array + rules: + description: >- + Rules defines inbound tls configurations. Currently limited to + + selecting all inbound traffic, as L7 matching is not yet + implemented. + items: + properties: + default: + description: Default contains configuration of the inbound tls + properties: + mode: + description: >- + Mode defines the behavior of inbound listeners with + regard to traffic encryption. + enum: + - Permissive + - Strict + type: string + tlsCiphers: + description: >- + TlsCiphers section for providing ciphers + specification. + items: + enum: + - ECDHE-ECDSA-AES128-GCM-SHA256 + - ECDHE-ECDSA-AES256-GCM-SHA384 + - ECDHE-ECDSA-CHACHA20-POLY1305 + - ECDHE-RSA-AES128-GCM-SHA256 + - ECDHE-RSA-AES256-GCM-SHA384 + - ECDHE-RSA-CHACHA20-POLY1305 + type: string + type: array + tlsVersion: + description: Version section for providing version specification. + properties: + max: + default: TLSAuto + description: >- + Max defines maximum supported version. One of + `TLSAuto`, `TLS10`, `TLS11`, `TLS12`, `TLS13`. + enum: + - TLSAuto + - TLS10 + - TLS11 + - TLS12 + - TLS13 + type: string + min: + default: TLSAuto + description: >- + Min defines minimum supported version. One of + `TLSAuto`, `TLS10`, `TLS11`, `TLS12`, `TLS13`. + enum: + - TLSAuto + - TLS10 + - TLS11 + - TLS12 + - TLS13 + type: string + type: object + type: object + type: object + type: array + targetRef: + description: >- + TargetRef is a reference to the resource the policy takes an + effect on. + + The resource could be either a real store object or virtual + resource + + defined in-place. + properties: + kind: + description: Kind of the referenced resource + enum: + - Mesh + - MeshSubset + - MeshGateway + - MeshService + - MeshExternalService + - MeshMultiZoneService + - MeshServiceSubset + - MeshHTTPRoute + - Dataplane + type: string + labels: + additionalProperties: + type: string + description: >- + Labels are used to select group of MeshServices that match + labels. Either Labels or + + Name and Namespace can be used. + type: object + mesh: + description: >- + Mesh is reserved for future use to identify cross mesh + resources. + type: string + name: + description: >- + Name of the referenced resource. Can only be used with + kinds: `MeshService`, + + `MeshServiceSubset` and `MeshGatewayRoute` + type: string + namespace: + description: >- + Namespace specifies the namespace of target resource. If + empty only resources in policy namespace + + will be targeted. + type: string + proxyTypes: + description: >- + ProxyTypes specifies the data plane types that are subject + to the policy. When not specified, + + all data plane types are targeted by the policy. + items: + enum: + - Sidecar + - Gateway + type: string + type: array + sectionName: + description: >- + SectionName is used to target specific section of resource. + + For example, you can target port from MeshService.ports[] by + its name. Only traffic to this port will be affected. + type: string + tags: + additionalProperties: + type: string + description: >- + Tags used to select a subset of proxies by tags. Can only be + used with kinds + + `MeshSubset` and `MeshServiceSubset` + type: object + required: + - kind + type: object + type: object + creationTime: + readOnly: true + type: string + description: Time at which the resource was created + format: date-time + example: '0001-01-01T00:00:00Z' + modificationTime: + readOnly: true + type: string + description: Time at which the resource was updated + format: date-time + example: '0001-01-01T00:00:00Z' + MeshTLSCreateOrUpdateSuccessResponse: + type: object + properties: + warnings: + type: array + readOnly: true + description: > + warnings is a list of warning messages to return to the requesting + Kuma API clients. + + Warning messages describe a problem the client making the API + request should correct or be aware of. + items: + type: string + MeshTLSDeleteSuccessResponse: + type: object + properties: {} + MeshTraceItem: + type: object + required: + - type + - name + - spec + properties: + type: + description: the type of the resource + type: string + enum: + - MeshTrace + mesh: + description: >- + Mesh is the name of the Kuma mesh this resource belongs to. It may + be omitted for cluster-scoped resources. + type: string + default: default + name: + description: Name of the Kuma resource + type: string + labels: + additionalProperties: + type: string + description: The labels to help identity resources + type: object + spec: + description: Spec is the specification of the Kuma MeshTrace resource. + properties: + default: + description: MeshTrace configuration. + properties: + backends: + description: >- + A one element array of backend definition. + + Envoy allows configuring only 1 backend, so the natural way + of + + representing that would be just one object. Unfortunately + due to the + + reasons explained in MADR 009-tracing-policy this has to be + a one element + + array for now. + items: + description: Only one of zipkin, datadog or openTelemetry can be used. + properties: + datadog: + description: Datadog backend configuration. + properties: + splitService: + default: false + description: >- + Determines if datadog service name should be split + based on traffic + + direction and destination. For example, with + `splitService: true` and a + + `backend` service that communicates with a couple + of databases, you would + + get service names like `backend_INBOUND`, + `backend_OUTBOUND_db1`, and + + `backend_OUTBOUND_db2` in Datadog. + type: boolean + url: + description: >- + Address of Datadog collector, only host and port + are allowed (no paths, + + fragments etc.) + type: string + required: + - url + type: object + openTelemetry: + description: OpenTelemetry backend configuration. + properties: + endpoint: + description: Address of OpenTelemetry collector. + example: otel-collector:4317 + minLength: 1 + type: string + required: + - endpoint + type: object + type: + enum: + - Zipkin + - Datadog + - OpenTelemetry + type: string + zipkin: + description: Zipkin backend configuration. + properties: + apiVersion: + default: httpJson + description: >- + Version of the API. + + https://github.com/envoyproxy/envoy/blob/v1.22.0/api/envoy/config/trace/v3/zipkin.proto#L66 + enum: + - httpJson + - httpProto + type: string + sharedSpanContext: + default: true + description: >- + Determines whether client and server spans will + share the same span + + context. + + https://github.com/envoyproxy/envoy/blob/v1.22.0/api/envoy/config/trace/v3/zipkin.proto#L63 + type: boolean + traceId128bit: + default: false + description: Generate 128bit traces. + type: boolean + url: + description: Address of Zipkin collector. + type: string + required: + - url + type: object + required: + - type + type: object + maxItems: 1 + type: array + sampling: + description: >- + Sampling configuration. + + Sampling is the process by which a decision is made on + whether to + + process/export a span or not. + properties: + client: + anyOf: + - type: integer + - type: string + description: >- + Target percentage of requests that will be force traced + if the + + 'x-client-trace-id' header is set. Mirror of + client_sampling in Envoy + + https://github.com/envoyproxy/envoy/blob/v1.22.0/api/envoy/config/filter/network/http_connection_manager/v2/http_connection_manager.proto#L127-L133 + + Either int or decimal represented as string. + + If not specified then the default value is 100. + x-kubernetes-int-or-string: true + overall: + anyOf: + - type: integer + - type: string + description: >- + Target percentage of requests will be traced + + after all other sampling checks have been applied + (client, force tracing, + + random sampling). This field functions as an upper limit + on the total + + configured sampling rate. For instance, setting client + to 100 + + but overall to 1 will result in only 1% of client + requests with + + the appropriate headers to be force traced. Mirror of + + overall_sampling in Envoy + + https://github.com/envoyproxy/envoy/blob/v1.22.0/api/envoy/config/filter/network/http_connection_manager/v2/http_connection_manager.proto#L142-L150 + + Either int or decimal represented as string. + + If not specified then the default value is 100. + x-kubernetes-int-or-string: true + random: + anyOf: + - type: integer + - type: string + description: >- + Target percentage of requests that will be randomly + selected for trace + + generation, if not requested by the client or not + forced. + + Mirror of random_sampling in Envoy + + https://github.com/envoyproxy/envoy/blob/v1.22.0/api/envoy/config/filter/network/http_connection_manager/v2/http_connection_manager.proto#L135-L140 + + Either int or decimal represented as string. + + If not specified then the default value is 100. + x-kubernetes-int-or-string: true + type: object + tags: + description: >- + Custom tags configuration. You can add custom tags to traces + based on + + headers or literal values. + items: + description: |- + Custom tags configuration. + Only one of literal or header can be used. + properties: + header: + description: Tag taken from a header. + properties: + default: + description: >- + Default value to use if header is missing. + + If the default is missing and there is no value + the tag will not be + + included. + type: string + name: + description: Name of the header. + type: string + required: + - name + type: object + literal: + description: Tag taken from literal value. + type: string + name: + description: Name of the tag. + type: string + required: + - name + type: object + type: array + type: object + targetRef: + description: >- + TargetRef is a reference to the resource the policy takes an + effect on. + + The resource could be either a real store object or virtual + resource + + defined inplace. + properties: + kind: + description: Kind of the referenced resource + enum: + - Mesh + - MeshSubset + - MeshGateway + - MeshService + - MeshExternalService + - MeshMultiZoneService + - MeshServiceSubset + - MeshHTTPRoute + - Dataplane + type: string + labels: + additionalProperties: + type: string + description: >- + Labels are used to select group of MeshServices that match + labels. Either Labels or + + Name and Namespace can be used. + type: object + mesh: + description: >- + Mesh is reserved for future use to identify cross mesh + resources. + type: string + name: + description: >- + Name of the referenced resource. Can only be used with + kinds: `MeshService`, + + `MeshServiceSubset` and `MeshGatewayRoute` + type: string + namespace: + description: >- + Namespace specifies the namespace of target resource. If + empty only resources in policy namespace + + will be targeted. + type: string + proxyTypes: + description: >- + ProxyTypes specifies the data plane types that are subject + to the policy. When not specified, + + all data plane types are targeted by the policy. + items: + enum: + - Sidecar + - Gateway + type: string + type: array + sectionName: + description: >- + SectionName is used to target specific section of resource. + + For example, you can target port from MeshService.ports[] by + its name. Only traffic to this port will be affected. + type: string + tags: + additionalProperties: + type: string + description: >- + Tags used to select a subset of proxies by tags. Can only be + used with kinds + + `MeshSubset` and `MeshServiceSubset` + type: object + required: + - kind + type: object + type: object + creationTime: + readOnly: true + type: string + description: Time at which the resource was created + format: date-time + example: '0001-01-01T00:00:00Z' + modificationTime: + readOnly: true + type: string + description: Time at which the resource was updated + format: date-time + example: '0001-01-01T00:00:00Z' + MeshTraceCreateOrUpdateSuccessResponse: + type: object + properties: + warnings: + type: array + readOnly: true + description: > + warnings is a list of warning messages to return to the requesting + Kuma API clients. + + Warning messages describe a problem the client making the API + request should correct or be aware of. + items: + type: string + MeshTraceDeleteSuccessResponse: + type: object + properties: {} + MeshTrafficPermissionItem: + type: object + required: + - type + - name + - spec + properties: + type: + description: the type of the resource + type: string + enum: + - MeshTrafficPermission + mesh: + description: >- + Mesh is the name of the Kuma mesh this resource belongs to. It may + be omitted for cluster-scoped resources. + type: string + default: default + name: + description: Name of the Kuma resource + type: string + labels: + additionalProperties: + type: string + description: The labels to help identity resources + type: object + spec: + description: >- + Spec is the specification of the Kuma MeshTrafficPermission + resource. + properties: + from: + description: >- + From list makes a match between clients and corresponding + configurations + items: + properties: + default: + description: >- + Default is a configuration specific to the group of + clients referenced in + + 'targetRef' + properties: + action: + description: >- + Action defines a behavior for the specified group of + clients: + enum: + - Allow + - Deny + - AllowWithShadowDeny + type: string + type: object + targetRef: + description: >- + TargetRef is a reference to the resource that represents a + group of + + clients. + properties: + kind: + description: Kind of the referenced resource + enum: + - Mesh + - MeshSubset + - MeshGateway + - MeshService + - MeshExternalService + - MeshMultiZoneService + - MeshServiceSubset + - MeshHTTPRoute + - Dataplane + type: string + labels: + additionalProperties: + type: string + description: >- + Labels are used to select group of MeshServices that + match labels. Either Labels or + + Name and Namespace can be used. + type: object + mesh: + description: >- + Mesh is reserved for future use to identify cross mesh + resources. + type: string + name: + description: >- + Name of the referenced resource. Can only be used with + kinds: `MeshService`, + + `MeshServiceSubset` and `MeshGatewayRoute` + type: string + namespace: + description: >- + Namespace specifies the namespace of target resource. + If empty only resources in policy namespace + + will be targeted. + type: string + proxyTypes: + description: >- + ProxyTypes specifies the data plane types that are + subject to the policy. When not specified, + + all data plane types are targeted by the policy. + items: + enum: + - Sidecar + - Gateway + type: string + type: array + sectionName: + description: >- + SectionName is used to target specific section of + resource. + + For example, you can target port from + MeshService.ports[] by its name. Only traffic to this + port will be affected. + type: string + tags: + additionalProperties: + type: string + description: >- + Tags used to select a subset of proxies by tags. Can + only be used with kinds + + `MeshSubset` and `MeshServiceSubset` + type: object + required: + - kind + type: object + required: + - targetRef + type: object + type: array + targetRef: + description: >- + TargetRef is a reference to the resource the policy takes an + effect on. + + The resource could be either a real store object or virtual + resource + + defined inplace. + properties: + kind: + description: Kind of the referenced resource + enum: + - Mesh + - MeshSubset + - MeshGateway + - MeshService + - MeshExternalService + - MeshMultiZoneService + - MeshServiceSubset + - MeshHTTPRoute + - Dataplane + type: string + labels: + additionalProperties: + type: string + description: >- + Labels are used to select group of MeshServices that match + labels. Either Labels or + + Name and Namespace can be used. + type: object + mesh: + description: >- + Mesh is reserved for future use to identify cross mesh + resources. + type: string + name: + description: >- + Name of the referenced resource. Can only be used with + kinds: `MeshService`, + + `MeshServiceSubset` and `MeshGatewayRoute` + type: string + namespace: + description: >- + Namespace specifies the namespace of target resource. If + empty only resources in policy namespace + + will be targeted. + type: string + proxyTypes: + description: >- + ProxyTypes specifies the data plane types that are subject + to the policy. When not specified, + + all data plane types are targeted by the policy. + items: + enum: + - Sidecar + - Gateway + type: string + type: array + sectionName: + description: >- + SectionName is used to target specific section of resource. + + For example, you can target port from MeshService.ports[] by + its name. Only traffic to this port will be affected. + type: string + tags: + additionalProperties: + type: string + description: >- + Tags used to select a subset of proxies by tags. Can only be + used with kinds + + `MeshSubset` and `MeshServiceSubset` + type: object + required: + - kind + type: object + type: object + creationTime: + readOnly: true + type: string + description: Time at which the resource was created + format: date-time + example: '0001-01-01T00:00:00Z' + modificationTime: + readOnly: true + type: string + description: Time at which the resource was updated + format: date-time + example: '0001-01-01T00:00:00Z' + MeshTrafficPermissionCreateOrUpdateSuccessResponse: + type: object + properties: + warnings: + type: array + readOnly: true + description: > + warnings is a list of warning messages to return to the requesting + Kuma API clients. + + Warning messages describe a problem the client making the API + request should correct or be aware of. + items: + type: string + MeshTrafficPermissionDeleteSuccessResponse: + type: object + properties: {} + BuiltinCertificateAuthorityConfig: + properties: + caCert: + properties: + expiration: + type: string + rsaBits: + format: uint32 + type: integer + type: object + type: object + DatadogTracingBackendConfig: + properties: + address: + description: Address of datadog collector. + type: string + port: + description: Port of datadog collector + type: integer + splitService: + description: >- + Determines if datadog service name should be split based on traffic + + direction and destination. For example, with `splitService: true` + and a + + `backend` service that communicates with a couple of databases, you + would + + get service names like `backend_INBOUND`, `backend_OUTBOUND_db1`, + and + + `backend_OUTBOUND_db2` in Datadog. Default: false + type: boolean + type: object + DataplaneItem: + properties: + labels: + additionalProperties: + type: string + type: object + mesh: + type: string + metrics: + description: >- + Configuration for metrics that should be collected and exposed by + the + + data plane proxy. + + + Settings defined here will override their respective defaults + + defined at a Mesh level. + properties: + conf: + oneOf: + - $ref: '#/components/schemas/PrometheusMetricsBackendConfig' + type: object + name: + description: >- + Name of the backend, can be then used in + Mesh.metrics.enabledBackend + type: string + type: + description: Type of the backend (Kuma ships with 'prometheus') + type: string + type: object + name: + type: string + networking: + description: >- + Networking describes inbound and outbound interfaces of the data + plane + + proxy. + properties: + address: + description: >- + IP on which the data plane proxy is accessible to the control + plane and + + other data plane proxies in the same network. This can also be a + + hostname, in which case the control plane will periodically + resolve it. + type: string + admin: + description: >- + Admin describes configuration related to Envoy Admin API. + + Due to security, all the Envoy Admin endpoints are exposed only + on + + localhost. Additionally, Envoy will expose `/ready` endpoint on + + `networking.address` for health checking systems to be able to + check the + + state of Envoy. The rest of the endpoints exposed on + `networking.address` + + are always protected by mTLS and only meant to be consumed + internally by + + the control plane. + properties: + port: + description: Port on which Envoy Admin API server will be listening + type: integer + type: object + advertisedAddress: + description: >- + In some situations, a data plane proxy resides in a private + network (e.g. + + Docker) and is not reachable via `address` to other data plane + proxies. + + `advertisedAddress` is configured with a routable address for + such data + + plane proxy so that other proxies in the mesh can connect to it + over + + `advertisedAddress` and not via address. + + + Envoy still binds to the `address`, not `advertisedAddress`. + type: string + gateway: + description: >- + Gateway describes a configuration of the gateway of the data + plane proxy. + properties: + tags: + additionalProperties: + type: string + description: >- + Tags associated with a gateway of this data plane to, e.g. + + `kuma.io/service=gateway`, `env=prod`. `kuma.io/service` tag + is + + mandatory. + type: object + type: + description: >- + Type of gateway this data plane proxy manages. + + There are two types: `DELEGATED` and `BUILTIN`. Defaults to + + `DELEGATED`. + + + A `DELEGATED` gateway is an independently deployed proxy + (e.g., Kong, + + Contour, etc) that receives inbound traffic that is not + proxied by + + Kuma, and it sends outbound traffic into the data plane + proxy. + + + The `BUILTIN` gateway type causes the data plane proxy + itself to be + + configured as a gateway. + + + See https://kuma.io/docs/latest/explore/gateway/ for more + information. + oneOf: + - type: string + - type: integer + type: object + inbound: + description: >- + Inbound describes a list of inbound interfaces of the data plane + proxy. + + + Inbound describes a service implemented by the data plane proxy. + + All incoming traffic to a data plane proxy is going through + inbound + + listeners. For every defined Inbound there is a corresponding + Envoy + + Listener. + items: + description: >- + Inbound describes a service implemented by the data plane + proxy. + properties: + address: + description: |- + Address on which inbound listener will be exposed. + Defaults to `networking.address`. + type: string + health: + description: >- + Health describes the status of an inbound. + + If 'health' is nil we consider data plane proxy as + healthy. + + Unhealthy data plane proxies are excluded from Endpoints + Discovery + + Service (EDS). On Kubernetes, it is filled automatically + by the control + + plane if Pod has readiness probe configured. On Universal, + it can be + + set by the external health checking system, but the most + common way is + + to use service probes. + + + See https://kuma.io/docs/latest/documentation/health for + more + + information. + properties: + ready: + description: >- + Ready indicates if the data plane proxy is ready to + serve the + + traffic. + type: boolean + type: object + name: + description: >- + Name adds another way of referencing this port, usable + with MeshService + type: string + port: + description: >- + Port of the inbound interface that will forward requests + to the + + service. + + + When transparent proxying is used, it is a port on which + the service is + + listening to. When transparent proxying is not used, Envoy + will bind to + + this port. + type: integer + serviceAddress: + description: >- + Address of the service that requests will be forwarded to. + + Defaults to 'inbound.address', since Kuma DP should be + deployed next + + to the service. + type: string + servicePort: + description: |- + Port of the service that requests will be forwarded to. + Defaults to the same value as `port`. + type: integer + serviceProbe: + description: >- + ServiceProbe defines parameters for probing the service + next to + + sidecar. When service probe is defined, Envoy will + periodically health + + check the application next to it and report the status to + the control + + plane. On Kubernetes, Kuma deployments rely on Kubernetes + probes so + + this is not used. + + + See https://kuma.io/docs/latest/documentation/health for + more + + information. + properties: + healthyThreshold: + description: >- + Number of consecutive healthy checks before + considering a host + + healthy. + format: uint32 + type: integer + interval: + description: Interval between consecutive health checks. + properties: + nanos: + type: integer + seconds: + type: integer + type: object + tcp: + description: >- + Tcp checker tries to establish tcp connection with + destination + properties: {} + type: object + timeout: + description: Maximum time to wait for a health check response. + properties: + nanos: + type: integer + seconds: + type: integer + type: object + unhealthyThreshold: + description: >- + Number of consecutive unhealthy checks before + considering a host + + unhealthy. + format: uint32 + type: integer + type: object + state: + description: State describes the current state of the listener. + oneOf: + - type: string + - type: integer + tags: + additionalProperties: + type: string + description: >- + Tags associated with an application this data plane proxy + is deployed + + next to, e.g. `kuma.io/service=web`, `version=1.0`. You + can then + + reference these tags in policies like + MeshTrafficPermission. + + `kuma.io/service` tag is mandatory. + type: object + type: object + type: array + outbound: + description: >- + Outbound describes a list of services consumed by the data plane + proxy. + + For every defined Outbound, there is a corresponding Envoy + Listener. + items: + description: Outbound describes a service consumed by the data plane proxy. + properties: + address: + description: >- + IP on which the consumed service will be available to this + data plane + + proxy. On Kubernetes, it's usually ClusterIP of a Service + or PodIP of a + + Headless Service. Defaults to 127.0.0.1 + type: string + backendRef: + description: |- + BackendRef is a way to target MeshService. + Experimental. Do not use on production yet. + properties: + kind: + description: >- + Kind is a type of the object to target. Allowed: + MeshService + type: string + labels: + additionalProperties: + type: string + description: >- + Labels to select a single object. + + If no object is selected then outbound is not created. + + If multiple objects are selected then the oldest one + is used. + type: object + name: + description: Name of the targeted object + type: string + port: + description: >- + Port of the targeted object. Required when kind is + MeshService. + type: integer + type: object + port: + description: >- + Port on which the consumed service will be available to + this data plane + + proxy. When transparent proxying is not used, Envoy will + bind to this + + port. + type: integer + tags: + additionalProperties: + type: string + description: >- + Tags of consumed data plane proxies. + + `kuma.io/service` tag is required. + + These tags can then be referenced in `destinations` + section of policies + + like TrafficRoute or in `to` section in policies like + MeshAccessLog. It + + is recommended to only use `kuma.io/service`. If you need + to consume + + specific data plane proxy of a service (for example: + `version=v2`) the + + better practice is to use TrafficRoute. + type: object + type: object + type: array + transparentProxying: + description: >- + TransparentProxying describes the configuration for transparent + proxying. + + It is used by default on Kubernetes. + properties: + directAccessServices: + description: >- + List of services that will be accessed directly via IP:PORT + + Use `*` to indicate direct access to every service in the + Mesh. + + Using `*` to directly access every service is a + resource-intensive + + operation, use it only if needed. + items: + type: string + type: array + ipFamilyMode: + description: >- + The IP family mode to enable for. Can be "IPv4" or + "DualStack". + oneOf: + - type: string + - type: integer + reachableBackends: + description: >- + Reachable backend via transparent proxy when running with + + MeshExternalService, MeshService and MeshMultiZoneService. + Setting an + + explicit list of refs can dramatically improve the + performance of the + + mesh. If not specified, all services in the mesh are + reachable. + properties: + refs: + items: + properties: + kind: + description: "Type of the backend: MeshService or MeshExternalService\n\n\t+required" + type: string + labels: + additionalProperties: + type: string + description: "Labels used to select backends\n\n\t+optional" + type: object + name: + description: "Name of the backend.\n\n\t+optional" + type: string + namespace: + description: "Namespace of the backend. Might be empty\n\n\t+optional" + type: string + port: + description: "Port of the backend.\n\n\t+optional" + format: uint32 + type: integer + type: object + type: array + type: object + reachableServices: + description: >- + List of reachable services (represented by the value of + + `kuma.io/service`) via transparent proxying. Setting an + explicit list + + can dramatically improve the performance of the mesh. If not + specified, + + all services in the mesh are reachable. + items: + type: string + type: array + redirectPortInbound: + description: >- + Port on which all inbound traffic is being transparently + redirected. + type: integer + redirectPortOutbound: + description: >- + Port on which all outbound traffic is being transparently + redirected. + type: integer + type: object + type: object + probes: + description: >- + Probes describe a list of endpoints that will be exposed without + mTLS. + + This is useful to expose the health endpoints of the application so + the + + orchestration system (e.g. Kubernetes) can still health check the + + application. + + + See + + https://kuma.io/docs/latest/policies/service-health-probes/#virtual-probes + + for more information. + + Deprecated: this feature will be removed for Universal; on + Kubernetes, it's + + not needed anymore. + properties: + endpoints: + description: List of endpoints to expose without mTLS. + items: + properties: + inboundPath: + description: >- + Inbound path is a path of the application from which we + expose the + + endpoint. It is recommended to be as specific as possible. + type: string + inboundPort: + description: >- + Inbound port is a port of the application from which we + expose the + + endpoint. + type: integer + path: + description: >- + Path is a path on which we expose inbound path on the + probes port. + type: string + type: object + type: array + port: + description: >- + Port on which the probe endpoints will be exposed. This cannot + overlap + + with any other ports. + type: integer + type: object + type: + type: string + required: + - type + - name + - mesh + type: object + DataplaneCreateOrUpdateSuccessResponse: + type: object + properties: + warnings: + type: array + readOnly: true + description: > + warnings is a list of warning messages to return to the requesting + Kuma API clients. + + Warning messages describe a problem the client making the API + request should correct or be aware of. + items: + type: string + DataplaneDeleteSuccessResponse: + type: object + properties: {} + PrometheusMetricsBackendConfig: + properties: + aggregate: + description: >- + Map with the configuration of applications which metrics are going + to be + + scrapped by kuma-dp. + items: + description: >- + PrometheusAggregateMetricsConfig defines endpoints that should be + scrapped by kuma-dp for prometheus metrics. + properties: + address: + description: >- + Address on which a service expose HTTP endpoint with + Prometheus metrics. + type: string + enabled: + description: >- + If false then the application won't be scrapped. If nil, then + it is treated + + as true and kuma-dp scrapes metrics from the service. + type: boolean + name: + description: Name which identify given configuration. + type: string + path: + description: >- + Path on which a service expose HTTP endpoint with Prometheus + metrics. + type: string + port: + description: >- + Port on which a service expose HTTP endpoint with Prometheus + metrics. + type: integer + type: object + type: array + envoy: + description: Configuration of Envoy's metrics. + properties: + filterRegex: + description: >- + FilterRegex value that is going to be passed to Envoy for + filtering + + Envoy metrics. + type: string + usedOnly: + description: >- + If true then return metrics that Envoy has updated (counters + incremented + + at least once, gauges changed at least once, and histograms + added to at + + least once). If nil, then it is treated as false. + type: boolean + type: object + path: + description: >- + Path on which a dataplane should expose HTTP endpoint with + Prometheus + + metrics. + type: string + port: + description: >- + Port on which a dataplane should expose HTTP endpoint with + Prometheus + + metrics. + type: integer + skipMTLS: + description: >- + If true then endpoints for scraping metrics won't require mTLS even + if mTLS + + is enabled in Mesh. If nil, then it is treated as false. + type: boolean + tags: + additionalProperties: + type: string + description: >- + Tags associated with an application this dataplane is deployed next + to, + + e.g. service=web, version=1.0. + + `service` tag is mandatory. + type: object + tls: + description: Configuration of TLS for prometheus listener. + properties: + mode: + description: >- + mode defines how configured is the TLS for Prometheus. + + Supported values, delegated, disabled, activeMTLSBackend. + Default to + + `activeMTLSBackend`. + oneOf: + - type: string + - type: integer + type: object + type: object + DataplaneOverviewWithMeta: + allOf: + - $ref: '#/components/schemas/Meta' + - $ref: '#/components/schemas/DataplaneOverview' + DataplaneOverview: + properties: + dataplane: + properties: + metrics: + description: >- + Configuration for metrics that should be collected and exposed + by the + + data plane proxy. + + + Settings defined here will override their respective defaults + + defined at a Mesh level. + properties: + conf: + oneOf: + - $ref: '#/components/schemas/PrometheusMetricsBackendConfig' + type: object + name: + description: >- + Name of the backend, can be then used in + Mesh.metrics.enabledBackend + type: string + type: + description: Type of the backend (Kuma ships with 'prometheus') + type: string + type: object + networking: + description: >- + Networking describes inbound and outbound interfaces of the data + plane + + proxy. + properties: + address: + description: >- + IP on which the data plane proxy is accessible to the + control plane and + + other data plane proxies in the same network. This can also + be a + + hostname, in which case the control plane will periodically + resolve it. + type: string + admin: + description: >- + Admin describes configuration related to Envoy Admin API. + + Due to security, all the Envoy Admin endpoints are exposed + only on + + localhost. Additionally, Envoy will expose `/ready` endpoint + on + + `networking.address` for health checking systems to be able + to check the + + state of Envoy. The rest of the endpoints exposed on + `networking.address` + + are always protected by mTLS and only meant to be consumed + internally by + + the control plane. + properties: + port: + description: Port on which Envoy Admin API server will be listening + type: integer + type: object + advertisedAddress: + description: >- + In some situations, a data plane proxy resides in a private + network (e.g. + + Docker) and is not reachable via `address` to other data + plane proxies. + + `advertisedAddress` is configured with a routable address + for such data + + plane proxy so that other proxies in the mesh can connect to + it over + + `advertisedAddress` and not via address. + + + Envoy still binds to the `address`, not `advertisedAddress`. + type: string + gateway: + description: >- + Gateway describes a configuration of the gateway of the data + plane proxy. + properties: + tags: + additionalProperties: + type: string + description: >- + Tags associated with a gateway of this data plane to, + e.g. + + `kuma.io/service=gateway`, `env=prod`. `kuma.io/service` + tag is + + mandatory. + type: object + type: + description: >- + Type of gateway this data plane proxy manages. + + There are two types: `DELEGATED` and `BUILTIN`. Defaults + to + + `DELEGATED`. + + + A `DELEGATED` gateway is an independently deployed proxy + (e.g., Kong, + + Contour, etc) that receives inbound traffic that is not + proxied by + + Kuma, and it sends outbound traffic into the data plane + proxy. + + + The `BUILTIN` gateway type causes the data plane proxy + itself to be + + configured as a gateway. + + + See https://kuma.io/docs/latest/explore/gateway/ for + more information. + oneOf: + - type: string + - type: integer + type: object + inbound: + description: >- + Inbound describes a list of inbound interfaces of the data + plane proxy. + + + Inbound describes a service implemented by the data plane + proxy. + + All incoming traffic to a data plane proxy is going through + inbound + + listeners. For every defined Inbound there is a + corresponding Envoy + + Listener. + items: + description: >- + Inbound describes a service implemented by the data plane + proxy. + properties: + address: + description: |- + Address on which inbound listener will be exposed. + Defaults to `networking.address`. + type: string + health: + description: >- + Health describes the status of an inbound. + + If 'health' is nil we consider data plane proxy as + healthy. + + Unhealthy data plane proxies are excluded from + Endpoints Discovery + + Service (EDS). On Kubernetes, it is filled + automatically by the control + + plane if Pod has readiness probe configured. On + Universal, it can be + + set by the external health checking system, but the + most common way is + + to use service probes. + + + See https://kuma.io/docs/latest/documentation/health + for more + + information. + properties: + ready: + description: >- + Ready indicates if the data plane proxy is ready + to serve the + + traffic. + type: boolean + type: object + name: + description: >- + Name adds another way of referencing this port, usable + with MeshService + type: string + port: + description: >- + Port of the inbound interface that will forward + requests to the + + service. + + + When transparent proxying is used, it is a port on + which the service is + + listening to. When transparent proxying is not used, + Envoy will bind to + + this port. + type: integer + serviceAddress: + description: >- + Address of the service that requests will be forwarded + to. + + Defaults to 'inbound.address', since Kuma DP should be + deployed next + + to the service. + type: string + servicePort: + description: >- + Port of the service that requests will be forwarded + to. + + Defaults to the same value as `port`. + type: integer + serviceProbe: + description: >- + ServiceProbe defines parameters for probing the + service next to + + sidecar. When service probe is defined, Envoy will + periodically health + + check the application next to it and report the status + to the control + + plane. On Kubernetes, Kuma deployments rely on + Kubernetes probes so + + this is not used. + + + See https://kuma.io/docs/latest/documentation/health + for more + + information. + properties: + healthyThreshold: + description: >- + Number of consecutive healthy checks before + considering a host + + healthy. + format: uint32 + type: integer + interval: + description: Interval between consecutive health checks. + properties: + nanos: + type: integer + seconds: + type: integer + type: object + tcp: + description: >- + Tcp checker tries to establish tcp connection with + destination + properties: {} + type: object + timeout: + description: Maximum time to wait for a health check response. + properties: + nanos: + type: integer + seconds: + type: integer + type: object + unhealthyThreshold: + description: >- + Number of consecutive unhealthy checks before + considering a host + + unhealthy. + format: uint32 + type: integer + type: object + state: + description: State describes the current state of the listener. + oneOf: + - type: string + - type: integer + tags: + additionalProperties: + type: string + description: >- + Tags associated with an application this data plane + proxy is deployed + + next to, e.g. `kuma.io/service=web`, `version=1.0`. + You can then + + reference these tags in policies like + MeshTrafficPermission. + + `kuma.io/service` tag is mandatory. + type: object + type: object + type: array + outbound: + description: >- + Outbound describes a list of services consumed by the data + plane proxy. + + For every defined Outbound, there is a corresponding Envoy + Listener. + items: + description: >- + Outbound describes a service consumed by the data plane + proxy. + properties: + address: + description: >- + IP on which the consumed service will be available to + this data plane + + proxy. On Kubernetes, it's usually ClusterIP of a + Service or PodIP of a + + Headless Service. Defaults to 127.0.0.1 + type: string + backendRef: + description: |- + BackendRef is a way to target MeshService. + Experimental. Do not use on production yet. + properties: + kind: + description: >- + Kind is a type of the object to target. Allowed: + MeshService + type: string + labels: + additionalProperties: + type: string + description: >- + Labels to select a single object. + + If no object is selected then outbound is not + created. + + If multiple objects are selected then the oldest + one is used. + type: object + name: + description: Name of the targeted object + type: string + port: + description: >- + Port of the targeted object. Required when kind is + MeshService. + type: integer + type: object + port: + description: >- + Port on which the consumed service will be available + to this data plane + + proxy. When transparent proxying is not used, Envoy + will bind to this + + port. + type: integer + tags: + additionalProperties: + type: string + description: >- + Tags of consumed data plane proxies. + + `kuma.io/service` tag is required. + + These tags can then be referenced in `destinations` + section of policies + + like TrafficRoute or in `to` section in policies like + MeshAccessLog. It + + is recommended to only use `kuma.io/service`. If you + need to consume + + specific data plane proxy of a service (for example: + `version=v2`) the + + better practice is to use TrafficRoute. + type: object + type: object + type: array + transparentProxying: + description: >- + TransparentProxying describes the configuration for + transparent proxying. + + It is used by default on Kubernetes. + properties: + directAccessServices: + description: >- + List of services that will be accessed directly via + IP:PORT + + Use `*` to indicate direct access to every service in + the Mesh. + + Using `*` to directly access every service is a + resource-intensive + + operation, use it only if needed. + items: + type: string + type: array + ipFamilyMode: + description: >- + The IP family mode to enable for. Can be "IPv4" or + "DualStack". + oneOf: + - type: string + - type: integer + reachableBackends: + description: >- + Reachable backend via transparent proxy when running + with + + MeshExternalService, MeshService and + MeshMultiZoneService. Setting an + + explicit list of refs can dramatically improve the + performance of the + + mesh. If not specified, all services in the mesh are + reachable. + properties: + refs: + items: + properties: + kind: + description: "Type of the backend: MeshService or MeshExternalService\n\n\t+required" + type: string + labels: + additionalProperties: + type: string + description: "Labels used to select backends\n\n\t+optional" + type: object + name: + description: "Name of the backend.\n\n\t+optional" + type: string + namespace: + description: "Namespace of the backend. Might be empty\n\n\t+optional" + type: string + port: + description: "Port of the backend.\n\n\t+optional" + format: uint32 + type: integer + type: object + type: array + type: object + reachableServices: + description: >- + List of reachable services (represented by the value of + + `kuma.io/service`) via transparent proxying. Setting an + explicit list + + can dramatically improve the performance of the mesh. If + not specified, + + all services in the mesh are reachable. + items: + type: string + type: array + redirectPortInbound: + description: >- + Port on which all inbound traffic is being transparently + redirected. + type: integer + redirectPortOutbound: + description: >- + Port on which all outbound traffic is being + transparently redirected. + type: integer + type: object + type: object + probes: + description: >- + Probes describe a list of endpoints that will be exposed without + mTLS. + + This is useful to expose the health endpoints of the application + so the + + orchestration system (e.g. Kubernetes) can still health check + the + + application. + + + See + + https://kuma.io/docs/latest/policies/service-health-probes/#virtual-probes + + for more information. + + Deprecated: this feature will be removed for Universal; on + Kubernetes, it's + + not needed anymore. + properties: + endpoints: + description: List of endpoints to expose without mTLS. + items: + properties: + inboundPath: + description: >- + Inbound path is a path of the application from which + we expose the + + endpoint. It is recommended to be as specific as + possible. + type: string + inboundPort: + description: >- + Inbound port is a port of the application from which + we expose the + + endpoint. + type: integer + path: + description: >- + Path is a path on which we expose inbound path on the + probes port. + type: string + type: object + type: array + port: + description: >- + Port on which the probe endpoints will be exposed. This + cannot overlap + + with any other ports. + type: integer + type: object + type: object + dataplaneInsight: + properties: + mTLS: + description: Insights about mTLS for Dataplane. + properties: + certificateExpirationTime: + description: >- + Expiration time of the last certificate that was generated + for a + + Dataplane. + properties: + nanos: + type: integer + seconds: + type: integer + type: object + certificateRegenerations: + description: Number of certificate regenerations for a Dataplane. + type: integer + issuedBackend: + description: Backend that was used to generate current certificate + type: string + lastCertificateRegeneration: + description: Time on which the last certificate was generated. + properties: + nanos: + type: integer + seconds: + type: integer + type: object + supportedBackends: + description: Supported backends (CA). + items: + type: string + type: array + type: object + metadata: + properties: {} + type: object + subscriptions: + description: List of ADS subscriptions created by a given Dataplane. + items: + description: >- + DiscoverySubscription describes a single ADS subscription + created by a Dataplane to the Control Plane. + properties: + connectTime: + description: >- + Time when a given Dataplane connected to the Control + Plane. + properties: + nanos: + type: integer + seconds: + type: integer + type: object + controlPlaneInstanceId: + description: Control Plane instance that handled given subscription. + type: string + disconnectTime: + description: >- + Time when a given Dataplane disconnected from the Control + Plane. + properties: + nanos: + type: integer + seconds: + type: integer + type: object + generation: + description: >- + Generation is an integer number which is periodically + increased by the + + status sink + type: integer + id: + description: Unique id per ADS subscription. + type: string + status: + description: Status of the ADS subscription. + properties: + cds: + description: CDS defines all CDS stats. + properties: + responsesAcknowledged: + description: Number of xDS responses ACKed by the Dataplane. + type: integer + responsesRejected: + description: Number of xDS responses NACKed by the Dataplane. + type: integer + responsesSent: + description: Number of xDS responses sent to the Dataplane. + type: integer + type: object + eds: + description: EDS defines all EDS stats. + properties: + responsesAcknowledged: + description: Number of xDS responses ACKed by the Dataplane. + type: integer + responsesRejected: + description: Number of xDS responses NACKed by the Dataplane. + type: integer + responsesSent: + description: Number of xDS responses sent to the Dataplane. + type: integer + type: object + lastUpdateTime: + description: >- + Time when status of a given ADS subscription was most + recently updated. + properties: + nanos: + type: integer + seconds: + type: integer + type: object + lds: + description: LDS defines all LDS stats. + properties: + responsesAcknowledged: + description: Number of xDS responses ACKed by the Dataplane. + type: integer + responsesRejected: + description: Number of xDS responses NACKed by the Dataplane. + type: integer + responsesSent: + description: Number of xDS responses sent to the Dataplane. + type: integer + type: object + rds: + description: RDS defines all RDS stats. + properties: + responsesAcknowledged: + description: Number of xDS responses ACKed by the Dataplane. + type: integer + responsesRejected: + description: Number of xDS responses NACKed by the Dataplane. + type: integer + responsesSent: + description: Number of xDS responses sent to the Dataplane. + type: integer + type: object + total: + description: Total defines an aggregate over individual xDS stats. + properties: + responsesAcknowledged: + description: Number of xDS responses ACKed by the Dataplane. + type: integer + responsesRejected: + description: Number of xDS responses NACKed by the Dataplane. + type: integer + responsesSent: + description: Number of xDS responses sent to the Dataplane. + type: integer + type: object + type: object + version: + description: Version of Envoy and Kuma dataplane + properties: + dependencies: + additionalProperties: + type: string + description: Versions of other dependencies, i.e. CoreDNS + type: object + envoy: + description: Version of Envoy + properties: + build: + description: Full build tag of Envoy version + type: string + kumaDpCompatible: + description: >- + True iff Envoy version is compatible with Kuma DP + version + type: boolean + version: + description: Version number of Envoy + type: string + type: object + kumaDp: + description: Version of Kuma Dataplane + properties: + buildDate: + description: Build date of Kuma Dataplane version + type: string + gitCommit: + description: Git commit of Kuma Dataplane version + type: string + gitTag: + description: Git tag of Kuma Dataplane version + type: string + kumaCpCompatible: + description: >- + True iff Kuma DP version is compatible with Kuma + CP version + type: boolean + version: + description: Version number of Kuma Dataplane + type: string + type: object + type: object + type: object + type: array + type: object + type: object + FileLoggingBackendConfig: + properties: + path: + description: Path to a file that logs will be written to + type: string + type: object + MeshItem: + properties: + constraints: + description: Constraints that applies to the mesh and its entities + properties: + dataplaneProxy: + description: >- + DataplaneProxyMembership defines a set of requirements for data + plane + + proxies to be a member of the mesh. + properties: + requirements: + description: >- + Requirements defines a set of requirements that data plane + proxies must + + fulfill in order to join the mesh. A data plane proxy must + fulfill at + + least one requirement in order to join the mesh. Empty list + of allowed + + requirements means that any proxy that is not explicitly + denied can join. + items: + description: >- + Rules defines a set of rules for data plane proxies to be + member of the mesh. + properties: + tags: + additionalProperties: + type: string + description: >- + Tags defines set of required tags. You can specify '*' + in value to + + require non empty value of tag + type: object + type: object + type: array + restrictions: + description: >- + Restrictions defines a set of restrictions that data plane + proxies cannot + + fulfill in order to join the mesh. A data plane proxy cannot + fulfill any + + requirement in order to join the mesh. + + Restrictions takes precedence over requirements. + items: + description: >- + Rules defines a set of rules for data plane proxies to be + member of the mesh. + properties: + tags: + additionalProperties: + type: string + description: >- + Tags defines set of required tags. You can specify '*' + in value to + + require non empty value of tag + type: object + type: object + type: array + type: object + type: object + labels: + additionalProperties: + type: string + type: object + logging: + description: |- + Logging settings. + +optional + properties: + backends: + description: List of available logging backends + items: + description: LoggingBackend defines logging backend available to mesh. + properties: + conf: + oneOf: + - $ref: '#/components/schemas/FileLoggingBackendConfig' + - $ref: '#/components/schemas/TcpLoggingBackendConfig' + type: object + format: + description: >- + Format of access logs. Placeholders available on + + https://www.envoyproxy.io/docs/envoy/latest/configuration/observability/access_log + type: string + name: + description: >- + Name of the backend, can be then used in + Mesh.logging.defaultBackend or in + + TrafficLogging + type: string + type: + description: Type of the backend (Kuma ships with 'tcp' and 'file') + type: string + type: object + type: array + defaultBackend: + description: Name of the default backend + type: string + type: object + meshServices: + properties: + mode: + oneOf: + - type: string + - type: integer + type: object + metrics: + description: >- + Configuration for metrics collected and exposed by dataplanes. + + + Settings defined here become defaults for every dataplane in a given + Mesh. + + Additionally, it is also possible to further customize this + configuration + + for each dataplane individually using Dataplane resource. + + +optional + properties: + backends: + description: List of available Metrics backends + items: + description: MetricsBackend defines metric backends + properties: + conf: + oneOf: + - $ref: '#/components/schemas/PrometheusMetricsBackendConfig' + type: object + name: + description: >- + Name of the backend, can be then used in + Mesh.metrics.enabledBackend + type: string + type: + description: Type of the backend (Kuma ships with 'prometheus') + type: string + type: object + type: array + enabledBackend: + description: Name of the enabled backend + type: string + type: object + mtls: + description: |- + mTLS settings. + +optional + properties: + backends: + description: List of available Certificate Authority backends + items: + description: >- + CertificateAuthorityBackend defines Certificate Authority + backend + properties: + conf: + oneOf: + - $ref: >- + #/components/schemas/ProvidedCertificateAuthorityConfig + - $ref: '#/components/schemas/BuiltinCertificateAuthorityConfig' + type: object + dpCert: + description: Dataplane certificate settings + properties: + requestTimeout: + description: >- + Timeout on request to CA for DP certificate generation + and retrieval + properties: + nanos: + type: integer + seconds: + type: integer + type: object + rotation: + description: Rotation settings + properties: + expiration: + description: >- + Time after which generated certificate for + Dataplane will expire + type: string + type: object + type: object + mode: + description: >- + Mode defines the behaviour of inbound listeners with + regard to traffic + + encryption + oneOf: + - type: string + - type: integer + name: + description: Name of the backend + type: string + rootChain: + properties: + requestTimeout: + description: >- + Timeout on request for to CA for root certificate + chain. + + If not specified, defaults to 10s. + properties: + nanos: + type: integer + seconds: + type: integer + type: object + type: object + type: + description: >- + Type of the backend. Has to be one of the loaded plugins + (Kuma ships with + + builtin and provided) + type: string + type: object + type: array + enabledBackend: + description: Name of the enabled backend + type: string + skipValidation: + description: If enabled, skips CA validation. + type: boolean + type: object + name: + type: string + networking: + description: Networking settings of the mesh + properties: + outbound: + description: Outbound settings + properties: + passthrough: + description: Control the passthrough cluster + type: boolean + type: object + type: object + routing: + description: Routing settings of the mesh + properties: + defaultForbidMeshExternalServiceAccess: + description: |- + If true, blocks traffic to MeshExternalServices. + Default: false + type: boolean + localityAwareLoadBalancing: + description: Enable the Locality Aware Load Balancing + type: boolean + zoneEgress: + description: >- + Enable routing traffic to services in other zone or external + services + + through ZoneEgress. Default: false + type: boolean + type: object + skipCreatingInitialPolicies: + description: >- + List of policies to skip creating by default when the mesh is + created. + + e.g. TrafficPermission, MeshRetry, etc. An '*' can be used to skip + all + + policies. + items: + type: string + type: array + tracing: + description: |- + Tracing settings. + +optional + properties: + backends: + description: List of available tracing backends + items: + description: TracingBackend defines tracing backend available to mesh. + properties: + conf: + oneOf: + - $ref: '#/components/schemas/DatadogTracingBackendConfig' + - $ref: '#/components/schemas/ZipkinTracingBackendConfig' + type: object + name: + description: >- + Name of the backend, can be then used in + Mesh.tracing.defaultBackend or in + + TrafficTrace + type: string + sampling: + description: >- + Percentage of traces that will be sent to the backend + (range 0.0 - 100.0). + + Empty value defaults to 100.0% + type: number + type: + description: Type of the backend (Kuma ships with 'zipkin') + type: string + type: object + type: array + defaultBackend: + description: Name of the default backend + type: string + type: object + type: + type: string + required: + - type + - name + type: object + MeshCreateOrUpdateSuccessResponse: + type: object + properties: + warnings: + type: array + readOnly: true + description: > + warnings is a list of warning messages to return to the requesting + Kuma API clients. + + Warning messages describe a problem the client making the API + request should correct or be aware of. + items: + type: string + MeshDeleteSuccessResponse: + type: object + properties: {} + TcpLoggingBackendConfig: + properties: + address: + description: Address to TCP service that will receive logs + type: string + type: object + ProvidedCertificateAuthorityConfig: + properties: + cert: + properties: + Type: + description: "Types that are assignable to Type:\n\n\t*DataSource_Secret\n\t*DataSource_File\n\t*DataSource_Inline\n\t*DataSource_InlineString" + required: + - Type + type: object + key: + properties: + Type: + description: "Types that are assignable to Type:\n\n\t*DataSource_Secret\n\t*DataSource_File\n\t*DataSource_Inline\n\t*DataSource_InlineString" + required: + - Type + type: object + type: object + ZipkinTracingBackendConfig: + properties: + apiVersion: + description: >- + Version of the API. values: httpJson, httpJsonV1, httpProto. + Default: + + httpJson see + + https://www.envoyproxy.io/docs/envoy/latest/api-v3/config/trace/v3/trace.proto#envoy-v3-api-enum-config-trace-v3-zipkinconfig-collectorendpointversion + type: string + sharedSpanContext: + description: >- + Determines whether client and server spans will share the same span + + context. Default: true. + + https://www.envoyproxy.io/docs/envoy/latest/api-v3/config/trace/v3/zipkin.proto#config-trace-v3-zipkinconfig + type: boolean + traceId128bit: + description: 'Generate 128bit traces. Default: false' + type: boolean + url: + description: Address of Zipkin collector. + type: string + type: object + MeshGatewayItem: + properties: + conf: + description: The desired configuration of the MeshGateway. + properties: + listeners: + description: >- + Listeners define logical endpoints that are bound on this + MeshGateway's + + address(es). + items: + properties: + crossMesh: + description: >- + CrossMesh enables traffic to flow to this listener only + from other + + meshes. + type: boolean + hostname: + description: >- + Hostname specifies the virtual hostname to match for + protocol types that + + define this concept. When unspecified, "", or `*`, all + hostnames are + + matched. This field can be omitted for protocols that + don't require + + hostname based matching. + type: string + port: + description: |- + Port is the network port. Multiple listeners may use the + same port, subject to the Listener compatibility rules. + type: integer + protocol: + description: >- + Protocol specifies the network protocol this listener + expects to receive. + oneOf: + - type: string + - type: integer + resources: + description: >- + Resources is used to specify listener-specific resource + settings. + properties: + connectionLimit: + type: integer + type: object + tags: + additionalProperties: + type: string + description: >- + Tags specifies a unique combination of tags that routes + can use + + to match themselves to this listener. + + + When matching routes to listeners, the control plane + constructs a + + set of matching tags for each listener by forming the + union of the + + gateway tags and the listener tags. A route will be + attached to the + + listener if all of the route's tags are preset in the + matching tags + type: object + tls: + description: |- + TLS is the TLS configuration for the Listener. This field + is required if the Protocol field is "HTTPS" or "TLS" and + ignored otherwise. + properties: + certificates: + description: >- + Certificates is an array of datasources that contain + TLS + + certificates and private keys. Each datasource must + contain a + + sequence of PEM-encoded objects. The server + certificate and private + + key are required, but additional certificates are + allowed and will + + be added to the certificate chain. The server + certificate must + + be the first certificate in the datasource. + + + When multiple certificate datasources are configured, + they must have + + different key types. In practice, this means that one + datasource + + should contain an RSA key and certificate, and the + other an + + ECDSA key and certificate. + items: + description: DataSource defines the source of bytes to use. + properties: + Type: + description: "Types that are assignable to Type:\n\n\t*DataSource_Secret\n\t*DataSource_File\n\t*DataSource_Inline\n\t*DataSource_InlineString" + required: + - Type + type: object + type: array + mode: + description: >- + Mode defines the TLS behavior for the TLS session + initiated + + by the client. + oneOf: + - type: string + - type: integer + options: + description: >- + Options should eventually configure how TLS is + configured. This + + is where cipher suite and version configuration can be + specified, + + client certificates enforced, and so on. + properties: {} + type: object + type: object + type: object + type: array + type: object + labels: + additionalProperties: + type: string + type: object + mesh: + type: string + name: + type: string + selectors: + description: |- + Selectors is a list of selectors that are used to match builtin + gateway dataplanes that will receive this MeshGateway configuration. + items: + description: Selector defines structure for selecting tags for given dataplane + properties: + match: + additionalProperties: + type: string + description: Tags to match, can be used for both source and destinations + type: object + type: object + type: array + tags: + additionalProperties: + type: string + description: >- + Tags is the set of tags common to all of the gateway's listeners. + + + This field must not include a `kuma.io/service` tag (the service is + always + + defined on the dataplanes). + type: object + type: + type: string + required: + - type + - name + - mesh + type: object + MeshGatewayCreateOrUpdateSuccessResponse: + type: object + properties: + warnings: + type: array + readOnly: true + description: > + warnings is a list of warning messages to return to the requesting + Kuma API clients. + + Warning messages describe a problem the client making the API + request should correct or be aware of. + items: + type: string + MeshGatewayDeleteSuccessResponse: + type: object + properties: {} + HostnameGeneratorItem: + type: object + required: + - type + - name + - spec + properties: + type: + description: the type of the resource + type: string + enum: + - HostnameGenerator + name: + description: Name of the Kuma resource + type: string + labels: + additionalProperties: + type: string + description: The labels to help identity resources + type: object + spec: + description: Spec is the specification of the Kuma HostnameGenerator resource. + properties: + extension: + description: Extension struct for a plugin configuration + properties: + config: + description: Config freeform configuration for the extension. + x-kubernetes-preserve-unknown-fields: true + type: + description: Type of the extension. + type: string + required: + - type + type: object + selector: + properties: + meshExternalService: + properties: + matchLabels: + additionalProperties: + type: string + type: object + type: object + meshMultiZoneService: + properties: + matchLabels: + additionalProperties: + type: string + type: object + type: object + meshService: + properties: + matchLabels: + additionalProperties: + type: string + type: object + type: object + type: object + template: + type: string + type: object + creationTime: + readOnly: true + type: string + description: Time at which the resource was created + format: date-time + example: '0001-01-01T00:00:00Z' + modificationTime: + readOnly: true + type: string + description: Time at which the resource was updated + format: date-time + example: '0001-01-01T00:00:00Z' + HostnameGeneratorCreateOrUpdateSuccessResponse: + type: object + properties: + warnings: + type: array + readOnly: true + description: > + warnings is a list of warning messages to return to the requesting + Kuma API clients. + + Warning messages describe a problem the client making the API + request should correct or be aware of. + items: + type: string + HostnameGeneratorDeleteSuccessResponse: + type: object + properties: {} + MeshExternalServiceItem: + type: object + required: + - type + - name + - spec + properties: + type: + description: the type of the resource + type: string + enum: + - MeshExternalService + mesh: + description: >- + Mesh is the name of the Kuma mesh this resource belongs to. It may + be omitted for cluster-scoped resources. + type: string + default: default + name: + description: Name of the Kuma resource + type: string + labels: + additionalProperties: + type: string + description: The labels to help identity resources + type: object + spec: + description: Spec is the specification of the Kuma MeshExternalService resource. + properties: + endpoints: + description: Endpoints defines a list of destinations to send traffic to. + items: + properties: + address: + description: >- + Address defines an address to which a user want to send a + request. Is possible to provide `domain`, `ip`. + example: example.com + minLength: 1 + type: string + port: + description: Port of the endpoint + maximum: 65535 + minimum: 1 + type: integer + required: + - address + - port + type: object + type: array + extension: + description: >- + Extension struct for a plugin configuration, in the presence of + an extension `endpoints` and `tls` are not required anymore - + it's up to the extension to validate them independently. + properties: + config: + description: Config freeform configuration for the extension. + x-kubernetes-preserve-unknown-fields: true + type: + description: Type of the extension. + type: string + required: + - type + type: object + match: + description: Match defines traffic that should be routed through the sidecar. + properties: + port: + description: Port defines a port to which a user does request. + maximum: 65535 + minimum: 1 + type: integer + protocol: + default: tcp + description: >- + Protocol defines a protocol of the communication. Possible + values: `tcp`, `grpc`, `http`, `http2`. + enum: + - tcp + - grpc + - http + - http2 + type: string + type: + default: HostnameGenerator + description: >- + Type of the match, only `HostnameGenerator` is available at + the moment. + enum: + - HostnameGenerator + type: string + required: + - port + type: object + tls: + description: >- + Tls provides a TLS configuration when proxy is resposible for a + TLS origination + properties: + allowRenegotiation: + default: false + description: >- + AllowRenegotiation defines if TLS sessions will allow + renegotiation. + + Setting this to true is not recommended for security + reasons. + type: boolean + enabled: + default: false + description: Enabled defines if proxy should originate TLS. + type: boolean + verification: + description: Verification section for providing TLS verification details. + properties: + caCert: + description: CaCert defines a certificate of CA. + properties: + inline: + description: Data source is inline bytes. + format: byte + type: string + inlineString: + description: Data source is inline string` + type: string + secret: + description: Data source is a secret with given Secret key. + type: string + type: object + clientCert: + description: ClientCert defines a certificate of a client. + properties: + inline: + description: Data source is inline bytes. + format: byte + type: string + inlineString: + description: Data source is inline string` + type: string + secret: + description: Data source is a secret with given Secret key. + type: string + type: object + clientKey: + description: ClientKey defines a client private key. + properties: + inline: + description: Data source is inline bytes. + format: byte + type: string + inlineString: + description: Data source is inline string` + type: string + secret: + description: Data source is a secret with given Secret key. + type: string + type: object + mode: + default: Secured + description: >- + Mode defines if proxy should skip verification, one of + `SkipSAN`, `SkipCA`, `Secured`, `SkipAll`. Default + `Secured`. + enum: + - SkipSAN + - SkipCA + - Secured + - SkipAll + type: string + serverName: + description: >- + ServerName overrides the default Server Name Indicator + set by Kuma. + type: string + subjectAltNames: + description: >- + SubjectAltNames list of names to verify in the + certificate. + items: + properties: + type: + default: Exact + description: >- + Type specifies matching type, one of `Exact`, + `Prefix`. Default: `Exact` + enum: + - Exact + - Prefix + type: string + value: + description: Value to match. + type: string + required: + - value + type: object + type: array + type: object + version: + description: Version section for providing version specification. + properties: + max: + default: TLSAuto + description: >- + Max defines maximum supported version. One of `TLSAuto`, + `TLS10`, `TLS11`, `TLS12`, `TLS13`. + enum: + - TLSAuto + - TLS10 + - TLS11 + - TLS12 + - TLS13 + type: string + min: + default: TLSAuto + description: >- + Min defines minimum supported version. One of `TLSAuto`, + `TLS10`, `TLS11`, `TLS12`, `TLS13`. + enum: + - TLSAuto + - TLS10 + - TLS11 + - TLS12 + - TLS13 + type: string + type: object + type: object + required: + - match + type: object + creationTime: + readOnly: true + type: string + description: Time at which the resource was created + format: date-time + example: '0001-01-01T00:00:00Z' + modificationTime: + readOnly: true + type: string + description: Time at which the resource was updated + format: date-time + example: '0001-01-01T00:00:00Z' + status: + description: >- + Status is the current status of the Kuma MeshExternalService + resource. + properties: + addresses: + description: Addresses section for generated domains + items: + properties: + hostname: + type: string + hostnameGeneratorRef: + properties: + coreName: + type: string + required: + - coreName + type: object + origin: + type: string + type: object + type: array + hostnameGenerators: + items: + properties: + conditions: + description: Conditions is an array of hostname generator conditions. + items: + properties: + message: + description: >- + message is a human readable message indicating + details about the transition. + + This may be an empty string. + maxLength: 32768 + type: string + reason: + description: >- + reason contains a programmatic identifier indicating + the reason for the condition's last transition. + + Producers of specific condition types may define + expected values and meanings for this field, + + and whether the values are considered a guaranteed + API. + + The value should be a CamelCase string. + + This field may not be empty. + maxLength: 1024 + minLength: 1 + pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$ + type: string + status: + description: >- + status of the condition, one of True, False, + Unknown. + enum: + - 'True' + - 'False' + - Unknown + type: string + type: + description: >- + type of condition in CamelCase or in + foo.example.com/CamelCase. + maxLength: 316 + pattern: >- + ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$ + type: string + required: + - message + - reason + - status + - type + type: object + type: array + x-kubernetes-list-map-keys: + - type + x-kubernetes-list-type: map + hostnameGeneratorRef: + properties: + coreName: + type: string + required: + - coreName + type: object + required: + - hostnameGeneratorRef + type: object + type: array + vip: + description: Vip section for allocated IP + properties: + ip: + description: >- + Value allocated IP for a provided domain with + `HostnameGenerator` type in a match section. + type: string + type: object + type: object + readOnly: true + MeshExternalServiceCreateOrUpdateSuccessResponse: + type: object + properties: + warnings: + type: array + readOnly: true + description: > + warnings is a list of warning messages to return to the requesting + Kuma API clients. + + Warning messages describe a problem the client making the API + request should correct or be aware of. + items: + type: string + MeshExternalServiceDeleteSuccessResponse: + type: object + properties: {} + MeshMultiZoneServiceItem: + type: object + required: + - type + - name + - spec + properties: + type: + description: the type of the resource + type: string + enum: + - MeshMultiZoneService + mesh: + description: >- + Mesh is the name of the Kuma mesh this resource belongs to. It may + be omitted for cluster-scoped resources. + type: string + default: default + name: + description: Name of the Kuma resource + type: string + labels: + additionalProperties: + type: string + description: The labels to help identity resources + type: object + spec: + description: Spec is the specification of the Kuma MeshMultiZoneService resource. + properties: + ports: + description: Ports is a list of ports from selected MeshServices + items: + properties: + appProtocol: + default: tcp + description: Protocol identifies a protocol supported by a service. + type: string + name: + type: string + port: + format: int32 + type: integer + required: + - port + type: object + minItems: 1 + type: array + selector: + description: Selector is a way to select multiple MeshServices + properties: + meshService: + description: MeshService selects MeshServices + properties: + matchLabels: + additionalProperties: + type: string + description: MatchLabels matches multiple MeshServices by labels + type: object + required: + - matchLabels + type: object + required: + - meshService + type: object + required: + - ports + - selector + type: object + creationTime: + readOnly: true + type: string + description: Time at which the resource was created + format: date-time + example: '0001-01-01T00:00:00Z' + modificationTime: + readOnly: true + type: string + description: Time at which the resource was updated + format: date-time + example: '0001-01-01T00:00:00Z' + status: + description: >- + Status is the current status of the Kuma MeshMultiZoneService + resource. + properties: + addresses: + description: Addresses is a list of addresses generated by HostnameGenerator + items: + properties: + hostname: + type: string + hostnameGeneratorRef: + properties: + coreName: + type: string + required: + - coreName + type: object + origin: + type: string + type: object + type: array + hostnameGenerators: + description: Status of hostnames generator applied on this resource + items: + properties: + conditions: + description: Conditions is an array of hostname generator conditions. + items: + properties: + message: + description: >- + message is a human readable message indicating + details about the transition. + + This may be an empty string. + maxLength: 32768 + type: string + reason: + description: >- + reason contains a programmatic identifier indicating + the reason for the condition's last transition. + + Producers of specific condition types may define + expected values and meanings for this field, + + and whether the values are considered a guaranteed + API. + + The value should be a CamelCase string. + + This field may not be empty. + maxLength: 1024 + minLength: 1 + pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$ + type: string + status: + description: >- + status of the condition, one of True, False, + Unknown. + enum: + - 'True' + - 'False' + - Unknown + type: string + type: + description: >- + type of condition in CamelCase or in + foo.example.com/CamelCase. + maxLength: 316 + pattern: >- + ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$ + type: string + required: + - message + - reason + - status + - type + type: object + type: array + x-kubernetes-list-map-keys: + - type + x-kubernetes-list-type: map + hostnameGeneratorRef: + properties: + coreName: + type: string + required: + - coreName + type: object + required: + - hostnameGeneratorRef + type: object + type: array + meshServices: + description: MeshServices is a list of matched MeshServices + items: + properties: + mesh: + type: string + name: + description: Name is a core name of MeshService + type: string + namespace: + type: string + zone: + type: string + required: + - mesh + - name + - namespace + - zone + type: object + type: array + vips: + description: VIPs is a list of assigned Kuma VIPs. + items: + properties: + ip: + type: string + type: object + type: array + type: object + readOnly: true + MeshMultiZoneServiceCreateOrUpdateSuccessResponse: + type: object + properties: + warnings: + type: array + readOnly: true + description: > + warnings is a list of warning messages to return to the requesting + Kuma API clients. + + Warning messages describe a problem the client making the API + request should correct or be aware of. + items: + type: string + MeshMultiZoneServiceDeleteSuccessResponse: + type: object + properties: {} + MeshServiceItem: + type: object + required: + - type + - name + - spec + properties: + type: + description: the type of the resource + type: string + enum: + - MeshService + mesh: + description: >- + Mesh is the name of the Kuma mesh this resource belongs to. It may + be omitted for cluster-scoped resources. + type: string + default: default + name: + description: Name of the Kuma resource + type: string + labels: + additionalProperties: + type: string + description: The labels to help identity resources + type: object + spec: + description: Spec is the specification of the Kuma MeshService resource. + properties: + identities: + items: + properties: + type: + enum: + - ServiceTag + type: string + value: + type: string + required: + - type + - value + type: object + type: array + ports: + items: + properties: + appProtocol: + default: tcp + description: Protocol identifies a protocol supported by a service. + type: string + name: + type: string + port: + format: int32 + type: integer + targetPort: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + required: + - port + type: object + type: array + x-kubernetes-list-map-keys: + - port + - appProtocol + x-kubernetes-list-type: map + selector: + properties: + dataplaneRef: + properties: + name: + type: string + type: object + dataplaneTags: + additionalProperties: + type: string + type: object + type: object + state: + default: Unavailable + description: >- + State of MeshService. Available if there is at least one healthy + endpoint. Otherwise, Unavailable. + + It's used for cross zone communication to check if we should + send traffic to it, when MeshService is aggregated into + MeshMultiZoneService. + enum: + - Available + - Unavailable + type: string + type: object + creationTime: + readOnly: true + type: string + description: Time at which the resource was created + format: date-time + example: '0001-01-01T00:00:00Z' + modificationTime: + readOnly: true + type: string + description: Time at which the resource was updated + format: date-time + example: '0001-01-01T00:00:00Z' + status: + description: Status is the current status of the Kuma MeshService resource. + properties: + addresses: + items: + properties: + hostname: + type: string + hostnameGeneratorRef: + properties: + coreName: + type: string + required: + - coreName + type: object + origin: + type: string + type: object + type: array + dataplaneProxies: + description: Data plane proxies statistics selected by this MeshService. + properties: + connected: + description: >- + Number of data plane proxies connected to the zone control + plane + type: integer + healthy: + description: >- + Number of data plane proxies with all healthy inbounds + selected by this MeshService. + type: integer + total: + description: Total number of data plane proxies. + type: integer + type: object + hostnameGenerators: + items: + properties: + conditions: + description: Conditions is an array of hostname generator conditions. + items: + properties: + message: + description: >- + message is a human readable message indicating + details about the transition. + + This may be an empty string. + maxLength: 32768 + type: string + reason: + description: >- + reason contains a programmatic identifier indicating + the reason for the condition's last transition. + + Producers of specific condition types may define + expected values and meanings for this field, + + and whether the values are considered a guaranteed + API. + + The value should be a CamelCase string. + + This field may not be empty. + maxLength: 1024 + minLength: 1 + pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$ + type: string + status: + description: >- + status of the condition, one of True, False, + Unknown. + enum: + - 'True' + - 'False' + - Unknown + type: string + type: + description: >- + type of condition in CamelCase or in + foo.example.com/CamelCase. + maxLength: 316 + pattern: >- + ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$ + type: string + required: + - message + - reason + - status + - type + type: object + type: array + x-kubernetes-list-map-keys: + - type + x-kubernetes-list-type: map + hostnameGeneratorRef: + properties: + coreName: + type: string + required: + - coreName + type: object + required: + - hostnameGeneratorRef + type: object + type: array + tls: + properties: + status: + enum: + - Ready + - NotReady + type: string + type: object + vips: + items: + properties: + ip: + type: string + type: object + type: array + type: object + readOnly: true + MeshServiceCreateOrUpdateSuccessResponse: + type: object + properties: + warnings: + type: array + readOnly: true + description: > + warnings is a list of warning messages to return to the requesting + Kuma API clients. + + Warning messages describe a problem the client making the API + request should correct or be aware of. + items: + type: string + MeshServiceDeleteSuccessResponse: + type: object + properties: {} + responses: + IndexResponse: + description: A response for the index endpoint + content: + application/json: + schema: + $ref: '#/components/schemas/Index' + ResourceTypeDescriptionListResponse: + description: A response containing a list of all resources installed in Kuma + content: + application/json: + schema: + $ref: '#/components/schemas/ResourceTypeDescriptionList' + GlobalInsightResponse: + description: A response containing global insight. + content: + application/json: + schema: + $ref: '#/components/schemas/GlobalInsight' + examples: + Single control plane response: + $ref: '#/components/examples/GlobalInsightExample' + InspectDataplanesForPolicyResponse: + description: A response containing dataplanes that match a policy. + content: + application/json: + schema: + $ref: '#/components/schemas/InspectDataplanesForPolicy' + examples: + ResponseForDataplane: + $ref: '#/components/examples/InspectDataplanesForPolicyExample' + GetDataplaneXDSConfigResponse: + description: Successfully retrieved proxy XDS config. + content: + application/json: + schema: + $ref: '#/components/schemas/DataplaneXDSConfig' + InspectRulesResponse: + description: A response containing policies that match a resource + content: + application/json: + schema: + $ref: '#/components/schemas/InspectRules' + InspectHostnamesResponse: + description: A response containing hostnames that match a service. + content: + application/json: + schema: + $ref: '#/components/schemas/InspectHostnames' + examples: + ResponseForHostnames: + $ref: '#/components/examples/InspectHostnamesExample' + BadRequest: + description: Bad Request + content: + application/problem+json: + schema: + $ref: '#/components/schemas/Error' + Internal: + description: Internal Server Error + content: + application/problem+json: + schema: + $ref: '#/components/schemas/Error' + NotFound: + description: Not Found + content: + application/problem+json: + schema: + $ref: '#/components/schemas/NotFoundError' + MeshAccessLogItem: + description: Successful response + content: + application/json: + schema: + $ref: '#/components/schemas/MeshAccessLogItem' + MeshAccessLogList: + description: List + content: + application/json: + schema: + type: object + properties: + items: + type: array + items: + $ref: '#/components/schemas/MeshAccessLogItem' + total: + type: number + description: The total number of entities + next: + type: string + description: URL to the next page + MeshCircuitBreakerItem: + description: Successful response + content: + application/json: + schema: + $ref: '#/components/schemas/MeshCircuitBreakerItem' + MeshCircuitBreakerList: + description: List + content: + application/json: + schema: + type: object + properties: + items: + type: array + items: + $ref: '#/components/schemas/MeshCircuitBreakerItem' + total: + type: number + description: The total number of entities + next: + type: string + description: URL to the next page + MeshFaultInjectionItem: + description: Successful response + content: + application/json: + schema: + $ref: '#/components/schemas/MeshFaultInjectionItem' + MeshFaultInjectionList: + description: List + content: + application/json: + schema: + type: object + properties: + items: + type: array + items: + $ref: '#/components/schemas/MeshFaultInjectionItem' + total: + type: number + description: The total number of entities + next: + type: string + description: URL to the next page + MeshHealthCheckItem: + description: Successful response + content: + application/json: + schema: + $ref: '#/components/schemas/MeshHealthCheckItem' + MeshHealthCheckList: + description: List + content: + application/json: + schema: + type: object + properties: + items: + type: array + items: + $ref: '#/components/schemas/MeshHealthCheckItem' + total: + type: number + description: The total number of entities + next: + type: string + description: URL to the next page + MeshHTTPRouteItem: + description: Successful response + content: + application/json: + schema: + $ref: '#/components/schemas/MeshHTTPRouteItem' + MeshHTTPRouteList: + description: List + content: + application/json: + schema: + type: object + properties: + items: + type: array + items: + $ref: '#/components/schemas/MeshHTTPRouteItem' + total: + type: number + description: The total number of entities + next: + type: string + description: URL to the next page + MeshLoadBalancingStrategyItem: + description: Successful response + content: + application/json: + schema: + $ref: '#/components/schemas/MeshLoadBalancingStrategyItem' + MeshLoadBalancingStrategyList: + description: List + content: + application/json: + schema: + type: object + properties: + items: + type: array + items: + $ref: '#/components/schemas/MeshLoadBalancingStrategyItem' + total: + type: number + description: The total number of entities + next: + type: string + description: URL to the next page + MeshMetricItem: + description: Successful response + content: + application/json: + schema: + $ref: '#/components/schemas/MeshMetricItem' + MeshMetricList: + description: List + content: + application/json: + schema: + type: object + properties: + items: + type: array + items: + $ref: '#/components/schemas/MeshMetricItem' + total: + type: number + description: The total number of entities + next: + type: string + description: URL to the next page + MeshPassthroughItem: + description: Successful response + content: + application/json: + schema: + $ref: '#/components/schemas/MeshPassthroughItem' + MeshPassthroughList: + description: List + content: + application/json: + schema: + type: object + properties: + items: + type: array + items: + $ref: '#/components/schemas/MeshPassthroughItem' + total: + type: number + description: The total number of entities + next: + type: string + description: URL to the next page + MeshProxyPatchItem: + description: Successful response + content: + application/json: + schema: + $ref: '#/components/schemas/MeshProxyPatchItem' + MeshProxyPatchList: + description: List + content: + application/json: + schema: + type: object + properties: + items: + type: array + items: + $ref: '#/components/schemas/MeshProxyPatchItem' + total: + type: number + description: The total number of entities + next: + type: string + description: URL to the next page + MeshRateLimitItem: + description: Successful response + content: + application/json: + schema: + $ref: '#/components/schemas/MeshRateLimitItem' + MeshRateLimitList: + description: List + content: + application/json: + schema: + type: object + properties: + items: + type: array + items: + $ref: '#/components/schemas/MeshRateLimitItem' + total: + type: number + description: The total number of entities + next: + type: string + description: URL to the next page + MeshRetryItem: + description: Successful response + content: + application/json: + schema: + $ref: '#/components/schemas/MeshRetryItem' + MeshRetryList: + description: List + content: + application/json: + schema: + type: object + properties: + items: + type: array + items: + $ref: '#/components/schemas/MeshRetryItem' + total: + type: number + description: The total number of entities + next: + type: string + description: URL to the next page + MeshTCPRouteItem: + description: Successful response + content: + application/json: + schema: + $ref: '#/components/schemas/MeshTCPRouteItem' + MeshTCPRouteList: + description: List + content: + application/json: + schema: + type: object + properties: + items: + type: array + items: + $ref: '#/components/schemas/MeshTCPRouteItem' + total: + type: number + description: The total number of entities + next: + type: string + description: URL to the next page + MeshTimeoutItem: + description: Successful response + content: + application/json: + schema: + $ref: '#/components/schemas/MeshTimeoutItem' + MeshTimeoutList: + description: List + content: + application/json: + schema: + type: object + properties: + items: + type: array + items: + $ref: '#/components/schemas/MeshTimeoutItem' + total: + type: number + description: The total number of entities + next: + type: string + description: URL to the next page + MeshTLSItem: + description: Successful response + content: + application/json: + schema: + $ref: '#/components/schemas/MeshTLSItem' + MeshTLSList: + description: List + content: + application/json: + schema: + type: object + properties: + items: + type: array + items: + $ref: '#/components/schemas/MeshTLSItem' + total: + type: number + description: The total number of entities + next: + type: string + description: URL to the next page + MeshTraceItem: + description: Successful response + content: + application/json: + schema: + $ref: '#/components/schemas/MeshTraceItem' + MeshTraceList: + description: List + content: + application/json: + schema: + type: object + properties: + items: + type: array + items: + $ref: '#/components/schemas/MeshTraceItem' + total: + type: number + description: The total number of entities + next: + type: string + description: URL to the next page + MeshTrafficPermissionItem: + description: Successful response + content: + application/json: + schema: + $ref: '#/components/schemas/MeshTrafficPermissionItem' + MeshTrafficPermissionList: + description: List + content: + application/json: + schema: + type: object + properties: + items: + type: array + items: + $ref: '#/components/schemas/MeshTrafficPermissionItem' + total: + type: number + description: The total number of entities + next: + type: string + description: URL to the next page + DataplaneItem: + description: Successful response + content: + application/json: + schema: + $ref: '#/components/schemas/DataplaneItem' + DataplaneList: + description: List + content: + application/json: + schema: + type: object + properties: + items: + type: array + items: + $ref: '#/components/schemas/DataplaneItem' + total: + type: number + description: The total number of entities + next: + type: string + description: URL to the next page + GetDataplaneOverviewResponse: + description: A response containing the overview of a dataplane. + content: + application/json: + schema: + $ref: '#/components/schemas/DataplaneOverviewWithMeta' + GetDataplaneOverviewListResponse: + description: A response containing the overview of a dataplane. + content: + application/json: + schema: + type: object + properties: + total: + type: integer + example: 200 + next: + type: string + items: + type: array + items: + $ref: '#/components/schemas/DataplaneOverviewWithMeta' + MeshItem: + description: Successful response + content: + application/json: + schema: + $ref: '#/components/schemas/MeshItem' + MeshList: + description: List + content: + application/json: + schema: + type: object + properties: + items: + type: array + items: + $ref: '#/components/schemas/MeshItem' + total: + type: number + description: The total number of entities + next: + type: string + description: URL to the next page + MeshGatewayItem: + description: Successful response + content: + application/json: + schema: + $ref: '#/components/schemas/MeshGatewayItem' + MeshGatewayList: + description: List + content: + application/json: + schema: + type: object + properties: + items: + type: array + items: + $ref: '#/components/schemas/MeshGatewayItem' + total: + type: number + description: The total number of entities + next: + type: string + description: URL to the next page + HostnameGeneratorItem: + description: Successful response + content: + application/json: + schema: + $ref: '#/components/schemas/HostnameGeneratorItem' + HostnameGeneratorList: + description: List + content: + application/json: + schema: + type: object + properties: + items: + type: array + items: + $ref: '#/components/schemas/HostnameGeneratorItem' + total: + type: number + description: The total number of entities + next: + type: string + description: URL to the next page + MeshExternalServiceItem: + description: Successful response + content: + application/json: + schema: + $ref: '#/components/schemas/MeshExternalServiceItem' + MeshExternalServiceList: + description: List + content: + application/json: + schema: + type: object + properties: + items: + type: array + items: + $ref: '#/components/schemas/MeshExternalServiceItem' + total: + type: number + description: The total number of entities + next: + type: string + description: URL to the next page + MeshMultiZoneServiceItem: + description: Successful response + content: + application/json: + schema: + $ref: '#/components/schemas/MeshMultiZoneServiceItem' + MeshMultiZoneServiceList: + description: List + content: + application/json: + schema: + type: object + properties: + items: + type: array + items: + $ref: '#/components/schemas/MeshMultiZoneServiceItem' + total: + type: number + description: The total number of entities + next: + type: string + description: URL to the next page + MeshServiceItem: + description: Successful response + content: + application/json: + schema: + $ref: '#/components/schemas/MeshServiceItem' + MeshServiceList: + description: List + content: + application/json: + schema: + type: object + properties: + items: + type: array + items: + $ref: '#/components/schemas/MeshServiceItem' + total: + type: number + description: The total number of entities + next: + type: string + description: URL to the next page + examples: + GlobalInsightExample: + value: + createdAt: '2023-01-11T02:30:42.227Z' + services: + total: 5 + internal: + total: 4 + online: 2 + offline: 1 + partiallyDegraded: 1 + external: + total: 1 + gatewayDelegated: + total: 4 + online: 2 + offline: 1 + partiallyDegraded: 1 + gatewayBuiltin: + total: 4 + online: 2 + offline: 1 + partiallyDegraded: 1 + internalByStatus: + total: 4 + online: 2 + offline: 1 + partiallyDegraded: 1 + zones: + controlPlanes: + online: 1 + total: 1 + zoneEgresses: + online: 1 + total: 1 + zoneIngresses: + online: 1 + total: 1 + dataplanes: + standard: + total: 4 + online: 2 + offline: 1 + partiallyDegraded: 1 + gatewayBuiltin: + total: 4 + online: 2 + offline: 1 + partiallyDegraded: 1 + gatewayDelegated: + total: 4 + online: 2 + offline: 1 + partiallyDegraded: 1 + policies: + total: 100 + meshes: + total: 3 + resources: + MeshTrafficPermission: + total: 42 + MeshService: + total: 84 + InspectDataplanesForPolicyExample: + value: + total: 100 + next: >- + http://localhost:5681/meshes/default/meshretries/_resources/dataplanes?offset=100 + items: + - type: Dataplane + mesh: default + name: dp-1 + labels: + k8s.kuma.io/namespace: kuma-system + - type: Dataplane + mesh: default + name: dp-2 + labels: + k8s.kuma.io/namespace: kuma-system + InspectHostnamesExample: + value: + total: 100 + items: + - hostname: redis.redis-system.svc.east.mesh.local + zones: + - name: east + - name: west +security: + - BasicAuth: [] + - BearerAuth: [] + - {} +