import * as pulumi from "@pulumi/pulumi"; import { input as inputs, output as outputs } from "../types"; export declare namespace networking { namespace v1alpha3 { /** * Configuration affecting load balancing, outlier detection, etc. See more details at: https://istio.io/docs/reference/config/networking/destination-rule.html */ interface DestinationRuleSpecArgs { /** * A list of namespaces to which this destination rule is exported. */ exportTo?: pulumi.Input[]>; /** * The name of a service from the service registry. */ host?: pulumi.Input; subsets?: pulumi.Input[]>; trafficPolicy?: pulumi.Input; } interface DestinationRuleSpecSubsetsArgs { labels?: pulumi.Input<{ [key: string]: pulumi.Input; }>; /** * Name of the subset. */ name?: pulumi.Input; /** * Traffic policies that apply to this subset. */ trafficPolicy?: pulumi.Input; } /** * Traffic policies that apply to this subset. */ interface DestinationRuleSpecSubsetsTrafficPolicyArgs { connectionPool?: pulumi.Input; /** * Settings controlling the load balancer algorithms. */ loadBalancer?: any; outlierDetection?: pulumi.Input; /** * Traffic policies specific to individual ports. */ portLevelSettings?: pulumi.Input[]>; /** * TLS related settings for connections to the upstream service. */ tls?: pulumi.Input; } interface DestinationRuleSpecSubsetsTrafficPolicyConnectionPoolArgs { /** * HTTP connection pool settings. */ http?: pulumi.Input; /** * Settings common to both HTTP and TCP upstream connections. */ tcp?: pulumi.Input; } /** * HTTP connection pool settings. */ interface DestinationRuleSpecSubsetsTrafficPolicyConnectionPoolHttpArgs { /** * Specify if http1.1 connection should be upgraded to http2 for the associated destination. */ h2UpgradePolicy?: pulumi.Input; /** * Maximum number of pending HTTP requests to a destination. */ http1MaxPendingRequests?: pulumi.Input; /** * Maximum number of requests to a backend. */ http2MaxRequests?: pulumi.Input; /** * The idle timeout for upstream connection pool connections. */ idleTimeout?: pulumi.Input; /** * Maximum number of requests per connection to a backend. */ maxRequestsPerConnection?: pulumi.Input; maxRetries?: pulumi.Input; /** * If set to true, client protocol will be preserved while initiating connection to backend. */ useClientProtocol?: pulumi.Input; } /** * Settings common to both HTTP and TCP upstream connections. */ interface DestinationRuleSpecSubsetsTrafficPolicyConnectionPoolTcpArgs { /** * TCP connection timeout. */ connectTimeout?: pulumi.Input; /** * Maximum number of HTTP1 /TCP connections to a destination host. */ maxConnections?: pulumi.Input; /** * If set then set SO_KEEPALIVE on the socket to enable TCP Keepalives. */ tcpKeepalive?: pulumi.Input; } /** * If set then set SO_KEEPALIVE on the socket to enable TCP Keepalives. */ interface DestinationRuleSpecSubsetsTrafficPolicyConnectionPoolTcpTcpKeepaliveArgs { /** * The time duration between keep-alive probes. */ interval?: pulumi.Input; probes?: pulumi.Input; time?: pulumi.Input; } interface DestinationRuleSpecSubsetsTrafficPolicyOutlierDetectionArgs { /** * Minimum ejection duration. */ baseEjectionTime?: pulumi.Input; /** * Number of 5xx errors before a host is ejected from the connection pool. */ consecutive5xxErrors?: pulumi.Input; consecutiveErrors?: pulumi.Input; /** * Number of gateway errors before a host is ejected from the connection pool. */ consecutiveGatewayErrors?: pulumi.Input; consecutiveLocalOriginFailures?: pulumi.Input; /** * Time interval between ejection sweep analysis. */ interval?: pulumi.Input; maxEjectionPercent?: pulumi.Input; minHealthPercent?: pulumi.Input; /** * Determines whether to distinguish local origin failures from external errors. */ splitExternalLocalOriginErrors?: pulumi.Input; } interface DestinationRuleSpecSubsetsTrafficPolicyPortLevelSettingsArgs { connectionPool?: pulumi.Input; /** * Settings controlling the load balancer algorithms. */ loadBalancer?: any; outlierDetection?: pulumi.Input; port?: pulumi.Input; /** * TLS related settings for connections to the upstream service. */ tls?: pulumi.Input; } interface DestinationRuleSpecSubsetsTrafficPolicyPortLevelSettingsConnectionPoolArgs { /** * HTTP connection pool settings. */ http?: pulumi.Input; /** * Settings common to both HTTP and TCP upstream connections. */ tcp?: pulumi.Input; } /** * HTTP connection pool settings. */ interface DestinationRuleSpecSubsetsTrafficPolicyPortLevelSettingsConnectionPoolHttpArgs { /** * Specify if http1.1 connection should be upgraded to http2 for the associated destination. */ h2UpgradePolicy?: pulumi.Input; /** * Maximum number of pending HTTP requests to a destination. */ http1MaxPendingRequests?: pulumi.Input; /** * Maximum number of requests to a backend. */ http2MaxRequests?: pulumi.Input; /** * The idle timeout for upstream connection pool connections. */ idleTimeout?: pulumi.Input; /** * Maximum number of requests per connection to a backend. */ maxRequestsPerConnection?: pulumi.Input; maxRetries?: pulumi.Input; /** * If set to true, client protocol will be preserved while initiating connection to backend. */ useClientProtocol?: pulumi.Input; } /** * Settings common to both HTTP and TCP upstream connections. */ interface DestinationRuleSpecSubsetsTrafficPolicyPortLevelSettingsConnectionPoolTcpArgs { /** * TCP connection timeout. */ connectTimeout?: pulumi.Input; /** * Maximum number of HTTP1 /TCP connections to a destination host. */ maxConnections?: pulumi.Input; /** * If set then set SO_KEEPALIVE on the socket to enable TCP Keepalives. */ tcpKeepalive?: pulumi.Input; } /** * If set then set SO_KEEPALIVE on the socket to enable TCP Keepalives. */ interface DestinationRuleSpecSubsetsTrafficPolicyPortLevelSettingsConnectionPoolTcpTcpKeepaliveArgs { /** * The time duration between keep-alive probes. */ interval?: pulumi.Input; probes?: pulumi.Input; time?: pulumi.Input; } interface DestinationRuleSpecSubsetsTrafficPolicyPortLevelSettingsOutlierDetectionArgs { /** * Minimum ejection duration. */ baseEjectionTime?: pulumi.Input; /** * Number of 5xx errors before a host is ejected from the connection pool. */ consecutive5xxErrors?: pulumi.Input; consecutiveErrors?: pulumi.Input; /** * Number of gateway errors before a host is ejected from the connection pool. */ consecutiveGatewayErrors?: pulumi.Input; consecutiveLocalOriginFailures?: pulumi.Input; /** * Time interval between ejection sweep analysis. */ interval?: pulumi.Input; maxEjectionPercent?: pulumi.Input; minHealthPercent?: pulumi.Input; /** * Determines whether to distinguish local origin failures from external errors. */ splitExternalLocalOriginErrors?: pulumi.Input; } interface DestinationRuleSpecSubsetsTrafficPolicyPortLevelSettingsPortArgs { number?: pulumi.Input; } /** * TLS related settings for connections to the upstream service. */ interface DestinationRuleSpecSubsetsTrafficPolicyPortLevelSettingsTlsArgs { caCertificates?: pulumi.Input; /** * REQUIRED if mode is `MUTUAL`. */ clientCertificate?: pulumi.Input; credentialName?: pulumi.Input; mode?: pulumi.Input; /** * REQUIRED if mode is `MUTUAL`. */ privateKey?: pulumi.Input; /** * SNI string to present to the server during TLS handshake. */ sni?: pulumi.Input; subjectAltNames?: pulumi.Input[]>; } /** * TLS related settings for connections to the upstream service. */ interface DestinationRuleSpecSubsetsTrafficPolicyTlsArgs { caCertificates?: pulumi.Input; /** * REQUIRED if mode is `MUTUAL`. */ clientCertificate?: pulumi.Input; credentialName?: pulumi.Input; mode?: pulumi.Input; /** * REQUIRED if mode is `MUTUAL`. */ privateKey?: pulumi.Input; /** * SNI string to present to the server during TLS handshake. */ sni?: pulumi.Input; subjectAltNames?: pulumi.Input[]>; } interface DestinationRuleSpecTrafficPolicyArgs { connectionPool?: pulumi.Input; /** * Settings controlling the load balancer algorithms. */ loadBalancer?: any; outlierDetection?: pulumi.Input; /** * Traffic policies specific to individual ports. */ portLevelSettings?: pulumi.Input[]>; /** * TLS related settings for connections to the upstream service. */ tls?: pulumi.Input; } interface DestinationRuleSpecTrafficPolicyConnectionPoolArgs { /** * HTTP connection pool settings. */ http?: pulumi.Input; /** * Settings common to both HTTP and TCP upstream connections. */ tcp?: pulumi.Input; } /** * HTTP connection pool settings. */ interface DestinationRuleSpecTrafficPolicyConnectionPoolHttpArgs { /** * Specify if http1.1 connection should be upgraded to http2 for the associated destination. */ h2UpgradePolicy?: pulumi.Input; /** * Maximum number of pending HTTP requests to a destination. */ http1MaxPendingRequests?: pulumi.Input; /** * Maximum number of requests to a backend. */ http2MaxRequests?: pulumi.Input; /** * The idle timeout for upstream connection pool connections. */ idleTimeout?: pulumi.Input; /** * Maximum number of requests per connection to a backend. */ maxRequestsPerConnection?: pulumi.Input; maxRetries?: pulumi.Input; /** * If set to true, client protocol will be preserved while initiating connection to backend. */ useClientProtocol?: pulumi.Input; } /** * Settings common to both HTTP and TCP upstream connections. */ interface DestinationRuleSpecTrafficPolicyConnectionPoolTcpArgs { /** * TCP connection timeout. */ connectTimeout?: pulumi.Input; /** * Maximum number of HTTP1 /TCP connections to a destination host. */ maxConnections?: pulumi.Input; /** * If set then set SO_KEEPALIVE on the socket to enable TCP Keepalives. */ tcpKeepalive?: pulumi.Input; } /** * If set then set SO_KEEPALIVE on the socket to enable TCP Keepalives. */ interface DestinationRuleSpecTrafficPolicyConnectionPoolTcpTcpKeepaliveArgs { /** * The time duration between keep-alive probes. */ interval?: pulumi.Input; probes?: pulumi.Input; time?: pulumi.Input; } interface DestinationRuleSpecTrafficPolicyOutlierDetectionArgs { /** * Minimum ejection duration. */ baseEjectionTime?: pulumi.Input; /** * Number of 5xx errors before a host is ejected from the connection pool. */ consecutive5xxErrors?: pulumi.Input; consecutiveErrors?: pulumi.Input; /** * Number of gateway errors before a host is ejected from the connection pool. */ consecutiveGatewayErrors?: pulumi.Input; consecutiveLocalOriginFailures?: pulumi.Input; /** * Time interval between ejection sweep analysis. */ interval?: pulumi.Input; maxEjectionPercent?: pulumi.Input; minHealthPercent?: pulumi.Input; /** * Determines whether to distinguish local origin failures from external errors. */ splitExternalLocalOriginErrors?: pulumi.Input; } interface DestinationRuleSpecTrafficPolicyPortLevelSettingsArgs { connectionPool?: pulumi.Input; /** * Settings controlling the load balancer algorithms. */ loadBalancer?: any; outlierDetection?: pulumi.Input; port?: pulumi.Input; /** * TLS related settings for connections to the upstream service. */ tls?: pulumi.Input; } interface DestinationRuleSpecTrafficPolicyPortLevelSettingsConnectionPoolArgs { /** * HTTP connection pool settings. */ http?: pulumi.Input; /** * Settings common to both HTTP and TCP upstream connections. */ tcp?: pulumi.Input; } /** * HTTP connection pool settings. */ interface DestinationRuleSpecTrafficPolicyPortLevelSettingsConnectionPoolHttpArgs { /** * Specify if http1.1 connection should be upgraded to http2 for the associated destination. */ h2UpgradePolicy?: pulumi.Input; /** * Maximum number of pending HTTP requests to a destination. */ http1MaxPendingRequests?: pulumi.Input; /** * Maximum number of requests to a backend. */ http2MaxRequests?: pulumi.Input; /** * The idle timeout for upstream connection pool connections. */ idleTimeout?: pulumi.Input; /** * Maximum number of requests per connection to a backend. */ maxRequestsPerConnection?: pulumi.Input; maxRetries?: pulumi.Input; /** * If set to true, client protocol will be preserved while initiating connection to backend. */ useClientProtocol?: pulumi.Input; } /** * Settings common to both HTTP and TCP upstream connections. */ interface DestinationRuleSpecTrafficPolicyPortLevelSettingsConnectionPoolTcpArgs { /** * TCP connection timeout. */ connectTimeout?: pulumi.Input; /** * Maximum number of HTTP1 /TCP connections to a destination host. */ maxConnections?: pulumi.Input; /** * If set then set SO_KEEPALIVE on the socket to enable TCP Keepalives. */ tcpKeepalive?: pulumi.Input; } /** * If set then set SO_KEEPALIVE on the socket to enable TCP Keepalives. */ interface DestinationRuleSpecTrafficPolicyPortLevelSettingsConnectionPoolTcpTcpKeepaliveArgs { /** * The time duration between keep-alive probes. */ interval?: pulumi.Input; probes?: pulumi.Input; time?: pulumi.Input; } interface DestinationRuleSpecTrafficPolicyPortLevelSettingsOutlierDetectionArgs { /** * Minimum ejection duration. */ baseEjectionTime?: pulumi.Input; /** * Number of 5xx errors before a host is ejected from the connection pool. */ consecutive5xxErrors?: pulumi.Input; consecutiveErrors?: pulumi.Input; /** * Number of gateway errors before a host is ejected from the connection pool. */ consecutiveGatewayErrors?: pulumi.Input; consecutiveLocalOriginFailures?: pulumi.Input; /** * Time interval between ejection sweep analysis. */ interval?: pulumi.Input; maxEjectionPercent?: pulumi.Input; minHealthPercent?: pulumi.Input; /** * Determines whether to distinguish local origin failures from external errors. */ splitExternalLocalOriginErrors?: pulumi.Input; } interface DestinationRuleSpecTrafficPolicyPortLevelSettingsPortArgs { number?: pulumi.Input; } /** * TLS related settings for connections to the upstream service. */ interface DestinationRuleSpecTrafficPolicyPortLevelSettingsTlsArgs { caCertificates?: pulumi.Input; /** * REQUIRED if mode is `MUTUAL`. */ clientCertificate?: pulumi.Input; credentialName?: pulumi.Input; mode?: pulumi.Input; /** * REQUIRED if mode is `MUTUAL`. */ privateKey?: pulumi.Input; /** * SNI string to present to the server during TLS handshake. */ sni?: pulumi.Input; subjectAltNames?: pulumi.Input[]>; } /** * TLS related settings for connections to the upstream service. */ interface DestinationRuleSpecTrafficPolicyTlsArgs { caCertificates?: pulumi.Input; /** * REQUIRED if mode is `MUTUAL`. */ clientCertificate?: pulumi.Input; credentialName?: pulumi.Input; mode?: pulumi.Input; /** * REQUIRED if mode is `MUTUAL`. */ privateKey?: pulumi.Input; /** * SNI string to present to the server during TLS handshake. */ sni?: pulumi.Input; subjectAltNames?: pulumi.Input[]>; } /** * Customizing Envoy configuration generated by Istio. See more details at: https://istio.io/docs/reference/config/networking/envoy-filter.html */ interface EnvoyFilterSpecArgs { /** * One or more patches with match conditions. */ configPatches?: pulumi.Input[]>; /** * Priority defines the order in which patch sets are applied within a context. */ priority?: pulumi.Input; workloadSelector?: pulumi.Input; } interface EnvoyFilterSpecConfigPatchesArgs { applyTo?: pulumi.Input; /** * Match on listener/route configuration/cluster. */ match?: any; /** * The patch to apply along with the operation. */ patch?: pulumi.Input; } /** * The patch to apply along with the operation. */ interface EnvoyFilterSpecConfigPatchesPatchArgs { /** * Determines the filter insertion order. */ filterClass?: pulumi.Input; /** * Determines how the patch should be applied. */ operation?: pulumi.Input; /** * The JSON config of the object being patched. */ value?: pulumi.Input<{ [key: string]: any; }>; } interface EnvoyFilterSpecWorkloadSelectorArgs { labels?: pulumi.Input<{ [key: string]: pulumi.Input; }>; } /** * Configuration affecting edge load balancer. See more details at: https://istio.io/docs/reference/config/networking/gateway.html */ interface GatewaySpecArgs { selector?: pulumi.Input<{ [key: string]: pulumi.Input; }>; /** * A list of server specifications. */ servers?: pulumi.Input[]>; } interface GatewaySpecServersArgs { bind?: pulumi.Input; defaultEndpoint?: pulumi.Input; /** * One or more hosts exposed by this gateway. */ hosts?: pulumi.Input[]>; /** * An optional name of the server, when set must be unique across all servers. */ name?: pulumi.Input; port?: pulumi.Input; /** * Set of TLS related options that govern the server's behavior. */ tls?: pulumi.Input; } interface GatewaySpecServersPortArgs { /** * Label assigned to the port. */ name?: pulumi.Input; /** * A valid non-negative integer port number. */ number?: pulumi.Input; /** * The protocol exposed on the port. */ protocol?: pulumi.Input; targetPort?: pulumi.Input; } /** * Set of TLS related options that govern the server's behavior. */ interface GatewaySpecServersTlsArgs { /** * REQUIRED if mode is `MUTUAL`. */ caCertificates?: pulumi.Input; /** * Optional: If specified, only support the specified cipher list. */ cipherSuites?: pulumi.Input[]>; credentialName?: pulumi.Input; httpsRedirect?: pulumi.Input; /** * Optional: Maximum TLS protocol version. */ maxProtocolVersion?: pulumi.Input; /** * Optional: Minimum TLS protocol version. */ minProtocolVersion?: pulumi.Input; mode?: pulumi.Input; /** * REQUIRED if mode is `SIMPLE` or `MUTUAL`. */ privateKey?: pulumi.Input; /** * REQUIRED if mode is `SIMPLE` or `MUTUAL`. */ serverCertificate?: pulumi.Input; subjectAltNames?: pulumi.Input[]>; verifyCertificateHash?: pulumi.Input[]>; verifyCertificateSpki?: pulumi.Input[]>; } /** * Configuration affecting service registry. See more details at: https://istio.io/docs/reference/config/networking/service-entry.html */ interface ServiceEntrySpecArgs { /** * The virtual IP addresses associated with the service. */ addresses?: pulumi.Input[]>; /** * One or more endpoints associated with the service. */ endpoints?: pulumi.Input[]>; /** * A list of namespaces to which this service is exported. */ exportTo?: pulumi.Input[]>; /** * The hosts associated with the ServiceEntry. */ hosts?: pulumi.Input[]>; location?: pulumi.Input; /** * The ports associated with the external service. */ ports?: pulumi.Input[]>; /** * Service discovery mode for the hosts. */ resolution?: pulumi.Input; subjectAltNames?: pulumi.Input[]>; /** * Applicable only for MESH_INTERNAL services. */ workloadSelector?: pulumi.Input; } interface ServiceEntrySpecEndpointsArgs { address?: pulumi.Input; /** * One or more labels associated with the endpoint. */ labels?: pulumi.Input<{ [key: string]: pulumi.Input; }>; /** * The locality associated with the endpoint. */ locality?: pulumi.Input; network?: pulumi.Input; /** * Set of ports associated with the endpoint. */ ports?: pulumi.Input<{ [key: string]: pulumi.Input; }>; serviceAccount?: pulumi.Input; /** * The load balancing weight associated with the endpoint. */ weight?: pulumi.Input; } interface ServiceEntrySpecPortsArgs { /** * Label assigned to the port. */ name?: pulumi.Input; /** * A valid non-negative integer port number. */ number?: pulumi.Input; /** * The protocol exposed on the port. */ protocol?: pulumi.Input; targetPort?: pulumi.Input; } /** * Applicable only for MESH_INTERNAL services. */ interface ServiceEntrySpecWorkloadSelectorArgs { labels?: pulumi.Input<{ [key: string]: pulumi.Input; }>; } /** * Configuration affecting network reachability of a sidecar. See more details at: https://istio.io/docs/reference/config/networking/sidecar.html */ interface SidecarSpecArgs { egress?: pulumi.Input[]>; ingress?: pulumi.Input[]>; /** * Configuration for the outbound traffic policy. */ outboundTrafficPolicy?: pulumi.Input; workloadSelector?: pulumi.Input; } interface SidecarSpecEgressArgs { bind?: pulumi.Input; captureMode?: pulumi.Input; hosts?: pulumi.Input[]>; /** * The port associated with the listener. */ port?: pulumi.Input; } /** * The port associated with the listener. */ interface SidecarSpecEgressPortArgs { /** * Label assigned to the port. */ name?: pulumi.Input; /** * A valid non-negative integer port number. */ number?: pulumi.Input; /** * The protocol exposed on the port. */ protocol?: pulumi.Input; targetPort?: pulumi.Input; } interface SidecarSpecIngressArgs { /** * The IP to which the listener should be bound. */ bind?: pulumi.Input; captureMode?: pulumi.Input; defaultEndpoint?: pulumi.Input; /** * The port associated with the listener. */ port?: pulumi.Input; } /** * The port associated with the listener. */ interface SidecarSpecIngressPortArgs { /** * Label assigned to the port. */ name?: pulumi.Input; /** * A valid non-negative integer port number. */ number?: pulumi.Input; /** * The protocol exposed on the port. */ protocol?: pulumi.Input; targetPort?: pulumi.Input; } /** * Configuration for the outbound traffic policy. */ interface SidecarSpecOutboundTrafficPolicyArgs { egressProxy?: pulumi.Input; mode?: pulumi.Input; } interface SidecarSpecOutboundTrafficPolicyEgressProxyArgs { /** * The name of a service from the service registry. */ host?: pulumi.Input; /** * Specifies the port on the host that is being addressed. */ port?: pulumi.Input; /** * The name of a subset within the service. */ subset?: pulumi.Input; } /** * Specifies the port on the host that is being addressed. */ interface SidecarSpecOutboundTrafficPolicyEgressProxyPortArgs { number?: pulumi.Input; } interface SidecarSpecWorkloadSelectorArgs { labels?: pulumi.Input<{ [key: string]: pulumi.Input; }>; } /** * Configuration affecting label/content routing, sni routing, etc. See more details at: https://istio.io/docs/reference/config/networking/virtual-service.html */ interface VirtualServiceSpecArgs { /** * A list of namespaces to which this virtual service is exported. */ exportTo?: pulumi.Input[]>; /** * The names of gateways and sidecars that should apply these routes. */ gateways?: pulumi.Input[]>; /** * The destination hosts to which traffic is being sent. */ hosts?: pulumi.Input[]>; /** * An ordered list of route rules for HTTP traffic. */ http?: pulumi.Input[]>; /** * An ordered list of route rules for opaque TCP traffic. */ tcp?: pulumi.Input[]>; tls?: pulumi.Input[]>; } interface VirtualServiceSpecHttpArgs { /** * Cross-Origin Resource Sharing policy (CORS). */ corsPolicy?: pulumi.Input; delegate?: pulumi.Input; /** * Fault injection policy to apply on HTTP traffic at the client side. */ fault?: pulumi.Input; headers?: pulumi.Input; match?: pulumi.Input[]>; mirror?: pulumi.Input; /** * Percentage of the traffic to be mirrored by the `mirror` field. */ mirrorPercent?: pulumi.Input; /** * Percentage of the traffic to be mirrored by the `mirror` field. */ mirrorPercentage?: pulumi.Input; /** * Percentage of the traffic to be mirrored by the `mirror` field. */ mirror_percent?: pulumi.Input; /** * The name assigned to the route for debugging purposes. */ name?: pulumi.Input; /** * A HTTP rule can either redirect or forward (default) traffic. */ redirect?: pulumi.Input; /** * Retry policy for HTTP requests. */ retries?: pulumi.Input; /** * Rewrite HTTP URIs and Authority headers. */ rewrite?: pulumi.Input; /** * A HTTP rule can either redirect or forward (default) traffic. */ route?: pulumi.Input[]>; /** * Timeout for HTTP requests, default is disabled. */ timeout?: pulumi.Input; } /** * Cross-Origin Resource Sharing policy (CORS). */ interface VirtualServiceSpecHttpCorsPolicyArgs { allowCredentials?: pulumi.Input; allowHeaders?: pulumi.Input[]>; /** * List of HTTP methods allowed to access the resource. */ allowMethods?: pulumi.Input[]>; /** * The list of origins that are allowed to perform CORS requests. */ allowOrigin?: pulumi.Input[]>; /** * String patterns that match allowed origins. */ allowOrigins?: pulumi.Input; exposeHeaders?: pulumi.Input[]>; maxAge?: pulumi.Input; } interface VirtualServiceSpecHttpDelegateArgs { /** * Name specifies the name of the delegate VirtualService. */ name?: pulumi.Input; /** * Namespace specifies the namespace where the delegate VirtualService resides. */ namespace?: pulumi.Input; } /** * Fault injection policy to apply on HTTP traffic at the client side. */ interface VirtualServiceSpecHttpFaultArgs { abort?: any; delay?: any; } interface VirtualServiceSpecHttpHeadersArgs { request?: pulumi.Input; response?: pulumi.Input; } interface VirtualServiceSpecHttpHeadersRequestArgs { add?: pulumi.Input<{ [key: string]: pulumi.Input; }>; remove?: pulumi.Input[]>; set?: pulumi.Input<{ [key: string]: pulumi.Input; }>; } interface VirtualServiceSpecHttpHeadersResponseArgs { add?: pulumi.Input<{ [key: string]: pulumi.Input; }>; remove?: pulumi.Input[]>; set?: pulumi.Input<{ [key: string]: pulumi.Input; }>; } interface VirtualServiceSpecHttpMatchArgs { authority?: any; /** * Names of gateways where the rule should be applied. */ gateways?: pulumi.Input[]>; headers?: pulumi.Input<{ [key: string]: any; }>; /** * Flag to specify whether the URI matching should be case-insensitive. */ ignoreUriCase?: pulumi.Input; method?: any; /** * The name assigned to a match. */ name?: pulumi.Input; /** * Specifies the ports on the host that is being addressed. */ port?: pulumi.Input; /** * Query parameters for matching. */ queryParams?: pulumi.Input<{ [key: string]: any; }>; scheme?: any; sourceLabels?: pulumi.Input<{ [key: string]: pulumi.Input; }>; /** * Source namespace constraining the applicability of a rule to workloads in that namespace. */ sourceNamespace?: pulumi.Input; uri?: any; /** * withoutHeader has the same syntax with the header, but has opposite meaning. */ withoutHeaders?: pulumi.Input<{ [key: string]: any; }>; } interface VirtualServiceSpecHttpMirrorArgs { /** * The name of a service from the service registry. */ host?: pulumi.Input; /** * Specifies the port on the host that is being addressed. */ port?: pulumi.Input; /** * The name of a subset within the service. */ subset?: pulumi.Input; } /** * Percentage of the traffic to be mirrored by the `mirror` field. */ interface VirtualServiceSpecHttpMirrorPercentageArgs { value?: pulumi.Input; } /** * Specifies the port on the host that is being addressed. */ interface VirtualServiceSpecHttpMirrorPortArgs { number?: pulumi.Input; } /** * A HTTP rule can either redirect or forward (default) traffic. */ interface VirtualServiceSpecHttpRedirectArgs { authority?: pulumi.Input; redirectCode?: pulumi.Input; uri?: pulumi.Input; } /** * Retry policy for HTTP requests. */ interface VirtualServiceSpecHttpRetriesArgs { /** * Number of retries to be allowed for a given request. */ attempts?: pulumi.Input; /** * Timeout per attempt for a given request, including the initial call and any retries. */ perTryTimeout?: pulumi.Input; /** * Specifies the conditions under which retry takes place. */ retryOn?: pulumi.Input; /** * Flag to specify whether the retries should retry to other localities. */ retryRemoteLocalities?: pulumi.Input; } /** * Rewrite HTTP URIs and Authority headers. */ interface VirtualServiceSpecHttpRewriteArgs { /** * rewrite the Authority/Host header with this value. */ authority?: pulumi.Input; uri?: pulumi.Input; } interface VirtualServiceSpecHttpRouteArgs { destination?: pulumi.Input; headers?: pulumi.Input; weight?: pulumi.Input; } interface VirtualServiceSpecHttpRouteDestinationArgs { /** * The name of a service from the service registry. */ host?: pulumi.Input; /** * Specifies the port on the host that is being addressed. */ port?: pulumi.Input; /** * The name of a subset within the service. */ subset?: pulumi.Input; } /** * Specifies the port on the host that is being addressed. */ interface VirtualServiceSpecHttpRouteDestinationPortArgs { number?: pulumi.Input; } interface VirtualServiceSpecHttpRouteHeadersArgs { request?: pulumi.Input; response?: pulumi.Input; } interface VirtualServiceSpecHttpRouteHeadersRequestArgs { add?: pulumi.Input<{ [key: string]: pulumi.Input; }>; remove?: pulumi.Input[]>; set?: pulumi.Input<{ [key: string]: pulumi.Input; }>; } interface VirtualServiceSpecHttpRouteHeadersResponseArgs { add?: pulumi.Input<{ [key: string]: pulumi.Input; }>; remove?: pulumi.Input[]>; set?: pulumi.Input<{ [key: string]: pulumi.Input; }>; } interface VirtualServiceSpecTcpArgs { match?: pulumi.Input[]>; /** * The destination to which the connection should be forwarded to. */ route?: pulumi.Input[]>; } interface VirtualServiceSpecTcpMatchArgs { /** * IPv4 or IPv6 ip addresses of destination with optional subnet. */ destinationSubnets?: pulumi.Input[]>; /** * Names of gateways where the rule should be applied. */ gateways?: pulumi.Input[]>; /** * Specifies the port on the host that is being addressed. */ port?: pulumi.Input; sourceLabels?: pulumi.Input<{ [key: string]: pulumi.Input; }>; /** * Source namespace constraining the applicability of a rule to workloads in that namespace. */ sourceNamespace?: pulumi.Input; /** * IPv4 or IPv6 ip address of source with optional subnet. */ sourceSubnet?: pulumi.Input; } interface VirtualServiceSpecTcpRouteArgs { destination?: pulumi.Input; weight?: pulumi.Input; } interface VirtualServiceSpecTcpRouteDestinationArgs { /** * The name of a service from the service registry. */ host?: pulumi.Input; /** * Specifies the port on the host that is being addressed. */ port?: pulumi.Input; /** * The name of a subset within the service. */ subset?: pulumi.Input; } /** * Specifies the port on the host that is being addressed. */ interface VirtualServiceSpecTcpRouteDestinationPortArgs { number?: pulumi.Input; } interface VirtualServiceSpecTlsArgs { match?: pulumi.Input[]>; /** * The destination to which the connection should be forwarded to. */ route?: pulumi.Input[]>; } interface VirtualServiceSpecTlsMatchArgs { /** * IPv4 or IPv6 ip addresses of destination with optional subnet. */ destinationSubnets?: pulumi.Input[]>; /** * Names of gateways where the rule should be applied. */ gateways?: pulumi.Input[]>; /** * Specifies the port on the host that is being addressed. */ port?: pulumi.Input; /** * SNI (server name indicator) to match on. */ sniHosts?: pulumi.Input[]>; sourceLabels?: pulumi.Input<{ [key: string]: pulumi.Input; }>; /** * Source namespace constraining the applicability of a rule to workloads in that namespace. */ sourceNamespace?: pulumi.Input; } interface VirtualServiceSpecTlsRouteArgs { destination?: pulumi.Input; weight?: pulumi.Input; } interface VirtualServiceSpecTlsRouteDestinationArgs { /** * The name of a service from the service registry. */ host?: pulumi.Input; /** * Specifies the port on the host that is being addressed. */ port?: pulumi.Input; /** * The name of a subset within the service. */ subset?: pulumi.Input; } /** * Specifies the port on the host that is being addressed. */ interface VirtualServiceSpecTlsRouteDestinationPortArgs { number?: pulumi.Input; } /** * Configuration affecting VMs onboarded into the mesh. See more details at: https://istio.io/docs/reference/config/networking/workload-entry.html */ interface WorkloadEntrySpecArgs { address?: pulumi.Input; /** * One or more labels associated with the endpoint. */ labels?: pulumi.Input<{ [key: string]: pulumi.Input; }>; /** * The locality associated with the endpoint. */ locality?: pulumi.Input; network?: pulumi.Input; /** * Set of ports associated with the endpoint. */ ports?: pulumi.Input<{ [key: string]: pulumi.Input; }>; serviceAccount?: pulumi.Input; /** * The load balancing weight associated with the endpoint. */ weight?: pulumi.Input; } /** * Describes a collection of workload instances. See more details at: https://istio.io/docs/reference/config/networking/workload-group.html */ interface WorkloadGroupSpecArgs { /** * Metadata that will be used for all corresponding `WorkloadEntries`. */ metadata?: pulumi.Input; /** * `ReadinessProbe` describes the configuration the user must provide for healthchecking on their workload. */ probe?: any; /** * Template to be used for the generation of `WorkloadEntry` resources that belong to this `WorkloadGroup`. */ template?: pulumi.Input; } /** * Metadata that will be used for all corresponding `WorkloadEntries`. */ interface WorkloadGroupSpecMetadataArgs { annotations?: pulumi.Input<{ [key: string]: pulumi.Input; }>; labels?: pulumi.Input<{ [key: string]: pulumi.Input; }>; } /** * Template to be used for the generation of `WorkloadEntry` resources that belong to this `WorkloadGroup`. */ interface WorkloadGroupSpecTemplateArgs { address?: pulumi.Input; /** * One or more labels associated with the endpoint. */ labels?: pulumi.Input<{ [key: string]: pulumi.Input; }>; /** * The locality associated with the endpoint. */ locality?: pulumi.Input; network?: pulumi.Input; /** * Set of ports associated with the endpoint. */ ports?: pulumi.Input<{ [key: string]: pulumi.Input; }>; serviceAccount?: pulumi.Input; /** * The load balancing weight associated with the endpoint. */ weight?: pulumi.Input; } } namespace v1beta1 { /** * Configuration affecting load balancing, outlier detection, etc. See more details at: https://istio.io/docs/reference/config/networking/destination-rule.html */ interface DestinationRuleSpecArgs { /** * A list of namespaces to which this destination rule is exported. */ exportTo?: pulumi.Input[]>; /** * The name of a service from the service registry. */ host?: pulumi.Input; subsets?: pulumi.Input[]>; trafficPolicy?: pulumi.Input; } interface DestinationRuleSpecSubsetsArgs { labels?: pulumi.Input<{ [key: string]: pulumi.Input; }>; /** * Name of the subset. */ name?: pulumi.Input; /** * Traffic policies that apply to this subset. */ trafficPolicy?: pulumi.Input; } /** * Traffic policies that apply to this subset. */ interface DestinationRuleSpecSubsetsTrafficPolicyArgs { connectionPool?: pulumi.Input; /** * Settings controlling the load balancer algorithms. */ loadBalancer?: any; outlierDetection?: pulumi.Input; /** * Traffic policies specific to individual ports. */ portLevelSettings?: pulumi.Input[]>; /** * TLS related settings for connections to the upstream service. */ tls?: pulumi.Input; } interface DestinationRuleSpecSubsetsTrafficPolicyConnectionPoolArgs { /** * HTTP connection pool settings. */ http?: pulumi.Input; /** * Settings common to both HTTP and TCP upstream connections. */ tcp?: pulumi.Input; } /** * HTTP connection pool settings. */ interface DestinationRuleSpecSubsetsTrafficPolicyConnectionPoolHttpArgs { /** * Specify if http1.1 connection should be upgraded to http2 for the associated destination. */ h2UpgradePolicy?: pulumi.Input; /** * Maximum number of pending HTTP requests to a destination. */ http1MaxPendingRequests?: pulumi.Input; /** * Maximum number of requests to a backend. */ http2MaxRequests?: pulumi.Input; /** * The idle timeout for upstream connection pool connections. */ idleTimeout?: pulumi.Input; /** * Maximum number of requests per connection to a backend. */ maxRequestsPerConnection?: pulumi.Input; maxRetries?: pulumi.Input; /** * If set to true, client protocol will be preserved while initiating connection to backend. */ useClientProtocol?: pulumi.Input; } /** * Settings common to both HTTP and TCP upstream connections. */ interface DestinationRuleSpecSubsetsTrafficPolicyConnectionPoolTcpArgs { /** * TCP connection timeout. */ connectTimeout?: pulumi.Input; /** * Maximum number of HTTP1 /TCP connections to a destination host. */ maxConnections?: pulumi.Input; /** * If set then set SO_KEEPALIVE on the socket to enable TCP Keepalives. */ tcpKeepalive?: pulumi.Input; } /** * If set then set SO_KEEPALIVE on the socket to enable TCP Keepalives. */ interface DestinationRuleSpecSubsetsTrafficPolicyConnectionPoolTcpTcpKeepaliveArgs { /** * The time duration between keep-alive probes. */ interval?: pulumi.Input; probes?: pulumi.Input; time?: pulumi.Input; } interface DestinationRuleSpecSubsetsTrafficPolicyOutlierDetectionArgs { /** * Minimum ejection duration. */ baseEjectionTime?: pulumi.Input; /** * Number of 5xx errors before a host is ejected from the connection pool. */ consecutive5xxErrors?: pulumi.Input; consecutiveErrors?: pulumi.Input; /** * Number of gateway errors before a host is ejected from the connection pool. */ consecutiveGatewayErrors?: pulumi.Input; consecutiveLocalOriginFailures?: pulumi.Input; /** * Time interval between ejection sweep analysis. */ interval?: pulumi.Input; maxEjectionPercent?: pulumi.Input; minHealthPercent?: pulumi.Input; /** * Determines whether to distinguish local origin failures from external errors. */ splitExternalLocalOriginErrors?: pulumi.Input; } interface DestinationRuleSpecSubsetsTrafficPolicyPortLevelSettingsArgs { connectionPool?: pulumi.Input; /** * Settings controlling the load balancer algorithms. */ loadBalancer?: any; outlierDetection?: pulumi.Input; port?: pulumi.Input; /** * TLS related settings for connections to the upstream service. */ tls?: pulumi.Input; } interface DestinationRuleSpecSubsetsTrafficPolicyPortLevelSettingsConnectionPoolArgs { /** * HTTP connection pool settings. */ http?: pulumi.Input; /** * Settings common to both HTTP and TCP upstream connections. */ tcp?: pulumi.Input; } /** * HTTP connection pool settings. */ interface DestinationRuleSpecSubsetsTrafficPolicyPortLevelSettingsConnectionPoolHttpArgs { /** * Specify if http1.1 connection should be upgraded to http2 for the associated destination. */ h2UpgradePolicy?: pulumi.Input; /** * Maximum number of pending HTTP requests to a destination. */ http1MaxPendingRequests?: pulumi.Input; /** * Maximum number of requests to a backend. */ http2MaxRequests?: pulumi.Input; /** * The idle timeout for upstream connection pool connections. */ idleTimeout?: pulumi.Input; /** * Maximum number of requests per connection to a backend. */ maxRequestsPerConnection?: pulumi.Input; maxRetries?: pulumi.Input; /** * If set to true, client protocol will be preserved while initiating connection to backend. */ useClientProtocol?: pulumi.Input; } /** * Settings common to both HTTP and TCP upstream connections. */ interface DestinationRuleSpecSubsetsTrafficPolicyPortLevelSettingsConnectionPoolTcpArgs { /** * TCP connection timeout. */ connectTimeout?: pulumi.Input; /** * Maximum number of HTTP1 /TCP connections to a destination host. */ maxConnections?: pulumi.Input; /** * If set then set SO_KEEPALIVE on the socket to enable TCP Keepalives. */ tcpKeepalive?: pulumi.Input; } /** * If set then set SO_KEEPALIVE on the socket to enable TCP Keepalives. */ interface DestinationRuleSpecSubsetsTrafficPolicyPortLevelSettingsConnectionPoolTcpTcpKeepaliveArgs { /** * The time duration between keep-alive probes. */ interval?: pulumi.Input; probes?: pulumi.Input