import { output as outputs } from "../types"; export declare namespace networking { namespace v1alpha3 { /** * Configuration affecting load balancing, outlier detection, etc. See more details at: https://istio.io/docs/reference/config/networking/destination-rule.html */ interface DestinationRuleSpec { /** * A list of namespaces to which this destination rule is exported. */ exportTo?: string[]; /** * The name of a service from the service registry. */ host?: string; subsets?: outputs.networking.v1alpha3.DestinationRuleSpecSubsets[]; trafficPolicy?: outputs.networking.v1alpha3.DestinationRuleSpecTrafficPolicy; } interface DestinationRuleSpecSubsets { labels?: { [key: string]: string; }; /** * Name of the subset. */ name?: string; /** * Traffic policies that apply to this subset. */ trafficPolicy?: outputs.networking.v1alpha3.DestinationRuleSpecSubsetsTrafficPolicy; } /** * Traffic policies that apply to this subset. */ interface DestinationRuleSpecSubsetsTrafficPolicy { connectionPool?: outputs.networking.v1alpha3.DestinationRuleSpecSubsetsTrafficPolicyConnectionPool; /** * Settings controlling the load balancer algorithms. */ loadBalancer?: any; outlierDetection?: outputs.networking.v1alpha3.DestinationRuleSpecSubsetsTrafficPolicyOutlierDetection; /** * Traffic policies specific to individual ports. */ portLevelSettings?: outputs.networking.v1alpha3.DestinationRuleSpecSubsetsTrafficPolicyPortLevelSettings[]; /** * TLS related settings for connections to the upstream service. */ tls?: outputs.networking.v1alpha3.DestinationRuleSpecSubsetsTrafficPolicyTls; } interface DestinationRuleSpecSubsetsTrafficPolicyConnectionPool { /** * HTTP connection pool settings. */ http?: outputs.networking.v1alpha3.DestinationRuleSpecSubsetsTrafficPolicyConnectionPoolHttp; /** * Settings common to both HTTP and TCP upstream connections. */ tcp?: outputs.networking.v1alpha3.DestinationRuleSpecSubsetsTrafficPolicyConnectionPoolTcp; } /** * HTTP connection pool settings. */ interface DestinationRuleSpecSubsetsTrafficPolicyConnectionPoolHttp { /** * Specify if http1.1 connection should be upgraded to http2 for the associated destination. */ h2UpgradePolicy?: string; /** * Maximum number of pending HTTP requests to a destination. */ http1MaxPendingRequests?: number; /** * Maximum number of requests to a backend. */ http2MaxRequests?: number; /** * The idle timeout for upstream connection pool connections. */ idleTimeout?: string; /** * Maximum number of requests per connection to a backend. */ maxRequestsPerConnection?: number; maxRetries?: number; /** * If set to true, client protocol will be preserved while initiating connection to backend. */ useClientProtocol?: boolean; } /** * Settings common to both HTTP and TCP upstream connections. */ interface DestinationRuleSpecSubsetsTrafficPolicyConnectionPoolTcp { /** * TCP connection timeout. */ connectTimeout?: string; /** * Maximum number of HTTP1 /TCP connections to a destination host. */ maxConnections?: number; /** * If set then set SO_KEEPALIVE on the socket to enable TCP Keepalives. */ tcpKeepalive?: outputs.networking.v1alpha3.DestinationRuleSpecSubsetsTrafficPolicyConnectionPoolTcpTcpKeepalive; } /** * If set then set SO_KEEPALIVE on the socket to enable TCP Keepalives. */ interface DestinationRuleSpecSubsetsTrafficPolicyConnectionPoolTcpTcpKeepalive { /** * The time duration between keep-alive probes. */ interval?: string; probes?: number; time?: string; } interface DestinationRuleSpecSubsetsTrafficPolicyOutlierDetection { /** * Minimum ejection duration. */ baseEjectionTime?: string; /** * Number of 5xx errors before a host is ejected from the connection pool. */ consecutive5xxErrors?: number; consecutiveErrors?: number; /** * Number of gateway errors before a host is ejected from the connection pool. */ consecutiveGatewayErrors?: number; consecutiveLocalOriginFailures?: number; /** * Time interval between ejection sweep analysis. */ interval?: string; maxEjectionPercent?: number; minHealthPercent?: number; /** * Determines whether to distinguish local origin failures from external errors. */ splitExternalLocalOriginErrors?: boolean; } interface DestinationRuleSpecSubsetsTrafficPolicyPortLevelSettings { connectionPool?: outputs.networking.v1alpha3.DestinationRuleSpecSubsetsTrafficPolicyPortLevelSettingsConnectionPool; /** * Settings controlling the load balancer algorithms. */ loadBalancer?: any; outlierDetection?: outputs.networking.v1alpha3.DestinationRuleSpecSubsetsTrafficPolicyPortLevelSettingsOutlierDetection; port?: outputs.networking.v1alpha3.DestinationRuleSpecSubsetsTrafficPolicyPortLevelSettingsPort; /** * TLS related settings for connections to the upstream service. */ tls?: outputs.networking.v1alpha3.DestinationRuleSpecSubsetsTrafficPolicyPortLevelSettingsTls; } interface DestinationRuleSpecSubsetsTrafficPolicyPortLevelSettingsConnectionPool { /** * HTTP connection pool settings. */ http?: outputs.networking.v1alpha3.DestinationRuleSpecSubsetsTrafficPolicyPortLevelSettingsConnectionPoolHttp; /** * Settings common to both HTTP and TCP upstream connections. */ tcp?: outputs.networking.v1alpha3.DestinationRuleSpecSubsetsTrafficPolicyPortLevelSettingsConnectionPoolTcp; } /** * HTTP connection pool settings. */ interface DestinationRuleSpecSubsetsTrafficPolicyPortLevelSettingsConnectionPoolHttp { /** * Specify if http1.1 connection should be upgraded to http2 for the associated destination. */ h2UpgradePolicy?: string; /** * Maximum number of pending HTTP requests to a destination. */ http1MaxPendingRequests?: number; /** * Maximum number of requests to a backend. */ http2MaxRequests?: number; /** * The idle timeout for upstream connection pool connections. */ idleTimeout?: string; /** * Maximum number of requests per connection to a backend. */ maxRequestsPerConnection?: number; maxRetries?: number; /** * If set to true, client protocol will be preserved while initiating connection to backend. */ useClientProtocol?: boolean; } /** * Settings common to both HTTP and TCP upstream connections. */ interface DestinationRuleSpecSubsetsTrafficPolicyPortLevelSettingsConnectionPoolTcp { /** * TCP connection timeout. */ connectTimeout?: string; /** * Maximum number of HTTP1 /TCP connections to a destination host. */ maxConnections?: number; /** * If set then set SO_KEEPALIVE on the socket to enable TCP Keepalives. */ tcpKeepalive?: outputs.networking.v1alpha3.DestinationRuleSpecSubsetsTrafficPolicyPortLevelSettingsConnectionPoolTcpTcpKeepalive; } /** * If set then set SO_KEEPALIVE on the socket to enable TCP Keepalives. */ interface DestinationRuleSpecSubsetsTrafficPolicyPortLevelSettingsConnectionPoolTcpTcpKeepalive { /** * The time duration between keep-alive probes. */ interval?: string; probes?: number; time?: string; } interface DestinationRuleSpecSubsetsTrafficPolicyPortLevelSettingsOutlierDetection { /** * Minimum ejection duration. */ baseEjectionTime?: string; /** * Number of 5xx errors before a host is ejected from the connection pool. */ consecutive5xxErrors?: number; consecutiveErrors?: number; /** * Number of gateway errors before a host is ejected from the connection pool. */ consecutiveGatewayErrors?: number; consecutiveLocalOriginFailures?: number; /** * Time interval between ejection sweep analysis. */ interval?: string; maxEjectionPercent?: number; minHealthPercent?: number; /** * Determines whether to distinguish local origin failures from external errors. */ splitExternalLocalOriginErrors?: boolean; } interface DestinationRuleSpecSubsetsTrafficPolicyPortLevelSettingsPort { number?: number; } /** * TLS related settings for connections to the upstream service. */ interface DestinationRuleSpecSubsetsTrafficPolicyPortLevelSettingsTls { caCertificates?: string; /** * REQUIRED if mode is `MUTUAL`. */ clientCertificate?: string; credentialName?: string; mode?: string; /** * REQUIRED if mode is `MUTUAL`. */ privateKey?: string; /** * SNI string to present to the server during TLS handshake. */ sni?: string; subjectAltNames?: string[]; } /** * TLS related settings for connections to the upstream service. */ interface DestinationRuleSpecSubsetsTrafficPolicyTls { caCertificates?: string; /** * REQUIRED if mode is `MUTUAL`. */ clientCertificate?: string; credentialName?: string; mode?: string; /** * REQUIRED if mode is `MUTUAL`. */ privateKey?: string; /** * SNI string to present to the server during TLS handshake. */ sni?: string; subjectAltNames?: string[]; } interface DestinationRuleSpecTrafficPolicy { connectionPool?: outputs.networking.v1alpha3.DestinationRuleSpecTrafficPolicyConnectionPool; /** * Settings controlling the load balancer algorithms. */ loadBalancer?: any; outlierDetection?: outputs.networking.v1alpha3.DestinationRuleSpecTrafficPolicyOutlierDetection; /** * Traffic policies specific to individual ports. */ portLevelSettings?: outputs.networking.v1alpha3.DestinationRuleSpecTrafficPolicyPortLevelSettings[]; /** * TLS related settings for connections to the upstream service. */ tls?: outputs.networking.v1alpha3.DestinationRuleSpecTrafficPolicyTls; } interface DestinationRuleSpecTrafficPolicyConnectionPool { /** * HTTP connection pool settings. */ http?: outputs.networking.v1alpha3.DestinationRuleSpecTrafficPolicyConnectionPoolHttp; /** * Settings common to both HTTP and TCP upstream connections. */ tcp?: outputs.networking.v1alpha3.DestinationRuleSpecTrafficPolicyConnectionPoolTcp; } /** * HTTP connection pool settings. */ interface DestinationRuleSpecTrafficPolicyConnectionPoolHttp { /** * Specify if http1.1 connection should be upgraded to http2 for the associated destination. */ h2UpgradePolicy?: string; /** * Maximum number of pending HTTP requests to a destination. */ http1MaxPendingRequests?: number; /** * Maximum number of requests to a backend. */ http2MaxRequests?: number; /** * The idle timeout for upstream connection pool connections. */ idleTimeout?: string; /** * Maximum number of requests per connection to a backend. */ maxRequestsPerConnection?: number; maxRetries?: number; /** * If set to true, client protocol will be preserved while initiating connection to backend. */ useClientProtocol?: boolean; } /** * Settings common to both HTTP and TCP upstream connections. */ interface DestinationRuleSpecTrafficPolicyConnectionPoolTcp { /** * TCP connection timeout. */ connectTimeout?: string; /** * Maximum number of HTTP1 /TCP connections to a destination host. */ maxConnections?: number; /** * If set then set SO_KEEPALIVE on the socket to enable TCP Keepalives. */ tcpKeepalive?: outputs.networking.v1alpha3.DestinationRuleSpecTrafficPolicyConnectionPoolTcpTcpKeepalive; } /** * If set then set SO_KEEPALIVE on the socket to enable TCP Keepalives. */ interface DestinationRuleSpecTrafficPolicyConnectionPoolTcpTcpKeepalive { /** * The time duration between keep-alive probes. */ interval?: string; probes?: number; time?: string; } interface DestinationRuleSpecTrafficPolicyOutlierDetection { /** * Minimum ejection duration. */ baseEjectionTime?: string; /** * Number of 5xx errors before a host is ejected from the connection pool. */ consecutive5xxErrors?: number; consecutiveErrors?: number; /** * Number of gateway errors before a host is ejected from the connection pool. */ consecutiveGatewayErrors?: number; consecutiveLocalOriginFailures?: number; /** * Time interval between ejection sweep analysis. */ interval?: string; maxEjectionPercent?: number; minHealthPercent?: number; /** * Determines whether to distinguish local origin failures from external errors. */ splitExternalLocalOriginErrors?: boolean; } interface DestinationRuleSpecTrafficPolicyPortLevelSettings { connectionPool?: outputs.networking.v1alpha3.DestinationRuleSpecTrafficPolicyPortLevelSettingsConnectionPool; /** * Settings controlling the load balancer algorithms. */ loadBalancer?: any; outlierDetection?: outputs.networking.v1alpha3.DestinationRuleSpecTrafficPolicyPortLevelSettingsOutlierDetection; port?: outputs.networking.v1alpha3.DestinationRuleSpecTrafficPolicyPortLevelSettingsPort; /** * TLS related settings for connections to the upstream service. */ tls?: outputs.networking.v1alpha3.DestinationRuleSpecTrafficPolicyPortLevelSettingsTls; } interface DestinationRuleSpecTrafficPolicyPortLevelSettingsConnectionPool { /** * HTTP connection pool settings. */ http?: outputs.networking.v1alpha3.DestinationRuleSpecTrafficPolicyPortLevelSettingsConnectionPoolHttp; /** * Settings common to both HTTP and TCP upstream connections. */ tcp?: outputs.networking.v1alpha3.DestinationRuleSpecTrafficPolicyPortLevelSettingsConnectionPoolTcp; } /** * HTTP connection pool settings. */ interface DestinationRuleSpecTrafficPolicyPortLevelSettingsConnectionPoolHttp { /** * Specify if http1.1 connection should be upgraded to http2 for the associated destination. */ h2UpgradePolicy?: string; /** * Maximum number of pending HTTP requests to a destination. */ http1MaxPendingRequests?: number; /** * Maximum number of requests to a backend. */ http2MaxRequests?: number; /** * The idle timeout for upstream connection pool connections. */ idleTimeout?: string; /** * Maximum number of requests per connection to a backend. */ maxRequestsPerConnection?: number; maxRetries?: number; /** * If set to true, client protocol will be preserved while initiating connection to backend. */ useClientProtocol?: boolean; } /** * Settings common to both HTTP and TCP upstream connections. */ interface DestinationRuleSpecTrafficPolicyPortLevelSettingsConnectionPoolTcp { /** * TCP connection timeout. */ connectTimeout?: string; /** * Maximum number of HTTP1 /TCP connections to a destination host. */ maxConnections?: number; /** * If set then set SO_KEEPALIVE on the socket to enable TCP Keepalives. */ tcpKeepalive?: outputs.networking.v1alpha3.DestinationRuleSpecTrafficPolicyPortLevelSettingsConnectionPoolTcpTcpKeepalive; } /** * If set then set SO_KEEPALIVE on the socket to enable TCP Keepalives. */ interface DestinationRuleSpecTrafficPolicyPortLevelSettingsConnectionPoolTcpTcpKeepalive { /** * The time duration between keep-alive probes. */ interval?: string; probes?: number; time?: string; } interface DestinationRuleSpecTrafficPolicyPortLevelSettingsOutlierDetection { /** * Minimum ejection duration. */ baseEjectionTime?: string; /** * Number of 5xx errors before a host is ejected from the connection pool. */ consecutive5xxErrors?: number; consecutiveErrors?: number; /** * Number of gateway errors before a host is ejected from the connection pool. */ consecutiveGatewayErrors?: number; consecutiveLocalOriginFailures?: number; /** * Time interval between ejection sweep analysis. */ interval?: string; maxEjectionPercent?: number; minHealthPercent?: number; /** * Determines whether to distinguish local origin failures from external errors. */ splitExternalLocalOriginErrors?: boolean; } interface DestinationRuleSpecTrafficPolicyPortLevelSettingsPort { number?: number; } /** * TLS related settings for connections to the upstream service. */ interface DestinationRuleSpecTrafficPolicyPortLevelSettingsTls { caCertificates?: string; /** * REQUIRED if mode is `MUTUAL`. */ clientCertificate?: string; credentialName?: string; mode?: string; /** * REQUIRED if mode is `MUTUAL`. */ privateKey?: string; /** * SNI string to present to the server during TLS handshake. */ sni?: string; subjectAltNames?: string[]; } /** * TLS related settings for connections to the upstream service. */ interface DestinationRuleSpecTrafficPolicyTls { caCertificates?: string; /** * REQUIRED if mode is `MUTUAL`. */ clientCertificate?: string; credentialName?: string; mode?: string; /** * REQUIRED if mode is `MUTUAL`. */ privateKey?: string; /** * SNI string to present to the server during TLS handshake. */ sni?: string; subjectAltNames?: string[]; } /** * Customizing Envoy configuration generated by Istio. See more details at: https://istio.io/docs/reference/config/networking/envoy-filter.html */ interface EnvoyFilterSpec { /** * One or more patches with match conditions. */ configPatches?: outputs.networking.v1alpha3.EnvoyFilterSpecConfigPatches[]; /** * Priority defines the order in which patch sets are applied within a context. */ priority?: number; workloadSelector?: outputs.networking.v1alpha3.EnvoyFilterSpecWorkloadSelector; } interface EnvoyFilterSpecConfigPatches { applyTo?: string; /** * Match on listener/route configuration/cluster. */ match?: any; /** * The patch to apply along with the operation. */ patch?: outputs.networking.v1alpha3.EnvoyFilterSpecConfigPatchesPatch; } /** * The patch to apply along with the operation. */ interface EnvoyFilterSpecConfigPatchesPatch { /** * Determines the filter insertion order. */ filterClass?: string; /** * Determines how the patch should be applied. */ operation?: string; /** * The JSON config of the object being patched. */ value?: { [key: string]: any; }; } interface EnvoyFilterSpecWorkloadSelector { labels?: { [key: string]: string; }; } /** * Configuration affecting edge load balancer. See more details at: https://istio.io/docs/reference/config/networking/gateway.html */ interface GatewaySpec { selector?: { [key: string]: string; }; /** * A list of server specifications. */ servers?: outputs.networking.v1alpha3.GatewaySpecServers[]; } interface GatewaySpecServers { bind?: string; defaultEndpoint?: string; /** * One or more hosts exposed by this gateway. */ hosts?: string[]; /** * An optional name of the server, when set must be unique across all servers. */ name?: string; port?: outputs.networking.v1alpha3.GatewaySpecServersPort; /** * Set of TLS related options that govern the server's behavior. */ tls?: outputs.networking.v1alpha3.GatewaySpecServersTls; } interface GatewaySpecServersPort { /** * Label assigned to the port. */ name?: string; /** * A valid non-negative integer port number. */ number?: number; /** * The protocol exposed on the port. */ protocol?: string; targetPort?: number; } /** * Set of TLS related options that govern the server's behavior. */ interface GatewaySpecServersTls { /** * REQUIRED if mode is `MUTUAL`. */ caCertificates?: string; /** * Optional: If specified, only support the specified cipher list. */ cipherSuites?: string[]; credentialName?: string; httpsRedirect?: boolean; /** * Optional: Maximum TLS protocol version. */ maxProtocolVersion?: string; /** * Optional: Minimum TLS protocol version. */ minProtocolVersion?: string; mode?: string; /** * REQUIRED if mode is `SIMPLE` or `MUTUAL`. */ privateKey?: string; /** * REQUIRED if mode is `SIMPLE` or `MUTUAL`. */ serverCertificate?: string; subjectAltNames?: string[]; verifyCertificateHash?: string[]; verifyCertificateSpki?: string[]; } /** * Configuration affecting service registry. See more details at: https://istio.io/docs/reference/config/networking/service-entry.html */ interface ServiceEntrySpec { /** * The virtual IP addresses associated with the service. */ addresses?: string[]; /** * One or more endpoints associated with the service. */ endpoints?: outputs.networking.v1alpha3.ServiceEntrySpecEndpoints[]; /** * A list of namespaces to which this service is exported. */ exportTo?: string[]; /** * The hosts associated with the ServiceEntry. */ hosts?: string[]; location?: string; /** * The ports associated with the external service. */ ports?: outputs.networking.v1alpha3.ServiceEntrySpecPorts[]; /** * Service discovery mode for the hosts. */ resolution?: string; subjectAltNames?: string[]; /** * Applicable only for MESH_INTERNAL services. */ workloadSelector?: outputs.networking.v1alpha3.ServiceEntrySpecWorkloadSelector; } interface ServiceEntrySpecEndpoints { address?: string; /** * One or more labels associated with the endpoint. */ labels?: { [key: string]: string; }; /** * The locality associated with the endpoint. */ locality?: string; network?: string; /** * Set of ports associated with the endpoint. */ ports?: { [key: string]: number; }; serviceAccount?: string; /** * The load balancing weight associated with the endpoint. */ weight?: number; } interface ServiceEntrySpecPorts { /** * Label assigned to the port. */ name?: string; /** * A valid non-negative integer port number. */ number?: number; /** * The protocol exposed on the port. */ protocol?: string; targetPort?: number; } /** * Applicable only for MESH_INTERNAL services. */ interface ServiceEntrySpecWorkloadSelector { labels?: { [key: string]: string; }; } /** * Configuration affecting network reachability of a sidecar. See more details at: https://istio.io/docs/reference/config/networking/sidecar.html */ interface SidecarSpec { egress?: outputs.networking.v1alpha3.SidecarSpecEgress[]; ingress?: outputs.networking.v1alpha3.SidecarSpecIngress[]; /** * Configuration for the outbound traffic policy. */ outboundTrafficPolicy?: outputs.networking.v1alpha3.SidecarSpecOutboundTrafficPolicy; workloadSelector?: outputs.networking.v1alpha3.SidecarSpecWorkloadSelector; } interface SidecarSpecEgress { bind?: string; captureMode?: string; hosts?: string[]; /** * The port associated with the listener. */ port?: outputs.networking.v1alpha3.SidecarSpecEgressPort; } /** * The port associated with the listener. */ interface SidecarSpecEgressPort { /** * Label assigned to the port. */ name?: string; /** * A valid non-negative integer port number. */ number?: number; /** * The protocol exposed on the port. */ protocol?: string; targetPort?: number; } interface SidecarSpecIngress { /** * The IP to which the listener should be bound. */ bind?: string; captureMode?: string; defaultEndpoint?: string; /** * The port associated with the listener. */ port?: outputs.networking.v1alpha3.SidecarSpecIngressPort; } /** * The port associated with the listener. */ interface SidecarSpecIngressPort { /** * Label assigned to the port. */ name?: string; /** * A valid non-negative integer port number. */ number?: number; /** * The protocol exposed on the port. */ protocol?: string; targetPort?: number; } /** * Configuration for the outbound traffic policy. */ interface SidecarSpecOutboundTrafficPolicy { egressProxy?: outputs.networking.v1alpha3.SidecarSpecOutboundTrafficPolicyEgressProxy; mode?: string; } interface SidecarSpecOutboundTrafficPolicyEgressProxy { /** * The name of a service from the service registry. */ host?: string; /** * Specifies the port on the host that is being addressed. */ port?: outputs.networking.v1alpha3.SidecarSpecOutboundTrafficPolicyEgressProxyPort; /** * The name of a subset within the service. */ subset?: string; } /** * Specifies the port on the host that is being addressed. */ interface SidecarSpecOutboundTrafficPolicyEgressProxyPort { number?: number; } interface SidecarSpecWorkloadSelector { labels?: { [key: string]: string; }; } /** * Configuration affecting label/content routing, sni routing, etc. See more details at: https://istio.io/docs/reference/config/networking/virtual-service.html */ interface VirtualServiceSpec { /** * A list of namespaces to which this virtual service is exported. */ exportTo?: string[]; /** * The names of gateways and sidecars that should apply these routes. */ gateways?: string[]; /** * The destination hosts to which traffic is being sent. */ hosts?: string[]; /** * An ordered list of route rules for HTTP traffic. */ http?: outputs.networking.v1alpha3.VirtualServiceSpecHttp[]; /** * An ordered list of route rules for opaque TCP traffic. */ tcp?: outputs.networking.v1alpha3.VirtualServiceSpecTcp[]; tls?: outputs.networking.v1alpha3.VirtualServiceSpecTls[]; } interface VirtualServiceSpecHttp { /** * Cross-Origin Resource Sharing policy (CORS). */ corsPolicy?: outputs.networking.v1alpha3.VirtualServiceSpecHttpCorsPolicy; delegate?: outputs.networking.v1alpha3.VirtualServiceSpecHttpDelegate; /** * Fault injection policy to apply on HTTP traffic at the client side. */ fault?: outputs.networking.v1alpha3.VirtualServiceSpecHttpFault; headers?: outputs.networking.v1alpha3.VirtualServiceSpecHttpHeaders; match?: outputs.networking.v1alpha3.VirtualServiceSpecHttpMatch[]; mirror?: outputs.networking.v1alpha3.VirtualServiceSpecHttpMirror; /** * Percentage of the traffic to be mirrored by the `mirror` field. */ mirrorPercent?: number; /** * Percentage of the traffic to be mirrored by the `mirror` field. */ mirrorPercentage?: outputs.networking.v1alpha3.VirtualServiceSpecHttpMirrorPercentage; /** * Percentage of the traffic to be mirrored by the `mirror` field. */ mirror_percent?: number; /** * The name assigned to the route for debugging purposes. */ name?: string; /** * A HTTP rule can either redirect or forward (default) traffic. */ redirect?: outputs.networking.v1alpha3.VirtualServiceSpecHttpRedirect; /** * Retry policy for HTTP requests. */ retries?: outputs.networking.v1alpha3.VirtualServiceSpecHttpRetries; /** * Rewrite HTTP URIs and Authority headers. */ rewrite?: outputs.networking.v1alpha3.VirtualServiceSpecHttpRewrite; /** * A HTTP rule can either redirect or forward (default) traffic. */ route?: outputs.networking.v1alpha3.VirtualServiceSpecHttpRoute[]; /** * Timeout for HTTP requests, default is disabled. */ timeout?: string; } /** * Cross-Origin Resource Sharing policy (CORS). */ interface VirtualServiceSpecHttpCorsPolicy { allowCredentials?: boolean; allowHeaders?: string[]; /** * List of HTTP methods allowed to access the resource. */ allowMethods?: string[]; /** * The list of origins that are allowed to perform CORS requests. */ allowOrigin?: string[]; /** * String patterns that match allowed origins. */ allowOrigins?: any[]; exposeHeaders?: string[]; maxAge?: string; } interface VirtualServiceSpecHttpDelegate { /** * Name specifies the name of the delegate VirtualService. */ name?: string; /** * Namespace specifies the namespace where the delegate VirtualService resides. */ namespace?: string; } /** * Fault injection policy to apply on HTTP traffic at the client side. */ interface VirtualServiceSpecHttpFault { abort?: any; delay?: any; } interface VirtualServiceSpecHttpHeaders { request?: outputs.networking.v1alpha3.VirtualServiceSpecHttpHeadersRequest; response?: outputs.networking.v1alpha3.VirtualServiceSpecHttpHeadersResponse; } interface VirtualServiceSpecHttpHeadersRequest { add?: { [key: string]: string; }; remove?: string[]; set?: { [key: string]: string; }; } interface VirtualServiceSpecHttpHeadersResponse { add?: { [key: string]: string; }; remove?: string[]; set?: { [key: string]: string; }; } interface VirtualServiceSpecHttpMatch { authority?: any; /** * Names of gateways where the rule should be applied. */ gateways?: string[]; headers?: { [key: string]: any; }; /** * Flag to specify whether the URI matching should be case-insensitive. */ ignoreUriCase?: boolean; method?: any; /** * The name assigned to a match. */ name?: string; /** * Specifies the ports on the host that is being addressed. */ port?: number; /** * Query parameters for matching. */ queryParams?: { [key: string]: any; }; scheme?: any; sourceLabels?: { [key: string]: string; }; /** * Source namespace constraining the applicability of a rule to workloads in that namespace. */ sourceNamespace?: string; uri?: any; /** * withoutHeader has the same syntax with the header, but has opposite meaning. */ withoutHeaders?: { [key: string]: any; }; } interface VirtualServiceSpecHttpMirror { /** * The name of a service from the service registry. */ host?: string; /** * Specifies the port on the host that is being addressed. */ port?: outputs.networking.v1alpha3.VirtualServiceSpecHttpMirrorPort; /** * The name of a subset within the service. */ subset?: string; } /** * Percentage of the traffic to be mirrored by the `mirror` field. */ interface VirtualServiceSpecHttpMirrorPercentage { value?: number; } /** * Specifies the port on the host that is being addressed. */ interface VirtualServiceSpecHttpMirrorPort { number?: number; } /** * A HTTP rule can either redirect or forward (default) traffic. */ interface VirtualServiceSpecHttpRedirect { authority?: string; redirectCode?: number; uri?: string; } /** * Retry policy for HTTP requests. */ interface VirtualServiceSpecHttpRetries { /** * Number of retries to be allowed for a given request. */ attempts?: number; /** * Timeout per attempt for a given request, including the initial call and any retries. */ perTryTimeout?: string; /** * Specifies the conditions under which retry takes place. */ retryOn?: string; /** * Flag to specify whether the retries should retry to other localities. */ retryRemoteLocalities?: boolean; } /** * Rewrite HTTP URIs and Authority headers. */ interface VirtualServiceSpecHttpRewrite { /** * rewrite the Authority/Host header with this value. */ authority?: string; uri?: string; } interface VirtualServiceSpecHttpRoute { destination?: outputs.networking.v1alpha3.VirtualServiceSpecHttpRouteDestination; headers?: outputs.networking.v1alpha3.VirtualServiceSpecHttpRouteHeaders; weight?: number; } interface VirtualServiceSpecHttpRouteDestination { /** * The name of a service from the service registry. */ host?: string; /** * Specifies the port on the host that is being addressed. */ port?: outputs.networking.v1alpha3.VirtualServiceSpecHttpRouteDestinationPort; /** * The name of a subset within the service. */ subset?: string; } /** * Specifies the port on the host that is being addressed. */ interface VirtualServiceSpecHttpRouteDestinationPort { number?: number; } interface VirtualServiceSpecHttpRouteHeaders { request?: outputs.networking.v1alpha3.VirtualServiceSpecHttpRouteHeadersRequest; response?: outputs.networking.v1alpha3.VirtualServiceSpecHttpRouteHeadersResponse; } interface VirtualServiceSpecHttpRouteHeadersRequest { add?: { [key: string]: string; }; remove?: string[]; set?: { [key: string]: string; }; } interface VirtualServiceSpecHttpRouteHeadersResponse { add?: { [key: string]: string; }; remove?: string[]; set?: { [key: string]: string; }; } interface VirtualServiceSpecTcp { match?: outputs.networking.v1alpha3.VirtualServiceSpecTcpMatch[]; /** * The destination to which the connection should be forwarded to. */ route?: outputs.networking.v1alpha3.VirtualServiceSpecTcpRoute[]; } interface VirtualServiceSpecTcpMatch { /** * IPv4 or IPv6 ip addresses of destination with optional subnet. */ destinationSubnets?: string[]; /** * Names of gateways where the rule should be applied. */ gateways?: string[]; /** * Specifies the port on the host that is being addressed. */ port?: number; sourceLabels?: { [key: string]: string; }; /** * Source namespace constraining the applicability of a rule to workloads in that namespace. */ sourceNamespace?: string; /** * IPv4 or IPv6 ip address of source with optional subnet. */ sourceSubnet?: string; } interface VirtualServiceSpecTcpRoute { destination?: outputs.networking.v1alpha3.VirtualServiceSpecTcpRouteDestination; weight?: number; } interface VirtualServiceSpecTcpRouteDestination { /** * The name of a service from the service registry. */ host?: string; /** * Specifies the port on the host that is being addressed. */ port?: outputs.networking.v1alpha3.VirtualServiceSpecTcpRouteDestinationPort; /** * The name of a subset within the service. */ subset?: string; } /** * Specifies the port on the host that is being addressed. */ interface VirtualServiceSpecTcpRouteDestinationPort { number?: number; } interface VirtualServiceSpecTls { match?: outputs.networking.v1alpha3.VirtualServiceSpecTlsMatch[]; /** * The destination to which the connection should be forwarded to. */ route?: outputs.networking.v1alpha3.VirtualServiceSpecTlsRoute[]; } interface VirtualServiceSpecTlsMatch { /** * IPv4 or IPv6 ip addresses of destination with optional subnet. */ destinationSubnets?: string[]; /** * Names of gateways where the rule should be applied. */ gateways?: string[]; /** * Specifies the port on the host that is being addressed. */ port?: number; /** * SNI (server name indicator) to match on. */ sniHosts?: string[]; sourceLabels?: { [key: string]: string; }; /** * Source namespace constraining the applicability of a rule to workloads in that namespace. */ sourceNamespace?: string; } interface VirtualServiceSpecTlsRoute { destination?: outputs.networking.v1alpha3.VirtualServiceSpecTlsRouteDestination; weight?: number; } interface VirtualServiceSpecTlsRouteDestination { /** * The name of a service from the service registry. */ host?: string; /** * Specifies the port on the host that is being addressed. */ port?: outputs.networking.v1alpha3.VirtualServiceSpecTlsRouteDestinationPort; /** * The name of a subset within the service. */ subset?: string; } /** * Specifies the port on the host that is being addressed. */ interface VirtualServiceSpecTlsRouteDestinationPort { number?: number; } /** * Configuration affecting VMs onboarded into the mesh. See more details at: https://istio.io/docs/reference/config/networking/workload-entry.html */ interface WorkloadEntrySpec { address?: string; /** * One or more labels associated with the endpoint. */ labels?: { [key: string]: string; }; /** * The locality associated with the endpoint. */ locality?: string; network?: string; /** * Set of ports associated with the endpoint. */ ports?: { [key: string]: number; }; serviceAccount?: string; /** * The load balancing weight associated with the endpoint. */ weight?: number; } /** * Describes a collection of workload instances. See more details at: https://istio.io/docs/reference/config/networking/workload-group.html */ interface WorkloadGroupSpec { /** * Metadata that will be used for all corresponding `WorkloadEntries`. */ metadata?: outputs.networking.v1alpha3.WorkloadGroupSpecMetadata; /** * `ReadinessProbe` describes the configuration the user must provide for healthchecking on their workload. */ probe?: any; /** * Template to be used for the generation of `WorkloadEntry` resources that belong to this `WorkloadGroup`. */ template?: outputs.networking.v1alpha3.WorkloadGroupSpecTemplate; } /** * Metadata that will be used for all corresponding `WorkloadEntries`. */ interface WorkloadGroupSpecMetadata { annotations?: { [key: string]: string; }; labels?: { [key: string]: string; }; } /** * Template to be used for the generation of `WorkloadEntry` resources that belong to this `WorkloadGroup`. */ interface WorkloadGroupSpecTemplate { address?: string; /** * One or more labels associated with the endpoint. */ labels?: { [key: string]: string; }; /** * The locality associated with the endpoint. */ locality?: string; network?: string; /** * Set of ports associated with the endpoint. */ ports?: { [key: string]: number; }; serviceAccount?: string; /** * The load balancing weight associated with the endpoint. */ weight?: number; } } namespace v1beta1 { /** * Configuration affecting load balancing, outlier detection, etc. See more details at: https://istio.io/docs/reference/config/networking/destination-rule.html */ interface DestinationRuleSpec { /** * A list of namespaces to which this destination rule is exported. */ exportTo?: string[]; /** * The name of a service from the service registry. */ host?: string; subsets?: outputs.networking.v1beta1.DestinationRuleSpecSubsets[]; trafficPolicy?: outputs.networking.v1beta1.DestinationRuleSpecTrafficPolicy; } interface DestinationRuleSpecSubsets { labels?: { [key: string]: string; }; /** * Name of the subset. */ name?: string; /** * Traffic policies that apply to this subset. */ trafficPolicy?: outputs.networking.v1beta1.DestinationRuleSpecSubsetsTrafficPolicy; } /** * Traffic policies that apply to this subset. */ interface DestinationRuleSpecSubsetsTrafficPolicy { connectionPool?: outputs.networking.v1beta1.DestinationRuleSpecSubsetsTrafficPolicyConnectionPool; /** * Settings controlling the load balancer algorithms. */ loadBalancer?: any; outlierDetection?: outputs.networking.v1beta1.DestinationRuleSpecSubsetsTrafficPolicyOutlierDetection; /** * Traffic policies specific to individual ports. */ portLevelSettings?: outputs.networking.v1beta1.DestinationRuleSpecSubsetsTrafficPolicyPortLevelSettings[]; /** * TLS related settings for connections to the upstream service. */ tls?: outputs.networking.v1beta1.DestinationRuleSpecSubsetsTrafficPolicyTls; } interface DestinationRuleSpecSubsetsTrafficPolicyConnectionPool { /** * HTTP connection pool settings. */ http?: outputs.networking.v1beta1.DestinationRuleSpecSubsetsTrafficPolicyConnectionPoolHttp; /** * Settings common to both HTTP and TCP upstream connections. */ tcp?: outputs.networking.v1beta1.DestinationRuleSpecSubsetsTrafficPolicyConnectionPoolTcp; } /** * HTTP connection pool settings. */ interface DestinationRuleSpecSubsetsTrafficPolicyConnectionPoolHttp { /** * Specify if http1.1 connection should be upgraded to http2 for the associated destination. */ h2UpgradePolicy?: string; /** * Maximum number of pending HTTP requests to a destination. */ http1MaxPendingRequests?: number; /** * Maximum number of requests to a backend. */ http2MaxRequests?: number; /** * The idle timeout for upstream connection pool connections. */ idleTimeout?: string; /** * Maximum number of requests per connection to a backend. */ maxRequestsPerConnection?: number; maxRetries?: number; /** * If set to true, client protocol will be preserved while initiating connection to backend. */ useClientProtocol?: boolean; } /** * Settings common to both HTTP and TCP upstream connections. */ interface DestinationRuleSpecSubsetsTrafficPolicyConnectionPoolTcp { /** * TCP connection timeout. */ connectTimeout?: string; /** * Maximum number of HTTP1 /TCP connections to a destination host. */ maxConnections?: number; /** * If set then set SO_KEEPALIVE on the socket to enable TCP Keepalives. */ tcpKeepalive?: outputs.networking.v1beta1.DestinationRuleSpecSubsetsTrafficPolicyConnectionPoolTcpTcpKeepalive; } /** * If set then set SO_KEEPALIVE on the socket to enable TCP Keepalives. */ interface DestinationRuleSpecSubsetsTrafficPolicyConnectionPoolTcpTcpKeepalive { /** * The time duration between keep-alive probes. */ interval?: string; probes?: number; time?: string; } interface DestinationRuleSpecSubsetsTrafficPolicyOutlierDetection { /** * Minimum ejection duration. */ baseEjectionTime?: string; /** * Number of 5xx errors before a host is ejected from the connection pool. */ consecutive5xxErrors?: number; consecutiveErrors?: number; /** * Number of gateway errors before a host is ejected from the connection pool. */ consecutiveGatewayErrors?: number; consecutiveLocalOriginFailures?: number; /** * Time interval between ejection sweep analysis. */ interval?: string; maxEjectionPercent?: number; minHealthPercent?: number; /** * Determines whether to distinguish local origin failures from external errors. */ splitExternalLocalOriginErrors?: boolean; } interface DestinationRuleSpecSubsetsTrafficPolicyPortLevelSettings { connectionPool?: outputs.networking.v1beta1.DestinationRuleSpecSubsetsTrafficPolicyPortLevelSettingsConnectionPool; /** * Settings controlling the load balancer algorithms. */ loadBalancer?: any; outlierDetection?: outputs.networking.v1beta1.DestinationRuleSpecSubsetsTrafficPolicyPortLevelSettingsOutlierDetection; port?: outputs.networking.v1beta1.DestinationRuleSpecSubsetsTrafficPolicyPortLevelSettingsPort; /** * TLS related settings for connections to the upstream service. */ tls?: outputs.networking.v1beta1.DestinationRuleSpecSubsetsTrafficPolicyPortLevelSettingsTls; } interface DestinationRuleSpecSubsetsTrafficPolicyPortLevelSettingsConnectionPool { /** * HTTP connection pool settings. */ http?: outputs.networking.v1beta1.DestinationRuleSpecSubsetsTrafficPolicyPortLevelSettingsConnectionPoolHttp; /** * Settings common to both HTTP and TCP upstream connections. */ tcp?: outputs.networking.v1beta1.DestinationRuleSpecSubsetsTrafficPolicyPortLevelSettingsConnectionPoolTcp; } /** * HTTP connection pool settings. */ interface DestinationRuleSpecSubsetsTrafficPolicyPortLevelSettingsConnectionPoolHttp { /** * Specify if http1.1 connection should be upgraded to http2 for the associated destination. */ h2UpgradePolicy?: string; /** * Maximum number of pending HTTP requests to a destination. */ http1MaxPendingRequests?: number; /** * Maximum number of requests to a backend. */ http2MaxRequests?: number; /** * The idle timeout for upstream connection pool connections. */ idleTimeout?: string; /** * Maximum number of requests per connection to a backend. */ maxRequestsPerConnection?: number; maxRetries?: number; /** * If set to true, client protocol will be preserved while initiating connection to backend. */ useClientProtocol?: boolean; } /** * Settings common to both HTTP and TCP upstream connections. */ interface DestinationRuleSpecSubsetsTrafficPolicyPortLevelSettingsConnectionPoolTcp { /** * TCP connection timeout. */ connectTimeout?: string; /** * Maximum number of HTTP1 /TCP connections to a destination host. */ maxConnections?: number; /** * If set then set SO_KEEPALIVE on the socket to enable TCP Keepalives. */ tcpKeepalive?: outputs.networking.v1beta1.DestinationRuleSpecSubsetsTrafficPolicyPortLevelSettingsConnectionPoolTcpTcpKeepalive; } /** * If set then set SO_KEEPALIVE on the socket to enable TCP Keepalives. */ interface DestinationRuleSpecSubsetsTrafficPolicyPortLevelSettingsConnectionPoolTcpTcpKeepalive { /** * The time duration between keep-alive probes. */ interval?: string; probes?: number; time?: string; } interface DestinationRuleSpecSubsetsTrafficPolicyPortLevelSettingsOutlierDetection { /** * Minimum ejection duration. */ baseEjectionTime?: string; /** * Number of 5xx errors before a host is ejected from the connection pool. */ consecutive5xxErrors?: number; consecutiveErrors?: number; /** * Number of gateway errors before a host is ejected from the connection pool. */ consecutiveGatewayErrors?: number; consecutiveLocalOriginFailures?: number; /** * Time interval between ejection sweep analysis. */ interval?: string; maxEjectionPercent?: number; minHealthPercent?: number; /** * Determines whether to distinguish local origin failures from external errors. */ splitExternalLocalOriginErrors?: boolean; } interface DestinationRuleSpecSubsetsTrafficPolicyPortLevelSettingsPort { number?: number; } /** * TLS related settings for connections to the upstream service. */ interface DestinationRuleSpecSubsetsTrafficPolicyPortLevelSettingsTls { caCertificates?: string; /** * REQUIRED if mode is `MUTUAL`. */ clientCertificate?: string; credentialName?: string; mode?: string; /** * REQUIRED if mode is `MUTUAL`. */ privateKey?: string; /** * SNI string to present to the server during TLS handshake. */ sni?: string; subjectAltNames?: string[]; } /** * TLS related settings for connections to the upstream service. */ interface DestinationRuleSpecSubsetsTrafficPolicyTls { caCertificates?: string; /** * REQUIRED if mode is `MUTUAL`. */ clientCertificate?: string; credentialName?: string; mode?: string; /** * REQUIRED if mode is `MUTUAL`. */ privateKey?: string; /** * SNI string to present to the server during TLS handshake. */ sni?: string; subjectAltNames?: string[]; } interface DestinationRuleSpecTrafficPolicy { connectionPool?: outputs.networking.v1beta1.DestinationRuleSpecTrafficPolicyConnectionPool; /** * Settings controlling the load balancer algorithms. */ loadBalancer?: any; outlierDetection?: outputs.networking.v1beta1.DestinationRuleSpecTrafficPolicyOutlierDetection; /** * Traffic policies specific to individual ports. */ portLevelSettings?: outputs.networking.v1beta1.DestinationRuleSpecTrafficPolicyPortLevelSettings[]; /** * TLS related settings for connections to the upstream service. */ tls?: outputs.networking.v1beta1.DestinationRuleSpecTrafficPolicyTls; } interface DestinationRuleSpecTrafficPolicyConnectionPool { /** * HTTP connection pool settings. */ http?: outputs.networking.v1beta1.DestinationRuleSpecTrafficPolicyConnectionPoolHttp; /** * Settings common to both HTTP and TCP upstream connections. */ tcp?: outputs.networking.v1beta1.DestinationRuleSpecTrafficPolicyConnectionPoolTcp; } /** * HTTP connection pool settings. */ interface DestinationRuleSpecTrafficPolicyConnectionPoolHttp { /** * Specify if http1.1 connection should be upgraded to http2 for the associated destination. */ h2UpgradePolicy?: string; /** * Maximum number of pending HTTP requests to a destination. */ http1MaxPendingRequests?: number; /** * Maximum number of requests to a backend. */ http2MaxRequests?: number; /** * The idle timeout for upstream connection pool connections. */ idleTimeout?: string; /** * Maximum number of requests per connection to a backend. */ maxRequestsPerConnection?: number; maxRetries?: number; /** * If set to true, client protocol will be preserved while initiating connection to backend. */ useClientProtocol?: boolean; } /** * Settings common to both HTTP and TCP upstream connections. */ interface DestinationRuleSpecTrafficPolicyConnectionPoolTcp { /** * TCP connection timeout. */ connectTimeout?: string; /** * Maximum number of HTTP1 /TCP connections to a destination host. */ maxConnections?: number; /** * If set then set SO_KEEPALIVE on the socket to enable TCP Keepalives. */ tcpKeepalive?: outputs.networking.v1beta1.DestinationRuleSpecTrafficPolicyConnectionPoolTcpTcpKeepalive; } /** * If set then set SO_KEEPALIVE on the socket to enable TCP Keepalives. */ interface DestinationRuleSpecTrafficPolicyConnectionPoolTcpTcpKeepalive { /** * The time duration between keep-alive probes. */ interval?: string; probes?: number; time?: string; } interface DestinationRuleSpecTrafficPolicyOutlierDetection { /** * Minimum ejection duration. */ baseEjectionTime?: string; /** * Number of 5xx errors before a host is ejected from the connection pool. */ consecutive5xxErrors?: number; consecutiveErrors?: number; /** * Number of gateway errors before a host is ejected from the connection pool. */ consecutiveGatewayErrors?: number; consecutiveLocalOriginFailures?: number; /** * Time interval between ejection sweep analysis. */ interval?: string; maxEjectionPercent?: number; minHealthPercent?: number; /** * Determines whether to distinguish local origin failures from external errors. */ splitExternalLocalOriginErrors?: boolean; } interface DestinationRuleSpecTrafficPolicyPortLevelSettings { connectionPool?: outputs.networking.v1beta1.DestinationRuleSpecTrafficPolicyPortLevelSettingsConnectionPool; /** * Settings controlling the load balancer algorithms. */ loadBalancer?: any; outlierDetection?: outputs.networking.v1beta1.DestinationRuleSpecTrafficPolicyPortLevelSettingsOutlierDetection; port?: outputs.networking.v1beta1.DestinationRuleSpecTrafficPolicyPortLevelSettingsPort; /** * TLS related settings for connections to the upstream service. */ tls?: outputs.networking.v1beta1.DestinationRuleSpecTrafficPolicyPortLevelSettingsTls; } interface DestinationRuleSpecTrafficPolicyPortLevelSettingsConnectionPool { /** * HTTP connection pool settings. */ http?: outputs.networking.v1beta1.DestinationRuleSpecTrafficPolicyPortLevelSettingsConnectionPoolHttp; /** * Settings common to both HTTP and TCP upstream connections. */ tcp?: outputs.networking.v1beta1.DestinationRuleSpecTrafficPolicyPortLevelSettingsConnectionPoolTcp; } /** * HTTP connection pool settings. */ interface DestinationRuleSpecTrafficPolicyPortLevelSettingsConnectionPoolHttp { /** * Specify if http1.1 connection should be upgraded to http2 for the associated destination. */ h2UpgradePolicy?: string; /** * Maximum number of pending HTTP requests to a destination. */ http1MaxPendingRequests?: number; /** * Maximum number of requests to a backend. */ http2MaxRequests?: number; /** * The idle timeout for upstream connection pool connections. */ idleTimeout?: string; /** * Maximum number of requests per connection to a backend. */ maxRequestsPerConnection?: number; maxRetries?: number; /** * If set to true, client protocol will be preserved while initiating connection to backend. */ useClientProtocol?: boolean; } /** * Settings common to both HTTP and TCP upstream connections. */ interface DestinationRuleSpecTrafficPolicyPortLevelSettingsConnectionPoolTcp { /** * TCP connection timeout. */ connectTimeout?: string; /** * Maximum number of HTTP1 /TCP connections to a destination host. */ maxConnections?: number; /** * If set then set SO_KEEPALIVE on the socket to enable TCP Keepalives. */ tcpKeepalive?: outputs.networking.v1beta1.DestinationRuleSpecTrafficPolicyPortLevelSettingsConnectionPoolTcpTcpKeepalive; } /** * If set then set SO_KEEPALIVE on the socket to enable TCP Keepalives. */ interface DestinationRuleSpecTrafficPolicyPortLevelSettingsConnectionPoolTcpTcpKeepalive { /** * The time duration between keep-alive probes. */ interval?: string; probes?: number; time?: string; } interface DestinationRuleSpecTrafficPolicyPortLevelSettingsOutlierDetection { /** * Minimum ejection duration. */ baseEjectionTime?: string; /** * Number of 5xx errors before a host is ejected from the connection pool. */ consecutive5xxErrors?: number; consecutiveErrors?: number; /** * Number of gateway errors before a host is ejected from the connection pool. */ consecutiveGatewayErrors?: number; consecutiveLocalOriginFailures?: number; /** * Time interval between ejection sweep analysis. */ interval?: string; maxEjectionPercent?: number; minHealthPercent?: number; /** * Determines whether to distinguish local origin failures from external errors. */ splitExternalLocalOriginErrors?: boolean; } interface DestinationRuleSpecTrafficPolicyPortLevelSettingsPort { number?: number; } /** * TLS related settings for connections to the upstream service. */ interface DestinationRuleSpecTrafficPolicyPortLevelSettingsTls { caCertificates?: string; /** * REQUIRED if mode is `MUTUAL`. */ clientCertificate?: string; credentialName?: string; mode?: string; /** * REQUIRED if mode is `MUTUAL`. */ privateKey?: string; /** * SNI string to present to the server during TLS handshake. */ sni?: string; subjectAltNames?: string[]; } /** * TLS related settings for connections to the upstream service. */ interface DestinationRuleSpecTrafficPolicyTls { caCertificates?: string; /** * REQUIRED if mode is `MUTUAL`. */ clientCertificate?: string; credentialName?: string; mode?: string; /** * REQUIRED if mode is `MUTUAL`. */ privateKey?: string; /** * SNI string to present to the server during TLS handshake. */ sni?: string; subjectAltNames?: string[]; } /** * Configuration affecting edge load balancer. See more details at: https://istio.io/docs/reference/config/networking/gateway.html */ interface GatewaySpec { selector?: { [key: string]: string; }; /** * A list of server specifications. */ servers?: outputs.networking.v1beta1.GatewaySpecServers[]; } interface GatewaySpecServers { bind?: string; defaultEndpoint?: string; /** * One or more hosts exposed by this gateway. */ hosts?: string[]; /** * An optional name of the server, when set must be unique across all servers. */ name?: string; port?: outputs.networking.v1beta1.GatewaySpecServersPort; /** * Set of TLS related options that govern the server's behavior. */ tls?: outputs.networking.v1beta1.GatewaySpecServersTls; } interface GatewaySpecServersPort { /** * Label assigned to the port. */ name?: string; /** * A valid non-negative integer port number. */ number?: number; /** * The protocol exposed on the port. */ protocol?: string; targetPort?: number; } /** * Set of TLS related options that govern the server's behavior. */ interface GatewaySpecServersTls { /** * REQUIRED if mode is `MUTUAL`. */ caCertificates?: string; /** * Optional: If specified, only support the specified cipher list. */ cipherSuites?: string[]; credentialName?: string; httpsRedirect?: boolean; /** * Optional: Maximum TLS protocol version. */ maxProtocolVersion?: string; /** * Optional: Minimum TLS protocol version. */ minProtocolVersion?: string; mode?: string; /** * REQUIRED if mode is `SIMPLE` or `MUTUAL`. */ privateKey?: string; /** * REQUIRED if mode is `SIMPLE` or `MUTUAL`. */ serverCertificate?: string; subjectAltNames?: string[]; verifyCertificateHash?: string[]; verifyCertificateSpki?: string[]; } /** * Configuration affecting service registry. See more details at: https://istio.io/docs/reference/config/networking/service-entry.html */ interface ServiceEntrySpec { /** * The virtual IP addresses associated with the service. */ addresses?: string[]; /** * One or more endpoints associated with the service. */ endpoints?: outputs.networking.v1beta1.ServiceEntrySpecEndpoints[]; /** * A list of namespaces to which this service is exported. */ exportTo?: string[]; /** * The hosts associated with the ServiceEntry. */ hosts?: string[]; location?: string; /** * The ports associated with the external service. */ ports?: outputs.networking.v1beta1.ServiceEntrySpecPorts[]; /** * Service discovery mode for the hosts. */ resolution?: string; subjectAltNames?: string[]; /** * Applicable only for MESH_INTERNAL services. */ workloadSelector?: outputs.networking.v1beta1.ServiceEntrySpecWorkloadSelector; } interface ServiceEntrySpecEndpoints { address?: string; /** * One or more labels associated with the endpoint. */ labels?: { [key: string]: string; }; /** * The locality associated with the endpoint. */ locality?: string; network?: string; /** * Set of ports associated with the endpoint. */ ports?: { [key: string]: number; }; serviceAccount?: string; /** * The load balancing weight associated with the endpoint. */ weight?: number; } interface ServiceEntrySpecPorts { /** * Label assigned to the port. */ name?: string; /** * A valid non-negative integer port number. */ number?: number; /** * The protocol exposed on the port. */ protocol?: string; targetPort?: number; } /** * Applicable only for MESH_INTERNAL services. */ interface ServiceEntrySpecWorkloadSelector { labels?: { [key: string]: string; }; } /** * Configuration affecting network reachability of a sidecar. See more details at: https://istio.io/docs/reference/config/networking/sidecar.html */ interface SidecarSpec { egress?: outputs.networking.v1beta1.SidecarSpecEgress[]; ingress?: outputs.networking.v1beta1.SidecarSpecIngress[]; /** * Configuration for the outbound traffic policy. */ outboundTrafficPolicy?: outputs.networking.v1beta1.SidecarSpecOutboundTrafficPolicy; workloadSelector?: outputs.networking.v1beta1.SidecarSpecWorkloadSelector; } interface SidecarSpecEgress { bind?: string; captureMode?: string; hosts?: string[]; /** * The port associated with the listener. */ port?: outputs.networking.v1beta1.SidecarSpecEgressPort; } /** * The port associated with the listener. */ interface SidecarSpecEgressPort { /** * Label assigned to the port. */ name?: string; /** * A valid non-negative integer port number. */ number?: number; /** * The protocol exposed on the port. */ protocol?: string; targetPort?: number; } interface SidecarSpecIngress { /** * The IP to which the listener should be bound. */ bind?: string; captureMode?: string; defaultEndpoint?: string; /** * The port associated with the listener. */ port?: outputs.networking.v1beta1.SidecarSpecIngressPort; } /** * The port associated with the listener. */ interface SidecarSpecIngressPort { /** * Label assigned to the port. */ name?: string; /** * A valid non-negative integer port number. */ number?: number; /** * The protocol exposed on the port. */ protocol?: string; targetPort?: number; } /** * Configuration for the outbound traffic policy. */ interface SidecarSpecOutboundTrafficPolicy { egressProxy?: outputs.networking.v1beta1.SidecarSpecOutboundTrafficPolicyEgressProxy; mode?: string; } interface SidecarSpecOutboundTrafficPolicyEgressProxy { /** * The name of a service from the service registry. */ host?: string; /** * Specifies the port on the host that is being addressed. */ port?: outputs.networking.v1beta1.SidecarSpecOutboundTrafficPolicyEgressProxyPort; /** * The name of a subset within the service. */ subset?: string; } /** * Specifies the port on the host that is being addressed. */ interface SidecarSpecOutboundTrafficPolicyEgressProxyPort { number?: number; } interface SidecarSpecWorkloadSelector { labels?: { [key: string]: string; }; } /** * Configuration affecting label/content routing, sni routing, etc. See more details at: https://istio.io/docs/reference/config/networking/virtual-service.html */ interface VirtualServiceSpec { /** * A list of namespaces to which this virtual service is exported. */ exportTo?: string[]; /** * The names of gateways and sidecars that should apply these routes. */ gateways?: string[]; /** * The destination hosts to which traffic is being sent. */ hosts?: string[]; /** * An ordered list of route rules for HTTP traffic. */ http?: outputs.networking.v1beta1.VirtualServiceSpecHttp[]; /** * An ordered list of route rules for opaque TCP traffic. */ tcp?: outputs.networking.v1beta1.VirtualServiceSpecTcp[]; tls?: outputs.networking.v1beta1.VirtualServiceSpecTls[]; } interface VirtualServiceSpecHttp { /** * Cross-Origin Resource Sharing policy (CORS). */ corsPolicy?: outputs.networking.v1beta1.VirtualServiceSpecHttpCorsPolicy; delegate?: outputs.networking.v1beta1.VirtualServiceSpecHttpDelegate; /** * Fault injection policy to apply on HTTP traffic at the client side. */ fault?: outputs.networking.v1beta1.VirtualServiceSpecHttpFault; headers?: outputs.networking.v1beta1.VirtualServiceSpecHttpHeaders; match?: outputs.networking.v1beta1.VirtualServiceSpecHttpMatch[]; mirror?: outputs.networking.v1beta1.VirtualServiceSpecHttpMirror; /** * Percentage of the traffic to be mirrored by the `mirror` field. */ mirrorPercent?: number; /** * Percentage of the traffic to be mirrored by the `mirror` field. */ mirrorPercentage?: outputs.networking.v1beta1.VirtualServiceSpecHttpMirrorPercentage; /** * Percentage of the traffic to be mirrored by the `mirror` field. */ mirror_percent?: number; /** * The name assigned to the route for debugging purposes. */ name?: string; /** * A HTTP rule can either redirect or forward (default) traffic. */ redirect?: outputs.networking.v1beta1.VirtualServiceSpecHttpRedirect; /** * Retry policy for HTTP requests. */ retries?: outputs.networking.v1beta1.VirtualServiceSpecHttpRetries; /** * Rewrite HTTP URIs and Authority headers. */ rewrite?: outputs.networking.v1beta1.VirtualServiceSpecHttpRewrite; /** * A HTTP rule can either redirect or forward (default) traffic. */ route?: outputs.networking.v1beta1.VirtualServiceSpecHttpRoute[]; /** * Timeout for HTTP requests, default is disabled. */ timeout?: string; } /** * Cross-Origin Resource Sharing policy (CORS). */ interface VirtualServiceSpecHttpCorsPolicy { allowCredentials?: boolean; allowHeaders?: string[]; /** * List of HTTP methods allowed to access the resource. */ allowMethods?: string[]; /** * The list of origins that are allowed to perform CORS requests. */ allowOrigin?: string[]; /** * String patterns that match allowed origins. */ allowOrigins?: any[]; exposeHeaders?: string[]; maxAge?: string; } interface VirtualServiceSpecHttpDelegate { /** * Name specifies the name of the delegate VirtualService. */ name?: string; /** * Namespace specifies the namespace where the delegate VirtualService resides. */ namespace?: string; } /** * Fault injection policy to apply on HTTP traffic at the client side. */ interface VirtualServiceSpecHttpFault { abort?: any; delay?: any; } interface VirtualServiceSpecHttpHeaders { request?: outputs.networking.v1beta1.VirtualServiceSpecHttpHeadersRequest; response?: outputs.networking.v1beta1.VirtualServiceSpecHttpHeadersResponse; } interface VirtualServiceSpecHttpHeadersRequest { add?: { [key: string]: string; }; remove?: string[]; set?: { [key: string]: string; }; } interface VirtualServiceSpecHttpHeadersResponse { add?: { [key: string]: string; }; remove?: string[]; set?: { [key: string]: string; }; } interface VirtualServiceSpecHttpMatch { authority?: any; /** * Names of gateways where the rule should be applied. */ gateways?: string[]; headers?: { [key: string]: any; }; /** * Flag to specify whether the URI matching should be case-insensitive. */ ignoreUriCase?: boolean; method?: any; /** * The name assigned to a match. */ name?: string; /** * Specifies the ports on the host that is being addressed. */ port?: number; /** * Query parameters for matching. */ queryParams?: { [key: string]: any; }; scheme?: any; sourceLabels?: { [key: string]: string; }; /** * Source namespace constraining the applicability of a rule to workloads in that namespace. */ sourceNamespace?: string; uri?: any; /** * withoutHeader has the same syntax with the header, but has opposite meaning. */ withoutHeaders?: { [key: string]: any; }; } interface VirtualServiceSpecHttpMirror { /** * The name of a service from the service registry. */ host?: string; /** * Specifies the port on the host that is being addressed. */ port?: outputs.networking.v1beta1.VirtualServiceSpecHttpMirrorPort; /** * The name of a subset within the service. */ subset?: string; } /** * Percentage of the traffic to be mirrored by the `mirror` field. */ interface VirtualServiceSpecHttpMirrorPercentage { value?: number; } /** * Specifies the port on the host that is being addressed. */ interface VirtualServiceSpecHttpMirrorPort { number?: number; } /** * A HTTP rule can either redirect or forward (default) traffic. */ interface VirtualServiceSpecHttpRedirect { authority?: string; redirectCode?: number; uri?: string; } /** * Retry policy for HTTP requests. */ interface VirtualServiceSpecHttpRetries { /** * Number of retries to be allowed for a given request. */ attempts?: number; /** * Timeout per attempt for a given request, including the initial call and any retries. */ perTryTimeout?: string; /** * Specifies the conditions under which retry takes place. */ retryOn?: string; /** * Flag to specify whether the retries should retry to other localities. */ retryRemoteLocalities?: boolean; } /** * Rewrite HTTP URIs and Authority headers. */ interface VirtualServiceSpecHttpRewrite { /** * rewrite the Authority/Host header with this value. */ authority?: string; uri?: string; } interface VirtualServiceSpecHttpRoute { destination?: outputs.networking.v1beta1.VirtualServiceSpecHttpRouteDestination; headers?: outputs.networking.v1beta1.VirtualServiceSpecHttpRouteHeaders; weight?: number; } interface VirtualServiceSpecHttpRouteDestination { /** * The name of a service from the service registry. */ host?: string; /** * Specifies the port on the host that is being addressed. */ port?: outputs.networking.v1beta1.VirtualServiceSpecHttpRouteDestinationPort; /** * The name of a subset within the service. */ subset?: string; } /** * Specifies the port on the host that is being addressed. */ interface VirtualServiceSpecHttpRouteDestinationPort { number?: number; } interface VirtualServiceSpecHttpRouteHeaders { request?: outputs.networking.v1beta1.VirtualServiceSpecHttpRouteHeadersRequest; response?: outputs.networking.v1beta1.VirtualServiceSpecHttpRouteHeadersResponse; } interface VirtualServiceSpecHttpRouteHeadersRequest { add?: { [key: string]: string; }; remove?: string[]; set?: { [key: string]: string; }; } interface VirtualServiceSpecHttpRouteHeadersResponse { add?: { [key: string]: string; }; remove?: string[]; set?: { [key: string]: string; }; } interface VirtualServiceSpecTcp { match?: outputs.networking.v1beta1.VirtualServiceSpecTcpMatch[]; /** * The destination to which the connection should be forwarded to. */ route?: outputs.networking.v1beta1.VirtualServiceSpecTcpRoute[]; } interface VirtualServiceSpecTcpMatch { /** * IPv4 or IPv6 ip addresses of destination with optional subnet. */ destinationSubnets?: string[]; /** * Names of gateways where the rule should be applied. */ gateways?: string[]; /** * Specifies the port on the host that is being addressed. */ port?: number; sourceLabels?: { [key: string]: string; }; /** * Source namespace constraining the applicability of a rule to workloads in that namespace. */ sourceNamespace?: string; /** * IPv4 or IPv6 ip address of source with optional subnet. */ sourceSubnet?: string; } interface VirtualServiceSpecTcpRoute { destination?: outputs.networking.v1beta1.VirtualServiceSpecTcpRouteDestination; weight?: number; } interface VirtualServiceSpecTcpRouteDestination { /** * The name of a service from the service registry. */ host?: string; /** * Specifies the port on the host that is being addressed. */ port?: outputs.networking.v1beta1.VirtualServiceSpecTcpRouteDestinationPort; /** * The name of a subset within the service. */ subset?: string; } /** * Specifies the port on the host that is being addressed. */ interface VirtualServiceSpecTcpRouteDestinationPort { number?: number; } interface VirtualServiceSpecTls { match?: outputs.networking.v1beta1.VirtualServiceSpecTlsMatch[]; /** * The destination to which the connection should be forwarded to. */ route?: outputs.networking.v1beta1.VirtualServiceSpecTlsRoute[]; } interface VirtualServiceSpecTlsMatch { /** * IPv4 or IPv6 ip addresses of destination with optional subnet. */ destinationSubnets?: string[]; /** * Names of gateways where the rule should be applied. */ gateways?: string[]; /** * Specifies the port on the host that is being addressed. */ port?: number; /** * SNI (server name indicator) to match on. */ sniHosts?: string[]; sourceLabels?: { [key: string]: string; }; /** * Source namespace constraining the applicability of a rule to workloads in that namespace. */ sourceNamespace?: string; } interface VirtualServiceSpecTlsRoute { destination?: outputs.networking.v1beta1.VirtualServiceSpecTlsRouteDestination; weight?: number; } interface VirtualServiceSpecTlsRouteDestination { /** * The name of a service from the service registry. */ host?: string; /** * Specifies the port on the host that is being addressed. */ port?: outputs.networking.v1beta1.VirtualServiceSpecTlsRouteDestinationPort; /** * The name of a subset within the service. */ subset?: string; } /** * Specifies the port on the host that is being addressed. */ interface VirtualServiceSpecTlsRouteDestinationPort { number?: number; } /** * Configuration affecting VMs onboarded into the mesh. See more details at: https://istio.io/docs/reference/config/networking/workload-entry.html */ interface WorkloadEntrySpec { address?: string; /** * One or more labels associated with the endpoint. */ labels?: { [key: string]: string; }; /** * The locality associated with the endpoint. */ locality?: string; network?: string; /** * Set of ports associated with the endpoint. */ ports?: { [key: string]: number; }; serviceAccount?: string; /** * The load balancing weight associated with the endpoint. */ weight?: number; } } } export declare namespace security { namespace v1beta1 { /** * PeerAuthentication defines how traffic will be tunneled (or not) to the sidecar. */ interface PeerAuthenticationSpec { /** * Mutual TLS settings for workload. */ mtls?: outputs.security.v1beta1.PeerAuthenticationSpecMtls; /** * Port specific mutual TLS settings. */ portLevelMtls?: { [key: string]: outputs.security.v1beta1.PeerAuthenticationSpecPortLevelMtls; }; /** * The selector determines the workloads to apply the ChannelAuthentication on. */ selector?: outputs.security.v1beta1.PeerAuthenticationSpecSelector; } /** * Mutual TLS settings for workload. */ interface PeerAuthenticationSpecMtls { /** * Defines the mTLS mode used for peer authentication. */ mode?: string; } interface PeerAuthenticationSpecPortLevelMtls { /** * Defines the mTLS mode used for peer authentication. */ mode?: string; } /** * The selector determines the workloads to apply the ChannelAuthentication on. */ interface PeerAuthenticationSpecSelector { matchLabels?: { [key: string]: string; }; } /** * RequestAuthentication defines what request authentication methods are supported by a workload. */ interface RequestAuthenticationSpec { /** * Define the list of JWTs that can be validated at the selected workloads' proxy. */ jwtRules?: outputs.security.v1beta1.RequestAuthenticationSpecJwtRules[]; /** * The selector determines the workloads to apply the RequestAuthentication on. */ selector?: outputs.security.v1beta1.RequestAuthenticationSpecSelector; } interface RequestAuthenticationSpecJwtRules { audiences?: string[]; /** * If set to true, the orginal token will be kept for the ustream request. */ forwardOriginalToken?: boolean; /** * List of header locations from which JWT is expected. */ fromHeaders?: outputs.security.v1beta1.RequestAuthenticationSpecJwtRulesFromHeaders[]; /** * List of query parameters from which JWT is expected. */ fromParams?: string[]; /** * Identifies the issuer that issued the JWT. */ issuer?: string; /** * JSON Web Key Set of public keys to validate signature of the JWT. */ jwks?: string; jwksUri?: string; jwks_uri?: string; outputPayloadToHeader?: string; } interface RequestAuthenticationSpecJwtRulesFromHeaders { /** * The HTTP header name. */ name?: string; /** * The prefix that should be stripped before decoding the token. */ prefix?: string; } /** * The selector determines the workloads to apply the RequestAuthentication on. */ interface RequestAuthenticationSpecSelector { matchLabels?: { [key: string]: string; }; } interface AuthorizationRuleSpecSelectorArgs { /** * matchLabels is a map of {key,value} pairs. * A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, * whose key field is "key", the operator is "In", * and the values array contains only "value". * The requirements are ANDed. */ matchLabels?: { [key: string]: string; }; } interface AuthorizationRuleSpecRulesArgs { from?: AuthorizationRuleSpecRulesFromArgs[]; to?: AuthorizationRuleSpecRulesToArgs[]; when?: AuthorizationRuleSpecRulesWhenArgs[]; } interface AuthorizationRuleSpecRulesFromArgs { source: AuthorizationRuleSpecRulesFromSourceArgs; } interface AuthorizationRuleSpecRulesFromSourceArgs { principals?: string[]; notPrincipals?: string[]; requestPrincipals?: string[]; notRequestPrincipals?: string[]; namespaces?: string[]; notNamespaces?: string[]; ipBlocks?: string[]; notIpBlocks?: string[]; remoteIpBlocks?: string[]; notRemoteIpBlocks?: string[]; } interface AuthorizationRuleSpecRulesToArgs { operation: AuthorizationRuleSpecRulesToOperationArgs; } interface AuthorizationRuleSpecRulesToOperationArgs { hosts?: string[]; notHosts?: string[]; ports?: string[]; notPorts?: string[]; methods?: string[]; notMethods?: string[]; paths?: string[]; notPaths?: string[]; } interface AuthorizationRuleSpecRulesWhenArgs { /** * List of available value. * https://istio.io/latest/docs/reference/config/security/conditions/ */ key: string; values?: string[]; notValues?: string[]; } /** * Specifies the name of the extension provider. * The list of available providers is defined in the MeshConfig. * Note, currently at most 1 extension provider is allowed per workload. * Different workloads can use different extension provider. */ interface AuthorizationRuleSpecProviderArgs { name?: string; } const ActionSpecType: { readonly ALLOW: "ALLOW"; readonly DENY: "DENY"; readonly AUDIT: "AUDIT"; readonly CUSTOM: "CUSTOM"; }; type ActionSpecType = (typeof ActionSpecType)[keyof typeof ActionSpecType]; } } export declare namespace telemetry { namespace v1alpha1 { /** * Telemetry defines how the telemetry is generated for workloads within a mesh. */ interface TelemetrySpec { /** * Optional. */ accessLogging?: outputs.telemetry.v1alpha1.TelemetrySpecAccessLogging[]; /** * Optional. */ metrics?: outputs.telemetry.v1alpha1.TelemetrySpecMetrics[]; /** * Optional. */ selector?: outputs.telemetry.v1alpha1.TelemetrySpecSelector; /** * Optional. */ tracing?: outputs.telemetry.v1alpha1.TelemetrySpecTracing[]; } interface TelemetrySpecAccessLogging { /** * Controls logging. */ disabled?: boolean; /** * Optional. */ providers?: outputs.telemetry.v1alpha1.TelemetrySpecAccessLoggingProviders[]; } interface TelemetrySpecAccessLoggingProviders { /** * Required. */ name?: string; } interface TelemetrySpecMetrics { /** * Optional. */ overrides?: outputs.telemetry.v1alpha1.TelemetrySpecMetricsOverrides[]; /** * Optional. */ providers?: outputs.telemetry.v1alpha1.TelemetrySpecMetricsProviders[]; } interface TelemetrySpecMetricsOverrides { /** * Optional. */ disabled?: boolean; /** * Match allows provides the scope of the override. */ match?: any; /** * Optional. */ tagOverrides?: { [key: string]: outputs.telemetry.v1alpha1.TelemetrySpecMetricsOverridesTagOverrides; }; } interface TelemetrySpecMetricsOverridesTagOverrides { /** * Operation controls whether or not to update/add a tag, or to remove it. */ operation?: string; /** * Value is only considered if the operation is `UPSERT`. */ value?: string; } interface TelemetrySpecMetricsProviders { /** * Required. */ name?: string; } /** * Optional. */ interface TelemetrySpecSelector { matchLabels?: { [key: string]: string; }; } interface TelemetrySpecTracing { /** * Optional. */ customTags?: { [key: string]: any; }; /** * Controls span reporting. */ disableSpanReporting?: boolean; /** * Optional. */ providers?: outputs.telemetry.v1alpha1.TelemetrySpecTracingProviders[]; randomSamplingPercentage?: number; } interface TelemetrySpecTracingProviders { /** * Required. */ name?: string; } } }