forked from istio/api
-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathnetwork.proto
122 lines (109 loc) · 4.82 KB
/
network.proto
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
// Copyright 2018 Istio Authors
//
// Licensed under the Apache License, Version 2.0 (the "License");
// you may not use this file except in compliance with the License.
// You may obtain a copy of the License at
//
// http://www.apache.org/licenses/LICENSE-2.0
//
// Unless required by applicable law or agreed to in writing, software
// distributed under the License is distributed on an "AS IS" BASIS,
// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
// See the License for the specific language governing permissions and
// limitations under the License.
syntax = "proto3";
package istio.mesh.v1alpha1;
import "google/api/field_behavior.proto";
option go_package="istio.io/api/mesh/v1alpha1";
// Network provides information about the endpoints in a routable L3
// network. A single routable L3 network can have one or more service
// registries. Note that the network has no relation to the locality of the
// endpoint. The endpoint locality will be obtained from the service
// registry.
message Network {
// NetworkEndpoints describes how the network associated with an endpoint
// should be inferred. An endpoint will be assigned to a network based on
// the following rules:
//
// 1. Implicitly: If the registry explicitly provides information about
// the network to which the endpoint belongs to. In some cases, its
// possible to indicate the network associated with the endpoint by
// adding the `ISTIO_META_NETWORK` environment variable to the sidecar.
//
// 2. Explicitly:
//
// a. By matching the registry name with one of the "fromRegistry"
// in the mesh config. A "from_registry" can only be assigned to a
// single network.
//
// b. By matching the IP against one of the CIDR ranges in a mesh
// config network. The CIDR ranges must not overlap and be assigned to
// a single network.
//
// (2) will override (1) if both are present.
message NetworkEndpoints {
oneof ne {
// A CIDR range for the set of endpoints in this network. The CIDR
// ranges for endpoints from different networks must not overlap.
string from_cidr = 1;
// Add all endpoints from the specified registry into this network.
// The names of the registries should correspond to the kubeconfig file name
// inside the secret that was used to configure the registry (Kubernetes
// multicluster) or supplied by MCP server.
string from_registry = 2;
}
}
// The list of endpoints in the network (obtained through the
// constituent service registries or from CIDR ranges). All endpoints in
// the network are directly accessible to one another.
repeated NetworkEndpoints endpoints = 2 [(google.api.field_behavior) = REQUIRED];
// The gateway associated with this network. Traffic from remote networks
// will arrive at the specified gateway:port. All incoming traffic must
// use mTLS.
message IstioNetworkGateway {
oneof gw {
// A fully qualified domain name of the gateway service. Pilot will
// lookup the service from the service registries in the network and
// obtain the endpoint IPs of the gateway from the service
// registry. Note that while the service name is a fully qualified
// domain name, it need not be resolvable outside the orchestration
// platform for the registry. e.g., this could be
// istio-ingressgateway.istio-system.svc.cluster.local.
string registry_service_name = 1;
// IP address or externally resolvable DNS address associated with the gateway.
string address = 2;
}
// The port associated with the gateway.
uint32 port = 3 [(google.api.field_behavior) = REQUIRED];
// The locality associated with an explicitly specified gateway (i.e. ip)
string locality = 4;
}
// Set of gateways associated with the network.
repeated IstioNetworkGateway gateways = 3 [(google.api.field_behavior) = REQUIRED];
}
// MeshNetworks (config map) provides information about the set of networks
// inside a mesh and how to route to endpoints in each network. For example
//
// MeshNetworks(file/config map):
//
// ```yaml
// networks:
// network1:
// endpoints:
// - fromRegistry: registry1 #must match kubeconfig name in Kubernetes secret
// - fromCidr: 192.168.100.0/22 #a VM network for example
// gateways:
// - registryServiceName: istio-ingressgateway.istio-system.svc.cluster.local
// port: 15443
// locality: us-east-1a
// - address: 192.168.100.1
// port: 15443
// locality: us-east-1a
// ```
//
message MeshNetworks {
// The set of networks inside this mesh. Each network should
// have a unique name and information about how to infer the endpoints in
// the network as well as the gateways associated with the network.
map<string, Network> networks = 1 [(google.api.field_behavior) = REQUIRED];
}