From 08e7fdc80168b9a28600f33706e81e892e43a1b7 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 10 Feb 2025 06:44:46 +0000 Subject: [PATCH 1/2] [release-v1.17][gomod]: Bump istio.io/api Bumps [istio.io/api](https://github.com/istio/api) from 0.0.0-20221208070204-0528cb6ce63b to 1.25.0-alpha.0. - [Commits](https://github.com/istio/api/commits/1.25.0-alpha.0) --- updated-dependencies: - dependency-name: istio.io/api dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] --- go.mod | 6 +- go.sum | 12 +- .../v2/internal/httprule/BUILD.bazel | 35 + .../grpc-gateway/v2/runtime/BUILD.bazel | 97 + .../grpc-gateway/v2/utilities/BUILD.bazel | 31 + .../googleapis/api/annotations/client.pb.go | 707 ++-- .../googleapis/api/httpbody/httpbody.pb.go | 6 +- vendor/istio.io/api/LICENSE | 2 +- .../api/analysis/v1alpha1/message.gen.json | 121 - .../api/analysis/v1alpha1/message.pb.go | 138 +- .../api/analysis/v1alpha1/message.pb.html | 306 +- .../analysis/v1alpha1/message_deepcopy.gen.go | 2 +- .../api/meta/v1alpha1/status.gen.json | 106 - .../istio.io/api/meta/v1alpha1/status.pb.go | 79 +- .../istio.io/api/meta/v1alpha1/status.pb.html | 111 +- .../istio.io/api/meta/v1alpha1/status.proto | 10 +- .../api/meta/v1alpha1/status_deepcopy.gen.go | 2 +- .../destination_rule.pb.go | 2236 ++++++------- .../v1alpha3/destination_rule.pb.html | 1876 +++++++++++ .../destination_rule.proto | 524 ++- .../destination_rule_deepcopy.gen.go | 46 +- .../destination_rule_json.gen.go | 24 +- .../networking/v1alpha3/envoy_filter.pb.go | 2215 +++++++++++++ .../networking/v1alpha3/envoy_filter.pb.html | 1411 ++++++++ .../networking/v1alpha3/envoy_filter.proto | 893 ++++++ .../v1alpha3/envoy_filter_deepcopy.gen.go | 279 ++ .../v1alpha3/envoy_filter_json.gen.go | 155 + .../{v1beta1 => v1alpha3}/gateway.pb.go | 754 ++--- .../api/networking/v1alpha3/gateway.pb.html | 728 +++++ .../{v1beta1 => v1alpha3}/gateway.proto | 331 +- .../gateway_deepcopy.gen.go | 4 +- .../{v1beta1 => v1alpha3}/gateway_json.gen.go | 2 +- .../{v1beta1 => v1alpha3}/service_entry.pb.go | 966 +++--- .../networking/v1alpha3/service_entry.pb.html | 754 +++++ .../{v1beta1 => v1alpha3}/service_entry.proto | 524 +-- .../v1alpha3/service_entry_deepcopy.gen.go | 90 + .../v1alpha3/service_entry_json.gen.go | 56 + .../api/networking/v1alpha3/sidecar.pb.go | 1271 ++++++++ .../api/networking/v1alpha3/sidecar.pb.html | 764 +++++ .../{v1beta1 => v1alpha3}/sidecar.proto | 397 ++- .../sidecar_deepcopy.gen.go | 25 +- .../{v1beta1 => v1alpha3}/sidecar_json.gen.go | 13 +- .../virtual_service.pb.go | 2843 ++++++----------- .../v1alpha3/virtual_service.pb.html | 2414 ++++++++++++++ .../virtual_service.proto | 828 +---- .../virtual_service_deepcopy.gen.go | 46 +- .../virtual_service_json.gen.go | 24 +- .../workload_entry.pb.go | 303 +- .../v1alpha3/workload_entry.pb.html | 240 ++ .../workload_entry.proto | 153 +- .../workload_entry_deepcopy.gen.go | 4 +- .../workload_entry_json.gen.go | 2 +- .../networking/v1alpha3/workload_group.pb.go | 909 ++++++ .../workload_group.pb.html | 288 +- .../workload_group.proto | 48 +- .../workload_group_deepcopy.gen.go | 25 +- .../workload_group_json.gen.go | 13 +- .../v1beta1/destination_rule.gen.json | 679 ---- .../v1beta1/destination_rule_alias.gen.go | 472 +++ .../api/networking/v1beta1/gateway.gen.json | 168 - .../networking/v1beta1/gateway_alias.gen.go | 169 + .../networking/v1beta1/proxy_config.gen.json | 58 - .../api/networking/v1beta1/proxy_config.pb.go | 61 +- .../networking/v1beta1/proxy_config.pb.html | 52 +- .../api/networking/v1beta1/proxy_config.proto | 15 +- .../v1beta1/proxy_config_deepcopy.gen.go | 2 +- .../networking/v1beta1/service_entry.gen.json | 161 - .../v1beta1/service_entry_alias.gen.go | 108 + .../v1beta1/service_entry_deepcopy.gen.go | 27 - .../v1beta1/service_entry_json.gen.go | 23 - .../api/networking/v1beta1/sidecar.gen.json | 257 -- .../api/networking/v1beta1/sidecar.pb.go | 1243 ------- .../networking/v1beta1/sidecar_alias.gen.go | 85 + .../v1beta1/virtual_service.gen.json | 914 ------ .../v1beta1/virtual_service_alias.gen.go | 869 +++++ .../v1beta1/workload_entry.gen.json | 51 - .../v1beta1/workload_entry_alias.gen.go | 33 + .../v1beta1/workload_group.gen.json | 250 -- .../networking/v1beta1/workload_group.pb.go | 918 ------ .../v1beta1/workload_group_alias.gen.go | 56 + .../api/type/v1beta1/selector.gen.json | 44 - .../istio.io/api/type/v1beta1/selector.pb.go | 235 +- .../api/type/v1beta1/selector.pb.html | 108 +- .../istio.io/api/type/v1beta1/selector.proto | 71 +- .../api/type/v1beta1/selector_deepcopy.gen.go | 23 +- .../api/type/v1beta1/selector_json.gen.go | 11 + .../k8s.io/apimachinery/pkg/api/errors/OWNERS | 16 + .../k8s.io/apimachinery/pkg/api/meta/OWNERS | 14 + .../apimachinery/pkg/api/resource/OWNERS | 10 + .../apimachinery/pkg/api/validation/OWNERS | 11 + .../apimachinery/pkg/apis/meta/v1/OWNERS | 16 + .../apimachinery/pkg/util/mergepatch/OWNERS | 6 + .../pkg/util/strategicpatch/OWNERS | 9 + .../apimachinery/pkg/util/validation/OWNERS | 11 + .../third_party/forked/golang/json/OWNERS | 6 + .../client-go/applyconfigurations/OWNERS | 5 + vendor/k8s.io/client-go/openapi/OWNERS | 4 + .../pkg/apis/clientauthentication/OWNERS | 8 + vendor/k8s.io/client-go/rest/OWNERS | 14 + vendor/k8s.io/client-go/tools/auth/OWNERS | 8 + vendor/k8s.io/client-go/tools/cache/OWNERS | 28 + .../client-go/tools/leaderelection/OWNERS | 11 + vendor/k8s.io/client-go/tools/metrics/OWNERS | 5 + vendor/k8s.io/client-go/tools/record/OWNERS | 6 + vendor/k8s.io/client-go/transport/OWNERS | 8 + vendor/k8s.io/client-go/util/cert/OWNERS | 8 + vendor/k8s.io/client-go/util/keyutil/OWNERS | 6 + vendor/k8s.io/client-go/util/retry/OWNERS | 4 + vendor/k8s.io/code-generator/OWNERS | 16 + .../code-generator/cmd/client-gen/OWNERS | 11 + .../code-generator/cmd/go-to-protobuf/OWNERS | 6 + vendor/k8s.io/klog/v2/OWNERS | 16 + .../kube-openapi/pkg/generators/rules/OWNERS | 4 + .../k8s.io/kube-openapi/pkg/util/proto/OWNERS | 2 + vendor/k8s.io/utils/pointer/OWNERS | 10 + vendor/k8s.io/utils/ptr/OWNERS | 10 + vendor/knative.dev/hack/OWNERS | 8 + vendor/knative.dev/hack/OWNERS_ALIASES | 144 + vendor/knative.dev/pkg/apis/OWNERS | 15 + vendor/knative.dev/pkg/apis/duck/OWNERS | 8 + vendor/knative.dev/pkg/controller/OWNERS | 7 + vendor/knative.dev/pkg/reconciler/OWNERS | 7 + vendor/knative.dev/pkg/webhook/OWNERS | 7 + vendor/modules.txt | 9 +- vendor/sigs.k8s.io/json/OWNERS | 6 + vendor/sigs.k8s.io/yaml/OWNERS | 23 + vendor/sigs.k8s.io/yaml/goyaml.v2/OWNERS | 24 + 127 files changed, 21621 insertions(+), 12338 deletions(-) create mode 100644 vendor/github.com/grpc-ecosystem/grpc-gateway/v2/internal/httprule/BUILD.bazel create mode 100644 vendor/github.com/grpc-ecosystem/grpc-gateway/v2/runtime/BUILD.bazel create mode 100644 vendor/github.com/grpc-ecosystem/grpc-gateway/v2/utilities/BUILD.bazel delete mode 100644 vendor/istio.io/api/analysis/v1alpha1/message.gen.json delete mode 100644 vendor/istio.io/api/meta/v1alpha1/status.gen.json rename vendor/istio.io/api/networking/{v1beta1 => v1alpha3}/destination_rule.pb.go (54%) create mode 100644 vendor/istio.io/api/networking/v1alpha3/destination_rule.pb.html rename vendor/istio.io/api/networking/{v1beta1 => v1alpha3}/destination_rule.proto (77%) rename vendor/istio.io/api/networking/{v1beta1 => v1alpha3}/destination_rule_deepcopy.gen.go (90%) rename vendor/istio.io/api/networking/{v1beta1 => v1alpha3}/destination_rule_json.gen.go (91%) create mode 100644 vendor/istio.io/api/networking/v1alpha3/envoy_filter.pb.go create mode 100644 vendor/istio.io/api/networking/v1alpha3/envoy_filter.pb.html create mode 100644 vendor/istio.io/api/networking/v1alpha3/envoy_filter.proto create mode 100644 vendor/istio.io/api/networking/v1alpha3/envoy_filter_deepcopy.gen.go create mode 100644 vendor/istio.io/api/networking/v1alpha3/envoy_filter_json.gen.go rename vendor/istio.io/api/networking/{v1beta1 => v1alpha3}/gateway.pb.go (54%) create mode 100644 vendor/istio.io/api/networking/v1alpha3/gateway.pb.html rename vendor/istio.io/api/networking/{v1beta1 => v1alpha3}/gateway.proto (70%) rename vendor/istio.io/api/networking/{v1beta1 => v1alpha3}/gateway_deepcopy.gen.go (97%) rename vendor/istio.io/api/networking/{v1beta1 => v1alpha3}/gateway_json.gen.go (99%) rename vendor/istio.io/api/networking/{v1beta1 => v1alpha3}/service_entry.pb.go (52%) create mode 100644 vendor/istio.io/api/networking/v1alpha3/service_entry.pb.html rename vendor/istio.io/api/networking/{v1beta1 => v1alpha3}/service_entry.proto (65%) create mode 100644 vendor/istio.io/api/networking/v1alpha3/service_entry_deepcopy.gen.go create mode 100644 vendor/istio.io/api/networking/v1alpha3/service_entry_json.gen.go create mode 100644 vendor/istio.io/api/networking/v1alpha3/sidecar.pb.go create mode 100644 vendor/istio.io/api/networking/v1alpha3/sidecar.pb.html rename vendor/istio.io/api/networking/{v1beta1 => v1alpha3}/sidecar.proto (67%) rename vendor/istio.io/api/networking/{v1beta1 => v1alpha3}/sidecar_deepcopy.gen.go (83%) rename vendor/istio.io/api/networking/{v1beta1 => v1alpha3}/sidecar_json.gen.go (85%) rename vendor/istio.io/api/networking/{v1beta1 => v1alpha3}/virtual_service.pb.go (55%) create mode 100644 vendor/istio.io/api/networking/v1alpha3/virtual_service.pb.html rename vendor/istio.io/api/networking/{v1beta1 => v1alpha3}/virtual_service.proto (74%) rename vendor/istio.io/api/networking/{v1beta1 => v1alpha3}/virtual_service_deepcopy.gen.go (92%) rename vendor/istio.io/api/networking/{v1beta1 => v1alpha3}/virtual_service_json.gen.go (92%) rename vendor/istio.io/api/networking/{v1beta1 => v1alpha3}/workload_entry.pb.go (56%) create mode 100644 vendor/istio.io/api/networking/v1alpha3/workload_entry.pb.html rename vendor/istio.io/api/networking/{v1beta1 => v1alpha3}/workload_entry.proto (73%) rename vendor/istio.io/api/networking/{v1beta1 => v1alpha3}/workload_entry_deepcopy.gen.go (92%) rename vendor/istio.io/api/networking/{v1beta1 => v1alpha3}/workload_entry_json.gen.go (97%) create mode 100644 vendor/istio.io/api/networking/v1alpha3/workload_group.pb.go rename vendor/istio.io/api/networking/{v1beta1 => v1alpha3}/workload_group.pb.html (59%) rename vendor/istio.io/api/networking/{v1beta1 => v1alpha3}/workload_group.proto (81%) rename vendor/istio.io/api/networking/{v1beta1 => v1alpha3}/workload_group_deepcopy.gen.go (86%) rename vendor/istio.io/api/networking/{v1beta1 => v1alpha3}/workload_group_json.gen.go (87%) delete mode 100644 vendor/istio.io/api/networking/v1beta1/destination_rule.gen.json create mode 100644 vendor/istio.io/api/networking/v1beta1/destination_rule_alias.gen.go delete mode 100644 vendor/istio.io/api/networking/v1beta1/gateway.gen.json create mode 100644 vendor/istio.io/api/networking/v1beta1/gateway_alias.gen.go delete mode 100644 vendor/istio.io/api/networking/v1beta1/proxy_config.gen.json delete mode 100644 vendor/istio.io/api/networking/v1beta1/service_entry.gen.json create mode 100644 vendor/istio.io/api/networking/v1beta1/service_entry_alias.gen.go delete mode 100644 vendor/istio.io/api/networking/v1beta1/service_entry_deepcopy.gen.go delete mode 100644 vendor/istio.io/api/networking/v1beta1/service_entry_json.gen.go delete mode 100644 vendor/istio.io/api/networking/v1beta1/sidecar.gen.json delete mode 100644 vendor/istio.io/api/networking/v1beta1/sidecar.pb.go create mode 100644 vendor/istio.io/api/networking/v1beta1/sidecar_alias.gen.go delete mode 100644 vendor/istio.io/api/networking/v1beta1/virtual_service.gen.json create mode 100644 vendor/istio.io/api/networking/v1beta1/virtual_service_alias.gen.go delete mode 100644 vendor/istio.io/api/networking/v1beta1/workload_entry.gen.json create mode 100644 vendor/istio.io/api/networking/v1beta1/workload_entry_alias.gen.go delete mode 100644 vendor/istio.io/api/networking/v1beta1/workload_group.gen.json delete mode 100644 vendor/istio.io/api/networking/v1beta1/workload_group.pb.go create mode 100644 vendor/istio.io/api/networking/v1beta1/workload_group_alias.gen.go delete mode 100644 vendor/istio.io/api/type/v1beta1/selector.gen.json create mode 100644 vendor/k8s.io/apimachinery/pkg/api/errors/OWNERS create mode 100644 vendor/k8s.io/apimachinery/pkg/api/meta/OWNERS create mode 100644 vendor/k8s.io/apimachinery/pkg/api/resource/OWNERS create mode 100644 vendor/k8s.io/apimachinery/pkg/api/validation/OWNERS create mode 100644 vendor/k8s.io/apimachinery/pkg/apis/meta/v1/OWNERS create mode 100644 vendor/k8s.io/apimachinery/pkg/util/mergepatch/OWNERS create mode 100644 vendor/k8s.io/apimachinery/pkg/util/strategicpatch/OWNERS create mode 100644 vendor/k8s.io/apimachinery/pkg/util/validation/OWNERS create mode 100644 vendor/k8s.io/apimachinery/third_party/forked/golang/json/OWNERS create mode 100644 vendor/k8s.io/client-go/applyconfigurations/OWNERS create mode 100644 vendor/k8s.io/client-go/openapi/OWNERS create mode 100644 vendor/k8s.io/client-go/pkg/apis/clientauthentication/OWNERS create mode 100644 vendor/k8s.io/client-go/rest/OWNERS create mode 100644 vendor/k8s.io/client-go/tools/auth/OWNERS create mode 100644 vendor/k8s.io/client-go/tools/cache/OWNERS create mode 100644 vendor/k8s.io/client-go/tools/leaderelection/OWNERS create mode 100644 vendor/k8s.io/client-go/tools/metrics/OWNERS create mode 100644 vendor/k8s.io/client-go/tools/record/OWNERS create mode 100644 vendor/k8s.io/client-go/transport/OWNERS create mode 100644 vendor/k8s.io/client-go/util/cert/OWNERS create mode 100644 vendor/k8s.io/client-go/util/keyutil/OWNERS create mode 100644 vendor/k8s.io/client-go/util/retry/OWNERS create mode 100644 vendor/k8s.io/code-generator/OWNERS create mode 100644 vendor/k8s.io/code-generator/cmd/client-gen/OWNERS create mode 100644 vendor/k8s.io/code-generator/cmd/go-to-protobuf/OWNERS create mode 100644 vendor/k8s.io/klog/v2/OWNERS create mode 100644 vendor/k8s.io/kube-openapi/pkg/generators/rules/OWNERS create mode 100644 vendor/k8s.io/kube-openapi/pkg/util/proto/OWNERS create mode 100644 vendor/k8s.io/utils/pointer/OWNERS create mode 100644 vendor/k8s.io/utils/ptr/OWNERS create mode 100644 vendor/knative.dev/hack/OWNERS create mode 100644 vendor/knative.dev/hack/OWNERS_ALIASES create mode 100644 vendor/knative.dev/pkg/apis/OWNERS create mode 100644 vendor/knative.dev/pkg/apis/duck/OWNERS create mode 100644 vendor/knative.dev/pkg/controller/OWNERS create mode 100644 vendor/knative.dev/pkg/reconciler/OWNERS create mode 100644 vendor/knative.dev/pkg/webhook/OWNERS create mode 100644 vendor/sigs.k8s.io/json/OWNERS create mode 100644 vendor/sigs.k8s.io/yaml/OWNERS create mode 100644 vendor/sigs.k8s.io/yaml/goyaml.v2/OWNERS diff --git a/go.mod b/go.mod index b94ddebd5..381d9a866 100644 --- a/go.mod +++ b/go.mod @@ -7,7 +7,7 @@ require ( github.com/hashicorp/golang-lru v1.0.2 go.uber.org/zap v1.27.0 google.golang.org/protobuf v1.36.2 - istio.io/api v0.0.0-20221208070204-0528cb6ce63b + istio.io/api v1.25.0-alpha.0 istio.io/client-go v1.16.1 k8s.io/api v0.31.4 k8s.io/apimachinery v0.31.4 @@ -73,8 +73,8 @@ require ( golang.org/x/tools v0.29.0 // indirect gomodules.xyz/jsonpatch/v2 v2.4.0 // indirect google.golang.org/api v0.183.0 // indirect - google.golang.org/genproto/googleapis/api v0.0.0-20241015192408-796eee8c2d53 // indirect - google.golang.org/genproto/googleapis/rpc v0.0.0-20241015192408-796eee8c2d53 // indirect + google.golang.org/genproto/googleapis/api v0.0.0-20241209162323-e6fa225c2576 // indirect + google.golang.org/genproto/googleapis/rpc v0.0.0-20241209162323-e6fa225c2576 // indirect google.golang.org/grpc v1.69.2 // indirect gopkg.in/evanphx/json-patch.v4 v4.12.0 // indirect gopkg.in/inf.v0 v0.9.1 // indirect diff --git a/go.sum b/go.sum index 3c3dcd91e..6f7ed4164 100644 --- a/go.sum +++ b/go.sum @@ -613,10 +613,10 @@ google.golang.org/genproto v0.0.0-20200618031413-b414f8b61790/go.mod h1:jDfRM7Fc google.golang.org/genproto v0.0.0-20200729003335-053ba62fc06f/go.mod h1:FWY/as6DDZQgahTzZj3fqbO1CbirC29ZNUFHwi0/+no= google.golang.org/genproto v0.0.0-20200804131852-c06518451d9c/go.mod h1:FWY/as6DDZQgahTzZj3fqbO1CbirC29ZNUFHwi0/+no= google.golang.org/genproto v0.0.0-20200825200019-8632dd797987/go.mod h1:FWY/as6DDZQgahTzZj3fqbO1CbirC29ZNUFHwi0/+no= -google.golang.org/genproto/googleapis/api v0.0.0-20241015192408-796eee8c2d53 h1:fVoAXEKA4+yufmbdVYv+SE73+cPZbbbe8paLsHfkK+U= -google.golang.org/genproto/googleapis/api v0.0.0-20241015192408-796eee8c2d53/go.mod h1:riSXTwQ4+nqmPGtobMFyW5FqVAmIs0St6VPp4Ug7CE4= -google.golang.org/genproto/googleapis/rpc v0.0.0-20241015192408-796eee8c2d53 h1:X58yt85/IXCx0Y3ZwN6sEIKZzQtDEYaBWrDvErdXrRE= -google.golang.org/genproto/googleapis/rpc v0.0.0-20241015192408-796eee8c2d53/go.mod h1:GX3210XPVPUjJbTUbvwI8f2IpZDMZuPJWDzDuebbviI= +google.golang.org/genproto/googleapis/api v0.0.0-20241209162323-e6fa225c2576 h1:CkkIfIt50+lT6NHAVoRYEyAvQGFM7xEwXUUywFvEb3Q= +google.golang.org/genproto/googleapis/api v0.0.0-20241209162323-e6fa225c2576/go.mod h1:1R3kvZ1dtP3+4p4d3G8uJ8rFk/fWlScl38vanWACI08= +google.golang.org/genproto/googleapis/rpc v0.0.0-20241209162323-e6fa225c2576 h1:8ZmaLZE4XWrtU3MyClkYqqtl6Oegr3235h7jxsDyqCY= +google.golang.org/genproto/googleapis/rpc v0.0.0-20241209162323-e6fa225c2576/go.mod h1:5uTbfoYQed2U9p3KIj2/Zzm02PYhndfdmML0qC3q3FU= google.golang.org/grpc v1.19.0/go.mod h1:mqu4LbDTu4XGKhr4mRzUsmM4RtVoemTSY81AxZiDr8c= google.golang.org/grpc v1.20.1/go.mod h1:10oTOabMzJvdu6/UiuZezV6QK5dSlG84ov/aaiqXj38= google.golang.org/grpc v1.21.1/go.mod h1:oYelfM1adQP15Ek0mdvEgi9Df8B9CZIaU1084ijfRaM= @@ -678,8 +678,8 @@ honnef.co/go/tools v0.0.0-20190523083050-ea95bdfd59fc/go.mod h1:rf3lG4BRIbNafJWh honnef.co/go/tools v0.0.1-2019.2.3/go.mod h1:a3bituU0lyd329TUQxRnasdCoJDkEUEAqEt0JzvZhAg= honnef.co/go/tools v0.0.1-2020.1.3/go.mod h1:X/FiERA/W4tHapMX5mGpAtMSVEeEUOyHaw9vFzvIQ3k= honnef.co/go/tools v0.0.1-2020.1.4/go.mod h1:X/FiERA/W4tHapMX5mGpAtMSVEeEUOyHaw9vFzvIQ3k= -istio.io/api v0.0.0-20221208070204-0528cb6ce63b h1:pVcDWtdJYwrI79dLtj4x9tO3uF3o5Ye+Xd+KOlVnyqQ= -istio.io/api v0.0.0-20221208070204-0528cb6ce63b/go.mod h1:hQkF0Q19MCmfOTre/Sg4KvrwwETq45oaFplnBm2p4j8= +istio.io/api v1.25.0-alpha.0 h1:vkyBNDufUUhvuJFy9wdVsmcUzLHSQXoe6wPiZZiDaT0= +istio.io/api v1.25.0-alpha.0/go.mod h1:QFzEXv/IT582T0FHZVp1QoolvE4ws0zz/vVO55blmlE= istio.io/client-go v1.16.1 h1:xkCpqOL3KbuZINRcSlBqJzN+hB5Ov/Q1LsRpsyAkhI8= istio.io/client-go v1.16.1/go.mod h1:NT96qrYnZ7AcuKnuknH/3GI+tv9Qm6VhC2ZX2vRaKeg= k8s.io/api v0.31.4 h1:I2QNzitPVsPeLQvexMEsj945QumYraqv9m74isPDKhM= diff --git a/vendor/github.com/grpc-ecosystem/grpc-gateway/v2/internal/httprule/BUILD.bazel b/vendor/github.com/grpc-ecosystem/grpc-gateway/v2/internal/httprule/BUILD.bazel new file mode 100644 index 000000000..b8fbb2b77 --- /dev/null +++ b/vendor/github.com/grpc-ecosystem/grpc-gateway/v2/internal/httprule/BUILD.bazel @@ -0,0 +1,35 @@ +load("@io_bazel_rules_go//go:def.bzl", "go_library", "go_test") + +package(default_visibility = ["//visibility:public"]) + +go_library( + name = "httprule", + srcs = [ + "compile.go", + "parse.go", + "types.go", + ], + importpath = "github.com/grpc-ecosystem/grpc-gateway/v2/internal/httprule", + deps = ["//utilities"], +) + +go_test( + name = "httprule_test", + size = "small", + srcs = [ + "compile_test.go", + "parse_test.go", + "types_test.go", + ], + embed = [":httprule"], + deps = [ + "//utilities", + "@org_golang_google_grpc//grpclog", + ], +) + +alias( + name = "go_default_library", + actual = ":httprule", + visibility = ["//:__subpackages__"], +) diff --git a/vendor/github.com/grpc-ecosystem/grpc-gateway/v2/runtime/BUILD.bazel b/vendor/github.com/grpc-ecosystem/grpc-gateway/v2/runtime/BUILD.bazel new file mode 100644 index 000000000..a65d88eb8 --- /dev/null +++ b/vendor/github.com/grpc-ecosystem/grpc-gateway/v2/runtime/BUILD.bazel @@ -0,0 +1,97 @@ +load("@io_bazel_rules_go//go:def.bzl", "go_library", "go_test") + +package(default_visibility = ["//visibility:public"]) + +go_library( + name = "runtime", + srcs = [ + "context.go", + "convert.go", + "doc.go", + "errors.go", + "fieldmask.go", + "handler.go", + "marshal_httpbodyproto.go", + "marshal_json.go", + "marshal_jsonpb.go", + "marshal_proto.go", + "marshaler.go", + "marshaler_registry.go", + "mux.go", + "pattern.go", + "proto2_convert.go", + "query.go", + ], + importpath = "github.com/grpc-ecosystem/grpc-gateway/v2/runtime", + deps = [ + "//internal/httprule", + "//utilities", + "@org_golang_google_genproto_googleapis_api//httpbody", + "@org_golang_google_grpc//codes", + "@org_golang_google_grpc//grpclog", + "@org_golang_google_grpc//health/grpc_health_v1", + "@org_golang_google_grpc//metadata", + "@org_golang_google_grpc//status", + "@org_golang_google_protobuf//encoding/protojson", + "@org_golang_google_protobuf//proto", + "@org_golang_google_protobuf//reflect/protoreflect", + "@org_golang_google_protobuf//reflect/protoregistry", + "@org_golang_google_protobuf//types/known/durationpb", + "@org_golang_google_protobuf//types/known/fieldmaskpb", + "@org_golang_google_protobuf//types/known/structpb", + "@org_golang_google_protobuf//types/known/timestamppb", + "@org_golang_google_protobuf//types/known/wrapperspb", + ], +) + +go_test( + name = "runtime_test", + size = "small", + srcs = [ + "context_test.go", + "convert_test.go", + "errors_test.go", + "fieldmask_test.go", + "handler_test.go", + "marshal_httpbodyproto_test.go", + "marshal_json_test.go", + "marshal_jsonpb_test.go", + "marshal_proto_test.go", + "marshaler_registry_test.go", + "mux_internal_test.go", + "mux_test.go", + "pattern_test.go", + "query_fuzz_test.go", + "query_test.go", + ], + embed = [":runtime"], + deps = [ + "//runtime/internal/examplepb", + "//utilities", + "@com_github_google_go_cmp//cmp", + "@com_github_google_go_cmp//cmp/cmpopts", + "@org_golang_google_genproto_googleapis_api//httpbody", + "@org_golang_google_genproto_googleapis_rpc//errdetails", + "@org_golang_google_genproto_googleapis_rpc//status", + "@org_golang_google_grpc//:grpc", + "@org_golang_google_grpc//codes", + "@org_golang_google_grpc//health/grpc_health_v1", + "@org_golang_google_grpc//metadata", + "@org_golang_google_grpc//status", + "@org_golang_google_protobuf//encoding/protojson", + "@org_golang_google_protobuf//proto", + "@org_golang_google_protobuf//testing/protocmp", + "@org_golang_google_protobuf//types/known/durationpb", + "@org_golang_google_protobuf//types/known/emptypb", + "@org_golang_google_protobuf//types/known/fieldmaskpb", + "@org_golang_google_protobuf//types/known/structpb", + "@org_golang_google_protobuf//types/known/timestamppb", + "@org_golang_google_protobuf//types/known/wrapperspb", + ], +) + +alias( + name = "go_default_library", + actual = ":runtime", + visibility = ["//visibility:public"], +) diff --git a/vendor/github.com/grpc-ecosystem/grpc-gateway/v2/utilities/BUILD.bazel b/vendor/github.com/grpc-ecosystem/grpc-gateway/v2/utilities/BUILD.bazel new file mode 100644 index 000000000..b89409465 --- /dev/null +++ b/vendor/github.com/grpc-ecosystem/grpc-gateway/v2/utilities/BUILD.bazel @@ -0,0 +1,31 @@ +load("@io_bazel_rules_go//go:def.bzl", "go_library", "go_test") + +package(default_visibility = ["//visibility:public"]) + +go_library( + name = "utilities", + srcs = [ + "doc.go", + "pattern.go", + "readerfactory.go", + "string_array_flag.go", + "trie.go", + ], + importpath = "github.com/grpc-ecosystem/grpc-gateway/v2/utilities", +) + +go_test( + name = "utilities_test", + size = "small", + srcs = [ + "string_array_flag_test.go", + "trie_test.go", + ], + deps = [":utilities"], +) + +alias( + name = "go_default_library", + actual = ":utilities", + visibility = ["//visibility:public"], +) diff --git a/vendor/google.golang.org/genproto/googleapis/api/annotations/client.pb.go b/vendor/google.golang.org/genproto/googleapis/api/annotations/client.pb.go index aa69fb4d5..4a9fce53c 100644 --- a/vendor/google.golang.org/genproto/googleapis/api/annotations/client.pb.go +++ b/vendor/google.golang.org/genproto/googleapis/api/annotations/client.pb.go @@ -180,6 +180,8 @@ type CommonLanguageSettings struct { ReferenceDocsUri string `protobuf:"bytes,1,opt,name=reference_docs_uri,json=referenceDocsUri,proto3" json:"reference_docs_uri,omitempty"` // The destination where API teams want this client library to be published. Destinations []ClientLibraryDestination `protobuf:"varint,2,rep,packed,name=destinations,proto3,enum=google.api.ClientLibraryDestination" json:"destinations,omitempty"` + // Configuration for which RPCs should be generated in the GAPIC client. + SelectiveGapicGeneration *SelectiveGapicGeneration `protobuf:"bytes,3,opt,name=selective_gapic_generation,json=selectiveGapicGeneration,proto3" json:"selective_gapic_generation,omitempty"` } func (x *CommonLanguageSettings) Reset() { @@ -229,6 +231,13 @@ func (x *CommonLanguageSettings) GetDestinations() []ClientLibraryDestination { return nil } +func (x *CommonLanguageSettings) GetSelectiveGapicGeneration() *SelectiveGapicGeneration { + if x != nil { + return x.SelectiveGapicGeneration + } + return nil +} + // Details about how and where to publish client libraries. type ClientLibrarySettings struct { state protoimpl.MessageState @@ -984,6 +993,16 @@ type GoSettings struct { // Some settings. Common *CommonLanguageSettings `protobuf:"bytes,1,opt,name=common,proto3" json:"common,omitempty"` + // Map of service names to renamed services. Keys are the package relative + // service names and values are the name to be used for the service client + // and call options. + // + // publishing: + // + // go_settings: + // renamed_services: + // Publisher: TopicAdmin + RenamedServices map[string]string `protobuf:"bytes,2,rep,name=renamed_services,json=renamedServices,proto3" json:"renamed_services,omitempty" protobuf_key:"bytes,1,opt,name=key,proto3" protobuf_val:"bytes,2,opt,name=value,proto3"` } func (x *GoSettings) Reset() { @@ -1025,6 +1044,13 @@ func (x *GoSettings) GetCommon() *CommonLanguageSettings { return nil } +func (x *GoSettings) GetRenamedServices() map[string]string { + if x != nil { + return x.RenamedServices + } + return nil +} + // Describes the generator configuration for a method. type MethodSettings struct { state protoimpl.MessageState @@ -1123,6 +1149,57 @@ func (x *MethodSettings) GetAutoPopulatedFields() []string { return nil } +// This message is used to configure the generation of a subset of the RPCs in +// a service for client libraries. +type SelectiveGapicGeneration struct { + state protoimpl.MessageState + sizeCache protoimpl.SizeCache + unknownFields protoimpl.UnknownFields + + // An allowlist of the fully qualified names of RPCs that should be included + // on public client surfaces. + Methods []string `protobuf:"bytes,1,rep,name=methods,proto3" json:"methods,omitempty"` +} + +func (x *SelectiveGapicGeneration) Reset() { + *x = SelectiveGapicGeneration{} + if protoimpl.UnsafeEnabled { + mi := &file_google_api_client_proto_msgTypes[12] + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + ms.StoreMessageInfo(mi) + } +} + +func (x *SelectiveGapicGeneration) String() string { + return protoimpl.X.MessageStringOf(x) +} + +func (*SelectiveGapicGeneration) ProtoMessage() {} + +func (x *SelectiveGapicGeneration) ProtoReflect() protoreflect.Message { + mi := &file_google_api_client_proto_msgTypes[12] + if protoimpl.UnsafeEnabled && x != nil { + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + if ms.LoadMessageInfo() == nil { + ms.StoreMessageInfo(mi) + } + return ms + } + return mi.MessageOf(x) +} + +// Deprecated: Use SelectiveGapicGeneration.ProtoReflect.Descriptor instead. +func (*SelectiveGapicGeneration) Descriptor() ([]byte, []int) { + return file_google_api_client_proto_rawDescGZIP(), []int{12} +} + +func (x *SelectiveGapicGeneration) GetMethods() []string { + if x != nil { + return x.Methods + } + return nil +} + // Experimental features to be included during client library generation. // These fields will be deprecated once the feature graduates and is enabled // by default. @@ -1136,12 +1213,17 @@ type PythonSettings_ExperimentalFeatures struct { // This feature will be enabled by default 1 month after launching the // feature in preview packages. RestAsyncIoEnabled bool `protobuf:"varint,1,opt,name=rest_async_io_enabled,json=restAsyncIoEnabled,proto3" json:"rest_async_io_enabled,omitempty"` + // Enables generation of protobuf code using new types that are more + // Pythonic which are included in `protobuf>=5.29.x`. This feature will be + // enabled by default 1 month after launching the feature in preview + // packages. + ProtobufPythonicTypesEnabled bool `protobuf:"varint,2,opt,name=protobuf_pythonic_types_enabled,json=protobufPythonicTypesEnabled,proto3" json:"protobuf_pythonic_types_enabled,omitempty"` } func (x *PythonSettings_ExperimentalFeatures) Reset() { *x = PythonSettings_ExperimentalFeatures{} if protoimpl.UnsafeEnabled { - mi := &file_google_api_client_proto_msgTypes[13] + mi := &file_google_api_client_proto_msgTypes[14] ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) ms.StoreMessageInfo(mi) } @@ -1154,7 +1236,7 @@ func (x *PythonSettings_ExperimentalFeatures) String() string { func (*PythonSettings_ExperimentalFeatures) ProtoMessage() {} func (x *PythonSettings_ExperimentalFeatures) ProtoReflect() protoreflect.Message { - mi := &file_google_api_client_proto_msgTypes[13] + mi := &file_google_api_client_proto_msgTypes[14] if protoimpl.UnsafeEnabled && x != nil { ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) if ms.LoadMessageInfo() == nil { @@ -1177,6 +1259,13 @@ func (x *PythonSettings_ExperimentalFeatures) GetRestAsyncIoEnabled() bool { return false } +func (x *PythonSettings_ExperimentalFeatures) GetProtobufPythonicTypesEnabled() bool { + if x != nil { + return x.ProtobufPythonicTypesEnabled + } + return false +} + // Describes settings to use when generating API methods that use the // long-running operation pattern. // All default values below are from those used in the client library @@ -1205,7 +1294,7 @@ type MethodSettings_LongRunning struct { func (x *MethodSettings_LongRunning) Reset() { *x = MethodSettings_LongRunning{} if protoimpl.UnsafeEnabled { - mi := &file_google_api_client_proto_msgTypes[16] + mi := &file_google_api_client_proto_msgTypes[18] ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) ms.StoreMessageInfo(mi) } @@ -1218,7 +1307,7 @@ func (x *MethodSettings_LongRunning) String() string { func (*MethodSettings_LongRunning) ProtoMessage() {} func (x *MethodSettings_LongRunning) ProtoReflect() protoreflect.Message { - mi := &file_google_api_client_proto_msgTypes[16] + mi := &file_google_api_client_proto_msgTypes[18] if protoimpl.UnsafeEnabled && x != nil { ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) if ms.LoadMessageInfo() == nil { @@ -1406,7 +1495,7 @@ var file_google_api_client_proto_rawDesc = []byte{ 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2f, 0x64, 0x65, 0x73, 0x63, 0x72, 0x69, 0x70, 0x74, 0x6f, 0x72, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x1a, 0x1e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2f, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2f, 0x64, 0x75, 0x72, 0x61, 0x74, 0x69, 0x6f, 0x6e, - 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x22, 0x94, 0x01, 0x0a, 0x16, 0x43, 0x6f, 0x6d, 0x6d, 0x6f, + 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x22, 0xf8, 0x01, 0x0a, 0x16, 0x43, 0x6f, 0x6d, 0x6d, 0x6f, 0x6e, 0x4c, 0x61, 0x6e, 0x67, 0x75, 0x61, 0x67, 0x65, 0x53, 0x65, 0x74, 0x74, 0x69, 0x6e, 0x67, 0x73, 0x12, 0x30, 0x0a, 0x12, 0x72, 0x65, 0x66, 0x65, 0x72, 0x65, 0x6e, 0x63, 0x65, 0x5f, 0x64, 0x6f, 0x63, 0x73, 0x5f, 0x75, 0x72, 0x69, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x42, 0x02, 0x18, @@ -1415,251 +1504,275 @@ var file_google_api_client_proto_rawDesc = []byte{ 0x6f, 0x6e, 0x73, 0x18, 0x02, 0x20, 0x03, 0x28, 0x0e, 0x32, 0x24, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x61, 0x70, 0x69, 0x2e, 0x43, 0x6c, 0x69, 0x65, 0x6e, 0x74, 0x4c, 0x69, 0x62, 0x72, 0x61, 0x72, 0x79, 0x44, 0x65, 0x73, 0x74, 0x69, 0x6e, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x52, - 0x0c, 0x64, 0x65, 0x73, 0x74, 0x69, 0x6e, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x73, 0x22, 0x93, 0x05, - 0x0a, 0x15, 0x43, 0x6c, 0x69, 0x65, 0x6e, 0x74, 0x4c, 0x69, 0x62, 0x72, 0x61, 0x72, 0x79, 0x53, - 0x65, 0x74, 0x74, 0x69, 0x6e, 0x67, 0x73, 0x12, 0x18, 0x0a, 0x07, 0x76, 0x65, 0x72, 0x73, 0x69, - 0x6f, 0x6e, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x07, 0x76, 0x65, 0x72, 0x73, 0x69, 0x6f, - 0x6e, 0x12, 0x3a, 0x0a, 0x0c, 0x6c, 0x61, 0x75, 0x6e, 0x63, 0x68, 0x5f, 0x73, 0x74, 0x61, 0x67, - 0x65, 0x18, 0x02, 0x20, 0x01, 0x28, 0x0e, 0x32, 0x17, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, - 0x2e, 0x61, 0x70, 0x69, 0x2e, 0x4c, 0x61, 0x75, 0x6e, 0x63, 0x68, 0x53, 0x74, 0x61, 0x67, 0x65, - 0x52, 0x0b, 0x6c, 0x61, 0x75, 0x6e, 0x63, 0x68, 0x53, 0x74, 0x61, 0x67, 0x65, 0x12, 0x2c, 0x0a, - 0x12, 0x72, 0x65, 0x73, 0x74, 0x5f, 0x6e, 0x75, 0x6d, 0x65, 0x72, 0x69, 0x63, 0x5f, 0x65, 0x6e, - 0x75, 0x6d, 0x73, 0x18, 0x03, 0x20, 0x01, 0x28, 0x08, 0x52, 0x10, 0x72, 0x65, 0x73, 0x74, 0x4e, - 0x75, 0x6d, 0x65, 0x72, 0x69, 0x63, 0x45, 0x6e, 0x75, 0x6d, 0x73, 0x12, 0x3d, 0x0a, 0x0d, 0x6a, - 0x61, 0x76, 0x61, 0x5f, 0x73, 0x65, 0x74, 0x74, 0x69, 0x6e, 0x67, 0x73, 0x18, 0x15, 0x20, 0x01, + 0x0c, 0x64, 0x65, 0x73, 0x74, 0x69, 0x6e, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x73, 0x12, 0x62, 0x0a, + 0x1a, 0x73, 0x65, 0x6c, 0x65, 0x63, 0x74, 0x69, 0x76, 0x65, 0x5f, 0x67, 0x61, 0x70, 0x69, 0x63, + 0x5f, 0x67, 0x65, 0x6e, 0x65, 0x72, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x18, 0x03, 0x20, 0x01, 0x28, + 0x0b, 0x32, 0x24, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x61, 0x70, 0x69, 0x2e, 0x53, + 0x65, 0x6c, 0x65, 0x63, 0x74, 0x69, 0x76, 0x65, 0x47, 0x61, 0x70, 0x69, 0x63, 0x47, 0x65, 0x6e, + 0x65, 0x72, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x52, 0x18, 0x73, 0x65, 0x6c, 0x65, 0x63, 0x74, 0x69, + 0x76, 0x65, 0x47, 0x61, 0x70, 0x69, 0x63, 0x47, 0x65, 0x6e, 0x65, 0x72, 0x61, 0x74, 0x69, 0x6f, + 0x6e, 0x22, 0x93, 0x05, 0x0a, 0x15, 0x43, 0x6c, 0x69, 0x65, 0x6e, 0x74, 0x4c, 0x69, 0x62, 0x72, + 0x61, 0x72, 0x79, 0x53, 0x65, 0x74, 0x74, 0x69, 0x6e, 0x67, 0x73, 0x12, 0x18, 0x0a, 0x07, 0x76, + 0x65, 0x72, 0x73, 0x69, 0x6f, 0x6e, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x07, 0x76, 0x65, + 0x72, 0x73, 0x69, 0x6f, 0x6e, 0x12, 0x3a, 0x0a, 0x0c, 0x6c, 0x61, 0x75, 0x6e, 0x63, 0x68, 0x5f, + 0x73, 0x74, 0x61, 0x67, 0x65, 0x18, 0x02, 0x20, 0x01, 0x28, 0x0e, 0x32, 0x17, 0x2e, 0x67, 0x6f, + 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x61, 0x70, 0x69, 0x2e, 0x4c, 0x61, 0x75, 0x6e, 0x63, 0x68, 0x53, + 0x74, 0x61, 0x67, 0x65, 0x52, 0x0b, 0x6c, 0x61, 0x75, 0x6e, 0x63, 0x68, 0x53, 0x74, 0x61, 0x67, + 0x65, 0x12, 0x2c, 0x0a, 0x12, 0x72, 0x65, 0x73, 0x74, 0x5f, 0x6e, 0x75, 0x6d, 0x65, 0x72, 0x69, + 0x63, 0x5f, 0x65, 0x6e, 0x75, 0x6d, 0x73, 0x18, 0x03, 0x20, 0x01, 0x28, 0x08, 0x52, 0x10, 0x72, + 0x65, 0x73, 0x74, 0x4e, 0x75, 0x6d, 0x65, 0x72, 0x69, 0x63, 0x45, 0x6e, 0x75, 0x6d, 0x73, 0x12, + 0x3d, 0x0a, 0x0d, 0x6a, 0x61, 0x76, 0x61, 0x5f, 0x73, 0x65, 0x74, 0x74, 0x69, 0x6e, 0x67, 0x73, + 0x18, 0x15, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x18, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, + 0x61, 0x70, 0x69, 0x2e, 0x4a, 0x61, 0x76, 0x61, 0x53, 0x65, 0x74, 0x74, 0x69, 0x6e, 0x67, 0x73, + 0x52, 0x0c, 0x6a, 0x61, 0x76, 0x61, 0x53, 0x65, 0x74, 0x74, 0x69, 0x6e, 0x67, 0x73, 0x12, 0x3a, + 0x0a, 0x0c, 0x63, 0x70, 0x70, 0x5f, 0x73, 0x65, 0x74, 0x74, 0x69, 0x6e, 0x67, 0x73, 0x18, 0x16, + 0x20, 0x01, 0x28, 0x0b, 0x32, 0x17, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x61, 0x70, + 0x69, 0x2e, 0x43, 0x70, 0x70, 0x53, 0x65, 0x74, 0x74, 0x69, 0x6e, 0x67, 0x73, 0x52, 0x0b, 0x63, + 0x70, 0x70, 0x53, 0x65, 0x74, 0x74, 0x69, 0x6e, 0x67, 0x73, 0x12, 0x3a, 0x0a, 0x0c, 0x70, 0x68, + 0x70, 0x5f, 0x73, 0x65, 0x74, 0x74, 0x69, 0x6e, 0x67, 0x73, 0x18, 0x17, 0x20, 0x01, 0x28, 0x0b, + 0x32, 0x17, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x61, 0x70, 0x69, 0x2e, 0x50, 0x68, + 0x70, 0x53, 0x65, 0x74, 0x74, 0x69, 0x6e, 0x67, 0x73, 0x52, 0x0b, 0x70, 0x68, 0x70, 0x53, 0x65, + 0x74, 0x74, 0x69, 0x6e, 0x67, 0x73, 0x12, 0x43, 0x0a, 0x0f, 0x70, 0x79, 0x74, 0x68, 0x6f, 0x6e, + 0x5f, 0x73, 0x65, 0x74, 0x74, 0x69, 0x6e, 0x67, 0x73, 0x18, 0x18, 0x20, 0x01, 0x28, 0x0b, 0x32, + 0x1a, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x61, 0x70, 0x69, 0x2e, 0x50, 0x79, 0x74, + 0x68, 0x6f, 0x6e, 0x53, 0x65, 0x74, 0x74, 0x69, 0x6e, 0x67, 0x73, 0x52, 0x0e, 0x70, 0x79, 0x74, + 0x68, 0x6f, 0x6e, 0x53, 0x65, 0x74, 0x74, 0x69, 0x6e, 0x67, 0x73, 0x12, 0x3d, 0x0a, 0x0d, 0x6e, + 0x6f, 0x64, 0x65, 0x5f, 0x73, 0x65, 0x74, 0x74, 0x69, 0x6e, 0x67, 0x73, 0x18, 0x19, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x18, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x61, 0x70, 0x69, 0x2e, - 0x4a, 0x61, 0x76, 0x61, 0x53, 0x65, 0x74, 0x74, 0x69, 0x6e, 0x67, 0x73, 0x52, 0x0c, 0x6a, 0x61, - 0x76, 0x61, 0x53, 0x65, 0x74, 0x74, 0x69, 0x6e, 0x67, 0x73, 0x12, 0x3a, 0x0a, 0x0c, 0x63, 0x70, - 0x70, 0x5f, 0x73, 0x65, 0x74, 0x74, 0x69, 0x6e, 0x67, 0x73, 0x18, 0x16, 0x20, 0x01, 0x28, 0x0b, - 0x32, 0x17, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x61, 0x70, 0x69, 0x2e, 0x43, 0x70, - 0x70, 0x53, 0x65, 0x74, 0x74, 0x69, 0x6e, 0x67, 0x73, 0x52, 0x0b, 0x63, 0x70, 0x70, 0x53, 0x65, - 0x74, 0x74, 0x69, 0x6e, 0x67, 0x73, 0x12, 0x3a, 0x0a, 0x0c, 0x70, 0x68, 0x70, 0x5f, 0x73, 0x65, - 0x74, 0x74, 0x69, 0x6e, 0x67, 0x73, 0x18, 0x17, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x17, 0x2e, 0x67, - 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x61, 0x70, 0x69, 0x2e, 0x50, 0x68, 0x70, 0x53, 0x65, 0x74, - 0x74, 0x69, 0x6e, 0x67, 0x73, 0x52, 0x0b, 0x70, 0x68, 0x70, 0x53, 0x65, 0x74, 0x74, 0x69, 0x6e, - 0x67, 0x73, 0x12, 0x43, 0x0a, 0x0f, 0x70, 0x79, 0x74, 0x68, 0x6f, 0x6e, 0x5f, 0x73, 0x65, 0x74, - 0x74, 0x69, 0x6e, 0x67, 0x73, 0x18, 0x18, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x1a, 0x2e, 0x67, 0x6f, - 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x61, 0x70, 0x69, 0x2e, 0x50, 0x79, 0x74, 0x68, 0x6f, 0x6e, 0x53, - 0x65, 0x74, 0x74, 0x69, 0x6e, 0x67, 0x73, 0x52, 0x0e, 0x70, 0x79, 0x74, 0x68, 0x6f, 0x6e, 0x53, - 0x65, 0x74, 0x74, 0x69, 0x6e, 0x67, 0x73, 0x12, 0x3d, 0x0a, 0x0d, 0x6e, 0x6f, 0x64, 0x65, 0x5f, - 0x73, 0x65, 0x74, 0x74, 0x69, 0x6e, 0x67, 0x73, 0x18, 0x19, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x18, - 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x61, 0x70, 0x69, 0x2e, 0x4e, 0x6f, 0x64, 0x65, - 0x53, 0x65, 0x74, 0x74, 0x69, 0x6e, 0x67, 0x73, 0x52, 0x0c, 0x6e, 0x6f, 0x64, 0x65, 0x53, 0x65, - 0x74, 0x74, 0x69, 0x6e, 0x67, 0x73, 0x12, 0x43, 0x0a, 0x0f, 0x64, 0x6f, 0x74, 0x6e, 0x65, 0x74, - 0x5f, 0x73, 0x65, 0x74, 0x74, 0x69, 0x6e, 0x67, 0x73, 0x18, 0x1a, 0x20, 0x01, 0x28, 0x0b, 0x32, - 0x1a, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x61, 0x70, 0x69, 0x2e, 0x44, 0x6f, 0x74, - 0x6e, 0x65, 0x74, 0x53, 0x65, 0x74, 0x74, 0x69, 0x6e, 0x67, 0x73, 0x52, 0x0e, 0x64, 0x6f, 0x74, - 0x6e, 0x65, 0x74, 0x53, 0x65, 0x74, 0x74, 0x69, 0x6e, 0x67, 0x73, 0x12, 0x3d, 0x0a, 0x0d, 0x72, - 0x75, 0x62, 0x79, 0x5f, 0x73, 0x65, 0x74, 0x74, 0x69, 0x6e, 0x67, 0x73, 0x18, 0x1b, 0x20, 0x01, - 0x28, 0x0b, 0x32, 0x18, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x61, 0x70, 0x69, 0x2e, - 0x52, 0x75, 0x62, 0x79, 0x53, 0x65, 0x74, 0x74, 0x69, 0x6e, 0x67, 0x73, 0x52, 0x0c, 0x72, 0x75, - 0x62, 0x79, 0x53, 0x65, 0x74, 0x74, 0x69, 0x6e, 0x67, 0x73, 0x12, 0x37, 0x0a, 0x0b, 0x67, 0x6f, - 0x5f, 0x73, 0x65, 0x74, 0x74, 0x69, 0x6e, 0x67, 0x73, 0x18, 0x1c, 0x20, 0x01, 0x28, 0x0b, 0x32, - 0x16, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x61, 0x70, 0x69, 0x2e, 0x47, 0x6f, 0x53, - 0x65, 0x74, 0x74, 0x69, 0x6e, 0x67, 0x73, 0x52, 0x0a, 0x67, 0x6f, 0x53, 0x65, 0x74, 0x74, 0x69, - 0x6e, 0x67, 0x73, 0x22, 0xf4, 0x04, 0x0a, 0x0a, 0x50, 0x75, 0x62, 0x6c, 0x69, 0x73, 0x68, 0x69, - 0x6e, 0x67, 0x12, 0x43, 0x0a, 0x0f, 0x6d, 0x65, 0x74, 0x68, 0x6f, 0x64, 0x5f, 0x73, 0x65, 0x74, - 0x74, 0x69, 0x6e, 0x67, 0x73, 0x18, 0x02, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x1a, 0x2e, 0x67, 0x6f, - 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x61, 0x70, 0x69, 0x2e, 0x4d, 0x65, 0x74, 0x68, 0x6f, 0x64, 0x53, - 0x65, 0x74, 0x74, 0x69, 0x6e, 0x67, 0x73, 0x52, 0x0e, 0x6d, 0x65, 0x74, 0x68, 0x6f, 0x64, 0x53, - 0x65, 0x74, 0x74, 0x69, 0x6e, 0x67, 0x73, 0x12, 0x22, 0x0a, 0x0d, 0x6e, 0x65, 0x77, 0x5f, 0x69, - 0x73, 0x73, 0x75, 0x65, 0x5f, 0x75, 0x72, 0x69, 0x18, 0x65, 0x20, 0x01, 0x28, 0x09, 0x52, 0x0b, - 0x6e, 0x65, 0x77, 0x49, 0x73, 0x73, 0x75, 0x65, 0x55, 0x72, 0x69, 0x12, 0x2b, 0x0a, 0x11, 0x64, - 0x6f, 0x63, 0x75, 0x6d, 0x65, 0x6e, 0x74, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x5f, 0x75, 0x72, 0x69, - 0x18, 0x66, 0x20, 0x01, 0x28, 0x09, 0x52, 0x10, 0x64, 0x6f, 0x63, 0x75, 0x6d, 0x65, 0x6e, 0x74, - 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x55, 0x72, 0x69, 0x12, 0x24, 0x0a, 0x0e, 0x61, 0x70, 0x69, 0x5f, - 0x73, 0x68, 0x6f, 0x72, 0x74, 0x5f, 0x6e, 0x61, 0x6d, 0x65, 0x18, 0x67, 0x20, 0x01, 0x28, 0x09, - 0x52, 0x0c, 0x61, 0x70, 0x69, 0x53, 0x68, 0x6f, 0x72, 0x74, 0x4e, 0x61, 0x6d, 0x65, 0x12, 0x21, - 0x0a, 0x0c, 0x67, 0x69, 0x74, 0x68, 0x75, 0x62, 0x5f, 0x6c, 0x61, 0x62, 0x65, 0x6c, 0x18, 0x68, - 0x20, 0x01, 0x28, 0x09, 0x52, 0x0b, 0x67, 0x69, 0x74, 0x68, 0x75, 0x62, 0x4c, 0x61, 0x62, 0x65, - 0x6c, 0x12, 0x34, 0x0a, 0x16, 0x63, 0x6f, 0x64, 0x65, 0x6f, 0x77, 0x6e, 0x65, 0x72, 0x5f, 0x67, - 0x69, 0x74, 0x68, 0x75, 0x62, 0x5f, 0x74, 0x65, 0x61, 0x6d, 0x73, 0x18, 0x69, 0x20, 0x03, 0x28, - 0x09, 0x52, 0x14, 0x63, 0x6f, 0x64, 0x65, 0x6f, 0x77, 0x6e, 0x65, 0x72, 0x47, 0x69, 0x74, 0x68, - 0x75, 0x62, 0x54, 0x65, 0x61, 0x6d, 0x73, 0x12, 0x24, 0x0a, 0x0e, 0x64, 0x6f, 0x63, 0x5f, 0x74, - 0x61, 0x67, 0x5f, 0x70, 0x72, 0x65, 0x66, 0x69, 0x78, 0x18, 0x6a, 0x20, 0x01, 0x28, 0x09, 0x52, - 0x0c, 0x64, 0x6f, 0x63, 0x54, 0x61, 0x67, 0x50, 0x72, 0x65, 0x66, 0x69, 0x78, 0x12, 0x49, 0x0a, - 0x0c, 0x6f, 0x72, 0x67, 0x61, 0x6e, 0x69, 0x7a, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x18, 0x6b, 0x20, - 0x01, 0x28, 0x0e, 0x32, 0x25, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x61, 0x70, 0x69, - 0x2e, 0x43, 0x6c, 0x69, 0x65, 0x6e, 0x74, 0x4c, 0x69, 0x62, 0x72, 0x61, 0x72, 0x79, 0x4f, 0x72, - 0x67, 0x61, 0x6e, 0x69, 0x7a, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x52, 0x0c, 0x6f, 0x72, 0x67, 0x61, - 0x6e, 0x69, 0x7a, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x12, 0x4c, 0x0a, 0x10, 0x6c, 0x69, 0x62, 0x72, - 0x61, 0x72, 0x79, 0x5f, 0x73, 0x65, 0x74, 0x74, 0x69, 0x6e, 0x67, 0x73, 0x18, 0x6d, 0x20, 0x03, - 0x28, 0x0b, 0x32, 0x21, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x61, 0x70, 0x69, 0x2e, - 0x43, 0x6c, 0x69, 0x65, 0x6e, 0x74, 0x4c, 0x69, 0x62, 0x72, 0x61, 0x72, 0x79, 0x53, 0x65, 0x74, - 0x74, 0x69, 0x6e, 0x67, 0x73, 0x52, 0x0f, 0x6c, 0x69, 0x62, 0x72, 0x61, 0x72, 0x79, 0x53, 0x65, - 0x74, 0x74, 0x69, 0x6e, 0x67, 0x73, 0x12, 0x49, 0x0a, 0x21, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x5f, - 0x72, 0x65, 0x66, 0x65, 0x72, 0x65, 0x6e, 0x63, 0x65, 0x5f, 0x64, 0x6f, 0x63, 0x75, 0x6d, 0x65, - 0x6e, 0x74, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x5f, 0x75, 0x72, 0x69, 0x18, 0x6e, 0x20, 0x01, 0x28, - 0x09, 0x52, 0x1e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x52, 0x65, 0x66, 0x65, 0x72, 0x65, 0x6e, 0x63, - 0x65, 0x44, 0x6f, 0x63, 0x75, 0x6d, 0x65, 0x6e, 0x74, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x55, 0x72, - 0x69, 0x12, 0x47, 0x0a, 0x20, 0x72, 0x65, 0x73, 0x74, 0x5f, 0x72, 0x65, 0x66, 0x65, 0x72, 0x65, - 0x6e, 0x63, 0x65, 0x5f, 0x64, 0x6f, 0x63, 0x75, 0x6d, 0x65, 0x6e, 0x74, 0x61, 0x74, 0x69, 0x6f, - 0x6e, 0x5f, 0x75, 0x72, 0x69, 0x18, 0x6f, 0x20, 0x01, 0x28, 0x09, 0x52, 0x1d, 0x72, 0x65, 0x73, - 0x74, 0x52, 0x65, 0x66, 0x65, 0x72, 0x65, 0x6e, 0x63, 0x65, 0x44, 0x6f, 0x63, 0x75, 0x6d, 0x65, - 0x6e, 0x74, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x55, 0x72, 0x69, 0x22, 0x9a, 0x02, 0x0a, 0x0c, 0x4a, - 0x61, 0x76, 0x61, 0x53, 0x65, 0x74, 0x74, 0x69, 0x6e, 0x67, 0x73, 0x12, 0x27, 0x0a, 0x0f, 0x6c, - 0x69, 0x62, 0x72, 0x61, 0x72, 0x79, 0x5f, 0x70, 0x61, 0x63, 0x6b, 0x61, 0x67, 0x65, 0x18, 0x01, - 0x20, 0x01, 0x28, 0x09, 0x52, 0x0e, 0x6c, 0x69, 0x62, 0x72, 0x61, 0x72, 0x79, 0x50, 0x61, 0x63, - 0x6b, 0x61, 0x67, 0x65, 0x12, 0x5f, 0x0a, 0x13, 0x73, 0x65, 0x72, 0x76, 0x69, 0x63, 0x65, 0x5f, - 0x63, 0x6c, 0x61, 0x73, 0x73, 0x5f, 0x6e, 0x61, 0x6d, 0x65, 0x73, 0x18, 0x02, 0x20, 0x03, 0x28, - 0x0b, 0x32, 0x2f, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x61, 0x70, 0x69, 0x2e, 0x4a, - 0x61, 0x76, 0x61, 0x53, 0x65, 0x74, 0x74, 0x69, 0x6e, 0x67, 0x73, 0x2e, 0x53, 0x65, 0x72, 0x76, - 0x69, 0x63, 0x65, 0x43, 0x6c, 0x61, 0x73, 0x73, 0x4e, 0x61, 0x6d, 0x65, 0x73, 0x45, 0x6e, 0x74, - 0x72, 0x79, 0x52, 0x11, 0x73, 0x65, 0x72, 0x76, 0x69, 0x63, 0x65, 0x43, 0x6c, 0x61, 0x73, 0x73, - 0x4e, 0x61, 0x6d, 0x65, 0x73, 0x12, 0x3a, 0x0a, 0x06, 0x63, 0x6f, 0x6d, 0x6d, 0x6f, 0x6e, 0x18, - 0x03, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x22, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x61, + 0x4e, 0x6f, 0x64, 0x65, 0x53, 0x65, 0x74, 0x74, 0x69, 0x6e, 0x67, 0x73, 0x52, 0x0c, 0x6e, 0x6f, + 0x64, 0x65, 0x53, 0x65, 0x74, 0x74, 0x69, 0x6e, 0x67, 0x73, 0x12, 0x43, 0x0a, 0x0f, 0x64, 0x6f, + 0x74, 0x6e, 0x65, 0x74, 0x5f, 0x73, 0x65, 0x74, 0x74, 0x69, 0x6e, 0x67, 0x73, 0x18, 0x1a, 0x20, + 0x01, 0x28, 0x0b, 0x32, 0x1a, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x61, 0x70, 0x69, + 0x2e, 0x44, 0x6f, 0x74, 0x6e, 0x65, 0x74, 0x53, 0x65, 0x74, 0x74, 0x69, 0x6e, 0x67, 0x73, 0x52, + 0x0e, 0x64, 0x6f, 0x74, 0x6e, 0x65, 0x74, 0x53, 0x65, 0x74, 0x74, 0x69, 0x6e, 0x67, 0x73, 0x12, + 0x3d, 0x0a, 0x0d, 0x72, 0x75, 0x62, 0x79, 0x5f, 0x73, 0x65, 0x74, 0x74, 0x69, 0x6e, 0x67, 0x73, + 0x18, 0x1b, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x18, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, + 0x61, 0x70, 0x69, 0x2e, 0x52, 0x75, 0x62, 0x79, 0x53, 0x65, 0x74, 0x74, 0x69, 0x6e, 0x67, 0x73, + 0x52, 0x0c, 0x72, 0x75, 0x62, 0x79, 0x53, 0x65, 0x74, 0x74, 0x69, 0x6e, 0x67, 0x73, 0x12, 0x37, + 0x0a, 0x0b, 0x67, 0x6f, 0x5f, 0x73, 0x65, 0x74, 0x74, 0x69, 0x6e, 0x67, 0x73, 0x18, 0x1c, 0x20, + 0x01, 0x28, 0x0b, 0x32, 0x16, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x61, 0x70, 0x69, + 0x2e, 0x47, 0x6f, 0x53, 0x65, 0x74, 0x74, 0x69, 0x6e, 0x67, 0x73, 0x52, 0x0a, 0x67, 0x6f, 0x53, + 0x65, 0x74, 0x74, 0x69, 0x6e, 0x67, 0x73, 0x22, 0xf4, 0x04, 0x0a, 0x0a, 0x50, 0x75, 0x62, 0x6c, + 0x69, 0x73, 0x68, 0x69, 0x6e, 0x67, 0x12, 0x43, 0x0a, 0x0f, 0x6d, 0x65, 0x74, 0x68, 0x6f, 0x64, + 0x5f, 0x73, 0x65, 0x74, 0x74, 0x69, 0x6e, 0x67, 0x73, 0x18, 0x02, 0x20, 0x03, 0x28, 0x0b, 0x32, + 0x1a, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x61, 0x70, 0x69, 0x2e, 0x4d, 0x65, 0x74, + 0x68, 0x6f, 0x64, 0x53, 0x65, 0x74, 0x74, 0x69, 0x6e, 0x67, 0x73, 0x52, 0x0e, 0x6d, 0x65, 0x74, + 0x68, 0x6f, 0x64, 0x53, 0x65, 0x74, 0x74, 0x69, 0x6e, 0x67, 0x73, 0x12, 0x22, 0x0a, 0x0d, 0x6e, + 0x65, 0x77, 0x5f, 0x69, 0x73, 0x73, 0x75, 0x65, 0x5f, 0x75, 0x72, 0x69, 0x18, 0x65, 0x20, 0x01, + 0x28, 0x09, 0x52, 0x0b, 0x6e, 0x65, 0x77, 0x49, 0x73, 0x73, 0x75, 0x65, 0x55, 0x72, 0x69, 0x12, + 0x2b, 0x0a, 0x11, 0x64, 0x6f, 0x63, 0x75, 0x6d, 0x65, 0x6e, 0x74, 0x61, 0x74, 0x69, 0x6f, 0x6e, + 0x5f, 0x75, 0x72, 0x69, 0x18, 0x66, 0x20, 0x01, 0x28, 0x09, 0x52, 0x10, 0x64, 0x6f, 0x63, 0x75, + 0x6d, 0x65, 0x6e, 0x74, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x55, 0x72, 0x69, 0x12, 0x24, 0x0a, 0x0e, + 0x61, 0x70, 0x69, 0x5f, 0x73, 0x68, 0x6f, 0x72, 0x74, 0x5f, 0x6e, 0x61, 0x6d, 0x65, 0x18, 0x67, + 0x20, 0x01, 0x28, 0x09, 0x52, 0x0c, 0x61, 0x70, 0x69, 0x53, 0x68, 0x6f, 0x72, 0x74, 0x4e, 0x61, + 0x6d, 0x65, 0x12, 0x21, 0x0a, 0x0c, 0x67, 0x69, 0x74, 0x68, 0x75, 0x62, 0x5f, 0x6c, 0x61, 0x62, + 0x65, 0x6c, 0x18, 0x68, 0x20, 0x01, 0x28, 0x09, 0x52, 0x0b, 0x67, 0x69, 0x74, 0x68, 0x75, 0x62, + 0x4c, 0x61, 0x62, 0x65, 0x6c, 0x12, 0x34, 0x0a, 0x16, 0x63, 0x6f, 0x64, 0x65, 0x6f, 0x77, 0x6e, + 0x65, 0x72, 0x5f, 0x67, 0x69, 0x74, 0x68, 0x75, 0x62, 0x5f, 0x74, 0x65, 0x61, 0x6d, 0x73, 0x18, + 0x69, 0x20, 0x03, 0x28, 0x09, 0x52, 0x14, 0x63, 0x6f, 0x64, 0x65, 0x6f, 0x77, 0x6e, 0x65, 0x72, + 0x47, 0x69, 0x74, 0x68, 0x75, 0x62, 0x54, 0x65, 0x61, 0x6d, 0x73, 0x12, 0x24, 0x0a, 0x0e, 0x64, + 0x6f, 0x63, 0x5f, 0x74, 0x61, 0x67, 0x5f, 0x70, 0x72, 0x65, 0x66, 0x69, 0x78, 0x18, 0x6a, 0x20, + 0x01, 0x28, 0x09, 0x52, 0x0c, 0x64, 0x6f, 0x63, 0x54, 0x61, 0x67, 0x50, 0x72, 0x65, 0x66, 0x69, + 0x78, 0x12, 0x49, 0x0a, 0x0c, 0x6f, 0x72, 0x67, 0x61, 0x6e, 0x69, 0x7a, 0x61, 0x74, 0x69, 0x6f, + 0x6e, 0x18, 0x6b, 0x20, 0x01, 0x28, 0x0e, 0x32, 0x25, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, + 0x2e, 0x61, 0x70, 0x69, 0x2e, 0x43, 0x6c, 0x69, 0x65, 0x6e, 0x74, 0x4c, 0x69, 0x62, 0x72, 0x61, + 0x72, 0x79, 0x4f, 0x72, 0x67, 0x61, 0x6e, 0x69, 0x7a, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x52, 0x0c, + 0x6f, 0x72, 0x67, 0x61, 0x6e, 0x69, 0x7a, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x12, 0x4c, 0x0a, 0x10, + 0x6c, 0x69, 0x62, 0x72, 0x61, 0x72, 0x79, 0x5f, 0x73, 0x65, 0x74, 0x74, 0x69, 0x6e, 0x67, 0x73, + 0x18, 0x6d, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x21, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, + 0x61, 0x70, 0x69, 0x2e, 0x43, 0x6c, 0x69, 0x65, 0x6e, 0x74, 0x4c, 0x69, 0x62, 0x72, 0x61, 0x72, + 0x79, 0x53, 0x65, 0x74, 0x74, 0x69, 0x6e, 0x67, 0x73, 0x52, 0x0f, 0x6c, 0x69, 0x62, 0x72, 0x61, + 0x72, 0x79, 0x53, 0x65, 0x74, 0x74, 0x69, 0x6e, 0x67, 0x73, 0x12, 0x49, 0x0a, 0x21, 0x70, 0x72, + 0x6f, 0x74, 0x6f, 0x5f, 0x72, 0x65, 0x66, 0x65, 0x72, 0x65, 0x6e, 0x63, 0x65, 0x5f, 0x64, 0x6f, + 0x63, 0x75, 0x6d, 0x65, 0x6e, 0x74, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x5f, 0x75, 0x72, 0x69, 0x18, + 0x6e, 0x20, 0x01, 0x28, 0x09, 0x52, 0x1e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x52, 0x65, 0x66, 0x65, + 0x72, 0x65, 0x6e, 0x63, 0x65, 0x44, 0x6f, 0x63, 0x75, 0x6d, 0x65, 0x6e, 0x74, 0x61, 0x74, 0x69, + 0x6f, 0x6e, 0x55, 0x72, 0x69, 0x12, 0x47, 0x0a, 0x20, 0x72, 0x65, 0x73, 0x74, 0x5f, 0x72, 0x65, + 0x66, 0x65, 0x72, 0x65, 0x6e, 0x63, 0x65, 0x5f, 0x64, 0x6f, 0x63, 0x75, 0x6d, 0x65, 0x6e, 0x74, + 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x5f, 0x75, 0x72, 0x69, 0x18, 0x6f, 0x20, 0x01, 0x28, 0x09, 0x52, + 0x1d, 0x72, 0x65, 0x73, 0x74, 0x52, 0x65, 0x66, 0x65, 0x72, 0x65, 0x6e, 0x63, 0x65, 0x44, 0x6f, + 0x63, 0x75, 0x6d, 0x65, 0x6e, 0x74, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x55, 0x72, 0x69, 0x22, 0x9a, + 0x02, 0x0a, 0x0c, 0x4a, 0x61, 0x76, 0x61, 0x53, 0x65, 0x74, 0x74, 0x69, 0x6e, 0x67, 0x73, 0x12, + 0x27, 0x0a, 0x0f, 0x6c, 0x69, 0x62, 0x72, 0x61, 0x72, 0x79, 0x5f, 0x70, 0x61, 0x63, 0x6b, 0x61, + 0x67, 0x65, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x0e, 0x6c, 0x69, 0x62, 0x72, 0x61, 0x72, + 0x79, 0x50, 0x61, 0x63, 0x6b, 0x61, 0x67, 0x65, 0x12, 0x5f, 0x0a, 0x13, 0x73, 0x65, 0x72, 0x76, + 0x69, 0x63, 0x65, 0x5f, 0x63, 0x6c, 0x61, 0x73, 0x73, 0x5f, 0x6e, 0x61, 0x6d, 0x65, 0x73, 0x18, + 0x02, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x2f, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x61, + 0x70, 0x69, 0x2e, 0x4a, 0x61, 0x76, 0x61, 0x53, 0x65, 0x74, 0x74, 0x69, 0x6e, 0x67, 0x73, 0x2e, + 0x53, 0x65, 0x72, 0x76, 0x69, 0x63, 0x65, 0x43, 0x6c, 0x61, 0x73, 0x73, 0x4e, 0x61, 0x6d, 0x65, + 0x73, 0x45, 0x6e, 0x74, 0x72, 0x79, 0x52, 0x11, 0x73, 0x65, 0x72, 0x76, 0x69, 0x63, 0x65, 0x43, + 0x6c, 0x61, 0x73, 0x73, 0x4e, 0x61, 0x6d, 0x65, 0x73, 0x12, 0x3a, 0x0a, 0x06, 0x63, 0x6f, 0x6d, + 0x6d, 0x6f, 0x6e, 0x18, 0x03, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x22, 0x2e, 0x67, 0x6f, 0x6f, 0x67, + 0x6c, 0x65, 0x2e, 0x61, 0x70, 0x69, 0x2e, 0x43, 0x6f, 0x6d, 0x6d, 0x6f, 0x6e, 0x4c, 0x61, 0x6e, + 0x67, 0x75, 0x61, 0x67, 0x65, 0x53, 0x65, 0x74, 0x74, 0x69, 0x6e, 0x67, 0x73, 0x52, 0x06, 0x63, + 0x6f, 0x6d, 0x6d, 0x6f, 0x6e, 0x1a, 0x44, 0x0a, 0x16, 0x53, 0x65, 0x72, 0x76, 0x69, 0x63, 0x65, + 0x43, 0x6c, 0x61, 0x73, 0x73, 0x4e, 0x61, 0x6d, 0x65, 0x73, 0x45, 0x6e, 0x74, 0x72, 0x79, 0x12, + 0x10, 0x0a, 0x03, 0x6b, 0x65, 0x79, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x03, 0x6b, 0x65, + 0x79, 0x12, 0x14, 0x0a, 0x05, 0x76, 0x61, 0x6c, 0x75, 0x65, 0x18, 0x02, 0x20, 0x01, 0x28, 0x09, + 0x52, 0x05, 0x76, 0x61, 0x6c, 0x75, 0x65, 0x3a, 0x02, 0x38, 0x01, 0x22, 0x49, 0x0a, 0x0b, 0x43, + 0x70, 0x70, 0x53, 0x65, 0x74, 0x74, 0x69, 0x6e, 0x67, 0x73, 0x12, 0x3a, 0x0a, 0x06, 0x63, 0x6f, + 0x6d, 0x6d, 0x6f, 0x6e, 0x18, 0x01, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x22, 0x2e, 0x67, 0x6f, 0x6f, + 0x67, 0x6c, 0x65, 0x2e, 0x61, 0x70, 0x69, 0x2e, 0x43, 0x6f, 0x6d, 0x6d, 0x6f, 0x6e, 0x4c, 0x61, + 0x6e, 0x67, 0x75, 0x61, 0x67, 0x65, 0x53, 0x65, 0x74, 0x74, 0x69, 0x6e, 0x67, 0x73, 0x52, 0x06, + 0x63, 0x6f, 0x6d, 0x6d, 0x6f, 0x6e, 0x22, 0x49, 0x0a, 0x0b, 0x50, 0x68, 0x70, 0x53, 0x65, 0x74, + 0x74, 0x69, 0x6e, 0x67, 0x73, 0x12, 0x3a, 0x0a, 0x06, 0x63, 0x6f, 0x6d, 0x6d, 0x6f, 0x6e, 0x18, + 0x01, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x22, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x61, 0x70, 0x69, 0x2e, 0x43, 0x6f, 0x6d, 0x6d, 0x6f, 0x6e, 0x4c, 0x61, 0x6e, 0x67, 0x75, 0x61, 0x67, 0x65, 0x53, 0x65, 0x74, 0x74, 0x69, 0x6e, 0x67, 0x73, 0x52, 0x06, 0x63, 0x6f, 0x6d, 0x6d, 0x6f, - 0x6e, 0x1a, 0x44, 0x0a, 0x16, 0x53, 0x65, 0x72, 0x76, 0x69, 0x63, 0x65, 0x43, 0x6c, 0x61, 0x73, - 0x73, 0x4e, 0x61, 0x6d, 0x65, 0x73, 0x45, 0x6e, 0x74, 0x72, 0x79, 0x12, 0x10, 0x0a, 0x03, 0x6b, - 0x65, 0x79, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x03, 0x6b, 0x65, 0x79, 0x12, 0x14, 0x0a, - 0x05, 0x76, 0x61, 0x6c, 0x75, 0x65, 0x18, 0x02, 0x20, 0x01, 0x28, 0x09, 0x52, 0x05, 0x76, 0x61, - 0x6c, 0x75, 0x65, 0x3a, 0x02, 0x38, 0x01, 0x22, 0x49, 0x0a, 0x0b, 0x43, 0x70, 0x70, 0x53, 0x65, + 0x6e, 0x22, 0xc5, 0x02, 0x0a, 0x0e, 0x50, 0x79, 0x74, 0x68, 0x6f, 0x6e, 0x53, 0x65, 0x74, 0x74, + 0x69, 0x6e, 0x67, 0x73, 0x12, 0x3a, 0x0a, 0x06, 0x63, 0x6f, 0x6d, 0x6d, 0x6f, 0x6e, 0x18, 0x01, + 0x20, 0x01, 0x28, 0x0b, 0x32, 0x22, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x61, 0x70, + 0x69, 0x2e, 0x43, 0x6f, 0x6d, 0x6d, 0x6f, 0x6e, 0x4c, 0x61, 0x6e, 0x67, 0x75, 0x61, 0x67, 0x65, + 0x53, 0x65, 0x74, 0x74, 0x69, 0x6e, 0x67, 0x73, 0x52, 0x06, 0x63, 0x6f, 0x6d, 0x6d, 0x6f, 0x6e, + 0x12, 0x64, 0x0a, 0x15, 0x65, 0x78, 0x70, 0x65, 0x72, 0x69, 0x6d, 0x65, 0x6e, 0x74, 0x61, 0x6c, + 0x5f, 0x66, 0x65, 0x61, 0x74, 0x75, 0x72, 0x65, 0x73, 0x18, 0x02, 0x20, 0x01, 0x28, 0x0b, 0x32, + 0x2f, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x61, 0x70, 0x69, 0x2e, 0x50, 0x79, 0x74, + 0x68, 0x6f, 0x6e, 0x53, 0x65, 0x74, 0x74, 0x69, 0x6e, 0x67, 0x73, 0x2e, 0x45, 0x78, 0x70, 0x65, + 0x72, 0x69, 0x6d, 0x65, 0x6e, 0x74, 0x61, 0x6c, 0x46, 0x65, 0x61, 0x74, 0x75, 0x72, 0x65, 0x73, + 0x52, 0x14, 0x65, 0x78, 0x70, 0x65, 0x72, 0x69, 0x6d, 0x65, 0x6e, 0x74, 0x61, 0x6c, 0x46, 0x65, + 0x61, 0x74, 0x75, 0x72, 0x65, 0x73, 0x1a, 0x90, 0x01, 0x0a, 0x14, 0x45, 0x78, 0x70, 0x65, 0x72, + 0x69, 0x6d, 0x65, 0x6e, 0x74, 0x61, 0x6c, 0x46, 0x65, 0x61, 0x74, 0x75, 0x72, 0x65, 0x73, 0x12, + 0x31, 0x0a, 0x15, 0x72, 0x65, 0x73, 0x74, 0x5f, 0x61, 0x73, 0x79, 0x6e, 0x63, 0x5f, 0x69, 0x6f, + 0x5f, 0x65, 0x6e, 0x61, 0x62, 0x6c, 0x65, 0x64, 0x18, 0x01, 0x20, 0x01, 0x28, 0x08, 0x52, 0x12, + 0x72, 0x65, 0x73, 0x74, 0x41, 0x73, 0x79, 0x6e, 0x63, 0x49, 0x6f, 0x45, 0x6e, 0x61, 0x62, 0x6c, + 0x65, 0x64, 0x12, 0x45, 0x0a, 0x1f, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x5f, 0x70, + 0x79, 0x74, 0x68, 0x6f, 0x6e, 0x69, 0x63, 0x5f, 0x74, 0x79, 0x70, 0x65, 0x73, 0x5f, 0x65, 0x6e, + 0x61, 0x62, 0x6c, 0x65, 0x64, 0x18, 0x02, 0x20, 0x01, 0x28, 0x08, 0x52, 0x1c, 0x70, 0x72, 0x6f, + 0x74, 0x6f, 0x62, 0x75, 0x66, 0x50, 0x79, 0x74, 0x68, 0x6f, 0x6e, 0x69, 0x63, 0x54, 0x79, 0x70, + 0x65, 0x73, 0x45, 0x6e, 0x61, 0x62, 0x6c, 0x65, 0x64, 0x22, 0x4a, 0x0a, 0x0c, 0x4e, 0x6f, 0x64, + 0x65, 0x53, 0x65, 0x74, 0x74, 0x69, 0x6e, 0x67, 0x73, 0x12, 0x3a, 0x0a, 0x06, 0x63, 0x6f, 0x6d, + 0x6d, 0x6f, 0x6e, 0x18, 0x01, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x22, 0x2e, 0x67, 0x6f, 0x6f, 0x67, + 0x6c, 0x65, 0x2e, 0x61, 0x70, 0x69, 0x2e, 0x43, 0x6f, 0x6d, 0x6d, 0x6f, 0x6e, 0x4c, 0x61, 0x6e, + 0x67, 0x75, 0x61, 0x67, 0x65, 0x53, 0x65, 0x74, 0x74, 0x69, 0x6e, 0x67, 0x73, 0x52, 0x06, 0x63, + 0x6f, 0x6d, 0x6d, 0x6f, 0x6e, 0x22, 0xae, 0x04, 0x0a, 0x0e, 0x44, 0x6f, 0x74, 0x6e, 0x65, 0x74, + 0x53, 0x65, 0x74, 0x74, 0x69, 0x6e, 0x67, 0x73, 0x12, 0x3a, 0x0a, 0x06, 0x63, 0x6f, 0x6d, 0x6d, + 0x6f, 0x6e, 0x18, 0x01, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x22, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, + 0x65, 0x2e, 0x61, 0x70, 0x69, 0x2e, 0x43, 0x6f, 0x6d, 0x6d, 0x6f, 0x6e, 0x4c, 0x61, 0x6e, 0x67, + 0x75, 0x61, 0x67, 0x65, 0x53, 0x65, 0x74, 0x74, 0x69, 0x6e, 0x67, 0x73, 0x52, 0x06, 0x63, 0x6f, + 0x6d, 0x6d, 0x6f, 0x6e, 0x12, 0x5a, 0x0a, 0x10, 0x72, 0x65, 0x6e, 0x61, 0x6d, 0x65, 0x64, 0x5f, + 0x73, 0x65, 0x72, 0x76, 0x69, 0x63, 0x65, 0x73, 0x18, 0x02, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x2f, + 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x61, 0x70, 0x69, 0x2e, 0x44, 0x6f, 0x74, 0x6e, + 0x65, 0x74, 0x53, 0x65, 0x74, 0x74, 0x69, 0x6e, 0x67, 0x73, 0x2e, 0x52, 0x65, 0x6e, 0x61, 0x6d, + 0x65, 0x64, 0x53, 0x65, 0x72, 0x76, 0x69, 0x63, 0x65, 0x73, 0x45, 0x6e, 0x74, 0x72, 0x79, 0x52, + 0x0f, 0x72, 0x65, 0x6e, 0x61, 0x6d, 0x65, 0x64, 0x53, 0x65, 0x72, 0x76, 0x69, 0x63, 0x65, 0x73, + 0x12, 0x5d, 0x0a, 0x11, 0x72, 0x65, 0x6e, 0x61, 0x6d, 0x65, 0x64, 0x5f, 0x72, 0x65, 0x73, 0x6f, + 0x75, 0x72, 0x63, 0x65, 0x73, 0x18, 0x03, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x30, 0x2e, 0x67, 0x6f, + 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x61, 0x70, 0x69, 0x2e, 0x44, 0x6f, 0x74, 0x6e, 0x65, 0x74, 0x53, + 0x65, 0x74, 0x74, 0x69, 0x6e, 0x67, 0x73, 0x2e, 0x52, 0x65, 0x6e, 0x61, 0x6d, 0x65, 0x64, 0x52, + 0x65, 0x73, 0x6f, 0x75, 0x72, 0x63, 0x65, 0x73, 0x45, 0x6e, 0x74, 0x72, 0x79, 0x52, 0x10, 0x72, + 0x65, 0x6e, 0x61, 0x6d, 0x65, 0x64, 0x52, 0x65, 0x73, 0x6f, 0x75, 0x72, 0x63, 0x65, 0x73, 0x12, + 0x2b, 0x0a, 0x11, 0x69, 0x67, 0x6e, 0x6f, 0x72, 0x65, 0x64, 0x5f, 0x72, 0x65, 0x73, 0x6f, 0x75, + 0x72, 0x63, 0x65, 0x73, 0x18, 0x04, 0x20, 0x03, 0x28, 0x09, 0x52, 0x10, 0x69, 0x67, 0x6e, 0x6f, + 0x72, 0x65, 0x64, 0x52, 0x65, 0x73, 0x6f, 0x75, 0x72, 0x63, 0x65, 0x73, 0x12, 0x38, 0x0a, 0x18, + 0x66, 0x6f, 0x72, 0x63, 0x65, 0x64, 0x5f, 0x6e, 0x61, 0x6d, 0x65, 0x73, 0x70, 0x61, 0x63, 0x65, + 0x5f, 0x61, 0x6c, 0x69, 0x61, 0x73, 0x65, 0x73, 0x18, 0x05, 0x20, 0x03, 0x28, 0x09, 0x52, 0x16, + 0x66, 0x6f, 0x72, 0x63, 0x65, 0x64, 0x4e, 0x61, 0x6d, 0x65, 0x73, 0x70, 0x61, 0x63, 0x65, 0x41, + 0x6c, 0x69, 0x61, 0x73, 0x65, 0x73, 0x12, 0x35, 0x0a, 0x16, 0x68, 0x61, 0x6e, 0x64, 0x77, 0x72, + 0x69, 0x74, 0x74, 0x65, 0x6e, 0x5f, 0x73, 0x69, 0x67, 0x6e, 0x61, 0x74, 0x75, 0x72, 0x65, 0x73, + 0x18, 0x06, 0x20, 0x03, 0x28, 0x09, 0x52, 0x15, 0x68, 0x61, 0x6e, 0x64, 0x77, 0x72, 0x69, 0x74, + 0x74, 0x65, 0x6e, 0x53, 0x69, 0x67, 0x6e, 0x61, 0x74, 0x75, 0x72, 0x65, 0x73, 0x1a, 0x42, 0x0a, + 0x14, 0x52, 0x65, 0x6e, 0x61, 0x6d, 0x65, 0x64, 0x53, 0x65, 0x72, 0x76, 0x69, 0x63, 0x65, 0x73, + 0x45, 0x6e, 0x74, 0x72, 0x79, 0x12, 0x10, 0x0a, 0x03, 0x6b, 0x65, 0x79, 0x18, 0x01, 0x20, 0x01, + 0x28, 0x09, 0x52, 0x03, 0x6b, 0x65, 0x79, 0x12, 0x14, 0x0a, 0x05, 0x76, 0x61, 0x6c, 0x75, 0x65, + 0x18, 0x02, 0x20, 0x01, 0x28, 0x09, 0x52, 0x05, 0x76, 0x61, 0x6c, 0x75, 0x65, 0x3a, 0x02, 0x38, + 0x01, 0x1a, 0x43, 0x0a, 0x15, 0x52, 0x65, 0x6e, 0x61, 0x6d, 0x65, 0x64, 0x52, 0x65, 0x73, 0x6f, + 0x75, 0x72, 0x63, 0x65, 0x73, 0x45, 0x6e, 0x74, 0x72, 0x79, 0x12, 0x10, 0x0a, 0x03, 0x6b, 0x65, + 0x79, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x03, 0x6b, 0x65, 0x79, 0x12, 0x14, 0x0a, 0x05, + 0x76, 0x61, 0x6c, 0x75, 0x65, 0x18, 0x02, 0x20, 0x01, 0x28, 0x09, 0x52, 0x05, 0x76, 0x61, 0x6c, + 0x75, 0x65, 0x3a, 0x02, 0x38, 0x01, 0x22, 0x4a, 0x0a, 0x0c, 0x52, 0x75, 0x62, 0x79, 0x53, 0x65, 0x74, 0x74, 0x69, 0x6e, 0x67, 0x73, 0x12, 0x3a, 0x0a, 0x06, 0x63, 0x6f, 0x6d, 0x6d, 0x6f, 0x6e, 0x18, 0x01, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x22, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x61, 0x70, 0x69, 0x2e, 0x43, 0x6f, 0x6d, 0x6d, 0x6f, 0x6e, 0x4c, 0x61, 0x6e, 0x67, 0x75, 0x61, 0x67, 0x65, 0x53, 0x65, 0x74, 0x74, 0x69, 0x6e, 0x67, 0x73, 0x52, 0x06, 0x63, 0x6f, 0x6d, 0x6d, - 0x6f, 0x6e, 0x22, 0x49, 0x0a, 0x0b, 0x50, 0x68, 0x70, 0x53, 0x65, 0x74, 0x74, 0x69, 0x6e, 0x67, + 0x6f, 0x6e, 0x22, 0xe4, 0x01, 0x0a, 0x0a, 0x47, 0x6f, 0x53, 0x65, 0x74, 0x74, 0x69, 0x6e, 0x67, 0x73, 0x12, 0x3a, 0x0a, 0x06, 0x63, 0x6f, 0x6d, 0x6d, 0x6f, 0x6e, 0x18, 0x01, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x22, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x61, 0x70, 0x69, 0x2e, 0x43, 0x6f, 0x6d, 0x6d, 0x6f, 0x6e, 0x4c, 0x61, 0x6e, 0x67, 0x75, 0x61, 0x67, 0x65, 0x53, 0x65, 0x74, - 0x74, 0x69, 0x6e, 0x67, 0x73, 0x52, 0x06, 0x63, 0x6f, 0x6d, 0x6d, 0x6f, 0x6e, 0x22, 0xfd, 0x01, - 0x0a, 0x0e, 0x50, 0x79, 0x74, 0x68, 0x6f, 0x6e, 0x53, 0x65, 0x74, 0x74, 0x69, 0x6e, 0x67, 0x73, - 0x12, 0x3a, 0x0a, 0x06, 0x63, 0x6f, 0x6d, 0x6d, 0x6f, 0x6e, 0x18, 0x01, 0x20, 0x01, 0x28, 0x0b, - 0x32, 0x22, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x61, 0x70, 0x69, 0x2e, 0x43, 0x6f, - 0x6d, 0x6d, 0x6f, 0x6e, 0x4c, 0x61, 0x6e, 0x67, 0x75, 0x61, 0x67, 0x65, 0x53, 0x65, 0x74, 0x74, - 0x69, 0x6e, 0x67, 0x73, 0x52, 0x06, 0x63, 0x6f, 0x6d, 0x6d, 0x6f, 0x6e, 0x12, 0x64, 0x0a, 0x15, - 0x65, 0x78, 0x70, 0x65, 0x72, 0x69, 0x6d, 0x65, 0x6e, 0x74, 0x61, 0x6c, 0x5f, 0x66, 0x65, 0x61, - 0x74, 0x75, 0x72, 0x65, 0x73, 0x18, 0x02, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x2f, 0x2e, 0x67, 0x6f, - 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x61, 0x70, 0x69, 0x2e, 0x50, 0x79, 0x74, 0x68, 0x6f, 0x6e, 0x53, - 0x65, 0x74, 0x74, 0x69, 0x6e, 0x67, 0x73, 0x2e, 0x45, 0x78, 0x70, 0x65, 0x72, 0x69, 0x6d, 0x65, - 0x6e, 0x74, 0x61, 0x6c, 0x46, 0x65, 0x61, 0x74, 0x75, 0x72, 0x65, 0x73, 0x52, 0x14, 0x65, 0x78, - 0x70, 0x65, 0x72, 0x69, 0x6d, 0x65, 0x6e, 0x74, 0x61, 0x6c, 0x46, 0x65, 0x61, 0x74, 0x75, 0x72, - 0x65, 0x73, 0x1a, 0x49, 0x0a, 0x14, 0x45, 0x78, 0x70, 0x65, 0x72, 0x69, 0x6d, 0x65, 0x6e, 0x74, - 0x61, 0x6c, 0x46, 0x65, 0x61, 0x74, 0x75, 0x72, 0x65, 0x73, 0x12, 0x31, 0x0a, 0x15, 0x72, 0x65, - 0x73, 0x74, 0x5f, 0x61, 0x73, 0x79, 0x6e, 0x63, 0x5f, 0x69, 0x6f, 0x5f, 0x65, 0x6e, 0x61, 0x62, - 0x6c, 0x65, 0x64, 0x18, 0x01, 0x20, 0x01, 0x28, 0x08, 0x52, 0x12, 0x72, 0x65, 0x73, 0x74, 0x41, - 0x73, 0x79, 0x6e, 0x63, 0x49, 0x6f, 0x45, 0x6e, 0x61, 0x62, 0x6c, 0x65, 0x64, 0x22, 0x4a, 0x0a, - 0x0c, 0x4e, 0x6f, 0x64, 0x65, 0x53, 0x65, 0x74, 0x74, 0x69, 0x6e, 0x67, 0x73, 0x12, 0x3a, 0x0a, - 0x06, 0x63, 0x6f, 0x6d, 0x6d, 0x6f, 0x6e, 0x18, 0x01, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x22, 0x2e, - 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x61, 0x70, 0x69, 0x2e, 0x43, 0x6f, 0x6d, 0x6d, 0x6f, - 0x6e, 0x4c, 0x61, 0x6e, 0x67, 0x75, 0x61, 0x67, 0x65, 0x53, 0x65, 0x74, 0x74, 0x69, 0x6e, 0x67, - 0x73, 0x52, 0x06, 0x63, 0x6f, 0x6d, 0x6d, 0x6f, 0x6e, 0x22, 0xae, 0x04, 0x0a, 0x0e, 0x44, 0x6f, - 0x74, 0x6e, 0x65, 0x74, 0x53, 0x65, 0x74, 0x74, 0x69, 0x6e, 0x67, 0x73, 0x12, 0x3a, 0x0a, 0x06, - 0x63, 0x6f, 0x6d, 0x6d, 0x6f, 0x6e, 0x18, 0x01, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x22, 0x2e, 0x67, - 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x61, 0x70, 0x69, 0x2e, 0x43, 0x6f, 0x6d, 0x6d, 0x6f, 0x6e, - 0x4c, 0x61, 0x6e, 0x67, 0x75, 0x61, 0x67, 0x65, 0x53, 0x65, 0x74, 0x74, 0x69, 0x6e, 0x67, 0x73, - 0x52, 0x06, 0x63, 0x6f, 0x6d, 0x6d, 0x6f, 0x6e, 0x12, 0x5a, 0x0a, 0x10, 0x72, 0x65, 0x6e, 0x61, - 0x6d, 0x65, 0x64, 0x5f, 0x73, 0x65, 0x72, 0x76, 0x69, 0x63, 0x65, 0x73, 0x18, 0x02, 0x20, 0x03, - 0x28, 0x0b, 0x32, 0x2f, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x61, 0x70, 0x69, 0x2e, - 0x44, 0x6f, 0x74, 0x6e, 0x65, 0x74, 0x53, 0x65, 0x74, 0x74, 0x69, 0x6e, 0x67, 0x73, 0x2e, 0x52, - 0x65, 0x6e, 0x61, 0x6d, 0x65, 0x64, 0x53, 0x65, 0x72, 0x76, 0x69, 0x63, 0x65, 0x73, 0x45, 0x6e, - 0x74, 0x72, 0x79, 0x52, 0x0f, 0x72, 0x65, 0x6e, 0x61, 0x6d, 0x65, 0x64, 0x53, 0x65, 0x72, 0x76, - 0x69, 0x63, 0x65, 0x73, 0x12, 0x5d, 0x0a, 0x11, 0x72, 0x65, 0x6e, 0x61, 0x6d, 0x65, 0x64, 0x5f, - 0x72, 0x65, 0x73, 0x6f, 0x75, 0x72, 0x63, 0x65, 0x73, 0x18, 0x03, 0x20, 0x03, 0x28, 0x0b, 0x32, - 0x30, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x61, 0x70, 0x69, 0x2e, 0x44, 0x6f, 0x74, - 0x6e, 0x65, 0x74, 0x53, 0x65, 0x74, 0x74, 0x69, 0x6e, 0x67, 0x73, 0x2e, 0x52, 0x65, 0x6e, 0x61, - 0x6d, 0x65, 0x64, 0x52, 0x65, 0x73, 0x6f, 0x75, 0x72, 0x63, 0x65, 0x73, 0x45, 0x6e, 0x74, 0x72, - 0x79, 0x52, 0x10, 0x72, 0x65, 0x6e, 0x61, 0x6d, 0x65, 0x64, 0x52, 0x65, 0x73, 0x6f, 0x75, 0x72, - 0x63, 0x65, 0x73, 0x12, 0x2b, 0x0a, 0x11, 0x69, 0x67, 0x6e, 0x6f, 0x72, 0x65, 0x64, 0x5f, 0x72, - 0x65, 0x73, 0x6f, 0x75, 0x72, 0x63, 0x65, 0x73, 0x18, 0x04, 0x20, 0x03, 0x28, 0x09, 0x52, 0x10, - 0x69, 0x67, 0x6e, 0x6f, 0x72, 0x65, 0x64, 0x52, 0x65, 0x73, 0x6f, 0x75, 0x72, 0x63, 0x65, 0x73, - 0x12, 0x38, 0x0a, 0x18, 0x66, 0x6f, 0x72, 0x63, 0x65, 0x64, 0x5f, 0x6e, 0x61, 0x6d, 0x65, 0x73, - 0x70, 0x61, 0x63, 0x65, 0x5f, 0x61, 0x6c, 0x69, 0x61, 0x73, 0x65, 0x73, 0x18, 0x05, 0x20, 0x03, - 0x28, 0x09, 0x52, 0x16, 0x66, 0x6f, 0x72, 0x63, 0x65, 0x64, 0x4e, 0x61, 0x6d, 0x65, 0x73, 0x70, - 0x61, 0x63, 0x65, 0x41, 0x6c, 0x69, 0x61, 0x73, 0x65, 0x73, 0x12, 0x35, 0x0a, 0x16, 0x68, 0x61, - 0x6e, 0x64, 0x77, 0x72, 0x69, 0x74, 0x74, 0x65, 0x6e, 0x5f, 0x73, 0x69, 0x67, 0x6e, 0x61, 0x74, - 0x75, 0x72, 0x65, 0x73, 0x18, 0x06, 0x20, 0x03, 0x28, 0x09, 0x52, 0x15, 0x68, 0x61, 0x6e, 0x64, - 0x77, 0x72, 0x69, 0x74, 0x74, 0x65, 0x6e, 0x53, 0x69, 0x67, 0x6e, 0x61, 0x74, 0x75, 0x72, 0x65, - 0x73, 0x1a, 0x42, 0x0a, 0x14, 0x52, 0x65, 0x6e, 0x61, 0x6d, 0x65, 0x64, 0x53, 0x65, 0x72, 0x76, - 0x69, 0x63, 0x65, 0x73, 0x45, 0x6e, 0x74, 0x72, 0x79, 0x12, 0x10, 0x0a, 0x03, 0x6b, 0x65, 0x79, - 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x03, 0x6b, 0x65, 0x79, 0x12, 0x14, 0x0a, 0x05, 0x76, - 0x61, 0x6c, 0x75, 0x65, 0x18, 0x02, 0x20, 0x01, 0x28, 0x09, 0x52, 0x05, 0x76, 0x61, 0x6c, 0x75, - 0x65, 0x3a, 0x02, 0x38, 0x01, 0x1a, 0x43, 0x0a, 0x15, 0x52, 0x65, 0x6e, 0x61, 0x6d, 0x65, 0x64, - 0x52, 0x65, 0x73, 0x6f, 0x75, 0x72, 0x63, 0x65, 0x73, 0x45, 0x6e, 0x74, 0x72, 0x79, 0x12, 0x10, - 0x0a, 0x03, 0x6b, 0x65, 0x79, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x03, 0x6b, 0x65, 0x79, - 0x12, 0x14, 0x0a, 0x05, 0x76, 0x61, 0x6c, 0x75, 0x65, 0x18, 0x02, 0x20, 0x01, 0x28, 0x09, 0x52, - 0x05, 0x76, 0x61, 0x6c, 0x75, 0x65, 0x3a, 0x02, 0x38, 0x01, 0x22, 0x4a, 0x0a, 0x0c, 0x52, 0x75, - 0x62, 0x79, 0x53, 0x65, 0x74, 0x74, 0x69, 0x6e, 0x67, 0x73, 0x12, 0x3a, 0x0a, 0x06, 0x63, 0x6f, - 0x6d, 0x6d, 0x6f, 0x6e, 0x18, 0x01, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x22, 0x2e, 0x67, 0x6f, 0x6f, - 0x67, 0x6c, 0x65, 0x2e, 0x61, 0x70, 0x69, 0x2e, 0x43, 0x6f, 0x6d, 0x6d, 0x6f, 0x6e, 0x4c, 0x61, - 0x6e, 0x67, 0x75, 0x61, 0x67, 0x65, 0x53, 0x65, 0x74, 0x74, 0x69, 0x6e, 0x67, 0x73, 0x52, 0x06, - 0x63, 0x6f, 0x6d, 0x6d, 0x6f, 0x6e, 0x22, 0x48, 0x0a, 0x0a, 0x47, 0x6f, 0x53, 0x65, 0x74, 0x74, - 0x69, 0x6e, 0x67, 0x73, 0x12, 0x3a, 0x0a, 0x06, 0x63, 0x6f, 0x6d, 0x6d, 0x6f, 0x6e, 0x18, 0x01, - 0x20, 0x01, 0x28, 0x0b, 0x32, 0x22, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x61, 0x70, - 0x69, 0x2e, 0x43, 0x6f, 0x6d, 0x6d, 0x6f, 0x6e, 0x4c, 0x61, 0x6e, 0x67, 0x75, 0x61, 0x67, 0x65, - 0x53, 0x65, 0x74, 0x74, 0x69, 0x6e, 0x67, 0x73, 0x52, 0x06, 0x63, 0x6f, 0x6d, 0x6d, 0x6f, 0x6e, - 0x22, 0xc2, 0x03, 0x0a, 0x0e, 0x4d, 0x65, 0x74, 0x68, 0x6f, 0x64, 0x53, 0x65, 0x74, 0x74, 0x69, - 0x6e, 0x67, 0x73, 0x12, 0x1a, 0x0a, 0x08, 0x73, 0x65, 0x6c, 0x65, 0x63, 0x74, 0x6f, 0x72, 0x18, - 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x08, 0x73, 0x65, 0x6c, 0x65, 0x63, 0x74, 0x6f, 0x72, 0x12, - 0x49, 0x0a, 0x0c, 0x6c, 0x6f, 0x6e, 0x67, 0x5f, 0x72, 0x75, 0x6e, 0x6e, 0x69, 0x6e, 0x67, 0x18, - 0x02, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x26, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x61, - 0x70, 0x69, 0x2e, 0x4d, 0x65, 0x74, 0x68, 0x6f, 0x64, 0x53, 0x65, 0x74, 0x74, 0x69, 0x6e, 0x67, - 0x73, 0x2e, 0x4c, 0x6f, 0x6e, 0x67, 0x52, 0x75, 0x6e, 0x6e, 0x69, 0x6e, 0x67, 0x52, 0x0b, 0x6c, - 0x6f, 0x6e, 0x67, 0x52, 0x75, 0x6e, 0x6e, 0x69, 0x6e, 0x67, 0x12, 0x32, 0x0a, 0x15, 0x61, 0x75, - 0x74, 0x6f, 0x5f, 0x70, 0x6f, 0x70, 0x75, 0x6c, 0x61, 0x74, 0x65, 0x64, 0x5f, 0x66, 0x69, 0x65, - 0x6c, 0x64, 0x73, 0x18, 0x03, 0x20, 0x03, 0x28, 0x09, 0x52, 0x13, 0x61, 0x75, 0x74, 0x6f, 0x50, - 0x6f, 0x70, 0x75, 0x6c, 0x61, 0x74, 0x65, 0x64, 0x46, 0x69, 0x65, 0x6c, 0x64, 0x73, 0x1a, 0x94, - 0x02, 0x0a, 0x0b, 0x4c, 0x6f, 0x6e, 0x67, 0x52, 0x75, 0x6e, 0x6e, 0x69, 0x6e, 0x67, 0x12, 0x47, - 0x0a, 0x12, 0x69, 0x6e, 0x69, 0x74, 0x69, 0x61, 0x6c, 0x5f, 0x70, 0x6f, 0x6c, 0x6c, 0x5f, 0x64, - 0x65, 0x6c, 0x61, 0x79, 0x18, 0x01, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x19, 0x2e, 0x67, 0x6f, 0x6f, - 0x67, 0x6c, 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2e, 0x44, 0x75, 0x72, - 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x52, 0x10, 0x69, 0x6e, 0x69, 0x74, 0x69, 0x61, 0x6c, 0x50, 0x6f, - 0x6c, 0x6c, 0x44, 0x65, 0x6c, 0x61, 0x79, 0x12, 0x32, 0x0a, 0x15, 0x70, 0x6f, 0x6c, 0x6c, 0x5f, - 0x64, 0x65, 0x6c, 0x61, 0x79, 0x5f, 0x6d, 0x75, 0x6c, 0x74, 0x69, 0x70, 0x6c, 0x69, 0x65, 0x72, - 0x18, 0x02, 0x20, 0x01, 0x28, 0x02, 0x52, 0x13, 0x70, 0x6f, 0x6c, 0x6c, 0x44, 0x65, 0x6c, 0x61, - 0x79, 0x4d, 0x75, 0x6c, 0x74, 0x69, 0x70, 0x6c, 0x69, 0x65, 0x72, 0x12, 0x3f, 0x0a, 0x0e, 0x6d, - 0x61, 0x78, 0x5f, 0x70, 0x6f, 0x6c, 0x6c, 0x5f, 0x64, 0x65, 0x6c, 0x61, 0x79, 0x18, 0x03, 0x20, + 0x74, 0x69, 0x6e, 0x67, 0x73, 0x52, 0x06, 0x63, 0x6f, 0x6d, 0x6d, 0x6f, 0x6e, 0x12, 0x56, 0x0a, + 0x10, 0x72, 0x65, 0x6e, 0x61, 0x6d, 0x65, 0x64, 0x5f, 0x73, 0x65, 0x72, 0x76, 0x69, 0x63, 0x65, + 0x73, 0x18, 0x02, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x2b, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, + 0x2e, 0x61, 0x70, 0x69, 0x2e, 0x47, 0x6f, 0x53, 0x65, 0x74, 0x74, 0x69, 0x6e, 0x67, 0x73, 0x2e, + 0x52, 0x65, 0x6e, 0x61, 0x6d, 0x65, 0x64, 0x53, 0x65, 0x72, 0x76, 0x69, 0x63, 0x65, 0x73, 0x45, + 0x6e, 0x74, 0x72, 0x79, 0x52, 0x0f, 0x72, 0x65, 0x6e, 0x61, 0x6d, 0x65, 0x64, 0x53, 0x65, 0x72, + 0x76, 0x69, 0x63, 0x65, 0x73, 0x1a, 0x42, 0x0a, 0x14, 0x52, 0x65, 0x6e, 0x61, 0x6d, 0x65, 0x64, + 0x53, 0x65, 0x72, 0x76, 0x69, 0x63, 0x65, 0x73, 0x45, 0x6e, 0x74, 0x72, 0x79, 0x12, 0x10, 0x0a, + 0x03, 0x6b, 0x65, 0x79, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x03, 0x6b, 0x65, 0x79, 0x12, + 0x14, 0x0a, 0x05, 0x76, 0x61, 0x6c, 0x75, 0x65, 0x18, 0x02, 0x20, 0x01, 0x28, 0x09, 0x52, 0x05, + 0x76, 0x61, 0x6c, 0x75, 0x65, 0x3a, 0x02, 0x38, 0x01, 0x22, 0xc2, 0x03, 0x0a, 0x0e, 0x4d, 0x65, + 0x74, 0x68, 0x6f, 0x64, 0x53, 0x65, 0x74, 0x74, 0x69, 0x6e, 0x67, 0x73, 0x12, 0x1a, 0x0a, 0x08, + 0x73, 0x65, 0x6c, 0x65, 0x63, 0x74, 0x6f, 0x72, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x08, + 0x73, 0x65, 0x6c, 0x65, 0x63, 0x74, 0x6f, 0x72, 0x12, 0x49, 0x0a, 0x0c, 0x6c, 0x6f, 0x6e, 0x67, + 0x5f, 0x72, 0x75, 0x6e, 0x6e, 0x69, 0x6e, 0x67, 0x18, 0x02, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x26, + 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x61, 0x70, 0x69, 0x2e, 0x4d, 0x65, 0x74, 0x68, + 0x6f, 0x64, 0x53, 0x65, 0x74, 0x74, 0x69, 0x6e, 0x67, 0x73, 0x2e, 0x4c, 0x6f, 0x6e, 0x67, 0x52, + 0x75, 0x6e, 0x6e, 0x69, 0x6e, 0x67, 0x52, 0x0b, 0x6c, 0x6f, 0x6e, 0x67, 0x52, 0x75, 0x6e, 0x6e, + 0x69, 0x6e, 0x67, 0x12, 0x32, 0x0a, 0x15, 0x61, 0x75, 0x74, 0x6f, 0x5f, 0x70, 0x6f, 0x70, 0x75, + 0x6c, 0x61, 0x74, 0x65, 0x64, 0x5f, 0x66, 0x69, 0x65, 0x6c, 0x64, 0x73, 0x18, 0x03, 0x20, 0x03, + 0x28, 0x09, 0x52, 0x13, 0x61, 0x75, 0x74, 0x6f, 0x50, 0x6f, 0x70, 0x75, 0x6c, 0x61, 0x74, 0x65, + 0x64, 0x46, 0x69, 0x65, 0x6c, 0x64, 0x73, 0x1a, 0x94, 0x02, 0x0a, 0x0b, 0x4c, 0x6f, 0x6e, 0x67, + 0x52, 0x75, 0x6e, 0x6e, 0x69, 0x6e, 0x67, 0x12, 0x47, 0x0a, 0x12, 0x69, 0x6e, 0x69, 0x74, 0x69, + 0x61, 0x6c, 0x5f, 0x70, 0x6f, 0x6c, 0x6c, 0x5f, 0x64, 0x65, 0x6c, 0x61, 0x79, 0x18, 0x01, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x19, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x70, 0x72, 0x6f, - 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2e, 0x44, 0x75, 0x72, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x52, 0x0c, - 0x6d, 0x61, 0x78, 0x50, 0x6f, 0x6c, 0x6c, 0x44, 0x65, 0x6c, 0x61, 0x79, 0x12, 0x47, 0x0a, 0x12, - 0x74, 0x6f, 0x74, 0x61, 0x6c, 0x5f, 0x70, 0x6f, 0x6c, 0x6c, 0x5f, 0x74, 0x69, 0x6d, 0x65, 0x6f, - 0x75, 0x74, 0x18, 0x04, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x19, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, - 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2e, 0x44, 0x75, 0x72, 0x61, 0x74, - 0x69, 0x6f, 0x6e, 0x52, 0x10, 0x74, 0x6f, 0x74, 0x61, 0x6c, 0x50, 0x6f, 0x6c, 0x6c, 0x54, 0x69, - 0x6d, 0x65, 0x6f, 0x75, 0x74, 0x2a, 0xa3, 0x01, 0x0a, 0x19, 0x43, 0x6c, 0x69, 0x65, 0x6e, 0x74, - 0x4c, 0x69, 0x62, 0x72, 0x61, 0x72, 0x79, 0x4f, 0x72, 0x67, 0x61, 0x6e, 0x69, 0x7a, 0x61, 0x74, - 0x69, 0x6f, 0x6e, 0x12, 0x2b, 0x0a, 0x27, 0x43, 0x4c, 0x49, 0x45, 0x4e, 0x54, 0x5f, 0x4c, 0x49, - 0x42, 0x52, 0x41, 0x52, 0x59, 0x5f, 0x4f, 0x52, 0x47, 0x41, 0x4e, 0x49, 0x5a, 0x41, 0x54, 0x49, - 0x4f, 0x4e, 0x5f, 0x55, 0x4e, 0x53, 0x50, 0x45, 0x43, 0x49, 0x46, 0x49, 0x45, 0x44, 0x10, 0x00, - 0x12, 0x09, 0x0a, 0x05, 0x43, 0x4c, 0x4f, 0x55, 0x44, 0x10, 0x01, 0x12, 0x07, 0x0a, 0x03, 0x41, - 0x44, 0x53, 0x10, 0x02, 0x12, 0x0a, 0x0a, 0x06, 0x50, 0x48, 0x4f, 0x54, 0x4f, 0x53, 0x10, 0x03, - 0x12, 0x0f, 0x0a, 0x0b, 0x53, 0x54, 0x52, 0x45, 0x45, 0x54, 0x5f, 0x56, 0x49, 0x45, 0x57, 0x10, - 0x04, 0x12, 0x0c, 0x0a, 0x08, 0x53, 0x48, 0x4f, 0x50, 0x50, 0x49, 0x4e, 0x47, 0x10, 0x05, 0x12, - 0x07, 0x0a, 0x03, 0x47, 0x45, 0x4f, 0x10, 0x06, 0x12, 0x11, 0x0a, 0x0d, 0x47, 0x45, 0x4e, 0x45, - 0x52, 0x41, 0x54, 0x49, 0x56, 0x45, 0x5f, 0x41, 0x49, 0x10, 0x07, 0x2a, 0x67, 0x0a, 0x18, 0x43, - 0x6c, 0x69, 0x65, 0x6e, 0x74, 0x4c, 0x69, 0x62, 0x72, 0x61, 0x72, 0x79, 0x44, 0x65, 0x73, 0x74, - 0x69, 0x6e, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x12, 0x2a, 0x0a, 0x26, 0x43, 0x4c, 0x49, 0x45, 0x4e, - 0x54, 0x5f, 0x4c, 0x49, 0x42, 0x52, 0x41, 0x52, 0x59, 0x5f, 0x44, 0x45, 0x53, 0x54, 0x49, 0x4e, - 0x41, 0x54, 0x49, 0x4f, 0x4e, 0x5f, 0x55, 0x4e, 0x53, 0x50, 0x45, 0x43, 0x49, 0x46, 0x49, 0x45, - 0x44, 0x10, 0x00, 0x12, 0x0a, 0x0a, 0x06, 0x47, 0x49, 0x54, 0x48, 0x55, 0x42, 0x10, 0x0a, 0x12, - 0x13, 0x0a, 0x0f, 0x50, 0x41, 0x43, 0x4b, 0x41, 0x47, 0x45, 0x5f, 0x4d, 0x41, 0x4e, 0x41, 0x47, - 0x45, 0x52, 0x10, 0x14, 0x3a, 0x4a, 0x0a, 0x10, 0x6d, 0x65, 0x74, 0x68, 0x6f, 0x64, 0x5f, 0x73, - 0x69, 0x67, 0x6e, 0x61, 0x74, 0x75, 0x72, 0x65, 0x12, 0x1e, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, - 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2e, 0x4d, 0x65, 0x74, 0x68, 0x6f, - 0x64, 0x4f, 0x70, 0x74, 0x69, 0x6f, 0x6e, 0x73, 0x18, 0x9b, 0x08, 0x20, 0x03, 0x28, 0x09, 0x52, - 0x0f, 0x6d, 0x65, 0x74, 0x68, 0x6f, 0x64, 0x53, 0x69, 0x67, 0x6e, 0x61, 0x74, 0x75, 0x72, 0x65, - 0x3a, 0x43, 0x0a, 0x0c, 0x64, 0x65, 0x66, 0x61, 0x75, 0x6c, 0x74, 0x5f, 0x68, 0x6f, 0x73, 0x74, - 0x12, 0x1f, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, - 0x75, 0x66, 0x2e, 0x53, 0x65, 0x72, 0x76, 0x69, 0x63, 0x65, 0x4f, 0x70, 0x74, 0x69, 0x6f, 0x6e, - 0x73, 0x18, 0x99, 0x08, 0x20, 0x01, 0x28, 0x09, 0x52, 0x0b, 0x64, 0x65, 0x66, 0x61, 0x75, 0x6c, - 0x74, 0x48, 0x6f, 0x73, 0x74, 0x3a, 0x43, 0x0a, 0x0c, 0x6f, 0x61, 0x75, 0x74, 0x68, 0x5f, 0x73, - 0x63, 0x6f, 0x70, 0x65, 0x73, 0x12, 0x1f, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x70, - 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2e, 0x53, 0x65, 0x72, 0x76, 0x69, 0x63, 0x65, 0x4f, - 0x70, 0x74, 0x69, 0x6f, 0x6e, 0x73, 0x18, 0x9a, 0x08, 0x20, 0x01, 0x28, 0x09, 0x52, 0x0b, 0x6f, - 0x61, 0x75, 0x74, 0x68, 0x53, 0x63, 0x6f, 0x70, 0x65, 0x73, 0x3a, 0x44, 0x0a, 0x0b, 0x61, 0x70, - 0x69, 0x5f, 0x76, 0x65, 0x72, 0x73, 0x69, 0x6f, 0x6e, 0x12, 0x1f, 0x2e, 0x67, 0x6f, 0x6f, 0x67, - 0x6c, 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2e, 0x53, 0x65, 0x72, 0x76, - 0x69, 0x63, 0x65, 0x4f, 0x70, 0x74, 0x69, 0x6f, 0x6e, 0x73, 0x18, 0xc1, 0xba, 0xab, 0xfa, 0x01, - 0x20, 0x01, 0x28, 0x09, 0x52, 0x0a, 0x61, 0x70, 0x69, 0x56, 0x65, 0x72, 0x73, 0x69, 0x6f, 0x6e, - 0x42, 0x69, 0x0a, 0x0e, 0x63, 0x6f, 0x6d, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x61, - 0x70, 0x69, 0x42, 0x0b, 0x43, 0x6c, 0x69, 0x65, 0x6e, 0x74, 0x50, 0x72, 0x6f, 0x74, 0x6f, 0x50, - 0x01, 0x5a, 0x41, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x67, 0x6f, 0x6c, 0x61, 0x6e, 0x67, - 0x2e, 0x6f, 0x72, 0x67, 0x2f, 0x67, 0x65, 0x6e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x2f, 0x67, 0x6f, - 0x6f, 0x67, 0x6c, 0x65, 0x61, 0x70, 0x69, 0x73, 0x2f, 0x61, 0x70, 0x69, 0x2f, 0x61, 0x6e, 0x6e, - 0x6f, 0x74, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x73, 0x3b, 0x61, 0x6e, 0x6e, 0x6f, 0x74, 0x61, 0x74, - 0x69, 0x6f, 0x6e, 0x73, 0xa2, 0x02, 0x04, 0x47, 0x41, 0x50, 0x49, 0x62, 0x06, 0x70, 0x72, 0x6f, - 0x74, 0x6f, 0x33, + 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2e, 0x44, 0x75, 0x72, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x52, 0x10, + 0x69, 0x6e, 0x69, 0x74, 0x69, 0x61, 0x6c, 0x50, 0x6f, 0x6c, 0x6c, 0x44, 0x65, 0x6c, 0x61, 0x79, + 0x12, 0x32, 0x0a, 0x15, 0x70, 0x6f, 0x6c, 0x6c, 0x5f, 0x64, 0x65, 0x6c, 0x61, 0x79, 0x5f, 0x6d, + 0x75, 0x6c, 0x74, 0x69, 0x70, 0x6c, 0x69, 0x65, 0x72, 0x18, 0x02, 0x20, 0x01, 0x28, 0x02, 0x52, + 0x13, 0x70, 0x6f, 0x6c, 0x6c, 0x44, 0x65, 0x6c, 0x61, 0x79, 0x4d, 0x75, 0x6c, 0x74, 0x69, 0x70, + 0x6c, 0x69, 0x65, 0x72, 0x12, 0x3f, 0x0a, 0x0e, 0x6d, 0x61, 0x78, 0x5f, 0x70, 0x6f, 0x6c, 0x6c, + 0x5f, 0x64, 0x65, 0x6c, 0x61, 0x79, 0x18, 0x03, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x19, 0x2e, 0x67, + 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2e, 0x44, + 0x75, 0x72, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x52, 0x0c, 0x6d, 0x61, 0x78, 0x50, 0x6f, 0x6c, 0x6c, + 0x44, 0x65, 0x6c, 0x61, 0x79, 0x12, 0x47, 0x0a, 0x12, 0x74, 0x6f, 0x74, 0x61, 0x6c, 0x5f, 0x70, + 0x6f, 0x6c, 0x6c, 0x5f, 0x74, 0x69, 0x6d, 0x65, 0x6f, 0x75, 0x74, 0x18, 0x04, 0x20, 0x01, 0x28, + 0x0b, 0x32, 0x19, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, + 0x62, 0x75, 0x66, 0x2e, 0x44, 0x75, 0x72, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x52, 0x10, 0x74, 0x6f, + 0x74, 0x61, 0x6c, 0x50, 0x6f, 0x6c, 0x6c, 0x54, 0x69, 0x6d, 0x65, 0x6f, 0x75, 0x74, 0x22, 0x34, + 0x0a, 0x18, 0x53, 0x65, 0x6c, 0x65, 0x63, 0x74, 0x69, 0x76, 0x65, 0x47, 0x61, 0x70, 0x69, 0x63, + 0x47, 0x65, 0x6e, 0x65, 0x72, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x12, 0x18, 0x0a, 0x07, 0x6d, 0x65, + 0x74, 0x68, 0x6f, 0x64, 0x73, 0x18, 0x01, 0x20, 0x03, 0x28, 0x09, 0x52, 0x07, 0x6d, 0x65, 0x74, + 0x68, 0x6f, 0x64, 0x73, 0x2a, 0xa3, 0x01, 0x0a, 0x19, 0x43, 0x6c, 0x69, 0x65, 0x6e, 0x74, 0x4c, + 0x69, 0x62, 0x72, 0x61, 0x72, 0x79, 0x4f, 0x72, 0x67, 0x61, 0x6e, 0x69, 0x7a, 0x61, 0x74, 0x69, + 0x6f, 0x6e, 0x12, 0x2b, 0x0a, 0x27, 0x43, 0x4c, 0x49, 0x45, 0x4e, 0x54, 0x5f, 0x4c, 0x49, 0x42, + 0x52, 0x41, 0x52, 0x59, 0x5f, 0x4f, 0x52, 0x47, 0x41, 0x4e, 0x49, 0x5a, 0x41, 0x54, 0x49, 0x4f, + 0x4e, 0x5f, 0x55, 0x4e, 0x53, 0x50, 0x45, 0x43, 0x49, 0x46, 0x49, 0x45, 0x44, 0x10, 0x00, 0x12, + 0x09, 0x0a, 0x05, 0x43, 0x4c, 0x4f, 0x55, 0x44, 0x10, 0x01, 0x12, 0x07, 0x0a, 0x03, 0x41, 0x44, + 0x53, 0x10, 0x02, 0x12, 0x0a, 0x0a, 0x06, 0x50, 0x48, 0x4f, 0x54, 0x4f, 0x53, 0x10, 0x03, 0x12, + 0x0f, 0x0a, 0x0b, 0x53, 0x54, 0x52, 0x45, 0x45, 0x54, 0x5f, 0x56, 0x49, 0x45, 0x57, 0x10, 0x04, + 0x12, 0x0c, 0x0a, 0x08, 0x53, 0x48, 0x4f, 0x50, 0x50, 0x49, 0x4e, 0x47, 0x10, 0x05, 0x12, 0x07, + 0x0a, 0x03, 0x47, 0x45, 0x4f, 0x10, 0x06, 0x12, 0x11, 0x0a, 0x0d, 0x47, 0x45, 0x4e, 0x45, 0x52, + 0x41, 0x54, 0x49, 0x56, 0x45, 0x5f, 0x41, 0x49, 0x10, 0x07, 0x2a, 0x67, 0x0a, 0x18, 0x43, 0x6c, + 0x69, 0x65, 0x6e, 0x74, 0x4c, 0x69, 0x62, 0x72, 0x61, 0x72, 0x79, 0x44, 0x65, 0x73, 0x74, 0x69, + 0x6e, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x12, 0x2a, 0x0a, 0x26, 0x43, 0x4c, 0x49, 0x45, 0x4e, 0x54, + 0x5f, 0x4c, 0x49, 0x42, 0x52, 0x41, 0x52, 0x59, 0x5f, 0x44, 0x45, 0x53, 0x54, 0x49, 0x4e, 0x41, + 0x54, 0x49, 0x4f, 0x4e, 0x5f, 0x55, 0x4e, 0x53, 0x50, 0x45, 0x43, 0x49, 0x46, 0x49, 0x45, 0x44, + 0x10, 0x00, 0x12, 0x0a, 0x0a, 0x06, 0x47, 0x49, 0x54, 0x48, 0x55, 0x42, 0x10, 0x0a, 0x12, 0x13, + 0x0a, 0x0f, 0x50, 0x41, 0x43, 0x4b, 0x41, 0x47, 0x45, 0x5f, 0x4d, 0x41, 0x4e, 0x41, 0x47, 0x45, + 0x52, 0x10, 0x14, 0x3a, 0x4a, 0x0a, 0x10, 0x6d, 0x65, 0x74, 0x68, 0x6f, 0x64, 0x5f, 0x73, 0x69, + 0x67, 0x6e, 0x61, 0x74, 0x75, 0x72, 0x65, 0x12, 0x1e, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, + 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2e, 0x4d, 0x65, 0x74, 0x68, 0x6f, 0x64, + 0x4f, 0x70, 0x74, 0x69, 0x6f, 0x6e, 0x73, 0x18, 0x9b, 0x08, 0x20, 0x03, 0x28, 0x09, 0x52, 0x0f, + 0x6d, 0x65, 0x74, 0x68, 0x6f, 0x64, 0x53, 0x69, 0x67, 0x6e, 0x61, 0x74, 0x75, 0x72, 0x65, 0x3a, + 0x43, 0x0a, 0x0c, 0x64, 0x65, 0x66, 0x61, 0x75, 0x6c, 0x74, 0x5f, 0x68, 0x6f, 0x73, 0x74, 0x12, + 0x1f, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, + 0x66, 0x2e, 0x53, 0x65, 0x72, 0x76, 0x69, 0x63, 0x65, 0x4f, 0x70, 0x74, 0x69, 0x6f, 0x6e, 0x73, + 0x18, 0x99, 0x08, 0x20, 0x01, 0x28, 0x09, 0x52, 0x0b, 0x64, 0x65, 0x66, 0x61, 0x75, 0x6c, 0x74, + 0x48, 0x6f, 0x73, 0x74, 0x3a, 0x43, 0x0a, 0x0c, 0x6f, 0x61, 0x75, 0x74, 0x68, 0x5f, 0x73, 0x63, + 0x6f, 0x70, 0x65, 0x73, 0x12, 0x1f, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x70, 0x72, + 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2e, 0x53, 0x65, 0x72, 0x76, 0x69, 0x63, 0x65, 0x4f, 0x70, + 0x74, 0x69, 0x6f, 0x6e, 0x73, 0x18, 0x9a, 0x08, 0x20, 0x01, 0x28, 0x09, 0x52, 0x0b, 0x6f, 0x61, + 0x75, 0x74, 0x68, 0x53, 0x63, 0x6f, 0x70, 0x65, 0x73, 0x3a, 0x44, 0x0a, 0x0b, 0x61, 0x70, 0x69, + 0x5f, 0x76, 0x65, 0x72, 0x73, 0x69, 0x6f, 0x6e, 0x12, 0x1f, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, + 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2e, 0x53, 0x65, 0x72, 0x76, 0x69, + 0x63, 0x65, 0x4f, 0x70, 0x74, 0x69, 0x6f, 0x6e, 0x73, 0x18, 0xc1, 0xba, 0xab, 0xfa, 0x01, 0x20, + 0x01, 0x28, 0x09, 0x52, 0x0a, 0x61, 0x70, 0x69, 0x56, 0x65, 0x72, 0x73, 0x69, 0x6f, 0x6e, 0x42, + 0x69, 0x0a, 0x0e, 0x63, 0x6f, 0x6d, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x61, 0x70, + 0x69, 0x42, 0x0b, 0x43, 0x6c, 0x69, 0x65, 0x6e, 0x74, 0x50, 0x72, 0x6f, 0x74, 0x6f, 0x50, 0x01, + 0x5a, 0x41, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x67, 0x6f, 0x6c, 0x61, 0x6e, 0x67, 0x2e, + 0x6f, 0x72, 0x67, 0x2f, 0x67, 0x65, 0x6e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x2f, 0x67, 0x6f, 0x6f, + 0x67, 0x6c, 0x65, 0x61, 0x70, 0x69, 0x73, 0x2f, 0x61, 0x70, 0x69, 0x2f, 0x61, 0x6e, 0x6e, 0x6f, + 0x74, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x73, 0x3b, 0x61, 0x6e, 0x6e, 0x6f, 0x74, 0x61, 0x74, 0x69, + 0x6f, 0x6e, 0x73, 0xa2, 0x02, 0x04, 0x47, 0x41, 0x50, 0x49, 0x62, 0x06, 0x70, 0x72, 0x6f, 0x74, + 0x6f, 0x33, } var ( @@ -1675,7 +1788,7 @@ func file_google_api_client_proto_rawDescGZIP() []byte { } var file_google_api_client_proto_enumTypes = make([]protoimpl.EnumInfo, 2) -var file_google_api_client_proto_msgTypes = make([]protoimpl.MessageInfo, 17) +var file_google_api_client_proto_msgTypes = make([]protoimpl.MessageInfo, 19) var file_google_api_client_proto_goTypes = []interface{}{ (ClientLibraryOrganization)(0), // 0: google.api.ClientLibraryOrganization (ClientLibraryDestination)(0), // 1: google.api.ClientLibraryDestination @@ -1691,55 +1804,59 @@ var file_google_api_client_proto_goTypes = []interface{}{ (*RubySettings)(nil), // 11: google.api.RubySettings (*GoSettings)(nil), // 12: google.api.GoSettings (*MethodSettings)(nil), // 13: google.api.MethodSettings - nil, // 14: google.api.JavaSettings.ServiceClassNamesEntry - (*PythonSettings_ExperimentalFeatures)(nil), // 15: google.api.PythonSettings.ExperimentalFeatures - nil, // 16: google.api.DotnetSettings.RenamedServicesEntry - nil, // 17: google.api.DotnetSettings.RenamedResourcesEntry - (*MethodSettings_LongRunning)(nil), // 18: google.api.MethodSettings.LongRunning - (api.LaunchStage)(0), // 19: google.api.LaunchStage - (*durationpb.Duration)(nil), // 20: google.protobuf.Duration - (*descriptorpb.MethodOptions)(nil), // 21: google.protobuf.MethodOptions - (*descriptorpb.ServiceOptions)(nil), // 22: google.protobuf.ServiceOptions + (*SelectiveGapicGeneration)(nil), // 14: google.api.SelectiveGapicGeneration + nil, // 15: google.api.JavaSettings.ServiceClassNamesEntry + (*PythonSettings_ExperimentalFeatures)(nil), // 16: google.api.PythonSettings.ExperimentalFeatures + nil, // 17: google.api.DotnetSettings.RenamedServicesEntry + nil, // 18: google.api.DotnetSettings.RenamedResourcesEntry + nil, // 19: google.api.GoSettings.RenamedServicesEntry + (*MethodSettings_LongRunning)(nil), // 20: google.api.MethodSettings.LongRunning + (api.LaunchStage)(0), // 21: google.api.LaunchStage + (*durationpb.Duration)(nil), // 22: google.protobuf.Duration + (*descriptorpb.MethodOptions)(nil), // 23: google.protobuf.MethodOptions + (*descriptorpb.ServiceOptions)(nil), // 24: google.protobuf.ServiceOptions } var file_google_api_client_proto_depIdxs = []int32{ 1, // 0: google.api.CommonLanguageSettings.destinations:type_name -> google.api.ClientLibraryDestination - 19, // 1: google.api.ClientLibrarySettings.launch_stage:type_name -> google.api.LaunchStage - 5, // 2: google.api.ClientLibrarySettings.java_settings:type_name -> google.api.JavaSettings - 6, // 3: google.api.ClientLibrarySettings.cpp_settings:type_name -> google.api.CppSettings - 7, // 4: google.api.ClientLibrarySettings.php_settings:type_name -> google.api.PhpSettings - 8, // 5: google.api.ClientLibrarySettings.python_settings:type_name -> google.api.PythonSettings - 9, // 6: google.api.ClientLibrarySettings.node_settings:type_name -> google.api.NodeSettings - 10, // 7: google.api.ClientLibrarySettings.dotnet_settings:type_name -> google.api.DotnetSettings - 11, // 8: google.api.ClientLibrarySettings.ruby_settings:type_name -> google.api.RubySettings - 12, // 9: google.api.ClientLibrarySettings.go_settings:type_name -> google.api.GoSettings - 13, // 10: google.api.Publishing.method_settings:type_name -> google.api.MethodSettings - 0, // 11: google.api.Publishing.organization:type_name -> google.api.ClientLibraryOrganization - 3, // 12: google.api.Publishing.library_settings:type_name -> google.api.ClientLibrarySettings - 14, // 13: google.api.JavaSettings.service_class_names:type_name -> google.api.JavaSettings.ServiceClassNamesEntry - 2, // 14: google.api.JavaSettings.common:type_name -> google.api.CommonLanguageSettings - 2, // 15: google.api.CppSettings.common:type_name -> google.api.CommonLanguageSettings - 2, // 16: google.api.PhpSettings.common:type_name -> google.api.CommonLanguageSettings - 2, // 17: google.api.PythonSettings.common:type_name -> google.api.CommonLanguageSettings - 15, // 18: google.api.PythonSettings.experimental_features:type_name -> google.api.PythonSettings.ExperimentalFeatures - 2, // 19: google.api.NodeSettings.common:type_name -> google.api.CommonLanguageSettings - 2, // 20: google.api.DotnetSettings.common:type_name -> google.api.CommonLanguageSettings - 16, // 21: google.api.DotnetSettings.renamed_services:type_name -> google.api.DotnetSettings.RenamedServicesEntry - 17, // 22: google.api.DotnetSettings.renamed_resources:type_name -> google.api.DotnetSettings.RenamedResourcesEntry - 2, // 23: google.api.RubySettings.common:type_name -> google.api.CommonLanguageSettings - 2, // 24: google.api.GoSettings.common:type_name -> google.api.CommonLanguageSettings - 18, // 25: google.api.MethodSettings.long_running:type_name -> google.api.MethodSettings.LongRunning - 20, // 26: google.api.MethodSettings.LongRunning.initial_poll_delay:type_name -> google.protobuf.Duration - 20, // 27: google.api.MethodSettings.LongRunning.max_poll_delay:type_name -> google.protobuf.Duration - 20, // 28: google.api.MethodSettings.LongRunning.total_poll_timeout:type_name -> google.protobuf.Duration - 21, // 29: google.api.method_signature:extendee -> google.protobuf.MethodOptions - 22, // 30: google.api.default_host:extendee -> google.protobuf.ServiceOptions - 22, // 31: google.api.oauth_scopes:extendee -> google.protobuf.ServiceOptions - 22, // 32: google.api.api_version:extendee -> google.protobuf.ServiceOptions - 33, // [33:33] is the sub-list for method output_type - 33, // [33:33] is the sub-list for method input_type - 33, // [33:33] is the sub-list for extension type_name - 29, // [29:33] is the sub-list for extension extendee - 0, // [0:29] is the sub-list for field type_name + 14, // 1: google.api.CommonLanguageSettings.selective_gapic_generation:type_name -> google.api.SelectiveGapicGeneration + 21, // 2: google.api.ClientLibrarySettings.launch_stage:type_name -> google.api.LaunchStage + 5, // 3: google.api.ClientLibrarySettings.java_settings:type_name -> google.api.JavaSettings + 6, // 4: google.api.ClientLibrarySettings.cpp_settings:type_name -> google.api.CppSettings + 7, // 5: google.api.ClientLibrarySettings.php_settings:type_name -> google.api.PhpSettings + 8, // 6: google.api.ClientLibrarySettings.python_settings:type_name -> google.api.PythonSettings + 9, // 7: google.api.ClientLibrarySettings.node_settings:type_name -> google.api.NodeSettings + 10, // 8: google.api.ClientLibrarySettings.dotnet_settings:type_name -> google.api.DotnetSettings + 11, // 9: google.api.ClientLibrarySettings.ruby_settings:type_name -> google.api.RubySettings + 12, // 10: google.api.ClientLibrarySettings.go_settings:type_name -> google.api.GoSettings + 13, // 11: google.api.Publishing.method_settings:type_name -> google.api.MethodSettings + 0, // 12: google.api.Publishing.organization:type_name -> google.api.ClientLibraryOrganization + 3, // 13: google.api.Publishing.library_settings:type_name -> google.api.ClientLibrarySettings + 15, // 14: google.api.JavaSettings.service_class_names:type_name -> google.api.JavaSettings.ServiceClassNamesEntry + 2, // 15: google.api.JavaSettings.common:type_name -> google.api.CommonLanguageSettings + 2, // 16: google.api.CppSettings.common:type_name -> google.api.CommonLanguageSettings + 2, // 17: google.api.PhpSettings.common:type_name -> google.api.CommonLanguageSettings + 2, // 18: google.api.PythonSettings.common:type_name -> google.api.CommonLanguageSettings + 16, // 19: google.api.PythonSettings.experimental_features:type_name -> google.api.PythonSettings.ExperimentalFeatures + 2, // 20: google.api.NodeSettings.common:type_name -> google.api.CommonLanguageSettings + 2, // 21: google.api.DotnetSettings.common:type_name -> google.api.CommonLanguageSettings + 17, // 22: google.api.DotnetSettings.renamed_services:type_name -> google.api.DotnetSettings.RenamedServicesEntry + 18, // 23: google.api.DotnetSettings.renamed_resources:type_name -> google.api.DotnetSettings.RenamedResourcesEntry + 2, // 24: google.api.RubySettings.common:type_name -> google.api.CommonLanguageSettings + 2, // 25: google.api.GoSettings.common:type_name -> google.api.CommonLanguageSettings + 19, // 26: google.api.GoSettings.renamed_services:type_name -> google.api.GoSettings.RenamedServicesEntry + 20, // 27: google.api.MethodSettings.long_running:type_name -> google.api.MethodSettings.LongRunning + 22, // 28: google.api.MethodSettings.LongRunning.initial_poll_delay:type_name -> google.protobuf.Duration + 22, // 29: google.api.MethodSettings.LongRunning.max_poll_delay:type_name -> google.protobuf.Duration + 22, // 30: google.api.MethodSettings.LongRunning.total_poll_timeout:type_name -> google.protobuf.Duration + 23, // 31: google.api.method_signature:extendee -> google.protobuf.MethodOptions + 24, // 32: google.api.default_host:extendee -> google.protobuf.ServiceOptions + 24, // 33: google.api.oauth_scopes:extendee -> google.protobuf.ServiceOptions + 24, // 34: google.api.api_version:extendee -> google.protobuf.ServiceOptions + 35, // [35:35] is the sub-list for method output_type + 35, // [35:35] is the sub-list for method input_type + 35, // [35:35] is the sub-list for extension type_name + 31, // [31:35] is the sub-list for extension extendee + 0, // [0:31] is the sub-list for field type_name } func init() { file_google_api_client_proto_init() } @@ -1892,7 +2009,19 @@ func file_google_api_client_proto_init() { return nil } } - file_google_api_client_proto_msgTypes[13].Exporter = func(v interface{}, i int) interface{} { + file_google_api_client_proto_msgTypes[12].Exporter = func(v interface{}, i int) interface{} { + switch v := v.(*SelectiveGapicGeneration); i { + case 0: + return &v.state + case 1: + return &v.sizeCache + case 2: + return &v.unknownFields + default: + return nil + } + } + file_google_api_client_proto_msgTypes[14].Exporter = func(v interface{}, i int) interface{} { switch v := v.(*PythonSettings_ExperimentalFeatures); i { case 0: return &v.state @@ -1904,7 +2033,7 @@ func file_google_api_client_proto_init() { return nil } } - file_google_api_client_proto_msgTypes[16].Exporter = func(v interface{}, i int) interface{} { + file_google_api_client_proto_msgTypes[18].Exporter = func(v interface{}, i int) interface{} { switch v := v.(*MethodSettings_LongRunning); i { case 0: return &v.state @@ -1923,7 +2052,7 @@ func file_google_api_client_proto_init() { GoPackagePath: reflect.TypeOf(x{}).PkgPath(), RawDescriptor: file_google_api_client_proto_rawDesc, NumEnums: 2, - NumMessages: 17, + NumMessages: 19, NumExtensions: 4, NumServices: 0, }, diff --git a/vendor/google.golang.org/genproto/googleapis/api/httpbody/httpbody.pb.go b/vendor/google.golang.org/genproto/googleapis/api/httpbody/httpbody.pb.go index e7d3805e3..f388426b0 100644 --- a/vendor/google.golang.org/genproto/googleapis/api/httpbody/httpbody.pb.go +++ b/vendor/google.golang.org/genproto/googleapis/api/httpbody/httpbody.pb.go @@ -159,14 +159,14 @@ var file_google_api_httpbody_proto_rawDesc = []byte{ 0x04, 0x64, 0x61, 0x74, 0x61, 0x12, 0x34, 0x0a, 0x0a, 0x65, 0x78, 0x74, 0x65, 0x6e, 0x73, 0x69, 0x6f, 0x6e, 0x73, 0x18, 0x03, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x14, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2e, 0x41, 0x6e, 0x79, 0x52, - 0x0a, 0x65, 0x78, 0x74, 0x65, 0x6e, 0x73, 0x69, 0x6f, 0x6e, 0x73, 0x42, 0x68, 0x0a, 0x0e, 0x63, + 0x0a, 0x65, 0x78, 0x74, 0x65, 0x6e, 0x73, 0x69, 0x6f, 0x6e, 0x73, 0x42, 0x65, 0x0a, 0x0e, 0x63, 0x6f, 0x6d, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x61, 0x70, 0x69, 0x42, 0x0d, 0x48, 0x74, 0x74, 0x70, 0x42, 0x6f, 0x64, 0x79, 0x50, 0x72, 0x6f, 0x74, 0x6f, 0x50, 0x01, 0x5a, 0x3b, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x67, 0x6f, 0x6c, 0x61, 0x6e, 0x67, 0x2e, 0x6f, 0x72, 0x67, 0x2f, 0x67, 0x65, 0x6e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x2f, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x61, 0x70, 0x69, 0x73, 0x2f, 0x61, 0x70, 0x69, 0x2f, 0x68, 0x74, 0x74, 0x70, 0x62, 0x6f, - 0x64, 0x79, 0x3b, 0x68, 0x74, 0x74, 0x70, 0x62, 0x6f, 0x64, 0x79, 0xf8, 0x01, 0x01, 0xa2, 0x02, - 0x04, 0x47, 0x41, 0x50, 0x49, 0x62, 0x06, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x33, + 0x64, 0x79, 0x3b, 0x68, 0x74, 0x74, 0x70, 0x62, 0x6f, 0x64, 0x79, 0xa2, 0x02, 0x04, 0x47, 0x41, + 0x50, 0x49, 0x62, 0x06, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x33, } var ( diff --git a/vendor/istio.io/api/LICENSE b/vendor/istio.io/api/LICENSE index bb7b19dec..75bfd113b 100644 --- a/vendor/istio.io/api/LICENSE +++ b/vendor/istio.io/api/LICENSE @@ -187,7 +187,7 @@ same "printed page" as the copyright notice for easier identification within third-party archives. - Copyright 2016-2022 Istio Authors + Copyright {yyyy} {name of copyright owner} Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. diff --git a/vendor/istio.io/api/analysis/v1alpha1/message.gen.json b/vendor/istio.io/api/analysis/v1alpha1/message.gen.json deleted file mode 100644 index 70741fd26..000000000 --- a/vendor/istio.io/api/analysis/v1alpha1/message.gen.json +++ /dev/null @@ -1,121 +0,0 @@ -{ - "openapi": "3.0.0", - "info": { - "title": "Describes the structure of messages generated by Istio analyzers.", - "version": "v1alpha1" - }, - "components": { - "schemas": { - "istio.analysis.v1alpha1.AnalysisMessageBase": { - "description": "AnalysisMessageBase describes some common information that is needed for all messages. All information should be static with respect to the error code.", - "type": "object", - "properties": { - "type": { - "$ref": "#/components/schemas/istio.analysis.v1alpha1.AnalysisMessageBase.Type" - }, - "level": { - "$ref": "#/components/schemas/istio.analysis.v1alpha1.AnalysisMessageBase.Level" - }, - "documentationUrl": { - "description": "A url pointing to the Istio documentation for this specific error type. Should be of the form `^http(s)?://(preliminary\\.)?istio.io/docs/reference/config/analysis/` Required.", - "type": "string" - } - } - }, - "istio.analysis.v1alpha1.AnalysisMessageBase.Level": { - "description": "The values here are chosen so that more severe messages get sorted higher, as well as leaving space in between to add more later", - "type": "string", - "enum": [ - "UNKNOWN", - "ERROR", - "WARNING", - "INFO" - ] - }, - "istio.analysis.v1alpha1.AnalysisMessageBase.Type": { - "description": "A unique identifier for the type of message. Name is intended to be human-readable, code is intended to be machine readable. There should be a one-to-one mapping between name and code. (i.e. do not re-use names or codes between message types.)", - "type": "object", - "properties": { - "name": { - "description": "A human-readable name for the message type. e.g. \"InternalError\", \"PodMissingProxy\". This should be the same for all messages of the same type. Required.", - "type": "string" - }, - "code": { - "description": "A 7 character code matching `^IST[0-9]{4}$` intended to uniquely identify the message type. (e.g. \"IST0001\" is mapped to the \"InternalError\" message type.) 0000-0100 are reserved. Required.", - "type": "string" - } - } - }, - "istio.analysis.v1alpha1.AnalysisMessageWeakSchema": { - "description": "AnalysisMessageWeakSchema is the set of information that's needed to define a weakly-typed schema. The purpose of this proto is to provide a mechanism for validating istio/istio/galley/pkg/config/analysis/msg/messages.yaml to make sure that we don't allow committing underspecified types.", - "type": "object", - "properties": { - "messageBase": { - "$ref": "#/components/schemas/istio.analysis.v1alpha1.AnalysisMessageBase" - }, - "description": { - "description": "A human readable description of what the error means. Required.", - "type": "string" - }, - "template": { - "description": "A go-style template string (https://golang.org/pkg/fmt/#hdr-Printing) defining how to combine the args for a particular message into a log line. Required.", - "type": "string" - }, - "args": { - "description": "A description of the arguments for a particular message type", - "type": "array", - "items": { - "$ref": "#/components/schemas/istio.analysis.v1alpha1.AnalysisMessageWeakSchema.ArgType" - } - } - } - }, - "istio.analysis.v1alpha1.AnalysisMessageWeakSchema.ArgType": { - "type": "object", - "properties": { - "name": { - "description": "Required", - "type": "string" - }, - "goType": { - "description": "Required. Should be a golang type, used in code generation. Ideally this will change to a less language-pinned type before this gets out of alpha, but for compatibility with current istio/istio code it's go_type for now.", - "type": "string" - } - } - }, - "istio.analysis.v1alpha1.GenericAnalysisMessage": { - "description": "GenericAnalysisMessage is an instance of an AnalysisMessage defined by a schema, whose metaschema is AnalysisMessageWeakSchema. (Names are hard.) Code should be able to perform validation of arguments as needed by using the message type information to look at the AnalysisMessageWeakSchema and examine the list of args at runtime. Developers can also create stronger-typed versions of GenericAnalysisMessage for well-known and stable message types.", - "type": "object", - "properties": { - "messageBase": { - "$ref": "#/components/schemas/istio.analysis.v1alpha1.AnalysisMessageBase" - }, - "args": { - "description": "Any message-type specific arguments that need to get codified. Optional.", - "type": "object" - }, - "resourcePaths": { - "description": "A list of strings specifying the resource identifiers that were the cause of message generation. A \"path\" here is a (NAMESPACE\\/)?RESOURCETYPE/NAME tuple that uniquely identifies a particular resource. There doesn't seem to be a single concept for this, but this is intuitively taken from https://kubernetes.io/docs/reference/using-api/api-concepts/#standard-api-terminology At least one is required.", - "type": "array", - "items": { - "type": "string" - } - } - } - }, - "istio.analysis.v1alpha1.InternalErrorAnalysisMessage": { - "description": "InternalErrorAnalysisMessage is a strongly-typed message representing some error in Istio code that prevented us from performing analysis at all.", - "type": "object", - "properties": { - "messageBase": { - "$ref": "#/components/schemas/istio.analysis.v1alpha1.AnalysisMessageBase" - }, - "detail": { - "description": "Any detail regarding specifics of the error. Should be human-readable.", - "type": "string" - } - } - } - } - } -} \ No newline at end of file diff --git a/vendor/istio.io/api/analysis/v1alpha1/message.pb.go b/vendor/istio.io/api/analysis/v1alpha1/message.pb.go index 72ec6d494..b6bf587f2 100644 --- a/vendor/istio.io/api/analysis/v1alpha1/message.pb.go +++ b/vendor/istio.io/api/analysis/v1alpha1/message.pb.go @@ -14,7 +14,7 @@ // Code generated by protoc-gen-go. DO NOT EDIT. // versions: -// protoc-gen-go v1.28.1 +// protoc-gen-go v1.35.2 // protoc (unknown) // source: analysis/v1alpha1/message.proto @@ -115,11 +115,9 @@ type AnalysisMessageBase struct { func (x *AnalysisMessageBase) Reset() { *x = AnalysisMessageBase{} - if protoimpl.UnsafeEnabled { - mi := &file_analysis_v1alpha1_message_proto_msgTypes[0] - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - ms.StoreMessageInfo(mi) - } + mi := &file_analysis_v1alpha1_message_proto_msgTypes[0] + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + ms.StoreMessageInfo(mi) } func (x *AnalysisMessageBase) String() string { @@ -130,7 +128,7 @@ func (*AnalysisMessageBase) ProtoMessage() {} func (x *AnalysisMessageBase) ProtoReflect() protoreflect.Message { mi := &file_analysis_v1alpha1_message_proto_msgTypes[0] - if protoimpl.UnsafeEnabled && x != nil { + if x != nil { ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) if ms.LoadMessageInfo() == nil { ms.StoreMessageInfo(mi) @@ -189,11 +187,9 @@ type AnalysisMessageWeakSchema struct { func (x *AnalysisMessageWeakSchema) Reset() { *x = AnalysisMessageWeakSchema{} - if protoimpl.UnsafeEnabled { - mi := &file_analysis_v1alpha1_message_proto_msgTypes[1] - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - ms.StoreMessageInfo(mi) - } + mi := &file_analysis_v1alpha1_message_proto_msgTypes[1] + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + ms.StoreMessageInfo(mi) } func (x *AnalysisMessageWeakSchema) String() string { @@ -204,7 +200,7 @@ func (*AnalysisMessageWeakSchema) ProtoMessage() {} func (x *AnalysisMessageWeakSchema) ProtoReflect() protoreflect.Message { mi := &file_analysis_v1alpha1_message_proto_msgTypes[1] - if protoimpl.UnsafeEnabled && x != nil { + if x != nil { ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) if ms.LoadMessageInfo() == nil { ms.StoreMessageInfo(mi) @@ -273,11 +269,9 @@ type GenericAnalysisMessage struct { func (x *GenericAnalysisMessage) Reset() { *x = GenericAnalysisMessage{} - if protoimpl.UnsafeEnabled { - mi := &file_analysis_v1alpha1_message_proto_msgTypes[2] - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - ms.StoreMessageInfo(mi) - } + mi := &file_analysis_v1alpha1_message_proto_msgTypes[2] + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + ms.StoreMessageInfo(mi) } func (x *GenericAnalysisMessage) String() string { @@ -288,7 +282,7 @@ func (*GenericAnalysisMessage) ProtoMessage() {} func (x *GenericAnalysisMessage) ProtoReflect() protoreflect.Message { mi := &file_analysis_v1alpha1_message_proto_msgTypes[2] - if protoimpl.UnsafeEnabled && x != nil { + if x != nil { ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) if ms.LoadMessageInfo() == nil { ms.StoreMessageInfo(mi) @@ -339,11 +333,9 @@ type InternalErrorAnalysisMessage struct { func (x *InternalErrorAnalysisMessage) Reset() { *x = InternalErrorAnalysisMessage{} - if protoimpl.UnsafeEnabled { - mi := &file_analysis_v1alpha1_message_proto_msgTypes[3] - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - ms.StoreMessageInfo(mi) - } + mi := &file_analysis_v1alpha1_message_proto_msgTypes[3] + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + ms.StoreMessageInfo(mi) } func (x *InternalErrorAnalysisMessage) String() string { @@ -354,7 +346,7 @@ func (*InternalErrorAnalysisMessage) ProtoMessage() {} func (x *InternalErrorAnalysisMessage) ProtoReflect() protoreflect.Message { mi := &file_analysis_v1alpha1_message_proto_msgTypes[3] - if protoimpl.UnsafeEnabled && x != nil { + if x != nil { ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) if ms.LoadMessageInfo() == nil { ms.StoreMessageInfo(mi) @@ -404,11 +396,9 @@ type AnalysisMessageBase_Type struct { func (x *AnalysisMessageBase_Type) Reset() { *x = AnalysisMessageBase_Type{} - if protoimpl.UnsafeEnabled { - mi := &file_analysis_v1alpha1_message_proto_msgTypes[4] - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - ms.StoreMessageInfo(mi) - } + mi := &file_analysis_v1alpha1_message_proto_msgTypes[4] + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + ms.StoreMessageInfo(mi) } func (x *AnalysisMessageBase_Type) String() string { @@ -419,7 +409,7 @@ func (*AnalysisMessageBase_Type) ProtoMessage() {} func (x *AnalysisMessageBase_Type) ProtoReflect() protoreflect.Message { mi := &file_analysis_v1alpha1_message_proto_msgTypes[4] - if protoimpl.UnsafeEnabled && x != nil { + if x != nil { ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) if ms.LoadMessageInfo() == nil { ms.StoreMessageInfo(mi) @@ -464,11 +454,9 @@ type AnalysisMessageWeakSchema_ArgType struct { func (x *AnalysisMessageWeakSchema_ArgType) Reset() { *x = AnalysisMessageWeakSchema_ArgType{} - if protoimpl.UnsafeEnabled { - mi := &file_analysis_v1alpha1_message_proto_msgTypes[5] - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - ms.StoreMessageInfo(mi) - } + mi := &file_analysis_v1alpha1_message_proto_msgTypes[5] + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + ms.StoreMessageInfo(mi) } func (x *AnalysisMessageWeakSchema_ArgType) String() string { @@ -479,7 +467,7 @@ func (*AnalysisMessageWeakSchema_ArgType) ProtoMessage() {} func (x *AnalysisMessageWeakSchema_ArgType) ProtoReflect() protoreflect.Message { mi := &file_analysis_v1alpha1_message_proto_msgTypes[5] - if protoimpl.UnsafeEnabled && x != nil { + if x != nil { ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) if ms.LoadMessageInfo() == nil { ms.StoreMessageInfo(mi) @@ -595,7 +583,7 @@ func file_analysis_v1alpha1_message_proto_rawDescGZIP() []byte { var file_analysis_v1alpha1_message_proto_enumTypes = make([]protoimpl.EnumInfo, 1) var file_analysis_v1alpha1_message_proto_msgTypes = make([]protoimpl.MessageInfo, 6) -var file_analysis_v1alpha1_message_proto_goTypes = []interface{}{ +var file_analysis_v1alpha1_message_proto_goTypes = []any{ (AnalysisMessageBase_Level)(0), // 0: istio.analysis.v1alpha1.AnalysisMessageBase.Level (*AnalysisMessageBase)(nil), // 1: istio.analysis.v1alpha1.AnalysisMessageBase (*AnalysisMessageWeakSchema)(nil), // 2: istio.analysis.v1alpha1.AnalysisMessageWeakSchema @@ -625,80 +613,6 @@ func file_analysis_v1alpha1_message_proto_init() { if File_analysis_v1alpha1_message_proto != nil { return } - if !protoimpl.UnsafeEnabled { - file_analysis_v1alpha1_message_proto_msgTypes[0].Exporter = func(v interface{}, i int) interface{} { - switch v := v.(*AnalysisMessageBase); i { - case 0: - return &v.state - case 1: - return &v.sizeCache - case 2: - return &v.unknownFields - default: - return nil - } - } - file_analysis_v1alpha1_message_proto_msgTypes[1].Exporter = func(v interface{}, i int) interface{} { - switch v := v.(*AnalysisMessageWeakSchema); i { - case 0: - return &v.state - case 1: - return &v.sizeCache - case 2: - return &v.unknownFields - default: - return nil - } - } - file_analysis_v1alpha1_message_proto_msgTypes[2].Exporter = func(v interface{}, i int) interface{} { - switch v := v.(*GenericAnalysisMessage); i { - case 0: - return &v.state - case 1: - return &v.sizeCache - case 2: - return &v.unknownFields - default: - return nil - } - } - file_analysis_v1alpha1_message_proto_msgTypes[3].Exporter = func(v interface{}, i int) interface{} { - switch v := v.(*InternalErrorAnalysisMessage); i { - case 0: - return &v.state - case 1: - return &v.sizeCache - case 2: - return &v.unknownFields - default: - return nil - } - } - file_analysis_v1alpha1_message_proto_msgTypes[4].Exporter = func(v interface{}, i int) interface{} { - switch v := v.(*AnalysisMessageBase_Type); i { - case 0: - return &v.state - case 1: - return &v.sizeCache - case 2: - return &v.unknownFields - default: - return nil - } - } - file_analysis_v1alpha1_message_proto_msgTypes[5].Exporter = func(v interface{}, i int) interface{} { - switch v := v.(*AnalysisMessageWeakSchema_ArgType); i { - case 0: - return &v.state - case 1: - return &v.sizeCache - case 2: - return &v.unknownFields - default: - return nil - } - } - } type x struct{} out := protoimpl.TypeBuilder{ File: protoimpl.DescBuilder{ diff --git a/vendor/istio.io/api/analysis/v1alpha1/message.pb.html b/vendor/istio.io/api/analysis/v1alpha1/message.pb.html index bd53f75ea..15e8b13c7 100644 --- a/vendor/istio.io/api/analysis/v1alpha1/message.pb.html +++ b/vendor/istio.io/api/analysis/v1alpha1/message.pb.html @@ -18,334 +18,290 @@

AnalysisMessageBase

Field -Type Description -Required -type -Type +
type
+
Type
+
- -No - -level -Level +
level
+
Level
+

Represents how severe a message is. Required.

- - -No -documentationUrl -string +
documentationUrl
+
string
+

A url pointing to the Istio documentation for this specific error type. Should be of the form ^http(s)?://(preliminary\.)?istio.io/docs/reference/config/analysis/ Required.

- - -No -

AnalysisMessageWeakSchema

+

Type

-

AnalysisMessageWeakSchema is the set of information that’s needed to define a -weakly-typed schema. The purpose of this proto is to provide a mechanism for -validating istio/istio/galley/pkg/config/analysis/msg/messages.yaml to make -sure that we don’t allow committing underspecified types.

+

A unique identifier for the type of message. Name is intended to be +human-readable, code is intended to be machine readable. There should be a +one-to-one mapping between name and code. (i.e. do not re-use names or +codes between message types.)

- - - - - - - - - - - - - - - - - + + - - - - + + -
FieldType DescriptionRequired
messageBaseAnalysisMessageBase -

Required

- -		 -No -
descriptionstring -

A human readable description of what the error means. Required.

- -		 -No -
templatestring
name
+
string
+
 -

A go-style template string (https://golang.org/pkg/fmt/#hdr-Printing) -defining how to combine the args for a particular message into a log line. +

A human-readable name for the message type. e.g. “InternalError”, +“PodMissingProxy”. This should be the same for all messages of the same type. Required.

-		 -No
argsArgType[]
code
+
string
+
 -

A description of the arguments for a particular message type

+

A 7 character code matching ^IST[0-9]{4}$ intended to uniquely identify +the message type. (e.g. “IST0001” is mapped to the “InternalError” message +type.) 0000-0100 are reserved. Required.

-		 -No
-

GenericAnalysisMessage

+

Level

-

GenericAnalysisMessage is an instance of an AnalysisMessage defined by a -schema, whose metaschema is AnalysisMessageWeakSchema. (Names are hard.) Code -should be able to perform validation of arguments as needed by using the -message type information to look at the AnalysisMessageWeakSchema and examine the -list of args at runtime. Developers can also create stronger-typed versions -of GenericAnalysisMessage for well-known and stable message types.

+

The values here are chosen so that more severe messages get sorted higher, +as well as leaving space in between to add more later

- +
- - + - - - - + + - - - - - + + - - - + + + + +
FieldTypeName DescriptionRequired
messageBaseAnalysisMessageBase
UNKNOWN -

Required

+

invalid, but included for proto compatibility for 0 values

-		 -No
argsStruct -

Any message-type specific arguments that need to get codified. Optional.

- -
ERROR -No
resourcePathsstring[]
WARNING -

A list of strings specifying the resource identifiers that were the cause -of message generation. A “path” here is a (NAMESPACE/)?RESOURCETYPE/NAME -tuple that uniquely identifies a particular resource. There doesn’t seem to -be a single concept for this, but this is intuitively taken from -https://kubernetes.io/docs/reference/using-api/api-concepts/#standard-api-terminology -At least one is required.

-
INFO -No
-

InternalErrorAnalysisMessage

+

AnalysisMessageWeakSchema

-

InternalErrorAnalysisMessage is a strongly-typed message representing some -error in Istio code that prevented us from performing analysis at all.

+

AnalysisMessageWeakSchema is the set of information that’s needed to define a +weakly-typed schema. The purpose of this proto is to provide a mechanism for +validating istio/istio/galley/pkg/config/analysis/msg/messages.yaml to make +sure that we don’t allow committing underspecified types.

- - - - - + + + + + - - - + + + + +
FieldType DescriptionRequired
messageBaseAnalysisMessageBase
messageBase
+
AnalysisMessageBase
+

Required

description
+
string
+
 -No +

A human readable description of what the error means. Required.

+
detailstring
template
+
string
+
 -

Any detail regarding specifics of the error. Should be human-readable.

+

A go-style template string (https://golang.org/pkg/fmt/#hdr-Printing) +defining how to combine the args for a particular message into a log line. +Required.

args
+
ArgType[]
+
 -No +

A description of the arguments for a particular message type

+
-

AnalysisMessageBase.Type

+

ArgType

-

A unique identifier for the type of message. Name is intended to be -human-readable, code is intended to be machine readable. There should be a -one-to-one mapping between name and code. (i.e. do not re-use names or -codes between message types.)

- - - - - - + + - - - - + + -
FieldType DescriptionRequired
namestring
name
+
string
+
 -

A human-readable name for the message type. e.g. “InternalError”, -“PodMissingProxy”. This should be the same for all messages of the same type. -Required.

+

Required

-		 -No
codestring
goType
+
string
+
 -

A 7 character code matching ^IST[0-9]{4}$ intended to uniquely identify -the message type. (e.g. “IST0001” is mapped to the “InternalError” message -type.) 0000-0100 are reserved. Required.

+

Should be a golang type, used in code generation. +Ideally this will change to a less language-pinned type before this gets +out of alpha, but for compatibility with current istio/istio code it’s +go_type for now.

-		 -No
-

AnalysisMessageWeakSchema.ArgType

+

GenericAnalysisMessage

+

GenericAnalysisMessage is an instance of an AnalysisMessage defined by a +schema, whose metaschema is AnalysisMessageWeakSchema. (Names are hard.) Code +should be able to perform validation of arguments as needed by using the +message type information to look at the AnalysisMessageWeakSchema and examine the +list of args at runtime. Developers can also create stronger-typed versions +of GenericAnalysisMessage for well-known and stable message types.

+ - - - - - + + - - - - + + + + +
FieldType DescriptionRequired
namestring
messageBase
+
AnalysisMessageBase
+

Required

-		 -No
goTypestring
args
+
Struct
+
 -

Required. Should be a golang type, used in code generation. -Ideally this will change to a less language-pinned type before this gets -out of alpha, but for compatibility with current istio/istio code it’s -go_type for now.

+

Any message-type specific arguments that need to get codified. Optional.

resourcePaths
+
string[]
+
 -No +

A list of strings specifying the resource identifiers that were the cause +of message generation. A “path” here is a (NAMESPACE/)?RESOURCETYPE/NAME +tuple that uniquely identifies a particular resource. There doesn’t seem to +be a single concept for this, but this is intuitively taken from +https://kubernetes.io/docs/reference/using-api/api-concepts/#standard-api-terminology +At least one is required.

+
-

AnalysisMessageBase.Level

+

InternalErrorAnalysisMessage

-

The values here are chosen so that more severe messages get sorted higher, -as well as leaving space in between to add more later

+

InternalErrorAnalysisMessage is a strongly-typed message representing some +error in Istio code that prevented us from performing analysis at all.

- +
- + - - + + - - - - - - - - - - + + diff --git a/vendor/istio.io/api/analysis/v1alpha1/message_deepcopy.gen.go b/vendor/istio.io/api/analysis/v1alpha1/message_deepcopy.gen.go index 3d0a97919..5419f20bb 100644 --- a/vendor/istio.io/api/analysis/v1alpha1/message_deepcopy.gen.go +++ b/vendor/istio.io/api/analysis/v1alpha1/message_deepcopy.gen.go @@ -2,7 +2,7 @@ package v1alpha1 import ( - proto "github.com/golang/protobuf/proto" + proto "google.golang.org/protobuf/proto" ) // DeepCopyInto supports using AnalysisMessageBase within kubernetes types, where deepcopy-gen is used. diff --git a/vendor/istio.io/api/meta/v1alpha1/status.gen.json b/vendor/istio.io/api/meta/v1alpha1/status.gen.json deleted file mode 100644 index 25156b1c1..000000000 --- a/vendor/istio.io/api/meta/v1alpha1/status.gen.json +++ /dev/null @@ -1,106 +0,0 @@ -{ - "openapi": "3.0.0", - "info": { - "title": "Common status field for all istio collections.", - "version": "v1alpha1" - }, - "components": { - "schemas": { - "istio.analysis.v1alpha1.AnalysisMessageBase": { - "description": "AnalysisMessageBase describes some common information that is needed for all messages. All information should be static with respect to the error code.", - "type": "object", - "properties": { - "type": { - "$ref": "#/components/schemas/istio.analysis.v1alpha1.AnalysisMessageBase.Type" - }, - "level": { - "$ref": "#/components/schemas/istio.analysis.v1alpha1.AnalysisMessageBase.Level" - }, - "documentationUrl": { - "description": "A url pointing to the Istio documentation for this specific error type. Should be of the form `^http(s)?://(preliminary\\.)?istio.io/docs/reference/config/analysis/` Required.", - "type": "string" - } - } - }, - "istio.analysis.v1alpha1.AnalysisMessageBase.Level": { - "description": "The values here are chosen so that more severe messages get sorted higher, as well as leaving space in between to add more later", - "type": "string", - "enum": [ - "UNKNOWN", - "ERROR", - "WARNING", - "INFO" - ] - }, - "istio.analysis.v1alpha1.AnalysisMessageBase.Type": { - "description": "A unique identifier for the type of message. Name is intended to be human-readable, code is intended to be machine readable. There should be a one-to-one mapping between name and code. (i.e. do not re-use names or codes between message types.)", - "type": "object", - "properties": { - "name": { - "description": "A human-readable name for the message type. e.g. \"InternalError\", \"PodMissingProxy\". This should be the same for all messages of the same type. Required.", - "type": "string" - }, - "code": { - "description": "A 7 character code matching `^IST[0-9]{4}$` intended to uniquely identify the message type. (e.g. \"IST0001\" is mapped to the \"InternalError\" message type.) 0000-0100 are reserved. Required.", - "type": "string" - } - } - }, - "istio.meta.v1alpha1.IstioCondition": { - "type": "object", - "properties": { - "type": { - "description": "Type is the type of the condition.", - "type": "string" - }, - "status": { - "description": "Status is the status of the condition. Can be True, False, Unknown.", - "type": "string" - }, - "lastProbeTime": { - "description": "Last time we probed the condition. +optional", - "type": "string", - "format": "date-time" - }, - "lastTransitionTime": { - "description": "Last time the condition transitioned from one status to another. +optional", - "type": "string", - "format": "date-time" - }, - "reason": { - "description": "Unique, one-word, CamelCase reason for the condition's last transition. +optional", - "type": "string" - }, - "message": { - "description": "Human-readable message indicating details about last transition. +optional", - "type": "string" - } - } - }, - "istio.meta.v1alpha1.IstioStatus": { - "type": "object", - "properties": { - "conditions": { - "description": "Current service state of pod. More info: https://istio.io/docs/reference/config/config-status/ +optional +patchMergeKey=type +patchStrategy=merge", - "type": "array", - "items": { - "$ref": "#/components/schemas/istio.meta.v1alpha1.IstioCondition" - } - }, - "validationMessages": { - "description": "Includes any errors or warnings detected by Istio's analyzers. +optional +patchMergeKey=type +patchStrategy=merge", - "type": "array", - "items": { - "$ref": "#/components/schemas/istio.analysis.v1alpha1.AnalysisMessageBase" - } - }, - "observedGeneration": { - "description": "Resource Generation to which the Reconciled Condition refers. When this value is not equal to the object's metadata generation, reconciled condition calculation for the current generation is still in progress. See https://istio.io/latest/docs/reference/config/config-status/ for more info. +optional", - "type": "integer", - "format": "int64" - } - } - } - } - } -} \ No newline at end of file diff --git a/vendor/istio.io/api/meta/v1alpha1/status.pb.go b/vendor/istio.io/api/meta/v1alpha1/status.pb.go index 47ed2b0fd..fe09bd415 100644 --- a/vendor/istio.io/api/meta/v1alpha1/status.pb.go +++ b/vendor/istio.io/api/meta/v1alpha1/status.pb.go @@ -14,7 +14,7 @@ // Code generated by protoc-gen-go. DO NOT EDIT. // versions: -// protoc-gen-go v1.28.1 +// protoc-gen-go v1.35.2 // protoc (unknown) // source: meta/v1alpha1/status.proto @@ -45,7 +45,7 @@ type IstioStatus struct { sizeCache protoimpl.SizeCache unknownFields protoimpl.UnknownFields - // Current service state of pod. + // Current service state of the resource. // More info: https://istio.io/docs/reference/config/config-status/ // +optional // +patchMergeKey=type @@ -56,20 +56,21 @@ type IstioStatus struct { // +patchMergeKey=type // +patchStrategy=merge ValidationMessages []*v1alpha1.AnalysisMessageBase `protobuf:"bytes,2,rep,name=validation_messages,json=validationMessages,proto3" json:"validation_messages,omitempty"` + // $hide_from_docs + // Deprecated. IstioCondition observed_generation will show the resource generation for which the condition was generated. // Resource Generation to which the Reconciled Condition refers. // When this value is not equal to the object's metadata generation, reconciled condition calculation for the current // generation is still in progress. See https://istio.io/latest/docs/reference/config/config-status/ for more info. // +optional + // +protoc-gen-crd:validation:XIntOrString ObservedGeneration int64 `protobuf:"varint,3,opt,name=observed_generation,json=observedGeneration,proto3" json:"observed_generation,omitempty"` } func (x *IstioStatus) Reset() { *x = IstioStatus{} - if protoimpl.UnsafeEnabled { - mi := &file_meta_v1alpha1_status_proto_msgTypes[0] - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - ms.StoreMessageInfo(mi) - } + mi := &file_meta_v1alpha1_status_proto_msgTypes[0] + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + ms.StoreMessageInfo(mi) } func (x *IstioStatus) String() string { @@ -80,7 +81,7 @@ func (*IstioStatus) ProtoMessage() {} func (x *IstioStatus) ProtoReflect() protoreflect.Message { mi := &file_meta_v1alpha1_status_proto_msgTypes[0] - if protoimpl.UnsafeEnabled && x != nil { + if x != nil { ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) if ms.LoadMessageInfo() == nil { ms.StoreMessageInfo(mi) @@ -138,15 +139,17 @@ type IstioCondition struct { // Human-readable message indicating details about last transition. // +optional Message string `protobuf:"bytes,6,opt,name=message,proto3" json:"message,omitempty"` + // Resource Generation to which the Condition refers. + // +optional + // +protoc-gen-crd:validation:XIntOrString + ObservedGeneration int64 `protobuf:"varint,7,opt,name=observed_generation,json=observedGeneration,proto3" json:"observed_generation,omitempty"` } func (x *IstioCondition) Reset() { *x = IstioCondition{} - if protoimpl.UnsafeEnabled { - mi := &file_meta_v1alpha1_status_proto_msgTypes[1] - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - ms.StoreMessageInfo(mi) - } + mi := &file_meta_v1alpha1_status_proto_msgTypes[1] + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + ms.StoreMessageInfo(mi) } func (x *IstioCondition) String() string { @@ -157,7 +160,7 @@ func (*IstioCondition) ProtoMessage() {} func (x *IstioCondition) ProtoReflect() protoreflect.Message { mi := &file_meta_v1alpha1_status_proto_msgTypes[1] - if protoimpl.UnsafeEnabled && x != nil { + if x != nil { ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) if ms.LoadMessageInfo() == nil { ms.StoreMessageInfo(mi) @@ -214,6 +217,13 @@ func (x *IstioCondition) GetMessage() string { return "" } +func (x *IstioCondition) GetObservedGeneration() int64 { + if x != nil { + return x.ObservedGeneration + } + return 0 +} + var File_meta_v1alpha1_status_proto protoreflect.FileDescriptor var file_meta_v1alpha1_status_proto_rawDesc = []byte{ @@ -238,7 +248,7 @@ var file_meta_v1alpha1_status_proto_rawDesc = []byte{ 0x65, 0x73, 0x73, 0x61, 0x67, 0x65, 0x73, 0x12, 0x2f, 0x0a, 0x13, 0x6f, 0x62, 0x73, 0x65, 0x72, 0x76, 0x65, 0x64, 0x5f, 0x67, 0x65, 0x6e, 0x65, 0x72, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x18, 0x03, 0x20, 0x01, 0x28, 0x03, 0x52, 0x12, 0x6f, 0x62, 0x73, 0x65, 0x72, 0x76, 0x65, 0x64, 0x47, 0x65, - 0x6e, 0x65, 0x72, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x22, 0x80, 0x02, 0x0a, 0x0e, 0x49, 0x73, 0x74, + 0x6e, 0x65, 0x72, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x22, 0xb1, 0x02, 0x0a, 0x0e, 0x49, 0x73, 0x74, 0x69, 0x6f, 0x43, 0x6f, 0x6e, 0x64, 0x69, 0x74, 0x69, 0x6f, 0x6e, 0x12, 0x12, 0x0a, 0x04, 0x74, 0x79, 0x70, 0x65, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x04, 0x74, 0x79, 0x70, 0x65, 0x12, 0x16, 0x0a, 0x06, 0x73, 0x74, 0x61, 0x74, 0x75, 0x73, 0x18, 0x02, 0x20, 0x01, 0x28, 0x09, 0x52, @@ -254,10 +264,13 @@ var file_meta_v1alpha1_status_proto_rawDesc = []byte{ 0x69, 0x74, 0x69, 0x6f, 0x6e, 0x54, 0x69, 0x6d, 0x65, 0x12, 0x16, 0x0a, 0x06, 0x72, 0x65, 0x61, 0x73, 0x6f, 0x6e, 0x18, 0x05, 0x20, 0x01, 0x28, 0x09, 0x52, 0x06, 0x72, 0x65, 0x61, 0x73, 0x6f, 0x6e, 0x12, 0x18, 0x0a, 0x07, 0x6d, 0x65, 0x73, 0x73, 0x61, 0x67, 0x65, 0x18, 0x06, 0x20, 0x01, - 0x28, 0x09, 0x52, 0x07, 0x6d, 0x65, 0x73, 0x73, 0x61, 0x67, 0x65, 0x42, 0x1c, 0x5a, 0x1a, 0x69, - 0x73, 0x74, 0x69, 0x6f, 0x2e, 0x69, 0x6f, 0x2f, 0x61, 0x70, 0x69, 0x2f, 0x6d, 0x65, 0x74, 0x61, - 0x2f, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x31, 0x62, 0x06, 0x70, 0x72, 0x6f, 0x74, 0x6f, - 0x33, + 0x28, 0x09, 0x52, 0x07, 0x6d, 0x65, 0x73, 0x73, 0x61, 0x67, 0x65, 0x12, 0x2f, 0x0a, 0x13, 0x6f, + 0x62, 0x73, 0x65, 0x72, 0x76, 0x65, 0x64, 0x5f, 0x67, 0x65, 0x6e, 0x65, 0x72, 0x61, 0x74, 0x69, + 0x6f, 0x6e, 0x18, 0x07, 0x20, 0x01, 0x28, 0x03, 0x52, 0x12, 0x6f, 0x62, 0x73, 0x65, 0x72, 0x76, + 0x65, 0x64, 0x47, 0x65, 0x6e, 0x65, 0x72, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x42, 0x1c, 0x5a, 0x1a, + 0x69, 0x73, 0x74, 0x69, 0x6f, 0x2e, 0x69, 0x6f, 0x2f, 0x61, 0x70, 0x69, 0x2f, 0x6d, 0x65, 0x74, + 0x61, 0x2f, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x31, 0x62, 0x06, 0x70, 0x72, 0x6f, 0x74, + 0x6f, 0x33, } var ( @@ -273,7 +286,7 @@ func file_meta_v1alpha1_status_proto_rawDescGZIP() []byte { } var file_meta_v1alpha1_status_proto_msgTypes = make([]protoimpl.MessageInfo, 2) -var file_meta_v1alpha1_status_proto_goTypes = []interface{}{ +var file_meta_v1alpha1_status_proto_goTypes = []any{ (*IstioStatus)(nil), // 0: istio.meta.v1alpha1.IstioStatus (*IstioCondition)(nil), // 1: istio.meta.v1alpha1.IstioCondition (*v1alpha1.AnalysisMessageBase)(nil), // 2: istio.analysis.v1alpha1.AnalysisMessageBase @@ -296,32 +309,6 @@ func file_meta_v1alpha1_status_proto_init() { if File_meta_v1alpha1_status_proto != nil { return } - if !protoimpl.UnsafeEnabled { - file_meta_v1alpha1_status_proto_msgTypes[0].Exporter = func(v interface{}, i int) interface{} { - switch v := v.(*IstioStatus); i { - case 0: - return &v.state - case 1: - return &v.sizeCache - case 2: - return &v.unknownFields - default: - return nil - } - } - file_meta_v1alpha1_status_proto_msgTypes[1].Exporter = func(v interface{}, i int) interface{} { - switch v := v.(*IstioCondition); i { - case 0: - return &v.state - case 1: - return &v.sizeCache - case 2: - return &v.unknownFields - default: - return nil - } - } - } type x struct{} out := protoimpl.TypeBuilder{ File: protoimpl.DescBuilder{ diff --git a/vendor/istio.io/api/meta/v1alpha1/status.pb.html b/vendor/istio.io/api/meta/v1alpha1/status.pb.html index 8f7e1ae54..0479c5a36 100644 --- a/vendor/istio.io/api/meta/v1alpha1/status.pb.html +++ b/vendor/istio.io/api/meta/v1alpha1/status.pb.html @@ -12,53 +12,27 @@

IstioStatus

- - - - + - - - + - - - - - - - @@ -70,81 +44,72 @@

IstioCondition

- - - - + - - - + - - - + - - - + - - - + - - - + + + + diff --git a/vendor/istio.io/api/meta/v1alpha1/status.proto b/vendor/istio.io/api/meta/v1alpha1/status.proto index 402bad14f..67d204ecf 100644 --- a/vendor/istio.io/api/meta/v1alpha1/status.proto +++ b/vendor/istio.io/api/meta/v1alpha1/status.proto @@ -26,7 +26,7 @@ package istio.meta.v1alpha1; option go_package="istio.io/api/meta/v1alpha1"; message IstioStatus { - // Current service state of pod. + // Current service state of the resource. // More info: https://istio.io/docs/reference/config/config-status/ // +optional // +patchMergeKey=type @@ -39,10 +39,13 @@ message IstioStatus { // +patchStrategy=merge repeated analysis.v1alpha1.AnalysisMessageBase validation_messages = 2; + // $hide_from_docs + // Deprecated. IstioCondition observed_generation will show the resource generation for which the condition was generated. // Resource Generation to which the Reconciled Condition refers. // When this value is not equal to the object's metadata generation, reconciled condition calculation for the current // generation is still in progress. See https://istio.io/latest/docs/reference/config/config-status/ for more info. // +optional + // +protoc-gen-crd:validation:XIntOrString int64 observed_generation = 3; } @@ -69,4 +72,9 @@ message IstioCondition { // Human-readable message indicating details about last transition. // +optional string message = 6; + + // Resource Generation to which the Condition refers. + // +optional + // +protoc-gen-crd:validation:XIntOrString + int64 observed_generation = 7; } diff --git a/vendor/istio.io/api/meta/v1alpha1/status_deepcopy.gen.go b/vendor/istio.io/api/meta/v1alpha1/status_deepcopy.gen.go index bfbd1cf7f..9b850cca9 100644 --- a/vendor/istio.io/api/meta/v1alpha1/status_deepcopy.gen.go +++ b/vendor/istio.io/api/meta/v1alpha1/status_deepcopy.gen.go @@ -2,7 +2,7 @@ package v1alpha1 import ( - proto "github.com/golang/protobuf/proto" + proto "google.golang.org/protobuf/proto" ) // DeepCopyInto supports using IstioStatus within kubernetes types, where deepcopy-gen is used. diff --git a/vendor/istio.io/api/networking/v1beta1/destination_rule.pb.go b/vendor/istio.io/api/networking/v1alpha3/destination_rule.pb.go similarity index 54% rename from vendor/istio.io/api/networking/v1beta1/destination_rule.pb.go rename to vendor/istio.io/api/networking/v1alpha3/destination_rule.pb.go index b58d35441..83b7dfe92 100644 --- a/vendor/istio.io/api/networking/v1beta1/destination_rule.pb.go +++ b/vendor/istio.io/api/networking/v1alpha3/destination_rule.pb.go @@ -1,4 +1,4 @@ -// Copyright 2020 Istio Authors +// Copyright 2018 Istio Authors // // Licensed under the Apache License, Version 2.0 (the "License"); // you may not use this file except in compliance with the License. @@ -14,16 +14,15 @@ // Code generated by protoc-gen-go. DO NOT EDIT. // versions: -// protoc-gen-go v1.28.1 +// protoc-gen-go v1.35.2 // protoc (unknown) -// source: networking/v1beta1/destination_rule.proto +// source: networking/v1alpha3/destination_rule.proto -// $schema: istio.networking.v1beta1.DestinationRule +// $schema: istio.networking.v1alpha3.DestinationRule // $title: Destination Rule // $description: Configuration affecting load balancing, outlier detection, etc. // $location: https://istio.io/docs/reference/config/networking/destination-rule.html -// $aliases: [/docs/reference/config/networking/v1beta1/destination-rule] -// $mode: none +// $aliases: [/docs/reference/config/networking/v1alpha3/destination-rule] // `DestinationRule` defines policies that apply to traffic intended for a // service after routing has occurred. These rules specify configuration @@ -32,10 +31,8 @@ // balancing pool. For example, a simple load balancing policy for the // ratings service would look as follows: // -// {{}} -// {{}} // ```yaml -// apiVersion: networking.istio.io/v1alpha3 +// apiVersion: networking.istio.io/v1 // kind: DestinationRule // metadata: // name: bookinfo-ratings @@ -45,22 +42,6 @@ // loadBalancer: // simple: LEAST_REQUEST // ``` -// {{}} -// -// {{}} -// ```yaml -// apiVersion: networking.istio.io/v1beta1 -// kind: DestinationRule -// metadata: -// name: bookinfo-ratings -// spec: -// host: ratings.prod.svc.cluster.local -// trafficPolicy: -// loadBalancer: -// simple: LEAST_REQUEST -// ``` -// {{}} -// {{}} // // Version specific policies can be specified by defining a named // `subset` and overriding the settings specified at the service level. The @@ -68,31 +49,8 @@ // going to a subset named testversion that is composed of endpoints (e.g., // pods) with labels (version:v3). // -// {{}} -// {{}} -// ```yaml -// apiVersion: networking.istio.io/v1alpha3 -// kind: DestinationRule -// metadata: -// name: bookinfo-ratings -// spec: -// host: ratings.prod.svc.cluster.local -// trafficPolicy: -// loadBalancer: -// simple: LEAST_REQUEST -// subsets: -// - name: testversion -// labels: -// version: v3 -// trafficPolicy: -// loadBalancer: -// simple: ROUND_ROBIN -// ``` -// {{}} -// -// {{}} // ```yaml -// apiVersion: networking.istio.io/v1beta1 +// apiVersion: networking.istio.io/v1 // kind: DestinationRule // metadata: // name: bookinfo-ratings @@ -109,8 +67,6 @@ // loadBalancer: // simple: ROUND_ROBIN // ``` -// {{}} -// {{}} // // **Note:** Policies specified for subsets will not take effect until // a route rule explicitly sends traffic to this subset. @@ -120,10 +76,8 @@ // traffic to port 80, while uses a round robin load balancing setting for // traffic to the port 9080. // -// {{}} -// {{}} // ```yaml -// apiVersion: networking.istio.io/v1alpha3 +// apiVersion: networking.istio.io/v1 // kind: DestinationRule // metadata: // name: bookinfo-ratings-port @@ -140,32 +94,33 @@ // loadBalancer: // simple: ROUND_ROBIN // ``` -// {{}} // -// {{}} +// Destination Rules can be customized to specific workloads as well. +// The following example shows how a destination rule can be applied to a +// specific workload using the workloadSelector configuration. +// // ```yaml -// apiVersion: networking.istio.io/v1beta1 +// apiVersion: networking.istio.io/v1 // kind: DestinationRule // metadata: -// name: bookinfo-ratings-port +// name: configure-client-mtls-dr-with-workloadselector // spec: -// host: ratings.prod.svc.cluster.local -// trafficPolicy: # Apply to all ports +// host: example.com +// workloadSelector: +// matchLabels: +// app: ratings +// trafficPolicy: +// loadBalancer: +// simple: ROUND_ROBIN // portLevelSettings: // - port: -// number: 80 -// loadBalancer: -// simple: LEAST_REQUEST -// - port: -// number: 9080 -// loadBalancer: -// simple: ROUND_ROBIN +// number: 31443 +// tls: +// credentialName: client-credential +// mode: MUTUAL // ``` -// {{}} -// {{}} -// -package v1beta1 +package v1alpha3 import ( duration "github.com/golang/protobuf/ptypes/duration" @@ -185,6 +140,55 @@ const ( _ = protoimpl.EnforceVersion(protoimpl.MaxVersion - 20) ) +type TrafficPolicy_ProxyProtocol_VERSION int32 + +const ( + // ⁣PROXY protocol version 1. Human readable format. + TrafficPolicy_ProxyProtocol_V1 TrafficPolicy_ProxyProtocol_VERSION = 0 + // ⁣PROXY protocol version 2. Binary format. + TrafficPolicy_ProxyProtocol_V2 TrafficPolicy_ProxyProtocol_VERSION = 1 +) + +// Enum value maps for TrafficPolicy_ProxyProtocol_VERSION. +var ( + TrafficPolicy_ProxyProtocol_VERSION_name = map[int32]string{ + 0: "V1", + 1: "V2", + } + TrafficPolicy_ProxyProtocol_VERSION_value = map[string]int32{ + "V1": 0, + "V2": 1, + } +) + +func (x TrafficPolicy_ProxyProtocol_VERSION) Enum() *TrafficPolicy_ProxyProtocol_VERSION { + p := new(TrafficPolicy_ProxyProtocol_VERSION) + *p = x + return p +} + +func (x TrafficPolicy_ProxyProtocol_VERSION) String() string { + return protoimpl.X.EnumStringOf(x.Descriptor(), protoreflect.EnumNumber(x)) +} + +func (TrafficPolicy_ProxyProtocol_VERSION) Descriptor() protoreflect.EnumDescriptor { + return file_networking_v1alpha3_destination_rule_proto_enumTypes[0].Descriptor() +} + +func (TrafficPolicy_ProxyProtocol_VERSION) Type() protoreflect.EnumType { + return &file_networking_v1alpha3_destination_rule_proto_enumTypes[0] +} + +func (x TrafficPolicy_ProxyProtocol_VERSION) Number() protoreflect.EnumNumber { + return protoreflect.EnumNumber(x) +} + +// Deprecated: Use TrafficPolicy_ProxyProtocol_VERSION.Descriptor instead. +func (TrafficPolicy_ProxyProtocol_VERSION) EnumDescriptor() ([]byte, []int) { + return file_networking_v1alpha3_destination_rule_proto_rawDescGZIP(), []int{1, 2, 0} +} + +// +kubebuilder:validation:XValidation:message="only one of warmupDurationSecs or warmup can be set",rule="(has(self.warmupDurationSecs)?1:0)+(has(self.warmup)?1:0)<=1" // Standard load balancing algorithms that require no tuning. type LoadBalancerSettings_SimpleLB int32 @@ -194,7 +198,7 @@ const ( LoadBalancerSettings_UNSPECIFIED LoadBalancerSettings_SimpleLB = 0 // Deprecated. Use LEAST_REQUEST instead. // - // Deprecated: Do not use. + // Deprecated: Marked as deprecated in networking/v1alpha3/destination_rule.proto. LoadBalancerSettings_LEAST_CONN LoadBalancerSettings_SimpleLB = 1 // The random load balancer selects a random healthy host. The random // load balancer generally performs better than round robin if no health @@ -207,7 +211,7 @@ const ( // Envoy for further details. LoadBalancerSettings_PASSTHROUGH LoadBalancerSettings_SimpleLB = 3 // A basic round robin load balancing policy. This is generally unsafe - // for many scenarios (e.g. when enpoint weighting is used) as it can + // for many scenarios (e.g. when endpoint weighting is used) as it can // overburden endpoints. In general, prefer to use LEAST_REQUEST as a // drop-in replacement for ROUND_ROBIN. LoadBalancerSettings_ROUND_ROBIN LoadBalancerSettings_SimpleLB = 4 @@ -249,11 +253,11 @@ func (x LoadBalancerSettings_SimpleLB) String() string { } func (LoadBalancerSettings_SimpleLB) Descriptor() protoreflect.EnumDescriptor { - return file_networking_v1beta1_destination_rule_proto_enumTypes[0].Descriptor() + return file_networking_v1alpha3_destination_rule_proto_enumTypes[1].Descriptor() } func (LoadBalancerSettings_SimpleLB) Type() protoreflect.EnumType { - return &file_networking_v1beta1_destination_rule_proto_enumTypes[0] + return &file_networking_v1alpha3_destination_rule_proto_enumTypes[1] } func (x LoadBalancerSettings_SimpleLB) Number() protoreflect.EnumNumber { @@ -262,7 +266,7 @@ func (x LoadBalancerSettings_SimpleLB) Number() protoreflect.EnumNumber { // Deprecated: Use LoadBalancerSettings_SimpleLB.Descriptor instead. func (LoadBalancerSettings_SimpleLB) EnumDescriptor() ([]byte, []int) { - return file_networking_v1beta1_destination_rule_proto_rawDescGZIP(), []int{3, 0} + return file_networking_v1alpha3_destination_rule_proto_rawDescGZIP(), []int{3, 0} } // Policy for upgrading http1.1 connections to http2. @@ -304,11 +308,11 @@ func (x ConnectionPoolSettings_HTTPSettings_H2UpgradePolicy) String() string { } func (ConnectionPoolSettings_HTTPSettings_H2UpgradePolicy) Descriptor() protoreflect.EnumDescriptor { - return file_networking_v1beta1_destination_rule_proto_enumTypes[1].Descriptor() + return file_networking_v1alpha3_destination_rule_proto_enumTypes[2].Descriptor() } func (ConnectionPoolSettings_HTTPSettings_H2UpgradePolicy) Type() protoreflect.EnumType { - return &file_networking_v1beta1_destination_rule_proto_enumTypes[1] + return &file_networking_v1alpha3_destination_rule_proto_enumTypes[2] } func (x ConnectionPoolSettings_HTTPSettings_H2UpgradePolicy) Number() protoreflect.EnumNumber { @@ -317,7 +321,7 @@ func (x ConnectionPoolSettings_HTTPSettings_H2UpgradePolicy) Number() protorefle // Deprecated: Use ConnectionPoolSettings_HTTPSettings_H2UpgradePolicy.Descriptor instead. func (ConnectionPoolSettings_HTTPSettings_H2UpgradePolicy) EnumDescriptor() ([]byte, []int) { - return file_networking_v1beta1_destination_rule_proto_rawDescGZIP(), []int{4, 1, 0} + return file_networking_v1alpha3_destination_rule_proto_rawDescGZIP(), []int{5, 1, 0} } // TLS connection mode @@ -366,11 +370,11 @@ func (x ClientTLSSettings_TLSmode) String() string { } func (ClientTLSSettings_TLSmode) Descriptor() protoreflect.EnumDescriptor { - return file_networking_v1beta1_destination_rule_proto_enumTypes[2].Descriptor() + return file_networking_v1alpha3_destination_rule_proto_enumTypes[3].Descriptor() } func (ClientTLSSettings_TLSmode) Type() protoreflect.EnumType { - return &file_networking_v1beta1_destination_rule_proto_enumTypes[2] + return &file_networking_v1alpha3_destination_rule_proto_enumTypes[3] } func (x ClientTLSSettings_TLSmode) Number() protoreflect.EnumNumber { @@ -379,7 +383,7 @@ func (x ClientTLSSettings_TLSmode) Number() protoreflect.EnumNumber { // Deprecated: Use ClientTLSSettings_TLSmode.Descriptor instead. func (ClientTLSSettings_TLSmode) EnumDescriptor() ([]byte, []int) { - return file_networking_v1beta1_destination_rule_proto_rawDescGZIP(), []int{6, 0} + return file_networking_v1alpha3_destination_rule_proto_rawDescGZIP(), []int{7, 0} } // DestinationRule defines policies that apply to traffic intended for a service @@ -387,7 +391,7 @@ func (ClientTLSSettings_TLSmode) EnumDescriptor() ([]byte, []int) { // // -// type DestinationRule struct { state protoimpl.MessageState sizeCache protoimpl.SizeCache @@ -426,9 +427,9 @@ type DestinationRule struct { // the short name based on the namespace of the rule, not the service. A // rule in the "default" namespace containing a host "reviews" will be // interpreted as "reviews.default.svc.cluster.local", irrespective of - // the actual namespace associated with the reviews service. _To avoid + // the actual namespace associated with the reviews service. To avoid // potential misconfigurations, it is recommended to always use fully - // qualified domain names over short names._ + // qualified domain names over short names. // // Note that the host field applies to both HTTP and TCP services. Host string `protobuf:"bytes,1,opt,name=host,proto3" json:"host,omitempty"` @@ -466,11 +467,9 @@ type DestinationRule struct { func (x *DestinationRule) Reset() { *x = DestinationRule{} - if protoimpl.UnsafeEnabled { - mi := &file_networking_v1beta1_destination_rule_proto_msgTypes[0] - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - ms.StoreMessageInfo(mi) - } + mi := &file_networking_v1alpha3_destination_rule_proto_msgTypes[0] + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + ms.StoreMessageInfo(mi) } func (x *DestinationRule) String() string { @@ -480,8 +479,8 @@ func (x *DestinationRule) String() string { func (*DestinationRule) ProtoMessage() {} func (x *DestinationRule) ProtoReflect() protoreflect.Message { - mi := &file_networking_v1beta1_destination_rule_proto_msgTypes[0] - if protoimpl.UnsafeEnabled && x != nil { + mi := &file_networking_v1alpha3_destination_rule_proto_msgTypes[0] + if x != nil { ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) if ms.LoadMessageInfo() == nil { ms.StoreMessageInfo(mi) @@ -493,7 +492,7 @@ func (x *DestinationRule) ProtoReflect() protoreflect.Message { // Deprecated: Use DestinationRule.ProtoReflect.Descriptor instead. func (*DestinationRule) Descriptor() ([]byte, []int) { - return file_networking_v1beta1_destination_rule_proto_rawDescGZIP(), []int{0} + return file_networking_v1alpha3_destination_rule_proto_rawDescGZIP(), []int{0} } func (x *DestinationRule) GetHost() string { @@ -551,20 +550,21 @@ type TrafficPolicy struct { // settings specified at the destination-level will not be inherited when // overridden by port-level settings, i.e. default values will be applied // to fields omitted in port-level traffic policies. + // +kubebuilder:validation:MaxItems=4096 PortLevelSettings []*TrafficPolicy_PortTrafficPolicy `protobuf:"bytes,5,rep,name=port_level_settings,json=portLevelSettings,proto3" json:"port_level_settings,omitempty"` // Configuration of tunneling TCP over other transport or application layers // for the host configured in the DestinationRule. // Tunnel settings can be applied to TCP or TLS routes and can't be applied to HTTP routes. Tunnel *TrafficPolicy_TunnelSettings `protobuf:"bytes,6,opt,name=tunnel,proto3" json:"tunnel,omitempty"` + // The upstream PROXY protocol settings. + ProxyProtocol *TrafficPolicy_ProxyProtocol `protobuf:"bytes,7,opt,name=proxy_protocol,json=proxyProtocol,proto3" json:"proxy_protocol,omitempty"` } func (x *TrafficPolicy) Reset() { *x = TrafficPolicy{} - if protoimpl.UnsafeEnabled { - mi := &file_networking_v1beta1_destination_rule_proto_msgTypes[1] - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - ms.StoreMessageInfo(mi) - } + mi := &file_networking_v1alpha3_destination_rule_proto_msgTypes[1] + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + ms.StoreMessageInfo(mi) } func (x *TrafficPolicy) String() string { @@ -574,8 +574,8 @@ func (x *TrafficPolicy) String() string { func (*TrafficPolicy) ProtoMessage() {} func (x *TrafficPolicy) ProtoReflect() protoreflect.Message { - mi := &file_networking_v1beta1_destination_rule_proto_msgTypes[1] - if protoimpl.UnsafeEnabled && x != nil { + mi := &file_networking_v1alpha3_destination_rule_proto_msgTypes[1] + if x != nil { ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) if ms.LoadMessageInfo() == nil { ms.StoreMessageInfo(mi) @@ -587,7 +587,7 @@ func (x *TrafficPolicy) ProtoReflect() protoreflect.Message { // Deprecated: Use TrafficPolicy.ProtoReflect.Descriptor instead. func (*TrafficPolicy) Descriptor() ([]byte, []int) { - return file_networking_v1beta1_destination_rule_proto_rawDescGZIP(), []int{1} + return file_networking_v1alpha3_destination_rule_proto_rawDescGZIP(), []int{1} } func (x *TrafficPolicy) GetLoadBalancer() *LoadBalancerSettings { @@ -632,6 +632,13 @@ func (x *TrafficPolicy) GetTunnel() *TrafficPolicy_TunnelSettings { return nil } +func (x *TrafficPolicy) GetProxyProtocol() *TrafficPolicy_ProxyProtocol { + if x != nil { + return x.ProxyProtocol + } + return nil +} + // A subset of endpoints of a service. Subsets can be used for scenarios // like A/B testing, or routing to a specific version of a service. Refer // to [VirtualService](https://istio.io/docs/reference/config/networking/virtual-service/#VirtualService) documentation for examples of using @@ -641,35 +648,8 @@ func (x *TrafficPolicy) GetTunnel() *TrafficPolicy_TunnelSettings { // subset named testversion that is composed of endpoints (e.g., pods) with // labels (version:v3). // -// {{}} -// {{}} -// ```yaml -// apiVersion: networking.istio.io/v1alpha3 -// kind: DestinationRule -// metadata: -// -// name: bookinfo-ratings -// -// spec: -// -// host: ratings.prod.svc.cluster.local -// trafficPolicy: -// loadBalancer: -// simple: LEAST_REQUEST -// subsets: -// - name: testversion -// labels: -// version: v3 -// trafficPolicy: -// loadBalancer: -// simple: ROUND_ROBIN -// -// ``` -// {{}} -// -// {{}} // ```yaml -// apiVersion: networking.istio.io/v1beta1 +// apiVersion: networking.istio.io/v1 // kind: DestinationRule // metadata: // @@ -690,8 +670,6 @@ func (x *TrafficPolicy) GetTunnel() *TrafficPolicy_TunnelSettings { // simple: ROUND_ROBIN // // ``` -// {{}} -// {{}} // // **Note:** Policies specified for subsets will not take effect until // a route rule explicitly sends traffic to this subset. @@ -721,11 +699,9 @@ type Subset struct { func (x *Subset) Reset() { *x = Subset{} - if protoimpl.UnsafeEnabled { - mi := &file_networking_v1beta1_destination_rule_proto_msgTypes[2] - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - ms.StoreMessageInfo(mi) - } + mi := &file_networking_v1alpha3_destination_rule_proto_msgTypes[2] + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + ms.StoreMessageInfo(mi) } func (x *Subset) String() string { @@ -735,8 +711,8 @@ func (x *Subset) String() string { func (*Subset) ProtoMessage() {} func (x *Subset) ProtoReflect() protoreflect.Message { - mi := &file_networking_v1beta1_destination_rule_proto_msgTypes[2] - if protoimpl.UnsafeEnabled && x != nil { + mi := &file_networking_v1alpha3_destination_rule_proto_msgTypes[2] + if x != nil { ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) if ms.LoadMessageInfo() == nil { ms.StoreMessageInfo(mi) @@ -748,7 +724,7 @@ func (x *Subset) ProtoReflect() protoreflect.Message { // Deprecated: Use Subset.ProtoReflect.Descriptor instead. func (*Subset) Descriptor() ([]byte, []int) { - return file_networking_v1beta1_destination_rule_proto_rawDescGZIP(), []int{2} + return file_networking_v1alpha3_destination_rule_proto_rawDescGZIP(), []int{2} } func (x *Subset) GetName() string { @@ -780,10 +756,8 @@ func (x *Subset) GetTrafficPolicy() *TrafficPolicy { // For example, the following rule uses a round robin load balancing policy // for all traffic going to the ratings service. // -// {{}} -// {{}} // ```yaml -// apiVersion: networking.istio.io/v1alpha3 +// apiVersion: networking.istio.io/v1 // kind: DestinationRule // metadata: // @@ -797,56 +771,13 @@ func (x *Subset) GetTrafficPolicy() *TrafficPolicy { // simple: ROUND_ROBIN // // ``` -// {{}} -// -// {{}} -// ```yaml -// apiVersion: networking.istio.io/v1beta1 -// kind: DestinationRule -// metadata: -// -// name: bookinfo-ratings -// -// spec: -// -// host: ratings.prod.svc.cluster.local -// trafficPolicy: -// loadBalancer: -// simple: ROUND_ROBIN -// -// ``` -// {{}} -// {{}} // // The following example sets up sticky sessions for the ratings service // hashing-based load balancer for the same ratings service using the // the User cookie as the hash key. // -// {{}} -// {{}} -// ```yaml -// apiVersion: networking.istio.io/v1alpha3 -// kind: DestinationRule -// metadata: -// -// name: bookinfo-ratings -// -// spec: -// -// host: ratings.prod.svc.cluster.local -// trafficPolicy: -// loadBalancer: -// consistentHash: -// httpCookie: -// name: user -// ttl: 0s -// -// ``` -// {{}} -// -// {{}} // ```yaml -// apiVersion: networking.istio.io/v1beta1 +// apiVersion: networking.istio.io/v1 // kind: DestinationRule // metadata: // @@ -863,8 +794,6 @@ func (x *Subset) GetTrafficPolicy() *TrafficPolicy { // ttl: 0s // // ``` -// {{}} -// {{}} type LoadBalancerSettings struct { state protoimpl.MessageState sizeCache protoimpl.SizeCache @@ -877,24 +806,27 @@ type LoadBalancerSettings struct { // *LoadBalancerSettings_Simple // *LoadBalancerSettings_ConsistentHash LbPolicy isLoadBalancerSettings_LbPolicy `protobuf_oneof:"lb_policy"` - // Locality load balancer settings, this will override mesh wide settings in entirety, meaning no merging would be performed + // Locality load balancer settings, this will override mesh-wide settings in entirety, meaning no merging would be performed // between this object and the object one in MeshConfig LocalityLbSetting *LocalityLoadBalancerSetting `protobuf:"bytes,3,opt,name=locality_lb_setting,json=localityLbSetting,proto3" json:"locality_lb_setting,omitempty"` - // Represents the warmup duration of Service. If set, the newly created endpoint of service + // Deprecated: use `warmup` instead. + WarmupDurationSecs *duration.Duration `protobuf:"bytes,4,opt,name=warmup_duration_secs,json=warmupDurationSecs,proto3" json:"warmup_duration_secs,omitempty"` + // Represents the warmup configuration of Service. If set, the newly created endpoint of service // remains in warmup mode starting from its creation time for the duration of this window and // Istio progressively increases amount of traffic for that endpoint instead of sending proportional amount of traffic. // This should be enabled for services that require warm up time to serve full production load with reasonable latency. + // Please note that this is most effective when few new endpoints come up like scale event in Kubernetes. When all the + // endpoints are relatively new like new deployment, this is not very effective as all endpoints end up getting same + // amount of requests. // Currently this is only supported for ROUND_ROBIN and LEAST_REQUEST load balancers. - WarmupDurationSecs *duration.Duration `protobuf:"bytes,4,opt,name=warmup_duration_secs,json=warmupDurationSecs,proto3" json:"warmup_duration_secs,omitempty"` + Warmup *WarmupConfiguration `protobuf:"bytes,5,opt,name=warmup,proto3" json:"warmup,omitempty"` } func (x *LoadBalancerSettings) Reset() { *x = LoadBalancerSettings{} - if protoimpl.UnsafeEnabled { - mi := &file_networking_v1beta1_destination_rule_proto_msgTypes[3] - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - ms.StoreMessageInfo(mi) - } + mi := &file_networking_v1alpha3_destination_rule_proto_msgTypes[3] + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + ms.StoreMessageInfo(mi) } func (x *LoadBalancerSettings) String() string { @@ -904,8 +836,8 @@ func (x *LoadBalancerSettings) String() string { func (*LoadBalancerSettings) ProtoMessage() {} func (x *LoadBalancerSettings) ProtoReflect() protoreflect.Message { - mi := &file_networking_v1beta1_destination_rule_proto_msgTypes[3] - if protoimpl.UnsafeEnabled && x != nil { + mi := &file_networking_v1alpha3_destination_rule_proto_msgTypes[3] + if x != nil { ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) if ms.LoadMessageInfo() == nil { ms.StoreMessageInfo(mi) @@ -917,7 +849,7 @@ func (x *LoadBalancerSettings) ProtoReflect() protoreflect.Message { // Deprecated: Use LoadBalancerSettings.ProtoReflect.Descriptor instead. func (*LoadBalancerSettings) Descriptor() ([]byte, []int) { - return file_networking_v1beta1_destination_rule_proto_rawDescGZIP(), []int{3} + return file_networking_v1alpha3_destination_rule_proto_rawDescGZIP(), []int{3} } func (m *LoadBalancerSettings) GetLbPolicy() isLoadBalancerSettings_LbPolicy { @@ -955,12 +887,19 @@ func (x *LoadBalancerSettings) GetWarmupDurationSecs() *duration.Duration { return nil } +func (x *LoadBalancerSettings) GetWarmup() *WarmupConfiguration { + if x != nil { + return x.Warmup + } + return nil +} + type isLoadBalancerSettings_LbPolicy interface { isLoadBalancerSettings_LbPolicy() } type LoadBalancerSettings_Simple struct { - Simple LoadBalancerSettings_SimpleLB `protobuf:"varint,1,opt,name=simple,proto3,enum=istio.networking.v1beta1.LoadBalancerSettings_SimpleLB,oneof"` + Simple LoadBalancerSettings_SimpleLB `protobuf:"varint,1,opt,name=simple,proto3,enum=istio.networking.v1alpha3.LoadBalancerSettings_SimpleLB,oneof"` } type LoadBalancerSettings_ConsistentHash struct { @@ -971,6 +910,76 @@ func (*LoadBalancerSettings_Simple) isLoadBalancerSettings_LbPolicy() {} func (*LoadBalancerSettings_ConsistentHash) isLoadBalancerSettings_LbPolicy() {} +type WarmupConfiguration struct { + state protoimpl.MessageState + sizeCache protoimpl.SizeCache + unknownFields protoimpl.UnknownFields + + // Duration of warmup mode + Duration *duration.Duration `protobuf:"bytes,1,opt,name=duration,proto3" json:"duration,omitempty"` + // Configures the minimum percentage of origin weight + // If unspecified, defaults to 10 + // +kubebuilder:validation:Maximum=100 + // +kubebuilder:validation:Minimum=0 + MinimumPercent *wrappers.DoubleValue `protobuf:"bytes,2,opt,name=minimum_percent,json=minimumPercent,proto3" json:"minimum_percent,omitempty"` + // This parameter controls the speed of traffic increase over the warmup duration. Defaults to 1.0, so that endpoints would + // get linearly increasing amount of traffic. When increasing the value for this parameter, + // the speed of traffic ramp-up increases non-linearly. + // +kubebuilder:validation:Minimum=1 + Aggression *wrappers.DoubleValue `protobuf:"bytes,3,opt,name=aggression,proto3" json:"aggression,omitempty"` +} + +func (x *WarmupConfiguration) Reset() { + *x = WarmupConfiguration{} + mi := &file_networking_v1alpha3_destination_rule_proto_msgTypes[4] + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + ms.StoreMessageInfo(mi) +} + +func (x *WarmupConfiguration) String() string { + return protoimpl.X.MessageStringOf(x) +} + +func (*WarmupConfiguration) ProtoMessage() {} + +func (x *WarmupConfiguration) ProtoReflect() protoreflect.Message { + mi := &file_networking_v1alpha3_destination_rule_proto_msgTypes[4] + if x != nil { + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + if ms.LoadMessageInfo() == nil { + ms.StoreMessageInfo(mi) + } + return ms + } + return mi.MessageOf(x) +} + +// Deprecated: Use WarmupConfiguration.ProtoReflect.Descriptor instead. +func (*WarmupConfiguration) Descriptor() ([]byte, []int) { + return file_networking_v1alpha3_destination_rule_proto_rawDescGZIP(), []int{4} +} + +func (x *WarmupConfiguration) GetDuration() *duration.Duration { + if x != nil { + return x.Duration + } + return nil +} + +func (x *WarmupConfiguration) GetMinimumPercent() *wrappers.DoubleValue { + if x != nil { + return x.MinimumPercent + } + return nil +} + +func (x *WarmupConfiguration) GetAggression() *wrappers.DoubleValue { + if x != nil { + return x.Aggression + } + return nil +} + // Connection pool settings for an upstream host. The settings apply to // each individual host in the upstream service. See Envoy's [circuit // breaker](https://www.envoyproxy.io/docs/envoy/latest/intro/arch_overview/upstream/circuit_breaking) @@ -980,10 +989,8 @@ func (*LoadBalancerSettings_ConsistentHash) isLoadBalancerSettings_LbPolicy() {} // For example, the following rule sets a limit of 100 connections to redis // service called myredissrv with a connect timeout of 30ms // -// {{}} -// {{}} // ```yaml -// apiVersion: networking.istio.io/v1alpha3 +// apiVersion: networking.istio.io/v1 // kind: DestinationRule // metadata: // @@ -1002,31 +1009,6 @@ func (*LoadBalancerSettings_ConsistentHash) isLoadBalancerSettings_LbPolicy() {} // interval: 75s // // ``` -// {{}} -// -// {{}} -// ```yaml -// apiVersion: networking.istio.io/v1beta1 -// kind: DestinationRule -// metadata: -// -// name: bookinfo-redis -// -// spec: -// -// host: myredissrv.prod.svc.cluster.local -// trafficPolicy: -// connectionPool: -// tcp: -// maxConnections: 100 -// connectTimeout: 30ms -// tcpKeepalive: -// time: 7200s -// interval: 75s -// -// ``` -// {{}} -// {{}} type ConnectionPoolSettings struct { state protoimpl.MessageState sizeCache protoimpl.SizeCache @@ -1040,11 +1022,9 @@ type ConnectionPoolSettings struct { func (x *ConnectionPoolSettings) Reset() { *x = ConnectionPoolSettings{} - if protoimpl.UnsafeEnabled { - mi := &file_networking_v1beta1_destination_rule_proto_msgTypes[4] - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - ms.StoreMessageInfo(mi) - } + mi := &file_networking_v1alpha3_destination_rule_proto_msgTypes[5] + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + ms.StoreMessageInfo(mi) } func (x *ConnectionPoolSettings) String() string { @@ -1054,8 +1034,8 @@ func (x *ConnectionPoolSettings) String() string { func (*ConnectionPoolSettings) ProtoMessage() {} func (x *ConnectionPoolSettings) ProtoReflect() protoreflect.Message { - mi := &file_networking_v1beta1_destination_rule_proto_msgTypes[4] - if protoimpl.UnsafeEnabled && x != nil { + mi := &file_networking_v1alpha3_destination_rule_proto_msgTypes[5] + if x != nil { ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) if ms.LoadMessageInfo() == nil { ms.StoreMessageInfo(mi) @@ -1067,7 +1047,7 @@ func (x *ConnectionPoolSettings) ProtoReflect() protoreflect.Message { // Deprecated: Use ConnectionPoolSettings.ProtoReflect.Descriptor instead. func (*ConnectionPoolSettings) Descriptor() ([]byte, []int) { - return file_networking_v1beta1_destination_rule_proto_rawDescGZIP(), []int{4} + return file_networking_v1alpha3_destination_rule_proto_rawDescGZIP(), []int{5} } func (x *ConnectionPoolSettings) GetTcp() *ConnectionPoolSettings_TCPSettings { @@ -1100,10 +1080,8 @@ func (x *ConnectionPoolSettings) GetHttp() *ConnectionPoolSettings_HTTPSettings // hosts to be scanned every 5 mins so that any host that fails 7 consecutive // times with a 502, 503, or 504 error code will be ejected for 15 minutes. // -// {{}} -// {{}} // ```yaml -// apiVersion: networking.istio.io/v1alpha3 +// apiVersion: networking.istio.io/v1 // kind: DestinationRule // metadata: // @@ -1125,34 +1103,6 @@ func (x *ConnectionPoolSettings) GetHttp() *ConnectionPoolSettings_HTTPSettings // baseEjectionTime: 15m // // ``` -// {{}} -// -// {{}} -// ```yaml -// apiVersion: networking.istio.io/v1beta1 -// kind: DestinationRule -// metadata: -// -// name: reviews-cb-policy -// -// spec: -// -// host: reviews.prod.svc.cluster.local -// trafficPolicy: -// connectionPool: -// tcp: -// maxConnections: 100 -// http: -// http2MaxRequests: 1000 -// maxRequestsPerConnection: 10 -// outlierDetection: -// consecutive5xxErrors: 7 -// interval: 5m -// baseEjectionTime: 15m -// -// ``` -// {{}} -// {{}} type OutlierDetection struct { state protoimpl.MessageState sizeCache protoimpl.SizeCache @@ -1165,19 +1115,19 @@ type OutlierDetection struct { // connection error/failure events qualify as an error. // $hide_from_docs // - // Deprecated: Do not use. + // Deprecated: Marked as deprecated in networking/v1alpha3/destination_rule.proto. ConsecutiveErrors int32 `protobuf:"varint,1,opt,name=consecutive_errors,json=consecutiveErrors,proto3" json:"consecutive_errors,omitempty"` // Determines whether to distinguish local origin failures from external errors. If set to true - // consecutive_local_origin_failure is taken into account for outlier detection calculations. + // `consecutiveLocalOriginFailures` is taken into account for outlier detection calculations. // This should be used when you want to derive the outlier detection status based on the errors // seen locally such as failure to connect, timeout while connecting etc. rather than the status code - // retuned by upstream service. This is especially useful when the upstream service explicitly returns + // returned by upstream service. This is especially useful when the upstream service explicitly returns // a 5xx for some requests and you want to ignore those responses from upstream service while determining // the outlier detection status of a host. // Defaults to false. SplitExternalLocalOriginErrors bool `protobuf:"varint,8,opt,name=split_external_local_origin_errors,json=splitExternalLocalOriginErrors,proto3" json:"split_external_local_origin_errors,omitempty"` // The number of consecutive locally originated failures before ejection - // occurs. Defaults to 5. Parameter takes effect only when split_external_local_origin_errors + // occurs. Defaults to 5. Parameter takes effect only when `splitExternalLocalOriginErrors` // is set to true. ConsecutiveLocalOriginFailures *wrappers.UInt32Value `protobuf:"bytes,9,opt,name=consecutive_local_origin_failures,json=consecutiveLocalOriginFailures,proto3" json:"consecutive_local_origin_failures,omitempty"` // Number of gateway errors before a host is ejected from the connection pool. @@ -1187,11 +1137,11 @@ type OutlierDetection struct { // events qualify as a gateway error. // This feature is disabled by default or when set to the value 0. // - // Note that consecutive_gateway_errors and consecutive_5xx_errors can be + // Note that `consecutiveGatewayErrors` and `consecutive5xxErrors` can be // used separately or together. Because the errors counted by - // consecutive_gateway_errors are also included in consecutive_5xx_errors, - // if the value of consecutive_gateway_errors is greater than or equal to - // the value of consecutive_5xx_errors, consecutive_gateway_errors will have + // `consecutiveGatewayErrors` are also included in `consecutive5xxErrors`, + // if the value of `consecutiveGatewayErrors` is greater than or equal to + // the value of `consecutive5xxErrors`, `consecutiveGatewayErrors` will have // no effect. ConsecutiveGatewayErrors *wrappers.UInt32Value `protobuf:"bytes,6,opt,name=consecutive_gateway_errors,json=consecutiveGatewayErrors,proto3" json:"consecutive_gateway_errors,omitempty"` // Number of 5xx errors before a host is ejected from the connection pool. @@ -1200,27 +1150,27 @@ type OutlierDetection struct { // 5xx error. // This feature defaults to 5 but can be disabled by setting the value to 0. // - // Note that consecutive_gateway_errors and consecutive_5xx_errors can be + // Note that `consecutiveGatewayErrors` and `consecutive5xxErrors` can be // used separately or together. Because the errors counted by - // consecutive_gateway_errors are also included in consecutive_5xx_errors, - // if the value of consecutive_gateway_errors is greater than or equal to - // the value of consecutive_5xx_errors, consecutive_gateway_errors will have + // `consecutiveGatewayErrors` are also included in `consecutive5xxErrors`, + // if the value of `consecutiveGatewayErrors` is greater than or equal to + // the value of `consecutive5xxErrors`, `consecutiveGatewayErrors` will have // no effect. Consecutive_5XxErrors *wrappers.UInt32Value `protobuf:"bytes,7,opt,name=consecutive_5xx_errors,json=consecutive5xxErrors,proto3" json:"consecutive_5xx_errors,omitempty"` // Time interval between ejection sweep analysis. format: - // 1h/1m/1s/1ms. MUST BE >=1ms. Default is 10s. + // 1h/1m/1s/1ms. MUST be >=1ms. Default is 10s. Interval *duration.Duration `protobuf:"bytes,2,opt,name=interval,proto3" json:"interval,omitempty"` // Minimum ejection duration. A host will remain ejected for a period // equal to the product of minimum ejection duration and the number of // times the host has been ejected. This technique allows the system to // automatically increase the ejection period for unhealthy upstream - // servers. format: 1h/1m/1s/1ms. MUST BE >=1ms. Default is 30s. + // servers. format: 1h/1m/1s/1ms. MUST be >=1ms. Default is 30s. BaseEjectionTime *duration.Duration `protobuf:"bytes,3,opt,name=base_ejection_time,json=baseEjectionTime,proto3" json:"base_ejection_time,omitempty"` // Maximum % of hosts in the load balancing pool for the upstream // service that can be ejected. Defaults to 10%. MaxEjectionPercent int32 `protobuf:"varint,4,opt,name=max_ejection_percent,json=maxEjectionPercent,proto3" json:"max_ejection_percent,omitempty"` // Outlier detection will be enabled as long as the associated load balancing - // pool has at least min_health_percent hosts in healthy mode. When the + // pool has at least `minHealthPercent` hosts in healthy mode. When the // percentage of healthy hosts in the load balancing pool drops below this // threshold, outlier detection will be disabled and the proxy will load balance // across all hosts in the pool (healthy and unhealthy). The threshold can be @@ -1231,11 +1181,9 @@ type OutlierDetection struct { func (x *OutlierDetection) Reset() { *x = OutlierDetection{} - if protoimpl.UnsafeEnabled { - mi := &file_networking_v1beta1_destination_rule_proto_msgTypes[5] - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - ms.StoreMessageInfo(mi) - } + mi := &file_networking_v1alpha3_destination_rule_proto_msgTypes[6] + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + ms.StoreMessageInfo(mi) } func (x *OutlierDetection) String() string { @@ -1245,8 +1193,8 @@ func (x *OutlierDetection) String() string { func (*OutlierDetection) ProtoMessage() {} func (x *OutlierDetection) ProtoReflect() protoreflect.Message { - mi := &file_networking_v1beta1_destination_rule_proto_msgTypes[5] - if protoimpl.UnsafeEnabled && x != nil { + mi := &file_networking_v1alpha3_destination_rule_proto_msgTypes[6] + if x != nil { ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) if ms.LoadMessageInfo() == nil { ms.StoreMessageInfo(mi) @@ -1258,10 +1206,10 @@ func (x *OutlierDetection) ProtoReflect() protoreflect.Message { // Deprecated: Use OutlierDetection.ProtoReflect.Descriptor instead. func (*OutlierDetection) Descriptor() ([]byte, []int) { - return file_networking_v1beta1_destination_rule_proto_rawDescGZIP(), []int{5} + return file_networking_v1alpha3_destination_rule_proto_rawDescGZIP(), []int{6} } -// Deprecated: Do not use. +// Deprecated: Marked as deprecated in networking/v1alpha3/destination_rule.proto. func (x *OutlierDetection) GetConsecutiveErrors() int32 { if x != nil { return x.ConsecutiveErrors @@ -1332,31 +1280,8 @@ func (x *OutlierDetection) GetMinHealthPercent() int32 { // For example, the following rule configures a client to use mutual TLS // for connections to upstream database cluster. // -// {{}} -// {{}} -// ```yaml -// apiVersion: networking.istio.io/v1alpha3 -// kind: DestinationRule -// metadata: -// -// name: db-mtls -// -// spec: -// -// host: mydbserver.prod.svc.cluster.local -// trafficPolicy: -// tls: -// mode: MUTUAL -// clientCertificate: /etc/certs/myclientcert.pem -// privateKey: /etc/certs/client_private_key.pem -// caCertificates: /etc/certs/rootcacerts.pem -// -// ``` -// {{}} -// -// {{}} // ```yaml -// apiVersion: networking.istio.io/v1beta1 +// apiVersion: networking.istio.io/v1 // kind: DestinationRule // metadata: // @@ -1373,34 +1298,12 @@ func (x *OutlierDetection) GetMinHealthPercent() int32 { // caCertificates: /etc/certs/rootcacerts.pem // // ``` -// {{}} -// {{}} // // The following rule configures a client to use TLS when talking to a // foreign service whose domain matches *.foo.com. // -// {{}} -// {{}} -// ```yaml -// apiVersion: networking.istio.io/v1alpha3 -// kind: DestinationRule -// metadata: -// -// name: tls-foo -// -// spec: -// -// host: "*.foo.com" -// trafficPolicy: -// tls: -// mode: SIMPLE -// -// ``` -// {{}} -// -// {{}} // ```yaml -// apiVersion: networking.istio.io/v1beta1 +// apiVersion: networking.istio.io/v1 // kind: DestinationRule // metadata: // @@ -1414,16 +1317,12 @@ func (x *OutlierDetection) GetMinHealthPercent() int32 { // mode: SIMPLE // // ``` -// {{}} -// {{}} // // The following rule configures a client to use Istio mutual TLS when talking // to rating services. // -// {{}} -// {{}} // ```yaml -// apiVersion: networking.istio.io/v1alpha3 +// apiVersion: networking.istio.io/v1 // kind: DestinationRule // metadata: // @@ -1437,26 +1336,6 @@ func (x *OutlierDetection) GetMinHealthPercent() int32 { // mode: ISTIO_MUTUAL // // ``` -// {{}} -// -// {{}} -// ```yaml -// apiVersion: networking.istio.io/v1beta1 -// kind: DestinationRule -// metadata: -// -// name: ratings-istio-mtls -// -// spec: -// -// host: ratings.prod.svc.cluster.local -// trafficPolicy: -// tls: -// mode: ISTIO_MUTUAL -// -// ``` -// {{}} -// {{}} type ClientTLSSettings struct { state protoimpl.MessageState sizeCache protoimpl.SizeCache @@ -1464,7 +1343,7 @@ type ClientTLSSettings struct { // Indicates whether connections to this port should be secured // using TLS. The value of this field determines how TLS is enforced. - Mode ClientTLSSettings_TLSmode `protobuf:"varint,1,opt,name=mode,proto3,enum=istio.networking.v1beta1.ClientTLSSettings_TLSmode" json:"mode,omitempty"` + Mode ClientTLSSettings_TLSmode `protobuf:"varint,1,opt,name=mode,proto3,enum=istio.networking.v1alpha3.ClientTLSSettings_TLSmode" json:"mode,omitempty"` // REQUIRED if mode is `MUTUAL`. The path to the file holding the // client-side TLS certificate to use. // Should be empty if mode is `ISTIO_MUTUAL`. @@ -1475,18 +1354,22 @@ type ClientTLSSettings struct { PrivateKey string `protobuf:"bytes,3,opt,name=private_key,json=privateKey,proto3" json:"private_key,omitempty"` // OPTIONAL: The path to the file containing certificate authority // certificates to use in verifying a presented server certificate. If - // omitted, the proxy will not verify the server's certificate. + // omitted, the proxy will verify the server's certificate using + // the OS CA certificates. // Should be empty if mode is `ISTIO_MUTUAL`. CaCertificates string `protobuf:"bytes,4,opt,name=ca_certificates,json=caCertificates,proto3" json:"ca_certificates,omitempty"` // The name of the secret that holds the TLS certs for the - // client including the CA certificates. Secret must exist in the - // same namespace with the proxy using the certificates. - // The secret (of type `generic`)should contain the - // following keys and values: `key: `, - // `cert: `, `cacert: `. + // client including the CA certificates. This secret must exist in + // the namespace of the proxy using the certificates. + // An Opaque secret should contain the following keys and values: + // `key: `, `cert: `, `cacert: `, + // `crl: ` // Here CACertificate is used to verify the server certificate. - // Secret of type tls for client certificates along with - // ca.crt key for CA certificates is also supported. + // For mutual TLS, `cacert: ` can be provided in the + // same secret or a separate secret named `-cacert`. + // A TLS secret for client certificates with an additional + // `ca.crt` key for CA certificates and `ca.crl` key for + // certificate revocation list(CRL) is also supported. // Only one of client certificates and CA certificate // or credentialName can be specified. // @@ -1498,39 +1381,33 @@ type ClientTLSSettings struct { // A list of alternate names to verify the subject identity in the // certificate. If specified, the proxy will verify that the server // certificate's subject alt name matches one of the specified values. - // If specified, this list overrides the value of subject_alt_names - // from the ServiceEntry. If unspecified, automatic validation of upstream + // If specified, this list overrides the value of `subjectAltNames` + // from the `ServiceEntry`. If unspecified, automatic validation of upstream // presented certificate for new upstream connections will be done based on the - // downstream HTTP host/authority header, provided `VERIFY_CERT_AT_CLIENT` - // and `ENABLE_AUTO_SNI` environmental variables are set to `true`. + // downstream HTTP host/authority header. SubjectAltNames []string `protobuf:"bytes,5,rep,name=subject_alt_names,json=subjectAltNames,proto3" json:"subject_alt_names,omitempty"` // SNI string to present to the server during TLS handshake. // If unspecified, SNI will be automatically set based on downstream HTTP - // host/authority header for SIMPLE and MUTUAL TLS modes, provided `ENABLE_AUTO_SNI` - // environmental variable is set to `true`. + // host/authority header for SIMPLE and MUTUAL TLS modes. Sni string `protobuf:"bytes,6,opt,name=sni,proto3" json:"sni,omitempty"` - // InsecureSkipVerify specifies whether the proxy should skip verifying the + // `insecureSkipVerify` specifies whether the proxy should skip verifying the // CA signature and SAN for the server certificate corresponding to the host. - // This flag should only be set if global CA signature verifcation is - // enabled, `VerifyCertAtClient` environmental variable is set to `true`, - // but no verification is desired for a specific host. If enabled with or - // without `VerifyCertAtClient` enabled, verification of the CA signature and - // SAN will be skipped. - // - // `InsecureSkipVerify` is `false` by default. - // `VerifyCertAtClient` is `false` by default in Istio version 1.9 but will - // be `true` by default in a later version where, going forward, it will be - // enabled by default. + // The default value of this field is false. InsecureSkipVerify *wrappers.BoolValue `protobuf:"bytes,8,opt,name=insecure_skip_verify,json=insecureSkipVerify,proto3" json:"insecure_skip_verify,omitempty"` + // OPTIONAL: The path to the file containing the certificate revocation list (CRL) + // to use in verifying a presented server certificate. `CRL` is a list of certificates + // that have been revoked by the CA (Certificate Authority) before their scheduled expiration date. + // If specified, the proxy will verify if the presented certificate is part of the revoked list of certificates. + // If omitted, the proxy will not verify the certificate against the `crl`. Note that if `credentialName` is set, + // `CRL` cannot be specified using `caCrl`, rather it has to be specified inside the credential. + CaCrl string `protobuf:"bytes,9,opt,name=ca_crl,json=caCrl,proto3" json:"ca_crl,omitempty"` } func (x *ClientTLSSettings) Reset() { *x = ClientTLSSettings{} - if protoimpl.UnsafeEnabled { - mi := &file_networking_v1beta1_destination_rule_proto_msgTypes[6] - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - ms.StoreMessageInfo(mi) - } + mi := &file_networking_v1alpha3_destination_rule_proto_msgTypes[7] + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + ms.StoreMessageInfo(mi) } func (x *ClientTLSSettings) String() string { @@ -1540,8 +1417,8 @@ func (x *ClientTLSSettings) String() string { func (*ClientTLSSettings) ProtoMessage() {} func (x *ClientTLSSettings) ProtoReflect() protoreflect.Message { - mi := &file_networking_v1beta1_destination_rule_proto_msgTypes[6] - if protoimpl.UnsafeEnabled && x != nil { + mi := &file_networking_v1alpha3_destination_rule_proto_msgTypes[7] + if x != nil { ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) if ms.LoadMessageInfo() == nil { ms.StoreMessageInfo(mi) @@ -1553,7 +1430,7 @@ func (x *ClientTLSSettings) ProtoReflect() protoreflect.Message { // Deprecated: Use ClientTLSSettings.ProtoReflect.Descriptor instead. func (*ClientTLSSettings) Descriptor() ([]byte, []int) { - return file_networking_v1beta1_destination_rule_proto_rawDescGZIP(), []int{6} + return file_networking_v1alpha3_destination_rule_proto_rawDescGZIP(), []int{7} } func (x *ClientTLSSettings) GetMode() ClientTLSSettings_TLSmode { @@ -1612,6 +1489,13 @@ func (x *ClientTLSSettings) GetInsecureSkipVerify() *wrappers.BoolValue { return nil } +func (x *ClientTLSSettings) GetCaCrl() string { + if x != nil { + return x.CaCrl + } + return "" +} + // Locality-weighted load balancing allows administrators to control the // distribution of traffic to endpoints based on the localities of where the // traffic originates and where it will terminate. These localities are @@ -1620,13 +1504,13 @@ func (x *ClientTLSSettings) GetInsecureSkipVerify() *wrappers.BoolValue { // [Locality Weight](https://www.envoyproxy.io/docs/envoy/latest/intro/arch_overview/upstream/load_balancing/locality_weight) // The following example shows how to setup locality weights mesh-wide. // -// Given a mesh with workloads and their service deployed to "us-west/zone1/*" -// and "us-west/zone2/*". This example specifies that when traffic accessing a -// service originates from workloads in "us-west/zone1/*", 80% of the traffic -// will be sent to endpoints in "us-west/zone1/*", i.e the same zone, and the -// remaining 20% will go to endpoints in "us-west/zone2/*". This setup is +// Given a mesh with workloads and their service deployed to "us-west/zone1/\*" +// and "us-west/zone2/\*". This example specifies that when traffic accessing a +// service originates from workloads in "us-west/zone1/\*", 80% of the traffic +// will be sent to endpoints in "us-west/zone1/\*", i.e the same zone, and the +// remaining 20% will go to endpoints in "us-west/zone2/\*". This setup is // intended to favor routing traffic to endpoints in the same locality. -// A similar setting is specified for traffic originating in "us-west/zone2/*". +// A similar setting is specified for traffic originating in "us-west/zone2/\*". // // ```yaml // @@ -1662,7 +1546,6 @@ func (x *ClientTLSSettings) GetInsecureSkipVerify() *wrappers.BoolValue { // to: us-east // // ``` -// Locality load balancing settings. type LocalityLoadBalancerSetting struct { state protoimpl.MessageState sizeCache protoimpl.SizeCache @@ -1680,12 +1563,23 @@ type LocalityLoadBalancerSetting struct { Failover []*LocalityLoadBalancerSetting_Failover `protobuf:"bytes,2,rep,name=failover,proto3" json:"failover,omitempty"` // failoverPriority is an ordered list of labels used to sort endpoints to do priority based load balancing. // This is to support traffic failover across different groups of endpoints. - // Suppose there are total N labels specified: + // Two kinds of labels can be specified: + // + // - Specify only label keys `[key1, key2, key3]`, istio would compare the label values of client with endpoints. + // Suppose there are total N label keys `[key1, key2, key3, ...keyN]` specified: + // + // 1. Endpoints matching all N labels with the client proxy have priority P(0) i.e. the highest priority. + // 2. Endpoints matching the first N-1 labels with the client proxy have priority P(1) i.e. second highest priority. + // 3. By extension of this logic, endpoints matching only the first label with the client proxy has priority P(N-1) i.e. second lowest priority. + // 4. All the other endpoints have priority P(N) i.e. lowest priority. + // + // - Specify labels with key and value `[key1=value1, key2=value2, key3=value3]`, istio would compare the labels with endpoints. + // Suppose there are total N labels `[key1=value1, key2=value2, key3=value3, ...keyN=valueN]` specified: // - // 1. Endpoints matching all N labels with the client proxy have priority P(0) i.e. the highest priority. - // 2. Endpoints matching the first N-1 labels with the client proxy have priority P(1) i.e. second highest priority. - // 3. By extension of this logic, endpoints matching only the first label with the client proxy has priority P(N-1) i.e. second lowest priority. - // 4. All the other endpoints have priority P(N) i.e. lowest priority. + // 1. Endpoints matching all N labels have priority P(0) i.e. the highest priority. + // 2. Endpoints matching the first N-1 labels have priority P(1) i.e. second highest priority. + // 3. By extension of this logic, endpoints matching only the first label has priority P(N-1) i.e. second lowest priority. + // 4. All the other endpoints have priority P(N) i.e. lowest priority. // // Note: For a label to be considered for match, the previous labels must match, i.e. nth label would be considered matched only if first n-1 labels match. // @@ -1697,6 +1591,7 @@ type LocalityLoadBalancerSetting struct { // - `topology.kubernetes.io/region` is used to match the region metadata of an endpoint, which maps to Kubernetes node label `topology.kubernetes.io/region` or the deprecated label `failure-domain.beta.kubernetes.io/region`. // - `topology.kubernetes.io/zone` is used to match the zone metadata of an endpoint, which maps to Kubernetes node label `topology.kubernetes.io/zone` or the deprecated label `failure-domain.beta.kubernetes.io/zone`. // - `topology.istio.io/subzone` is used to match the subzone metadata of an endpoint, which maps to Istio node label `topology.istio.io/subzone`. + // - `kubernetes.io/hostname` is used to match the current node of an endpoint, which maps to Kubernetes node label `kubernetes.io/hostname`. // // The below topology config indicates the following priority levels: // @@ -1714,21 +1609,30 @@ type LocalityLoadBalancerSetting struct { // 4. endpoints have same [network] but different [region] labels with the client proxy have the fourth highest priority. // 5. all the other endpoints have the same lowest priority. // + // Suppose a service associated endpoints reside in multi clusters, the below example represents: + // 1. endpoints in `clusterA` and has `version=v1` label have P(0) priority. + // 2. endpoints not in `clusterA` but has `version=v1` label have P(1) priority. + // 2. all the other endpoints have P(2) priority. + // + // ```yaml + // failoverPriority: + // - "version=v1" + // - "topology.istio.io/cluster=clusterA" + // ``` + // // Optional: only one of distribute, failover or failoverPriority can be set. // And it should be used together with `OutlierDetection` to detect unhealthy endpoints, otherwise has no effect. FailoverPriority []string `protobuf:"bytes,4,rep,name=failover_priority,json=failoverPriority,proto3" json:"failover_priority,omitempty"` - // enable locality load balancing, this is DestinationRule-level and will override mesh wide settings in entirety. - // e.g. true means that turn on locality load balancing for this DestinationRule no matter what mesh wide settings is. + // Enable locality load balancing. This is DestinationRule-level and will override mesh-wide settings in entirety. + // e.g. true means that turn on locality load balancing for this DestinationRule no matter what mesh-wide settings is. Enabled *wrappers.BoolValue `protobuf:"bytes,3,opt,name=enabled,proto3" json:"enabled,omitempty"` } func (x *LocalityLoadBalancerSetting) Reset() { *x = LocalityLoadBalancerSetting{} - if protoimpl.UnsafeEnabled { - mi := &file_networking_v1beta1_destination_rule_proto_msgTypes[7] - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - ms.StoreMessageInfo(mi) - } + mi := &file_networking_v1alpha3_destination_rule_proto_msgTypes[8] + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + ms.StoreMessageInfo(mi) } func (x *LocalityLoadBalancerSetting) String() string { @@ -1738,8 +1642,8 @@ func (x *LocalityLoadBalancerSetting) String() string { func (*LocalityLoadBalancerSetting) ProtoMessage() {} func (x *LocalityLoadBalancerSetting) ProtoReflect() protoreflect.Message { - mi := &file_networking_v1beta1_destination_rule_proto_msgTypes[7] - if protoimpl.UnsafeEnabled && x != nil { + mi := &file_networking_v1alpha3_destination_rule_proto_msgTypes[8] + if x != nil { ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) if ms.LoadMessageInfo() == nil { ms.StoreMessageInfo(mi) @@ -1751,7 +1655,7 @@ func (x *LocalityLoadBalancerSetting) ProtoReflect() protoreflect.Message { // Deprecated: Use LocalityLoadBalancerSetting.ProtoReflect.Descriptor instead. func (*LocalityLoadBalancerSetting) Descriptor() ([]byte, []int) { - return file_networking_v1beta1_destination_rule_proto_rawDescGZIP(), []int{7} + return file_networking_v1alpha3_destination_rule_proto_rawDescGZIP(), []int{8} } func (x *LocalityLoadBalancerSetting) GetDistribute() []*LocalityLoadBalancerSetting_Distribute { @@ -1803,11 +1707,9 @@ type TrafficPolicy_PortTrafficPolicy struct { func (x *TrafficPolicy_PortTrafficPolicy) Reset() { *x = TrafficPolicy_PortTrafficPolicy{} - if protoimpl.UnsafeEnabled { - mi := &file_networking_v1beta1_destination_rule_proto_msgTypes[8] - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - ms.StoreMessageInfo(mi) - } + mi := &file_networking_v1alpha3_destination_rule_proto_msgTypes[9] + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + ms.StoreMessageInfo(mi) } func (x *TrafficPolicy_PortTrafficPolicy) String() string { @@ -1817,8 +1719,8 @@ func (x *TrafficPolicy_PortTrafficPolicy) String() string { func (*TrafficPolicy_PortTrafficPolicy) ProtoMessage() {} func (x *TrafficPolicy_PortTrafficPolicy) ProtoReflect() protoreflect.Message { - mi := &file_networking_v1beta1_destination_rule_proto_msgTypes[8] - if protoimpl.UnsafeEnabled && x != nil { + mi := &file_networking_v1alpha3_destination_rule_proto_msgTypes[9] + if x != nil { ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) if ms.LoadMessageInfo() == nil { ms.StoreMessageInfo(mi) @@ -1830,7 +1732,7 @@ func (x *TrafficPolicy_PortTrafficPolicy) ProtoReflect() protoreflect.Message { // Deprecated: Use TrafficPolicy_PortTrafficPolicy.ProtoReflect.Descriptor instead. func (*TrafficPolicy_PortTrafficPolicy) Descriptor() ([]byte, []int) { - return file_networking_v1beta1_destination_rule_proto_rawDescGZIP(), []int{1, 0} + return file_networking_v1alpha3_destination_rule_proto_rawDescGZIP(), []int{1, 0} } func (x *TrafficPolicy_PortTrafficPolicy) GetPort() *PortSelector { @@ -1875,11 +1777,11 @@ type TrafficPolicy_TunnelSettings struct { // Specifies which protocol to use for tunneling the downstream connection. // Supported protocols are: - // - // CONNECT - uses HTTP CONNECT; - // POST - uses HTTP POST. + // - CONNECT - uses HTTP CONNECT; + // - POST - uses HTTP POST. // // CONNECT is used by default if not specified. + // // HTTP version for upstream requests is determined by the service protocol defined for the proxy. Protocol string `protobuf:"bytes,1,opt,name=protocol,proto3" json:"protocol,omitempty"` // Specifies a host to which the downstream connection is tunneled. @@ -1891,11 +1793,9 @@ type TrafficPolicy_TunnelSettings struct { func (x *TrafficPolicy_TunnelSettings) Reset() { *x = TrafficPolicy_TunnelSettings{} - if protoimpl.UnsafeEnabled { - mi := &file_networking_v1beta1_destination_rule_proto_msgTypes[9] - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - ms.StoreMessageInfo(mi) - } + mi := &file_networking_v1alpha3_destination_rule_proto_msgTypes[10] + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + ms.StoreMessageInfo(mi) } func (x *TrafficPolicy_TunnelSettings) String() string { @@ -1905,8 +1805,8 @@ func (x *TrafficPolicy_TunnelSettings) String() string { func (*TrafficPolicy_TunnelSettings) ProtoMessage() {} func (x *TrafficPolicy_TunnelSettings) ProtoReflect() protoreflect.Message { - mi := &file_networking_v1beta1_destination_rule_proto_msgTypes[9] - if protoimpl.UnsafeEnabled && x != nil { + mi := &file_networking_v1alpha3_destination_rule_proto_msgTypes[10] + if x != nil { ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) if ms.LoadMessageInfo() == nil { ms.StoreMessageInfo(mi) @@ -1918,7 +1818,7 @@ func (x *TrafficPolicy_TunnelSettings) ProtoReflect() protoreflect.Message { // Deprecated: Use TrafficPolicy_TunnelSettings.ProtoReflect.Descriptor instead. func (*TrafficPolicy_TunnelSettings) Descriptor() ([]byte, []int) { - return file_networking_v1beta1_destination_rule_proto_rawDescGZIP(), []int{1, 1} + return file_networking_v1alpha3_destination_rule_proto_rawDescGZIP(), []int{1, 1} } func (x *TrafficPolicy_TunnelSettings) GetProtocol() string { @@ -1942,6 +1842,53 @@ func (x *TrafficPolicy_TunnelSettings) GetTargetPort() uint32 { return 0 } +type TrafficPolicy_ProxyProtocol struct { + state protoimpl.MessageState + sizeCache protoimpl.SizeCache + unknownFields protoimpl.UnknownFields + + // The PROXY protocol version to use. See https://www.haproxy.org/download/2.1/doc/proxy-protocol.txt for details. + // By default it is `V1`. + Version TrafficPolicy_ProxyProtocol_VERSION `protobuf:"varint,1,opt,name=version,proto3,enum=istio.networking.v1alpha3.TrafficPolicy_ProxyProtocol_VERSION" json:"version,omitempty"` +} + +func (x *TrafficPolicy_ProxyProtocol) Reset() { + *x = TrafficPolicy_ProxyProtocol{} + mi := &file_networking_v1alpha3_destination_rule_proto_msgTypes[11] + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + ms.StoreMessageInfo(mi) +} + +func (x *TrafficPolicy_ProxyProtocol) String() string { + return protoimpl.X.MessageStringOf(x) +} + +func (*TrafficPolicy_ProxyProtocol) ProtoMessage() {} + +func (x *TrafficPolicy_ProxyProtocol) ProtoReflect() protoreflect.Message { + mi := &file_networking_v1alpha3_destination_rule_proto_msgTypes[11] + if x != nil { + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + if ms.LoadMessageInfo() == nil { + ms.StoreMessageInfo(mi) + } + return ms + } + return mi.MessageOf(x) +} + +// Deprecated: Use TrafficPolicy_ProxyProtocol.ProtoReflect.Descriptor instead. +func (*TrafficPolicy_ProxyProtocol) Descriptor() ([]byte, []int) { + return file_networking_v1alpha3_destination_rule_proto_rawDescGZIP(), []int{1, 2} +} + +func (x *TrafficPolicy_ProxyProtocol) GetVersion() TrafficPolicy_ProxyProtocol_VERSION { + if x != nil { + return x.Version + } + return TrafficPolicy_ProxyProtocol_V1 +} + // Consistent Hash-based load balancing can be used to provide soft // session affinity based on HTTP headers, cookies or other // properties. The affinity to a particular destination host may be @@ -1985,17 +1932,15 @@ type LoadBalancerSettings_ConsistentHashLB struct { HashAlgorithm isLoadBalancerSettings_ConsistentHashLB_HashAlgorithm `protobuf_oneof:"hash_algorithm"` // Deprecated. Use RingHash instead. // - // Deprecated: Do not use. + // Deprecated: Marked as deprecated in networking/v1alpha3/destination_rule.proto. MinimumRingSize uint64 `protobuf:"varint,4,opt,name=minimum_ring_size,json=minimumRingSize,proto3" json:"minimum_ring_size,omitempty"` } func (x *LoadBalancerSettings_ConsistentHashLB) Reset() { *x = LoadBalancerSettings_ConsistentHashLB{} - if protoimpl.UnsafeEnabled { - mi := &file_networking_v1beta1_destination_rule_proto_msgTypes[11] - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - ms.StoreMessageInfo(mi) - } + mi := &file_networking_v1alpha3_destination_rule_proto_msgTypes[13] + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + ms.StoreMessageInfo(mi) } func (x *LoadBalancerSettings_ConsistentHashLB) String() string { @@ -2005,8 +1950,8 @@ func (x *LoadBalancerSettings_ConsistentHashLB) String() string { func (*LoadBalancerSettings_ConsistentHashLB) ProtoMessage() {} func (x *LoadBalancerSettings_ConsistentHashLB) ProtoReflect() protoreflect.Message { - mi := &file_networking_v1beta1_destination_rule_proto_msgTypes[11] - if protoimpl.UnsafeEnabled && x != nil { + mi := &file_networking_v1alpha3_destination_rule_proto_msgTypes[13] + if x != nil { ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) if ms.LoadMessageInfo() == nil { ms.StoreMessageInfo(mi) @@ -2018,7 +1963,7 @@ func (x *LoadBalancerSettings_ConsistentHashLB) ProtoReflect() protoreflect.Mess // Deprecated: Use LoadBalancerSettings_ConsistentHashLB.ProtoReflect.Descriptor instead. func (*LoadBalancerSettings_ConsistentHashLB) Descriptor() ([]byte, []int) { - return file_networking_v1beta1_destination_rule_proto_rawDescGZIP(), []int{3, 0} + return file_networking_v1alpha3_destination_rule_proto_rawDescGZIP(), []int{3, 0} } func (m *LoadBalancerSettings_ConsistentHashLB) GetHashKey() isLoadBalancerSettings_ConsistentHashLB_HashKey { @@ -2077,7 +2022,7 @@ func (x *LoadBalancerSettings_ConsistentHashLB) GetMaglev() *LoadBalancerSetting return nil } -// Deprecated: Do not use. +// Deprecated: Marked as deprecated in networking/v1alpha3/destination_rule.proto. func (x *LoadBalancerSettings_ConsistentHashLB) GetMinimumRingSize() uint64 { if x != nil { return x.MinimumRingSize @@ -2157,11 +2102,9 @@ type LoadBalancerSettings_ConsistentHashLB_RingHash struct { func (x *LoadBalancerSettings_ConsistentHashLB_RingHash) Reset() { *x = LoadBalancerSettings_ConsistentHashLB_RingHash{} - if protoimpl.UnsafeEnabled { - mi := &file_networking_v1beta1_destination_rule_proto_msgTypes[12] - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - ms.StoreMessageInfo(mi) - } + mi := &file_networking_v1alpha3_destination_rule_proto_msgTypes[14] + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + ms.StoreMessageInfo(mi) } func (x *LoadBalancerSettings_ConsistentHashLB_RingHash) String() string { @@ -2171,8 +2114,8 @@ func (x *LoadBalancerSettings_ConsistentHashLB_RingHash) String() string { func (*LoadBalancerSettings_ConsistentHashLB_RingHash) ProtoMessage() {} func (x *LoadBalancerSettings_ConsistentHashLB_RingHash) ProtoReflect() protoreflect.Message { - mi := &file_networking_v1beta1_destination_rule_proto_msgTypes[12] - if protoimpl.UnsafeEnabled && x != nil { + mi := &file_networking_v1alpha3_destination_rule_proto_msgTypes[14] + if x != nil { ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) if ms.LoadMessageInfo() == nil { ms.StoreMessageInfo(mi) @@ -2184,7 +2127,7 @@ func (x *LoadBalancerSettings_ConsistentHashLB_RingHash) ProtoReflect() protoref // Deprecated: Use LoadBalancerSettings_ConsistentHashLB_RingHash.ProtoReflect.Descriptor instead. func (*LoadBalancerSettings_ConsistentHashLB_RingHash) Descriptor() ([]byte, []int) { - return file_networking_v1beta1_destination_rule_proto_rawDescGZIP(), []int{3, 0, 0} + return file_networking_v1alpha3_destination_rule_proto_rawDescGZIP(), []int{3, 0, 0} } func (x *LoadBalancerSettings_ConsistentHashLB_RingHash) GetMinimumRingSize() uint64 { @@ -2202,16 +2145,16 @@ type LoadBalancerSettings_ConsistentHashLB_MagLev struct { // The table size for Maglev hashing. This helps in controlling the // disruption when the backend hosts change. // Increasing the table size reduces the amount of disruption. + // The table size must be prime number less than 5000011. + // If it is not specified, the default is 65537. TableSize uint64 `protobuf:"varint,1,opt,name=table_size,json=tableSize,proto3" json:"table_size,omitempty"` } func (x *LoadBalancerSettings_ConsistentHashLB_MagLev) Reset() { *x = LoadBalancerSettings_ConsistentHashLB_MagLev{} - if protoimpl.UnsafeEnabled { - mi := &file_networking_v1beta1_destination_rule_proto_msgTypes[13] - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - ms.StoreMessageInfo(mi) - } + mi := &file_networking_v1alpha3_destination_rule_proto_msgTypes[15] + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + ms.StoreMessageInfo(mi) } func (x *LoadBalancerSettings_ConsistentHashLB_MagLev) String() string { @@ -2221,8 +2164,8 @@ func (x *LoadBalancerSettings_ConsistentHashLB_MagLev) String() string { func (*LoadBalancerSettings_ConsistentHashLB_MagLev) ProtoMessage() {} func (x *LoadBalancerSettings_ConsistentHashLB_MagLev) ProtoReflect() protoreflect.Message { - mi := &file_networking_v1beta1_destination_rule_proto_msgTypes[13] - if protoimpl.UnsafeEnabled && x != nil { + mi := &file_networking_v1alpha3_destination_rule_proto_msgTypes[15] + if x != nil { ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) if ms.LoadMessageInfo() == nil { ms.StoreMessageInfo(mi) @@ -2234,7 +2177,7 @@ func (x *LoadBalancerSettings_ConsistentHashLB_MagLev) ProtoReflect() protorefle // Deprecated: Use LoadBalancerSettings_ConsistentHashLB_MagLev.ProtoReflect.Descriptor instead. func (*LoadBalancerSettings_ConsistentHashLB_MagLev) Descriptor() ([]byte, []int) { - return file_networking_v1beta1_destination_rule_proto_rawDescGZIP(), []int{3, 0, 1} + return file_networking_v1alpha3_destination_rule_proto_rawDescGZIP(), []int{3, 0, 1} } func (x *LoadBalancerSettings_ConsistentHashLB_MagLev) GetTableSize() uint64 { @@ -2245,8 +2188,7 @@ func (x *LoadBalancerSettings_ConsistentHashLB_MagLev) GetTableSize() uint64 { } // Describes a HTTP cookie that will be used as the hash key for the -// Consistent Hash load balancer. If the cookie is not present, it will -// be generated. +// Consistent Hash load balancer. type LoadBalancerSettings_ConsistentHashLB_HTTPCookie struct { state protoimpl.MessageState sizeCache protoimpl.SizeCache @@ -2256,17 +2198,18 @@ type LoadBalancerSettings_ConsistentHashLB_HTTPCookie struct { Name string `protobuf:"bytes,1,opt,name=name,proto3" json:"name,omitempty"` // Path to set for the cookie. Path string `protobuf:"bytes,2,opt,name=path,proto3" json:"path,omitempty"` - // Lifetime of the cookie. + // Lifetime of the cookie. If specified, a cookie with the TTL will be + // generated if the cookie is not present. If the TTL is present and zero, + // the generated cookie will be a session cookie. + // +protoc-gen-crd:duration-validation:none Ttl *duration.Duration `protobuf:"bytes,3,opt,name=ttl,proto3" json:"ttl,omitempty"` } func (x *LoadBalancerSettings_ConsistentHashLB_HTTPCookie) Reset() { *x = LoadBalancerSettings_ConsistentHashLB_HTTPCookie{} - if protoimpl.UnsafeEnabled { - mi := &file_networking_v1beta1_destination_rule_proto_msgTypes[14] - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - ms.StoreMessageInfo(mi) - } + mi := &file_networking_v1alpha3_destination_rule_proto_msgTypes[16] + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + ms.StoreMessageInfo(mi) } func (x *LoadBalancerSettings_ConsistentHashLB_HTTPCookie) String() string { @@ -2276,8 +2219,8 @@ func (x *LoadBalancerSettings_ConsistentHashLB_HTTPCookie) String() string { func (*LoadBalancerSettings_ConsistentHashLB_HTTPCookie) ProtoMessage() {} func (x *LoadBalancerSettings_ConsistentHashLB_HTTPCookie) ProtoReflect() protoreflect.Message { - mi := &file_networking_v1beta1_destination_rule_proto_msgTypes[14] - if protoimpl.UnsafeEnabled && x != nil { + mi := &file_networking_v1alpha3_destination_rule_proto_msgTypes[16] + if x != nil { ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) if ms.LoadMessageInfo() == nil { ms.StoreMessageInfo(mi) @@ -2289,7 +2232,7 @@ func (x *LoadBalancerSettings_ConsistentHashLB_HTTPCookie) ProtoReflect() protor // Deprecated: Use LoadBalancerSettings_ConsistentHashLB_HTTPCookie.ProtoReflect.Descriptor instead. func (*LoadBalancerSettings_ConsistentHashLB_HTTPCookie) Descriptor() ([]byte, []int) { - return file_networking_v1beta1_destination_rule_proto_rawDescGZIP(), []int{3, 0, 2} + return file_networking_v1alpha3_destination_rule_proto_rawDescGZIP(), []int{3, 0, 2} } func (x *LoadBalancerSettings_ConsistentHashLB_HTTPCookie) GetName() string { @@ -2322,23 +2265,30 @@ type ConnectionPoolSettings_TCPSettings struct { // Maximum number of HTTP1 /TCP connections to a destination host. Default 2^32-1. MaxConnections int32 `protobuf:"varint,1,opt,name=max_connections,json=maxConnections,proto3" json:"max_connections,omitempty"` // TCP connection timeout. format: - // 1h/1m/1s/1ms. MUST BE >=1ms. Default is 10s. + // 1h/1m/1s/1ms. MUST be >=1ms. Default is 10s. ConnectTimeout *duration.Duration `protobuf:"bytes,2,opt,name=connect_timeout,json=connectTimeout,proto3" json:"connect_timeout,omitempty"` // If set then set SO_KEEPALIVE on the socket to enable TCP Keepalives. TcpKeepalive *ConnectionPoolSettings_TCPSettings_TcpKeepalive `protobuf:"bytes,3,opt,name=tcp_keepalive,json=tcpKeepalive,proto3" json:"tcp_keepalive,omitempty"` // The maximum duration of a connection. The duration is defined as the period since a connection - // was established. If not set, there is no max duration. When max_connection_duration + // was established. If not set, there is no max duration. When `maxConnectionDuration` // is reached the connection will be closed. Duration must be at least 1ms. MaxConnectionDuration *duration.Duration `protobuf:"bytes,4,opt,name=max_connection_duration,json=maxConnectionDuration,proto3" json:"max_connection_duration,omitempty"` + // The idle timeout for TCP connections. + // The idle timeout is defined as the period in which there are no bytes sent or received on either + // the upstream or downstream connection. + // If not set, the default idle timeout is 1 hour. If set to 0s, the timeout will be disabled. + // Idle timeout is not configured per each cluster individually when weighted destinations are used, + // because idleTimeout is a property of a listener, not a cluster. In that case, idleTimeout + // specified in a destination rule for the first weighted route is configured in the listener, + // which means also for all weighted routes. + IdleTimeout *duration.Duration `protobuf:"bytes,5,opt,name=idle_timeout,json=idleTimeout,proto3" json:"idle_timeout,omitempty"` } func (x *ConnectionPoolSettings_TCPSettings) Reset() { *x = ConnectionPoolSettings_TCPSettings{} - if protoimpl.UnsafeEnabled { - mi := &file_networking_v1beta1_destination_rule_proto_msgTypes[15] - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - ms.StoreMessageInfo(mi) - } + mi := &file_networking_v1alpha3_destination_rule_proto_msgTypes[17] + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + ms.StoreMessageInfo(mi) } func (x *ConnectionPoolSettings_TCPSettings) String() string { @@ -2348,8 +2298,8 @@ func (x *ConnectionPoolSettings_TCPSettings) String() string { func (*ConnectionPoolSettings_TCPSettings) ProtoMessage() {} func (x *ConnectionPoolSettings_TCPSettings) ProtoReflect() protoreflect.Message { - mi := &file_networking_v1beta1_destination_rule_proto_msgTypes[15] - if protoimpl.UnsafeEnabled && x != nil { + mi := &file_networking_v1alpha3_destination_rule_proto_msgTypes[17] + if x != nil { ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) if ms.LoadMessageInfo() == nil { ms.StoreMessageInfo(mi) @@ -2361,7 +2311,7 @@ func (x *ConnectionPoolSettings_TCPSettings) ProtoReflect() protoreflect.Message // Deprecated: Use ConnectionPoolSettings_TCPSettings.ProtoReflect.Descriptor instead. func (*ConnectionPoolSettings_TCPSettings) Descriptor() ([]byte, []int) { - return file_networking_v1beta1_destination_rule_proto_rawDescGZIP(), []int{4, 0} + return file_networking_v1alpha3_destination_rule_proto_rawDescGZIP(), []int{5, 0} } func (x *ConnectionPoolSettings_TCPSettings) GetMaxConnections() int32 { @@ -2392,6 +2342,13 @@ func (x *ConnectionPoolSettings_TCPSettings) GetMaxConnectionDuration() *duratio return nil } +func (x *ConnectionPoolSettings_TCPSettings) GetIdleTimeout() *duration.Duration { + if x != nil { + return x.IdleTimeout + } + return nil +} + // Settings applicable to HTTP1.1/HTTP2/GRPC connections. type ConnectionPoolSettings_HTTPSettings struct { state protoimpl.MessageState @@ -2399,12 +2356,12 @@ type ConnectionPoolSettings_HTTPSettings struct { unknownFields protoimpl.UnknownFields // Maximum number of requests that will be queued while waiting for - // a ready connection pool connection. Default 1024. + // a ready connection pool connection. Default 2^32-1. // Refer to https://www.envoyproxy.io/docs/envoy/latest/intro/arch_overview/upstream/circuit_breaking // under which conditions a new connection is created for HTTP2. // Please note that this is applicable to both HTTP/1.1 and HTTP2. Http1MaxPendingRequests int32 `protobuf:"varint,1,opt,name=http1_max_pending_requests,json=http1MaxPendingRequests,proto3" json:"http1_max_pending_requests,omitempty"` - // Maximum number of active requests to a destination. Default 1024. + // Maximum number of active requests to a destination. Default 2^32-1. // Please note that this is applicable to both HTTP/1.1 and HTTP2. Http2MaxRequests int32 `protobuf:"varint,2,opt,name=http2_max_requests,json=http2MaxRequests,proto3" json:"http2_max_requests,omitempty"` // Maximum number of requests per connection to a backend. Setting this @@ -2423,20 +2380,21 @@ type ConnectionPoolSettings_HTTPSettings struct { // keep the connection alive. Applies to both HTTP1.1 and HTTP2 connections. IdleTimeout *duration.Duration `protobuf:"bytes,5,opt,name=idle_timeout,json=idleTimeout,proto3" json:"idle_timeout,omitempty"` // Specify if http1.1 connection should be upgraded to http2 for the associated destination. - H2UpgradePolicy ConnectionPoolSettings_HTTPSettings_H2UpgradePolicy `protobuf:"varint,6,opt,name=h2_upgrade_policy,json=h2UpgradePolicy,proto3,enum=istio.networking.v1beta1.ConnectionPoolSettings_HTTPSettings_H2UpgradePolicy" json:"h2_upgrade_policy,omitempty"` + H2UpgradePolicy ConnectionPoolSettings_HTTPSettings_H2UpgradePolicy `protobuf:"varint,6,opt,name=h2_upgrade_policy,json=h2UpgradePolicy,proto3,enum=istio.networking.v1alpha3.ConnectionPoolSettings_HTTPSettings_H2UpgradePolicy" json:"h2_upgrade_policy,omitempty"` // If set to true, client protocol will be preserved while initiating connection to backend. - // Note that when this is set to true, h2_upgrade_policy will be ineffective i.e. the client + // Note that when this is set to true, `h2UpgradePolicy` will be ineffective i.e. the client // connections will not be upgraded to http2. UseClientProtocol bool `protobuf:"varint,7,opt,name=use_client_protocol,json=useClientProtocol,proto3" json:"use_client_protocol,omitempty"` + // The maximum number of concurrent streams allowed for a peer on one HTTP/2 connection. + // Defaults to 2^31-1. + MaxConcurrentStreams int32 `protobuf:"varint,8,opt,name=max_concurrent_streams,json=maxConcurrentStreams,proto3" json:"max_concurrent_streams,omitempty"` } func (x *ConnectionPoolSettings_HTTPSettings) Reset() { *x = ConnectionPoolSettings_HTTPSettings{} - if protoimpl.UnsafeEnabled { - mi := &file_networking_v1beta1_destination_rule_proto_msgTypes[16] - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - ms.StoreMessageInfo(mi) - } + mi := &file_networking_v1alpha3_destination_rule_proto_msgTypes[18] + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + ms.StoreMessageInfo(mi) } func (x *ConnectionPoolSettings_HTTPSettings) String() string { @@ -2446,8 +2404,8 @@ func (x *ConnectionPoolSettings_HTTPSettings) String() string { func (*ConnectionPoolSettings_HTTPSettings) ProtoMessage() {} func (x *ConnectionPoolSettings_HTTPSettings) ProtoReflect() protoreflect.Message { - mi := &file_networking_v1beta1_destination_rule_proto_msgTypes[16] - if protoimpl.UnsafeEnabled && x != nil { + mi := &file_networking_v1alpha3_destination_rule_proto_msgTypes[18] + if x != nil { ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) if ms.LoadMessageInfo() == nil { ms.StoreMessageInfo(mi) @@ -2459,7 +2417,7 @@ func (x *ConnectionPoolSettings_HTTPSettings) ProtoReflect() protoreflect.Messag // Deprecated: Use ConnectionPoolSettings_HTTPSettings.ProtoReflect.Descriptor instead. func (*ConnectionPoolSettings_HTTPSettings) Descriptor() ([]byte, []int) { - return file_networking_v1beta1_destination_rule_proto_rawDescGZIP(), []int{4, 1} + return file_networking_v1alpha3_destination_rule_proto_rawDescGZIP(), []int{5, 1} } func (x *ConnectionPoolSettings_HTTPSettings) GetHttp1MaxPendingRequests() int32 { @@ -2511,6 +2469,13 @@ func (x *ConnectionPoolSettings_HTTPSettings) GetUseClientProtocol() bool { return false } +func (x *ConnectionPoolSettings_HTTPSettings) GetMaxConcurrentStreams() int32 { + if x != nil { + return x.MaxConcurrentStreams + } + return 0 +} + // TCP keepalive. type ConnectionPoolSettings_TCPSettings_TcpKeepalive struct { state protoimpl.MessageState @@ -2533,11 +2498,9 @@ type ConnectionPoolSettings_TCPSettings_TcpKeepalive struct { func (x *ConnectionPoolSettings_TCPSettings_TcpKeepalive) Reset() { *x = ConnectionPoolSettings_TCPSettings_TcpKeepalive{} - if protoimpl.UnsafeEnabled { - mi := &file_networking_v1beta1_destination_rule_proto_msgTypes[17] - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - ms.StoreMessageInfo(mi) - } + mi := &file_networking_v1alpha3_destination_rule_proto_msgTypes[19] + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + ms.StoreMessageInfo(mi) } func (x *ConnectionPoolSettings_TCPSettings_TcpKeepalive) String() string { @@ -2547,8 +2510,8 @@ func (x *ConnectionPoolSettings_TCPSettings_TcpKeepalive) String() string { func (*ConnectionPoolSettings_TCPSettings_TcpKeepalive) ProtoMessage() {} func (x *ConnectionPoolSettings_TCPSettings_TcpKeepalive) ProtoReflect() protoreflect.Message { - mi := &file_networking_v1beta1_destination_rule_proto_msgTypes[17] - if protoimpl.UnsafeEnabled && x != nil { + mi := &file_networking_v1alpha3_destination_rule_proto_msgTypes[19] + if x != nil { ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) if ms.LoadMessageInfo() == nil { ms.StoreMessageInfo(mi) @@ -2560,7 +2523,7 @@ func (x *ConnectionPoolSettings_TCPSettings_TcpKeepalive) ProtoReflect() protore // Deprecated: Use ConnectionPoolSettings_TCPSettings_TcpKeepalive.ProtoReflect.Descriptor instead. func (*ConnectionPoolSettings_TCPSettings_TcpKeepalive) Descriptor() ([]byte, []int) { - return file_networking_v1beta1_destination_rule_proto_rawDescGZIP(), []int{4, 0, 0} + return file_networking_v1alpha3_destination_rule_proto_rawDescGZIP(), []int{5, 0, 0} } func (x *ConnectionPoolSettings_TCPSettings_TcpKeepalive) GetProbes() uint32 { @@ -2609,11 +2572,9 @@ type LocalityLoadBalancerSetting_Distribute struct { func (x *LocalityLoadBalancerSetting_Distribute) Reset() { *x = LocalityLoadBalancerSetting_Distribute{} - if protoimpl.UnsafeEnabled { - mi := &file_networking_v1beta1_destination_rule_proto_msgTypes[18] - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - ms.StoreMessageInfo(mi) - } + mi := &file_networking_v1alpha3_destination_rule_proto_msgTypes[20] + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + ms.StoreMessageInfo(mi) } func (x *LocalityLoadBalancerSetting_Distribute) String() string { @@ -2623,8 +2584,8 @@ func (x *LocalityLoadBalancerSetting_Distribute) String() string { func (*LocalityLoadBalancerSetting_Distribute) ProtoMessage() {} func (x *LocalityLoadBalancerSetting_Distribute) ProtoReflect() protoreflect.Message { - mi := &file_networking_v1beta1_destination_rule_proto_msgTypes[18] - if protoimpl.UnsafeEnabled && x != nil { + mi := &file_networking_v1alpha3_destination_rule_proto_msgTypes[20] + if x != nil { ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) if ms.LoadMessageInfo() == nil { ms.StoreMessageInfo(mi) @@ -2636,7 +2597,7 @@ func (x *LocalityLoadBalancerSetting_Distribute) ProtoReflect() protoreflect.Mes // Deprecated: Use LocalityLoadBalancerSetting_Distribute.ProtoReflect.Descriptor instead. func (*LocalityLoadBalancerSetting_Distribute) Descriptor() ([]byte, []int) { - return file_networking_v1beta1_destination_rule_proto_rawDescGZIP(), []int{7, 0} + return file_networking_v1alpha3_destination_rule_proto_rawDescGZIP(), []int{8, 0} } func (x *LocalityLoadBalancerSetting_Distribute) GetFrom() string { @@ -2674,11 +2635,9 @@ type LocalityLoadBalancerSetting_Failover struct { func (x *LocalityLoadBalancerSetting_Failover) Reset() { *x = LocalityLoadBalancerSetting_Failover{} - if protoimpl.UnsafeEnabled { - mi := &file_networking_v1beta1_destination_rule_proto_msgTypes[19] - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - ms.StoreMessageInfo(mi) - } + mi := &file_networking_v1alpha3_destination_rule_proto_msgTypes[21] + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + ms.StoreMessageInfo(mi) } func (x *LocalityLoadBalancerSetting_Failover) String() string { @@ -2688,8 +2647,8 @@ func (x *LocalityLoadBalancerSetting_Failover) String() string { func (*LocalityLoadBalancerSetting_Failover) ProtoMessage() {} func (x *LocalityLoadBalancerSetting_Failover) ProtoReflect() protoreflect.Message { - mi := &file_networking_v1beta1_destination_rule_proto_msgTypes[19] - if protoimpl.UnsafeEnabled && x != nil { + mi := &file_networking_v1alpha3_destination_rule_proto_msgTypes[21] + if x != nil { ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) if ms.LoadMessageInfo() == nil { ms.StoreMessageInfo(mi) @@ -2701,7 +2660,7 @@ func (x *LocalityLoadBalancerSetting_Failover) ProtoReflect() protoreflect.Messa // Deprecated: Use LocalityLoadBalancerSetting_Failover.ProtoReflect.Descriptor instead. func (*LocalityLoadBalancerSetting_Failover) Descriptor() ([]byte, []int) { - return file_networking_v1beta1_destination_rule_proto_rawDescGZIP(), []int{7, 1} + return file_networking_v1alpha3_destination_rule_proto_rawDescGZIP(), []int{8, 1} } func (x *LocalityLoadBalancerSetting_Failover) GetFrom() string { @@ -2718,195 +2677,215 @@ func (x *LocalityLoadBalancerSetting_Failover) GetTo() string { return "" } -var File_networking_v1beta1_destination_rule_proto protoreflect.FileDescriptor - -var file_networking_v1beta1_destination_rule_proto_rawDesc = []byte{ - 0x0a, 0x29, 0x6e, 0x65, 0x74, 0x77, 0x6f, 0x72, 0x6b, 0x69, 0x6e, 0x67, 0x2f, 0x76, 0x31, 0x62, - 0x65, 0x74, 0x61, 0x31, 0x2f, 0x64, 0x65, 0x73, 0x74, 0x69, 0x6e, 0x61, 0x74, 0x69, 0x6f, 0x6e, - 0x5f, 0x72, 0x75, 0x6c, 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x12, 0x18, 0x69, 0x73, 0x74, - 0x69, 0x6f, 0x2e, 0x6e, 0x65, 0x74, 0x77, 0x6f, 0x72, 0x6b, 0x69, 0x6e, 0x67, 0x2e, 0x76, 0x31, - 0x62, 0x65, 0x74, 0x61, 0x31, 0x1a, 0x1f, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2f, 0x61, 0x70, - 0x69, 0x2f, 0x66, 0x69, 0x65, 0x6c, 0x64, 0x5f, 0x62, 0x65, 0x68, 0x61, 0x76, 0x69, 0x6f, 0x72, - 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x1a, 0x1e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2f, 0x70, - 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2f, 0x64, 0x75, 0x72, 0x61, 0x74, 0x69, 0x6f, 0x6e, - 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x1a, 0x1e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2f, 0x70, - 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2f, 0x77, 0x72, 0x61, 0x70, 0x70, 0x65, 0x72, 0x73, - 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x1a, 0x28, 0x6e, 0x65, 0x74, 0x77, 0x6f, 0x72, 0x6b, 0x69, - 0x6e, 0x67, 0x2f, 0x76, 0x31, 0x62, 0x65, 0x74, 0x61, 0x31, 0x2f, 0x76, 0x69, 0x72, 0x74, 0x75, - 0x61, 0x6c, 0x5f, 0x73, 0x65, 0x72, 0x76, 0x69, 0x63, 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, - 0x1a, 0x1b, 0x74, 0x79, 0x70, 0x65, 0x2f, 0x76, 0x31, 0x62, 0x65, 0x74, 0x61, 0x31, 0x2f, 0x73, - 0x65, 0x6c, 0x65, 0x63, 0x74, 0x6f, 0x72, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x22, 0xa7, 0x02, - 0x0a, 0x0f, 0x44, 0x65, 0x73, 0x74, 0x69, 0x6e, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x52, 0x75, 0x6c, - 0x65, 0x12, 0x18, 0x0a, 0x04, 0x68, 0x6f, 0x73, 0x74, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x42, - 0x04, 0xe2, 0x41, 0x01, 0x02, 0x52, 0x04, 0x68, 0x6f, 0x73, 0x74, 0x12, 0x4e, 0x0a, 0x0e, 0x74, - 0x72, 0x61, 0x66, 0x66, 0x69, 0x63, 0x5f, 0x70, 0x6f, 0x6c, 0x69, 0x63, 0x79, 0x18, 0x02, 0x20, - 0x01, 0x28, 0x0b, 0x32, 0x27, 0x2e, 0x69, 0x73, 0x74, 0x69, 0x6f, 0x2e, 0x6e, 0x65, 0x74, 0x77, - 0x6f, 0x72, 0x6b, 0x69, 0x6e, 0x67, 0x2e, 0x76, 0x31, 0x62, 0x65, 0x74, 0x61, 0x31, 0x2e, 0x54, - 0x72, 0x61, 0x66, 0x66, 0x69, 0x63, 0x50, 0x6f, 0x6c, 0x69, 0x63, 0x79, 0x52, 0x0d, 0x74, 0x72, - 0x61, 0x66, 0x66, 0x69, 0x63, 0x50, 0x6f, 0x6c, 0x69, 0x63, 0x79, 0x12, 0x3a, 0x0a, 0x07, 0x73, - 0x75, 0x62, 0x73, 0x65, 0x74, 0x73, 0x18, 0x03, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x20, 0x2e, 0x69, - 0x73, 0x74, 0x69, 0x6f, 0x2e, 0x6e, 0x65, 0x74, 0x77, 0x6f, 0x72, 0x6b, 0x69, 0x6e, 0x67, 0x2e, - 0x76, 0x31, 0x62, 0x65, 0x74, 0x61, 0x31, 0x2e, 0x53, 0x75, 0x62, 0x73, 0x65, 0x74, 0x52, 0x07, - 0x73, 0x75, 0x62, 0x73, 0x65, 0x74, 0x73, 0x12, 0x1b, 0x0a, 0x09, 0x65, 0x78, 0x70, 0x6f, 0x72, - 0x74, 0x5f, 0x74, 0x6f, 0x18, 0x04, 0x20, 0x03, 0x28, 0x09, 0x52, 0x08, 0x65, 0x78, 0x70, 0x6f, - 0x72, 0x74, 0x54, 0x6f, 0x12, 0x51, 0x0a, 0x11, 0x77, 0x6f, 0x72, 0x6b, 0x6c, 0x6f, 0x61, 0x64, - 0x5f, 0x73, 0x65, 0x6c, 0x65, 0x63, 0x74, 0x6f, 0x72, 0x18, 0x05, 0x20, 0x01, 0x28, 0x0b, 0x32, - 0x24, 0x2e, 0x69, 0x73, 0x74, 0x69, 0x6f, 0x2e, 0x74, 0x79, 0x70, 0x65, 0x2e, 0x76, 0x31, 0x62, - 0x65, 0x74, 0x61, 0x31, 0x2e, 0x57, 0x6f, 0x72, 0x6b, 0x6c, 0x6f, 0x61, 0x64, 0x53, 0x65, 0x6c, - 0x65, 0x63, 0x74, 0x6f, 0x72, 0x52, 0x10, 0x77, 0x6f, 0x72, 0x6b, 0x6c, 0x6f, 0x61, 0x64, 0x53, - 0x65, 0x6c, 0x65, 0x63, 0x74, 0x6f, 0x72, 0x22, 0xa8, 0x08, 0x0a, 0x0d, 0x54, 0x72, 0x61, 0x66, - 0x66, 0x69, 0x63, 0x50, 0x6f, 0x6c, 0x69, 0x63, 0x79, 0x12, 0x53, 0x0a, 0x0d, 0x6c, 0x6f, 0x61, - 0x64, 0x5f, 0x62, 0x61, 0x6c, 0x61, 0x6e, 0x63, 0x65, 0x72, 0x18, 0x01, 0x20, 0x01, 0x28, 0x0b, - 0x32, 0x2e, 0x2e, 0x69, 0x73, 0x74, 0x69, 0x6f, 0x2e, 0x6e, 0x65, 0x74, 0x77, 0x6f, 0x72, 0x6b, - 0x69, 0x6e, 0x67, 0x2e, 0x76, 0x31, 0x62, 0x65, 0x74, 0x61, 0x31, 0x2e, 0x4c, 0x6f, 0x61, 0x64, - 0x42, 0x61, 0x6c, 0x61, 0x6e, 0x63, 0x65, 0x72, 0x53, 0x65, 0x74, 0x74, 0x69, 0x6e, 0x67, 0x73, - 0x52, 0x0c, 0x6c, 0x6f, 0x61, 0x64, 0x42, 0x61, 0x6c, 0x61, 0x6e, 0x63, 0x65, 0x72, 0x12, 0x59, - 0x0a, 0x0f, 0x63, 0x6f, 0x6e, 0x6e, 0x65, 0x63, 0x74, 0x69, 0x6f, 0x6e, 0x5f, 0x70, 0x6f, 0x6f, - 0x6c, 0x18, 0x02, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x30, 0x2e, 0x69, 0x73, 0x74, 0x69, 0x6f, 0x2e, - 0x6e, 0x65, 0x74, 0x77, 0x6f, 0x72, 0x6b, 0x69, 0x6e, 0x67, 0x2e, 0x76, 0x31, 0x62, 0x65, 0x74, - 0x61, 0x31, 0x2e, 0x43, 0x6f, 0x6e, 0x6e, 0x65, 0x63, 0x74, 0x69, 0x6f, 0x6e, 0x50, 0x6f, 0x6f, - 0x6c, 0x53, 0x65, 0x74, 0x74, 0x69, 0x6e, 0x67, 0x73, 0x52, 0x0e, 0x63, 0x6f, 0x6e, 0x6e, 0x65, - 0x63, 0x74, 0x69, 0x6f, 0x6e, 0x50, 0x6f, 0x6f, 0x6c, 0x12, 0x57, 0x0a, 0x11, 0x6f, 0x75, 0x74, - 0x6c, 0x69, 0x65, 0x72, 0x5f, 0x64, 0x65, 0x74, 0x65, 0x63, 0x74, 0x69, 0x6f, 0x6e, 0x18, 0x03, - 0x20, 0x01, 0x28, 0x0b, 0x32, 0x2a, 0x2e, 0x69, 0x73, 0x74, 0x69, 0x6f, 0x2e, 0x6e, 0x65, 0x74, - 0x77, 0x6f, 0x72, 0x6b, 0x69, 0x6e, 0x67, 0x2e, 0x76, 0x31, 0x62, 0x65, 0x74, 0x61, 0x31, 0x2e, - 0x4f, 0x75, 0x74, 0x6c, 0x69, 0x65, 0x72, 0x44, 0x65, 0x74, 0x65, 0x63, 0x74, 0x69, 0x6f, 0x6e, - 0x52, 0x10, 0x6f, 0x75, 0x74, 0x6c, 0x69, 0x65, 0x72, 0x44, 0x65, 0x74, 0x65, 0x63, 0x74, 0x69, - 0x6f, 0x6e, 0x12, 0x3d, 0x0a, 0x03, 0x74, 0x6c, 0x73, 0x18, 0x04, 0x20, 0x01, 0x28, 0x0b, 0x32, - 0x2b, 0x2e, 0x69, 0x73, 0x74, 0x69, 0x6f, 0x2e, 0x6e, 0x65, 0x74, 0x77, 0x6f, 0x72, 0x6b, 0x69, - 0x6e, 0x67, 0x2e, 0x76, 0x31, 0x62, 0x65, 0x74, 0x61, 0x31, 0x2e, 0x43, 0x6c, 0x69, 0x65, 0x6e, - 0x74, 0x54, 0x4c, 0x53, 0x53, 0x65, 0x74, 0x74, 0x69, 0x6e, 0x67, 0x73, 0x52, 0x03, 0x74, 0x6c, - 0x73, 0x12, 0x69, 0x0a, 0x13, 0x70, 0x6f, 0x72, 0x74, 0x5f, 0x6c, 0x65, 0x76, 0x65, 0x6c, 0x5f, - 0x73, 0x65, 0x74, 0x74, 0x69, 0x6e, 0x67, 0x73, 0x18, 0x05, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x39, - 0x2e, 0x69, 0x73, 0x74, 0x69, 0x6f, 0x2e, 0x6e, 0x65, 0x74, 0x77, 0x6f, 0x72, 0x6b, 0x69, 0x6e, - 0x67, 0x2e, 0x76, 0x31, 0x62, 0x65, 0x74, 0x61, 0x31, 0x2e, 0x54, 0x72, 0x61, 0x66, 0x66, 0x69, - 0x63, 0x50, 0x6f, 0x6c, 0x69, 0x63, 0x79, 0x2e, 0x50, 0x6f, 0x72, 0x74, 0x54, 0x72, 0x61, 0x66, - 0x66, 0x69, 0x63, 0x50, 0x6f, 0x6c, 0x69, 0x63, 0x79, 0x52, 0x11, 0x70, 0x6f, 0x72, 0x74, 0x4c, - 0x65, 0x76, 0x65, 0x6c, 0x53, 0x65, 0x74, 0x74, 0x69, 0x6e, 0x67, 0x73, 0x12, 0x4e, 0x0a, 0x06, - 0x74, 0x75, 0x6e, 0x6e, 0x65, 0x6c, 0x18, 0x06, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x36, 0x2e, 0x69, - 0x73, 0x74, 0x69, 0x6f, 0x2e, 0x6e, 0x65, 0x74, 0x77, 0x6f, 0x72, 0x6b, 0x69, 0x6e, 0x67, 0x2e, - 0x76, 0x31, 0x62, 0x65, 0x74, 0x61, 0x31, 0x2e, 0x54, 0x72, 0x61, 0x66, 0x66, 0x69, 0x63, 0x50, - 0x6f, 0x6c, 0x69, 0x63, 0x79, 0x2e, 0x54, 0x75, 0x6e, 0x6e, 0x65, 0x6c, 0x53, 0x65, 0x74, 0x74, - 0x69, 0x6e, 0x67, 0x73, 0x52, 0x06, 0x74, 0x75, 0x6e, 0x6e, 0x65, 0x6c, 0x1a, 0x97, 0x03, 0x0a, - 0x11, 0x50, 0x6f, 0x72, 0x74, 0x54, 0x72, 0x61, 0x66, 0x66, 0x69, 0x63, 0x50, 0x6f, 0x6c, 0x69, - 0x63, 0x79, 0x12, 0x3a, 0x0a, 0x04, 0x70, 0x6f, 0x72, 0x74, 0x18, 0x01, 0x20, 0x01, 0x28, 0x0b, - 0x32, 0x26, 0x2e, 0x69, 0x73, 0x74, 0x69, 0x6f, 0x2e, 0x6e, 0x65, 0x74, 0x77, 0x6f, 0x72, 0x6b, - 0x69, 0x6e, 0x67, 0x2e, 0x76, 0x31, 0x62, 0x65, 0x74, 0x61, 0x31, 0x2e, 0x50, 0x6f, 0x72, 0x74, - 0x53, 0x65, 0x6c, 0x65, 0x63, 0x74, 0x6f, 0x72, 0x52, 0x04, 0x70, 0x6f, 0x72, 0x74, 0x12, 0x53, +var File_networking_v1alpha3_destination_rule_proto protoreflect.FileDescriptor + +var file_networking_v1alpha3_destination_rule_proto_rawDesc = []byte{ + 0x0a, 0x2a, 0x6e, 0x65, 0x74, 0x77, 0x6f, 0x72, 0x6b, 0x69, 0x6e, 0x67, 0x2f, 0x76, 0x31, 0x61, + 0x6c, 0x70, 0x68, 0x61, 0x33, 0x2f, 0x64, 0x65, 0x73, 0x74, 0x69, 0x6e, 0x61, 0x74, 0x69, 0x6f, + 0x6e, 0x5f, 0x72, 0x75, 0x6c, 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x12, 0x19, 0x69, 0x73, + 0x74, 0x69, 0x6f, 0x2e, 0x6e, 0x65, 0x74, 0x77, 0x6f, 0x72, 0x6b, 0x69, 0x6e, 0x67, 0x2e, 0x76, + 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x33, 0x1a, 0x1f, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2f, + 0x61, 0x70, 0x69, 0x2f, 0x66, 0x69, 0x65, 0x6c, 0x64, 0x5f, 0x62, 0x65, 0x68, 0x61, 0x76, 0x69, + 0x6f, 0x72, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x1a, 0x1e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, + 0x2f, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2f, 0x64, 0x75, 0x72, 0x61, 0x74, 0x69, + 0x6f, 0x6e, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x1a, 0x1e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, + 0x2f, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2f, 0x77, 0x72, 0x61, 0x70, 0x70, 0x65, + 0x72, 0x73, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x1a, 0x29, 0x6e, 0x65, 0x74, 0x77, 0x6f, 0x72, + 0x6b, 0x69, 0x6e, 0x67, 0x2f, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x33, 0x2f, 0x76, 0x69, + 0x72, 0x74, 0x75, 0x61, 0x6c, 0x5f, 0x73, 0x65, 0x72, 0x76, 0x69, 0x63, 0x65, 0x2e, 0x70, 0x72, + 0x6f, 0x74, 0x6f, 0x1a, 0x1b, 0x74, 0x79, 0x70, 0x65, 0x2f, 0x76, 0x31, 0x62, 0x65, 0x74, 0x61, + 0x31, 0x2f, 0x73, 0x65, 0x6c, 0x65, 0x63, 0x74, 0x6f, 0x72, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, + 0x22, 0xa9, 0x02, 0x0a, 0x0f, 0x44, 0x65, 0x73, 0x74, 0x69, 0x6e, 0x61, 0x74, 0x69, 0x6f, 0x6e, + 0x52, 0x75, 0x6c, 0x65, 0x12, 0x18, 0x0a, 0x04, 0x68, 0x6f, 0x73, 0x74, 0x18, 0x01, 0x20, 0x01, + 0x28, 0x09, 0x42, 0x04, 0xe2, 0x41, 0x01, 0x02, 0x52, 0x04, 0x68, 0x6f, 0x73, 0x74, 0x12, 0x4f, + 0x0a, 0x0e, 0x74, 0x72, 0x61, 0x66, 0x66, 0x69, 0x63, 0x5f, 0x70, 0x6f, 0x6c, 0x69, 0x63, 0x79, + 0x18, 0x02, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x28, 0x2e, 0x69, 0x73, 0x74, 0x69, 0x6f, 0x2e, 0x6e, + 0x65, 0x74, 0x77, 0x6f, 0x72, 0x6b, 0x69, 0x6e, 0x67, 0x2e, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, + 0x61, 0x33, 0x2e, 0x54, 0x72, 0x61, 0x66, 0x66, 0x69, 0x63, 0x50, 0x6f, 0x6c, 0x69, 0x63, 0x79, + 0x52, 0x0d, 0x74, 0x72, 0x61, 0x66, 0x66, 0x69, 0x63, 0x50, 0x6f, 0x6c, 0x69, 0x63, 0x79, 0x12, + 0x3b, 0x0a, 0x07, 0x73, 0x75, 0x62, 0x73, 0x65, 0x74, 0x73, 0x18, 0x03, 0x20, 0x03, 0x28, 0x0b, + 0x32, 0x21, 0x2e, 0x69, 0x73, 0x74, 0x69, 0x6f, 0x2e, 0x6e, 0x65, 0x74, 0x77, 0x6f, 0x72, 0x6b, + 0x69, 0x6e, 0x67, 0x2e, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x33, 0x2e, 0x53, 0x75, 0x62, + 0x73, 0x65, 0x74, 0x52, 0x07, 0x73, 0x75, 0x62, 0x73, 0x65, 0x74, 0x73, 0x12, 0x1b, 0x0a, 0x09, + 0x65, 0x78, 0x70, 0x6f, 0x72, 0x74, 0x5f, 0x74, 0x6f, 0x18, 0x04, 0x20, 0x03, 0x28, 0x09, 0x52, + 0x08, 0x65, 0x78, 0x70, 0x6f, 0x72, 0x74, 0x54, 0x6f, 0x12, 0x51, 0x0a, 0x11, 0x77, 0x6f, 0x72, + 0x6b, 0x6c, 0x6f, 0x61, 0x64, 0x5f, 0x73, 0x65, 0x6c, 0x65, 0x63, 0x74, 0x6f, 0x72, 0x18, 0x05, + 0x20, 0x01, 0x28, 0x0b, 0x32, 0x24, 0x2e, 0x69, 0x73, 0x74, 0x69, 0x6f, 0x2e, 0x74, 0x79, 0x70, + 0x65, 0x2e, 0x76, 0x31, 0x62, 0x65, 0x74, 0x61, 0x31, 0x2e, 0x57, 0x6f, 0x72, 0x6b, 0x6c, 0x6f, + 0x61, 0x64, 0x53, 0x65, 0x6c, 0x65, 0x63, 0x74, 0x6f, 0x72, 0x52, 0x10, 0x77, 0x6f, 0x72, 0x6b, + 0x6c, 0x6f, 0x61, 0x64, 0x53, 0x65, 0x6c, 0x65, 0x63, 0x74, 0x6f, 0x72, 0x22, 0x99, 0x0a, 0x0a, + 0x0d, 0x54, 0x72, 0x61, 0x66, 0x66, 0x69, 0x63, 0x50, 0x6f, 0x6c, 0x69, 0x63, 0x79, 0x12, 0x54, 0x0a, 0x0d, 0x6c, 0x6f, 0x61, 0x64, 0x5f, 0x62, 0x61, 0x6c, 0x61, 0x6e, 0x63, 0x65, 0x72, 0x18, - 0x02, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x2e, 0x2e, 0x69, 0x73, 0x74, 0x69, 0x6f, 0x2e, 0x6e, 0x65, - 0x74, 0x77, 0x6f, 0x72, 0x6b, 0x69, 0x6e, 0x67, 0x2e, 0x76, 0x31, 0x62, 0x65, 0x74, 0x61, 0x31, - 0x2e, 0x4c, 0x6f, 0x61, 0x64, 0x42, 0x61, 0x6c, 0x61, 0x6e, 0x63, 0x65, 0x72, 0x53, 0x65, 0x74, - 0x74, 0x69, 0x6e, 0x67, 0x73, 0x52, 0x0c, 0x6c, 0x6f, 0x61, 0x64, 0x42, 0x61, 0x6c, 0x61, 0x6e, - 0x63, 0x65, 0x72, 0x12, 0x59, 0x0a, 0x0f, 0x63, 0x6f, 0x6e, 0x6e, 0x65, 0x63, 0x74, 0x69, 0x6f, - 0x6e, 0x5f, 0x70, 0x6f, 0x6f, 0x6c, 0x18, 0x03, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x30, 0x2e, 0x69, - 0x73, 0x74, 0x69, 0x6f, 0x2e, 0x6e, 0x65, 0x74, 0x77, 0x6f, 0x72, 0x6b, 0x69, 0x6e, 0x67, 0x2e, - 0x76, 0x31, 0x62, 0x65, 0x74, 0x61, 0x31, 0x2e, 0x43, 0x6f, 0x6e, 0x6e, 0x65, 0x63, 0x74, 0x69, - 0x6f, 0x6e, 0x50, 0x6f, 0x6f, 0x6c, 0x53, 0x65, 0x74, 0x74, 0x69, 0x6e, 0x67, 0x73, 0x52, 0x0e, - 0x63, 0x6f, 0x6e, 0x6e, 0x65, 0x63, 0x74, 0x69, 0x6f, 0x6e, 0x50, 0x6f, 0x6f, 0x6c, 0x12, 0x57, - 0x0a, 0x11, 0x6f, 0x75, 0x74, 0x6c, 0x69, 0x65, 0x72, 0x5f, 0x64, 0x65, 0x74, 0x65, 0x63, 0x74, - 0x69, 0x6f, 0x6e, 0x18, 0x04, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x2a, 0x2e, 0x69, 0x73, 0x74, 0x69, - 0x6f, 0x2e, 0x6e, 0x65, 0x74, 0x77, 0x6f, 0x72, 0x6b, 0x69, 0x6e, 0x67, 0x2e, 0x76, 0x31, 0x62, - 0x65, 0x74, 0x61, 0x31, 0x2e, 0x4f, 0x75, 0x74, 0x6c, 0x69, 0x65, 0x72, 0x44, 0x65, 0x74, 0x65, - 0x63, 0x74, 0x69, 0x6f, 0x6e, 0x52, 0x10, 0x6f, 0x75, 0x74, 0x6c, 0x69, 0x65, 0x72, 0x44, 0x65, - 0x74, 0x65, 0x63, 0x74, 0x69, 0x6f, 0x6e, 0x12, 0x3d, 0x0a, 0x03, 0x74, 0x6c, 0x73, 0x18, 0x05, - 0x20, 0x01, 0x28, 0x0b, 0x32, 0x2b, 0x2e, 0x69, 0x73, 0x74, 0x69, 0x6f, 0x2e, 0x6e, 0x65, 0x74, - 0x77, 0x6f, 0x72, 0x6b, 0x69, 0x6e, 0x67, 0x2e, 0x76, 0x31, 0x62, 0x65, 0x74, 0x61, 0x31, 0x2e, - 0x43, 0x6c, 0x69, 0x65, 0x6e, 0x74, 0x54, 0x4c, 0x53, 0x53, 0x65, 0x74, 0x74, 0x69, 0x6e, 0x67, - 0x73, 0x52, 0x03, 0x74, 0x6c, 0x73, 0x1a, 0x7a, 0x0a, 0x0e, 0x54, 0x75, 0x6e, 0x6e, 0x65, 0x6c, - 0x53, 0x65, 0x74, 0x74, 0x69, 0x6e, 0x67, 0x73, 0x12, 0x1a, 0x0a, 0x08, 0x70, 0x72, 0x6f, 0x74, - 0x6f, 0x63, 0x6f, 0x6c, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x08, 0x70, 0x72, 0x6f, 0x74, - 0x6f, 0x63, 0x6f, 0x6c, 0x12, 0x25, 0x0a, 0x0b, 0x74, 0x61, 0x72, 0x67, 0x65, 0x74, 0x5f, 0x68, - 0x6f, 0x73, 0x74, 0x18, 0x02, 0x20, 0x01, 0x28, 0x09, 0x42, 0x04, 0xe2, 0x41, 0x01, 0x02, 0x52, - 0x0a, 0x74, 0x61, 0x72, 0x67, 0x65, 0x74, 0x48, 0x6f, 0x73, 0x74, 0x12, 0x25, 0x0a, 0x0b, 0x74, - 0x61, 0x72, 0x67, 0x65, 0x74, 0x5f, 0x70, 0x6f, 0x72, 0x74, 0x18, 0x03, 0x20, 0x01, 0x28, 0x0d, - 0x42, 0x04, 0xe2, 0x41, 0x01, 0x02, 0x52, 0x0a, 0x74, 0x61, 0x72, 0x67, 0x65, 0x74, 0x50, 0x6f, - 0x72, 0x74, 0x22, 0xf3, 0x01, 0x0a, 0x06, 0x53, 0x75, 0x62, 0x73, 0x65, 0x74, 0x12, 0x18, 0x0a, - 0x04, 0x6e, 0x61, 0x6d, 0x65, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x42, 0x04, 0xe2, 0x41, 0x01, - 0x02, 0x52, 0x04, 0x6e, 0x61, 0x6d, 0x65, 0x12, 0x44, 0x0a, 0x06, 0x6c, 0x61, 0x62, 0x65, 0x6c, - 0x73, 0x18, 0x02, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x2c, 0x2e, 0x69, 0x73, 0x74, 0x69, 0x6f, 0x2e, - 0x6e, 0x65, 0x74, 0x77, 0x6f, 0x72, 0x6b, 0x69, 0x6e, 0x67, 0x2e, 0x76, 0x31, 0x62, 0x65, 0x74, - 0x61, 0x31, 0x2e, 0x53, 0x75, 0x62, 0x73, 0x65, 0x74, 0x2e, 0x4c, 0x61, 0x62, 0x65, 0x6c, 0x73, - 0x45, 0x6e, 0x74, 0x72, 0x79, 0x52, 0x06, 0x6c, 0x61, 0x62, 0x65, 0x6c, 0x73, 0x12, 0x4e, 0x0a, - 0x0e, 0x74, 0x72, 0x61, 0x66, 0x66, 0x69, 0x63, 0x5f, 0x70, 0x6f, 0x6c, 0x69, 0x63, 0x79, 0x18, - 0x03, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x27, 0x2e, 0x69, 0x73, 0x74, 0x69, 0x6f, 0x2e, 0x6e, 0x65, - 0x74, 0x77, 0x6f, 0x72, 0x6b, 0x69, 0x6e, 0x67, 0x2e, 0x76, 0x31, 0x62, 0x65, 0x74, 0x61, 0x31, - 0x2e, 0x54, 0x72, 0x61, 0x66, 0x66, 0x69, 0x63, 0x50, 0x6f, 0x6c, 0x69, 0x63, 0x79, 0x52, 0x0d, - 0x74, 0x72, 0x61, 0x66, 0x66, 0x69, 0x63, 0x50, 0x6f, 0x6c, 0x69, 0x63, 0x79, 0x1a, 0x39, 0x0a, - 0x0b, 0x4c, 0x61, 0x62, 0x65, 0x6c, 0x73, 0x45, 0x6e, 0x74, 0x72, 0x79, 0x12, 0x10, 0x0a, 0x03, - 0x6b, 0x65, 0x79, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x03, 0x6b, 0x65, 0x79, 0x12, 0x14, - 0x0a, 0x05, 0x76, 0x61, 0x6c, 0x75, 0x65, 0x18, 0x02, 0x20, 0x01, 0x28, 0x09, 0x52, 0x05, 0x76, - 0x61, 0x6c, 0x75, 0x65, 0x3a, 0x02, 0x38, 0x01, 0x22, 0x84, 0x0a, 0x0a, 0x14, 0x4c, 0x6f, 0x61, - 0x64, 0x42, 0x61, 0x6c, 0x61, 0x6e, 0x63, 0x65, 0x72, 0x53, 0x65, 0x74, 0x74, 0x69, 0x6e, 0x67, - 0x73, 0x12, 0x51, 0x0a, 0x06, 0x73, 0x69, 0x6d, 0x70, 0x6c, 0x65, 0x18, 0x01, 0x20, 0x01, 0x28, - 0x0e, 0x32, 0x37, 0x2e, 0x69, 0x73, 0x74, 0x69, 0x6f, 0x2e, 0x6e, 0x65, 0x74, 0x77, 0x6f, 0x72, - 0x6b, 0x69, 0x6e, 0x67, 0x2e, 0x76, 0x31, 0x62, 0x65, 0x74, 0x61, 0x31, 0x2e, 0x4c, 0x6f, 0x61, + 0x01, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x2f, 0x2e, 0x69, 0x73, 0x74, 0x69, 0x6f, 0x2e, 0x6e, 0x65, + 0x74, 0x77, 0x6f, 0x72, 0x6b, 0x69, 0x6e, 0x67, 0x2e, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, + 0x33, 0x2e, 0x4c, 0x6f, 0x61, 0x64, 0x42, 0x61, 0x6c, 0x61, 0x6e, 0x63, 0x65, 0x72, 0x53, 0x65, + 0x74, 0x74, 0x69, 0x6e, 0x67, 0x73, 0x52, 0x0c, 0x6c, 0x6f, 0x61, 0x64, 0x42, 0x61, 0x6c, 0x61, + 0x6e, 0x63, 0x65, 0x72, 0x12, 0x5a, 0x0a, 0x0f, 0x63, 0x6f, 0x6e, 0x6e, 0x65, 0x63, 0x74, 0x69, + 0x6f, 0x6e, 0x5f, 0x70, 0x6f, 0x6f, 0x6c, 0x18, 0x02, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x31, 0x2e, + 0x69, 0x73, 0x74, 0x69, 0x6f, 0x2e, 0x6e, 0x65, 0x74, 0x77, 0x6f, 0x72, 0x6b, 0x69, 0x6e, 0x67, + 0x2e, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x33, 0x2e, 0x43, 0x6f, 0x6e, 0x6e, 0x65, 0x63, + 0x74, 0x69, 0x6f, 0x6e, 0x50, 0x6f, 0x6f, 0x6c, 0x53, 0x65, 0x74, 0x74, 0x69, 0x6e, 0x67, 0x73, + 0x52, 0x0e, 0x63, 0x6f, 0x6e, 0x6e, 0x65, 0x63, 0x74, 0x69, 0x6f, 0x6e, 0x50, 0x6f, 0x6f, 0x6c, + 0x12, 0x58, 0x0a, 0x11, 0x6f, 0x75, 0x74, 0x6c, 0x69, 0x65, 0x72, 0x5f, 0x64, 0x65, 0x74, 0x65, + 0x63, 0x74, 0x69, 0x6f, 0x6e, 0x18, 0x03, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x2b, 0x2e, 0x69, 0x73, + 0x74, 0x69, 0x6f, 0x2e, 0x6e, 0x65, 0x74, 0x77, 0x6f, 0x72, 0x6b, 0x69, 0x6e, 0x67, 0x2e, 0x76, + 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x33, 0x2e, 0x4f, 0x75, 0x74, 0x6c, 0x69, 0x65, 0x72, 0x44, + 0x65, 0x74, 0x65, 0x63, 0x74, 0x69, 0x6f, 0x6e, 0x52, 0x10, 0x6f, 0x75, 0x74, 0x6c, 0x69, 0x65, + 0x72, 0x44, 0x65, 0x74, 0x65, 0x63, 0x74, 0x69, 0x6f, 0x6e, 0x12, 0x3e, 0x0a, 0x03, 0x74, 0x6c, + 0x73, 0x18, 0x04, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x2c, 0x2e, 0x69, 0x73, 0x74, 0x69, 0x6f, 0x2e, + 0x6e, 0x65, 0x74, 0x77, 0x6f, 0x72, 0x6b, 0x69, 0x6e, 0x67, 0x2e, 0x76, 0x31, 0x61, 0x6c, 0x70, + 0x68, 0x61, 0x33, 0x2e, 0x43, 0x6c, 0x69, 0x65, 0x6e, 0x74, 0x54, 0x4c, 0x53, 0x53, 0x65, 0x74, + 0x74, 0x69, 0x6e, 0x67, 0x73, 0x52, 0x03, 0x74, 0x6c, 0x73, 0x12, 0x6a, 0x0a, 0x13, 0x70, 0x6f, + 0x72, 0x74, 0x5f, 0x6c, 0x65, 0x76, 0x65, 0x6c, 0x5f, 0x73, 0x65, 0x74, 0x74, 0x69, 0x6e, 0x67, + 0x73, 0x18, 0x05, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x3a, 0x2e, 0x69, 0x73, 0x74, 0x69, 0x6f, 0x2e, + 0x6e, 0x65, 0x74, 0x77, 0x6f, 0x72, 0x6b, 0x69, 0x6e, 0x67, 0x2e, 0x76, 0x31, 0x61, 0x6c, 0x70, + 0x68, 0x61, 0x33, 0x2e, 0x54, 0x72, 0x61, 0x66, 0x66, 0x69, 0x63, 0x50, 0x6f, 0x6c, 0x69, 0x63, + 0x79, 0x2e, 0x50, 0x6f, 0x72, 0x74, 0x54, 0x72, 0x61, 0x66, 0x66, 0x69, 0x63, 0x50, 0x6f, 0x6c, + 0x69, 0x63, 0x79, 0x52, 0x11, 0x70, 0x6f, 0x72, 0x74, 0x4c, 0x65, 0x76, 0x65, 0x6c, 0x53, 0x65, + 0x74, 0x74, 0x69, 0x6e, 0x67, 0x73, 0x12, 0x4f, 0x0a, 0x06, 0x74, 0x75, 0x6e, 0x6e, 0x65, 0x6c, + 0x18, 0x06, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x37, 0x2e, 0x69, 0x73, 0x74, 0x69, 0x6f, 0x2e, 0x6e, + 0x65, 0x74, 0x77, 0x6f, 0x72, 0x6b, 0x69, 0x6e, 0x67, 0x2e, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, + 0x61, 0x33, 0x2e, 0x54, 0x72, 0x61, 0x66, 0x66, 0x69, 0x63, 0x50, 0x6f, 0x6c, 0x69, 0x63, 0x79, + 0x2e, 0x54, 0x75, 0x6e, 0x6e, 0x65, 0x6c, 0x53, 0x65, 0x74, 0x74, 0x69, 0x6e, 0x67, 0x73, 0x52, + 0x06, 0x74, 0x75, 0x6e, 0x6e, 0x65, 0x6c, 0x12, 0x5d, 0x0a, 0x0e, 0x70, 0x72, 0x6f, 0x78, 0x79, + 0x5f, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x63, 0x6f, 0x6c, 0x18, 0x07, 0x20, 0x01, 0x28, 0x0b, 0x32, + 0x36, 0x2e, 0x69, 0x73, 0x74, 0x69, 0x6f, 0x2e, 0x6e, 0x65, 0x74, 0x77, 0x6f, 0x72, 0x6b, 0x69, + 0x6e, 0x67, 0x2e, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x33, 0x2e, 0x54, 0x72, 0x61, 0x66, + 0x66, 0x69, 0x63, 0x50, 0x6f, 0x6c, 0x69, 0x63, 0x79, 0x2e, 0x50, 0x72, 0x6f, 0x78, 0x79, 0x50, + 0x72, 0x6f, 0x74, 0x6f, 0x63, 0x6f, 0x6c, 0x52, 0x0d, 0x70, 0x72, 0x6f, 0x78, 0x79, 0x50, 0x72, + 0x6f, 0x74, 0x6f, 0x63, 0x6f, 0x6c, 0x1a, 0x9c, 0x03, 0x0a, 0x11, 0x50, 0x6f, 0x72, 0x74, 0x54, + 0x72, 0x61, 0x66, 0x66, 0x69, 0x63, 0x50, 0x6f, 0x6c, 0x69, 0x63, 0x79, 0x12, 0x3b, 0x0a, 0x04, + 0x70, 0x6f, 0x72, 0x74, 0x18, 0x01, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x27, 0x2e, 0x69, 0x73, 0x74, + 0x69, 0x6f, 0x2e, 0x6e, 0x65, 0x74, 0x77, 0x6f, 0x72, 0x6b, 0x69, 0x6e, 0x67, 0x2e, 0x76, 0x31, + 0x61, 0x6c, 0x70, 0x68, 0x61, 0x33, 0x2e, 0x50, 0x6f, 0x72, 0x74, 0x53, 0x65, 0x6c, 0x65, 0x63, + 0x74, 0x6f, 0x72, 0x52, 0x04, 0x70, 0x6f, 0x72, 0x74, 0x12, 0x54, 0x0a, 0x0d, 0x6c, 0x6f, 0x61, + 0x64, 0x5f, 0x62, 0x61, 0x6c, 0x61, 0x6e, 0x63, 0x65, 0x72, 0x18, 0x02, 0x20, 0x01, 0x28, 0x0b, + 0x32, 0x2f, 0x2e, 0x69, 0x73, 0x74, 0x69, 0x6f, 0x2e, 0x6e, 0x65, 0x74, 0x77, 0x6f, 0x72, 0x6b, + 0x69, 0x6e, 0x67, 0x2e, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x33, 0x2e, 0x4c, 0x6f, 0x61, 0x64, 0x42, 0x61, 0x6c, 0x61, 0x6e, 0x63, 0x65, 0x72, 0x53, 0x65, 0x74, 0x74, 0x69, 0x6e, 0x67, - 0x73, 0x2e, 0x53, 0x69, 0x6d, 0x70, 0x6c, 0x65, 0x4c, 0x42, 0x48, 0x00, 0x52, 0x06, 0x73, 0x69, - 0x6d, 0x70, 0x6c, 0x65, 0x12, 0x6a, 0x0a, 0x0f, 0x63, 0x6f, 0x6e, 0x73, 0x69, 0x73, 0x74, 0x65, - 0x6e, 0x74, 0x5f, 0x68, 0x61, 0x73, 0x68, 0x18, 0x02, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x3f, 0x2e, + 0x73, 0x52, 0x0c, 0x6c, 0x6f, 0x61, 0x64, 0x42, 0x61, 0x6c, 0x61, 0x6e, 0x63, 0x65, 0x72, 0x12, + 0x5a, 0x0a, 0x0f, 0x63, 0x6f, 0x6e, 0x6e, 0x65, 0x63, 0x74, 0x69, 0x6f, 0x6e, 0x5f, 0x70, 0x6f, + 0x6f, 0x6c, 0x18, 0x03, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x31, 0x2e, 0x69, 0x73, 0x74, 0x69, 0x6f, + 0x2e, 0x6e, 0x65, 0x74, 0x77, 0x6f, 0x72, 0x6b, 0x69, 0x6e, 0x67, 0x2e, 0x76, 0x31, 0x61, 0x6c, + 0x70, 0x68, 0x61, 0x33, 0x2e, 0x43, 0x6f, 0x6e, 0x6e, 0x65, 0x63, 0x74, 0x69, 0x6f, 0x6e, 0x50, + 0x6f, 0x6f, 0x6c, 0x53, 0x65, 0x74, 0x74, 0x69, 0x6e, 0x67, 0x73, 0x52, 0x0e, 0x63, 0x6f, 0x6e, + 0x6e, 0x65, 0x63, 0x74, 0x69, 0x6f, 0x6e, 0x50, 0x6f, 0x6f, 0x6c, 0x12, 0x58, 0x0a, 0x11, 0x6f, + 0x75, 0x74, 0x6c, 0x69, 0x65, 0x72, 0x5f, 0x64, 0x65, 0x74, 0x65, 0x63, 0x74, 0x69, 0x6f, 0x6e, + 0x18, 0x04, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x2b, 0x2e, 0x69, 0x73, 0x74, 0x69, 0x6f, 0x2e, 0x6e, + 0x65, 0x74, 0x77, 0x6f, 0x72, 0x6b, 0x69, 0x6e, 0x67, 0x2e, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, + 0x61, 0x33, 0x2e, 0x4f, 0x75, 0x74, 0x6c, 0x69, 0x65, 0x72, 0x44, 0x65, 0x74, 0x65, 0x63, 0x74, + 0x69, 0x6f, 0x6e, 0x52, 0x10, 0x6f, 0x75, 0x74, 0x6c, 0x69, 0x65, 0x72, 0x44, 0x65, 0x74, 0x65, + 0x63, 0x74, 0x69, 0x6f, 0x6e, 0x12, 0x3e, 0x0a, 0x03, 0x74, 0x6c, 0x73, 0x18, 0x05, 0x20, 0x01, + 0x28, 0x0b, 0x32, 0x2c, 0x2e, 0x69, 0x73, 0x74, 0x69, 0x6f, 0x2e, 0x6e, 0x65, 0x74, 0x77, 0x6f, + 0x72, 0x6b, 0x69, 0x6e, 0x67, 0x2e, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x33, 0x2e, 0x43, + 0x6c, 0x69, 0x65, 0x6e, 0x74, 0x54, 0x4c, 0x53, 0x53, 0x65, 0x74, 0x74, 0x69, 0x6e, 0x67, 0x73, + 0x52, 0x03, 0x74, 0x6c, 0x73, 0x1a, 0x7a, 0x0a, 0x0e, 0x54, 0x75, 0x6e, 0x6e, 0x65, 0x6c, 0x53, + 0x65, 0x74, 0x74, 0x69, 0x6e, 0x67, 0x73, 0x12, 0x1a, 0x0a, 0x08, 0x70, 0x72, 0x6f, 0x74, 0x6f, + 0x63, 0x6f, 0x6c, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x08, 0x70, 0x72, 0x6f, 0x74, 0x6f, + 0x63, 0x6f, 0x6c, 0x12, 0x25, 0x0a, 0x0b, 0x74, 0x61, 0x72, 0x67, 0x65, 0x74, 0x5f, 0x68, 0x6f, + 0x73, 0x74, 0x18, 0x02, 0x20, 0x01, 0x28, 0x09, 0x42, 0x04, 0xe2, 0x41, 0x01, 0x02, 0x52, 0x0a, + 0x74, 0x61, 0x72, 0x67, 0x65, 0x74, 0x48, 0x6f, 0x73, 0x74, 0x12, 0x25, 0x0a, 0x0b, 0x74, 0x61, + 0x72, 0x67, 0x65, 0x74, 0x5f, 0x70, 0x6f, 0x72, 0x74, 0x18, 0x03, 0x20, 0x01, 0x28, 0x0d, 0x42, + 0x04, 0xe2, 0x41, 0x01, 0x02, 0x52, 0x0a, 0x74, 0x61, 0x72, 0x67, 0x65, 0x74, 0x50, 0x6f, 0x72, + 0x74, 0x1a, 0x84, 0x01, 0x0a, 0x0d, 0x50, 0x72, 0x6f, 0x78, 0x79, 0x50, 0x72, 0x6f, 0x74, 0x6f, + 0x63, 0x6f, 0x6c, 0x12, 0x58, 0x0a, 0x07, 0x76, 0x65, 0x72, 0x73, 0x69, 0x6f, 0x6e, 0x18, 0x01, + 0x20, 0x01, 0x28, 0x0e, 0x32, 0x3e, 0x2e, 0x69, 0x73, 0x74, 0x69, 0x6f, 0x2e, 0x6e, 0x65, 0x74, + 0x77, 0x6f, 0x72, 0x6b, 0x69, 0x6e, 0x67, 0x2e, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x33, + 0x2e, 0x54, 0x72, 0x61, 0x66, 0x66, 0x69, 0x63, 0x50, 0x6f, 0x6c, 0x69, 0x63, 0x79, 0x2e, 0x50, + 0x72, 0x6f, 0x78, 0x79, 0x50, 0x72, 0x6f, 0x74, 0x6f, 0x63, 0x6f, 0x6c, 0x2e, 0x56, 0x45, 0x52, + 0x53, 0x49, 0x4f, 0x4e, 0x52, 0x07, 0x76, 0x65, 0x72, 0x73, 0x69, 0x6f, 0x6e, 0x22, 0x19, 0x0a, + 0x07, 0x56, 0x45, 0x52, 0x53, 0x49, 0x4f, 0x4e, 0x12, 0x06, 0x0a, 0x02, 0x56, 0x31, 0x10, 0x00, + 0x12, 0x06, 0x0a, 0x02, 0x56, 0x32, 0x10, 0x01, 0x22, 0xf5, 0x01, 0x0a, 0x06, 0x53, 0x75, 0x62, + 0x73, 0x65, 0x74, 0x12, 0x18, 0x0a, 0x04, 0x6e, 0x61, 0x6d, 0x65, 0x18, 0x01, 0x20, 0x01, 0x28, + 0x09, 0x42, 0x04, 0xe2, 0x41, 0x01, 0x02, 0x52, 0x04, 0x6e, 0x61, 0x6d, 0x65, 0x12, 0x45, 0x0a, + 0x06, 0x6c, 0x61, 0x62, 0x65, 0x6c, 0x73, 0x18, 0x02, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x2d, 0x2e, 0x69, 0x73, 0x74, 0x69, 0x6f, 0x2e, 0x6e, 0x65, 0x74, 0x77, 0x6f, 0x72, 0x6b, 0x69, 0x6e, 0x67, - 0x2e, 0x76, 0x31, 0x62, 0x65, 0x74, 0x61, 0x31, 0x2e, 0x4c, 0x6f, 0x61, 0x64, 0x42, 0x61, 0x6c, - 0x61, 0x6e, 0x63, 0x65, 0x72, 0x53, 0x65, 0x74, 0x74, 0x69, 0x6e, 0x67, 0x73, 0x2e, 0x43, 0x6f, - 0x6e, 0x73, 0x69, 0x73, 0x74, 0x65, 0x6e, 0x74, 0x48, 0x61, 0x73, 0x68, 0x4c, 0x42, 0x48, 0x00, - 0x52, 0x0e, 0x63, 0x6f, 0x6e, 0x73, 0x69, 0x73, 0x74, 0x65, 0x6e, 0x74, 0x48, 0x61, 0x73, 0x68, - 0x12, 0x65, 0x0a, 0x13, 0x6c, 0x6f, 0x63, 0x61, 0x6c, 0x69, 0x74, 0x79, 0x5f, 0x6c, 0x62, 0x5f, - 0x73, 0x65, 0x74, 0x74, 0x69, 0x6e, 0x67, 0x18, 0x03, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x35, 0x2e, + 0x2e, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x33, 0x2e, 0x53, 0x75, 0x62, 0x73, 0x65, 0x74, + 0x2e, 0x4c, 0x61, 0x62, 0x65, 0x6c, 0x73, 0x45, 0x6e, 0x74, 0x72, 0x79, 0x52, 0x06, 0x6c, 0x61, + 0x62, 0x65, 0x6c, 0x73, 0x12, 0x4f, 0x0a, 0x0e, 0x74, 0x72, 0x61, 0x66, 0x66, 0x69, 0x63, 0x5f, + 0x70, 0x6f, 0x6c, 0x69, 0x63, 0x79, 0x18, 0x03, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x28, 0x2e, 0x69, + 0x73, 0x74, 0x69, 0x6f, 0x2e, 0x6e, 0x65, 0x74, 0x77, 0x6f, 0x72, 0x6b, 0x69, 0x6e, 0x67, 0x2e, + 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x33, 0x2e, 0x54, 0x72, 0x61, 0x66, 0x66, 0x69, 0x63, + 0x50, 0x6f, 0x6c, 0x69, 0x63, 0x79, 0x52, 0x0d, 0x74, 0x72, 0x61, 0x66, 0x66, 0x69, 0x63, 0x50, + 0x6f, 0x6c, 0x69, 0x63, 0x79, 0x1a, 0x39, 0x0a, 0x0b, 0x4c, 0x61, 0x62, 0x65, 0x6c, 0x73, 0x45, + 0x6e, 0x74, 0x72, 0x79, 0x12, 0x10, 0x0a, 0x03, 0x6b, 0x65, 0x79, 0x18, 0x01, 0x20, 0x01, 0x28, + 0x09, 0x52, 0x03, 0x6b, 0x65, 0x79, 0x12, 0x14, 0x0a, 0x05, 0x76, 0x61, 0x6c, 0x75, 0x65, 0x18, + 0x02, 0x20, 0x01, 0x28, 0x09, 0x52, 0x05, 0x76, 0x61, 0x6c, 0x75, 0x65, 0x3a, 0x02, 0x38, 0x01, + 0x22, 0xcc, 0x0a, 0x0a, 0x14, 0x4c, 0x6f, 0x61, 0x64, 0x42, 0x61, 0x6c, 0x61, 0x6e, 0x63, 0x65, + 0x72, 0x53, 0x65, 0x74, 0x74, 0x69, 0x6e, 0x67, 0x73, 0x12, 0x52, 0x0a, 0x06, 0x73, 0x69, 0x6d, + 0x70, 0x6c, 0x65, 0x18, 0x01, 0x20, 0x01, 0x28, 0x0e, 0x32, 0x38, 0x2e, 0x69, 0x73, 0x74, 0x69, + 0x6f, 0x2e, 0x6e, 0x65, 0x74, 0x77, 0x6f, 0x72, 0x6b, 0x69, 0x6e, 0x67, 0x2e, 0x76, 0x31, 0x61, + 0x6c, 0x70, 0x68, 0x61, 0x33, 0x2e, 0x4c, 0x6f, 0x61, 0x64, 0x42, 0x61, 0x6c, 0x61, 0x6e, 0x63, + 0x65, 0x72, 0x53, 0x65, 0x74, 0x74, 0x69, 0x6e, 0x67, 0x73, 0x2e, 0x53, 0x69, 0x6d, 0x70, 0x6c, + 0x65, 0x4c, 0x42, 0x48, 0x00, 0x52, 0x06, 0x73, 0x69, 0x6d, 0x70, 0x6c, 0x65, 0x12, 0x6b, 0x0a, + 0x0f, 0x63, 0x6f, 0x6e, 0x73, 0x69, 0x73, 0x74, 0x65, 0x6e, 0x74, 0x5f, 0x68, 0x61, 0x73, 0x68, + 0x18, 0x02, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x40, 0x2e, 0x69, 0x73, 0x74, 0x69, 0x6f, 0x2e, 0x6e, + 0x65, 0x74, 0x77, 0x6f, 0x72, 0x6b, 0x69, 0x6e, 0x67, 0x2e, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, + 0x61, 0x33, 0x2e, 0x4c, 0x6f, 0x61, 0x64, 0x42, 0x61, 0x6c, 0x61, 0x6e, 0x63, 0x65, 0x72, 0x53, + 0x65, 0x74, 0x74, 0x69, 0x6e, 0x67, 0x73, 0x2e, 0x43, 0x6f, 0x6e, 0x73, 0x69, 0x73, 0x74, 0x65, + 0x6e, 0x74, 0x48, 0x61, 0x73, 0x68, 0x4c, 0x42, 0x48, 0x00, 0x52, 0x0e, 0x63, 0x6f, 0x6e, 0x73, + 0x69, 0x73, 0x74, 0x65, 0x6e, 0x74, 0x48, 0x61, 0x73, 0x68, 0x12, 0x66, 0x0a, 0x13, 0x6c, 0x6f, + 0x63, 0x61, 0x6c, 0x69, 0x74, 0x79, 0x5f, 0x6c, 0x62, 0x5f, 0x73, 0x65, 0x74, 0x74, 0x69, 0x6e, + 0x67, 0x18, 0x03, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x36, 0x2e, 0x69, 0x73, 0x74, 0x69, 0x6f, 0x2e, + 0x6e, 0x65, 0x74, 0x77, 0x6f, 0x72, 0x6b, 0x69, 0x6e, 0x67, 0x2e, 0x76, 0x31, 0x61, 0x6c, 0x70, + 0x68, 0x61, 0x33, 0x2e, 0x4c, 0x6f, 0x63, 0x61, 0x6c, 0x69, 0x74, 0x79, 0x4c, 0x6f, 0x61, 0x64, + 0x42, 0x61, 0x6c, 0x61, 0x6e, 0x63, 0x65, 0x72, 0x53, 0x65, 0x74, 0x74, 0x69, 0x6e, 0x67, 0x52, + 0x11, 0x6c, 0x6f, 0x63, 0x61, 0x6c, 0x69, 0x74, 0x79, 0x4c, 0x62, 0x53, 0x65, 0x74, 0x74, 0x69, + 0x6e, 0x67, 0x12, 0x4b, 0x0a, 0x14, 0x77, 0x61, 0x72, 0x6d, 0x75, 0x70, 0x5f, 0x64, 0x75, 0x72, + 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x5f, 0x73, 0x65, 0x63, 0x73, 0x18, 0x04, 0x20, 0x01, 0x28, 0x0b, + 0x32, 0x19, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, + 0x75, 0x66, 0x2e, 0x44, 0x75, 0x72, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x52, 0x12, 0x77, 0x61, 0x72, + 0x6d, 0x75, 0x70, 0x44, 0x75, 0x72, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x53, 0x65, 0x63, 0x73, 0x12, + 0x46, 0x0a, 0x06, 0x77, 0x61, 0x72, 0x6d, 0x75, 0x70, 0x18, 0x05, 0x20, 0x01, 0x28, 0x0b, 0x32, + 0x2e, 0x2e, 0x69, 0x73, 0x74, 0x69, 0x6f, 0x2e, 0x6e, 0x65, 0x74, 0x77, 0x6f, 0x72, 0x6b, 0x69, + 0x6e, 0x67, 0x2e, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x33, 0x2e, 0x57, 0x61, 0x72, 0x6d, + 0x75, 0x70, 0x43, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x75, 0x72, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x52, + 0x06, 0x77, 0x61, 0x72, 0x6d, 0x75, 0x70, 0x1a, 0xf6, 0x05, 0x0a, 0x10, 0x43, 0x6f, 0x6e, 0x73, + 0x69, 0x73, 0x74, 0x65, 0x6e, 0x74, 0x48, 0x61, 0x73, 0x68, 0x4c, 0x42, 0x12, 0x2a, 0x0a, 0x10, + 0x68, 0x74, 0x74, 0x70, 0x5f, 0x68, 0x65, 0x61, 0x64, 0x65, 0x72, 0x5f, 0x6e, 0x61, 0x6d, 0x65, + 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x48, 0x00, 0x52, 0x0e, 0x68, 0x74, 0x74, 0x70, 0x48, 0x65, + 0x61, 0x64, 0x65, 0x72, 0x4e, 0x61, 0x6d, 0x65, 0x12, 0x6e, 0x0a, 0x0b, 0x68, 0x74, 0x74, 0x70, + 0x5f, 0x63, 0x6f, 0x6f, 0x6b, 0x69, 0x65, 0x18, 0x02, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x4b, 0x2e, 0x69, 0x73, 0x74, 0x69, 0x6f, 0x2e, 0x6e, 0x65, 0x74, 0x77, 0x6f, 0x72, 0x6b, 0x69, 0x6e, 0x67, - 0x2e, 0x76, 0x31, 0x62, 0x65, 0x74, 0x61, 0x31, 0x2e, 0x4c, 0x6f, 0x63, 0x61, 0x6c, 0x69, 0x74, - 0x79, 0x4c, 0x6f, 0x61, 0x64, 0x42, 0x61, 0x6c, 0x61, 0x6e, 0x63, 0x65, 0x72, 0x53, 0x65, 0x74, - 0x74, 0x69, 0x6e, 0x67, 0x52, 0x11, 0x6c, 0x6f, 0x63, 0x61, 0x6c, 0x69, 0x74, 0x79, 0x4c, 0x62, - 0x53, 0x65, 0x74, 0x74, 0x69, 0x6e, 0x67, 0x12, 0x4b, 0x0a, 0x14, 0x77, 0x61, 0x72, 0x6d, 0x75, - 0x70, 0x5f, 0x64, 0x75, 0x72, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x5f, 0x73, 0x65, 0x63, 0x73, 0x18, - 0x04, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x19, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x70, - 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2e, 0x44, 0x75, 0x72, 0x61, 0x74, 0x69, 0x6f, 0x6e, - 0x52, 0x12, 0x77, 0x61, 0x72, 0x6d, 0x75, 0x70, 0x44, 0x75, 0x72, 0x61, 0x74, 0x69, 0x6f, 0x6e, - 0x53, 0x65, 0x63, 0x73, 0x1a, 0xf9, 0x05, 0x0a, 0x10, 0x43, 0x6f, 0x6e, 0x73, 0x69, 0x73, 0x74, - 0x65, 0x6e, 0x74, 0x48, 0x61, 0x73, 0x68, 0x4c, 0x42, 0x12, 0x2a, 0x0a, 0x10, 0x68, 0x74, 0x74, - 0x70, 0x5f, 0x68, 0x65, 0x61, 0x64, 0x65, 0x72, 0x5f, 0x6e, 0x61, 0x6d, 0x65, 0x18, 0x01, 0x20, - 0x01, 0x28, 0x09, 0x48, 0x00, 0x52, 0x0e, 0x68, 0x74, 0x74, 0x70, 0x48, 0x65, 0x61, 0x64, 0x65, - 0x72, 0x4e, 0x61, 0x6d, 0x65, 0x12, 0x6d, 0x0a, 0x0b, 0x68, 0x74, 0x74, 0x70, 0x5f, 0x63, 0x6f, - 0x6f, 0x6b, 0x69, 0x65, 0x18, 0x02, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x4a, 0x2e, 0x69, 0x73, 0x74, - 0x69, 0x6f, 0x2e, 0x6e, 0x65, 0x74, 0x77, 0x6f, 0x72, 0x6b, 0x69, 0x6e, 0x67, 0x2e, 0x76, 0x31, - 0x62, 0x65, 0x74, 0x61, 0x31, 0x2e, 0x4c, 0x6f, 0x61, 0x64, 0x42, 0x61, 0x6c, 0x61, 0x6e, 0x63, - 0x65, 0x72, 0x53, 0x65, 0x74, 0x74, 0x69, 0x6e, 0x67, 0x73, 0x2e, 0x43, 0x6f, 0x6e, 0x73, 0x69, - 0x73, 0x74, 0x65, 0x6e, 0x74, 0x48, 0x61, 0x73, 0x68, 0x4c, 0x42, 0x2e, 0x48, 0x54, 0x54, 0x50, - 0x43, 0x6f, 0x6f, 0x6b, 0x69, 0x65, 0x48, 0x00, 0x52, 0x0a, 0x68, 0x74, 0x74, 0x70, 0x43, 0x6f, - 0x6f, 0x6b, 0x69, 0x65, 0x12, 0x24, 0x0a, 0x0d, 0x75, 0x73, 0x65, 0x5f, 0x73, 0x6f, 0x75, 0x72, - 0x63, 0x65, 0x5f, 0x69, 0x70, 0x18, 0x03, 0x20, 0x01, 0x28, 0x08, 0x48, 0x00, 0x52, 0x0b, 0x75, - 0x73, 0x65, 0x53, 0x6f, 0x75, 0x72, 0x63, 0x65, 0x49, 0x70, 0x12, 0x3b, 0x0a, 0x19, 0x68, 0x74, - 0x74, 0x70, 0x5f, 0x71, 0x75, 0x65, 0x72, 0x79, 0x5f, 0x70, 0x61, 0x72, 0x61, 0x6d, 0x65, 0x74, - 0x65, 0x72, 0x5f, 0x6e, 0x61, 0x6d, 0x65, 0x18, 0x05, 0x20, 0x01, 0x28, 0x09, 0x48, 0x00, 0x52, - 0x16, 0x68, 0x74, 0x74, 0x70, 0x51, 0x75, 0x65, 0x72, 0x79, 0x50, 0x61, 0x72, 0x61, 0x6d, 0x65, - 0x74, 0x65, 0x72, 0x4e, 0x61, 0x6d, 0x65, 0x12, 0x67, 0x0a, 0x09, 0x72, 0x69, 0x6e, 0x67, 0x5f, - 0x68, 0x61, 0x73, 0x68, 0x18, 0x06, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x48, 0x2e, 0x69, 0x73, 0x74, - 0x69, 0x6f, 0x2e, 0x6e, 0x65, 0x74, 0x77, 0x6f, 0x72, 0x6b, 0x69, 0x6e, 0x67, 0x2e, 0x76, 0x31, - 0x62, 0x65, 0x74, 0x61, 0x31, 0x2e, 0x4c, 0x6f, 0x61, 0x64, 0x42, 0x61, 0x6c, 0x61, 0x6e, 0x63, - 0x65, 0x72, 0x53, 0x65, 0x74, 0x74, 0x69, 0x6e, 0x67, 0x73, 0x2e, 0x43, 0x6f, 0x6e, 0x73, 0x69, - 0x73, 0x74, 0x65, 0x6e, 0x74, 0x48, 0x61, 0x73, 0x68, 0x4c, 0x42, 0x2e, 0x52, 0x69, 0x6e, 0x67, - 0x48, 0x61, 0x73, 0x68, 0x48, 0x01, 0x52, 0x08, 0x72, 0x69, 0x6e, 0x67, 0x48, 0x61, 0x73, 0x68, - 0x12, 0x60, 0x0a, 0x06, 0x6d, 0x61, 0x67, 0x6c, 0x65, 0x76, 0x18, 0x07, 0x20, 0x01, 0x28, 0x0b, - 0x32, 0x46, 0x2e, 0x69, 0x73, 0x74, 0x69, 0x6f, 0x2e, 0x6e, 0x65, 0x74, 0x77, 0x6f, 0x72, 0x6b, - 0x69, 0x6e, 0x67, 0x2e, 0x76, 0x31, 0x62, 0x65, 0x74, 0x61, 0x31, 0x2e, 0x4c, 0x6f, 0x61, 0x64, - 0x42, 0x61, 0x6c, 0x61, 0x6e, 0x63, 0x65, 0x72, 0x53, 0x65, 0x74, 0x74, 0x69, 0x6e, 0x67, 0x73, - 0x2e, 0x43, 0x6f, 0x6e, 0x73, 0x69, 0x73, 0x74, 0x65, 0x6e, 0x74, 0x48, 0x61, 0x73, 0x68, 0x4c, - 0x42, 0x2e, 0x4d, 0x61, 0x67, 0x4c, 0x65, 0x76, 0x48, 0x01, 0x52, 0x06, 0x6d, 0x61, 0x67, 0x6c, - 0x65, 0x76, 0x12, 0x2e, 0x0a, 0x11, 0x6d, 0x69, 0x6e, 0x69, 0x6d, 0x75, 0x6d, 0x5f, 0x72, 0x69, - 0x6e, 0x67, 0x5f, 0x73, 0x69, 0x7a, 0x65, 0x18, 0x04, 0x20, 0x01, 0x28, 0x04, 0x42, 0x02, 0x18, - 0x01, 0x52, 0x0f, 0x6d, 0x69, 0x6e, 0x69, 0x6d, 0x75, 0x6d, 0x52, 0x69, 0x6e, 0x67, 0x53, 0x69, - 0x7a, 0x65, 0x1a, 0x36, 0x0a, 0x08, 0x52, 0x69, 0x6e, 0x67, 0x48, 0x61, 0x73, 0x68, 0x12, 0x2a, - 0x0a, 0x11, 0x6d, 0x69, 0x6e, 0x69, 0x6d, 0x75, 0x6d, 0x5f, 0x72, 0x69, 0x6e, 0x67, 0x5f, 0x73, - 0x69, 0x7a, 0x65, 0x18, 0x01, 0x20, 0x01, 0x28, 0x04, 0x52, 0x0f, 0x6d, 0x69, 0x6e, 0x69, 0x6d, - 0x75, 0x6d, 0x52, 0x69, 0x6e, 0x67, 0x53, 0x69, 0x7a, 0x65, 0x1a, 0x27, 0x0a, 0x06, 0x4d, 0x61, - 0x67, 0x4c, 0x65, 0x76, 0x12, 0x1d, 0x0a, 0x0a, 0x74, 0x61, 0x62, 0x6c, 0x65, 0x5f, 0x73, 0x69, - 0x7a, 0x65, 0x18, 0x01, 0x20, 0x01, 0x28, 0x04, 0x52, 0x09, 0x74, 0x61, 0x62, 0x6c, 0x65, 0x53, - 0x69, 0x7a, 0x65, 0x1a, 0x6d, 0x0a, 0x0a, 0x48, 0x54, 0x54, 0x50, 0x43, 0x6f, 0x6f, 0x6b, 0x69, - 0x65, 0x12, 0x18, 0x0a, 0x04, 0x6e, 0x61, 0x6d, 0x65, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x42, - 0x04, 0xe2, 0x41, 0x01, 0x02, 0x52, 0x04, 0x6e, 0x61, 0x6d, 0x65, 0x12, 0x12, 0x0a, 0x04, 0x70, - 0x61, 0x74, 0x68, 0x18, 0x02, 0x20, 0x01, 0x28, 0x09, 0x52, 0x04, 0x70, 0x61, 0x74, 0x68, 0x12, - 0x31, 0x0a, 0x03, 0x74, 0x74, 0x6c, 0x18, 0x03, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x19, 0x2e, 0x67, - 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2e, 0x44, - 0x75, 0x72, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x42, 0x04, 0xe2, 0x41, 0x01, 0x02, 0x52, 0x03, 0x74, + 0x2e, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x33, 0x2e, 0x4c, 0x6f, 0x61, 0x64, 0x42, 0x61, + 0x6c, 0x61, 0x6e, 0x63, 0x65, 0x72, 0x53, 0x65, 0x74, 0x74, 0x69, 0x6e, 0x67, 0x73, 0x2e, 0x43, + 0x6f, 0x6e, 0x73, 0x69, 0x73, 0x74, 0x65, 0x6e, 0x74, 0x48, 0x61, 0x73, 0x68, 0x4c, 0x42, 0x2e, + 0x48, 0x54, 0x54, 0x50, 0x43, 0x6f, 0x6f, 0x6b, 0x69, 0x65, 0x48, 0x00, 0x52, 0x0a, 0x68, 0x74, + 0x74, 0x70, 0x43, 0x6f, 0x6f, 0x6b, 0x69, 0x65, 0x12, 0x24, 0x0a, 0x0d, 0x75, 0x73, 0x65, 0x5f, + 0x73, 0x6f, 0x75, 0x72, 0x63, 0x65, 0x5f, 0x69, 0x70, 0x18, 0x03, 0x20, 0x01, 0x28, 0x08, 0x48, + 0x00, 0x52, 0x0b, 0x75, 0x73, 0x65, 0x53, 0x6f, 0x75, 0x72, 0x63, 0x65, 0x49, 0x70, 0x12, 0x3b, + 0x0a, 0x19, 0x68, 0x74, 0x74, 0x70, 0x5f, 0x71, 0x75, 0x65, 0x72, 0x79, 0x5f, 0x70, 0x61, 0x72, + 0x61, 0x6d, 0x65, 0x74, 0x65, 0x72, 0x5f, 0x6e, 0x61, 0x6d, 0x65, 0x18, 0x05, 0x20, 0x01, 0x28, + 0x09, 0x48, 0x00, 0x52, 0x16, 0x68, 0x74, 0x74, 0x70, 0x51, 0x75, 0x65, 0x72, 0x79, 0x50, 0x61, + 0x72, 0x61, 0x6d, 0x65, 0x74, 0x65, 0x72, 0x4e, 0x61, 0x6d, 0x65, 0x12, 0x68, 0x0a, 0x09, 0x72, + 0x69, 0x6e, 0x67, 0x5f, 0x68, 0x61, 0x73, 0x68, 0x18, 0x06, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x49, + 0x2e, 0x69, 0x73, 0x74, 0x69, 0x6f, 0x2e, 0x6e, 0x65, 0x74, 0x77, 0x6f, 0x72, 0x6b, 0x69, 0x6e, + 0x67, 0x2e, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x33, 0x2e, 0x4c, 0x6f, 0x61, 0x64, 0x42, + 0x61, 0x6c, 0x61, 0x6e, 0x63, 0x65, 0x72, 0x53, 0x65, 0x74, 0x74, 0x69, 0x6e, 0x67, 0x73, 0x2e, + 0x43, 0x6f, 0x6e, 0x73, 0x69, 0x73, 0x74, 0x65, 0x6e, 0x74, 0x48, 0x61, 0x73, 0x68, 0x4c, 0x42, + 0x2e, 0x52, 0x69, 0x6e, 0x67, 0x48, 0x61, 0x73, 0x68, 0x48, 0x01, 0x52, 0x08, 0x72, 0x69, 0x6e, + 0x67, 0x48, 0x61, 0x73, 0x68, 0x12, 0x61, 0x0a, 0x06, 0x6d, 0x61, 0x67, 0x6c, 0x65, 0x76, 0x18, + 0x07, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x47, 0x2e, 0x69, 0x73, 0x74, 0x69, 0x6f, 0x2e, 0x6e, 0x65, + 0x74, 0x77, 0x6f, 0x72, 0x6b, 0x69, 0x6e, 0x67, 0x2e, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, + 0x33, 0x2e, 0x4c, 0x6f, 0x61, 0x64, 0x42, 0x61, 0x6c, 0x61, 0x6e, 0x63, 0x65, 0x72, 0x53, 0x65, + 0x74, 0x74, 0x69, 0x6e, 0x67, 0x73, 0x2e, 0x43, 0x6f, 0x6e, 0x73, 0x69, 0x73, 0x74, 0x65, 0x6e, + 0x74, 0x48, 0x61, 0x73, 0x68, 0x4c, 0x42, 0x2e, 0x4d, 0x61, 0x67, 0x4c, 0x65, 0x76, 0x48, 0x01, + 0x52, 0x06, 0x6d, 0x61, 0x67, 0x6c, 0x65, 0x76, 0x12, 0x2e, 0x0a, 0x11, 0x6d, 0x69, 0x6e, 0x69, + 0x6d, 0x75, 0x6d, 0x5f, 0x72, 0x69, 0x6e, 0x67, 0x5f, 0x73, 0x69, 0x7a, 0x65, 0x18, 0x04, 0x20, + 0x01, 0x28, 0x04, 0x42, 0x02, 0x18, 0x01, 0x52, 0x0f, 0x6d, 0x69, 0x6e, 0x69, 0x6d, 0x75, 0x6d, + 0x52, 0x69, 0x6e, 0x67, 0x53, 0x69, 0x7a, 0x65, 0x1a, 0x36, 0x0a, 0x08, 0x52, 0x69, 0x6e, 0x67, + 0x48, 0x61, 0x73, 0x68, 0x12, 0x2a, 0x0a, 0x11, 0x6d, 0x69, 0x6e, 0x69, 0x6d, 0x75, 0x6d, 0x5f, + 0x72, 0x69, 0x6e, 0x67, 0x5f, 0x73, 0x69, 0x7a, 0x65, 0x18, 0x01, 0x20, 0x01, 0x28, 0x04, 0x52, + 0x0f, 0x6d, 0x69, 0x6e, 0x69, 0x6d, 0x75, 0x6d, 0x52, 0x69, 0x6e, 0x67, 0x53, 0x69, 0x7a, 0x65, + 0x1a, 0x27, 0x0a, 0x06, 0x4d, 0x61, 0x67, 0x4c, 0x65, 0x76, 0x12, 0x1d, 0x0a, 0x0a, 0x74, 0x61, + 0x62, 0x6c, 0x65, 0x5f, 0x73, 0x69, 0x7a, 0x65, 0x18, 0x01, 0x20, 0x01, 0x28, 0x04, 0x52, 0x09, + 0x74, 0x61, 0x62, 0x6c, 0x65, 0x53, 0x69, 0x7a, 0x65, 0x1a, 0x67, 0x0a, 0x0a, 0x48, 0x54, 0x54, + 0x50, 0x43, 0x6f, 0x6f, 0x6b, 0x69, 0x65, 0x12, 0x18, 0x0a, 0x04, 0x6e, 0x61, 0x6d, 0x65, 0x18, + 0x01, 0x20, 0x01, 0x28, 0x09, 0x42, 0x04, 0xe2, 0x41, 0x01, 0x02, 0x52, 0x04, 0x6e, 0x61, 0x6d, + 0x65, 0x12, 0x12, 0x0a, 0x04, 0x70, 0x61, 0x74, 0x68, 0x18, 0x02, 0x20, 0x01, 0x28, 0x09, 0x52, + 0x04, 0x70, 0x61, 0x74, 0x68, 0x12, 0x2b, 0x0a, 0x03, 0x74, 0x74, 0x6c, 0x18, 0x03, 0x20, 0x01, + 0x28, 0x0b, 0x32, 0x19, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, + 0x6f, 0x62, 0x75, 0x66, 0x2e, 0x44, 0x75, 0x72, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x52, 0x03, 0x74, 0x74, 0x6c, 0x42, 0x0a, 0x0a, 0x08, 0x68, 0x61, 0x73, 0x68, 0x5f, 0x6b, 0x65, 0x79, 0x42, 0x10, 0x0a, 0x0e, 0x68, 0x61, 0x73, 0x68, 0x5f, 0x61, 0x6c, 0x67, 0x6f, 0x72, 0x69, 0x74, 0x68, 0x6d, 0x22, 0x70, 0x0a, 0x08, 0x53, 0x69, 0x6d, 0x70, 0x6c, 0x65, 0x4c, 0x42, 0x12, 0x0f, 0x0a, 0x0b, @@ -2917,527 +2896,330 @@ var file_networking_v1beta1_destination_rule_proto_rawDesc = []byte{ 0x0a, 0x0b, 0x52, 0x4f, 0x55, 0x4e, 0x44, 0x5f, 0x52, 0x4f, 0x42, 0x49, 0x4e, 0x10, 0x04, 0x12, 0x11, 0x0a, 0x0d, 0x4c, 0x45, 0x41, 0x53, 0x54, 0x5f, 0x52, 0x45, 0x51, 0x55, 0x45, 0x53, 0x54, 0x10, 0x05, 0x42, 0x0b, 0x0a, 0x09, 0x6c, 0x62, 0x5f, 0x70, 0x6f, 0x6c, 0x69, 0x63, 0x79, 0x22, - 0x90, 0x09, 0x0a, 0x16, 0x43, 0x6f, 0x6e, 0x6e, 0x65, 0x63, 0x74, 0x69, 0x6f, 0x6e, 0x50, 0x6f, - 0x6f, 0x6c, 0x53, 0x65, 0x74, 0x74, 0x69, 0x6e, 0x67, 0x73, 0x12, 0x4e, 0x0a, 0x03, 0x74, 0x63, - 0x70, 0x18, 0x01, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x3c, 0x2e, 0x69, 0x73, 0x74, 0x69, 0x6f, 0x2e, - 0x6e, 0x65, 0x74, 0x77, 0x6f, 0x72, 0x6b, 0x69, 0x6e, 0x67, 0x2e, 0x76, 0x31, 0x62, 0x65, 0x74, - 0x61, 0x31, 0x2e, 0x43, 0x6f, 0x6e, 0x6e, 0x65, 0x63, 0x74, 0x69, 0x6f, 0x6e, 0x50, 0x6f, 0x6f, - 0x6c, 0x53, 0x65, 0x74, 0x74, 0x69, 0x6e, 0x67, 0x73, 0x2e, 0x54, 0x43, 0x50, 0x53, 0x65, 0x74, - 0x74, 0x69, 0x6e, 0x67, 0x73, 0x52, 0x03, 0x74, 0x63, 0x70, 0x12, 0x51, 0x0a, 0x04, 0x68, 0x74, - 0x74, 0x70, 0x18, 0x02, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x3d, 0x2e, 0x69, 0x73, 0x74, 0x69, 0x6f, - 0x2e, 0x6e, 0x65, 0x74, 0x77, 0x6f, 0x72, 0x6b, 0x69, 0x6e, 0x67, 0x2e, 0x76, 0x31, 0x62, 0x65, - 0x74, 0x61, 0x31, 0x2e, 0x43, 0x6f, 0x6e, 0x6e, 0x65, 0x63, 0x74, 0x69, 0x6f, 0x6e, 0x50, 0x6f, - 0x6f, 0x6c, 0x53, 0x65, 0x74, 0x74, 0x69, 0x6e, 0x67, 0x73, 0x2e, 0x48, 0x54, 0x54, 0x50, 0x53, - 0x65, 0x74, 0x74, 0x69, 0x6e, 0x67, 0x73, 0x52, 0x04, 0x68, 0x74, 0x74, 0x70, 0x1a, 0xcc, 0x03, - 0x0a, 0x0b, 0x54, 0x43, 0x50, 0x53, 0x65, 0x74, 0x74, 0x69, 0x6e, 0x67, 0x73, 0x12, 0x27, 0x0a, - 0x0f, 0x6d, 0x61, 0x78, 0x5f, 0x63, 0x6f, 0x6e, 0x6e, 0x65, 0x63, 0x74, 0x69, 0x6f, 0x6e, 0x73, - 0x18, 0x01, 0x20, 0x01, 0x28, 0x05, 0x52, 0x0e, 0x6d, 0x61, 0x78, 0x43, 0x6f, 0x6e, 0x6e, 0x65, - 0x63, 0x74, 0x69, 0x6f, 0x6e, 0x73, 0x12, 0x42, 0x0a, 0x0f, 0x63, 0x6f, 0x6e, 0x6e, 0x65, 0x63, - 0x74, 0x5f, 0x74, 0x69, 0x6d, 0x65, 0x6f, 0x75, 0x74, 0x18, 0x02, 0x20, 0x01, 0x28, 0x0b, 0x32, - 0x19, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, - 0x66, 0x2e, 0x44, 0x75, 0x72, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x52, 0x0e, 0x63, 0x6f, 0x6e, 0x6e, - 0x65, 0x63, 0x74, 0x54, 0x69, 0x6d, 0x65, 0x6f, 0x75, 0x74, 0x12, 0x6e, 0x0a, 0x0d, 0x74, 0x63, - 0x70, 0x5f, 0x6b, 0x65, 0x65, 0x70, 0x61, 0x6c, 0x69, 0x76, 0x65, 0x18, 0x03, 0x20, 0x01, 0x28, - 0x0b, 0x32, 0x49, 0x2e, 0x69, 0x73, 0x74, 0x69, 0x6f, 0x2e, 0x6e, 0x65, 0x74, 0x77, 0x6f, 0x72, - 0x6b, 0x69, 0x6e, 0x67, 0x2e, 0x76, 0x31, 0x62, 0x65, 0x74, 0x61, 0x31, 0x2e, 0x43, 0x6f, 0x6e, - 0x6e, 0x65, 0x63, 0x74, 0x69, 0x6f, 0x6e, 0x50, 0x6f, 0x6f, 0x6c, 0x53, 0x65, 0x74, 0x74, 0x69, - 0x6e, 0x67, 0x73, 0x2e, 0x54, 0x43, 0x50, 0x53, 0x65, 0x74, 0x74, 0x69, 0x6e, 0x67, 0x73, 0x2e, - 0x54, 0x63, 0x70, 0x4b, 0x65, 0x65, 0x70, 0x61, 0x6c, 0x69, 0x76, 0x65, 0x52, 0x0c, 0x74, 0x63, - 0x70, 0x4b, 0x65, 0x65, 0x70, 0x61, 0x6c, 0x69, 0x76, 0x65, 0x12, 0x51, 0x0a, 0x17, 0x6d, 0x61, - 0x78, 0x5f, 0x63, 0x6f, 0x6e, 0x6e, 0x65, 0x63, 0x74, 0x69, 0x6f, 0x6e, 0x5f, 0x64, 0x75, 0x72, - 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x18, 0x04, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x19, 0x2e, 0x67, 0x6f, + 0xd7, 0x01, 0x0a, 0x13, 0x57, 0x61, 0x72, 0x6d, 0x75, 0x70, 0x43, 0x6f, 0x6e, 0x66, 0x69, 0x67, + 0x75, 0x72, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x12, 0x3b, 0x0a, 0x08, 0x64, 0x75, 0x72, 0x61, 0x74, + 0x69, 0x6f, 0x6e, 0x18, 0x01, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x19, 0x2e, 0x67, 0x6f, 0x6f, 0x67, + 0x6c, 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2e, 0x44, 0x75, 0x72, 0x61, + 0x74, 0x69, 0x6f, 0x6e, 0x42, 0x04, 0xe2, 0x41, 0x01, 0x02, 0x52, 0x08, 0x64, 0x75, 0x72, 0x61, + 0x74, 0x69, 0x6f, 0x6e, 0x12, 0x45, 0x0a, 0x0f, 0x6d, 0x69, 0x6e, 0x69, 0x6d, 0x75, 0x6d, 0x5f, + 0x70, 0x65, 0x72, 0x63, 0x65, 0x6e, 0x74, 0x18, 0x02, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x1c, 0x2e, + 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2e, + 0x44, 0x6f, 0x75, 0x62, 0x6c, 0x65, 0x56, 0x61, 0x6c, 0x75, 0x65, 0x52, 0x0e, 0x6d, 0x69, 0x6e, + 0x69, 0x6d, 0x75, 0x6d, 0x50, 0x65, 0x72, 0x63, 0x65, 0x6e, 0x74, 0x12, 0x3c, 0x0a, 0x0a, 0x61, + 0x67, 0x67, 0x72, 0x65, 0x73, 0x73, 0x69, 0x6f, 0x6e, 0x18, 0x03, 0x20, 0x01, 0x28, 0x0b, 0x32, + 0x1c, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, + 0x66, 0x2e, 0x44, 0x6f, 0x75, 0x62, 0x6c, 0x65, 0x56, 0x61, 0x6c, 0x75, 0x65, 0x52, 0x0a, 0x61, + 0x67, 0x67, 0x72, 0x65, 0x73, 0x73, 0x69, 0x6f, 0x6e, 0x22, 0x88, 0x0a, 0x0a, 0x16, 0x43, 0x6f, + 0x6e, 0x6e, 0x65, 0x63, 0x74, 0x69, 0x6f, 0x6e, 0x50, 0x6f, 0x6f, 0x6c, 0x53, 0x65, 0x74, 0x74, + 0x69, 0x6e, 0x67, 0x73, 0x12, 0x4f, 0x0a, 0x03, 0x74, 0x63, 0x70, 0x18, 0x01, 0x20, 0x01, 0x28, + 0x0b, 0x32, 0x3d, 0x2e, 0x69, 0x73, 0x74, 0x69, 0x6f, 0x2e, 0x6e, 0x65, 0x74, 0x77, 0x6f, 0x72, + 0x6b, 0x69, 0x6e, 0x67, 0x2e, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x33, 0x2e, 0x43, 0x6f, + 0x6e, 0x6e, 0x65, 0x63, 0x74, 0x69, 0x6f, 0x6e, 0x50, 0x6f, 0x6f, 0x6c, 0x53, 0x65, 0x74, 0x74, + 0x69, 0x6e, 0x67, 0x73, 0x2e, 0x54, 0x43, 0x50, 0x53, 0x65, 0x74, 0x74, 0x69, 0x6e, 0x67, 0x73, + 0x52, 0x03, 0x74, 0x63, 0x70, 0x12, 0x52, 0x0a, 0x04, 0x68, 0x74, 0x74, 0x70, 0x18, 0x02, 0x20, + 0x01, 0x28, 0x0b, 0x32, 0x3e, 0x2e, 0x69, 0x73, 0x74, 0x69, 0x6f, 0x2e, 0x6e, 0x65, 0x74, 0x77, + 0x6f, 0x72, 0x6b, 0x69, 0x6e, 0x67, 0x2e, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x33, 0x2e, + 0x43, 0x6f, 0x6e, 0x6e, 0x65, 0x63, 0x74, 0x69, 0x6f, 0x6e, 0x50, 0x6f, 0x6f, 0x6c, 0x53, 0x65, + 0x74, 0x74, 0x69, 0x6e, 0x67, 0x73, 0x2e, 0x48, 0x54, 0x54, 0x50, 0x53, 0x65, 0x74, 0x74, 0x69, + 0x6e, 0x67, 0x73, 0x52, 0x04, 0x68, 0x74, 0x74, 0x70, 0x1a, 0x8b, 0x04, 0x0a, 0x0b, 0x54, 0x43, + 0x50, 0x53, 0x65, 0x74, 0x74, 0x69, 0x6e, 0x67, 0x73, 0x12, 0x27, 0x0a, 0x0f, 0x6d, 0x61, 0x78, + 0x5f, 0x63, 0x6f, 0x6e, 0x6e, 0x65, 0x63, 0x74, 0x69, 0x6f, 0x6e, 0x73, 0x18, 0x01, 0x20, 0x01, + 0x28, 0x05, 0x52, 0x0e, 0x6d, 0x61, 0x78, 0x43, 0x6f, 0x6e, 0x6e, 0x65, 0x63, 0x74, 0x69, 0x6f, + 0x6e, 0x73, 0x12, 0x42, 0x0a, 0x0f, 0x63, 0x6f, 0x6e, 0x6e, 0x65, 0x63, 0x74, 0x5f, 0x74, 0x69, + 0x6d, 0x65, 0x6f, 0x75, 0x74, 0x18, 0x02, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x19, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2e, 0x44, 0x75, - 0x72, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x52, 0x15, 0x6d, 0x61, 0x78, 0x43, 0x6f, 0x6e, 0x6e, 0x65, - 0x63, 0x74, 0x69, 0x6f, 0x6e, 0x44, 0x75, 0x72, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x1a, 0x8c, 0x01, - 0x0a, 0x0c, 0x54, 0x63, 0x70, 0x4b, 0x65, 0x65, 0x70, 0x61, 0x6c, 0x69, 0x76, 0x65, 0x12, 0x16, - 0x0a, 0x06, 0x70, 0x72, 0x6f, 0x62, 0x65, 0x73, 0x18, 0x01, 0x20, 0x01, 0x28, 0x0d, 0x52, 0x06, - 0x70, 0x72, 0x6f, 0x62, 0x65, 0x73, 0x12, 0x2d, 0x0a, 0x04, 0x74, 0x69, 0x6d, 0x65, 0x18, 0x02, - 0x20, 0x01, 0x28, 0x0b, 0x32, 0x19, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x70, 0x72, - 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2e, 0x44, 0x75, 0x72, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x52, - 0x04, 0x74, 0x69, 0x6d, 0x65, 0x12, 0x35, 0x0a, 0x08, 0x69, 0x6e, 0x74, 0x65, 0x72, 0x76, 0x61, - 0x6c, 0x18, 0x03, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x19, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, - 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2e, 0x44, 0x75, 0x72, 0x61, 0x74, 0x69, - 0x6f, 0x6e, 0x52, 0x08, 0x69, 0x6e, 0x74, 0x65, 0x72, 0x76, 0x61, 0x6c, 0x1a, 0x83, 0x04, 0x0a, - 0x0c, 0x48, 0x54, 0x54, 0x50, 0x53, 0x65, 0x74, 0x74, 0x69, 0x6e, 0x67, 0x73, 0x12, 0x3b, 0x0a, - 0x1a, 0x68, 0x74, 0x74, 0x70, 0x31, 0x5f, 0x6d, 0x61, 0x78, 0x5f, 0x70, 0x65, 0x6e, 0x64, 0x69, - 0x6e, 0x67, 0x5f, 0x72, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x73, 0x18, 0x01, 0x20, 0x01, 0x28, - 0x05, 0x52, 0x17, 0x68, 0x74, 0x74, 0x70, 0x31, 0x4d, 0x61, 0x78, 0x50, 0x65, 0x6e, 0x64, 0x69, - 0x6e, 0x67, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x73, 0x12, 0x2c, 0x0a, 0x12, 0x68, 0x74, - 0x74, 0x70, 0x32, 0x5f, 0x6d, 0x61, 0x78, 0x5f, 0x72, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x73, - 0x18, 0x02, 0x20, 0x01, 0x28, 0x05, 0x52, 0x10, 0x68, 0x74, 0x74, 0x70, 0x32, 0x4d, 0x61, 0x78, - 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x73, 0x12, 0x3d, 0x0a, 0x1b, 0x6d, 0x61, 0x78, 0x5f, - 0x72, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x73, 0x5f, 0x70, 0x65, 0x72, 0x5f, 0x63, 0x6f, 0x6e, - 0x6e, 0x65, 0x63, 0x74, 0x69, 0x6f, 0x6e, 0x18, 0x03, 0x20, 0x01, 0x28, 0x05, 0x52, 0x18, 0x6d, - 0x61, 0x78, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x73, 0x50, 0x65, 0x72, 0x43, 0x6f, 0x6e, - 0x6e, 0x65, 0x63, 0x74, 0x69, 0x6f, 0x6e, 0x12, 0x1f, 0x0a, 0x0b, 0x6d, 0x61, 0x78, 0x5f, 0x72, - 0x65, 0x74, 0x72, 0x69, 0x65, 0x73, 0x18, 0x04, 0x20, 0x01, 0x28, 0x05, 0x52, 0x0a, 0x6d, 0x61, - 0x78, 0x52, 0x65, 0x74, 0x72, 0x69, 0x65, 0x73, 0x12, 0x3c, 0x0a, 0x0c, 0x69, 0x64, 0x6c, 0x65, - 0x5f, 0x74, 0x69, 0x6d, 0x65, 0x6f, 0x75, 0x74, 0x18, 0x05, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x19, - 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, - 0x2e, 0x44, 0x75, 0x72, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x52, 0x0b, 0x69, 0x64, 0x6c, 0x65, 0x54, - 0x69, 0x6d, 0x65, 0x6f, 0x75, 0x74, 0x12, 0x79, 0x0a, 0x11, 0x68, 0x32, 0x5f, 0x75, 0x70, 0x67, - 0x72, 0x61, 0x64, 0x65, 0x5f, 0x70, 0x6f, 0x6c, 0x69, 0x63, 0x79, 0x18, 0x06, 0x20, 0x01, 0x28, - 0x0e, 0x32, 0x4d, 0x2e, 0x69, 0x73, 0x74, 0x69, 0x6f, 0x2e, 0x6e, 0x65, 0x74, 0x77, 0x6f, 0x72, - 0x6b, 0x69, 0x6e, 0x67, 0x2e, 0x76, 0x31, 0x62, 0x65, 0x74, 0x61, 0x31, 0x2e, 0x43, 0x6f, 0x6e, - 0x6e, 0x65, 0x63, 0x74, 0x69, 0x6f, 0x6e, 0x50, 0x6f, 0x6f, 0x6c, 0x53, 0x65, 0x74, 0x74, 0x69, - 0x6e, 0x67, 0x73, 0x2e, 0x48, 0x54, 0x54, 0x50, 0x53, 0x65, 0x74, 0x74, 0x69, 0x6e, 0x67, 0x73, - 0x2e, 0x48, 0x32, 0x55, 0x70, 0x67, 0x72, 0x61, 0x64, 0x65, 0x50, 0x6f, 0x6c, 0x69, 0x63, 0x79, - 0x52, 0x0f, 0x68, 0x32, 0x55, 0x70, 0x67, 0x72, 0x61, 0x64, 0x65, 0x50, 0x6f, 0x6c, 0x69, 0x63, - 0x79, 0x12, 0x2e, 0x0a, 0x13, 0x75, 0x73, 0x65, 0x5f, 0x63, 0x6c, 0x69, 0x65, 0x6e, 0x74, 0x5f, - 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x63, 0x6f, 0x6c, 0x18, 0x07, 0x20, 0x01, 0x28, 0x08, 0x52, 0x11, - 0x75, 0x73, 0x65, 0x43, 0x6c, 0x69, 0x65, 0x6e, 0x74, 0x50, 0x72, 0x6f, 0x74, 0x6f, 0x63, 0x6f, - 0x6c, 0x22, 0x3f, 0x0a, 0x0f, 0x48, 0x32, 0x55, 0x70, 0x67, 0x72, 0x61, 0x64, 0x65, 0x50, 0x6f, - 0x6c, 0x69, 0x63, 0x79, 0x12, 0x0b, 0x0a, 0x07, 0x44, 0x45, 0x46, 0x41, 0x55, 0x4c, 0x54, 0x10, - 0x00, 0x12, 0x12, 0x0a, 0x0e, 0x44, 0x4f, 0x5f, 0x4e, 0x4f, 0x54, 0x5f, 0x55, 0x50, 0x47, 0x52, - 0x41, 0x44, 0x45, 0x10, 0x01, 0x12, 0x0b, 0x0a, 0x07, 0x55, 0x50, 0x47, 0x52, 0x41, 0x44, 0x45, - 0x10, 0x02, 0x22, 0x8a, 0x05, 0x0a, 0x10, 0x4f, 0x75, 0x74, 0x6c, 0x69, 0x65, 0x72, 0x44, 0x65, - 0x74, 0x65, 0x63, 0x74, 0x69, 0x6f, 0x6e, 0x12, 0x31, 0x0a, 0x12, 0x63, 0x6f, 0x6e, 0x73, 0x65, - 0x63, 0x75, 0x74, 0x69, 0x76, 0x65, 0x5f, 0x65, 0x72, 0x72, 0x6f, 0x72, 0x73, 0x18, 0x01, 0x20, - 0x01, 0x28, 0x05, 0x42, 0x02, 0x18, 0x01, 0x52, 0x11, 0x63, 0x6f, 0x6e, 0x73, 0x65, 0x63, 0x75, - 0x74, 0x69, 0x76, 0x65, 0x45, 0x72, 0x72, 0x6f, 0x72, 0x73, 0x12, 0x4a, 0x0a, 0x22, 0x73, 0x70, - 0x6c, 0x69, 0x74, 0x5f, 0x65, 0x78, 0x74, 0x65, 0x72, 0x6e, 0x61, 0x6c, 0x5f, 0x6c, 0x6f, 0x63, - 0x61, 0x6c, 0x5f, 0x6f, 0x72, 0x69, 0x67, 0x69, 0x6e, 0x5f, 0x65, 0x72, 0x72, 0x6f, 0x72, 0x73, - 0x18, 0x08, 0x20, 0x01, 0x28, 0x08, 0x52, 0x1e, 0x73, 0x70, 0x6c, 0x69, 0x74, 0x45, 0x78, 0x74, - 0x65, 0x72, 0x6e, 0x61, 0x6c, 0x4c, 0x6f, 0x63, 0x61, 0x6c, 0x4f, 0x72, 0x69, 0x67, 0x69, 0x6e, - 0x45, 0x72, 0x72, 0x6f, 0x72, 0x73, 0x12, 0x67, 0x0a, 0x21, 0x63, 0x6f, 0x6e, 0x73, 0x65, 0x63, - 0x75, 0x74, 0x69, 0x76, 0x65, 0x5f, 0x6c, 0x6f, 0x63, 0x61, 0x6c, 0x5f, 0x6f, 0x72, 0x69, 0x67, - 0x69, 0x6e, 0x5f, 0x66, 0x61, 0x69, 0x6c, 0x75, 0x72, 0x65, 0x73, 0x18, 0x09, 0x20, 0x01, 0x28, - 0x0b, 0x32, 0x1c, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, - 0x62, 0x75, 0x66, 0x2e, 0x55, 0x49, 0x6e, 0x74, 0x33, 0x32, 0x56, 0x61, 0x6c, 0x75, 0x65, 0x52, - 0x1e, 0x63, 0x6f, 0x6e, 0x73, 0x65, 0x63, 0x75, 0x74, 0x69, 0x76, 0x65, 0x4c, 0x6f, 0x63, 0x61, - 0x6c, 0x4f, 0x72, 0x69, 0x67, 0x69, 0x6e, 0x46, 0x61, 0x69, 0x6c, 0x75, 0x72, 0x65, 0x73, 0x12, - 0x5a, 0x0a, 0x1a, 0x63, 0x6f, 0x6e, 0x73, 0x65, 0x63, 0x75, 0x74, 0x69, 0x76, 0x65, 0x5f, 0x67, - 0x61, 0x74, 0x65, 0x77, 0x61, 0x79, 0x5f, 0x65, 0x72, 0x72, 0x6f, 0x72, 0x73, 0x18, 0x06, 0x20, + 0x72, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x52, 0x0e, 0x63, 0x6f, 0x6e, 0x6e, 0x65, 0x63, 0x74, 0x54, + 0x69, 0x6d, 0x65, 0x6f, 0x75, 0x74, 0x12, 0x6f, 0x0a, 0x0d, 0x74, 0x63, 0x70, 0x5f, 0x6b, 0x65, + 0x65, 0x70, 0x61, 0x6c, 0x69, 0x76, 0x65, 0x18, 0x03, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x4a, 0x2e, + 0x69, 0x73, 0x74, 0x69, 0x6f, 0x2e, 0x6e, 0x65, 0x74, 0x77, 0x6f, 0x72, 0x6b, 0x69, 0x6e, 0x67, + 0x2e, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x33, 0x2e, 0x43, 0x6f, 0x6e, 0x6e, 0x65, 0x63, + 0x74, 0x69, 0x6f, 0x6e, 0x50, 0x6f, 0x6f, 0x6c, 0x53, 0x65, 0x74, 0x74, 0x69, 0x6e, 0x67, 0x73, + 0x2e, 0x54, 0x43, 0x50, 0x53, 0x65, 0x74, 0x74, 0x69, 0x6e, 0x67, 0x73, 0x2e, 0x54, 0x63, 0x70, + 0x4b, 0x65, 0x65, 0x70, 0x61, 0x6c, 0x69, 0x76, 0x65, 0x52, 0x0c, 0x74, 0x63, 0x70, 0x4b, 0x65, + 0x65, 0x70, 0x61, 0x6c, 0x69, 0x76, 0x65, 0x12, 0x51, 0x0a, 0x17, 0x6d, 0x61, 0x78, 0x5f, 0x63, + 0x6f, 0x6e, 0x6e, 0x65, 0x63, 0x74, 0x69, 0x6f, 0x6e, 0x5f, 0x64, 0x75, 0x72, 0x61, 0x74, 0x69, + 0x6f, 0x6e, 0x18, 0x04, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x19, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, + 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2e, 0x44, 0x75, 0x72, 0x61, 0x74, + 0x69, 0x6f, 0x6e, 0x52, 0x15, 0x6d, 0x61, 0x78, 0x43, 0x6f, 0x6e, 0x6e, 0x65, 0x63, 0x74, 0x69, + 0x6f, 0x6e, 0x44, 0x75, 0x72, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x12, 0x3c, 0x0a, 0x0c, 0x69, 0x64, + 0x6c, 0x65, 0x5f, 0x74, 0x69, 0x6d, 0x65, 0x6f, 0x75, 0x74, 0x18, 0x05, 0x20, 0x01, 0x28, 0x0b, + 0x32, 0x19, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, + 0x75, 0x66, 0x2e, 0x44, 0x75, 0x72, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x52, 0x0b, 0x69, 0x64, 0x6c, + 0x65, 0x54, 0x69, 0x6d, 0x65, 0x6f, 0x75, 0x74, 0x1a, 0x8c, 0x01, 0x0a, 0x0c, 0x54, 0x63, 0x70, + 0x4b, 0x65, 0x65, 0x70, 0x61, 0x6c, 0x69, 0x76, 0x65, 0x12, 0x16, 0x0a, 0x06, 0x70, 0x72, 0x6f, + 0x62, 0x65, 0x73, 0x18, 0x01, 0x20, 0x01, 0x28, 0x0d, 0x52, 0x06, 0x70, 0x72, 0x6f, 0x62, 0x65, + 0x73, 0x12, 0x2d, 0x0a, 0x04, 0x74, 0x69, 0x6d, 0x65, 0x18, 0x02, 0x20, 0x01, 0x28, 0x0b, 0x32, + 0x19, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, + 0x66, 0x2e, 0x44, 0x75, 0x72, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x52, 0x04, 0x74, 0x69, 0x6d, 0x65, + 0x12, 0x35, 0x0a, 0x08, 0x69, 0x6e, 0x74, 0x65, 0x72, 0x76, 0x61, 0x6c, 0x18, 0x03, 0x20, 0x01, + 0x28, 0x0b, 0x32, 0x19, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, + 0x6f, 0x62, 0x75, 0x66, 0x2e, 0x44, 0x75, 0x72, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x52, 0x08, 0x69, + 0x6e, 0x74, 0x65, 0x72, 0x76, 0x61, 0x6c, 0x1a, 0xba, 0x04, 0x0a, 0x0c, 0x48, 0x54, 0x54, 0x50, + 0x53, 0x65, 0x74, 0x74, 0x69, 0x6e, 0x67, 0x73, 0x12, 0x3b, 0x0a, 0x1a, 0x68, 0x74, 0x74, 0x70, + 0x31, 0x5f, 0x6d, 0x61, 0x78, 0x5f, 0x70, 0x65, 0x6e, 0x64, 0x69, 0x6e, 0x67, 0x5f, 0x72, 0x65, + 0x71, 0x75, 0x65, 0x73, 0x74, 0x73, 0x18, 0x01, 0x20, 0x01, 0x28, 0x05, 0x52, 0x17, 0x68, 0x74, + 0x74, 0x70, 0x31, 0x4d, 0x61, 0x78, 0x50, 0x65, 0x6e, 0x64, 0x69, 0x6e, 0x67, 0x52, 0x65, 0x71, + 0x75, 0x65, 0x73, 0x74, 0x73, 0x12, 0x2c, 0x0a, 0x12, 0x68, 0x74, 0x74, 0x70, 0x32, 0x5f, 0x6d, + 0x61, 0x78, 0x5f, 0x72, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x73, 0x18, 0x02, 0x20, 0x01, 0x28, + 0x05, 0x52, 0x10, 0x68, 0x74, 0x74, 0x70, 0x32, 0x4d, 0x61, 0x78, 0x52, 0x65, 0x71, 0x75, 0x65, + 0x73, 0x74, 0x73, 0x12, 0x3d, 0x0a, 0x1b, 0x6d, 0x61, 0x78, 0x5f, 0x72, 0x65, 0x71, 0x75, 0x65, + 0x73, 0x74, 0x73, 0x5f, 0x70, 0x65, 0x72, 0x5f, 0x63, 0x6f, 0x6e, 0x6e, 0x65, 0x63, 0x74, 0x69, + 0x6f, 0x6e, 0x18, 0x03, 0x20, 0x01, 0x28, 0x05, 0x52, 0x18, 0x6d, 0x61, 0x78, 0x52, 0x65, 0x71, + 0x75, 0x65, 0x73, 0x74, 0x73, 0x50, 0x65, 0x72, 0x43, 0x6f, 0x6e, 0x6e, 0x65, 0x63, 0x74, 0x69, + 0x6f, 0x6e, 0x12, 0x1f, 0x0a, 0x0b, 0x6d, 0x61, 0x78, 0x5f, 0x72, 0x65, 0x74, 0x72, 0x69, 0x65, + 0x73, 0x18, 0x04, 0x20, 0x01, 0x28, 0x05, 0x52, 0x0a, 0x6d, 0x61, 0x78, 0x52, 0x65, 0x74, 0x72, + 0x69, 0x65, 0x73, 0x12, 0x3c, 0x0a, 0x0c, 0x69, 0x64, 0x6c, 0x65, 0x5f, 0x74, 0x69, 0x6d, 0x65, + 0x6f, 0x75, 0x74, 0x18, 0x05, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x19, 0x2e, 0x67, 0x6f, 0x6f, 0x67, + 0x6c, 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2e, 0x44, 0x75, 0x72, 0x61, + 0x74, 0x69, 0x6f, 0x6e, 0x52, 0x0b, 0x69, 0x64, 0x6c, 0x65, 0x54, 0x69, 0x6d, 0x65, 0x6f, 0x75, + 0x74, 0x12, 0x7a, 0x0a, 0x11, 0x68, 0x32, 0x5f, 0x75, 0x70, 0x67, 0x72, 0x61, 0x64, 0x65, 0x5f, + 0x70, 0x6f, 0x6c, 0x69, 0x63, 0x79, 0x18, 0x06, 0x20, 0x01, 0x28, 0x0e, 0x32, 0x4e, 0x2e, 0x69, + 0x73, 0x74, 0x69, 0x6f, 0x2e, 0x6e, 0x65, 0x74, 0x77, 0x6f, 0x72, 0x6b, 0x69, 0x6e, 0x67, 0x2e, + 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x33, 0x2e, 0x43, 0x6f, 0x6e, 0x6e, 0x65, 0x63, 0x74, + 0x69, 0x6f, 0x6e, 0x50, 0x6f, 0x6f, 0x6c, 0x53, 0x65, 0x74, 0x74, 0x69, 0x6e, 0x67, 0x73, 0x2e, + 0x48, 0x54, 0x54, 0x50, 0x53, 0x65, 0x74, 0x74, 0x69, 0x6e, 0x67, 0x73, 0x2e, 0x48, 0x32, 0x55, + 0x70, 0x67, 0x72, 0x61, 0x64, 0x65, 0x50, 0x6f, 0x6c, 0x69, 0x63, 0x79, 0x52, 0x0f, 0x68, 0x32, + 0x55, 0x70, 0x67, 0x72, 0x61, 0x64, 0x65, 0x50, 0x6f, 0x6c, 0x69, 0x63, 0x79, 0x12, 0x2e, 0x0a, + 0x13, 0x75, 0x73, 0x65, 0x5f, 0x63, 0x6c, 0x69, 0x65, 0x6e, 0x74, 0x5f, 0x70, 0x72, 0x6f, 0x74, + 0x6f, 0x63, 0x6f, 0x6c, 0x18, 0x07, 0x20, 0x01, 0x28, 0x08, 0x52, 0x11, 0x75, 0x73, 0x65, 0x43, + 0x6c, 0x69, 0x65, 0x6e, 0x74, 0x50, 0x72, 0x6f, 0x74, 0x6f, 0x63, 0x6f, 0x6c, 0x12, 0x34, 0x0a, + 0x16, 0x6d, 0x61, 0x78, 0x5f, 0x63, 0x6f, 0x6e, 0x63, 0x75, 0x72, 0x72, 0x65, 0x6e, 0x74, 0x5f, + 0x73, 0x74, 0x72, 0x65, 0x61, 0x6d, 0x73, 0x18, 0x08, 0x20, 0x01, 0x28, 0x05, 0x52, 0x14, 0x6d, + 0x61, 0x78, 0x43, 0x6f, 0x6e, 0x63, 0x75, 0x72, 0x72, 0x65, 0x6e, 0x74, 0x53, 0x74, 0x72, 0x65, + 0x61, 0x6d, 0x73, 0x22, 0x3f, 0x0a, 0x0f, 0x48, 0x32, 0x55, 0x70, 0x67, 0x72, 0x61, 0x64, 0x65, + 0x50, 0x6f, 0x6c, 0x69, 0x63, 0x79, 0x12, 0x0b, 0x0a, 0x07, 0x44, 0x45, 0x46, 0x41, 0x55, 0x4c, + 0x54, 0x10, 0x00, 0x12, 0x12, 0x0a, 0x0e, 0x44, 0x4f, 0x5f, 0x4e, 0x4f, 0x54, 0x5f, 0x55, 0x50, + 0x47, 0x52, 0x41, 0x44, 0x45, 0x10, 0x01, 0x12, 0x0b, 0x0a, 0x07, 0x55, 0x50, 0x47, 0x52, 0x41, + 0x44, 0x45, 0x10, 0x02, 0x22, 0x8a, 0x05, 0x0a, 0x10, 0x4f, 0x75, 0x74, 0x6c, 0x69, 0x65, 0x72, + 0x44, 0x65, 0x74, 0x65, 0x63, 0x74, 0x69, 0x6f, 0x6e, 0x12, 0x31, 0x0a, 0x12, 0x63, 0x6f, 0x6e, + 0x73, 0x65, 0x63, 0x75, 0x74, 0x69, 0x76, 0x65, 0x5f, 0x65, 0x72, 0x72, 0x6f, 0x72, 0x73, 0x18, + 0x01, 0x20, 0x01, 0x28, 0x05, 0x42, 0x02, 0x18, 0x01, 0x52, 0x11, 0x63, 0x6f, 0x6e, 0x73, 0x65, + 0x63, 0x75, 0x74, 0x69, 0x76, 0x65, 0x45, 0x72, 0x72, 0x6f, 0x72, 0x73, 0x12, 0x4a, 0x0a, 0x22, + 0x73, 0x70, 0x6c, 0x69, 0x74, 0x5f, 0x65, 0x78, 0x74, 0x65, 0x72, 0x6e, 0x61, 0x6c, 0x5f, 0x6c, + 0x6f, 0x63, 0x61, 0x6c, 0x5f, 0x6f, 0x72, 0x69, 0x67, 0x69, 0x6e, 0x5f, 0x65, 0x72, 0x72, 0x6f, + 0x72, 0x73, 0x18, 0x08, 0x20, 0x01, 0x28, 0x08, 0x52, 0x1e, 0x73, 0x70, 0x6c, 0x69, 0x74, 0x45, + 0x78, 0x74, 0x65, 0x72, 0x6e, 0x61, 0x6c, 0x4c, 0x6f, 0x63, 0x61, 0x6c, 0x4f, 0x72, 0x69, 0x67, + 0x69, 0x6e, 0x45, 0x72, 0x72, 0x6f, 0x72, 0x73, 0x12, 0x67, 0x0a, 0x21, 0x63, 0x6f, 0x6e, 0x73, + 0x65, 0x63, 0x75, 0x74, 0x69, 0x76, 0x65, 0x5f, 0x6c, 0x6f, 0x63, 0x61, 0x6c, 0x5f, 0x6f, 0x72, + 0x69, 0x67, 0x69, 0x6e, 0x5f, 0x66, 0x61, 0x69, 0x6c, 0x75, 0x72, 0x65, 0x73, 0x18, 0x09, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x1c, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2e, 0x55, 0x49, 0x6e, 0x74, 0x33, 0x32, 0x56, 0x61, 0x6c, 0x75, - 0x65, 0x52, 0x18, 0x63, 0x6f, 0x6e, 0x73, 0x65, 0x63, 0x75, 0x74, 0x69, 0x76, 0x65, 0x47, 0x61, - 0x74, 0x65, 0x77, 0x61, 0x79, 0x45, 0x72, 0x72, 0x6f, 0x72, 0x73, 0x12, 0x52, 0x0a, 0x16, 0x63, - 0x6f, 0x6e, 0x73, 0x65, 0x63, 0x75, 0x74, 0x69, 0x76, 0x65, 0x5f, 0x35, 0x78, 0x78, 0x5f, 0x65, - 0x72, 0x72, 0x6f, 0x72, 0x73, 0x18, 0x07, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x1c, 0x2e, 0x67, 0x6f, - 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2e, 0x55, 0x49, - 0x6e, 0x74, 0x33, 0x32, 0x56, 0x61, 0x6c, 0x75, 0x65, 0x52, 0x14, 0x63, 0x6f, 0x6e, 0x73, 0x65, - 0x63, 0x75, 0x74, 0x69, 0x76, 0x65, 0x35, 0x78, 0x78, 0x45, 0x72, 0x72, 0x6f, 0x72, 0x73, 0x12, - 0x35, 0x0a, 0x08, 0x69, 0x6e, 0x74, 0x65, 0x72, 0x76, 0x61, 0x6c, 0x18, 0x02, 0x20, 0x01, 0x28, - 0x0b, 0x32, 0x19, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, - 0x62, 0x75, 0x66, 0x2e, 0x44, 0x75, 0x72, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x52, 0x08, 0x69, 0x6e, - 0x74, 0x65, 0x72, 0x76, 0x61, 0x6c, 0x12, 0x47, 0x0a, 0x12, 0x62, 0x61, 0x73, 0x65, 0x5f, 0x65, - 0x6a, 0x65, 0x63, 0x74, 0x69, 0x6f, 0x6e, 0x5f, 0x74, 0x69, 0x6d, 0x65, 0x18, 0x03, 0x20, 0x01, - 0x28, 0x0b, 0x32, 0x19, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, - 0x6f, 0x62, 0x75, 0x66, 0x2e, 0x44, 0x75, 0x72, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x52, 0x10, 0x62, - 0x61, 0x73, 0x65, 0x45, 0x6a, 0x65, 0x63, 0x74, 0x69, 0x6f, 0x6e, 0x54, 0x69, 0x6d, 0x65, 0x12, - 0x30, 0x0a, 0x14, 0x6d, 0x61, 0x78, 0x5f, 0x65, 0x6a, 0x65, 0x63, 0x74, 0x69, 0x6f, 0x6e, 0x5f, - 0x70, 0x65, 0x72, 0x63, 0x65, 0x6e, 0x74, 0x18, 0x04, 0x20, 0x01, 0x28, 0x05, 0x52, 0x12, 0x6d, - 0x61, 0x78, 0x45, 0x6a, 0x65, 0x63, 0x74, 0x69, 0x6f, 0x6e, 0x50, 0x65, 0x72, 0x63, 0x65, 0x6e, - 0x74, 0x12, 0x2c, 0x0a, 0x12, 0x6d, 0x69, 0x6e, 0x5f, 0x68, 0x65, 0x61, 0x6c, 0x74, 0x68, 0x5f, - 0x70, 0x65, 0x72, 0x63, 0x65, 0x6e, 0x74, 0x18, 0x05, 0x20, 0x01, 0x28, 0x05, 0x52, 0x10, 0x6d, - 0x69, 0x6e, 0x48, 0x65, 0x61, 0x6c, 0x74, 0x68, 0x50, 0x65, 0x72, 0x63, 0x65, 0x6e, 0x74, 0x22, - 0xd2, 0x03, 0x0a, 0x11, 0x43, 0x6c, 0x69, 0x65, 0x6e, 0x74, 0x54, 0x4c, 0x53, 0x53, 0x65, 0x74, - 0x74, 0x69, 0x6e, 0x67, 0x73, 0x12, 0x4d, 0x0a, 0x04, 0x6d, 0x6f, 0x64, 0x65, 0x18, 0x01, 0x20, - 0x01, 0x28, 0x0e, 0x32, 0x33, 0x2e, 0x69, 0x73, 0x74, 0x69, 0x6f, 0x2e, 0x6e, 0x65, 0x74, 0x77, - 0x6f, 0x72, 0x6b, 0x69, 0x6e, 0x67, 0x2e, 0x76, 0x31, 0x62, 0x65, 0x74, 0x61, 0x31, 0x2e, 0x43, - 0x6c, 0x69, 0x65, 0x6e, 0x74, 0x54, 0x4c, 0x53, 0x53, 0x65, 0x74, 0x74, 0x69, 0x6e, 0x67, 0x73, - 0x2e, 0x54, 0x4c, 0x53, 0x6d, 0x6f, 0x64, 0x65, 0x42, 0x04, 0xe2, 0x41, 0x01, 0x02, 0x52, 0x04, - 0x6d, 0x6f, 0x64, 0x65, 0x12, 0x2d, 0x0a, 0x12, 0x63, 0x6c, 0x69, 0x65, 0x6e, 0x74, 0x5f, 0x63, - 0x65, 0x72, 0x74, 0x69, 0x66, 0x69, 0x63, 0x61, 0x74, 0x65, 0x18, 0x02, 0x20, 0x01, 0x28, 0x09, - 0x52, 0x11, 0x63, 0x6c, 0x69, 0x65, 0x6e, 0x74, 0x43, 0x65, 0x72, 0x74, 0x69, 0x66, 0x69, 0x63, - 0x61, 0x74, 0x65, 0x12, 0x1f, 0x0a, 0x0b, 0x70, 0x72, 0x69, 0x76, 0x61, 0x74, 0x65, 0x5f, 0x6b, - 0x65, 0x79, 0x18, 0x03, 0x20, 0x01, 0x28, 0x09, 0x52, 0x0a, 0x70, 0x72, 0x69, 0x76, 0x61, 0x74, - 0x65, 0x4b, 0x65, 0x79, 0x12, 0x27, 0x0a, 0x0f, 0x63, 0x61, 0x5f, 0x63, 0x65, 0x72, 0x74, 0x69, - 0x66, 0x69, 0x63, 0x61, 0x74, 0x65, 0x73, 0x18, 0x04, 0x20, 0x01, 0x28, 0x09, 0x52, 0x0e, 0x63, - 0x61, 0x43, 0x65, 0x72, 0x74, 0x69, 0x66, 0x69, 0x63, 0x61, 0x74, 0x65, 0x73, 0x12, 0x27, 0x0a, - 0x0f, 0x63, 0x72, 0x65, 0x64, 0x65, 0x6e, 0x74, 0x69, 0x61, 0x6c, 0x5f, 0x6e, 0x61, 0x6d, 0x65, - 0x18, 0x07, 0x20, 0x01, 0x28, 0x09, 0x52, 0x0e, 0x63, 0x72, 0x65, 0x64, 0x65, 0x6e, 0x74, 0x69, - 0x61, 0x6c, 0x4e, 0x61, 0x6d, 0x65, 0x12, 0x2a, 0x0a, 0x11, 0x73, 0x75, 0x62, 0x6a, 0x65, 0x63, - 0x74, 0x5f, 0x61, 0x6c, 0x74, 0x5f, 0x6e, 0x61, 0x6d, 0x65, 0x73, 0x18, 0x05, 0x20, 0x03, 0x28, - 0x09, 0x52, 0x0f, 0x73, 0x75, 0x62, 0x6a, 0x65, 0x63, 0x74, 0x41, 0x6c, 0x74, 0x4e, 0x61, 0x6d, - 0x65, 0x73, 0x12, 0x10, 0x0a, 0x03, 0x73, 0x6e, 0x69, 0x18, 0x06, 0x20, 0x01, 0x28, 0x09, 0x52, - 0x03, 0x73, 0x6e, 0x69, 0x12, 0x4c, 0x0a, 0x14, 0x69, 0x6e, 0x73, 0x65, 0x63, 0x75, 0x72, 0x65, - 0x5f, 0x73, 0x6b, 0x69, 0x70, 0x5f, 0x76, 0x65, 0x72, 0x69, 0x66, 0x79, 0x18, 0x08, 0x20, 0x01, - 0x28, 0x0b, 0x32, 0x1a, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, - 0x6f, 0x62, 0x75, 0x66, 0x2e, 0x42, 0x6f, 0x6f, 0x6c, 0x56, 0x61, 0x6c, 0x75, 0x65, 0x52, 0x12, - 0x69, 0x6e, 0x73, 0x65, 0x63, 0x75, 0x72, 0x65, 0x53, 0x6b, 0x69, 0x70, 0x56, 0x65, 0x72, 0x69, - 0x66, 0x79, 0x22, 0x40, 0x0a, 0x07, 0x54, 0x4c, 0x53, 0x6d, 0x6f, 0x64, 0x65, 0x12, 0x0b, 0x0a, - 0x07, 0x44, 0x49, 0x53, 0x41, 0x42, 0x4c, 0x45, 0x10, 0x00, 0x12, 0x0a, 0x0a, 0x06, 0x53, 0x49, - 0x4d, 0x50, 0x4c, 0x45, 0x10, 0x01, 0x12, 0x0a, 0x0a, 0x06, 0x4d, 0x55, 0x54, 0x55, 0x41, 0x4c, - 0x10, 0x02, 0x12, 0x10, 0x0a, 0x0c, 0x49, 0x53, 0x54, 0x49, 0x4f, 0x5f, 0x4d, 0x55, 0x54, 0x55, - 0x41, 0x4c, 0x10, 0x03, 0x22, 0xa2, 0x04, 0x0a, 0x1b, 0x4c, 0x6f, 0x63, 0x61, 0x6c, 0x69, 0x74, + 0x65, 0x52, 0x1e, 0x63, 0x6f, 0x6e, 0x73, 0x65, 0x63, 0x75, 0x74, 0x69, 0x76, 0x65, 0x4c, 0x6f, + 0x63, 0x61, 0x6c, 0x4f, 0x72, 0x69, 0x67, 0x69, 0x6e, 0x46, 0x61, 0x69, 0x6c, 0x75, 0x72, 0x65, + 0x73, 0x12, 0x5a, 0x0a, 0x1a, 0x63, 0x6f, 0x6e, 0x73, 0x65, 0x63, 0x75, 0x74, 0x69, 0x76, 0x65, + 0x5f, 0x67, 0x61, 0x74, 0x65, 0x77, 0x61, 0x79, 0x5f, 0x65, 0x72, 0x72, 0x6f, 0x72, 0x73, 0x18, + 0x06, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x1c, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x70, + 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2e, 0x55, 0x49, 0x6e, 0x74, 0x33, 0x32, 0x56, 0x61, + 0x6c, 0x75, 0x65, 0x52, 0x18, 0x63, 0x6f, 0x6e, 0x73, 0x65, 0x63, 0x75, 0x74, 0x69, 0x76, 0x65, + 0x47, 0x61, 0x74, 0x65, 0x77, 0x61, 0x79, 0x45, 0x72, 0x72, 0x6f, 0x72, 0x73, 0x12, 0x52, 0x0a, + 0x16, 0x63, 0x6f, 0x6e, 0x73, 0x65, 0x63, 0x75, 0x74, 0x69, 0x76, 0x65, 0x5f, 0x35, 0x78, 0x78, + 0x5f, 0x65, 0x72, 0x72, 0x6f, 0x72, 0x73, 0x18, 0x07, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x1c, 0x2e, + 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2e, + 0x55, 0x49, 0x6e, 0x74, 0x33, 0x32, 0x56, 0x61, 0x6c, 0x75, 0x65, 0x52, 0x14, 0x63, 0x6f, 0x6e, + 0x73, 0x65, 0x63, 0x75, 0x74, 0x69, 0x76, 0x65, 0x35, 0x78, 0x78, 0x45, 0x72, 0x72, 0x6f, 0x72, + 0x73, 0x12, 0x35, 0x0a, 0x08, 0x69, 0x6e, 0x74, 0x65, 0x72, 0x76, 0x61, 0x6c, 0x18, 0x02, 0x20, + 0x01, 0x28, 0x0b, 0x32, 0x19, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x70, 0x72, 0x6f, + 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2e, 0x44, 0x75, 0x72, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x52, 0x08, + 0x69, 0x6e, 0x74, 0x65, 0x72, 0x76, 0x61, 0x6c, 0x12, 0x47, 0x0a, 0x12, 0x62, 0x61, 0x73, 0x65, + 0x5f, 0x65, 0x6a, 0x65, 0x63, 0x74, 0x69, 0x6f, 0x6e, 0x5f, 0x74, 0x69, 0x6d, 0x65, 0x18, 0x03, + 0x20, 0x01, 0x28, 0x0b, 0x32, 0x19, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x70, 0x72, + 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2e, 0x44, 0x75, 0x72, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x52, + 0x10, 0x62, 0x61, 0x73, 0x65, 0x45, 0x6a, 0x65, 0x63, 0x74, 0x69, 0x6f, 0x6e, 0x54, 0x69, 0x6d, + 0x65, 0x12, 0x30, 0x0a, 0x14, 0x6d, 0x61, 0x78, 0x5f, 0x65, 0x6a, 0x65, 0x63, 0x74, 0x69, 0x6f, + 0x6e, 0x5f, 0x70, 0x65, 0x72, 0x63, 0x65, 0x6e, 0x74, 0x18, 0x04, 0x20, 0x01, 0x28, 0x05, 0x52, + 0x12, 0x6d, 0x61, 0x78, 0x45, 0x6a, 0x65, 0x63, 0x74, 0x69, 0x6f, 0x6e, 0x50, 0x65, 0x72, 0x63, + 0x65, 0x6e, 0x74, 0x12, 0x2c, 0x0a, 0x12, 0x6d, 0x69, 0x6e, 0x5f, 0x68, 0x65, 0x61, 0x6c, 0x74, + 0x68, 0x5f, 0x70, 0x65, 0x72, 0x63, 0x65, 0x6e, 0x74, 0x18, 0x05, 0x20, 0x01, 0x28, 0x05, 0x52, + 0x10, 0x6d, 0x69, 0x6e, 0x48, 0x65, 0x61, 0x6c, 0x74, 0x68, 0x50, 0x65, 0x72, 0x63, 0x65, 0x6e, + 0x74, 0x22, 0xe4, 0x03, 0x0a, 0x11, 0x43, 0x6c, 0x69, 0x65, 0x6e, 0x74, 0x54, 0x4c, 0x53, 0x53, + 0x65, 0x74, 0x74, 0x69, 0x6e, 0x67, 0x73, 0x12, 0x48, 0x0a, 0x04, 0x6d, 0x6f, 0x64, 0x65, 0x18, + 0x01, 0x20, 0x01, 0x28, 0x0e, 0x32, 0x34, 0x2e, 0x69, 0x73, 0x74, 0x69, 0x6f, 0x2e, 0x6e, 0x65, + 0x74, 0x77, 0x6f, 0x72, 0x6b, 0x69, 0x6e, 0x67, 0x2e, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, + 0x33, 0x2e, 0x43, 0x6c, 0x69, 0x65, 0x6e, 0x74, 0x54, 0x4c, 0x53, 0x53, 0x65, 0x74, 0x74, 0x69, + 0x6e, 0x67, 0x73, 0x2e, 0x54, 0x4c, 0x53, 0x6d, 0x6f, 0x64, 0x65, 0x52, 0x04, 0x6d, 0x6f, 0x64, + 0x65, 0x12, 0x2d, 0x0a, 0x12, 0x63, 0x6c, 0x69, 0x65, 0x6e, 0x74, 0x5f, 0x63, 0x65, 0x72, 0x74, + 0x69, 0x66, 0x69, 0x63, 0x61, 0x74, 0x65, 0x18, 0x02, 0x20, 0x01, 0x28, 0x09, 0x52, 0x11, 0x63, + 0x6c, 0x69, 0x65, 0x6e, 0x74, 0x43, 0x65, 0x72, 0x74, 0x69, 0x66, 0x69, 0x63, 0x61, 0x74, 0x65, + 0x12, 0x1f, 0x0a, 0x0b, 0x70, 0x72, 0x69, 0x76, 0x61, 0x74, 0x65, 0x5f, 0x6b, 0x65, 0x79, 0x18, + 0x03, 0x20, 0x01, 0x28, 0x09, 0x52, 0x0a, 0x70, 0x72, 0x69, 0x76, 0x61, 0x74, 0x65, 0x4b, 0x65, + 0x79, 0x12, 0x27, 0x0a, 0x0f, 0x63, 0x61, 0x5f, 0x63, 0x65, 0x72, 0x74, 0x69, 0x66, 0x69, 0x63, + 0x61, 0x74, 0x65, 0x73, 0x18, 0x04, 0x20, 0x01, 0x28, 0x09, 0x52, 0x0e, 0x63, 0x61, 0x43, 0x65, + 0x72, 0x74, 0x69, 0x66, 0x69, 0x63, 0x61, 0x74, 0x65, 0x73, 0x12, 0x27, 0x0a, 0x0f, 0x63, 0x72, + 0x65, 0x64, 0x65, 0x6e, 0x74, 0x69, 0x61, 0x6c, 0x5f, 0x6e, 0x61, 0x6d, 0x65, 0x18, 0x07, 0x20, + 0x01, 0x28, 0x09, 0x52, 0x0e, 0x63, 0x72, 0x65, 0x64, 0x65, 0x6e, 0x74, 0x69, 0x61, 0x6c, 0x4e, + 0x61, 0x6d, 0x65, 0x12, 0x2a, 0x0a, 0x11, 0x73, 0x75, 0x62, 0x6a, 0x65, 0x63, 0x74, 0x5f, 0x61, + 0x6c, 0x74, 0x5f, 0x6e, 0x61, 0x6d, 0x65, 0x73, 0x18, 0x05, 0x20, 0x03, 0x28, 0x09, 0x52, 0x0f, + 0x73, 0x75, 0x62, 0x6a, 0x65, 0x63, 0x74, 0x41, 0x6c, 0x74, 0x4e, 0x61, 0x6d, 0x65, 0x73, 0x12, + 0x10, 0x0a, 0x03, 0x73, 0x6e, 0x69, 0x18, 0x06, 0x20, 0x01, 0x28, 0x09, 0x52, 0x03, 0x73, 0x6e, + 0x69, 0x12, 0x4c, 0x0a, 0x14, 0x69, 0x6e, 0x73, 0x65, 0x63, 0x75, 0x72, 0x65, 0x5f, 0x73, 0x6b, + 0x69, 0x70, 0x5f, 0x76, 0x65, 0x72, 0x69, 0x66, 0x79, 0x18, 0x08, 0x20, 0x01, 0x28, 0x0b, 0x32, + 0x1a, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, + 0x66, 0x2e, 0x42, 0x6f, 0x6f, 0x6c, 0x56, 0x61, 0x6c, 0x75, 0x65, 0x52, 0x12, 0x69, 0x6e, 0x73, + 0x65, 0x63, 0x75, 0x72, 0x65, 0x53, 0x6b, 0x69, 0x70, 0x56, 0x65, 0x72, 0x69, 0x66, 0x79, 0x12, + 0x15, 0x0a, 0x06, 0x63, 0x61, 0x5f, 0x63, 0x72, 0x6c, 0x18, 0x09, 0x20, 0x01, 0x28, 0x09, 0x52, + 0x05, 0x63, 0x61, 0x43, 0x72, 0x6c, 0x22, 0x40, 0x0a, 0x07, 0x54, 0x4c, 0x53, 0x6d, 0x6f, 0x64, + 0x65, 0x12, 0x0b, 0x0a, 0x07, 0x44, 0x49, 0x53, 0x41, 0x42, 0x4c, 0x45, 0x10, 0x00, 0x12, 0x0a, + 0x0a, 0x06, 0x53, 0x49, 0x4d, 0x50, 0x4c, 0x45, 0x10, 0x01, 0x12, 0x0a, 0x0a, 0x06, 0x4d, 0x55, + 0x54, 0x55, 0x41, 0x4c, 0x10, 0x02, 0x12, 0x10, 0x0a, 0x0c, 0x49, 0x53, 0x54, 0x49, 0x4f, 0x5f, + 0x4d, 0x55, 0x54, 0x55, 0x41, 0x4c, 0x10, 0x03, 0x22, 0xa5, 0x04, 0x0a, 0x1b, 0x4c, 0x6f, 0x63, + 0x61, 0x6c, 0x69, 0x74, 0x79, 0x4c, 0x6f, 0x61, 0x64, 0x42, 0x61, 0x6c, 0x61, 0x6e, 0x63, 0x65, + 0x72, 0x53, 0x65, 0x74, 0x74, 0x69, 0x6e, 0x67, 0x12, 0x61, 0x0a, 0x0a, 0x64, 0x69, 0x73, 0x74, + 0x72, 0x69, 0x62, 0x75, 0x74, 0x65, 0x18, 0x01, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x41, 0x2e, 0x69, + 0x73, 0x74, 0x69, 0x6f, 0x2e, 0x6e, 0x65, 0x74, 0x77, 0x6f, 0x72, 0x6b, 0x69, 0x6e, 0x67, 0x2e, + 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x33, 0x2e, 0x4c, 0x6f, 0x63, 0x61, 0x6c, 0x69, 0x74, 0x79, 0x4c, 0x6f, 0x61, 0x64, 0x42, 0x61, 0x6c, 0x61, 0x6e, 0x63, 0x65, 0x72, 0x53, 0x65, 0x74, - 0x74, 0x69, 0x6e, 0x67, 0x12, 0x60, 0x0a, 0x0a, 0x64, 0x69, 0x73, 0x74, 0x72, 0x69, 0x62, 0x75, - 0x74, 0x65, 0x18, 0x01, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x40, 0x2e, 0x69, 0x73, 0x74, 0x69, 0x6f, - 0x2e, 0x6e, 0x65, 0x74, 0x77, 0x6f, 0x72, 0x6b, 0x69, 0x6e, 0x67, 0x2e, 0x76, 0x31, 0x62, 0x65, - 0x74, 0x61, 0x31, 0x2e, 0x4c, 0x6f, 0x63, 0x61, 0x6c, 0x69, 0x74, 0x79, 0x4c, 0x6f, 0x61, 0x64, - 0x42, 0x61, 0x6c, 0x61, 0x6e, 0x63, 0x65, 0x72, 0x53, 0x65, 0x74, 0x74, 0x69, 0x6e, 0x67, 0x2e, - 0x44, 0x69, 0x73, 0x74, 0x72, 0x69, 0x62, 0x75, 0x74, 0x65, 0x52, 0x0a, 0x64, 0x69, 0x73, 0x74, - 0x72, 0x69, 0x62, 0x75, 0x74, 0x65, 0x12, 0x5a, 0x0a, 0x08, 0x66, 0x61, 0x69, 0x6c, 0x6f, 0x76, - 0x65, 0x72, 0x18, 0x02, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x3e, 0x2e, 0x69, 0x73, 0x74, 0x69, 0x6f, - 0x2e, 0x6e, 0x65, 0x74, 0x77, 0x6f, 0x72, 0x6b, 0x69, 0x6e, 0x67, 0x2e, 0x76, 0x31, 0x62, 0x65, - 0x74, 0x61, 0x31, 0x2e, 0x4c, 0x6f, 0x63, 0x61, 0x6c, 0x69, 0x74, 0x79, 0x4c, 0x6f, 0x61, 0x64, - 0x42, 0x61, 0x6c, 0x61, 0x6e, 0x63, 0x65, 0x72, 0x53, 0x65, 0x74, 0x74, 0x69, 0x6e, 0x67, 0x2e, - 0x46, 0x61, 0x69, 0x6c, 0x6f, 0x76, 0x65, 0x72, 0x52, 0x08, 0x66, 0x61, 0x69, 0x6c, 0x6f, 0x76, - 0x65, 0x72, 0x12, 0x2b, 0x0a, 0x11, 0x66, 0x61, 0x69, 0x6c, 0x6f, 0x76, 0x65, 0x72, 0x5f, 0x70, - 0x72, 0x69, 0x6f, 0x72, 0x69, 0x74, 0x79, 0x18, 0x04, 0x20, 0x03, 0x28, 0x09, 0x52, 0x10, 0x66, - 0x61, 0x69, 0x6c, 0x6f, 0x76, 0x65, 0x72, 0x50, 0x72, 0x69, 0x6f, 0x72, 0x69, 0x74, 0x79, 0x12, - 0x34, 0x0a, 0x07, 0x65, 0x6e, 0x61, 0x62, 0x6c, 0x65, 0x64, 0x18, 0x03, 0x20, 0x01, 0x28, 0x0b, - 0x32, 0x1a, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, - 0x75, 0x66, 0x2e, 0x42, 0x6f, 0x6f, 0x6c, 0x56, 0x61, 0x6c, 0x75, 0x65, 0x52, 0x07, 0x65, 0x6e, - 0x61, 0x62, 0x6c, 0x65, 0x64, 0x1a, 0xb1, 0x01, 0x0a, 0x0a, 0x44, 0x69, 0x73, 0x74, 0x72, 0x69, - 0x62, 0x75, 0x74, 0x65, 0x12, 0x12, 0x0a, 0x04, 0x66, 0x72, 0x6f, 0x6d, 0x18, 0x01, 0x20, 0x01, - 0x28, 0x09, 0x52, 0x04, 0x66, 0x72, 0x6f, 0x6d, 0x12, 0x58, 0x0a, 0x02, 0x74, 0x6f, 0x18, 0x02, - 0x20, 0x03, 0x28, 0x0b, 0x32, 0x48, 0x2e, 0x69, 0x73, 0x74, 0x69, 0x6f, 0x2e, 0x6e, 0x65, 0x74, - 0x77, 0x6f, 0x72, 0x6b, 0x69, 0x6e, 0x67, 0x2e, 0x76, 0x31, 0x62, 0x65, 0x74, 0x61, 0x31, 0x2e, - 0x4c, 0x6f, 0x63, 0x61, 0x6c, 0x69, 0x74, 0x79, 0x4c, 0x6f, 0x61, 0x64, 0x42, 0x61, 0x6c, 0x61, - 0x6e, 0x63, 0x65, 0x72, 0x53, 0x65, 0x74, 0x74, 0x69, 0x6e, 0x67, 0x2e, 0x44, 0x69, 0x73, 0x74, - 0x72, 0x69, 0x62, 0x75, 0x74, 0x65, 0x2e, 0x54, 0x6f, 0x45, 0x6e, 0x74, 0x72, 0x79, 0x52, 0x02, - 0x74, 0x6f, 0x1a, 0x35, 0x0a, 0x07, 0x54, 0x6f, 0x45, 0x6e, 0x74, 0x72, 0x79, 0x12, 0x10, 0x0a, - 0x03, 0x6b, 0x65, 0x79, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x03, 0x6b, 0x65, 0x79, 0x12, - 0x14, 0x0a, 0x05, 0x76, 0x61, 0x6c, 0x75, 0x65, 0x18, 0x02, 0x20, 0x01, 0x28, 0x0d, 0x52, 0x05, - 0x76, 0x61, 0x6c, 0x75, 0x65, 0x3a, 0x02, 0x38, 0x01, 0x1a, 0x2e, 0x0a, 0x08, 0x46, 0x61, 0x69, - 0x6c, 0x6f, 0x76, 0x65, 0x72, 0x12, 0x12, 0x0a, 0x04, 0x66, 0x72, 0x6f, 0x6d, 0x18, 0x01, 0x20, - 0x01, 0x28, 0x09, 0x52, 0x04, 0x66, 0x72, 0x6f, 0x6d, 0x12, 0x0e, 0x0a, 0x02, 0x74, 0x6f, 0x18, - 0x02, 0x20, 0x01, 0x28, 0x09, 0x52, 0x02, 0x74, 0x6f, 0x42, 0x21, 0x5a, 0x1f, 0x69, 0x73, 0x74, - 0x69, 0x6f, 0x2e, 0x69, 0x6f, 0x2f, 0x61, 0x70, 0x69, 0x2f, 0x6e, 0x65, 0x74, 0x77, 0x6f, 0x72, - 0x6b, 0x69, 0x6e, 0x67, 0x2f, 0x76, 0x31, 0x62, 0x65, 0x74, 0x61, 0x31, 0x62, 0x06, 0x70, 0x72, - 0x6f, 0x74, 0x6f, 0x33, + 0x74, 0x69, 0x6e, 0x67, 0x2e, 0x44, 0x69, 0x73, 0x74, 0x72, 0x69, 0x62, 0x75, 0x74, 0x65, 0x52, + 0x0a, 0x64, 0x69, 0x73, 0x74, 0x72, 0x69, 0x62, 0x75, 0x74, 0x65, 0x12, 0x5b, 0x0a, 0x08, 0x66, + 0x61, 0x69, 0x6c, 0x6f, 0x76, 0x65, 0x72, 0x18, 0x02, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x3f, 0x2e, + 0x69, 0x73, 0x74, 0x69, 0x6f, 0x2e, 0x6e, 0x65, 0x74, 0x77, 0x6f, 0x72, 0x6b, 0x69, 0x6e, 0x67, + 0x2e, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x33, 0x2e, 0x4c, 0x6f, 0x63, 0x61, 0x6c, 0x69, + 0x74, 0x79, 0x4c, 0x6f, 0x61, 0x64, 0x42, 0x61, 0x6c, 0x61, 0x6e, 0x63, 0x65, 0x72, 0x53, 0x65, + 0x74, 0x74, 0x69, 0x6e, 0x67, 0x2e, 0x46, 0x61, 0x69, 0x6c, 0x6f, 0x76, 0x65, 0x72, 0x52, 0x08, + 0x66, 0x61, 0x69, 0x6c, 0x6f, 0x76, 0x65, 0x72, 0x12, 0x2b, 0x0a, 0x11, 0x66, 0x61, 0x69, 0x6c, + 0x6f, 0x76, 0x65, 0x72, 0x5f, 0x70, 0x72, 0x69, 0x6f, 0x72, 0x69, 0x74, 0x79, 0x18, 0x04, 0x20, + 0x03, 0x28, 0x09, 0x52, 0x10, 0x66, 0x61, 0x69, 0x6c, 0x6f, 0x76, 0x65, 0x72, 0x50, 0x72, 0x69, + 0x6f, 0x72, 0x69, 0x74, 0x79, 0x12, 0x34, 0x0a, 0x07, 0x65, 0x6e, 0x61, 0x62, 0x6c, 0x65, 0x64, + 0x18, 0x03, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x1a, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, + 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2e, 0x42, 0x6f, 0x6f, 0x6c, 0x56, 0x61, 0x6c, + 0x75, 0x65, 0x52, 0x07, 0x65, 0x6e, 0x61, 0x62, 0x6c, 0x65, 0x64, 0x1a, 0xb2, 0x01, 0x0a, 0x0a, + 0x44, 0x69, 0x73, 0x74, 0x72, 0x69, 0x62, 0x75, 0x74, 0x65, 0x12, 0x12, 0x0a, 0x04, 0x66, 0x72, + 0x6f, 0x6d, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x04, 0x66, 0x72, 0x6f, 0x6d, 0x12, 0x59, + 0x0a, 0x02, 0x74, 0x6f, 0x18, 0x02, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x49, 0x2e, 0x69, 0x73, 0x74, + 0x69, 0x6f, 0x2e, 0x6e, 0x65, 0x74, 0x77, 0x6f, 0x72, 0x6b, 0x69, 0x6e, 0x67, 0x2e, 0x76, 0x31, + 0x61, 0x6c, 0x70, 0x68, 0x61, 0x33, 0x2e, 0x4c, 0x6f, 0x63, 0x61, 0x6c, 0x69, 0x74, 0x79, 0x4c, + 0x6f, 0x61, 0x64, 0x42, 0x61, 0x6c, 0x61, 0x6e, 0x63, 0x65, 0x72, 0x53, 0x65, 0x74, 0x74, 0x69, + 0x6e, 0x67, 0x2e, 0x44, 0x69, 0x73, 0x74, 0x72, 0x69, 0x62, 0x75, 0x74, 0x65, 0x2e, 0x54, 0x6f, + 0x45, 0x6e, 0x74, 0x72, 0x79, 0x52, 0x02, 0x74, 0x6f, 0x1a, 0x35, 0x0a, 0x07, 0x54, 0x6f, 0x45, + 0x6e, 0x74, 0x72, 0x79, 0x12, 0x10, 0x0a, 0x03, 0x6b, 0x65, 0x79, 0x18, 0x01, 0x20, 0x01, 0x28, + 0x09, 0x52, 0x03, 0x6b, 0x65, 0x79, 0x12, 0x14, 0x0a, 0x05, 0x76, 0x61, 0x6c, 0x75, 0x65, 0x18, + 0x02, 0x20, 0x01, 0x28, 0x0d, 0x52, 0x05, 0x76, 0x61, 0x6c, 0x75, 0x65, 0x3a, 0x02, 0x38, 0x01, + 0x1a, 0x2e, 0x0a, 0x08, 0x46, 0x61, 0x69, 0x6c, 0x6f, 0x76, 0x65, 0x72, 0x12, 0x12, 0x0a, 0x04, + 0x66, 0x72, 0x6f, 0x6d, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x04, 0x66, 0x72, 0x6f, 0x6d, + 0x12, 0x0e, 0x0a, 0x02, 0x74, 0x6f, 0x18, 0x02, 0x20, 0x01, 0x28, 0x09, 0x52, 0x02, 0x74, 0x6f, + 0x42, 0x22, 0x5a, 0x20, 0x69, 0x73, 0x74, 0x69, 0x6f, 0x2e, 0x69, 0x6f, 0x2f, 0x61, 0x70, 0x69, + 0x2f, 0x6e, 0x65, 0x74, 0x77, 0x6f, 0x72, 0x6b, 0x69, 0x6e, 0x67, 0x2f, 0x76, 0x31, 0x61, 0x6c, + 0x70, 0x68, 0x61, 0x33, 0x62, 0x06, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x33, } var ( - file_networking_v1beta1_destination_rule_proto_rawDescOnce sync.Once - file_networking_v1beta1_destination_rule_proto_rawDescData = file_networking_v1beta1_destination_rule_proto_rawDesc + file_networking_v1alpha3_destination_rule_proto_rawDescOnce sync.Once + file_networking_v1alpha3_destination_rule_proto_rawDescData = file_networking_v1alpha3_destination_rule_proto_rawDesc ) -func file_networking_v1beta1_destination_rule_proto_rawDescGZIP() []byte { - file_networking_v1beta1_destination_rule_proto_rawDescOnce.Do(func() { - file_networking_v1beta1_destination_rule_proto_rawDescData = protoimpl.X.CompressGZIP(file_networking_v1beta1_destination_rule_proto_rawDescData) +func file_networking_v1alpha3_destination_rule_proto_rawDescGZIP() []byte { + file_networking_v1alpha3_destination_rule_proto_rawDescOnce.Do(func() { + file_networking_v1alpha3_destination_rule_proto_rawDescData = protoimpl.X.CompressGZIP(file_networking_v1alpha3_destination_rule_proto_rawDescData) }) - return file_networking_v1beta1_destination_rule_proto_rawDescData -} - -var file_networking_v1beta1_destination_rule_proto_enumTypes = make([]protoimpl.EnumInfo, 3) -var file_networking_v1beta1_destination_rule_proto_msgTypes = make([]protoimpl.MessageInfo, 21) -var file_networking_v1beta1_destination_rule_proto_goTypes = []interface{}{ - (LoadBalancerSettings_SimpleLB)(0), // 0: istio.networking.v1beta1.LoadBalancerSettings.SimpleLB - (ConnectionPoolSettings_HTTPSettings_H2UpgradePolicy)(0), // 1: istio.networking.v1beta1.ConnectionPoolSettings.HTTPSettings.H2UpgradePolicy - (ClientTLSSettings_TLSmode)(0), // 2: istio.networking.v1beta1.ClientTLSSettings.TLSmode - (*DestinationRule)(nil), // 3: istio.networking.v1beta1.DestinationRule - (*TrafficPolicy)(nil), // 4: istio.networking.v1beta1.TrafficPolicy - (*Subset)(nil), // 5: istio.networking.v1beta1.Subset - (*LoadBalancerSettings)(nil), // 6: istio.networking.v1beta1.LoadBalancerSettings - (*ConnectionPoolSettings)(nil), // 7: istio.networking.v1beta1.ConnectionPoolSettings - (*OutlierDetection)(nil), // 8: istio.networking.v1beta1.OutlierDetection - (*ClientTLSSettings)(nil), // 9: istio.networking.v1beta1.ClientTLSSettings - (*LocalityLoadBalancerSetting)(nil), // 10: istio.networking.v1beta1.LocalityLoadBalancerSetting - (*TrafficPolicy_PortTrafficPolicy)(nil), // 11: istio.networking.v1beta1.TrafficPolicy.PortTrafficPolicy - (*TrafficPolicy_TunnelSettings)(nil), // 12: istio.networking.v1beta1.TrafficPolicy.TunnelSettings - nil, // 13: istio.networking.v1beta1.Subset.LabelsEntry - (*LoadBalancerSettings_ConsistentHashLB)(nil), // 14: istio.networking.v1beta1.LoadBalancerSettings.ConsistentHashLB - (*LoadBalancerSettings_ConsistentHashLB_RingHash)(nil), // 15: istio.networking.v1beta1.LoadBalancerSettings.ConsistentHashLB.RingHash - (*LoadBalancerSettings_ConsistentHashLB_MagLev)(nil), // 16: istio.networking.v1beta1.LoadBalancerSettings.ConsistentHashLB.MagLev - (*LoadBalancerSettings_ConsistentHashLB_HTTPCookie)(nil), // 17: istio.networking.v1beta1.LoadBalancerSettings.ConsistentHashLB.HTTPCookie - (*ConnectionPoolSettings_TCPSettings)(nil), // 18: istio.networking.v1beta1.ConnectionPoolSettings.TCPSettings - (*ConnectionPoolSettings_HTTPSettings)(nil), // 19: istio.networking.v1beta1.ConnectionPoolSettings.HTTPSettings - (*ConnectionPoolSettings_TCPSettings_TcpKeepalive)(nil), // 20: istio.networking.v1beta1.ConnectionPoolSettings.TCPSettings.TcpKeepalive - (*LocalityLoadBalancerSetting_Distribute)(nil), // 21: istio.networking.v1beta1.LocalityLoadBalancerSetting.Distribute - (*LocalityLoadBalancerSetting_Failover)(nil), // 22: istio.networking.v1beta1.LocalityLoadBalancerSetting.Failover - nil, // 23: istio.networking.v1beta1.LocalityLoadBalancerSetting.Distribute.ToEntry - (*v1beta1.WorkloadSelector)(nil), // 24: istio.type.v1beta1.WorkloadSelector - (*duration.Duration)(nil), // 25: google.protobuf.Duration - (*wrappers.UInt32Value)(nil), // 26: google.protobuf.UInt32Value - (*wrappers.BoolValue)(nil), // 27: google.protobuf.BoolValue - (*PortSelector)(nil), // 28: istio.networking.v1beta1.PortSelector -} -var file_networking_v1beta1_destination_rule_proto_depIdxs = []int32{ - 4, // 0: istio.networking.v1beta1.DestinationRule.traffic_policy:type_name -> istio.networking.v1beta1.TrafficPolicy - 5, // 1: istio.networking.v1beta1.DestinationRule.subsets:type_name -> istio.networking.v1beta1.Subset - 24, // 2: istio.networking.v1beta1.DestinationRule.workload_selector:type_name -> istio.type.v1beta1.WorkloadSelector - 6, // 3: istio.networking.v1beta1.TrafficPolicy.load_balancer:type_name -> istio.networking.v1beta1.LoadBalancerSettings - 7, // 4: istio.networking.v1beta1.TrafficPolicy.connection_pool:type_name -> istio.networking.v1beta1.ConnectionPoolSettings - 8, // 5: istio.networking.v1beta1.TrafficPolicy.outlier_detection:type_name -> istio.networking.v1beta1.OutlierDetection - 9, // 6: istio.networking.v1beta1.TrafficPolicy.tls:type_name -> istio.networking.v1beta1.ClientTLSSettings - 11, // 7: istio.networking.v1beta1.TrafficPolicy.port_level_settings:type_name -> istio.networking.v1beta1.TrafficPolicy.PortTrafficPolicy - 12, // 8: istio.networking.v1beta1.TrafficPolicy.tunnel:type_name -> istio.networking.v1beta1.TrafficPolicy.TunnelSettings - 13, // 9: istio.networking.v1beta1.Subset.labels:type_name -> istio.networking.v1beta1.Subset.LabelsEntry - 4, // 10: istio.networking.v1beta1.Subset.traffic_policy:type_name -> istio.networking.v1beta1.TrafficPolicy - 0, // 11: istio.networking.v1beta1.LoadBalancerSettings.simple:type_name -> istio.networking.v1beta1.LoadBalancerSettings.SimpleLB - 14, // 12: istio.networking.v1beta1.LoadBalancerSettings.consistent_hash:type_name -> istio.networking.v1beta1.LoadBalancerSettings.ConsistentHashLB - 10, // 13: istio.networking.v1beta1.LoadBalancerSettings.locality_lb_setting:type_name -> istio.networking.v1beta1.LocalityLoadBalancerSetting - 25, // 14: istio.networking.v1beta1.LoadBalancerSettings.warmup_duration_secs:type_name -> google.protobuf.Duration - 18, // 15: istio.networking.v1beta1.ConnectionPoolSettings.tcp:type_name -> istio.networking.v1beta1.ConnectionPoolSettings.TCPSettings - 19, // 16: istio.networking.v1beta1.ConnectionPoolSettings.http:type_name -> istio.networking.v1beta1.ConnectionPoolSettings.HTTPSettings - 26, // 17: istio.networking.v1beta1.OutlierDetection.consecutive_local_origin_failures:type_name -> google.protobuf.UInt32Value - 26, // 18: istio.networking.v1beta1.OutlierDetection.consecutive_gateway_errors:type_name -> google.protobuf.UInt32Value - 26, // 19: istio.networking.v1beta1.OutlierDetection.consecutive_5xx_errors:type_name -> google.protobuf.UInt32Value - 25, // 20: istio.networking.v1beta1.OutlierDetection.interval:type_name -> google.protobuf.Duration - 25, // 21: istio.networking.v1beta1.OutlierDetection.base_ejection_time:type_name -> google.protobuf.Duration - 2, // 22: istio.networking.v1beta1.ClientTLSSettings.mode:type_name -> istio.networking.v1beta1.ClientTLSSettings.TLSmode - 27, // 23: istio.networking.v1beta1.ClientTLSSettings.insecure_skip_verify:type_name -> google.protobuf.BoolValue - 21, // 24: istio.networking.v1beta1.LocalityLoadBalancerSetting.distribute:type_name -> istio.networking.v1beta1.LocalityLoadBalancerSetting.Distribute - 22, // 25: istio.networking.v1beta1.LocalityLoadBalancerSetting.failover:type_name -> istio.networking.v1beta1.LocalityLoadBalancerSetting.Failover - 27, // 26: istio.networking.v1beta1.LocalityLoadBalancerSetting.enabled:type_name -> google.protobuf.BoolValue - 28, // 27: istio.networking.v1beta1.TrafficPolicy.PortTrafficPolicy.port:type_name -> istio.networking.v1beta1.PortSelector - 6, // 28: istio.networking.v1beta1.TrafficPolicy.PortTrafficPolicy.load_balancer:type_name -> istio.networking.v1beta1.LoadBalancerSettings - 7, // 29: istio.networking.v1beta1.TrafficPolicy.PortTrafficPolicy.connection_pool:type_name -> istio.networking.v1beta1.ConnectionPoolSettings - 8, // 30: istio.networking.v1beta1.TrafficPolicy.PortTrafficPolicy.outlier_detection:type_name -> istio.networking.v1beta1.OutlierDetection - 9, // 31: istio.networking.v1beta1.TrafficPolicy.PortTrafficPolicy.tls:type_name -> istio.networking.v1beta1.ClientTLSSettings - 17, // 32: istio.networking.v1beta1.LoadBalancerSettings.ConsistentHashLB.http_cookie:type_name -> istio.networking.v1beta1.LoadBalancerSettings.ConsistentHashLB.HTTPCookie - 15, // 33: istio.networking.v1beta1.LoadBalancerSettings.ConsistentHashLB.ring_hash:type_name -> istio.networking.v1beta1.LoadBalancerSettings.ConsistentHashLB.RingHash - 16, // 34: istio.networking.v1beta1.LoadBalancerSettings.ConsistentHashLB.maglev:type_name -> istio.networking.v1beta1.LoadBalancerSettings.ConsistentHashLB.MagLev - 25, // 35: istio.networking.v1beta1.LoadBalancerSettings.ConsistentHashLB.HTTPCookie.ttl:type_name -> google.protobuf.Duration - 25, // 36: istio.networking.v1beta1.ConnectionPoolSettings.TCPSettings.connect_timeout:type_name -> google.protobuf.Duration - 20, // 37: istio.networking.v1beta1.ConnectionPoolSettings.TCPSettings.tcp_keepalive:type_name -> istio.networking.v1beta1.ConnectionPoolSettings.TCPSettings.TcpKeepalive - 25, // 38: istio.networking.v1beta1.ConnectionPoolSettings.TCPSettings.max_connection_duration:type_name -> google.protobuf.Duration - 25, // 39: istio.networking.v1beta1.ConnectionPoolSettings.HTTPSettings.idle_timeout:type_name -> google.protobuf.Duration - 1, // 40: istio.networking.v1beta1.ConnectionPoolSettings.HTTPSettings.h2_upgrade_policy:type_name -> istio.networking.v1beta1.ConnectionPoolSettings.HTTPSettings.H2UpgradePolicy - 25, // 41: istio.networking.v1beta1.ConnectionPoolSettings.TCPSettings.TcpKeepalive.time:type_name -> google.protobuf.Duration - 25, // 42: istio.networking.v1beta1.ConnectionPoolSettings.TCPSettings.TcpKeepalive.interval:type_name -> google.protobuf.Duration - 23, // 43: istio.networking.v1beta1.LocalityLoadBalancerSetting.Distribute.to:type_name -> istio.networking.v1beta1.LocalityLoadBalancerSetting.Distribute.ToEntry - 44, // [44:44] is the sub-list for method output_type - 44, // [44:44] is the sub-list for method input_type - 44, // [44:44] is the sub-list for extension type_name - 44, // [44:44] is the sub-list for extension extendee - 0, // [0:44] is the sub-list for field type_name -} - -func init() { file_networking_v1beta1_destination_rule_proto_init() } -func file_networking_v1beta1_destination_rule_proto_init() { - if File_networking_v1beta1_destination_rule_proto != nil { + return file_networking_v1alpha3_destination_rule_proto_rawDescData +} + +var file_networking_v1alpha3_destination_rule_proto_enumTypes = make([]protoimpl.EnumInfo, 4) +var file_networking_v1alpha3_destination_rule_proto_msgTypes = make([]protoimpl.MessageInfo, 23) +var file_networking_v1alpha3_destination_rule_proto_goTypes = []any{ + (TrafficPolicy_ProxyProtocol_VERSION)(0), // 0: istio.networking.v1alpha3.TrafficPolicy.ProxyProtocol.VERSION + (LoadBalancerSettings_SimpleLB)(0), // 1: istio.networking.v1alpha3.LoadBalancerSettings.SimpleLB + (ConnectionPoolSettings_HTTPSettings_H2UpgradePolicy)(0), // 2: istio.networking.v1alpha3.ConnectionPoolSettings.HTTPSettings.H2UpgradePolicy + (ClientTLSSettings_TLSmode)(0), // 3: istio.networking.v1alpha3.ClientTLSSettings.TLSmode + (*DestinationRule)(nil), // 4: istio.networking.v1alpha3.DestinationRule + (*TrafficPolicy)(nil), // 5: istio.networking.v1alpha3.TrafficPolicy + (*Subset)(nil), // 6: istio.networking.v1alpha3.Subset + (*LoadBalancerSettings)(nil), // 7: istio.networking.v1alpha3.LoadBalancerSettings + (*WarmupConfiguration)(nil), // 8: istio.networking.v1alpha3.WarmupConfiguration + (*ConnectionPoolSettings)(nil), // 9: istio.networking.v1alpha3.ConnectionPoolSettings + (*OutlierDetection)(nil), // 10: istio.networking.v1alpha3.OutlierDetection + (*ClientTLSSettings)(nil), // 11: istio.networking.v1alpha3.ClientTLSSettings + (*LocalityLoadBalancerSetting)(nil), // 12: istio.networking.v1alpha3.LocalityLoadBalancerSetting + (*TrafficPolicy_PortTrafficPolicy)(nil), // 13: istio.networking.v1alpha3.TrafficPolicy.PortTrafficPolicy + (*TrafficPolicy_TunnelSettings)(nil), // 14: istio.networking.v1alpha3.TrafficPolicy.TunnelSettings + (*TrafficPolicy_ProxyProtocol)(nil), // 15: istio.networking.v1alpha3.TrafficPolicy.ProxyProtocol + nil, // 16: istio.networking.v1alpha3.Subset.LabelsEntry + (*LoadBalancerSettings_ConsistentHashLB)(nil), // 17: istio.networking.v1alpha3.LoadBalancerSettings.ConsistentHashLB + (*LoadBalancerSettings_ConsistentHashLB_RingHash)(nil), // 18: istio.networking.v1alpha3.LoadBalancerSettings.ConsistentHashLB.RingHash + (*LoadBalancerSettings_ConsistentHashLB_MagLev)(nil), // 19: istio.networking.v1alpha3.LoadBalancerSettings.ConsistentHashLB.MagLev + (*LoadBalancerSettings_ConsistentHashLB_HTTPCookie)(nil), // 20: istio.networking.v1alpha3.LoadBalancerSettings.ConsistentHashLB.HTTPCookie + (*ConnectionPoolSettings_TCPSettings)(nil), // 21: istio.networking.v1alpha3.ConnectionPoolSettings.TCPSettings + (*ConnectionPoolSettings_HTTPSettings)(nil), // 22: istio.networking.v1alpha3.ConnectionPoolSettings.HTTPSettings + (*ConnectionPoolSettings_TCPSettings_TcpKeepalive)(nil), // 23: istio.networking.v1alpha3.ConnectionPoolSettings.TCPSettings.TcpKeepalive + (*LocalityLoadBalancerSetting_Distribute)(nil), // 24: istio.networking.v1alpha3.LocalityLoadBalancerSetting.Distribute + (*LocalityLoadBalancerSetting_Failover)(nil), // 25: istio.networking.v1alpha3.LocalityLoadBalancerSetting.Failover + nil, // 26: istio.networking.v1alpha3.LocalityLoadBalancerSetting.Distribute.ToEntry + (*v1beta1.WorkloadSelector)(nil), // 27: istio.type.v1beta1.WorkloadSelector + (*duration.Duration)(nil), // 28: google.protobuf.Duration + (*wrappers.DoubleValue)(nil), // 29: google.protobuf.DoubleValue + (*wrappers.UInt32Value)(nil), // 30: google.protobuf.UInt32Value + (*wrappers.BoolValue)(nil), // 31: google.protobuf.BoolValue + (*PortSelector)(nil), // 32: istio.networking.v1alpha3.PortSelector +} +var file_networking_v1alpha3_destination_rule_proto_depIdxs = []int32{ + 5, // 0: istio.networking.v1alpha3.DestinationRule.traffic_policy:type_name -> istio.networking.v1alpha3.TrafficPolicy + 6, // 1: istio.networking.v1alpha3.DestinationRule.subsets:type_name -> istio.networking.v1alpha3.Subset + 27, // 2: istio.networking.v1alpha3.DestinationRule.workload_selector:type_name -> istio.type.v1beta1.WorkloadSelector + 7, // 3: istio.networking.v1alpha3.TrafficPolicy.load_balancer:type_name -> istio.networking.v1alpha3.LoadBalancerSettings + 9, // 4: istio.networking.v1alpha3.TrafficPolicy.connection_pool:type_name -> istio.networking.v1alpha3.ConnectionPoolSettings + 10, // 5: istio.networking.v1alpha3.TrafficPolicy.outlier_detection:type_name -> istio.networking.v1alpha3.OutlierDetection + 11, // 6: istio.networking.v1alpha3.TrafficPolicy.tls:type_name -> istio.networking.v1alpha3.ClientTLSSettings + 13, // 7: istio.networking.v1alpha3.TrafficPolicy.port_level_settings:type_name -> istio.networking.v1alpha3.TrafficPolicy.PortTrafficPolicy + 14, // 8: istio.networking.v1alpha3.TrafficPolicy.tunnel:type_name -> istio.networking.v1alpha3.TrafficPolicy.TunnelSettings + 15, // 9: istio.networking.v1alpha3.TrafficPolicy.proxy_protocol:type_name -> istio.networking.v1alpha3.TrafficPolicy.ProxyProtocol + 16, // 10: istio.networking.v1alpha3.Subset.labels:type_name -> istio.networking.v1alpha3.Subset.LabelsEntry + 5, // 11: istio.networking.v1alpha3.Subset.traffic_policy:type_name -> istio.networking.v1alpha3.TrafficPolicy + 1, // 12: istio.networking.v1alpha3.LoadBalancerSettings.simple:type_name -> istio.networking.v1alpha3.LoadBalancerSettings.SimpleLB + 17, // 13: istio.networking.v1alpha3.LoadBalancerSettings.consistent_hash:type_name -> istio.networking.v1alpha3.LoadBalancerSettings.ConsistentHashLB + 12, // 14: istio.networking.v1alpha3.LoadBalancerSettings.locality_lb_setting:type_name -> istio.networking.v1alpha3.LocalityLoadBalancerSetting + 28, // 15: istio.networking.v1alpha3.LoadBalancerSettings.warmup_duration_secs:type_name -> google.protobuf.Duration + 8, // 16: istio.networking.v1alpha3.LoadBalancerSettings.warmup:type_name -> istio.networking.v1alpha3.WarmupConfiguration + 28, // 17: istio.networking.v1alpha3.WarmupConfiguration.duration:type_name -> google.protobuf.Duration + 29, // 18: istio.networking.v1alpha3.WarmupConfiguration.minimum_percent:type_name -> google.protobuf.DoubleValue + 29, // 19: istio.networking.v1alpha3.WarmupConfiguration.aggression:type_name -> google.protobuf.DoubleValue + 21, // 20: istio.networking.v1alpha3.ConnectionPoolSettings.tcp:type_name -> istio.networking.v1alpha3.ConnectionPoolSettings.TCPSettings + 22, // 21: istio.networking.v1alpha3.ConnectionPoolSettings.http:type_name -> istio.networking.v1alpha3.ConnectionPoolSettings.HTTPSettings + 30, // 22: istio.networking.v1alpha3.OutlierDetection.consecutive_local_origin_failures:type_name -> google.protobuf.UInt32Value + 30, // 23: istio.networking.v1alpha3.OutlierDetection.consecutive_gateway_errors:type_name -> google.protobuf.UInt32Value + 30, // 24: istio.networking.v1alpha3.OutlierDetection.consecutive_5xx_errors:type_name -> google.protobuf.UInt32Value + 28, // 25: istio.networking.v1alpha3.OutlierDetection.interval:type_name -> google.protobuf.Duration + 28, // 26: istio.networking.v1alpha3.OutlierDetection.base_ejection_time:type_name -> google.protobuf.Duration + 3, // 27: istio.networking.v1alpha3.ClientTLSSettings.mode:type_name -> istio.networking.v1alpha3.ClientTLSSettings.TLSmode + 31, // 28: istio.networking.v1alpha3.ClientTLSSettings.insecure_skip_verify:type_name -> google.protobuf.BoolValue + 24, // 29: istio.networking.v1alpha3.LocalityLoadBalancerSetting.distribute:type_name -> istio.networking.v1alpha3.LocalityLoadBalancerSetting.Distribute + 25, // 30: istio.networking.v1alpha3.LocalityLoadBalancerSetting.failover:type_name -> istio.networking.v1alpha3.LocalityLoadBalancerSetting.Failover + 31, // 31: istio.networking.v1alpha3.LocalityLoadBalancerSetting.enabled:type_name -> google.protobuf.BoolValue + 32, // 32: istio.networking.v1alpha3.TrafficPolicy.PortTrafficPolicy.port:type_name -> istio.networking.v1alpha3.PortSelector + 7, // 33: istio.networking.v1alpha3.TrafficPolicy.PortTrafficPolicy.load_balancer:type_name -> istio.networking.v1alpha3.LoadBalancerSettings + 9, // 34: istio.networking.v1alpha3.TrafficPolicy.PortTrafficPolicy.connection_pool:type_name -> istio.networking.v1alpha3.ConnectionPoolSettings + 10, // 35: istio.networking.v1alpha3.TrafficPolicy.PortTrafficPolicy.outlier_detection:type_name -> istio.networking.v1alpha3.OutlierDetection + 11, // 36: istio.networking.v1alpha3.TrafficPolicy.PortTrafficPolicy.tls:type_name -> istio.networking.v1alpha3.ClientTLSSettings + 0, // 37: istio.networking.v1alpha3.TrafficPolicy.ProxyProtocol.version:type_name -> istio.networking.v1alpha3.TrafficPolicy.ProxyProtocol.VERSION + 20, // 38: istio.networking.v1alpha3.LoadBalancerSettings.ConsistentHashLB.http_cookie:type_name -> istio.networking.v1alpha3.LoadBalancerSettings.ConsistentHashLB.HTTPCookie + 18, // 39: istio.networking.v1alpha3.LoadBalancerSettings.ConsistentHashLB.ring_hash:type_name -> istio.networking.v1alpha3.LoadBalancerSettings.ConsistentHashLB.RingHash + 19, // 40: istio.networking.v1alpha3.LoadBalancerSettings.ConsistentHashLB.maglev:type_name -> istio.networking.v1alpha3.LoadBalancerSettings.ConsistentHashLB.MagLev + 28, // 41: istio.networking.v1alpha3.LoadBalancerSettings.ConsistentHashLB.HTTPCookie.ttl:type_name -> google.protobuf.Duration + 28, // 42: istio.networking.v1alpha3.ConnectionPoolSettings.TCPSettings.connect_timeout:type_name -> google.protobuf.Duration + 23, // 43: istio.networking.v1alpha3.ConnectionPoolSettings.TCPSettings.tcp_keepalive:type_name -> istio.networking.v1alpha3.ConnectionPoolSettings.TCPSettings.TcpKeepalive + 28, // 44: istio.networking.v1alpha3.ConnectionPoolSettings.TCPSettings.max_connection_duration:type_name -> google.protobuf.Duration + 28, // 45: istio.networking.v1alpha3.ConnectionPoolSettings.TCPSettings.idle_timeout:type_name -> google.protobuf.Duration + 28, // 46: istio.networking.v1alpha3.ConnectionPoolSettings.HTTPSettings.idle_timeout:type_name -> google.protobuf.Duration + 2, // 47: istio.networking.v1alpha3.ConnectionPoolSettings.HTTPSettings.h2_upgrade_policy:type_name -> istio.networking.v1alpha3.ConnectionPoolSettings.HTTPSettings.H2UpgradePolicy + 28, // 48: istio.networking.v1alpha3.ConnectionPoolSettings.TCPSettings.TcpKeepalive.time:type_name -> google.protobuf.Duration + 28, // 49: istio.networking.v1alpha3.ConnectionPoolSettings.TCPSettings.TcpKeepalive.interval:type_name -> google.protobuf.Duration + 26, // 50: istio.networking.v1alpha3.LocalityLoadBalancerSetting.Distribute.to:type_name -> istio.networking.v1alpha3.LocalityLoadBalancerSetting.Distribute.ToEntry + 51, // [51:51] is the sub-list for method output_type + 51, // [51:51] is the sub-list for method input_type + 51, // [51:51] is the sub-list for extension type_name + 51, // [51:51] is the sub-list for extension extendee + 0, // [0:51] is the sub-list for field type_name +} + +func init() { file_networking_v1alpha3_destination_rule_proto_init() } +func file_networking_v1alpha3_destination_rule_proto_init() { + if File_networking_v1alpha3_destination_rule_proto != nil { return } - file_networking_v1beta1_virtual_service_proto_init() - if !protoimpl.UnsafeEnabled { - file_networking_v1beta1_destination_rule_proto_msgTypes[0].Exporter = func(v interface{}, i int) interface{} { - switch v := v.(*DestinationRule); i { - case 0: - return &v.state - case 1: - return &v.sizeCache - case 2: - return &v.unknownFields - default: - return nil - } - } - file_networking_v1beta1_destination_rule_proto_msgTypes[1].Exporter = func(v interface{}, i int) interface{} { - switch v := v.(*TrafficPolicy); i { - case 0: - return &v.state - case 1: - return &v.sizeCache - case 2: - return &v.unknownFields - default: - return nil - } - } - file_networking_v1beta1_destination_rule_proto_msgTypes[2].Exporter = func(v interface{}, i int) interface{} { - switch v := v.(*Subset); i { - case 0: - return &v.state - case 1: - return &v.sizeCache - case 2: - return &v.unknownFields - default: - return nil - } - } - file_networking_v1beta1_destination_rule_proto_msgTypes[3].Exporter = func(v interface{}, i int) interface{} { - switch v := v.(*LoadBalancerSettings); i { - case 0: - return &v.state - case 1: - return &v.sizeCache - case 2: - return &v.unknownFields - default: - return nil - } - } - file_networking_v1beta1_destination_rule_proto_msgTypes[4].Exporter = func(v interface{}, i int) interface{} { - switch v := v.(*ConnectionPoolSettings); i { - case 0: - return &v.state - case 1: - return &v.sizeCache - case 2: - return &v.unknownFields - default: - return nil - } - } - file_networking_v1beta1_destination_rule_proto_msgTypes[5].Exporter = func(v interface{}, i int) interface{} { - switch v := v.(*OutlierDetection); i { - case 0: - return &v.state - case 1: - return &v.sizeCache - case 2: - return &v.unknownFields - default: - return nil - } - } - file_networking_v1beta1_destination_rule_proto_msgTypes[6].Exporter = func(v interface{}, i int) interface{} { - switch v := v.(*ClientTLSSettings); i { - case 0: - return &v.state - case 1: - return &v.sizeCache - case 2: - return &v.unknownFields - default: - return nil - } - } - file_networking_v1beta1_destination_rule_proto_msgTypes[7].Exporter = func(v interface{}, i int) interface{} { - switch v := v.(*LocalityLoadBalancerSetting); i { - case 0: - return &v.state - case 1: - return &v.sizeCache - case 2: - return &v.unknownFields - default: - return nil - } - } - file_networking_v1beta1_destination_rule_proto_msgTypes[8].Exporter = func(v interface{}, i int) interface{} { - switch v := v.(*TrafficPolicy_PortTrafficPolicy); i { - case 0: - return &v.state - case 1: - return &v.sizeCache - case 2: - return &v.unknownFields - default: - return nil - } - } - file_networking_v1beta1_destination_rule_proto_msgTypes[9].Exporter = func(v interface{}, i int) interface{} { - switch v := v.(*TrafficPolicy_TunnelSettings); i { - case 0: - return &v.state - case 1: - return &v.sizeCache - case 2: - return &v.unknownFields - default: - return nil - } - } - file_networking_v1beta1_destination_rule_proto_msgTypes[11].Exporter = func(v interface{}, i int) interface{} { - switch v := v.(*LoadBalancerSettings_ConsistentHashLB); i { - case 0: - return &v.state - case 1: - return &v.sizeCache - case 2: - return &v.unknownFields - default: - return nil - } - } - file_networking_v1beta1_destination_rule_proto_msgTypes[12].Exporter = func(v interface{}, i int) interface{} { - switch v := v.(*LoadBalancerSettings_ConsistentHashLB_RingHash); i { - case 0: - return &v.state - case 1: - return &v.sizeCache - case 2: - return &v.unknownFields - default: - return nil - } - } - file_networking_v1beta1_destination_rule_proto_msgTypes[13].Exporter = func(v interface{}, i int) interface{} { - switch v := v.(*LoadBalancerSettings_ConsistentHashLB_MagLev); i { - case 0: - return &v.state - case 1: - return &v.sizeCache - case 2: - return &v.unknownFields - default: - return nil - } - } - file_networking_v1beta1_destination_rule_proto_msgTypes[14].Exporter = func(v interface{}, i int) interface{} { - switch v := v.(*LoadBalancerSettings_ConsistentHashLB_HTTPCookie); i { - case 0: - return &v.state - case 1: - return &v.sizeCache - case 2: - return &v.unknownFields - default: - return nil - } - } - file_networking_v1beta1_destination_rule_proto_msgTypes[15].Exporter = func(v interface{}, i int) interface{} { - switch v := v.(*ConnectionPoolSettings_TCPSettings); i { - case 0: - return &v.state - case 1: - return &v.sizeCache - case 2: - return &v.unknownFields - default: - return nil - } - } - file_networking_v1beta1_destination_rule_proto_msgTypes[16].Exporter = func(v interface{}, i int) interface{} { - switch v := v.(*ConnectionPoolSettings_HTTPSettings); i { - case 0: - return &v.state - case 1: - return &v.sizeCache - case 2: - return &v.unknownFields - default: - return nil - } - } - file_networking_v1beta1_destination_rule_proto_msgTypes[17].Exporter = func(v interface{}, i int) interface{} { - switch v := v.(*ConnectionPoolSettings_TCPSettings_TcpKeepalive); i { - case 0: - return &v.state - case 1: - return &v.sizeCache - case 2: - return &v.unknownFields - default: - return nil - } - } - file_networking_v1beta1_destination_rule_proto_msgTypes[18].Exporter = func(v interface{}, i int) interface{} { - switch v := v.(*LocalityLoadBalancerSetting_Distribute); i { - case 0: - return &v.state - case 1: - return &v.sizeCache - case 2: - return &v.unknownFields - default: - return nil - } - } - file_networking_v1beta1_destination_rule_proto_msgTypes[19].Exporter = func(v interface{}, i int) interface{} { - switch v := v.(*LocalityLoadBalancerSetting_Failover); i { - case 0: - return &v.state - case 1: - return &v.sizeCache - case 2: - return &v.unknownFields - default: - return nil - } - } - } - file_networking_v1beta1_destination_rule_proto_msgTypes[3].OneofWrappers = []interface{}{ + file_networking_v1alpha3_virtual_service_proto_init() + file_networking_v1alpha3_destination_rule_proto_msgTypes[3].OneofWrappers = []any{ (*LoadBalancerSettings_Simple)(nil), (*LoadBalancerSettings_ConsistentHash)(nil), } - file_networking_v1beta1_destination_rule_proto_msgTypes[11].OneofWrappers = []interface{}{ + file_networking_v1alpha3_destination_rule_proto_msgTypes[13].OneofWrappers = []any{ (*LoadBalancerSettings_ConsistentHashLB_HttpHeaderName)(nil), (*LoadBalancerSettings_ConsistentHashLB_HttpCookie)(nil), (*LoadBalancerSettings_ConsistentHashLB_UseSourceIp)(nil), @@ -3449,19 +3231,19 @@ func file_networking_v1beta1_destination_rule_proto_init() { out := protoimpl.TypeBuilder{ File: protoimpl.DescBuilder{ GoPackagePath: reflect.TypeOf(x{}).PkgPath(), - RawDescriptor: file_networking_v1beta1_destination_rule_proto_rawDesc, - NumEnums: 3, - NumMessages: 21, + RawDescriptor: file_networking_v1alpha3_destination_rule_proto_rawDesc, + NumEnums: 4, + NumMessages: 23, NumExtensions: 0, NumServices: 0, }, - GoTypes: file_networking_v1beta1_destination_rule_proto_goTypes, - DependencyIndexes: file_networking_v1beta1_destination_rule_proto_depIdxs, - EnumInfos: file_networking_v1beta1_destination_rule_proto_enumTypes, - MessageInfos: file_networking_v1beta1_destination_rule_proto_msgTypes, + GoTypes: file_networking_v1alpha3_destination_rule_proto_goTypes, + DependencyIndexes: file_networking_v1alpha3_destination_rule_proto_depIdxs, + EnumInfos: file_networking_v1alpha3_destination_rule_proto_enumTypes, + MessageInfos: file_networking_v1alpha3_destination_rule_proto_msgTypes, }.Build() - File_networking_v1beta1_destination_rule_proto = out.File - file_networking_v1beta1_destination_rule_proto_rawDesc = nil - file_networking_v1beta1_destination_rule_proto_goTypes = nil - file_networking_v1beta1_destination_rule_proto_depIdxs = nil + File_networking_v1alpha3_destination_rule_proto = out.File + file_networking_v1alpha3_destination_rule_proto_rawDesc = nil + file_networking_v1alpha3_destination_rule_proto_goTypes = nil + file_networking_v1alpha3_destination_rule_proto_depIdxs = nil } diff --git a/vendor/istio.io/api/networking/v1alpha3/destination_rule.pb.html b/vendor/istio.io/api/networking/v1alpha3/destination_rule.pb.html new file mode 100644 index 000000000..feff89e79 --- /dev/null +++ b/vendor/istio.io/api/networking/v1alpha3/destination_rule.pb.html @@ -0,0 +1,1876 @@ +--- +title: Destination Rule +description: Configuration affecting load balancing, outlier detection, etc. +location: https://istio.io/docs/reference/config/networking/destination-rule.html +layout: protoc-gen-docs +generator: protoc-gen-docs +schema: istio.networking.v1alpha3.DestinationRule +aliases: [/docs/reference/config/networking/v1alpha3/destination-rule] +number_of_entries: 26 +--- +

DestinationRule defines policies that apply to traffic intended for a +service after routing has occurred. These rules specify configuration +for load balancing, connection pool size from the sidecar, and outlier +detection settings to detect and evict unhealthy hosts from the load +balancing pool. For example, a simple load balancing policy for the +ratings service would look as follows:

+
apiVersion: networking.istio.io/v1
+kind: DestinationRule
+metadata:
+  name: bookinfo-ratings
+spec:
+  host: ratings.prod.svc.cluster.local
+  trafficPolicy:
+    loadBalancer:
+      simple: LEAST_REQUEST
+
+

Version specific policies can be specified by defining a named +subset and overriding the settings specified at the service level. The +following rule uses a round robin load balancing policy for all traffic +going to a subset named testversion that is composed of endpoints (e.g., +pods) with labels (version:v3).

+
apiVersion: networking.istio.io/v1
+kind: DestinationRule
+metadata:
+  name: bookinfo-ratings
+spec:
+  host: ratings.prod.svc.cluster.local
+  trafficPolicy:
+    loadBalancer:
+      simple: LEAST_REQUEST
+  subsets:
+  - name: testversion
+    labels:
+      version: v3
+    trafficPolicy:
+      loadBalancer:
+        simple: ROUND_ROBIN
+
+

Note: Policies specified for subsets will not take effect until +a route rule explicitly sends traffic to this subset.

+

Traffic policies can be customized to specific ports as well. The +following rule uses the least connection load balancing policy for all +traffic to port 80, while uses a round robin load balancing setting for +traffic to the port 9080.

+
apiVersion: networking.istio.io/v1
+kind: DestinationRule
+metadata:
+  name: bookinfo-ratings-port
+spec:
+  host: ratings.prod.svc.cluster.local
+  trafficPolicy: # Apply to all ports
+    portLevelSettings:
+    - port:
+        number: 80
+      loadBalancer:
+        simple: LEAST_REQUEST
+    - port:
+        number: 9080
+      loadBalancer:
+        simple: ROUND_ROBIN
+
+

Destination Rules can be customized to specific workloads as well. +The following example shows how a destination rule can be applied to a +specific workload using the workloadSelector configuration.

+
apiVersion: networking.istio.io/v1
+kind: DestinationRule
+metadata:
+  name: configure-client-mtls-dr-with-workloadselector
+spec:
+  host: example.com
+  workloadSelector:
+    matchLabels:
+      app: ratings
+  trafficPolicy:
+    loadBalancer:
+      simple: ROUND_ROBIN
+    portLevelSettings:
+    - port:
+        number: 31443
+      tls:
+        credentialName: client-credential
+        mode: MUTUAL
+
+ +

DestinationRule

+
+

DestinationRule defines policies that apply to traffic intended for a service +after routing has occurred.

+ +
NameField Description
UNKNOWN
messageBase
+
AnalysisMessageBase
+
 -

invalid, but included for proto compatibility for 0 values

+

Required
ERROR -
WARNING -
INFO
detail
+
string
+
 +

Any detail regarding specifics of the error. Should be human-readable.

+
FieldType DescriptionRequired
conditionsIstioCondition[]
conditions
+
IstioCondition[]
+
 -

Current service state of pod. -More info: https://istio.io/docs/reference/config/config-status/ -+optional -+patchMergeKey=type -+patchStrategy=merge

+

Current service state of the resource. +More info: https://istio.io/docs/reference/config/config-status/

-		 -No
validationMessagesAnalysisMessageBase[]
validationMessages
+
AnalysisMessageBase[]
+
 -

Includes any errors or warnings detected by Istio’s analyzers. -+optional -+patchMergeKey=type -+patchStrategy=merge

+

Includes any errors or warnings detected by Istio’s analyzers.

-		 -No -
observedGenerationint64 -

Resource Generation to which the Reconciled Condition refers. -When this value is not equal to the object’s metadata generation, reconciled condition calculation for the current -generation is still in progress. See https://istio.io/latest/docs/reference/config/config-status/ for more info. -+optional

- -		 -No
FieldType DescriptionRequired
typestring
type
+
string
+

Type is the type of the condition.

-		 -No
statusstring
status
+
string
+

Status is the status of the condition. Can be True, False, Unknown.

-		 -No
lastProbeTimeTimestamp
lastProbeTime
+
Timestamp
+
 -

Last time we probed the condition. -+optional

+

Last time we probed the condition.

-		 -No
lastTransitionTimeTimestamp
lastTransitionTime
+
Timestamp
+
 -

Last time the condition transitioned from one status to another. -+optional

+

Last time the condition transitioned from one status to another.

-		 -No
reasonstring
reason
+
string
+
 -

Unique, one-word, CamelCase reason for the condition’s last transition. -+optional

+

Unique, one-word, CamelCase reason for the condition’s last transition.

-		 -No
messagestring
message
+
string
+
 -

Human-readable message indicating details about last transition. -+optional

+

Human-readable message indicating details about last transition.

observedGeneration
+
int64
+
 -No +

Resource Generation to which the Condition refers.

+
+ + + + + + + + + + + + + + + + + + + + + + + + + + + + +
FieldDescription
host
+
string
+
Required
+
 +

The name of a service from the service registry. Service +names are looked up from the platform’s service registry (e.g., +Kubernetes services, Consul services, etc.) and from the hosts +declared by ServiceEntries. Rules defined for +services that do not exist in the service registry will be ignored.

+

Note for Kubernetes users: When short names are used (e.g. “reviews” +instead of “reviews.default.svc.cluster.local”), Istio will interpret +the short name based on the namespace of the rule, not the service. A +rule in the “default” namespace containing a host “reviews” will be +interpreted as “reviews.default.svc.cluster.local”, irrespective of +the actual namespace associated with the reviews service. To avoid +potential misconfigurations, it is recommended to always use fully +qualified domain names over short names.

+

Note that the host field applies to both HTTP and TCP services.

+ +
trafficPolicy
+
TrafficPolicy
+
 +

Traffic policies to apply (load balancing policy, connection pool +sizes, outlier detection).

+ +
subsets
+
Subset[]
+
 +

One or more named sets that represent individual versions of a +service. Traffic policies can be overridden at subset level.

+ +
exportTo
+
string[]
+
 +

A list of namespaces to which this destination rule is exported. +The resolution of a destination rule to apply to a service occurs in the +context of a hierarchy of namespaces. Exporting a destination rule allows +it to be included in the resolution hierarchy for services in +other namespaces. This feature provides a mechanism for service owners +and mesh administrators to control the visibility of destination rules +across namespace boundaries.

+

If no namespaces are specified then the destination rule is exported to all +namespaces by default.

+

The value “.” is reserved and defines an export to the same namespace that +the destination rule is declared in. Similarly, the value “*” is reserved and +defines an export to all namespaces.

+ +
workloadSelector
+
WorkloadSelector
+
 +

Criteria used to select the specific set of pods/VMs on which this +DestinationRule configuration should be applied. If specified, the DestinationRule +configuration will be applied only to the workload instances matching the workload selector +label in the same namespace. Workload selectors do not apply across namespace boundaries. +If omitted, the DestinationRule falls back to its default behavior. +For example, if specific sidecars need to have egress TLS settings for services outside +of the mesh, instead of every sidecar in the mesh needing to have the +configuration (which is the default behaviour), a workload selector can be specified.

+ +
+
+

TrafficPolicy

+
+

Traffic policies to apply for a specific destination, across all +destination ports. See DestinationRule for examples.

+ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
FieldDescription
loadBalancer
+
LoadBalancerSettings
+
 +

Settings controlling the load balancer algorithms.

+ +
connectionPool
+
ConnectionPoolSettings
+
 +

Settings controlling the volume of connections to an upstream service

+ +
outlierDetection
+
OutlierDetection
+
 +

Settings controlling eviction of unhealthy hosts from the load balancing pool

+ +
tls
+
ClientTLSSettings
+
 +

TLS related settings for connections to the upstream service.

+ +
portLevelSettings
+
PortTrafficPolicy[]
+
 +

Traffic policies specific to individual ports. Note that port level +settings will override the destination-level settings. Traffic +settings specified at the destination-level will not be inherited when +overridden by port-level settings, i.e. default values will be applied +to fields omitted in port-level traffic policies.

+ +
tunnel
+
TunnelSettings
+
 +

Configuration of tunneling TCP over other transport or application layers +for the host configured in the DestinationRule. +Tunnel settings can be applied to TCP or TLS routes and can’t be applied to HTTP routes.

+ +
proxyProtocol
+
ProxyProtocol
+
 +

The upstream PROXY protocol settings.

+ +
+
+

PortTrafficPolicy

+
+

Traffic policies that apply to specific ports of the service

+ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
FieldDescription
port
+
PortSelector
+
 +

Specifies the number of a port on the destination service +on which this policy is being applied.

+ +
loadBalancer
+
LoadBalancerSettings
+
 +

Settings controlling the load balancer algorithms.

+ +
connectionPool
+
ConnectionPoolSettings
+
 +

Settings controlling the volume of connections to an upstream service

+ +
outlierDetection
+
OutlierDetection
+
 +

Settings controlling eviction of unhealthy hosts from the load balancing pool

+ +
tls
+
ClientTLSSettings
+
 +

TLS related settings for connections to the upstream service.

+ +
+
+

TunnelSettings

+
+ + + + + + + + + + + + + + + + + + + + + +
FieldDescription
protocol
+
string
+
 +

Specifies which protocol to use for tunneling the downstream connection. +Supported protocols are:

+
    +
  • CONNECT - uses HTTP CONNECT;
    • +
  • POST - uses HTTP POST.
    • +
+

CONNECT is used by default if not specified.

+

HTTP version for upstream requests is determined by the service protocol defined for the proxy.

+ +
targetHost
+
string
+
Required
+
 +

Specifies a host to which the downstream connection is tunneled. +Target host must be an FQDN or IP address.

+ +
targetPort
+
uint32
+
Required
+
 +

Specifies a port to which the downstream connection is tunneled.

+ +
+
+

ProxyProtocol

+
+ + + + + + + + + + + + + +
FieldDescription
version
+
VERSION
+
 +

The PROXY protocol version to use. See https://www.haproxy.org/download/2.1/doc/proxy-protocol.txt for details. +By default it is V1.

+ +
+
+

VERSION

+
+ + + + + + + + + + + + + + + + + +
NameDescription
V1 +

⁣PROXY protocol version 1. Human readable format.

+ +
V2 +

⁣PROXY protocol version 2. Binary format.

+ +
+
+

Subset

+
+

A subset of endpoints of a service. Subsets can be used for scenarios +like A/B testing, or routing to a specific version of a service. Refer +to VirtualService documentation for examples of using +subsets in these scenarios. In addition, traffic policies defined at the +service-level can be overridden at a subset-level. The following rule +uses a round robin load balancing policy for all traffic going to a +subset named testversion that is composed of endpoints (e.g., pods) with +labels (version:v3).

+
apiVersion: networking.istio.io/v1
+kind: DestinationRule
+metadata:
+  name: bookinfo-ratings
+spec:
+  host: ratings.prod.svc.cluster.local
+  trafficPolicy:
+    loadBalancer:
+      simple: LEAST_REQUEST
+  subsets:
+  - name: testversion
+    labels:
+      version: v3
+    trafficPolicy:
+      loadBalancer:
+        simple: ROUND_ROBIN
+
+

Note: Policies specified for subsets will not take effect until +a route rule explicitly sends traffic to this subset.

+

One or more labels are typically required to identify the subset destination, +however, when the corresponding DestinationRule represents a host that +supports multiple SNI hosts (e.g., an egress gateway), a subset without labels +may be meaningful. In this case a traffic policy with ClientTLSSettings +can be used to identify a specific SNI host corresponding to the named subset.

+ + + + + + + + + + + + + + + + + + + + + + +
FieldDescription
name
+
string
+
Required
+
 +

Name of the subset. The service name and the subset name can +be used for traffic splitting in a route rule.

+ +
labels
+
map<string, string>
+
 +

Labels apply a filter over the endpoints of a service in the +service registry. See route rules for examples of usage.

+ +
trafficPolicy
+
TrafficPolicy
+
 +

Traffic policies that apply to this subset. Subsets inherit the +traffic policies specified at the DestinationRule level. Settings +specified at the subset level will override the corresponding settings +specified at the DestinationRule level.

+ +
+
+

LoadBalancerSettings

+
+

Load balancing policies to apply for a specific destination. See Envoy’s +load balancing +documentation +for more details.

+

For example, the following rule uses a round robin load balancing policy +for all traffic going to the ratings service.

+
apiVersion: networking.istio.io/v1
+kind: DestinationRule
+metadata:
+  name: bookinfo-ratings
+spec:
+  host: ratings.prod.svc.cluster.local
+  trafficPolicy:
+    loadBalancer:
+      simple: ROUND_ROBIN
+
+

The following example sets up sticky sessions for the ratings service +hashing-based load balancer for the same ratings service using the +the User cookie as the hash key.

+
apiVersion: networking.istio.io/v1
+kind: DestinationRule
+metadata:
+  name: bookinfo-ratings
+spec:
+  host: ratings.prod.svc.cluster.local
+  trafficPolicy:
+    loadBalancer:
+      consistentHash:
+        httpCookie:
+          name: user
+          ttl: 0s
+
+ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
FieldDescription
simple
+
SimpleLB (oneof)
+
 +
consistentHash
+
ConsistentHashLB (oneof)
+
 +
localityLbSetting
+
LocalityLoadBalancerSetting
+
 +

Locality load balancer settings, this will override mesh-wide settings in entirety, meaning no merging would be performed +between this object and the object one in MeshConfig

+ +
warmupDurationSecs
+
Duration
+
 +

Deprecated: use warmup instead.

+ +
warmup
+
WarmupConfiguration
+
 +

Represents the warmup configuration of Service. If set, the newly created endpoint of service +remains in warmup mode starting from its creation time for the duration of this window and +Istio progressively increases amount of traffic for that endpoint instead of sending proportional amount of traffic. +This should be enabled for services that require warm up time to serve full production load with reasonable latency. +Please note that this is most effective when few new endpoints come up like scale event in Kubernetes. When all the +endpoints are relatively new like new deployment, this is not very effective as all endpoints end up getting same +amount of requests. +Currently this is only supported for ROUND_ROBIN and LEAST_REQUEST load balancers.

+ +
+
+

ConsistentHashLB

+
+

Consistent Hash-based load balancing can be used to provide soft +session affinity based on HTTP headers, cookies or other +properties. The affinity to a particular destination host may be +lost when one or more hosts are added/removed from the destination +service.

+

Note: consistent hashing is less reliable at maintaining affinity than common +“sticky sessions” implementations, which often encode a specific destination in +a cookie, ensuring affinity is maintained as long as the backend remains. +With consistent hash, the guarantees are weaker; any host addition or removal can +break affinity for 1/backends requests.

+

Warning: consistent hashing depends on each proxy having a consistent view of endpoints. +This is not the case when locality load balancing is enabled. Locality load balancing +and consistent hash will only work together when all proxies are in the same locality, +or a high level load balancer handles locality affinity.

+ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
FieldDescription
httpHeaderName
+
string (oneof)
+
 +

Hash based on a specific HTTP header.

+ +
useSourceIp
+
bool (oneof)
+
 +

Hash based on the source IP address. +This is applicable for both TCP and HTTP connections.

+ +
httpQueryParameterName
+
string (oneof)
+
 +

Hash based on a specific HTTP query parameter.

+ +
ringHash
+
RingHash (oneof)
+
 +

The ring/modulo hash load balancer implements consistent hashing to backend hosts.

+ +
maglev
+
MagLev (oneof)
+
 +

The Maglev load balancer implements consistent hashing to backend hosts.

+ +
minimumRingSize
+
uint64
+
 +

Deprecated. Use RingHash instead.

+ +
+
+

RingHash

+
+ + + + + + + + + + + + + +
FieldDescription
minimumRingSize
+
uint64
+
 +

The minimum number of virtual nodes to use for the hash +ring. Defaults to 1024. Larger ring sizes result in more granular +load distributions. If the number of hosts in the load balancing +pool is larger than the ring size, each host will be assigned a +single virtual node.

+ +
+
+

MagLev

+
+ + + + + + + + + + + + + +
FieldDescription
tableSize
+
uint64
+
 +

The table size for Maglev hashing. This helps in controlling the +disruption when the backend hosts change. +Increasing the table size reduces the amount of disruption. +The table size must be prime number less than 5000011. +If it is not specified, the default is 65537.

+ +
+
+

HTTPCookie

+
+

Describes a HTTP cookie that will be used as the hash key for the +Consistent Hash load balancer.

+ + + + + + + + + + + + + + + + + + + + + + +
FieldDescription
name
+
string
+
Required
+
 +

Name of the cookie.

+ +
path
+
string
+
 +

Path to set for the cookie.

+ +
ttl
+
Duration
+
 +

Lifetime of the cookie. If specified, a cookie with the TTL will be +generated if the cookie is not present. If the TTL is present and zero, +the generated cookie will be a session cookie.

+ +
+
+

SimpleLB

+
+

Standard load balancing algorithms that require no tuning.

+ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
NameDescription
UNSPECIFIED +

No load balancing algorithm has been specified by the user. Istio +will select an appropriate default.

+ +
RANDOM +

The random load balancer selects a random healthy host. The random +load balancer generally performs better than round robin if no health +checking policy is configured.

+ +
PASSTHROUGH +

This option will forward the connection to the original IP address +requested by the caller without doing any form of load +balancing. This option must be used with care. It is meant for +advanced use cases. Refer to Original Destination load balancer in +Envoy for further details.

+ +
ROUND_ROBIN +

A basic round robin load balancing policy. This is generally unsafe +for many scenarios (e.g. when endpoint weighting is used) as it can +overburden endpoints. In general, prefer to use LEAST_REQUEST as a +drop-in replacement for ROUND_ROBIN.

+ +
LEAST_REQUEST +

The least request load balancer spreads load across endpoints, favoring +endpoints with the least outstanding requests. This is generally safer +and outperforms ROUND_ROBIN in nearly all cases. Prefer to use +LEAST_REQUEST as a drop-in replacement for ROUND_ROBIN.

+ +
LEAST_CONN +

Deprecated. Use LEAST_REQUEST instead.

+ +
+
+

WarmupConfiguration

+
+ + + + + + + + + + + + + + + + + + + + + +
FieldDescription
duration
+
Duration
+
Required
+
 +

Duration of warmup mode

+ +
minimumPercent
+
DoubleValue
+
 +

Configures the minimum percentage of origin weight +If unspecified, defaults to 10

+ +
aggression
+
DoubleValue
+
 +

This parameter controls the speed of traffic increase over the warmup duration. Defaults to 1.0, so that endpoints would +get linearly increasing amount of traffic. When increasing the value for this parameter, +the speed of traffic ramp-up increases non-linearly.

+ +
+
+

ConnectionPoolSettings

+
+

Connection pool settings for an upstream host. The settings apply to +each individual host in the upstream service. See Envoy’s circuit +breaker +for more details. Connection pool settings can be applied at the TCP +level as well as at HTTP level.

+

For example, the following rule sets a limit of 100 connections to redis +service called myredissrv with a connect timeout of 30ms

+
apiVersion: networking.istio.io/v1
+kind: DestinationRule
+metadata:
+  name: bookinfo-redis
+spec:
+  host: myredissrv.prod.svc.cluster.local
+  trafficPolicy:
+    connectionPool:
+      tcp:
+        maxConnections: 100
+        connectTimeout: 30ms
+        tcpKeepalive:
+          time: 7200s
+          interval: 75s
+
+ + + + + + + + + + + + + + + + + + +
FieldDescription
tcp
+
TCPSettings
+
 +

Settings common to both HTTP and TCP upstream connections.

+ +
http
+
HTTPSettings
+
 +

HTTP connection pool settings.

+ +
+
+

TCPSettings

+
+

Settings common to both HTTP and TCP upstream connections.

+ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
FieldDescription
maxConnections
+
int32
+
 +

Maximum number of HTTP1 /TCP connections to a destination host. Default 2^32-1.

+ +
connectTimeout
+
Duration
+
 +

TCP connection timeout. format: +1h/1m/1s/1ms. MUST be >=1ms. Default is 10s.

+ +
tcpKeepalive
+
TcpKeepalive
+
 +

If set then set SO_KEEPALIVE on the socket to enable TCP Keepalives.

+ +
maxConnectionDuration
+
Duration
+
 +

The maximum duration of a connection. The duration is defined as the period since a connection +was established. If not set, there is no max duration. When maxConnectionDuration +is reached the connection will be closed. Duration must be at least 1ms.

+ +
idleTimeout
+
Duration
+
 +

The idle timeout for TCP connections. +The idle timeout is defined as the period in which there are no bytes sent or received on either +the upstream or downstream connection. +If not set, the default idle timeout is 1 hour. If set to 0s, the timeout will be disabled. +Idle timeout is not configured per each cluster individually when weighted destinations are used, +because idleTimeout is a property of a listener, not a cluster. In that case, idleTimeout +specified in a destination rule for the first weighted route is configured in the listener, +which means also for all weighted routes.

+ +
+
+

TcpKeepalive

+
+

TCP keepalive.

+ + + + + + + + + + + + + + + + + + + + + + +
FieldDescription
probes
+
uint32
+
 +

Maximum number of keepalive probes to send without response before +deciding the connection is dead. Default is to use the OS level configuration +(unless overridden, Linux defaults to 9.)

+ +
time
+
Duration
+
 +

The time duration a connection needs to be idle before keep-alive +probes start being sent. Default is to use the OS level configuration +(unless overridden, Linux defaults to 7200s (ie 2 hours.)

+ +
interval
+
Duration
+
 +

The time duration between keep-alive probes. +Default is to use the OS level configuration +(unless overridden, Linux defaults to 75s.)

+ +
+
+

HTTPSettings

+
+

Settings applicable to HTTP1.1/HTTP2/GRPC connections.

+ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
FieldDescription
http1MaxPendingRequests
+
int32
+
 +

Maximum number of requests that will be queued while waiting for +a ready connection pool connection. Default 2^32-1. +Refer to https://www.envoyproxy.io/docs/envoy/latest/intro/arch_overview/upstream/circuit_breaking +under which conditions a new connection is created for HTTP2. +Please note that this is applicable to both HTTP/1.1 and HTTP2.

+ +
http2MaxRequests
+
int32
+
 +

Maximum number of active requests to a destination. Default 2^32-1. +Please note that this is applicable to both HTTP/1.1 and HTTP2.

+ +
maxRequestsPerConnection
+
int32
+
 +

Maximum number of requests per connection to a backend. Setting this +parameter to 1 disables keep alive. Default 0, meaning “unlimited”, +up to 2^29.

+ +
maxRetries
+
int32
+
 +

Maximum number of retries that can be outstanding to all hosts in a +cluster at a given time. Defaults to 2^32-1.

+ +
idleTimeout
+
Duration
+
 +

The idle timeout for upstream connection pool connections. The idle timeout +is defined as the period in which there are no active requests. +If not set, the default is 1 hour. When the idle timeout is reached, +the connection will be closed. If the connection is an HTTP/2 +connection a drain sequence will occur prior to closing the connection. +Note that request based timeouts mean that HTTP/2 PINGs will not +keep the connection alive. Applies to both HTTP1.1 and HTTP2 connections.

+ +
h2UpgradePolicy
+
H2UpgradePolicy
+
 +

Specify if http1.1 connection should be upgraded to http2 for the associated destination.

+ +
useClientProtocol
+
bool
+
 +

If set to true, client protocol will be preserved while initiating connection to backend. +Note that when this is set to true, h2UpgradePolicy will be ineffective i.e. the client +connections will not be upgraded to http2.

+ +
maxConcurrentStreams
+
int32
+
 +

The maximum number of concurrent streams allowed for a peer on one HTTP/2 connection. +Defaults to 2^31-1.

+ +
+
+

H2UpgradePolicy

+
+

Policy for upgrading http1.1 connections to http2.

+ + + + + + + + + + + + + + + + + + + + + + +
NameDescription
DEFAULT +

Use the global default.

+ +
DO_NOT_UPGRADE +

Do not upgrade the connection to http2. +This opt-out option overrides the default.

+ +
UPGRADE +

Upgrade the connection to http2. +This opt-in option overrides the default.

+ +
+
+

OutlierDetection

+
+

A Circuit breaker implementation that tracks the status of each +individual host in the upstream service. Applicable to both HTTP and +TCP services. For HTTP services, hosts that continually return 5xx +errors for API calls are ejected from the pool for a pre-defined period +of time. For TCP services, connection timeouts or connection +failures to a given host counts as an error when measuring the +consecutive errors metric. See Envoy’s outlier +detection +for more details.

+

The following rule sets a connection pool size of 100 HTTP1 connections +with no more than 10 req/connection to the “reviews” service. In addition, +it sets a limit of 1000 concurrent HTTP2 requests and configures upstream +hosts to be scanned every 5 mins so that any host that fails 7 consecutive +times with a 502, 503, or 504 error code will be ejected for 15 minutes.

+
apiVersion: networking.istio.io/v1
+kind: DestinationRule
+metadata:
+  name: reviews-cb-policy
+spec:
+  host: reviews.prod.svc.cluster.local
+  trafficPolicy:
+    connectionPool:
+      tcp:
+        maxConnections: 100
+      http:
+        http2MaxRequests: 1000
+        maxRequestsPerConnection: 10
+    outlierDetection:
+      consecutive5xxErrors: 7
+      interval: 5m
+      baseEjectionTime: 15m
+
+ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
FieldDescription
splitExternalLocalOriginErrors
+
bool
+
 +

Determines whether to distinguish local origin failures from external errors. If set to true +consecutiveLocalOriginFailures is taken into account for outlier detection calculations. +This should be used when you want to derive the outlier detection status based on the errors +seen locally such as failure to connect, timeout while connecting etc. rather than the status code +returned by upstream service. This is especially useful when the upstream service explicitly returns +a 5xx for some requests and you want to ignore those responses from upstream service while determining +the outlier detection status of a host. +Defaults to false.

+ +
consecutiveLocalOriginFailures
+
UInt32Value
+
 +

The number of consecutive locally originated failures before ejection +occurs. Defaults to 5. Parameter takes effect only when splitExternalLocalOriginErrors +is set to true.

+ +
consecutiveGatewayErrors
+
UInt32Value
+
 +

Number of gateway errors before a host is ejected from the connection pool. +When the upstream host is accessed over HTTP, a 502, 503, or 504 return +code qualifies as a gateway error. When the upstream host is accessed over +an opaque TCP connection, connect timeouts and connection error/failure +events qualify as a gateway error. +This feature is disabled by default or when set to the value 0.

+

Note that consecutiveGatewayErrors and consecutive5xxErrors can be +used separately or together. Because the errors counted by +consecutiveGatewayErrors are also included in consecutive5xxErrors, +if the value of consecutiveGatewayErrors is greater than or equal to +the value of consecutive5xxErrors, consecutiveGatewayErrors will have +no effect.

+ +
consecutive5xxErrors
+
UInt32Value
+
 +

Number of 5xx errors before a host is ejected from the connection pool. +When the upstream host is accessed over an opaque TCP connection, connect +timeouts, connection error/failure and request failure events qualify as a +5xx error. +This feature defaults to 5 but can be disabled by setting the value to 0.

+

Note that consecutiveGatewayErrors and consecutive5xxErrors can be +used separately or together. Because the errors counted by +consecutiveGatewayErrors are also included in consecutive5xxErrors, +if the value of consecutiveGatewayErrors is greater than or equal to +the value of consecutive5xxErrors, consecutiveGatewayErrors will have +no effect.

+ +
interval
+
Duration
+
 +

Time interval between ejection sweep analysis. format: +1h/1m/1s/1ms. MUST be >=1ms. Default is 10s.

+ +
baseEjectionTime
+
Duration
+
 +

Minimum ejection duration. A host will remain ejected for a period +equal to the product of minimum ejection duration and the number of +times the host has been ejected. This technique allows the system to +automatically increase the ejection period for unhealthy upstream +servers. format: 1h/1m/1s/1ms. MUST be >=1ms. Default is 30s.

+ +
maxEjectionPercent
+
int32
+
 +

Maximum % of hosts in the load balancing pool for the upstream +service that can be ejected. Defaults to 10%.

+ +
minHealthPercent
+
int32
+
 +

Outlier detection will be enabled as long as the associated load balancing +pool has at least minHealthPercent hosts in healthy mode. When the +percentage of healthy hosts in the load balancing pool drops below this +threshold, outlier detection will be disabled and the proxy will load balance +across all hosts in the pool (healthy and unhealthy). The threshold can be +disabled by setting it to 0%. The default is 0% as it’s not typically +applicable in k8s environments with few pods per service.

+ +
+
+

ClientTLSSettings

+
+

SSL/TLS related settings for upstream connections. See Envoy’s TLS +context +for more details. These settings are common to both HTTP and TCP upstreams.

+

For example, the following rule configures a client to use mutual TLS +for connections to upstream database cluster.

+
apiVersion: networking.istio.io/v1
+kind: DestinationRule
+metadata:
+  name: db-mtls
+spec:
+  host: mydbserver.prod.svc.cluster.local
+  trafficPolicy:
+    tls:
+      mode: MUTUAL
+      clientCertificate: /etc/certs/myclientcert.pem
+      privateKey: /etc/certs/client_private_key.pem
+      caCertificates: /etc/certs/rootcacerts.pem
+
+

The following rule configures a client to use TLS when talking to a +foreign service whose domain matches *.foo.com.

+
apiVersion: networking.istio.io/v1
+kind: DestinationRule
+metadata:
+  name: tls-foo
+spec:
+  host: "*.foo.com"
+  trafficPolicy:
+    tls:
+      mode: SIMPLE
+
+

The following rule configures a client to use Istio mutual TLS when talking +to rating services.

+
apiVersion: networking.istio.io/v1
+kind: DestinationRule
+metadata:
+  name: ratings-istio-mtls
+spec:
+  host: ratings.prod.svc.cluster.local
+  trafficPolicy:
+    tls:
+      mode: ISTIO_MUTUAL
+
+ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
FieldDescription
mode
+
TLSmode
+
 +

Indicates whether connections to this port should be secured +using TLS. The value of this field determines how TLS is enforced.

+ +
clientCertificate
+
string
+
 +

REQUIRED if mode is MUTUAL. The path to the file holding the +client-side TLS certificate to use. +Should be empty if mode is ISTIO_MUTUAL.

+ +
privateKey
+
string
+
 +

REQUIRED if mode is MUTUAL. The path to the file holding the +client’s private key. +Should be empty if mode is ISTIO_MUTUAL.

+ +
caCertificates
+
string
+
 +

OPTIONAL: The path to the file containing certificate authority +certificates to use in verifying a presented server certificate. If +omitted, the proxy will verify the server’s certificate using +the OS CA certificates. +Should be empty if mode is ISTIO_MUTUAL.

+ +
credentialName
+
string
+
 +

The name of the secret that holds the TLS certs for the +client including the CA certificates. This secret must exist in +the namespace of the proxy using the certificates. +An Opaque secret should contain the following keys and values: +key: <privateKey>, cert: <clientCert>, cacert: <CACertificate>, +crl: <certificateRevocationList> +Here CACertificate is used to verify the server certificate. +For mutual TLS, cacert: <CACertificate> can be provided in the +same secret or a separate secret named <secret>-cacert. +A TLS secret for client certificates with an additional +ca.crt key for CA certificates and ca.crl key for +certificate revocation list(CRL) is also supported. +Only one of client certificates and CA certificate +or credentialName can be specified.

+

NOTE: This field is applicable at sidecars only if +DestinationRule has a workloadSelector specified. +Otherwise the field will be applicable only at gateways, and +sidecars will continue to use the certificate paths.

+ +
subjectAltNames
+
string[]
+
 +

A list of alternate names to verify the subject identity in the +certificate. If specified, the proxy will verify that the server +certificate’s subject alt name matches one of the specified values. +If specified, this list overrides the value of subjectAltNames +from the ServiceEntry. If unspecified, automatic validation of upstream +presented certificate for new upstream connections will be done based on the +downstream HTTP host/authority header.

+ +
sni
+
string
+
 +

SNI string to present to the server during TLS handshake. +If unspecified, SNI will be automatically set based on downstream HTTP +host/authority header for SIMPLE and MUTUAL TLS modes.

+ +
insecureSkipVerify
+
BoolValue
+
 +

insecureSkipVerify specifies whether the proxy should skip verifying the +CA signature and SAN for the server certificate corresponding to the host. +The default value of this field is false.

+ +
caCrl
+
string
+
 +

OPTIONAL: The path to the file containing the certificate revocation list (CRL) +to use in verifying a presented server certificate. CRL is a list of certificates +that have been revoked by the CA (Certificate Authority) before their scheduled expiration date. +If specified, the proxy will verify if the presented certificate is part of the revoked list of certificates. +If omitted, the proxy will not verify the certificate against the crl. Note that if credentialName is set, +CRL cannot be specified using caCrl, rather it has to be specified inside the credential.

+ +
+
+

TLSmode

+
+

TLS connection mode

+ + + + + + + + + + + + + + + + + + + + + + + + + + +
NameDescription
DISABLE +

Do not setup a TLS connection to the upstream endpoint.

+ +
SIMPLE +

Originate a TLS connection to the upstream endpoint.

+ +
MUTUAL +

Secure connections to the upstream using mutual TLS by presenting +client certificates for authentication.

+ +
ISTIO_MUTUAL +

Secure connections to the upstream using mutual TLS by presenting +client certificates for authentication. +Compared to Mutual mode, this mode uses certificates generated +automatically by Istio for mTLS authentication. When this mode is +used, all other fields in ClientTLSSettings should be empty.

+ +
+
+

LocalityLoadBalancerSetting

+
+

Locality-weighted load balancing allows administrators to control the +distribution of traffic to endpoints based on the localities of where the +traffic originates and where it will terminate. These localities are +specified using arbitrary labels that designate a hierarchy of localities in +{region}/{zone}/{sub-zone} form. For additional detail refer to +Locality Weight +The following example shows how to setup locality weights mesh-wide.

+

Given a mesh with workloads and their service deployed to “us-west/zone1/*” +and “us-west/zone2/*”. This example specifies that when traffic accessing a +service originates from workloads in “us-west/zone1/*”, 80% of the traffic +will be sent to endpoints in “us-west/zone1/*”, i.e the same zone, and the +remaining 20% will go to endpoints in “us-west/zone2/*”. This setup is +intended to favor routing traffic to endpoints in the same locality. +A similar setting is specified for traffic originating in “us-west/zone2/*”.

+
  distribute:
+    - from: us-west/zone1/*
+      to:
+        "us-west/zone1/*": 80
+        "us-west/zone2/*": 20
+    - from: us-west/zone2/*
+      to:
+        "us-west/zone1/*": 20
+        "us-west/zone2/*": 80
+
+

If the goal of the operator is not to distribute load across zones and +regions but rather to restrict the regionality of failover to meet other +operational requirements an operator can set a ‘failover’ policy instead of +a ‘distribute’ policy.

+

The following example sets up a locality failover policy for regions. +Assume a service resides in zones within us-east, us-west & eu-west +this example specifies that when endpoints within us-east become unhealthy +traffic should failover to endpoints in any zone or sub-zone within eu-west +and similarly us-west should failover to us-east.

+
 failover:
+   - from: us-east
+     to: eu-west
+   - from: us-west
+     to: us-east
+
+ + + + + + + + + + + + + + + + + + + + + + + + + + +
FieldDescription
distribute
+
Distribute[]
+
 +

only one of distribute, failover or failoverPriority can be set. +Explicitly specify loadbalancing weight across different zones and geographical locations. +Refer to Locality weighted load balancing +If empty, the locality weight is set according to the endpoints number within it.

+ +
failover
+
Failover[]
+
 +

only one of distribute, failover or failoverPriority can be set. +Explicitly specify the region traffic will land on when endpoints in local region becomes unhealthy. +Should be used together with OutlierDetection to detect unhealthy endpoints. +Note: if no OutlierDetection specified, this will not take effect.

+ +
failoverPriority
+
string[]
+
 +

failoverPriority is an ordered list of labels used to sort endpoints to do priority based load balancing. +This is to support traffic failover across different groups of endpoints. +Two kinds of labels can be specified:

+
    +
  • +

    Specify only label keys [key1, key2, key3], istio would compare the label values of client with endpoints. +Suppose there are total N label keys [key1, key2, key3, ...keyN] specified:

    +
      +
    1. Endpoints matching all N labels with the client proxy have priority P(0) i.e. the highest priority.
      2. +
    2. Endpoints matching the first N-1 labels with the client proxy have priority P(1) i.e. second highest priority.
      3. +
    3. By extension of this logic, endpoints matching only the first label with the client proxy has priority P(N-1) i.e. second lowest priority.
      4. +
    4. All the other endpoints have priority P(N) i.e. lowest priority.
      5. +
    +
    • +
  • +

    Specify labels with key and value [key1=value1, key2=value2, key3=value3], istio would compare the labels with endpoints. +Suppose there are total N labels [key1=value1, key2=value2, key3=value3, ...keyN=valueN] specified:

    +
      +
    1. Endpoints matching all N labels have priority P(0) i.e. the highest priority.
      2. +
    2. Endpoints matching the first N-1 labels have priority P(1) i.e. second highest priority.
      3. +
    3. By extension of this logic, endpoints matching only the first label has priority P(N-1) i.e. second lowest priority.
      4. +
    4. All the other endpoints have priority P(N) i.e. lowest priority.
      5. +
    +
    • +
+

Note: For a label to be considered for match, the previous labels must match, i.e. nth label would be considered matched only if first n-1 labels match.

+

It can be any label specified on both client and server workloads. +The following labels which have special semantic meaning are also supported:

+
    +
  • topology.istio.io/network is used to match the network metadata of an endpoint, which can be specified by pod/namespace label topology.istio.io/network, sidecar env ISTIO_META_NETWORK or MeshNetworks.
    • +
  • topology.istio.io/cluster is used to match the clusterID of an endpoint, which can be specified by pod label topology.istio.io/cluster or pod env ISTIO_META_CLUSTER_ID.
    • +
  • topology.kubernetes.io/region is used to match the region metadata of an endpoint, which maps to Kubernetes node label topology.kubernetes.io/region or the deprecated label failure-domain.beta.kubernetes.io/region.
    • +
  • topology.kubernetes.io/zone is used to match the zone metadata of an endpoint, which maps to Kubernetes node label topology.kubernetes.io/zone or the deprecated label failure-domain.beta.kubernetes.io/zone.
    • +
  • topology.istio.io/subzone is used to match the subzone metadata of an endpoint, which maps to Istio node label topology.istio.io/subzone.
    • +
  • kubernetes.io/hostname is used to match the current node of an endpoint, which maps to Kubernetes node label kubernetes.io/hostname.
    • +
+

The below topology config indicates the following priority levels:

+
failoverPriority:
+- "topology.istio.io/network"
+- "topology.kubernetes.io/region"
+- "topology.kubernetes.io/zone"
+- "topology.istio.io/subzone"
+
+
    +
  1. endpoints match same [network, region, zone, subzone] label with the client proxy have the highest priority.
    2. +
  2. endpoints have same [network, region, zone] label but different [subzone] label with the client proxy have the second highest priority.
    3. +
  3. endpoints have same [network, region] label but different [zone] label with the client proxy have the third highest priority.
    4. +
  4. endpoints have same [network] but different [region] labels with the client proxy have the fourth highest priority.
    5. +
  5. all the other endpoints have the same lowest priority.
    6. +
+

Suppose a service associated endpoints reside in multi clusters, the below example represents:

+
    +
  1. endpoints in clusterA and has version=v1 label have P(0) priority.
    2. +
  2. endpoints not in clusterA but has version=v1 label have P(1) priority.
    3. +
  3. all the other endpoints have P(2) priority.
    4. +
+
failoverPriority:
+- "version=v1"
+- "topology.istio.io/cluster=clusterA"
+
+

only one of distribute, failover or failoverPriority can be set. +And it should be used together with OutlierDetection to detect unhealthy endpoints, otherwise has no effect.

+ +
enabled
+
BoolValue
+
 +

Enable locality load balancing. This is DestinationRule-level and will override mesh-wide settings in entirety. +e.g. true means that turn on locality load balancing for this DestinationRule no matter what mesh-wide settings is.

+ +
+
+

Distribute

+
+

Describes how traffic originating in the ‘from’ zone or sub-zone is +distributed over a set of ’to’ zones. Syntax for specifying a zone is +{region}/{zone}/{sub-zone} and terminal wildcards are allowed on any +segment of the specification. Examples:

+

* - matches all localities

+

us-west/* - all zones and sub-zones within the us-west region

+

us-west/zone-1/* - all sub-zones within us-west/zone-1

+ + + + + + + + + + + + + + + + + + +
FieldDescription
from
+
string
+
 +

Originating locality, ‘/’ separated, e.g. ‘region/zone/sub_zone’.

+ +
to
+
map<string, uint32>
+
 +

Map of upstream localities to traffic distribution weights. The sum of +all weights should be 100. Any locality not present will +receive no traffic.

+ +
+
+

Failover

+
+

Specify the traffic failover policy across regions. Since zone and sub-zone +failover is supported by default this only needs to be specified for +regions when the operator needs to constrain traffic failover so that +the default behavior of failing over to any endpoint globally does not +apply. This is useful when failing over traffic across regions would not +improve service health or may need to be restricted for other reasons +like regulatory controls.

+ + + + + + + + + + + + + + + + + + +
FieldDescription
from
+
string
+
 +

Originating region.

+ +
to
+
string
+
 +

Destination region the traffic will fail over to when endpoints in +the ‘from’ region becomes unhealthy.

+ +
+
+

UInt32Value

+
+

Wrapper message for uint32.

+

The JSON representation for UInt32Value is JSON number.

+ + + + + + + + + + + + + + +
FieldDescription
value
+
uint32
+
 +

The uint32 value.

+ +
+
diff --git a/vendor/istio.io/api/networking/v1beta1/destination_rule.proto b/vendor/istio.io/api/networking/v1alpha3/destination_rule.proto similarity index 77% rename from vendor/istio.io/api/networking/v1beta1/destination_rule.proto rename to vendor/istio.io/api/networking/v1alpha3/destination_rule.proto index de9217c36..7f759ee7f 100644 --- a/vendor/istio.io/api/networking/v1beta1/destination_rule.proto +++ b/vendor/istio.io/api/networking/v1alpha3/destination_rule.proto @@ -1,4 +1,4 @@ -// Copyright 2020 Istio Authors +// Copyright 2018 Istio Authors // // Licensed under the Apache License, Version 2.0 (the "License"); // you may not use this file except in compliance with the License. @@ -16,15 +16,14 @@ syntax = "proto3"; import "google/api/field_behavior.proto"; import "google/protobuf/duration.proto"; import "google/protobuf/wrappers.proto"; -import "networking/v1beta1/virtual_service.proto"; +import "networking/v1alpha3/virtual_service.proto"; import "type/v1beta1/selector.proto"; -// $schema: istio.networking.v1beta1.DestinationRule +// $schema: istio.networking.v1alpha3.DestinationRule // $title: Destination Rule // $description: Configuration affecting load balancing, outlier detection, etc. // $location: https://istio.io/docs/reference/config/networking/destination-rule.html -// $aliases: [/docs/reference/config/networking/v1beta1/destination-rule] -// $mode: none +// $aliases: [/docs/reference/config/networking/v1alpha3/destination-rule] // `DestinationRule` defines policies that apply to traffic intended for a // service after routing has occurred. These rules specify configuration @@ -33,10 +32,8 @@ import "type/v1beta1/selector.proto"; // balancing pool. For example, a simple load balancing policy for the // ratings service would look as follows: // -// {{}} -// {{}} // ```yaml -// apiVersion: networking.istio.io/v1alpha3 +// apiVersion: networking.istio.io/v1 // kind: DestinationRule // metadata: // name: bookinfo-ratings @@ -46,22 +43,6 @@ import "type/v1beta1/selector.proto"; // loadBalancer: // simple: LEAST_REQUEST // ``` -// {{}} -// -// {{}} -// ```yaml -// apiVersion: networking.istio.io/v1beta1 -// kind: DestinationRule -// metadata: -// name: bookinfo-ratings -// spec: -// host: ratings.prod.svc.cluster.local -// trafficPolicy: -// loadBalancer: -// simple: LEAST_REQUEST -// ``` -// {{}} -// {{}} // // Version specific policies can be specified by defining a named // `subset` and overriding the settings specified at the service level. The @@ -69,31 +50,8 @@ import "type/v1beta1/selector.proto"; // going to a subset named testversion that is composed of endpoints (e.g., // pods) with labels (version:v3). // -// {{}} -// {{}} -// ```yaml -// apiVersion: networking.istio.io/v1alpha3 -// kind: DestinationRule -// metadata: -// name: bookinfo-ratings -// spec: -// host: ratings.prod.svc.cluster.local -// trafficPolicy: -// loadBalancer: -// simple: LEAST_REQUEST -// subsets: -// - name: testversion -// labels: -// version: v3 -// trafficPolicy: -// loadBalancer: -// simple: ROUND_ROBIN -// ``` -// {{}} -// -// {{}} // ```yaml -// apiVersion: networking.istio.io/v1beta1 +// apiVersion: networking.istio.io/v1 // kind: DestinationRule // metadata: // name: bookinfo-ratings @@ -110,8 +68,6 @@ import "type/v1beta1/selector.proto"; // loadBalancer: // simple: ROUND_ROBIN // ``` -// {{}} -// {{}} // // **Note:** Policies specified for subsets will not take effect until // a route rule explicitly sends traffic to this subset. @@ -121,10 +77,8 @@ import "type/v1beta1/selector.proto"; // traffic to port 80, while uses a round robin load balancing setting for // traffic to the port 9080. // -// {{}} -// {{}} // ```yaml -// apiVersion: networking.istio.io/v1alpha3 +// apiVersion: networking.istio.io/v1 // kind: DestinationRule // metadata: // name: bookinfo-ratings-port @@ -141,40 +95,41 @@ import "type/v1beta1/selector.proto"; // loadBalancer: // simple: ROUND_ROBIN // ``` -// {{}} // -// {{}} +// Destination Rules can be customized to specific workloads as well. +// The following example shows how a destination rule can be applied to a +// specific workload using the workloadSelector configuration. +// // ```yaml -// apiVersion: networking.istio.io/v1beta1 +// apiVersion: networking.istio.io/v1 // kind: DestinationRule // metadata: -// name: bookinfo-ratings-port +// name: configure-client-mtls-dr-with-workloadselector // spec: -// host: ratings.prod.svc.cluster.local -// trafficPolicy: # Apply to all ports +// host: example.com +// workloadSelector: +// matchLabels: +// app: ratings +// trafficPolicy: +// loadBalancer: +// simple: ROUND_ROBIN // portLevelSettings: // - port: -// number: 80 -// loadBalancer: -// simple: LEAST_REQUEST -// - port: -// number: 9080 -// loadBalancer: -// simple: ROUND_ROBIN +// number: 31443 +// tls: +// credentialName: client-credential +// mode: MUTUAL // ``` -// {{}} -// {{}} -// -package istio.networking.v1beta1; +package istio.networking.v1alpha3; -option go_package = "istio.io/api/networking/v1beta1"; +option go_package = "istio.io/api/networking/v1alpha3"; // DestinationRule defines policies that apply to traffic intended for a service // after routing has occurred. // // -// message DestinationRule { // The name of a service from the service registry. Service // names are looked up from the platform's service registry (e.g., @@ -209,9 +161,9 @@ message DestinationRule { // the short name based on the namespace of the rule, not the service. A // rule in the "default" namespace containing a host "reviews" will be // interpreted as "reviews.default.svc.cluster.local", irrespective of - // the actual namespace associated with the reviews service. _To avoid + // the actual namespace associated with the reviews service. To avoid // potential misconfigurations, it is recommended to always use fully - // qualified domain names over short names._ + // qualified domain names over short names. // // Note that the host field applies to both HTTP and TCP services. string host = 1 [(google.api.field_behavior) = REQUIRED]; @@ -291,14 +243,17 @@ message TrafficPolicy { // settings specified at the destination-level will not be inherited when // overridden by port-level settings, i.e. default values will be applied // to fields omitted in port-level traffic policies. + // +kubebuilder:validation:MaxItems=4096 repeated PortTrafficPolicy port_level_settings = 5; message TunnelSettings { // Specifies which protocol to use for tunneling the downstream connection. // Supported protocols are: - // CONNECT - uses HTTP CONNECT; - // POST - uses HTTP POST. + // * CONNECT - uses HTTP CONNECT; + // * POST - uses HTTP POST. + // // CONNECT is used by default if not specified. + // // HTTP version for upstream requests is determined by the service protocol defined for the proxy. string protocol = 1; @@ -314,6 +269,22 @@ message TrafficPolicy { // for the host configured in the DestinationRule. // Tunnel settings can be applied to TCP or TLS routes and can't be applied to HTTP routes. TunnelSettings tunnel = 6; + + message ProxyProtocol { + enum VERSION { + // ⁣PROXY protocol version 1. Human readable format. + V1 = 0; + + // ⁣PROXY protocol version 2. Binary format. + V2 = 1; + }; + // The PROXY protocol version to use. See https://www.haproxy.org/download/2.1/doc/proxy-protocol.txt for details. + // By default it is `V1`. + VERSION version = 1; + } + + // The upstream PROXY protocol settings. + ProxyProtocol proxy_protocol = 7; } // A subset of endpoints of a service. Subsets can be used for scenarios @@ -325,31 +296,8 @@ message TrafficPolicy { // subset named testversion that is composed of endpoints (e.g., pods) with // labels (version:v3). // -// {{}} -// {{}} -// ```yaml -// apiVersion: networking.istio.io/v1alpha3 -// kind: DestinationRule -// metadata: -// name: bookinfo-ratings -// spec: -// host: ratings.prod.svc.cluster.local -// trafficPolicy: -// loadBalancer: -// simple: LEAST_REQUEST -// subsets: -// - name: testversion -// labels: -// version: v3 -// trafficPolicy: -// loadBalancer: -// simple: ROUND_ROBIN -// ``` -// {{}} -// -// {{}} // ```yaml -// apiVersion: networking.istio.io/v1beta1 +// apiVersion: networking.istio.io/v1 // kind: DestinationRule // metadata: // name: bookinfo-ratings @@ -366,8 +314,6 @@ message TrafficPolicy { // loadBalancer: // simple: ROUND_ROBIN // ``` -// {{}} -// {{}} // // **Note:** Policies specified for subsets will not take effect until // a route rule explicitly sends traffic to this subset. @@ -401,24 +347,8 @@ message Subset { // For example, the following rule uses a round robin load balancing policy // for all traffic going to the ratings service. // -// {{}} -// {{}} -// ```yaml -// apiVersion: networking.istio.io/v1alpha3 -// kind: DestinationRule -// metadata: -// name: bookinfo-ratings -// spec: -// host: ratings.prod.svc.cluster.local -// trafficPolicy: -// loadBalancer: -// simple: ROUND_ROBIN -// ``` -// {{}} -// -// {{}} // ```yaml -// apiVersion: networking.istio.io/v1beta1 +// apiVersion: networking.istio.io/v1 // kind: DestinationRule // metadata: // name: bookinfo-ratings @@ -428,17 +358,13 @@ message Subset { // loadBalancer: // simple: ROUND_ROBIN // ``` -// {{}} -// {{}} // // The following example sets up sticky sessions for the ratings service // hashing-based load balancer for the same ratings service using the // the User cookie as the hash key. // -// {{}} -// {{}} // ```yaml -// apiVersion: networking.istio.io/v1alpha3 +// apiVersion: networking.istio.io/v1 // kind: DestinationRule // metadata: // name: bookinfo-ratings @@ -451,27 +377,9 @@ message Subset { // name: user // ttl: 0s // ``` -// {{}} -// -// {{}} -// ```yaml -// apiVersion: networking.istio.io/v1beta1 -// kind: DestinationRule -// metadata: -// name: bookinfo-ratings -// spec: -// host: ratings.prod.svc.cluster.local -// trafficPolicy: -// loadBalancer: -// consistentHash: -// httpCookie: -// name: user -// ttl: 0s -// ``` -// {{}} -// {{}} // message LoadBalancerSettings { + // +kubebuilder:validation:XValidation:message="only one of warmupDurationSecs or warmup can be set",rule="(has(self.warmupDurationSecs)?1:0)+(has(self.warmup)?1:0)<=1" // Standard load balancing algorithms that require no tuning. enum SimpleLB { // No load balancing algorithm has been specified by the user. Istio @@ -494,7 +402,7 @@ message LoadBalancerSettings { PASSTHROUGH = 3; // A basic round robin load balancing policy. This is generally unsafe - // for many scenarios (e.g. when enpoint weighting is used) as it can + // for many scenarios (e.g. when endpoint weighting is used) as it can // overburden endpoints. In general, prefer to use LEAST_REQUEST as a // drop-in replacement for ROUND_ROBIN. ROUND_ROBIN = 4; @@ -532,23 +440,27 @@ message LoadBalancerSettings { // single virtual node. uint64 minimum_ring_size = 1; }; - + message MagLev { - // The table size for Maglev hashing. This helps in controlling the + // The table size for Maglev hashing. This helps in controlling the // disruption when the backend hosts change. - // Increasing the table size reduces the amount of disruption. + // Increasing the table size reduces the amount of disruption. + // The table size must be prime number less than 5000011. + // If it is not specified, the default is 65537. uint64 table_size = 1; }; // Describes a HTTP cookie that will be used as the hash key for the - // Consistent Hash load balancer. If the cookie is not present, it will - // be generated. + // Consistent Hash load balancer. message HTTPCookie { // Name of the cookie. string name = 1 [(google.api.field_behavior) = REQUIRED]; // Path to set for the cookie. string path = 2; - // Lifetime of the cookie. - google.protobuf.Duration ttl = 3 [(google.api.field_behavior) = REQUIRED]; + // Lifetime of the cookie. If specified, a cookie with the TTL will be + // generated if the cookie is not present. If the TTL is present and zero, + // the generated cookie will be a session cookie. + // +protoc-gen-crd:duration-validation:none + google.protobuf.Duration ttl = 3; }; // The hash key to use. @@ -567,7 +479,7 @@ message LoadBalancerSettings { string http_query_parameter_name = 5; }; - // The hash algorithm to use. + // The hash algorithm to use. // Please refer to https://www.envoyproxy.io/docs/envoy/latest/intro/arch_overview/upstream/load_balancing/load_balancers#ring-hash // and https://www.envoyproxy.io/docs/envoy/latest/intro/arch_overview/upstream/load_balancing/load_balancers#maglev for // considerations on choosing an algorithm. @@ -575,7 +487,7 @@ message LoadBalancerSettings { oneof hash_algorithm { // The ring/modulo hash load balancer implements consistent hashing to backend hosts. RingHash ring_hash = 6; - // The Maglev load balancer implements consistent hashing to backend hosts. + // The Maglev load balancer implements consistent hashing to backend hosts. MagLev maglev = 7; }; @@ -593,18 +505,40 @@ message LoadBalancerSettings { ConsistentHashLB consistent_hash = 2; } - // Locality load balancer settings, this will override mesh wide settings in entirety, meaning no merging would be performed + // Locality load balancer settings, this will override mesh-wide settings in entirety, meaning no merging would be performed // between this object and the object one in MeshConfig LocalityLoadBalancerSetting locality_lb_setting = 3; - // Represents the warmup duration of Service. If set, the newly created endpoint of service + // Deprecated: use `warmup` instead. + google.protobuf.Duration warmup_duration_secs = 4; + + // Represents the warmup configuration of Service. If set, the newly created endpoint of service // remains in warmup mode starting from its creation time for the duration of this window and // Istio progressively increases amount of traffic for that endpoint instead of sending proportional amount of traffic. // This should be enabled for services that require warm up time to serve full production load with reasonable latency. + // Please note that this is most effective when few new endpoints come up like scale event in Kubernetes. When all the + // endpoints are relatively new like new deployment, this is not very effective as all endpoints end up getting same + // amount of requests. // Currently this is only supported for ROUND_ROBIN and LEAST_REQUEST load balancers. - google.protobuf.Duration warmup_duration_secs = 4; + WarmupConfiguration warmup = 5; } +message WarmupConfiguration { + // Duration of warmup mode + google.protobuf.Duration duration = 1 [(google.api.field_behavior) = REQUIRED]; + + // Configures the minimum percentage of origin weight + // If unspecified, defaults to 10 + // +kubebuilder:validation:Maximum=100 + // +kubebuilder:validation:Minimum=0 + google.protobuf.DoubleValue minimum_percent = 2; + + // This parameter controls the speed of traffic increase over the warmup duration. Defaults to 1.0, so that endpoints would + // get linearly increasing amount of traffic. When increasing the value for this parameter, + // the speed of traffic ramp-up increases non-linearly. + // +kubebuilder:validation:Minimum=1 + google.protobuf.DoubleValue aggression = 3; +} // Connection pool settings for an upstream host. The settings apply to // each individual host in the upstream service. See Envoy's [circuit // breaker](https://www.envoyproxy.io/docs/envoy/latest/intro/arch_overview/upstream/circuit_breaking) @@ -614,29 +548,8 @@ message LoadBalancerSettings { // For example, the following rule sets a limit of 100 connections to redis // service called myredissrv with a connect timeout of 30ms // -// {{}} -// {{}} -// ```yaml -// apiVersion: networking.istio.io/v1alpha3 -// kind: DestinationRule -// metadata: -// name: bookinfo-redis -// spec: -// host: myredissrv.prod.svc.cluster.local -// trafficPolicy: -// connectionPool: -// tcp: -// maxConnections: 100 -// connectTimeout: 30ms -// tcpKeepalive: -// time: 7200s -// interval: 75s -// ``` -// {{}} -// -// {{}} // ```yaml -// apiVersion: networking.istio.io/v1beta1 +// apiVersion: networking.istio.io/v1 // kind: DestinationRule // metadata: // name: bookinfo-redis @@ -651,8 +564,6 @@ message LoadBalancerSettings { // time: 7200s // interval: 75s // ``` -// {{}} -// {{}} // message ConnectionPoolSettings { // Settings common to both HTTP and TCP upstream connections. @@ -679,28 +590,38 @@ message ConnectionPoolSettings { int32 max_connections = 1; // TCP connection timeout. format: - // 1h/1m/1s/1ms. MUST BE >=1ms. Default is 10s. + // 1h/1m/1s/1ms. MUST be >=1ms. Default is 10s. google.protobuf.Duration connect_timeout = 2; // If set then set SO_KEEPALIVE on the socket to enable TCP Keepalives. TcpKeepalive tcp_keepalive = 3; // The maximum duration of a connection. The duration is defined as the period since a connection - // was established. If not set, there is no max duration. When max_connection_duration + // was established. If not set, there is no max duration. When `maxConnectionDuration` // is reached the connection will be closed. Duration must be at least 1ms. google.protobuf.Duration max_connection_duration = 4; + + // The idle timeout for TCP connections. + // The idle timeout is defined as the period in which there are no bytes sent or received on either + // the upstream or downstream connection. + // If not set, the default idle timeout is 1 hour. If set to 0s, the timeout will be disabled. + // Idle timeout is not configured per each cluster individually when weighted destinations are used, + // because idleTimeout is a property of a listener, not a cluster. In that case, idleTimeout + // specified in a destination rule for the first weighted route is configured in the listener, + // which means also for all weighted routes. + google.protobuf.Duration idle_timeout = 5; }; // Settings applicable to HTTP1.1/HTTP2/GRPC connections. message HTTPSettings { // Maximum number of requests that will be queued while waiting for - // a ready connection pool connection. Default 1024. + // a ready connection pool connection. Default 2^32-1. // Refer to https://www.envoyproxy.io/docs/envoy/latest/intro/arch_overview/upstream/circuit_breaking // under which conditions a new connection is created for HTTP2. // Please note that this is applicable to both HTTP/1.1 and HTTP2. int32 http1_max_pending_requests = 1; - // Maximum number of active requests to a destination. Default 1024. + // Maximum number of active requests to a destination. Default 2^32-1. // Please note that this is applicable to both HTTP/1.1 and HTTP2. int32 http2_max_requests = 2; @@ -737,9 +658,13 @@ message ConnectionPoolSettings { H2UpgradePolicy h2_upgrade_policy = 6; // If set to true, client protocol will be preserved while initiating connection to backend. - // Note that when this is set to true, h2_upgrade_policy will be ineffective i.e. the client + // Note that when this is set to true, `h2UpgradePolicy` will be ineffective i.e. the client // connections will not be upgraded to http2. bool use_client_protocol = 7; + + // The maximum number of concurrent streams allowed for a peer on one HTTP/2 connection. + // Defaults to 2^31-1. + int32 max_concurrent_streams = 8; }; // Settings common to both HTTP and TCP upstream connections. @@ -764,32 +689,8 @@ message ConnectionPoolSettings { // hosts to be scanned every 5 mins so that any host that fails 7 consecutive // times with a 502, 503, or 504 error code will be ejected for 15 minutes. // -// {{}} -// {{}} -// ```yaml -// apiVersion: networking.istio.io/v1alpha3 -// kind: DestinationRule -// metadata: -// name: reviews-cb-policy -// spec: -// host: reviews.prod.svc.cluster.local -// trafficPolicy: -// connectionPool: -// tcp: -// maxConnections: 100 -// http: -// http2MaxRequests: 1000 -// maxRequestsPerConnection: 10 -// outlierDetection: -// consecutive5xxErrors: 7 -// interval: 5m -// baseEjectionTime: 15m -// ``` -// {{}} -// -// {{}} // ```yaml -// apiVersion: networking.istio.io/v1beta1 +// apiVersion: networking.istio.io/v1 // kind: DestinationRule // metadata: // name: reviews-cb-policy @@ -807,8 +708,6 @@ message ConnectionPoolSettings { // interval: 5m // baseEjectionTime: 15m // ``` -// {{}} -// {{}} // message OutlierDetection { // Number of errors before a host is ejected from the connection @@ -820,17 +719,17 @@ message OutlierDetection { int32 consecutive_errors = 1 [deprecated=true]; // Determines whether to distinguish local origin failures from external errors. If set to true - // consecutive_local_origin_failure is taken into account for outlier detection calculations. + // `consecutiveLocalOriginFailures` is taken into account for outlier detection calculations. // This should be used when you want to derive the outlier detection status based on the errors // seen locally such as failure to connect, timeout while connecting etc. rather than the status code - // retuned by upstream service. This is especially useful when the upstream service explicitly returns + // returned by upstream service. This is especially useful when the upstream service explicitly returns // a 5xx for some requests and you want to ignore those responses from upstream service while determining // the outlier detection status of a host. // Defaults to false. bool split_external_local_origin_errors = 8; // The number of consecutive locally originated failures before ejection - // occurs. Defaults to 5. Parameter takes effect only when split_external_local_origin_errors + // occurs. Defaults to 5. Parameter takes effect only when `splitExternalLocalOriginErrors` // is set to true. google.protobuf.UInt32Value consecutive_local_origin_failures = 9; @@ -841,11 +740,11 @@ message OutlierDetection { // events qualify as a gateway error. // This feature is disabled by default or when set to the value 0. // - // Note that consecutive_gateway_errors and consecutive_5xx_errors can be + // Note that `consecutiveGatewayErrors` and `consecutive5xxErrors` can be // used separately or together. Because the errors counted by - // consecutive_gateway_errors are also included in consecutive_5xx_errors, - // if the value of consecutive_gateway_errors is greater than or equal to - // the value of consecutive_5xx_errors, consecutive_gateway_errors will have + // `consecutiveGatewayErrors` are also included in `consecutive5xxErrors`, + // if the value of `consecutiveGatewayErrors` is greater than or equal to + // the value of `consecutive5xxErrors`, `consecutiveGatewayErrors` will have // no effect. google.protobuf.UInt32Value consecutive_gateway_errors = 6; @@ -855,23 +754,23 @@ message OutlierDetection { // 5xx error. // This feature defaults to 5 but can be disabled by setting the value to 0. // - // Note that consecutive_gateway_errors and consecutive_5xx_errors can be + // Note that `consecutiveGatewayErrors` and `consecutive5xxErrors` can be // used separately or together. Because the errors counted by - // consecutive_gateway_errors are also included in consecutive_5xx_errors, - // if the value of consecutive_gateway_errors is greater than or equal to - // the value of consecutive_5xx_errors, consecutive_gateway_errors will have + // `consecutiveGatewayErrors` are also included in `consecutive5xxErrors`, + // if the value of `consecutiveGatewayErrors` is greater than or equal to + // the value of `consecutive5xxErrors`, `consecutiveGatewayErrors` will have // no effect. google.protobuf.UInt32Value consecutive_5xx_errors = 7; // Time interval between ejection sweep analysis. format: - // 1h/1m/1s/1ms. MUST BE >=1ms. Default is 10s. + // 1h/1m/1s/1ms. MUST be >=1ms. Default is 10s. google.protobuf.Duration interval = 2; // Minimum ejection duration. A host will remain ejected for a period // equal to the product of minimum ejection duration and the number of // times the host has been ejected. This technique allows the system to // automatically increase the ejection period for unhealthy upstream - // servers. format: 1h/1m/1s/1ms. MUST BE >=1ms. Default is 30s. + // servers. format: 1h/1m/1s/1ms. MUST be >=1ms. Default is 30s. google.protobuf.Duration base_ejection_time = 3; // Maximum % of hosts in the load balancing pool for the upstream @@ -879,7 +778,7 @@ message OutlierDetection { int32 max_ejection_percent = 4; // Outlier detection will be enabled as long as the associated load balancing - // pool has at least min_health_percent hosts in healthy mode. When the + // pool has at least `minHealthPercent` hosts in healthy mode. When the // percentage of healthy hosts in the load balancing pool drops below this // threshold, outlier detection will be disabled and the proxy will load balance // across all hosts in the pool (healthy and unhealthy). The threshold can be @@ -895,10 +794,8 @@ message OutlierDetection { // For example, the following rule configures a client to use mutual TLS // for connections to upstream database cluster. // -// {{}} -// {{}} // ```yaml -// apiVersion: networking.istio.io/v1alpha3 +// apiVersion: networking.istio.io/v1 // kind: DestinationRule // metadata: // name: db-mtls @@ -911,33 +808,12 @@ message OutlierDetection { // privateKey: /etc/certs/client_private_key.pem // caCertificates: /etc/certs/rootcacerts.pem // ``` -// {{}} -// -// {{}} -// ```yaml -// apiVersion: networking.istio.io/v1beta1 -// kind: DestinationRule -// metadata: -// name: db-mtls -// spec: -// host: mydbserver.prod.svc.cluster.local -// trafficPolicy: -// tls: -// mode: MUTUAL -// clientCertificate: /etc/certs/myclientcert.pem -// privateKey: /etc/certs/client_private_key.pem -// caCertificates: /etc/certs/rootcacerts.pem -// ``` -// {{}} -// {{}} // // The following rule configures a client to use TLS when talking to a // foreign service whose domain matches *.foo.com. // -// {{}} -// {{}} // ```yaml -// apiVersion: networking.istio.io/v1alpha3 +// apiVersion: networking.istio.io/v1 // kind: DestinationRule // metadata: // name: tls-foo @@ -947,44 +823,12 @@ message OutlierDetection { // tls: // mode: SIMPLE // ``` -// {{}} -// -// {{}} -// ```yaml -// apiVersion: networking.istio.io/v1beta1 -// kind: DestinationRule -// metadata: -// name: tls-foo -// spec: -// host: "*.foo.com" -// trafficPolicy: -// tls: -// mode: SIMPLE -// ``` -// {{}} -// {{}} // // The following rule configures a client to use Istio mutual TLS when talking // to rating services. // -// {{}} -// {{}} -// ```yaml -// apiVersion: networking.istio.io/v1alpha3 -// kind: DestinationRule -// metadata: -// name: ratings-istio-mtls -// spec: -// host: ratings.prod.svc.cluster.local -// trafficPolicy: -// tls: -// mode: ISTIO_MUTUAL -// ``` -// {{}} -// -// {{}} // ```yaml -// apiVersion: networking.istio.io/v1beta1 +// apiVersion: networking.istio.io/v1 // kind: DestinationRule // metadata: // name: ratings-istio-mtls @@ -994,8 +838,6 @@ message OutlierDetection { // tls: // mode: ISTIO_MUTUAL // ``` -// {{}} -// {{}} // message ClientTLSSettings { // TLS connection mode @@ -1020,7 +862,7 @@ message ClientTLSSettings { // Indicates whether connections to this port should be secured // using TLS. The value of this field determines how TLS is enforced. - TLSmode mode = 1 [(google.api.field_behavior) = REQUIRED]; + TLSmode mode = 1; // REQUIRED if mode is `MUTUAL`. The path to the file holding the // client-side TLS certificate to use. @@ -1034,19 +876,23 @@ message ClientTLSSettings { // OPTIONAL: The path to the file containing certificate authority // certificates to use in verifying a presented server certificate. If - // omitted, the proxy will not verify the server's certificate. + // omitted, the proxy will verify the server's certificate using + // the OS CA certificates. // Should be empty if mode is `ISTIO_MUTUAL`. string ca_certificates = 4; // The name of the secret that holds the TLS certs for the - // client including the CA certificates. Secret must exist in the - // same namespace with the proxy using the certificates. - // The secret (of type `generic`)should contain the - // following keys and values: `key: `, - // `cert: `, `cacert: `. + // client including the CA certificates. This secret must exist in + // the namespace of the proxy using the certificates. + // An Opaque secret should contain the following keys and values: + // `key: `, `cert: `, `cacert: `, + // `crl: ` // Here CACertificate is used to verify the server certificate. - // Secret of type tls for client certificates along with - // ca.crt key for CA certificates is also supported. + // For mutual TLS, `cacert: ` can be provided in the + // same secret or a separate secret named `-cacert`. + // A TLS secret for client certificates with an additional + // `ca.crt` key for CA certificates and `ca.crl` key for + // certificate revocation list(CRL) is also supported. // Only one of client certificates and CA certificate // or credentialName can be specified. // @@ -1059,32 +905,29 @@ message ClientTLSSettings { // A list of alternate names to verify the subject identity in the // certificate. If specified, the proxy will verify that the server // certificate's subject alt name matches one of the specified values. - // If specified, this list overrides the value of subject_alt_names - // from the ServiceEntry. If unspecified, automatic validation of upstream + // If specified, this list overrides the value of `subjectAltNames` + // from the `ServiceEntry`. If unspecified, automatic validation of upstream // presented certificate for new upstream connections will be done based on the - // downstream HTTP host/authority header, provided `VERIFY_CERT_AT_CLIENT` - // and `ENABLE_AUTO_SNI` environmental variables are set to `true`. + // downstream HTTP host/authority header. repeated string subject_alt_names = 5; // SNI string to present to the server during TLS handshake. // If unspecified, SNI will be automatically set based on downstream HTTP - // host/authority header for SIMPLE and MUTUAL TLS modes, provided `ENABLE_AUTO_SNI` - // environmental variable is set to `true`. + // host/authority header for SIMPLE and MUTUAL TLS modes. string sni = 6; - // InsecureSkipVerify specifies whether the proxy should skip verifying the + // `insecureSkipVerify` specifies whether the proxy should skip verifying the // CA signature and SAN for the server certificate corresponding to the host. - // This flag should only be set if global CA signature verifcation is - // enabled, `VerifyCertAtClient` environmental variable is set to `true`, - // but no verification is desired for a specific host. If enabled with or - // without `VerifyCertAtClient` enabled, verification of the CA signature and - // SAN will be skipped. - // - // `InsecureSkipVerify` is `false` by default. - // `VerifyCertAtClient` is `false` by default in Istio version 1.9 but will - // be `true` by default in a later version where, going forward, it will be - // enabled by default. + // The default value of this field is false. google.protobuf.BoolValue insecure_skip_verify = 8; + + // OPTIONAL: The path to the file containing the certificate revocation list (CRL) + // to use in verifying a presented server certificate. `CRL` is a list of certificates + // that have been revoked by the CA (Certificate Authority) before their scheduled expiration date. + // If specified, the proxy will verify if the presented certificate is part of the revoked list of certificates. + // If omitted, the proxy will not verify the certificate against the `crl`. Note that if `credentialName` is set, + // `CRL` cannot be specified using `caCrl`, rather it has to be specified inside the credential. + string ca_crl = 9; } // Locality-weighted load balancing allows administrators to control the @@ -1095,13 +938,13 @@ message ClientTLSSettings { // [Locality Weight](https://www.envoyproxy.io/docs/envoy/latest/intro/arch_overview/upstream/load_balancing/locality_weight) // The following example shows how to setup locality weights mesh-wide. // -// Given a mesh with workloads and their service deployed to "us-west/zone1/*" -// and "us-west/zone2/*". This example specifies that when traffic accessing a -// service originates from workloads in "us-west/zone1/*", 80% of the traffic -// will be sent to endpoints in "us-west/zone1/*", i.e the same zone, and the -// remaining 20% will go to endpoints in "us-west/zone2/*". This setup is +// Given a mesh with workloads and their service deployed to "us-west/zone1/\*" +// and "us-west/zone2/\*". This example specifies that when traffic accessing a +// service originates from workloads in "us-west/zone1/\*", 80% of the traffic +// will be sent to endpoints in "us-west/zone1/\*", i.e the same zone, and the +// remaining 20% will go to endpoints in "us-west/zone2/\*". This setup is // intended to favor routing traffic to endpoints in the same locality. -// A similar setting is specified for traffic originating in "us-west/zone2/*". +// A similar setting is specified for traffic originating in "us-west/zone2/\*". // // ```yaml // distribute: @@ -1133,7 +976,6 @@ message ClientTLSSettings { // - from: us-west // to: us-east // ``` -// Locality load balancing settings. message LocalityLoadBalancerSetting{ // Describes how traffic originating in the 'from' zone or sub-zone is // distributed over a set of 'to' zones. Syntax for specifying a zone is @@ -1185,12 +1027,22 @@ message LocalityLoadBalancerSetting{ // failoverPriority is an ordered list of labels used to sort endpoints to do priority based load balancing. // This is to support traffic failover across different groups of endpoints. - // Suppose there are total N labels specified: + // Two kinds of labels can be specified: + // - Specify only label keys `[key1, key2, key3]`, istio would compare the label values of client with endpoints. + // Suppose there are total N label keys `[key1, key2, key3, ...keyN]` specified: + // + // 1. Endpoints matching all N labels with the client proxy have priority P(0) i.e. the highest priority. + // 2. Endpoints matching the first N-1 labels with the client proxy have priority P(1) i.e. second highest priority. + // 3. By extension of this logic, endpoints matching only the first label with the client proxy has priority P(N-1) i.e. second lowest priority. + // 4. All the other endpoints have priority P(N) i.e. lowest priority. + // + // - Specify labels with key and value `[key1=value1, key2=value2, key3=value3]`, istio would compare the labels with endpoints. + // Suppose there are total N labels `[key1=value1, key2=value2, key3=value3, ...keyN=valueN]` specified: // - // 1. Endpoints matching all N labels with the client proxy have priority P(0) i.e. the highest priority. - // 2. Endpoints matching the first N-1 labels with the client proxy have priority P(1) i.e. second highest priority. - // 3. By extension of this logic, endpoints matching only the first label with the client proxy has priority P(N-1) i.e. second lowest priority. - // 4. All the other endpoints have priority P(N) i.e. lowest priority. + // 1. Endpoints matching all N labels have priority P(0) i.e. the highest priority. + // 2. Endpoints matching the first N-1 labels have priority P(1) i.e. second highest priority. + // 3. By extension of this logic, endpoints matching only the first label has priority P(N-1) i.e. second lowest priority. + // 4. All the other endpoints have priority P(N) i.e. lowest priority. // // Note: For a label to be considered for match, the previous labels must match, i.e. nth label would be considered matched only if first n-1 labels match. // @@ -1202,6 +1054,7 @@ message LocalityLoadBalancerSetting{ // - `topology.kubernetes.io/region` is used to match the region metadata of an endpoint, which maps to Kubernetes node label `topology.kubernetes.io/region` or the deprecated label `failure-domain.beta.kubernetes.io/region`. // - `topology.kubernetes.io/zone` is used to match the zone metadata of an endpoint, which maps to Kubernetes node label `topology.kubernetes.io/zone` or the deprecated label `failure-domain.beta.kubernetes.io/zone`. // - `topology.istio.io/subzone` is used to match the subzone metadata of an endpoint, which maps to Istio node label `topology.istio.io/subzone`. + // - `kubernetes.io/hostname` is used to match the current node of an endpoint, which maps to Kubernetes node label `kubernetes.io/hostname`. // // The below topology config indicates the following priority levels: // @@ -1219,11 +1072,22 @@ message LocalityLoadBalancerSetting{ // 4. endpoints have same [network] but different [region] labels with the client proxy have the fourth highest priority. // 5. all the other endpoints have the same lowest priority. // + // Suppose a service associated endpoints reside in multi clusters, the below example represents: + // 1. endpoints in `clusterA` and has `version=v1` label have P(0) priority. + // 2. endpoints not in `clusterA` but has `version=v1` label have P(1) priority. + // 2. all the other endpoints have P(2) priority. + // + // ```yaml + // failoverPriority: + // - "version=v1" + // - "topology.istio.io/cluster=clusterA" + // ``` + // // Optional: only one of distribute, failover or failoverPriority can be set. // And it should be used together with `OutlierDetection` to detect unhealthy endpoints, otherwise has no effect. repeated string failover_priority = 4; - // enable locality load balancing, this is DestinationRule-level and will override mesh wide settings in entirety. - // e.g. true means that turn on locality load balancing for this DestinationRule no matter what mesh wide settings is. + // Enable locality load balancing. This is DestinationRule-level and will override mesh-wide settings in entirety. + // e.g. true means that turn on locality load balancing for this DestinationRule no matter what mesh-wide settings is. google.protobuf.BoolValue enabled = 3; } diff --git a/vendor/istio.io/api/networking/v1beta1/destination_rule_deepcopy.gen.go b/vendor/istio.io/api/networking/v1alpha3/destination_rule_deepcopy.gen.go similarity index 90% rename from vendor/istio.io/api/networking/v1beta1/destination_rule_deepcopy.gen.go rename to vendor/istio.io/api/networking/v1alpha3/destination_rule_deepcopy.gen.go index c75147406..0f61ea8d3 100644 --- a/vendor/istio.io/api/networking/v1beta1/destination_rule_deepcopy.gen.go +++ b/vendor/istio.io/api/networking/v1alpha3/destination_rule_deepcopy.gen.go @@ -1,8 +1,8 @@ // Code generated by protoc-gen-deepcopy. DO NOT EDIT. -package v1beta1 +package v1alpha3 import ( - proto "github.com/golang/protobuf/proto" + proto "google.golang.org/protobuf/proto" ) // DeepCopyInto supports using DestinationRule within kubernetes types, where deepcopy-gen is used. @@ -89,6 +89,27 @@ func (in *TrafficPolicy_TunnelSettings) DeepCopyInterface() interface{} { return in.DeepCopy() } +// DeepCopyInto supports using TrafficPolicy_ProxyProtocol within kubernetes types, where deepcopy-gen is used. +func (in *TrafficPolicy_ProxyProtocol) DeepCopyInto(out *TrafficPolicy_ProxyProtocol) { + p := proto.Clone(in).(*TrafficPolicy_ProxyProtocol) + *out = *p +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new TrafficPolicy_ProxyProtocol. Required by controller-gen. +func (in *TrafficPolicy_ProxyProtocol) DeepCopy() *TrafficPolicy_ProxyProtocol { + if in == nil { + return nil + } + out := new(TrafficPolicy_ProxyProtocol) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInterface is an autogenerated deepcopy function, copying the receiver, creating a new TrafficPolicy_ProxyProtocol. Required by controller-gen. +func (in *TrafficPolicy_ProxyProtocol) DeepCopyInterface() interface{} { + return in.DeepCopy() +} + // DeepCopyInto supports using Subset within kubernetes types, where deepcopy-gen is used. func (in *Subset) DeepCopyInto(out *Subset) { p := proto.Clone(in).(*Subset) @@ -215,6 +236,27 @@ func (in *LoadBalancerSettings_ConsistentHashLB_HTTPCookie) DeepCopyInterface() return in.DeepCopy() } +// DeepCopyInto supports using WarmupConfiguration within kubernetes types, where deepcopy-gen is used. +func (in *WarmupConfiguration) DeepCopyInto(out *WarmupConfiguration) { + p := proto.Clone(in).(*WarmupConfiguration) + *out = *p +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new WarmupConfiguration. Required by controller-gen. +func (in *WarmupConfiguration) DeepCopy() *WarmupConfiguration { + if in == nil { + return nil + } + out := new(WarmupConfiguration) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInterface is an autogenerated deepcopy function, copying the receiver, creating a new WarmupConfiguration. Required by controller-gen. +func (in *WarmupConfiguration) DeepCopyInterface() interface{} { + return in.DeepCopy() +} + // DeepCopyInto supports using ConnectionPoolSettings within kubernetes types, where deepcopy-gen is used. func (in *ConnectionPoolSettings) DeepCopyInto(out *ConnectionPoolSettings) { p := proto.Clone(in).(*ConnectionPoolSettings) diff --git a/vendor/istio.io/api/networking/v1beta1/destination_rule_json.gen.go b/vendor/istio.io/api/networking/v1alpha3/destination_rule_json.gen.go similarity index 91% rename from vendor/istio.io/api/networking/v1beta1/destination_rule_json.gen.go rename to vendor/istio.io/api/networking/v1alpha3/destination_rule_json.gen.go index ffd201316..4e65aa9c8 100644 --- a/vendor/istio.io/api/networking/v1beta1/destination_rule_json.gen.go +++ b/vendor/istio.io/api/networking/v1alpha3/destination_rule_json.gen.go @@ -1,5 +1,5 @@ // Code generated by protoc-gen-jsonshim. DO NOT EDIT. -package v1beta1 +package v1alpha3 import ( bytes "bytes" @@ -50,6 +50,17 @@ func (this *TrafficPolicy_TunnelSettings) UnmarshalJSON(b []byte) error { return DestinationRuleUnmarshaler.Unmarshal(bytes.NewReader(b), this) } +// MarshalJSON is a custom marshaler for TrafficPolicy_ProxyProtocol +func (this *TrafficPolicy_ProxyProtocol) MarshalJSON() ([]byte, error) { + str, err := DestinationRuleMarshaler.MarshalToString(this) + return []byte(str), err +} + +// UnmarshalJSON is a custom unmarshaler for TrafficPolicy_ProxyProtocol +func (this *TrafficPolicy_ProxyProtocol) UnmarshalJSON(b []byte) error { + return DestinationRuleUnmarshaler.Unmarshal(bytes.NewReader(b), this) +} + // MarshalJSON is a custom marshaler for Subset func (this *Subset) MarshalJSON() ([]byte, error) { str, err := DestinationRuleMarshaler.MarshalToString(this) @@ -116,6 +127,17 @@ func (this *LoadBalancerSettings_ConsistentHashLB_HTTPCookie) UnmarshalJSON(b [] return DestinationRuleUnmarshaler.Unmarshal(bytes.NewReader(b), this) } +// MarshalJSON is a custom marshaler for WarmupConfiguration +func (this *WarmupConfiguration) MarshalJSON() ([]byte, error) { + str, err := DestinationRuleMarshaler.MarshalToString(this) + return []byte(str), err +} + +// UnmarshalJSON is a custom unmarshaler for WarmupConfiguration +func (this *WarmupConfiguration) UnmarshalJSON(b []byte) error { + return DestinationRuleUnmarshaler.Unmarshal(bytes.NewReader(b), this) +} + // MarshalJSON is a custom marshaler for ConnectionPoolSettings func (this *ConnectionPoolSettings) MarshalJSON() ([]byte, error) { str, err := DestinationRuleMarshaler.MarshalToString(this) diff --git a/vendor/istio.io/api/networking/v1alpha3/envoy_filter.pb.go b/vendor/istio.io/api/networking/v1alpha3/envoy_filter.pb.go new file mode 100644 index 000000000..d2e74f08f --- /dev/null +++ b/vendor/istio.io/api/networking/v1alpha3/envoy_filter.pb.go @@ -0,0 +1,2215 @@ +// Copyright Istio Authors +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. + +// Code generated by protoc-gen-go. DO NOT EDIT. +// versions: +// protoc-gen-go v1.35.2 +// protoc (unknown) +// source: networking/v1alpha3/envoy_filter.proto + +// $schema: istio.networking.v1alpha3.EnvoyFilter +// $title: Envoy Filter +// $description: Customizing Envoy configuration generated by Istio. +// $location: https://istio.io/docs/reference/config/networking/envoy-filter.html +// $aliases: [/docs/reference/config/networking/v1alpha3/envoy-filter] + +// `EnvoyFilter` provides a mechanism to customize the Envoy +// configuration generated by istiod. Use EnvoyFilter to modify +// values for certain fields, add specific filters, or even add +// entirely new listeners, clusters, etc. This feature must be used +// with care, as incorrect configurations could potentially +// destabilize the entire mesh. Unlike other Istio networking objects, +// EnvoyFilters are additively applied. Any number of EnvoyFilters can +// exist for a given workload in a specific namespace. The order of +// application of these EnvoyFilters is as follows: all EnvoyFilters +// in the config [root +// namespace](https://istio.io/docs/reference/config/istio.mesh.v1alpha1/#MeshConfig), +// followed by all matching EnvoyFilters in the workload's namespace. +// +// **NOTE 1**: Some aspects of this API are deeply tied to the internal +// implementation in Istio networking subsystem as well as Envoy's XDS +// API. While the EnvoyFilter API by itself will maintain backward +// compatibility, any envoy configuration provided through this +// mechanism should be carefully monitored across Istio proxy version +// upgrades, to ensure that deprecated fields are removed and replaced +// appropriately. +// +// **NOTE 2**: When multiple EnvoyFilters are bound to the same +// workload in a given namespace, all patches will be processed +// sequentially in order of creation time. The behavior is undefined +// if multiple EnvoyFilter configurations conflict with each other. +// +// **NOTE 3**: To apply an EnvoyFilter resource to all workloads +// (sidecars and gateways) in the system, define the resource in the +// config [root +// namespace](https://istio.io/docs/reference/config/istio.mesh.v1alpha1/#MeshConfig), +// without a workloadSelector. +// +// The example below declares a global default EnvoyFilter resource in +// the root namespace called `istio-config`, that adds a custom +// protocol filter on all sidecars in the system, for outbound port +// 9307. The filter should be added before the terminating tcp_proxy +// filter to take effect. In addition, it sets a 30s idle timeout for +// all HTTP connections in both gateways and sidecars. +// +// ```yaml +// apiVersion: networking.istio.io/v1alpha3 +// kind: EnvoyFilter +// metadata: +// name: custom-protocol +// namespace: istio-config # as defined in meshConfig resource. +// spec: +// configPatches: +// - applyTo: NETWORK_FILTER +// match: +// context: SIDECAR_OUTBOUND # will match outbound listeners in all sidecars +// listener: +// portNumber: 9307 +// filterChain: +// filter: +// name: "envoy.filters.network.tcp_proxy" +// patch: +// operation: INSERT_BEFORE +// value: +// # This is the full filter config including the name and typed_config section. +// name: "envoy.extensions.filters.network.mongo_proxy" +// typed_config: +// "@type": "type.googleapis.com/envoy.extensions.filters.network.mongo_proxy.v3.MongoProxy" +// ... +// - applyTo: NETWORK_FILTER # http connection manager is a filter in Envoy +// match: +// # context omitted so that this applies to both sidecars and gateways +// listener: +// filterChain: +// filter: +// name: "envoy.filters.network.http_connection_manager" +// patch: +// operation: MERGE +// value: +// name: "envoy.filters.network.http_connection_manager" +// typed_config: +// "@type": "type.googleapis.com/envoy.extensions.filters.network.http_connection_manager.v3.HttpConnectionManager" +// common_http_protocol_options: +// idle_timeout: 30s +// ``` +// +// The following example enables Envoy's Lua filter for all inbound +// HTTP calls arriving at service port 8080 of the reviews service pod +// with labels "app: reviews", in the bookinfo namespace. The lua +// filter calls out to an external service internal.org.net:8888 that +// requires a special cluster definition in envoy. The cluster is also +// added to the sidecar as part of this configuration. +// +// ```yaml +// apiVersion: networking.istio.io/v1alpha3 +// kind: EnvoyFilter +// metadata: +// name: reviews-lua +// namespace: bookinfo +// spec: +// workloadSelector: +// labels: +// app: reviews +// configPatches: +// # The first patch adds the lua filter to the listener/http connection manager +// - applyTo: HTTP_FILTER +// match: +// context: SIDECAR_INBOUND +// listener: +// portNumber: 8080 +// filterChain: +// filter: +// name: "envoy.filters.network.http_connection_manager" +// subFilter: +// name: "envoy.filters.http.router" +// patch: +// operation: INSERT_BEFORE +// value: # lua filter specification +// name: envoy.filters.http.lua +// typed_config: +// "@type": "type.googleapis.com/envoy.extensions.filters.http.lua.v3.Lua" +// defaultSourceCode: +// inlineString: | +// function envoy_on_request(request_handle) +// -- Make an HTTP call to an upstream host with the following headers, body, and timeout. +// local headers, body = request_handle:httpCall( +// "lua_cluster", +// { +// [":method"] = "POST", +// [":path"] = "/acl", +// [":authority"] = "internal.org.net" +// }, +// "authorize call", +// 5000) +// end +// # The second patch adds the cluster that is referenced by the lua code +// # cds match is omitted as a new cluster is being added +// - applyTo: CLUSTER +// match: +// context: SIDECAR_OUTBOUND +// patch: +// operation: ADD +// value: # cluster specification +// name: "lua_cluster" +// type: STRICT_DNS +// connect_timeout: 0.5s +// lb_policy: ROUND_ROBIN +// load_assignment: +// cluster_name: lua_cluster +// endpoints: +// - lb_endpoints: +// - endpoint: +// address: +// socket_address: +// protocol: TCP +// address: "internal.org.net" +// port_value: 8888 +// ``` +// +// The following example overwrites certain fields (HTTP idle timeout +// and X-Forward-For trusted hops) in the HTTP connection manager in a +// listener on the ingress gateway in istio-system namespace for the +// SNI host app.example.com: +// +// ```yaml +// apiVersion: networking.istio.io/v1alpha3 +// kind: EnvoyFilter +// metadata: +// name: hcm-tweaks +// namespace: istio-system +// spec: +// workloadSelector: +// labels: +// istio: ingressgateway +// configPatches: +// - applyTo: NETWORK_FILTER # http connection manager is a filter in Envoy +// match: +// context: GATEWAY +// listener: +// filterChain: +// sni: app.example.com +// filter: +// name: "envoy.filters.network.http_connection_manager" +// patch: +// operation: MERGE +// value: +// typed_config: +// "@type": "type.googleapis.com/envoy.extensions.filters.network.http_connection_manager.v3.HttpConnectionManager" +// xff_num_trusted_hops: 5 +// common_http_protocol_options: +// idle_timeout: 30s +// ``` +// +// The following example inserts an attributegen filter +// that produces `istio_operationId` attribute which is consumed +// by the istio.stats filter. `filterClass: STATS` encodes this dependency. +// +// +// ```yaml +// apiVersion: networking.istio.io/v1alpha3 +// kind: EnvoyFilter +// metadata: +// name: reviews-request-operation +// namespace: myns +// spec: +// workloadSelector: +// labels: +// app: reviews +// configPatches: +// - applyTo: HTTP_FILTER +// match: +// context: SIDECAR_INBOUND +// patch: +// operation: ADD +// filterClass: STATS # This filter will run *before* the Istio stats filter. +// value: +// name: istio.request_operation +// typed_config: +// "@type": type.googleapis.com/udpa.type.v1.TypedStruct +// type_url: type.googleapis.com/envoy.extensions.filters.http.wasm.v3.Wasm +// value: +// config: +// configuration: | +// { +// "attributes": [ +// { +// "output_attribute": "istio_operationId", +// "match": [ +// { +// "value": "ListReviews", +// "condition": "request.url_path == '/reviews' && request.method == 'GET'" +// }] +// }] +// } +// vm_config: +// runtime: envoy.wasm.runtime.null +// code: +// local: { inline_string: "envoy.wasm.attributegen" } +// ``` +// +// The following example inserts an http ext_authz filter in the `myns` namespace. +// +// ```yaml +// apiVersion: networking.istio.io/v1alpha3 +// kind: EnvoyFilter +// metadata: +// name: myns-ext-authz +// namespace: myns +// spec: +// configPatches: +// - applyTo: HTTP_FILTER +// match: +// context: SIDECAR_INBOUND +// patch: +// operation: ADD +// filterClass: AUTHZ # This filter will run *after* the Istio authz filter. +// value: +// name: envoy.filters.http.ext_authz +// typed_config: +// "@type": type.googleapis.com/envoy.extensions.filters.http.ext_authz.v3.ExtAuthz +// grpc_service: +// envoy_grpc: +// cluster_name: acme-ext-authz +// initial_metadata: +// - key: foo +// value: myauth.acme # required by local ext auth server. +// ``` +// +// A workload in the `myns` namespace needs to access a different ext_auth server +// that does not accept initial metadata. Since proto merge cannot remove fields, the +// following configuration uses the `REPLACE` operation. If you do not need to inherit +// fields, REPLACE is preferred over MERGE. +// +// ```yaml +// apiVersion: networking.istio.io/v1alpha3 +// kind: EnvoyFilter +// metadata: +// name: mysvc-ext-authz +// namespace: myns +// spec: +// workloadSelector: +// labels: +// app: mysvc +// configPatches: +// - applyTo: HTTP_FILTER +// match: +// context: SIDECAR_INBOUND +// patch: +// operation: REPLACE +// value: +// name: envoy.filters.http.ext_authz +// typed_config: +// "@type": type.googleapis.com/envoy.extensions.filters.http.ext_authz.v3.ExtAuthz +// grpc_service: +// envoy_grpc: +// cluster_name: acme-ext-authz-alt +// ``` +// +// The following example deploys a Wasm extension for all inbound sidecar HTTP requests. +// +// ```yaml +// apiVersion: networking.istio.io/v1alpha3 +// kind: EnvoyFilter +// metadata: +// name: wasm-example +// namespace: myns +// spec: +// configPatches: +// # The first patch defines a named Wasm extension and provides a URL to fetch Wasm binary from, +// # and the binary configuration. It should come before the next patch that applies it. +// # This resource is visible to all proxies in the namespace "myns". It is possible to provide +// # multiple definitions for the same name "my-wasm-extension" in multiple namespaces. We recommend that: +// # - if overriding is desired, then the root level definition can be overridden per namespace with REPLACE. +// # - if overriding is not desired, then the name should be qualified with the namespace "myns/my-wasm-extension", +// # to avoid accidental name collisions. +// - applyTo: EXTENSION_CONFIG +// patch: +// operation: ADD +// value: +// name: my-wasm-extension +// typed_config: +// "@type": type.googleapis.com/envoy.extensions.filters.http.wasm.v3.Wasm +// config: +// root_id: my-wasm-root-id +// vm_config: +// vm_id: my-wasm-vm-id +// runtime: envoy.wasm.runtime.v8 +// code: +// remote: +// http_uri: +// uri: http://my-wasm-binary-uri +// configuration: +// "@type": "type.googleapis.com/google.protobuf.StringValue" +// value: | +// {} +// # The second patch instructs to apply the above Wasm filter to the listener/http connection manager. +// - applyTo: HTTP_FILTER +// match: +// listener: +// filterChain: +// filter: +// name: envoy.filters.network.http_connection_manager +// subFilter: +// name: envoy.filters.http.router +// patch: +// operation: INSERT_BEFORE +// value: +// name: my-wasm-extension # This must match the name above +// config_discovery: +// config_source: +// ads: {} +// type_urls: ["type.googleapis.com/envoy.extensions.filters.http.wasm.v3.Wasm"] +// ``` +// +// The following example inserts an `envoy.filters.listener.proxy_protocol` listener filter before the `envoy.filters.listener.tls_inspector`. +// +// ```yaml +// apiVersion: networking.istio.io/v1alpha3 +// kind: EnvoyFilter +// metadata: +// name: listener-filter-example +// namespace: myns +// spec: +// configPatches: +// - applyTo: LISTENER_FILTER +// match: +// context: SIDECAR_INBOUND # will match inbound listeners in all sidecars +// listener: +// portNumber: 15006 +// listenerFilter: "envoy.filters.listener.tls_inspector" +// patch: +// operation: INSERT_BEFORE +// value: +// # This is the full filter config including the name and typed_config section. +// name: "envoy.filters.listener.proxy_protocol" +// typed_config: +// "@type": "type.googleapis.com/envoy.extensions.filters.listener.proxy_protocol.v3.ProxyProtocol" + +package v1alpha3 + +import ( + _struct "github.com/golang/protobuf/ptypes/struct" + protoreflect "google.golang.org/protobuf/reflect/protoreflect" + protoimpl "google.golang.org/protobuf/runtime/protoimpl" + v1beta1 "istio.io/api/type/v1beta1" + reflect "reflect" + sync "sync" +) + +const ( + // Verify that this generated code is sufficiently up-to-date. + _ = protoimpl.EnforceVersion(20 - protoimpl.MinVersion) + // Verify that runtime/protoimpl is sufficiently up-to-date. + _ = protoimpl.EnforceVersion(protoimpl.MaxVersion - 20) +) + +// `ApplyTo` specifies where in the Envoy configuration, the given patch should be applied. +type EnvoyFilter_ApplyTo int32 + +const ( + EnvoyFilter_INVALID EnvoyFilter_ApplyTo = 0 + // Applies the patch to the listener. + EnvoyFilter_LISTENER EnvoyFilter_ApplyTo = 1 + // Applies the patch to the filter chain. + EnvoyFilter_FILTER_CHAIN EnvoyFilter_ApplyTo = 2 + // Applies the patch to the network filter chain, to modify an + // existing filter or add a new filter. + EnvoyFilter_NETWORK_FILTER EnvoyFilter_ApplyTo = 3 + // Applies the patch to the HTTP filter chain in the http + // connection manager, to modify an existing filter or add a new + // filter. + EnvoyFilter_HTTP_FILTER EnvoyFilter_ApplyTo = 4 + // Applies the patch to the Route configuration (rds output) + // inside a HTTP connection manager. This does not apply to the + // virtual host. Currently, only `MERGE` operation is allowed on the + // route configuration objects. + EnvoyFilter_ROUTE_CONFIGURATION EnvoyFilter_ApplyTo = 5 + // Applies the patch to a virtual host inside a route configuration. + EnvoyFilter_VIRTUAL_HOST EnvoyFilter_ApplyTo = 6 + // Applies the patch to a route object inside the matched virtual + // host in a route configuration. + EnvoyFilter_HTTP_ROUTE EnvoyFilter_ApplyTo = 7 + // Applies the patch to a cluster in a CDS output. Also used to add new clusters. + EnvoyFilter_CLUSTER EnvoyFilter_ApplyTo = 8 + // Applies the patch to or adds an extension config in ECDS output. Note that ECDS + // is only supported by HTTP filters. + EnvoyFilter_EXTENSION_CONFIG EnvoyFilter_ApplyTo = 9 + // DEPRECATED. Applies the patch to bootstrap configuration. + EnvoyFilter_BOOTSTRAP EnvoyFilter_ApplyTo = 10 + // Applies the patch to the listener filter. + EnvoyFilter_LISTENER_FILTER EnvoyFilter_ApplyTo = 11 +) + +// Enum value maps for EnvoyFilter_ApplyTo. +var ( + EnvoyFilter_ApplyTo_name = map[int32]string{ + 0: "INVALID", + 1: "LISTENER", + 2: "FILTER_CHAIN", + 3: "NETWORK_FILTER", + 4: "HTTP_FILTER", + 5: "ROUTE_CONFIGURATION", + 6: "VIRTUAL_HOST", + 7: "HTTP_ROUTE", + 8: "CLUSTER", + 9: "EXTENSION_CONFIG", + 10: "BOOTSTRAP", + 11: "LISTENER_FILTER", + } + EnvoyFilter_ApplyTo_value = map[string]int32{ + "INVALID": 0, + "LISTENER": 1, + "FILTER_CHAIN": 2, + "NETWORK_FILTER": 3, + "HTTP_FILTER": 4, + "ROUTE_CONFIGURATION": 5, + "VIRTUAL_HOST": 6, + "HTTP_ROUTE": 7, + "CLUSTER": 8, + "EXTENSION_CONFIG": 9, + "BOOTSTRAP": 10, + "LISTENER_FILTER": 11, + } +) + +func (x EnvoyFilter_ApplyTo) Enum() *EnvoyFilter_ApplyTo { + p := new(EnvoyFilter_ApplyTo) + *p = x + return p +} + +func (x EnvoyFilter_ApplyTo) String() string { + return protoimpl.X.EnumStringOf(x.Descriptor(), protoreflect.EnumNumber(x)) +} + +func (EnvoyFilter_ApplyTo) Descriptor() protoreflect.EnumDescriptor { + return file_networking_v1alpha3_envoy_filter_proto_enumTypes[0].Descriptor() +} + +func (EnvoyFilter_ApplyTo) Type() protoreflect.EnumType { + return &file_networking_v1alpha3_envoy_filter_proto_enumTypes[0] +} + +func (x EnvoyFilter_ApplyTo) Number() protoreflect.EnumNumber { + return protoreflect.EnumNumber(x) +} + +// Deprecated: Use EnvoyFilter_ApplyTo.Descriptor instead. +func (EnvoyFilter_ApplyTo) EnumDescriptor() ([]byte, []int) { + return file_networking_v1alpha3_envoy_filter_proto_rawDescGZIP(), []int{0, 0} +} + +// PatchContext selects a class of configurations based on the +// traffic flow direction and workload type. +type EnvoyFilter_PatchContext int32 + +const ( + // All listeners/routes/clusters in both sidecars and gateways. + EnvoyFilter_ANY EnvoyFilter_PatchContext = 0 + // Inbound listener/route/cluster in sidecar. + EnvoyFilter_SIDECAR_INBOUND EnvoyFilter_PatchContext = 1 + // Outbound listener/route/cluster in sidecar. + EnvoyFilter_SIDECAR_OUTBOUND EnvoyFilter_PatchContext = 2 + // Gateway listener/route/cluster. + EnvoyFilter_GATEWAY EnvoyFilter_PatchContext = 3 +) + +// Enum value maps for EnvoyFilter_PatchContext. +var ( + EnvoyFilter_PatchContext_name = map[int32]string{ + 0: "ANY", + 1: "SIDECAR_INBOUND", + 2: "SIDECAR_OUTBOUND", + 3: "GATEWAY", + } + EnvoyFilter_PatchContext_value = map[string]int32{ + "ANY": 0, + "SIDECAR_INBOUND": 1, + "SIDECAR_OUTBOUND": 2, + "GATEWAY": 3, + } +) + +func (x EnvoyFilter_PatchContext) Enum() *EnvoyFilter_PatchContext { + p := new(EnvoyFilter_PatchContext) + *p = x + return p +} + +func (x EnvoyFilter_PatchContext) String() string { + return protoimpl.X.EnumStringOf(x.Descriptor(), protoreflect.EnumNumber(x)) +} + +func (EnvoyFilter_PatchContext) Descriptor() protoreflect.EnumDescriptor { + return file_networking_v1alpha3_envoy_filter_proto_enumTypes[1].Descriptor() +} + +func (EnvoyFilter_PatchContext) Type() protoreflect.EnumType { + return &file_networking_v1alpha3_envoy_filter_proto_enumTypes[1] +} + +func (x EnvoyFilter_PatchContext) Number() protoreflect.EnumNumber { + return protoreflect.EnumNumber(x) +} + +// Deprecated: Use EnvoyFilter_PatchContext.Descriptor instead. +func (EnvoyFilter_PatchContext) EnumDescriptor() ([]byte, []int) { + return file_networking_v1alpha3_envoy_filter_proto_rawDescGZIP(), []int{0, 1} +} + +// Action refers to the route action taken by Envoy when a http route matches. +type EnvoyFilter_RouteConfigurationMatch_RouteMatch_Action int32 + +const ( + // All three route actions + EnvoyFilter_RouteConfigurationMatch_RouteMatch_ANY EnvoyFilter_RouteConfigurationMatch_RouteMatch_Action = 0 + // Route traffic to a cluster / weighted clusters. + EnvoyFilter_RouteConfigurationMatch_RouteMatch_ROUTE EnvoyFilter_RouteConfigurationMatch_RouteMatch_Action = 1 + // Redirect request. + EnvoyFilter_RouteConfigurationMatch_RouteMatch_REDIRECT EnvoyFilter_RouteConfigurationMatch_RouteMatch_Action = 2 + // directly respond to a request with specific payload. + EnvoyFilter_RouteConfigurationMatch_RouteMatch_DIRECT_RESPONSE EnvoyFilter_RouteConfigurationMatch_RouteMatch_Action = 3 +) + +// Enum value maps for EnvoyFilter_RouteConfigurationMatch_RouteMatch_Action. +var ( + EnvoyFilter_RouteConfigurationMatch_RouteMatch_Action_name = map[int32]string{ + 0: "ANY", + 1: "ROUTE", + 2: "REDIRECT", + 3: "DIRECT_RESPONSE", + } + EnvoyFilter_RouteConfigurationMatch_RouteMatch_Action_value = map[string]int32{ + "ANY": 0, + "ROUTE": 1, + "REDIRECT": 2, + "DIRECT_RESPONSE": 3, + } +) + +func (x EnvoyFilter_RouteConfigurationMatch_RouteMatch_Action) Enum() *EnvoyFilter_RouteConfigurationMatch_RouteMatch_Action { + p := new(EnvoyFilter_RouteConfigurationMatch_RouteMatch_Action) + *p = x + return p +} + +func (x EnvoyFilter_RouteConfigurationMatch_RouteMatch_Action) String() string { + return protoimpl.X.EnumStringOf(x.Descriptor(), protoreflect.EnumNumber(x)) +} + +func (EnvoyFilter_RouteConfigurationMatch_RouteMatch_Action) Descriptor() protoreflect.EnumDescriptor { + return file_networking_v1alpha3_envoy_filter_proto_enumTypes[2].Descriptor() +} + +func (EnvoyFilter_RouteConfigurationMatch_RouteMatch_Action) Type() protoreflect.EnumType { + return &file_networking_v1alpha3_envoy_filter_proto_enumTypes[2] +} + +func (x EnvoyFilter_RouteConfigurationMatch_RouteMatch_Action) Number() protoreflect.EnumNumber { + return protoreflect.EnumNumber(x) +} + +// Deprecated: Use EnvoyFilter_RouteConfigurationMatch_RouteMatch_Action.Descriptor instead. +func (EnvoyFilter_RouteConfigurationMatch_RouteMatch_Action) EnumDescriptor() ([]byte, []int) { + return file_networking_v1alpha3_envoy_filter_proto_rawDescGZIP(), []int{0, 2, 0, 0} +} + +// Operation denotes how the patch should be applied to the selected +// configuration. +type EnvoyFilter_Patch_Operation int32 + +const ( + EnvoyFilter_Patch_INVALID EnvoyFilter_Patch_Operation = 0 + // Merge the provided config with the generated config using + // proto merge semantics. If you are specifying config in its + // entirety, use `REPLACE` instead. + EnvoyFilter_Patch_MERGE EnvoyFilter_Patch_Operation = 1 + // Add the provided config to an existing list (of listeners, + // clusters, virtual hosts, network filters, or http + // filters). This operation will be ignored when `applyTo` is set + // to `ROUTE_CONFIGURATION`, or `HTTP_ROUTE`. + EnvoyFilter_Patch_ADD EnvoyFilter_Patch_Operation = 2 + // Remove the selected object from the list (of listeners, + // clusters, virtual hosts, network filters, routes, or http + // filters). Does not require a value to be specified. This + // operation will be ignored when `applyTo` is set to + // `ROUTE_CONFIGURATION`, or `HTTP_ROUTE`. + EnvoyFilter_Patch_REMOVE EnvoyFilter_Patch_Operation = 3 + // Insert operation on an array of named objects. This operation + // is typically useful only in the context of filters or routes, + // where the order of elements matter. Routes should be ordered + // based on most to least specific matching criteria since the + // first matching element is selected. For clusters and virtual hosts, + // order of the element in the array does not matter. Insert + // before the selected filter or sub filter. If no filter is + // selected, the specified filter will be inserted at the front + // of the list. + EnvoyFilter_Patch_INSERT_BEFORE EnvoyFilter_Patch_Operation = 4 + // Insert operation on an array of named objects. This operation + // is typically useful only in the context of filters or routes, + // where the order of elements matter. Routes should be ordered + // based on most to least specific matching criteria since the + // first matching element is selected. For clusters and virtual hosts, + // order of the element in the array does not matter. Insert + // after the selected filter or sub filter. If no filter is + // selected, the specified filter will be inserted at the end + // of the list. + EnvoyFilter_Patch_INSERT_AFTER EnvoyFilter_Patch_Operation = 5 + // Insert operation on an array of named objects. This operation + // is typically useful only in the context of filters or routes, + // where the order of elements matter. Routes should be ordered + // based on most to least specific matching criteria since the + // first matching element is selected. For clusters and virtual hosts, + // order of the element in the array does not matter. Insert + // first in the list based on the presence of selected filter or not. + // This is specifically useful when you want your filter first in the + // list based on a match condition specified in Match clause. + EnvoyFilter_Patch_INSERT_FIRST EnvoyFilter_Patch_Operation = 6 + // Replace contents of a named filter with new contents. + // `REPLACE` operation is only valid for `HTTP_FILTER` and + // `NETWORK_FILTER`. If the named filter is not found, this operation + // has no effect. + EnvoyFilter_Patch_REPLACE EnvoyFilter_Patch_Operation = 7 +) + +// Enum value maps for EnvoyFilter_Patch_Operation. +var ( + EnvoyFilter_Patch_Operation_name = map[int32]string{ + 0: "INVALID", + 1: "MERGE", + 2: "ADD", + 3: "REMOVE", + 4: "INSERT_BEFORE", + 5: "INSERT_AFTER", + 6: "INSERT_FIRST", + 7: "REPLACE", + } + EnvoyFilter_Patch_Operation_value = map[string]int32{ + "INVALID": 0, + "MERGE": 1, + "ADD": 2, + "REMOVE": 3, + "INSERT_BEFORE": 4, + "INSERT_AFTER": 5, + "INSERT_FIRST": 6, + "REPLACE": 7, + } +) + +func (x EnvoyFilter_Patch_Operation) Enum() *EnvoyFilter_Patch_Operation { + p := new(EnvoyFilter_Patch_Operation) + *p = x + return p +} + +func (x EnvoyFilter_Patch_Operation) String() string { + return protoimpl.X.EnumStringOf(x.Descriptor(), protoreflect.EnumNumber(x)) +} + +func (EnvoyFilter_Patch_Operation) Descriptor() protoreflect.EnumDescriptor { + return file_networking_v1alpha3_envoy_filter_proto_enumTypes[3].Descriptor() +} + +func (EnvoyFilter_Patch_Operation) Type() protoreflect.EnumType { + return &file_networking_v1alpha3_envoy_filter_proto_enumTypes[3] +} + +func (x EnvoyFilter_Patch_Operation) Number() protoreflect.EnumNumber { + return protoreflect.EnumNumber(x) +} + +// Deprecated: Use EnvoyFilter_Patch_Operation.Descriptor instead. +func (EnvoyFilter_Patch_Operation) EnumDescriptor() ([]byte, []int) { + return file_networking_v1alpha3_envoy_filter_proto_rawDescGZIP(), []int{0, 4, 0} +} + +// FilterClass determines the filter insertion point in the filter chain +// relative to the filters implicitly inserted by the control plane. +// It is used in conjunction with the `ADD` operation. +// This is the preferred insertion mechanism for adding filters over +// the `INSERT_*` operations since those operations rely on potentially unstable +// filter names. +// Filter ordering is important if your filter depends on or affects the +// functioning of a another filter in the filter chain. +// Within a filter class, filters are inserted in the order of processing. +type EnvoyFilter_Patch_FilterClass int32 + +const ( + // Control plane decides where to insert the filter. + // Do not specify `FilterClass` if the filter is independent of others. + EnvoyFilter_Patch_UNSPECIFIED EnvoyFilter_Patch_FilterClass = 0 + // Insert filter after Istio authentication filters. + EnvoyFilter_Patch_AUTHN EnvoyFilter_Patch_FilterClass = 1 + // Insert filter after Istio authorization filters. + EnvoyFilter_Patch_AUTHZ EnvoyFilter_Patch_FilterClass = 2 + // Insert filter before Istio stats filters. + EnvoyFilter_Patch_STATS EnvoyFilter_Patch_FilterClass = 3 +) + +// Enum value maps for EnvoyFilter_Patch_FilterClass. +var ( + EnvoyFilter_Patch_FilterClass_name = map[int32]string{ + 0: "UNSPECIFIED", + 1: "AUTHN", + 2: "AUTHZ", + 3: "STATS", + } + EnvoyFilter_Patch_FilterClass_value = map[string]int32{ + "UNSPECIFIED": 0, + "AUTHN": 1, + "AUTHZ": 2, + "STATS": 3, + } +) + +func (x EnvoyFilter_Patch_FilterClass) Enum() *EnvoyFilter_Patch_FilterClass { + p := new(EnvoyFilter_Patch_FilterClass) + *p = x + return p +} + +func (x EnvoyFilter_Patch_FilterClass) String() string { + return protoimpl.X.EnumStringOf(x.Descriptor(), protoreflect.EnumNumber(x)) +} + +func (EnvoyFilter_Patch_FilterClass) Descriptor() protoreflect.EnumDescriptor { + return file_networking_v1alpha3_envoy_filter_proto_enumTypes[4].Descriptor() +} + +func (EnvoyFilter_Patch_FilterClass) Type() protoreflect.EnumType { + return &file_networking_v1alpha3_envoy_filter_proto_enumTypes[4] +} + +func (x EnvoyFilter_Patch_FilterClass) Number() protoreflect.EnumNumber { + return protoreflect.EnumNumber(x) +} + +// Deprecated: Use EnvoyFilter_Patch_FilterClass.Descriptor instead. +func (EnvoyFilter_Patch_FilterClass) EnumDescriptor() ([]byte, []int) { + return file_networking_v1alpha3_envoy_filter_proto_rawDescGZIP(), []int{0, 4, 1} +} + +// EnvoyFilter provides a mechanism to customize the Envoy configuration +// generated by istiod. +// +// +// +// +// +kubebuilder:validation:XValidation:message="only one of targetRefs or workloadSelector can be set",rule="(has(self.workloadSelector)?1:0)+(has(self.targetRefs)?1:0)<=1" +type EnvoyFilter struct { + state protoimpl.MessageState + sizeCache protoimpl.SizeCache + unknownFields protoimpl.UnknownFields + + // Criteria used to select the specific set of pods/VMs on which + // this patch configuration should be applied. If omitted, the set + // of patches in this configuration will be applied to all workload + // instances in the same namespace. If the `EnvoyFilter` is present + // in the config root namespace, it will be applied to all applicable + // workloads in any namespace. + WorkloadSelector *WorkloadSelector `protobuf:"bytes,3,opt,name=workload_selector,json=workloadSelector,proto3" json:"workload_selector,omitempty"` + // Optional. The targetRefs specifies a list of resources the policy should be + // applied to. The targeted resources specified will determine which workloads + // the policy applies to. + // + // Currently, the following resource attachment types are supported: + // * `kind: Gateway` with `group: gateway.networking.k8s.io` in the same namespace. + // * `kind: Service` with `""` in the same namespace. This type is only supported for waypoints. + // + // If not set, the policy is applied as defined by the selector. + // At most one of the selector and targetRefs can be set. + // + // NOTE: If you are using the `targetRefs` field in a multi-revision environment with Istio versions prior to 1.22, + // it is highly recommended that you pin the policy to a revision running 1.22+ via the `istio.io/rev` label. + // This is to prevent proxies connected to older control planes (that don't know about the `targetRefs` field) + // from misinterpreting the policy as namespace-wide during the upgrade process. + // + // NOTE: Waypoint proxies are required to use this field for policies to apply; `selector` policies will be ignored. + // +kubebuilder:validation:MaxItems=16 + TargetRefs []*v1beta1.PolicyTargetReference `protobuf:"bytes,6,rep,name=targetRefs,proto3" json:"targetRefs,omitempty"` + // One or more patches with match conditions. + ConfigPatches []*EnvoyFilter_EnvoyConfigObjectPatch `protobuf:"bytes,4,rep,name=config_patches,json=configPatches,proto3" json:"config_patches,omitempty"` + // Priority defines the order in which patch sets are applied within a context. + // When one patch depends on another patch, the order of patch application + // is significant. The API provides two primary ways to order patches. + // Patch sets in the root namespace are applied before the patch sets in the + // workload namespace. Patches within a patch set are processed in the order + // that they appear in the `configPatches` list. + // + // The default value for priority is 0 and the range is [ min-int32, max-int32 ]. + // A patch set with a negative priority is processed before the default. A patch + // set with a positive priority is processed after the default. + // + // It is recommended to start with priority values that are multiples of 10 + // to leave room for further insertion. + // + // Patch sets are sorted in the following ascending key order: + // priority, creation time, fully qualified resource name. + Priority int32 `protobuf:"varint,5,opt,name=priority,proto3" json:"priority,omitempty"` +} + +func (x *EnvoyFilter) Reset() { + *x = EnvoyFilter{} + mi := &file_networking_v1alpha3_envoy_filter_proto_msgTypes[0] + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + ms.StoreMessageInfo(mi) +} + +func (x *EnvoyFilter) String() string { + return protoimpl.X.MessageStringOf(x) +} + +func (*EnvoyFilter) ProtoMessage() {} + +func (x *EnvoyFilter) ProtoReflect() protoreflect.Message { + mi := &file_networking_v1alpha3_envoy_filter_proto_msgTypes[0] + if x != nil { + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + if ms.LoadMessageInfo() == nil { + ms.StoreMessageInfo(mi) + } + return ms + } + return mi.MessageOf(x) +} + +// Deprecated: Use EnvoyFilter.ProtoReflect.Descriptor instead. +func (*EnvoyFilter) Descriptor() ([]byte, []int) { + return file_networking_v1alpha3_envoy_filter_proto_rawDescGZIP(), []int{0} +} + +func (x *EnvoyFilter) GetWorkloadSelector() *WorkloadSelector { + if x != nil { + return x.WorkloadSelector + } + return nil +} + +func (x *EnvoyFilter) GetTargetRefs() []*v1beta1.PolicyTargetReference { + if x != nil { + return x.TargetRefs + } + return nil +} + +func (x *EnvoyFilter) GetConfigPatches() []*EnvoyFilter_EnvoyConfigObjectPatch { + if x != nil { + return x.ConfigPatches + } + return nil +} + +func (x *EnvoyFilter) GetPriority() int32 { + if x != nil { + return x.Priority + } + return 0 +} + +// One or more properties of the proxy to match on. +type EnvoyFilter_ProxyMatch struct { + state protoimpl.MessageState + sizeCache protoimpl.SizeCache + unknownFields protoimpl.UnknownFields + + // A regular expression in golang regex format (RE2) that can be + // used to select proxies using a specific version of istio + // proxy. The Istio version for a given proxy is obtained from the + // node metadata field `ISTIO_VERSION` supplied by the proxy when + // connecting to istiod. This value is embedded as an environment + // variable (`ISTIO_META_ISTIO_VERSION`) in the Istio proxy docker + // image. Custom proxy implementations should provide this metadata + // variable to take advantage of the Istio version check option. + ProxyVersion string `protobuf:"bytes,1,opt,name=proxy_version,json=proxyVersion,proto3" json:"proxy_version,omitempty"` + // Match on the node metadata supplied by a proxy when connecting + // to istiod. Note that while Envoy's node metadata is of + // type Struct, only string key-value pairs are processed by + // istiod. All keys specified in the metadata must match with exact + // values. The match will fail if any of the specified keys are + // absent or the values fail to match. + Metadata map[string]string `protobuf:"bytes,2,rep,name=metadata,proto3" json:"metadata,omitempty" protobuf_key:"bytes,1,opt,name=key,proto3" protobuf_val:"bytes,2,opt,name=value,proto3"` +} + +func (x *EnvoyFilter_ProxyMatch) Reset() { + *x = EnvoyFilter_ProxyMatch{} + mi := &file_networking_v1alpha3_envoy_filter_proto_msgTypes[1] + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + ms.StoreMessageInfo(mi) +} + +func (x *EnvoyFilter_ProxyMatch) String() string { + return protoimpl.X.MessageStringOf(x) +} + +func (*EnvoyFilter_ProxyMatch) ProtoMessage() {} + +func (x *EnvoyFilter_ProxyMatch) ProtoReflect() protoreflect.Message { + mi := &file_networking_v1alpha3_envoy_filter_proto_msgTypes[1] + if x != nil { + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + if ms.LoadMessageInfo() == nil { + ms.StoreMessageInfo(mi) + } + return ms + } + return mi.MessageOf(x) +} + +// Deprecated: Use EnvoyFilter_ProxyMatch.ProtoReflect.Descriptor instead. +func (*EnvoyFilter_ProxyMatch) Descriptor() ([]byte, []int) { + return file_networking_v1alpha3_envoy_filter_proto_rawDescGZIP(), []int{0, 0} +} + +func (x *EnvoyFilter_ProxyMatch) GetProxyVersion() string { + if x != nil { + return x.ProxyVersion + } + return "" +} + +func (x *EnvoyFilter_ProxyMatch) GetMetadata() map[string]string { + if x != nil { + return x.Metadata + } + return nil +} + +// Conditions specified in `ClusterMatch` must be met for the patch +// to be applied to a cluster. +type EnvoyFilter_ClusterMatch struct { + state protoimpl.MessageState + sizeCache protoimpl.SizeCache + unknownFields protoimpl.UnknownFields + + // The service port for which this cluster was generated. If + // omitted, applies to clusters for any port. + // **Note:** for inbound cluster, it is the service target port. + PortNumber uint32 `protobuf:"varint,1,opt,name=port_number,json=portNumber,proto3" json:"port_number,omitempty"` + // The fully qualified service name for this cluster. If omitted, + // applies to clusters for any service. For services defined + // through service entries, the service name is same as the hosts + // defined in the service entry. + // **Note:** for inbound cluster, this is ignored. + Service string `protobuf:"bytes,2,opt,name=service,proto3" json:"service,omitempty"` + // The subset associated with the service. If omitted, applies to + // clusters for any subset of a service. + Subset string `protobuf:"bytes,3,opt,name=subset,proto3" json:"subset,omitempty"` + // The exact name of the cluster to match. To match a specific + // cluster by name, such as the internally generated `Passthrough` + // cluster, leave all fields in clusterMatch empty, except the + // name. + Name string `protobuf:"bytes,4,opt,name=name,proto3" json:"name,omitempty"` +} + +func (x *EnvoyFilter_ClusterMatch) Reset() { + *x = EnvoyFilter_ClusterMatch{} + mi := &file_networking_v1alpha3_envoy_filter_proto_msgTypes[2] + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + ms.StoreMessageInfo(mi) +} + +func (x *EnvoyFilter_ClusterMatch) String() string { + return protoimpl.X.MessageStringOf(x) +} + +func (*EnvoyFilter_ClusterMatch) ProtoMessage() {} + +func (x *EnvoyFilter_ClusterMatch) ProtoReflect() protoreflect.Message { + mi := &file_networking_v1alpha3_envoy_filter_proto_msgTypes[2] + if x != nil { + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + if ms.LoadMessageInfo() == nil { + ms.StoreMessageInfo(mi) + } + return ms + } + return mi.MessageOf(x) +} + +// Deprecated: Use EnvoyFilter_ClusterMatch.ProtoReflect.Descriptor instead. +func (*EnvoyFilter_ClusterMatch) Descriptor() ([]byte, []int) { + return file_networking_v1alpha3_envoy_filter_proto_rawDescGZIP(), []int{0, 1} +} + +func (x *EnvoyFilter_ClusterMatch) GetPortNumber() uint32 { + if x != nil { + return x.PortNumber + } + return 0 +} + +func (x *EnvoyFilter_ClusterMatch) GetService() string { + if x != nil { + return x.Service + } + return "" +} + +func (x *EnvoyFilter_ClusterMatch) GetSubset() string { + if x != nil { + return x.Subset + } + return "" +} + +func (x *EnvoyFilter_ClusterMatch) GetName() string { + if x != nil { + return x.Name + } + return "" +} + +// Conditions specified in RouteConfigurationMatch must be met for +// the patch to be applied to a route configuration object or a +// specific virtual host within the route configuration. +type EnvoyFilter_RouteConfigurationMatch struct { + state protoimpl.MessageState + sizeCache protoimpl.SizeCache + unknownFields protoimpl.UnknownFields + + // The service port number or gateway server port number for which + // this route configuration was generated. If omitted, applies to + // route configurations for all ports. + PortNumber uint32 `protobuf:"varint,1,opt,name=port_number,json=portNumber,proto3" json:"port_number,omitempty"` + // Applicable only for GATEWAY context. The gateway server port + // name for which this route configuration was generated. + PortName string `protobuf:"bytes,2,opt,name=port_name,json=portName,proto3" json:"port_name,omitempty"` + // The Istio gateway config's namespace/name for which this route + // configuration was generated. Applies only if the context is + // GATEWAY. Should be in the namespace/name format. Use this field + // in conjunction with the `portNumber` and `portName` to accurately + // select the Envoy route configuration for a specific HTTPS + // server within a gateway config object. + Gateway string `protobuf:"bytes,3,opt,name=gateway,proto3" json:"gateway,omitempty"` + // Match a specific virtual host in a route configuration and + // apply the patch to the virtual host. + Vhost *EnvoyFilter_RouteConfigurationMatch_VirtualHostMatch `protobuf:"bytes,4,opt,name=vhost,proto3" json:"vhost,omitempty"` + // Route configuration name to match on. Can be used to match a + // specific route configuration by name, such as the internally + // generated `http_proxy` route configuration for all sidecars. + Name string `protobuf:"bytes,5,opt,name=name,proto3" json:"name,omitempty"` +} + +func (x *EnvoyFilter_RouteConfigurationMatch) Reset() { + *x = EnvoyFilter_RouteConfigurationMatch{} + mi := &file_networking_v1alpha3_envoy_filter_proto_msgTypes[3] + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + ms.StoreMessageInfo(mi) +} + +func (x *EnvoyFilter_RouteConfigurationMatch) String() string { + return protoimpl.X.MessageStringOf(x) +} + +func (*EnvoyFilter_RouteConfigurationMatch) ProtoMessage() {} + +func (x *EnvoyFilter_RouteConfigurationMatch) ProtoReflect() protoreflect.Message { + mi := &file_networking_v1alpha3_envoy_filter_proto_msgTypes[3] + if x != nil { + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + if ms.LoadMessageInfo() == nil { + ms.StoreMessageInfo(mi) + } + return ms + } + return mi.MessageOf(x) +} + +// Deprecated: Use EnvoyFilter_RouteConfigurationMatch.ProtoReflect.Descriptor instead. +func (*EnvoyFilter_RouteConfigurationMatch) Descriptor() ([]byte, []int) { + return file_networking_v1alpha3_envoy_filter_proto_rawDescGZIP(), []int{0, 2} +} + +func (x *EnvoyFilter_RouteConfigurationMatch) GetPortNumber() uint32 { + if x != nil { + return x.PortNumber + } + return 0 +} + +func (x *EnvoyFilter_RouteConfigurationMatch) GetPortName() string { + if x != nil { + return x.PortName + } + return "" +} + +func (x *EnvoyFilter_RouteConfigurationMatch) GetGateway() string { + if x != nil { + return x.Gateway + } + return "" +} + +func (x *EnvoyFilter_RouteConfigurationMatch) GetVhost() *EnvoyFilter_RouteConfigurationMatch_VirtualHostMatch { + if x != nil { + return x.Vhost + } + return nil +} + +func (x *EnvoyFilter_RouteConfigurationMatch) GetName() string { + if x != nil { + return x.Name + } + return "" +} + +// Conditions specified in a listener match must be met for the +// patch to be applied to a specific listener across all filter +// chains, or a specific filter chain inside the listener. +type EnvoyFilter_ListenerMatch struct { + state protoimpl.MessageState + sizeCache protoimpl.SizeCache + unknownFields protoimpl.UnknownFields + + // The service port/gateway port to which traffic is being + // sent/received. If not specified, matches all listeners. Even though + // inbound listeners are generated for the instance/pod ports, only + // service ports should be used to match listeners. + PortNumber uint32 `protobuf:"varint,1,opt,name=port_number,json=portNumber,proto3" json:"port_number,omitempty"` + // Instead of using specific port numbers, a set of ports matching + // a given service's port name can be selected. Matching is case + // insensitive. + // Not implemented. + // $hide_from_docs + PortName string `protobuf:"bytes,2,opt,name=port_name,json=portName,proto3" json:"port_name,omitempty"` + // Match a specific filter chain in a listener. If specified, the + // patch will be applied to the filter chain (and a specific + // filter if specified) and not to other filter chains in the + // listener. + FilterChain *EnvoyFilter_ListenerMatch_FilterChainMatch `protobuf:"bytes,3,opt,name=filter_chain,json=filterChain,proto3" json:"filter_chain,omitempty"` + // Match a specific listener filter. If specified, the + // patch will be applied to the listener filter. + ListenerFilter string `protobuf:"bytes,5,opt,name=listener_filter,json=listenerFilter,proto3" json:"listener_filter,omitempty"` + // Match a specific listener by its name. The listeners generated + // by istiod are typically named as IP:Port. + Name string `protobuf:"bytes,4,opt,name=name,proto3" json:"name,omitempty"` +} + +func (x *EnvoyFilter_ListenerMatch) Reset() { + *x = EnvoyFilter_ListenerMatch{} + mi := &file_networking_v1alpha3_envoy_filter_proto_msgTypes[4] + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + ms.StoreMessageInfo(mi) +} + +func (x *EnvoyFilter_ListenerMatch) String() string { + return protoimpl.X.MessageStringOf(x) +} + +func (*EnvoyFilter_ListenerMatch) ProtoMessage() {} + +func (x *EnvoyFilter_ListenerMatch) ProtoReflect() protoreflect.Message { + mi := &file_networking_v1alpha3_envoy_filter_proto_msgTypes[4] + if x != nil { + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + if ms.LoadMessageInfo() == nil { + ms.StoreMessageInfo(mi) + } + return ms + } + return mi.MessageOf(x) +} + +// Deprecated: Use EnvoyFilter_ListenerMatch.ProtoReflect.Descriptor instead. +func (*EnvoyFilter_ListenerMatch) Descriptor() ([]byte, []int) { + return file_networking_v1alpha3_envoy_filter_proto_rawDescGZIP(), []int{0, 3} +} + +func (x *EnvoyFilter_ListenerMatch) GetPortNumber() uint32 { + if x != nil { + return x.PortNumber + } + return 0 +} + +func (x *EnvoyFilter_ListenerMatch) GetPortName() string { + if x != nil { + return x.PortName + } + return "" +} + +func (x *EnvoyFilter_ListenerMatch) GetFilterChain() *EnvoyFilter_ListenerMatch_FilterChainMatch { + if x != nil { + return x.FilterChain + } + return nil +} + +func (x *EnvoyFilter_ListenerMatch) GetListenerFilter() string { + if x != nil { + return x.ListenerFilter + } + return "" +} + +func (x *EnvoyFilter_ListenerMatch) GetName() string { + if x != nil { + return x.Name + } + return "" +} + +// Patch specifies how the selected object should be modified. +type EnvoyFilter_Patch struct { + state protoimpl.MessageState + sizeCache protoimpl.SizeCache + unknownFields protoimpl.UnknownFields + + // Determines how the patch should be applied. + Operation EnvoyFilter_Patch_Operation `protobuf:"varint,1,opt,name=operation,proto3,enum=istio.networking.v1alpha3.EnvoyFilter_Patch_Operation" json:"operation,omitempty"` + // The JSON config of the object being patched. This will be merged using + // proto merge semantics with the existing proto in the path. + Value *_struct.Struct `protobuf:"bytes,2,opt,name=value,proto3" json:"value,omitempty"` + // Determines the filter insertion order. + FilterClass EnvoyFilter_Patch_FilterClass `protobuf:"varint,3,opt,name=filter_class,json=filterClass,proto3,enum=istio.networking.v1alpha3.EnvoyFilter_Patch_FilterClass" json:"filter_class,omitempty"` +} + +func (x *EnvoyFilter_Patch) Reset() { + *x = EnvoyFilter_Patch{} + mi := &file_networking_v1alpha3_envoy_filter_proto_msgTypes[5] + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + ms.StoreMessageInfo(mi) +} + +func (x *EnvoyFilter_Patch) String() string { + return protoimpl.X.MessageStringOf(x) +} + +func (*EnvoyFilter_Patch) ProtoMessage() {} + +func (x *EnvoyFilter_Patch) ProtoReflect() protoreflect.Message { + mi := &file_networking_v1alpha3_envoy_filter_proto_msgTypes[5] + if x != nil { + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + if ms.LoadMessageInfo() == nil { + ms.StoreMessageInfo(mi) + } + return ms + } + return mi.MessageOf(x) +} + +// Deprecated: Use EnvoyFilter_Patch.ProtoReflect.Descriptor instead. +func (*EnvoyFilter_Patch) Descriptor() ([]byte, []int) { + return file_networking_v1alpha3_envoy_filter_proto_rawDescGZIP(), []int{0, 4} +} + +func (x *EnvoyFilter_Patch) GetOperation() EnvoyFilter_Patch_Operation { + if x != nil { + return x.Operation + } + return EnvoyFilter_Patch_INVALID +} + +func (x *EnvoyFilter_Patch) GetValue() *_struct.Struct { + if x != nil { + return x.Value + } + return nil +} + +func (x *EnvoyFilter_Patch) GetFilterClass() EnvoyFilter_Patch_FilterClass { + if x != nil { + return x.FilterClass + } + return EnvoyFilter_Patch_UNSPECIFIED +} + +// One or more match conditions to be met before a patch is applied +// to the generated configuration for a given proxy. +type EnvoyFilter_EnvoyConfigObjectMatch struct { + state protoimpl.MessageState + sizeCache protoimpl.SizeCache + unknownFields protoimpl.UnknownFields + + // The specific config generation context to match on. istiod + // generates envoy configuration in the context of a gateway, + // inbound traffic to sidecar and outbound traffic from sidecar. + Context EnvoyFilter_PatchContext `protobuf:"varint,1,opt,name=context,proto3,enum=istio.networking.v1alpha3.EnvoyFilter_PatchContext" json:"context,omitempty"` + // Match on properties associated with a proxy. + Proxy *EnvoyFilter_ProxyMatch `protobuf:"bytes,2,opt,name=proxy,proto3" json:"proxy,omitempty"` + // Types that are assignable to ObjectTypes: + // + // *EnvoyFilter_EnvoyConfigObjectMatch_Listener + // *EnvoyFilter_EnvoyConfigObjectMatch_RouteConfiguration + // *EnvoyFilter_EnvoyConfigObjectMatch_Cluster + ObjectTypes isEnvoyFilter_EnvoyConfigObjectMatch_ObjectTypes `protobuf_oneof:"object_types"` +} + +func (x *EnvoyFilter_EnvoyConfigObjectMatch) Reset() { + *x = EnvoyFilter_EnvoyConfigObjectMatch{} + mi := &file_networking_v1alpha3_envoy_filter_proto_msgTypes[6] + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + ms.StoreMessageInfo(mi) +} + +func (x *EnvoyFilter_EnvoyConfigObjectMatch) String() string { + return protoimpl.X.MessageStringOf(x) +} + +func (*EnvoyFilter_EnvoyConfigObjectMatch) ProtoMessage() {} + +func (x *EnvoyFilter_EnvoyConfigObjectMatch) ProtoReflect() protoreflect.Message { + mi := &file_networking_v1alpha3_envoy_filter_proto_msgTypes[6] + if x != nil { + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + if ms.LoadMessageInfo() == nil { + ms.StoreMessageInfo(mi) + } + return ms + } + return mi.MessageOf(x) +} + +// Deprecated: Use EnvoyFilter_EnvoyConfigObjectMatch.ProtoReflect.Descriptor instead. +func (*EnvoyFilter_EnvoyConfigObjectMatch) Descriptor() ([]byte, []int) { + return file_networking_v1alpha3_envoy_filter_proto_rawDescGZIP(), []int{0, 5} +} + +func (x *EnvoyFilter_EnvoyConfigObjectMatch) GetContext() EnvoyFilter_PatchContext { + if x != nil { + return x.Context + } + return EnvoyFilter_ANY +} + +func (x *EnvoyFilter_EnvoyConfigObjectMatch) GetProxy() *EnvoyFilter_ProxyMatch { + if x != nil { + return x.Proxy + } + return nil +} + +func (m *EnvoyFilter_EnvoyConfigObjectMatch) GetObjectTypes() isEnvoyFilter_EnvoyConfigObjectMatch_ObjectTypes { + if m != nil { + return m.ObjectTypes + } + return nil +} + +func (x *EnvoyFilter_EnvoyConfigObjectMatch) GetListener() *EnvoyFilter_ListenerMatch { + if x, ok := x.GetObjectTypes().(*EnvoyFilter_EnvoyConfigObjectMatch_Listener); ok { + return x.Listener + } + return nil +} + +func (x *EnvoyFilter_EnvoyConfigObjectMatch) GetRouteConfiguration() *EnvoyFilter_RouteConfigurationMatch { + if x, ok := x.GetObjectTypes().(*EnvoyFilter_EnvoyConfigObjectMatch_RouteConfiguration); ok { + return x.RouteConfiguration + } + return nil +} + +func (x *EnvoyFilter_EnvoyConfigObjectMatch) GetCluster() *EnvoyFilter_ClusterMatch { + if x, ok := x.GetObjectTypes().(*EnvoyFilter_EnvoyConfigObjectMatch_Cluster); ok { + return x.Cluster + } + return nil +} + +type isEnvoyFilter_EnvoyConfigObjectMatch_ObjectTypes interface { + isEnvoyFilter_EnvoyConfigObjectMatch_ObjectTypes() +} + +type EnvoyFilter_EnvoyConfigObjectMatch_Listener struct { + // Match on envoy listener attributes. + Listener *EnvoyFilter_ListenerMatch `protobuf:"bytes,3,opt,name=listener,proto3,oneof"` +} + +type EnvoyFilter_EnvoyConfigObjectMatch_RouteConfiguration struct { + // Match on envoy HTTP route configuration attributes. + RouteConfiguration *EnvoyFilter_RouteConfigurationMatch `protobuf:"bytes,4,opt,name=route_configuration,json=routeConfiguration,proto3,oneof"` +} + +type EnvoyFilter_EnvoyConfigObjectMatch_Cluster struct { + // Match on envoy cluster attributes. + Cluster *EnvoyFilter_ClusterMatch `protobuf:"bytes,5,opt,name=cluster,proto3,oneof"` +} + +func (*EnvoyFilter_EnvoyConfigObjectMatch_Listener) isEnvoyFilter_EnvoyConfigObjectMatch_ObjectTypes() { +} + +func (*EnvoyFilter_EnvoyConfigObjectMatch_RouteConfiguration) isEnvoyFilter_EnvoyConfigObjectMatch_ObjectTypes() { +} + +func (*EnvoyFilter_EnvoyConfigObjectMatch_Cluster) isEnvoyFilter_EnvoyConfigObjectMatch_ObjectTypes() { +} + +// Changes to be made to various envoy config objects. +type EnvoyFilter_EnvoyConfigObjectPatch struct { + state protoimpl.MessageState + sizeCache protoimpl.SizeCache + unknownFields protoimpl.UnknownFields + + // Specifies where in the Envoy configuration, the patch should be + // applied. The match is expected to select the appropriate + // object based on applyTo. For example, an applyTo with + // `HTTP_FILTER` is expected to have a match condition on the + // listeners, with a network filter selection on + // `envoy.filters.network.http_connection_manager` and a sub filter selection on the + // HTTP filter relative to which the insertion should be + // performed. Similarly, an applyTo on `CLUSTER` should have a match + // (if provided) on the cluster and not on a listener. + ApplyTo EnvoyFilter_ApplyTo `protobuf:"varint,1,opt,name=apply_to,json=applyTo,proto3,enum=istio.networking.v1alpha3.EnvoyFilter_ApplyTo" json:"apply_to,omitempty"` + // Match on listener/route configuration/cluster. + Match *EnvoyFilter_EnvoyConfigObjectMatch `protobuf:"bytes,2,opt,name=match,proto3" json:"match,omitempty"` + // The patch to apply along with the operation. + Patch *EnvoyFilter_Patch `protobuf:"bytes,3,opt,name=patch,proto3" json:"patch,omitempty"` +} + +func (x *EnvoyFilter_EnvoyConfigObjectPatch) Reset() { + *x = EnvoyFilter_EnvoyConfigObjectPatch{} + mi := &file_networking_v1alpha3_envoy_filter_proto_msgTypes[7] + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + ms.StoreMessageInfo(mi) +} + +func (x *EnvoyFilter_EnvoyConfigObjectPatch) String() string { + return protoimpl.X.MessageStringOf(x) +} + +func (*EnvoyFilter_EnvoyConfigObjectPatch) ProtoMessage() {} + +func (x *EnvoyFilter_EnvoyConfigObjectPatch) ProtoReflect() protoreflect.Message { + mi := &file_networking_v1alpha3_envoy_filter_proto_msgTypes[7] + if x != nil { + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + if ms.LoadMessageInfo() == nil { + ms.StoreMessageInfo(mi) + } + return ms + } + return mi.MessageOf(x) +} + +// Deprecated: Use EnvoyFilter_EnvoyConfigObjectPatch.ProtoReflect.Descriptor instead. +func (*EnvoyFilter_EnvoyConfigObjectPatch) Descriptor() ([]byte, []int) { + return file_networking_v1alpha3_envoy_filter_proto_rawDescGZIP(), []int{0, 6} +} + +func (x *EnvoyFilter_EnvoyConfigObjectPatch) GetApplyTo() EnvoyFilter_ApplyTo { + if x != nil { + return x.ApplyTo + } + return EnvoyFilter_INVALID +} + +func (x *EnvoyFilter_EnvoyConfigObjectPatch) GetMatch() *EnvoyFilter_EnvoyConfigObjectMatch { + if x != nil { + return x.Match + } + return nil +} + +func (x *EnvoyFilter_EnvoyConfigObjectPatch) GetPatch() *EnvoyFilter_Patch { + if x != nil { + return x.Patch + } + return nil +} + +// Match a specific route inside a virtual host in a route configuration. +type EnvoyFilter_RouteConfigurationMatch_RouteMatch struct { + state protoimpl.MessageState + sizeCache protoimpl.SizeCache + unknownFields protoimpl.UnknownFields + + // The Route objects generated by default are named as + // default. Route objects generated using a virtual service + // will carry the name used in the virtual service's HTTP + // routes. + Name string `protobuf:"bytes,1,opt,name=name,proto3" json:"name,omitempty"` + // Match a route with specific action type. + Action EnvoyFilter_RouteConfigurationMatch_RouteMatch_Action `protobuf:"varint,2,opt,name=action,proto3,enum=istio.networking.v1alpha3.EnvoyFilter_RouteConfigurationMatch_RouteMatch_Action" json:"action,omitempty"` +} + +func (x *EnvoyFilter_RouteConfigurationMatch_RouteMatch) Reset() { + *x = EnvoyFilter_RouteConfigurationMatch_RouteMatch{} + mi := &file_networking_v1alpha3_envoy_filter_proto_msgTypes[9] + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + ms.StoreMessageInfo(mi) +} + +func (x *EnvoyFilter_RouteConfigurationMatch_RouteMatch) String() string { + return protoimpl.X.MessageStringOf(x) +} + +func (*EnvoyFilter_RouteConfigurationMatch_RouteMatch) ProtoMessage() {} + +func (x *EnvoyFilter_RouteConfigurationMatch_RouteMatch) ProtoReflect() protoreflect.Message { + mi := &file_networking_v1alpha3_envoy_filter_proto_msgTypes[9] + if x != nil { + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + if ms.LoadMessageInfo() == nil { + ms.StoreMessageInfo(mi) + } + return ms + } + return mi.MessageOf(x) +} + +// Deprecated: Use EnvoyFilter_RouteConfigurationMatch_RouteMatch.ProtoReflect.Descriptor instead. +func (*EnvoyFilter_RouteConfigurationMatch_RouteMatch) Descriptor() ([]byte, []int) { + return file_networking_v1alpha3_envoy_filter_proto_rawDescGZIP(), []int{0, 2, 0} +} + +func (x *EnvoyFilter_RouteConfigurationMatch_RouteMatch) GetName() string { + if x != nil { + return x.Name + } + return "" +} + +func (x *EnvoyFilter_RouteConfigurationMatch_RouteMatch) GetAction() EnvoyFilter_RouteConfigurationMatch_RouteMatch_Action { + if x != nil { + return x.Action + } + return EnvoyFilter_RouteConfigurationMatch_RouteMatch_ANY +} + +// Match a specific virtual host inside a route configuration. +type EnvoyFilter_RouteConfigurationMatch_VirtualHostMatch struct { + state protoimpl.MessageState + sizeCache protoimpl.SizeCache + unknownFields protoimpl.UnknownFields + + // The VirtualHosts objects generated by Istio are named as + // host:port, where the host typically corresponds to the + // VirtualService's host field or the hostname of a service in the + // registry. + Name string `protobuf:"bytes,1,opt,name=name,proto3" json:"name,omitempty"` + // Match a specific route within the virtual host. + Route *EnvoyFilter_RouteConfigurationMatch_RouteMatch `protobuf:"bytes,2,opt,name=route,proto3" json:"route,omitempty"` +} + +func (x *EnvoyFilter_RouteConfigurationMatch_VirtualHostMatch) Reset() { + *x = EnvoyFilter_RouteConfigurationMatch_VirtualHostMatch{} + mi := &file_networking_v1alpha3_envoy_filter_proto_msgTypes[10] + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + ms.StoreMessageInfo(mi) +} + +func (x *EnvoyFilter_RouteConfigurationMatch_VirtualHostMatch) String() string { + return protoimpl.X.MessageStringOf(x) +} + +func (*EnvoyFilter_RouteConfigurationMatch_VirtualHostMatch) ProtoMessage() {} + +func (x *EnvoyFilter_RouteConfigurationMatch_VirtualHostMatch) ProtoReflect() protoreflect.Message { + mi := &file_networking_v1alpha3_envoy_filter_proto_msgTypes[10] + if x != nil { + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + if ms.LoadMessageInfo() == nil { + ms.StoreMessageInfo(mi) + } + return ms + } + return mi.MessageOf(x) +} + +// Deprecated: Use EnvoyFilter_RouteConfigurationMatch_VirtualHostMatch.ProtoReflect.Descriptor instead. +func (*EnvoyFilter_RouteConfigurationMatch_VirtualHostMatch) Descriptor() ([]byte, []int) { + return file_networking_v1alpha3_envoy_filter_proto_rawDescGZIP(), []int{0, 2, 1} +} + +func (x *EnvoyFilter_RouteConfigurationMatch_VirtualHostMatch) GetName() string { + if x != nil { + return x.Name + } + return "" +} + +func (x *EnvoyFilter_RouteConfigurationMatch_VirtualHostMatch) GetRoute() *EnvoyFilter_RouteConfigurationMatch_RouteMatch { + if x != nil { + return x.Route + } + return nil +} + +// For listeners with multiple filter chains (e.g., inbound +// listeners on sidecars with permissive mTLS, gateway listeners +// with multiple SNI matches), the filter chain match can be used +// to select a specific filter chain to patch. +type EnvoyFilter_ListenerMatch_FilterChainMatch struct { + state protoimpl.MessageState + sizeCache protoimpl.SizeCache + unknownFields protoimpl.UnknownFields + + // The name assigned to the filter chain. + Name string `protobuf:"bytes,1,opt,name=name,proto3" json:"name,omitempty"` + // The SNI value used by a filter chain's match condition. This + // condition will evaluate to false if the filter chain has no + // sni match. + Sni string `protobuf:"bytes,2,opt,name=sni,proto3" json:"sni,omitempty"` + // Applies only to `SIDECAR_INBOUND` context. If non-empty, a + // transport protocol to consider when determining a filter + // chain match. This value will be compared against the + // transport protocol of a new connection, when it's detected by + // the `tls_inspector` listener filter. + // + // Accepted values include: + // + // * `raw_buffer` - default, used when no transport protocol is detected. + // * `tls` - set when TLS protocol is detected by the TLS inspector. + TransportProtocol string `protobuf:"bytes,3,opt,name=transport_protocol,json=transportProtocol,proto3" json:"transport_protocol,omitempty"` + // Applies only to sidecars. If non-empty, a comma separated set + // of application protocols to consider when determining a + // filter chain match. This value will be compared against the + // application protocols of a new connection, when it's detected + // by one of the listener filters such as the `http_inspector`. + // + // Accepted values include: h2, http/1.1, http/1.0 + ApplicationProtocols string `protobuf:"bytes,4,opt,name=application_protocols,json=applicationProtocols,proto3" json:"application_protocols,omitempty"` + // The name of a specific filter to apply the patch to. Set this + // to `envoy.filters.network.http_connection_manager` to add a filter or apply a + // patch to the HTTP connection manager. + Filter *EnvoyFilter_ListenerMatch_FilterMatch `protobuf:"bytes,5,opt,name=filter,proto3" json:"filter,omitempty"` + // The destination_port value used by a filter chain's match condition. + // This condition will evaluate to false if the filter chain has no destination_port match. + DestinationPort uint32 `protobuf:"varint,6,opt,name=destination_port,json=destinationPort,proto3" json:"destination_port,omitempty"` +} + +func (x *EnvoyFilter_ListenerMatch_FilterChainMatch) Reset() { + *x = EnvoyFilter_ListenerMatch_FilterChainMatch{} + mi := &file_networking_v1alpha3_envoy_filter_proto_msgTypes[11] + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + ms.StoreMessageInfo(mi) +} + +func (x *EnvoyFilter_ListenerMatch_FilterChainMatch) String() string { + return protoimpl.X.MessageStringOf(x) +} + +func (*EnvoyFilter_ListenerMatch_FilterChainMatch) ProtoMessage() {} + +func (x *EnvoyFilter_ListenerMatch_FilterChainMatch) ProtoReflect() protoreflect.Message { + mi := &file_networking_v1alpha3_envoy_filter_proto_msgTypes[11] + if x != nil { + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + if ms.LoadMessageInfo() == nil { + ms.StoreMessageInfo(mi) + } + return ms + } + return mi.MessageOf(x) +} + +// Deprecated: Use EnvoyFilter_ListenerMatch_FilterChainMatch.ProtoReflect.Descriptor instead. +func (*EnvoyFilter_ListenerMatch_FilterChainMatch) Descriptor() ([]byte, []int) { + return file_networking_v1alpha3_envoy_filter_proto_rawDescGZIP(), []int{0, 3, 0} +} + +func (x *EnvoyFilter_ListenerMatch_FilterChainMatch) GetName() string { + if x != nil { + return x.Name + } + return "" +} + +func (x *EnvoyFilter_ListenerMatch_FilterChainMatch) GetSni() string { + if x != nil { + return x.Sni + } + return "" +} + +func (x *EnvoyFilter_ListenerMatch_FilterChainMatch) GetTransportProtocol() string { + if x != nil { + return x.TransportProtocol + } + return "" +} + +func (x *EnvoyFilter_ListenerMatch_FilterChainMatch) GetApplicationProtocols() string { + if x != nil { + return x.ApplicationProtocols + } + return "" +} + +func (x *EnvoyFilter_ListenerMatch_FilterChainMatch) GetFilter() *EnvoyFilter_ListenerMatch_FilterMatch { + if x != nil { + return x.Filter + } + return nil +} + +func (x *EnvoyFilter_ListenerMatch_FilterChainMatch) GetDestinationPort() uint32 { + if x != nil { + return x.DestinationPort + } + return 0 +} + +// Conditions to match a specific filter within a filter chain. +type EnvoyFilter_ListenerMatch_FilterMatch struct { + state protoimpl.MessageState + sizeCache protoimpl.SizeCache + unknownFields protoimpl.UnknownFields + + // The filter name to match on. + // For standard Envoy filters, [canonical filter](https://www.envoyproxy.io/docs/envoy/latest/version_history/v1.14.0#deprecated) + // names should be used. + Name string `protobuf:"bytes,1,opt,name=name,proto3" json:"name,omitempty"` + // The next level filter within this filter to match + // upon. Typically used for HTTP Connection Manager filters and + // Thrift filters. + SubFilter *EnvoyFilter_ListenerMatch_SubFilterMatch `protobuf:"bytes,2,opt,name=sub_filter,json=subFilter,proto3" json:"sub_filter,omitempty"` +} + +func (x *EnvoyFilter_ListenerMatch_FilterMatch) Reset() { + *x = EnvoyFilter_ListenerMatch_FilterMatch{} + mi := &file_networking_v1alpha3_envoy_filter_proto_msgTypes[12] + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + ms.StoreMessageInfo(mi) +} + +func (x *EnvoyFilter_ListenerMatch_FilterMatch) String() string { + return protoimpl.X.MessageStringOf(x) +} + +func (*EnvoyFilter_ListenerMatch_FilterMatch) ProtoMessage() {} + +func (x *EnvoyFilter_ListenerMatch_FilterMatch) ProtoReflect() protoreflect.Message { + mi := &file_networking_v1alpha3_envoy_filter_proto_msgTypes[12] + if x != nil { + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + if ms.LoadMessageInfo() == nil { + ms.StoreMessageInfo(mi) + } + return ms + } + return mi.MessageOf(x) +} + +// Deprecated: Use EnvoyFilter_ListenerMatch_FilterMatch.ProtoReflect.Descriptor instead. +func (*EnvoyFilter_ListenerMatch_FilterMatch) Descriptor() ([]byte, []int) { + return file_networking_v1alpha3_envoy_filter_proto_rawDescGZIP(), []int{0, 3, 1} +} + +func (x *EnvoyFilter_ListenerMatch_FilterMatch) GetName() string { + if x != nil { + return x.Name + } + return "" +} + +func (x *EnvoyFilter_ListenerMatch_FilterMatch) GetSubFilter() *EnvoyFilter_ListenerMatch_SubFilterMatch { + if x != nil { + return x.SubFilter + } + return nil +} + +// Conditions to match a specific filter within another +// filter. This field is typically useful to match a HTTP filter +// inside the `envoy.filters.network.http_connection_manager` network filter. +// This could also be applicable for thrift filters. +type EnvoyFilter_ListenerMatch_SubFilterMatch struct { + state protoimpl.MessageState + sizeCache protoimpl.SizeCache + unknownFields protoimpl.UnknownFields + + // The filter name to match on. + Name string `protobuf:"bytes,1,opt,name=name,proto3" json:"name,omitempty"` +} + +func (x *EnvoyFilter_ListenerMatch_SubFilterMatch) Reset() { + *x = EnvoyFilter_ListenerMatch_SubFilterMatch{} + mi := &file_networking_v1alpha3_envoy_filter_proto_msgTypes[13] + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + ms.StoreMessageInfo(mi) +} + +func (x *EnvoyFilter_ListenerMatch_SubFilterMatch) String() string { + return protoimpl.X.MessageStringOf(x) +} + +func (*EnvoyFilter_ListenerMatch_SubFilterMatch) ProtoMessage() {} + +func (x *EnvoyFilter_ListenerMatch_SubFilterMatch) ProtoReflect() protoreflect.Message { + mi := &file_networking_v1alpha3_envoy_filter_proto_msgTypes[13] + if x != nil { + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + if ms.LoadMessageInfo() == nil { + ms.StoreMessageInfo(mi) + } + return ms + } + return mi.MessageOf(x) +} + +// Deprecated: Use EnvoyFilter_ListenerMatch_SubFilterMatch.ProtoReflect.Descriptor instead. +func (*EnvoyFilter_ListenerMatch_SubFilterMatch) Descriptor() ([]byte, []int) { + return file_networking_v1alpha3_envoy_filter_proto_rawDescGZIP(), []int{0, 3, 2} +} + +func (x *EnvoyFilter_ListenerMatch_SubFilterMatch) GetName() string { + if x != nil { + return x.Name + } + return "" +} + +var File_networking_v1alpha3_envoy_filter_proto protoreflect.FileDescriptor + +var file_networking_v1alpha3_envoy_filter_proto_rawDesc = []byte{ + 0x0a, 0x26, 0x6e, 0x65, 0x74, 0x77, 0x6f, 0x72, 0x6b, 0x69, 0x6e, 0x67, 0x2f, 0x76, 0x31, 0x61, + 0x6c, 0x70, 0x68, 0x61, 0x33, 0x2f, 0x65, 0x6e, 0x76, 0x6f, 0x79, 0x5f, 0x66, 0x69, 0x6c, 0x74, + 0x65, 0x72, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x12, 0x19, 0x69, 0x73, 0x74, 0x69, 0x6f, 0x2e, + 0x6e, 0x65, 0x74, 0x77, 0x6f, 0x72, 0x6b, 0x69, 0x6e, 0x67, 0x2e, 0x76, 0x31, 0x61, 0x6c, 0x70, + 0x68, 0x61, 0x33, 0x1a, 0x1c, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2f, 0x70, 0x72, 0x6f, 0x74, + 0x6f, 0x62, 0x75, 0x66, 0x2f, 0x73, 0x74, 0x72, 0x75, 0x63, 0x74, 0x2e, 0x70, 0x72, 0x6f, 0x74, + 0x6f, 0x1a, 0x21, 0x6e, 0x65, 0x74, 0x77, 0x6f, 0x72, 0x6b, 0x69, 0x6e, 0x67, 0x2f, 0x76, 0x31, + 0x61, 0x6c, 0x70, 0x68, 0x61, 0x33, 0x2f, 0x73, 0x69, 0x64, 0x65, 0x63, 0x61, 0x72, 0x2e, 0x70, + 0x72, 0x6f, 0x74, 0x6f, 0x1a, 0x1b, 0x74, 0x79, 0x70, 0x65, 0x2f, 0x76, 0x31, 0x62, 0x65, 0x74, + 0x61, 0x31, 0x2f, 0x73, 0x65, 0x6c, 0x65, 0x63, 0x74, 0x6f, 0x72, 0x2e, 0x70, 0x72, 0x6f, 0x74, + 0x6f, 0x22, 0xe5, 0x1a, 0x0a, 0x0b, 0x45, 0x6e, 0x76, 0x6f, 0x79, 0x46, 0x69, 0x6c, 0x74, 0x65, + 0x72, 0x12, 0x58, 0x0a, 0x11, 0x77, 0x6f, 0x72, 0x6b, 0x6c, 0x6f, 0x61, 0x64, 0x5f, 0x73, 0x65, + 0x6c, 0x65, 0x63, 0x74, 0x6f, 0x72, 0x18, 0x03, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x2b, 0x2e, 0x69, + 0x73, 0x74, 0x69, 0x6f, 0x2e, 0x6e, 0x65, 0x74, 0x77, 0x6f, 0x72, 0x6b, 0x69, 0x6e, 0x67, 0x2e, + 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x33, 0x2e, 0x57, 0x6f, 0x72, 0x6b, 0x6c, 0x6f, 0x61, + 0x64, 0x53, 0x65, 0x6c, 0x65, 0x63, 0x74, 0x6f, 0x72, 0x52, 0x10, 0x77, 0x6f, 0x72, 0x6b, 0x6c, + 0x6f, 0x61, 0x64, 0x53, 0x65, 0x6c, 0x65, 0x63, 0x74, 0x6f, 0x72, 0x12, 0x49, 0x0a, 0x0a, 0x74, + 0x61, 0x72, 0x67, 0x65, 0x74, 0x52, 0x65, 0x66, 0x73, 0x18, 0x06, 0x20, 0x03, 0x28, 0x0b, 0x32, + 0x29, 0x2e, 0x69, 0x73, 0x74, 0x69, 0x6f, 0x2e, 0x74, 0x79, 0x70, 0x65, 0x2e, 0x76, 0x31, 0x62, + 0x65, 0x74, 0x61, 0x31, 0x2e, 0x50, 0x6f, 0x6c, 0x69, 0x63, 0x79, 0x54, 0x61, 0x72, 0x67, 0x65, + 0x74, 0x52, 0x65, 0x66, 0x65, 0x72, 0x65, 0x6e, 0x63, 0x65, 0x52, 0x0a, 0x74, 0x61, 0x72, 0x67, + 0x65, 0x74, 0x52, 0x65, 0x66, 0x73, 0x12, 0x64, 0x0a, 0x0e, 0x63, 0x6f, 0x6e, 0x66, 0x69, 0x67, + 0x5f, 0x70, 0x61, 0x74, 0x63, 0x68, 0x65, 0x73, 0x18, 0x04, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x3d, + 0x2e, 0x69, 0x73, 0x74, 0x69, 0x6f, 0x2e, 0x6e, 0x65, 0x74, 0x77, 0x6f, 0x72, 0x6b, 0x69, 0x6e, + 0x67, 0x2e, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x33, 0x2e, 0x45, 0x6e, 0x76, 0x6f, 0x79, + 0x46, 0x69, 0x6c, 0x74, 0x65, 0x72, 0x2e, 0x45, 0x6e, 0x76, 0x6f, 0x79, 0x43, 0x6f, 0x6e, 0x66, + 0x69, 0x67, 0x4f, 0x62, 0x6a, 0x65, 0x63, 0x74, 0x50, 0x61, 0x74, 0x63, 0x68, 0x52, 0x0d, 0x63, + 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x50, 0x61, 0x74, 0x63, 0x68, 0x65, 0x73, 0x12, 0x1a, 0x0a, 0x08, + 0x70, 0x72, 0x69, 0x6f, 0x72, 0x69, 0x74, 0x79, 0x18, 0x05, 0x20, 0x01, 0x28, 0x05, 0x52, 0x08, + 0x70, 0x72, 0x69, 0x6f, 0x72, 0x69, 0x74, 0x79, 0x1a, 0xcb, 0x01, 0x0a, 0x0a, 0x50, 0x72, 0x6f, + 0x78, 0x79, 0x4d, 0x61, 0x74, 0x63, 0x68, 0x12, 0x23, 0x0a, 0x0d, 0x70, 0x72, 0x6f, 0x78, 0x79, + 0x5f, 0x76, 0x65, 0x72, 0x73, 0x69, 0x6f, 0x6e, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x0c, + 0x70, 0x72, 0x6f, 0x78, 0x79, 0x56, 0x65, 0x72, 0x73, 0x69, 0x6f, 0x6e, 0x12, 0x5b, 0x0a, 0x08, + 0x6d, 0x65, 0x74, 0x61, 0x64, 0x61, 0x74, 0x61, 0x18, 0x02, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x3f, + 0x2e, 0x69, 0x73, 0x74, 0x69, 0x6f, 0x2e, 0x6e, 0x65, 0x74, 0x77, 0x6f, 0x72, 0x6b, 0x69, 0x6e, + 0x67, 0x2e, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x33, 0x2e, 0x45, 0x6e, 0x76, 0x6f, 0x79, + 0x46, 0x69, 0x6c, 0x74, 0x65, 0x72, 0x2e, 0x50, 0x72, 0x6f, 0x78, 0x79, 0x4d, 0x61, 0x74, 0x63, + 0x68, 0x2e, 0x4d, 0x65, 0x74, 0x61, 0x64, 0x61, 0x74, 0x61, 0x45, 0x6e, 0x74, 0x72, 0x79, 0x52, + 0x08, 0x6d, 0x65, 0x74, 0x61, 0x64, 0x61, 0x74, 0x61, 0x1a, 0x3b, 0x0a, 0x0d, 0x4d, 0x65, 0x74, + 0x61, 0x64, 0x61, 0x74, 0x61, 0x45, 0x6e, 0x74, 0x72, 0x79, 0x12, 0x10, 0x0a, 0x03, 0x6b, 0x65, + 0x79, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x03, 0x6b, 0x65, 0x79, 0x12, 0x14, 0x0a, 0x05, + 0x76, 0x61, 0x6c, 0x75, 0x65, 0x18, 0x02, 0x20, 0x01, 0x28, 0x09, 0x52, 0x05, 0x76, 0x61, 0x6c, + 0x75, 0x65, 0x3a, 0x02, 0x38, 0x01, 0x1a, 0x75, 0x0a, 0x0c, 0x43, 0x6c, 0x75, 0x73, 0x74, 0x65, + 0x72, 0x4d, 0x61, 0x74, 0x63, 0x68, 0x12, 0x1f, 0x0a, 0x0b, 0x70, 0x6f, 0x72, 0x74, 0x5f, 0x6e, + 0x75, 0x6d, 0x62, 0x65, 0x72, 0x18, 0x01, 0x20, 0x01, 0x28, 0x0d, 0x52, 0x0a, 0x70, 0x6f, 0x72, + 0x74, 0x4e, 0x75, 0x6d, 0x62, 0x65, 0x72, 0x12, 0x18, 0x0a, 0x07, 0x73, 0x65, 0x72, 0x76, 0x69, + 0x63, 0x65, 0x18, 0x02, 0x20, 0x01, 0x28, 0x09, 0x52, 0x07, 0x73, 0x65, 0x72, 0x76, 0x69, 0x63, + 0x65, 0x12, 0x16, 0x0a, 0x06, 0x73, 0x75, 0x62, 0x73, 0x65, 0x74, 0x18, 0x03, 0x20, 0x01, 0x28, + 0x09, 0x52, 0x06, 0x73, 0x75, 0x62, 0x73, 0x65, 0x74, 0x12, 0x12, 0x0a, 0x04, 0x6e, 0x61, 0x6d, + 0x65, 0x18, 0x04, 0x20, 0x01, 0x28, 0x09, 0x52, 0x04, 0x6e, 0x61, 0x6d, 0x65, 0x1a, 0xc4, 0x04, + 0x0a, 0x17, 0x52, 0x6f, 0x75, 0x74, 0x65, 0x43, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x75, 0x72, 0x61, + 0x74, 0x69, 0x6f, 0x6e, 0x4d, 0x61, 0x74, 0x63, 0x68, 0x12, 0x1f, 0x0a, 0x0b, 0x70, 0x6f, 0x72, + 0x74, 0x5f, 0x6e, 0x75, 0x6d, 0x62, 0x65, 0x72, 0x18, 0x01, 0x20, 0x01, 0x28, 0x0d, 0x52, 0x0a, + 0x70, 0x6f, 0x72, 0x74, 0x4e, 0x75, 0x6d, 0x62, 0x65, 0x72, 0x12, 0x1b, 0x0a, 0x09, 0x70, 0x6f, + 0x72, 0x74, 0x5f, 0x6e, 0x61, 0x6d, 0x65, 0x18, 0x02, 0x20, 0x01, 0x28, 0x09, 0x52, 0x08, 0x70, + 0x6f, 0x72, 0x74, 0x4e, 0x61, 0x6d, 0x65, 0x12, 0x18, 0x0a, 0x07, 0x67, 0x61, 0x74, 0x65, 0x77, + 0x61, 0x79, 0x18, 0x03, 0x20, 0x01, 0x28, 0x09, 0x52, 0x07, 0x67, 0x61, 0x74, 0x65, 0x77, 0x61, + 0x79, 0x12, 0x65, 0x0a, 0x05, 0x76, 0x68, 0x6f, 0x73, 0x74, 0x18, 0x04, 0x20, 0x01, 0x28, 0x0b, + 0x32, 0x4f, 0x2e, 0x69, 0x73, 0x74, 0x69, 0x6f, 0x2e, 0x6e, 0x65, 0x74, 0x77, 0x6f, 0x72, 0x6b, + 0x69, 0x6e, 0x67, 0x2e, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x33, 0x2e, 0x45, 0x6e, 0x76, + 0x6f, 0x79, 0x46, 0x69, 0x6c, 0x74, 0x65, 0x72, 0x2e, 0x52, 0x6f, 0x75, 0x74, 0x65, 0x43, 0x6f, + 0x6e, 0x66, 0x69, 0x67, 0x75, 0x72, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x4d, 0x61, 0x74, 0x63, 0x68, + 0x2e, 0x56, 0x69, 0x72, 0x74, 0x75, 0x61, 0x6c, 0x48, 0x6f, 0x73, 0x74, 0x4d, 0x61, 0x74, 0x63, + 0x68, 0x52, 0x05, 0x76, 0x68, 0x6f, 0x73, 0x74, 0x12, 0x12, 0x0a, 0x04, 0x6e, 0x61, 0x6d, 0x65, + 0x18, 0x05, 0x20, 0x01, 0x28, 0x09, 0x52, 0x04, 0x6e, 0x61, 0x6d, 0x65, 0x1a, 0xcb, 0x01, 0x0a, + 0x0a, 0x52, 0x6f, 0x75, 0x74, 0x65, 0x4d, 0x61, 0x74, 0x63, 0x68, 0x12, 0x12, 0x0a, 0x04, 0x6e, + 0x61, 0x6d, 0x65, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x04, 0x6e, 0x61, 0x6d, 0x65, 0x12, + 0x68, 0x0a, 0x06, 0x61, 0x63, 0x74, 0x69, 0x6f, 0x6e, 0x18, 0x02, 0x20, 0x01, 0x28, 0x0e, 0x32, + 0x50, 0x2e, 0x69, 0x73, 0x74, 0x69, 0x6f, 0x2e, 0x6e, 0x65, 0x74, 0x77, 0x6f, 0x72, 0x6b, 0x69, + 0x6e, 0x67, 0x2e, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x33, 0x2e, 0x45, 0x6e, 0x76, 0x6f, + 0x79, 0x46, 0x69, 0x6c, 0x74, 0x65, 0x72, 0x2e, 0x52, 0x6f, 0x75, 0x74, 0x65, 0x43, 0x6f, 0x6e, + 0x66, 0x69, 0x67, 0x75, 0x72, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x4d, 0x61, 0x74, 0x63, 0x68, 0x2e, + 0x52, 0x6f, 0x75, 0x74, 0x65, 0x4d, 0x61, 0x74, 0x63, 0x68, 0x2e, 0x41, 0x63, 0x74, 0x69, 0x6f, + 0x6e, 0x52, 0x06, 0x61, 0x63, 0x74, 0x69, 0x6f, 0x6e, 0x22, 0x3f, 0x0a, 0x06, 0x41, 0x63, 0x74, + 0x69, 0x6f, 0x6e, 0x12, 0x07, 0x0a, 0x03, 0x41, 0x4e, 0x59, 0x10, 0x00, 0x12, 0x09, 0x0a, 0x05, + 0x52, 0x4f, 0x55, 0x54, 0x45, 0x10, 0x01, 0x12, 0x0c, 0x0a, 0x08, 0x52, 0x45, 0x44, 0x49, 0x52, + 0x45, 0x43, 0x54, 0x10, 0x02, 0x12, 0x13, 0x0a, 0x0f, 0x44, 0x49, 0x52, 0x45, 0x43, 0x54, 0x5f, + 0x52, 0x45, 0x53, 0x50, 0x4f, 0x4e, 0x53, 0x45, 0x10, 0x03, 0x1a, 0x87, 0x01, 0x0a, 0x10, 0x56, + 0x69, 0x72, 0x74, 0x75, 0x61, 0x6c, 0x48, 0x6f, 0x73, 0x74, 0x4d, 0x61, 0x74, 0x63, 0x68, 0x12, + 0x12, 0x0a, 0x04, 0x6e, 0x61, 0x6d, 0x65, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x04, 0x6e, + 0x61, 0x6d, 0x65, 0x12, 0x5f, 0x0a, 0x05, 0x72, 0x6f, 0x75, 0x74, 0x65, 0x18, 0x02, 0x20, 0x01, + 0x28, 0x0b, 0x32, 0x49, 0x2e, 0x69, 0x73, 0x74, 0x69, 0x6f, 0x2e, 0x6e, 0x65, 0x74, 0x77, 0x6f, + 0x72, 0x6b, 0x69, 0x6e, 0x67, 0x2e, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x33, 0x2e, 0x45, + 0x6e, 0x76, 0x6f, 0x79, 0x46, 0x69, 0x6c, 0x74, 0x65, 0x72, 0x2e, 0x52, 0x6f, 0x75, 0x74, 0x65, + 0x43, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x75, 0x72, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x4d, 0x61, 0x74, + 0x63, 0x68, 0x2e, 0x52, 0x6f, 0x75, 0x74, 0x65, 0x4d, 0x61, 0x74, 0x63, 0x68, 0x52, 0x05, 0x72, + 0x6f, 0x75, 0x74, 0x65, 0x1a, 0xc6, 0x05, 0x0a, 0x0d, 0x4c, 0x69, 0x73, 0x74, 0x65, 0x6e, 0x65, + 0x72, 0x4d, 0x61, 0x74, 0x63, 0x68, 0x12, 0x1f, 0x0a, 0x0b, 0x70, 0x6f, 0x72, 0x74, 0x5f, 0x6e, + 0x75, 0x6d, 0x62, 0x65, 0x72, 0x18, 0x01, 0x20, 0x01, 0x28, 0x0d, 0x52, 0x0a, 0x70, 0x6f, 0x72, + 0x74, 0x4e, 0x75, 0x6d, 0x62, 0x65, 0x72, 0x12, 0x1b, 0x0a, 0x09, 0x70, 0x6f, 0x72, 0x74, 0x5f, + 0x6e, 0x61, 0x6d, 0x65, 0x18, 0x02, 0x20, 0x01, 0x28, 0x09, 0x52, 0x08, 0x70, 0x6f, 0x72, 0x74, + 0x4e, 0x61, 0x6d, 0x65, 0x12, 0x68, 0x0a, 0x0c, 0x66, 0x69, 0x6c, 0x74, 0x65, 0x72, 0x5f, 0x63, + 0x68, 0x61, 0x69, 0x6e, 0x18, 0x03, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x45, 0x2e, 0x69, 0x73, 0x74, + 0x69, 0x6f, 0x2e, 0x6e, 0x65, 0x74, 0x77, 0x6f, 0x72, 0x6b, 0x69, 0x6e, 0x67, 0x2e, 0x76, 0x31, + 0x61, 0x6c, 0x70, 0x68, 0x61, 0x33, 0x2e, 0x45, 0x6e, 0x76, 0x6f, 0x79, 0x46, 0x69, 0x6c, 0x74, + 0x65, 0x72, 0x2e, 0x4c, 0x69, 0x73, 0x74, 0x65, 0x6e, 0x65, 0x72, 0x4d, 0x61, 0x74, 0x63, 0x68, + 0x2e, 0x46, 0x69, 0x6c, 0x74, 0x65, 0x72, 0x43, 0x68, 0x61, 0x69, 0x6e, 0x4d, 0x61, 0x74, 0x63, + 0x68, 0x52, 0x0b, 0x66, 0x69, 0x6c, 0x74, 0x65, 0x72, 0x43, 0x68, 0x61, 0x69, 0x6e, 0x12, 0x27, + 0x0a, 0x0f, 0x6c, 0x69, 0x73, 0x74, 0x65, 0x6e, 0x65, 0x72, 0x5f, 0x66, 0x69, 0x6c, 0x74, 0x65, + 0x72, 0x18, 0x05, 0x20, 0x01, 0x28, 0x09, 0x52, 0x0e, 0x6c, 0x69, 0x73, 0x74, 0x65, 0x6e, 0x65, + 0x72, 0x46, 0x69, 0x6c, 0x74, 0x65, 0x72, 0x12, 0x12, 0x0a, 0x04, 0x6e, 0x61, 0x6d, 0x65, 0x18, + 0x04, 0x20, 0x01, 0x28, 0x09, 0x52, 0x04, 0x6e, 0x61, 0x6d, 0x65, 0x1a, 0xa1, 0x02, 0x0a, 0x10, + 0x46, 0x69, 0x6c, 0x74, 0x65, 0x72, 0x43, 0x68, 0x61, 0x69, 0x6e, 0x4d, 0x61, 0x74, 0x63, 0x68, + 0x12, 0x12, 0x0a, 0x04, 0x6e, 0x61, 0x6d, 0x65, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x04, + 0x6e, 0x61, 0x6d, 0x65, 0x12, 0x10, 0x0a, 0x03, 0x73, 0x6e, 0x69, 0x18, 0x02, 0x20, 0x01, 0x28, + 0x09, 0x52, 0x03, 0x73, 0x6e, 0x69, 0x12, 0x2d, 0x0a, 0x12, 0x74, 0x72, 0x61, 0x6e, 0x73, 0x70, + 0x6f, 0x72, 0x74, 0x5f, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x63, 0x6f, 0x6c, 0x18, 0x03, 0x20, 0x01, + 0x28, 0x09, 0x52, 0x11, 0x74, 0x72, 0x61, 0x6e, 0x73, 0x70, 0x6f, 0x72, 0x74, 0x50, 0x72, 0x6f, + 0x74, 0x6f, 0x63, 0x6f, 0x6c, 0x12, 0x33, 0x0a, 0x15, 0x61, 0x70, 0x70, 0x6c, 0x69, 0x63, 0x61, + 0x74, 0x69, 0x6f, 0x6e, 0x5f, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x63, 0x6f, 0x6c, 0x73, 0x18, 0x04, + 0x20, 0x01, 0x28, 0x09, 0x52, 0x14, 0x61, 0x70, 0x70, 0x6c, 0x69, 0x63, 0x61, 0x74, 0x69, 0x6f, + 0x6e, 0x50, 0x72, 0x6f, 0x74, 0x6f, 0x63, 0x6f, 0x6c, 0x73, 0x12, 0x58, 0x0a, 0x06, 0x66, 0x69, + 0x6c, 0x74, 0x65, 0x72, 0x18, 0x05, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x40, 0x2e, 0x69, 0x73, 0x74, + 0x69, 0x6f, 0x2e, 0x6e, 0x65, 0x74, 0x77, 0x6f, 0x72, 0x6b, 0x69, 0x6e, 0x67, 0x2e, 0x76, 0x31, + 0x61, 0x6c, 0x70, 0x68, 0x61, 0x33, 0x2e, 0x45, 0x6e, 0x76, 0x6f, 0x79, 0x46, 0x69, 0x6c, 0x74, + 0x65, 0x72, 0x2e, 0x4c, 0x69, 0x73, 0x74, 0x65, 0x6e, 0x65, 0x72, 0x4d, 0x61, 0x74, 0x63, 0x68, + 0x2e, 0x46, 0x69, 0x6c, 0x74, 0x65, 0x72, 0x4d, 0x61, 0x74, 0x63, 0x68, 0x52, 0x06, 0x66, 0x69, + 0x6c, 0x74, 0x65, 0x72, 0x12, 0x29, 0x0a, 0x10, 0x64, 0x65, 0x73, 0x74, 0x69, 0x6e, 0x61, 0x74, + 0x69, 0x6f, 0x6e, 0x5f, 0x70, 0x6f, 0x72, 0x74, 0x18, 0x06, 0x20, 0x01, 0x28, 0x0d, 0x52, 0x0f, + 0x64, 0x65, 0x73, 0x74, 0x69, 0x6e, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x50, 0x6f, 0x72, 0x74, 0x1a, + 0x85, 0x01, 0x0a, 0x0b, 0x46, 0x69, 0x6c, 0x74, 0x65, 0x72, 0x4d, 0x61, 0x74, 0x63, 0x68, 0x12, + 0x12, 0x0a, 0x04, 0x6e, 0x61, 0x6d, 0x65, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x04, 0x6e, + 0x61, 0x6d, 0x65, 0x12, 0x62, 0x0a, 0x0a, 0x73, 0x75, 0x62, 0x5f, 0x66, 0x69, 0x6c, 0x74, 0x65, + 0x72, 0x18, 0x02, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x43, 0x2e, 0x69, 0x73, 0x74, 0x69, 0x6f, 0x2e, + 0x6e, 0x65, 0x74, 0x77, 0x6f, 0x72, 0x6b, 0x69, 0x6e, 0x67, 0x2e, 0x76, 0x31, 0x61, 0x6c, 0x70, + 0x68, 0x61, 0x33, 0x2e, 0x45, 0x6e, 0x76, 0x6f, 0x79, 0x46, 0x69, 0x6c, 0x74, 0x65, 0x72, 0x2e, + 0x4c, 0x69, 0x73, 0x74, 0x65, 0x6e, 0x65, 0x72, 0x4d, 0x61, 0x74, 0x63, 0x68, 0x2e, 0x53, 0x75, + 0x62, 0x46, 0x69, 0x6c, 0x74, 0x65, 0x72, 0x4d, 0x61, 0x74, 0x63, 0x68, 0x52, 0x09, 0x73, 0x75, + 0x62, 0x46, 0x69, 0x6c, 0x74, 0x65, 0x72, 0x1a, 0x24, 0x0a, 0x0e, 0x53, 0x75, 0x62, 0x46, 0x69, + 0x6c, 0x74, 0x65, 0x72, 0x4d, 0x61, 0x74, 0x63, 0x68, 0x12, 0x12, 0x0a, 0x04, 0x6e, 0x61, 0x6d, + 0x65, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x04, 0x6e, 0x61, 0x6d, 0x65, 0x1a, 0xa8, 0x03, + 0x0a, 0x05, 0x50, 0x61, 0x74, 0x63, 0x68, 0x12, 0x54, 0x0a, 0x09, 0x6f, 0x70, 0x65, 0x72, 0x61, + 0x74, 0x69, 0x6f, 0x6e, 0x18, 0x01, 0x20, 0x01, 0x28, 0x0e, 0x32, 0x36, 0x2e, 0x69, 0x73, 0x74, + 0x69, 0x6f, 0x2e, 0x6e, 0x65, 0x74, 0x77, 0x6f, 0x72, 0x6b, 0x69, 0x6e, 0x67, 0x2e, 0x76, 0x31, + 0x61, 0x6c, 0x70, 0x68, 0x61, 0x33, 0x2e, 0x45, 0x6e, 0x76, 0x6f, 0x79, 0x46, 0x69, 0x6c, 0x74, + 0x65, 0x72, 0x2e, 0x50, 0x61, 0x74, 0x63, 0x68, 0x2e, 0x4f, 0x70, 0x65, 0x72, 0x61, 0x74, 0x69, + 0x6f, 0x6e, 0x52, 0x09, 0x6f, 0x70, 0x65, 0x72, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x12, 0x2d, 0x0a, + 0x05, 0x76, 0x61, 0x6c, 0x75, 0x65, 0x18, 0x02, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x17, 0x2e, 0x67, + 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2e, 0x53, + 0x74, 0x72, 0x75, 0x63, 0x74, 0x52, 0x05, 0x76, 0x61, 0x6c, 0x75, 0x65, 0x12, 0x5b, 0x0a, 0x0c, + 0x66, 0x69, 0x6c, 0x74, 0x65, 0x72, 0x5f, 0x63, 0x6c, 0x61, 0x73, 0x73, 0x18, 0x03, 0x20, 0x01, + 0x28, 0x0e, 0x32, 0x38, 0x2e, 0x69, 0x73, 0x74, 0x69, 0x6f, 0x2e, 0x6e, 0x65, 0x74, 0x77, 0x6f, + 0x72, 0x6b, 0x69, 0x6e, 0x67, 0x2e, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x33, 0x2e, 0x45, + 0x6e, 0x76, 0x6f, 0x79, 0x46, 0x69, 0x6c, 0x74, 0x65, 0x72, 0x2e, 0x50, 0x61, 0x74, 0x63, 0x68, + 0x2e, 0x46, 0x69, 0x6c, 0x74, 0x65, 0x72, 0x43, 0x6c, 0x61, 0x73, 0x73, 0x52, 0x0b, 0x66, 0x69, + 0x6c, 0x74, 0x65, 0x72, 0x43, 0x6c, 0x61, 0x73, 0x73, 0x22, 0x7c, 0x0a, 0x09, 0x4f, 0x70, 0x65, + 0x72, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x12, 0x0b, 0x0a, 0x07, 0x49, 0x4e, 0x56, 0x41, 0x4c, 0x49, + 0x44, 0x10, 0x00, 0x12, 0x09, 0x0a, 0x05, 0x4d, 0x45, 0x52, 0x47, 0x45, 0x10, 0x01, 0x12, 0x07, + 0x0a, 0x03, 0x41, 0x44, 0x44, 0x10, 0x02, 0x12, 0x0a, 0x0a, 0x06, 0x52, 0x45, 0x4d, 0x4f, 0x56, + 0x45, 0x10, 0x03, 0x12, 0x11, 0x0a, 0x0d, 0x49, 0x4e, 0x53, 0x45, 0x52, 0x54, 0x5f, 0x42, 0x45, + 0x46, 0x4f, 0x52, 0x45, 0x10, 0x04, 0x12, 0x10, 0x0a, 0x0c, 0x49, 0x4e, 0x53, 0x45, 0x52, 0x54, + 0x5f, 0x41, 0x46, 0x54, 0x45, 0x52, 0x10, 0x05, 0x12, 0x10, 0x0a, 0x0c, 0x49, 0x4e, 0x53, 0x45, + 0x52, 0x54, 0x5f, 0x46, 0x49, 0x52, 0x53, 0x54, 0x10, 0x06, 0x12, 0x0b, 0x0a, 0x07, 0x52, 0x45, + 0x50, 0x4c, 0x41, 0x43, 0x45, 0x10, 0x07, 0x22, 0x3f, 0x0a, 0x0b, 0x46, 0x69, 0x6c, 0x74, 0x65, + 0x72, 0x43, 0x6c, 0x61, 0x73, 0x73, 0x12, 0x0f, 0x0a, 0x0b, 0x55, 0x4e, 0x53, 0x50, 0x45, 0x43, + 0x49, 0x46, 0x49, 0x45, 0x44, 0x10, 0x00, 0x12, 0x09, 0x0a, 0x05, 0x41, 0x55, 0x54, 0x48, 0x4e, + 0x10, 0x01, 0x12, 0x09, 0x0a, 0x05, 0x41, 0x55, 0x54, 0x48, 0x5a, 0x10, 0x02, 0x12, 0x09, 0x0a, + 0x05, 0x53, 0x54, 0x41, 0x54, 0x53, 0x10, 0x03, 0x1a, 0xd8, 0x03, 0x0a, 0x16, 0x45, 0x6e, 0x76, + 0x6f, 0x79, 0x43, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x4f, 0x62, 0x6a, 0x65, 0x63, 0x74, 0x4d, 0x61, + 0x74, 0x63, 0x68, 0x12, 0x4d, 0x0a, 0x07, 0x63, 0x6f, 0x6e, 0x74, 0x65, 0x78, 0x74, 0x18, 0x01, + 0x20, 0x01, 0x28, 0x0e, 0x32, 0x33, 0x2e, 0x69, 0x73, 0x74, 0x69, 0x6f, 0x2e, 0x6e, 0x65, 0x74, + 0x77, 0x6f, 0x72, 0x6b, 0x69, 0x6e, 0x67, 0x2e, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x33, + 0x2e, 0x45, 0x6e, 0x76, 0x6f, 0x79, 0x46, 0x69, 0x6c, 0x74, 0x65, 0x72, 0x2e, 0x50, 0x61, 0x74, + 0x63, 0x68, 0x43, 0x6f, 0x6e, 0x74, 0x65, 0x78, 0x74, 0x52, 0x07, 0x63, 0x6f, 0x6e, 0x74, 0x65, + 0x78, 0x74, 0x12, 0x47, 0x0a, 0x05, 0x70, 0x72, 0x6f, 0x78, 0x79, 0x18, 0x02, 0x20, 0x01, 0x28, + 0x0b, 0x32, 0x31, 0x2e, 0x69, 0x73, 0x74, 0x69, 0x6f, 0x2e, 0x6e, 0x65, 0x74, 0x77, 0x6f, 0x72, + 0x6b, 0x69, 0x6e, 0x67, 0x2e, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x33, 0x2e, 0x45, 0x6e, + 0x76, 0x6f, 0x79, 0x46, 0x69, 0x6c, 0x74, 0x65, 0x72, 0x2e, 0x50, 0x72, 0x6f, 0x78, 0x79, 0x4d, + 0x61, 0x74, 0x63, 0x68, 0x52, 0x05, 0x70, 0x72, 0x6f, 0x78, 0x79, 0x12, 0x52, 0x0a, 0x08, 0x6c, + 0x69, 0x73, 0x74, 0x65, 0x6e, 0x65, 0x72, 0x18, 0x03, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x34, 0x2e, + 0x69, 0x73, 0x74, 0x69, 0x6f, 0x2e, 0x6e, 0x65, 0x74, 0x77, 0x6f, 0x72, 0x6b, 0x69, 0x6e, 0x67, + 0x2e, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x33, 0x2e, 0x45, 0x6e, 0x76, 0x6f, 0x79, 0x46, + 0x69, 0x6c, 0x74, 0x65, 0x72, 0x2e, 0x4c, 0x69, 0x73, 0x74, 0x65, 0x6e, 0x65, 0x72, 0x4d, 0x61, + 0x74, 0x63, 0x68, 0x48, 0x00, 0x52, 0x08, 0x6c, 0x69, 0x73, 0x74, 0x65, 0x6e, 0x65, 0x72, 0x12, + 0x71, 0x0a, 0x13, 0x72, 0x6f, 0x75, 0x74, 0x65, 0x5f, 0x63, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x75, + 0x72, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x18, 0x04, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x3e, 0x2e, 0x69, + 0x73, 0x74, 0x69, 0x6f, 0x2e, 0x6e, 0x65, 0x74, 0x77, 0x6f, 0x72, 0x6b, 0x69, 0x6e, 0x67, 0x2e, + 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x33, 0x2e, 0x45, 0x6e, 0x76, 0x6f, 0x79, 0x46, 0x69, + 0x6c, 0x74, 0x65, 0x72, 0x2e, 0x52, 0x6f, 0x75, 0x74, 0x65, 0x43, 0x6f, 0x6e, 0x66, 0x69, 0x67, + 0x75, 0x72, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x4d, 0x61, 0x74, 0x63, 0x68, 0x48, 0x00, 0x52, 0x12, + 0x72, 0x6f, 0x75, 0x74, 0x65, 0x43, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x75, 0x72, 0x61, 0x74, 0x69, + 0x6f, 0x6e, 0x12, 0x4f, 0x0a, 0x07, 0x63, 0x6c, 0x75, 0x73, 0x74, 0x65, 0x72, 0x18, 0x05, 0x20, + 0x01, 0x28, 0x0b, 0x32, 0x33, 0x2e, 0x69, 0x73, 0x74, 0x69, 0x6f, 0x2e, 0x6e, 0x65, 0x74, 0x77, + 0x6f, 0x72, 0x6b, 0x69, 0x6e, 0x67, 0x2e, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x33, 0x2e, + 0x45, 0x6e, 0x76, 0x6f, 0x79, 0x46, 0x69, 0x6c, 0x74, 0x65, 0x72, 0x2e, 0x43, 0x6c, 0x75, 0x73, + 0x74, 0x65, 0x72, 0x4d, 0x61, 0x74, 0x63, 0x68, 0x48, 0x00, 0x52, 0x07, 0x63, 0x6c, 0x75, 0x73, + 0x74, 0x65, 0x72, 0x42, 0x0e, 0x0a, 0x0c, 0x6f, 0x62, 0x6a, 0x65, 0x63, 0x74, 0x5f, 0x74, 0x79, + 0x70, 0x65, 0x73, 0x1a, 0xfc, 0x01, 0x0a, 0x16, 0x45, 0x6e, 0x76, 0x6f, 0x79, 0x43, 0x6f, 0x6e, + 0x66, 0x69, 0x67, 0x4f, 0x62, 0x6a, 0x65, 0x63, 0x74, 0x50, 0x61, 0x74, 0x63, 0x68, 0x12, 0x49, + 0x0a, 0x08, 0x61, 0x70, 0x70, 0x6c, 0x79, 0x5f, 0x74, 0x6f, 0x18, 0x01, 0x20, 0x01, 0x28, 0x0e, + 0x32, 0x2e, 0x2e, 0x69, 0x73, 0x74, 0x69, 0x6f, 0x2e, 0x6e, 0x65, 0x74, 0x77, 0x6f, 0x72, 0x6b, + 0x69, 0x6e, 0x67, 0x2e, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x33, 0x2e, 0x45, 0x6e, 0x76, + 0x6f, 0x79, 0x46, 0x69, 0x6c, 0x74, 0x65, 0x72, 0x2e, 0x41, 0x70, 0x70, 0x6c, 0x79, 0x54, 0x6f, + 0x52, 0x07, 0x61, 0x70, 0x70, 0x6c, 0x79, 0x54, 0x6f, 0x12, 0x53, 0x0a, 0x05, 0x6d, 0x61, 0x74, + 0x63, 0x68, 0x18, 0x02, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x3d, 0x2e, 0x69, 0x73, 0x74, 0x69, 0x6f, + 0x2e, 0x6e, 0x65, 0x74, 0x77, 0x6f, 0x72, 0x6b, 0x69, 0x6e, 0x67, 0x2e, 0x76, 0x31, 0x61, 0x6c, + 0x70, 0x68, 0x61, 0x33, 0x2e, 0x45, 0x6e, 0x76, 0x6f, 0x79, 0x46, 0x69, 0x6c, 0x74, 0x65, 0x72, + 0x2e, 0x45, 0x6e, 0x76, 0x6f, 0x79, 0x43, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x4f, 0x62, 0x6a, 0x65, + 0x63, 0x74, 0x4d, 0x61, 0x74, 0x63, 0x68, 0x52, 0x05, 0x6d, 0x61, 0x74, 0x63, 0x68, 0x12, 0x42, + 0x0a, 0x05, 0x70, 0x61, 0x74, 0x63, 0x68, 0x18, 0x03, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x2c, 0x2e, + 0x69, 0x73, 0x74, 0x69, 0x6f, 0x2e, 0x6e, 0x65, 0x74, 0x77, 0x6f, 0x72, 0x6b, 0x69, 0x6e, 0x67, + 0x2e, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x33, 0x2e, 0x45, 0x6e, 0x76, 0x6f, 0x79, 0x46, + 0x69, 0x6c, 0x74, 0x65, 0x72, 0x2e, 0x50, 0x61, 0x74, 0x63, 0x68, 0x52, 0x05, 0x70, 0x61, 0x74, + 0x63, 0x68, 0x22, 0xdd, 0x01, 0x0a, 0x07, 0x41, 0x70, 0x70, 0x6c, 0x79, 0x54, 0x6f, 0x12, 0x0b, + 0x0a, 0x07, 0x49, 0x4e, 0x56, 0x41, 0x4c, 0x49, 0x44, 0x10, 0x00, 0x12, 0x0c, 0x0a, 0x08, 0x4c, + 0x49, 0x53, 0x54, 0x45, 0x4e, 0x45, 0x52, 0x10, 0x01, 0x12, 0x10, 0x0a, 0x0c, 0x46, 0x49, 0x4c, + 0x54, 0x45, 0x52, 0x5f, 0x43, 0x48, 0x41, 0x49, 0x4e, 0x10, 0x02, 0x12, 0x12, 0x0a, 0x0e, 0x4e, + 0x45, 0x54, 0x57, 0x4f, 0x52, 0x4b, 0x5f, 0x46, 0x49, 0x4c, 0x54, 0x45, 0x52, 0x10, 0x03, 0x12, + 0x0f, 0x0a, 0x0b, 0x48, 0x54, 0x54, 0x50, 0x5f, 0x46, 0x49, 0x4c, 0x54, 0x45, 0x52, 0x10, 0x04, + 0x12, 0x17, 0x0a, 0x13, 0x52, 0x4f, 0x55, 0x54, 0x45, 0x5f, 0x43, 0x4f, 0x4e, 0x46, 0x49, 0x47, + 0x55, 0x52, 0x41, 0x54, 0x49, 0x4f, 0x4e, 0x10, 0x05, 0x12, 0x10, 0x0a, 0x0c, 0x56, 0x49, 0x52, + 0x54, 0x55, 0x41, 0x4c, 0x5f, 0x48, 0x4f, 0x53, 0x54, 0x10, 0x06, 0x12, 0x0e, 0x0a, 0x0a, 0x48, + 0x54, 0x54, 0x50, 0x5f, 0x52, 0x4f, 0x55, 0x54, 0x45, 0x10, 0x07, 0x12, 0x0b, 0x0a, 0x07, 0x43, + 0x4c, 0x55, 0x53, 0x54, 0x45, 0x52, 0x10, 0x08, 0x12, 0x14, 0x0a, 0x10, 0x45, 0x58, 0x54, 0x45, + 0x4e, 0x53, 0x49, 0x4f, 0x4e, 0x5f, 0x43, 0x4f, 0x4e, 0x46, 0x49, 0x47, 0x10, 0x09, 0x12, 0x0d, + 0x0a, 0x09, 0x42, 0x4f, 0x4f, 0x54, 0x53, 0x54, 0x52, 0x41, 0x50, 0x10, 0x0a, 0x12, 0x13, 0x0a, + 0x0f, 0x4c, 0x49, 0x53, 0x54, 0x45, 0x4e, 0x45, 0x52, 0x5f, 0x46, 0x49, 0x4c, 0x54, 0x45, 0x52, + 0x10, 0x0b, 0x22, 0x4f, 0x0a, 0x0c, 0x50, 0x61, 0x74, 0x63, 0x68, 0x43, 0x6f, 0x6e, 0x74, 0x65, + 0x78, 0x74, 0x12, 0x07, 0x0a, 0x03, 0x41, 0x4e, 0x59, 0x10, 0x00, 0x12, 0x13, 0x0a, 0x0f, 0x53, + 0x49, 0x44, 0x45, 0x43, 0x41, 0x52, 0x5f, 0x49, 0x4e, 0x42, 0x4f, 0x55, 0x4e, 0x44, 0x10, 0x01, + 0x12, 0x14, 0x0a, 0x10, 0x53, 0x49, 0x44, 0x45, 0x43, 0x41, 0x52, 0x5f, 0x4f, 0x55, 0x54, 0x42, + 0x4f, 0x55, 0x4e, 0x44, 0x10, 0x02, 0x12, 0x0b, 0x0a, 0x07, 0x47, 0x41, 0x54, 0x45, 0x57, 0x41, + 0x59, 0x10, 0x03, 0x4a, 0x04, 0x08, 0x01, 0x10, 0x02, 0x4a, 0x04, 0x08, 0x02, 0x10, 0x03, 0x52, + 0x07, 0x66, 0x69, 0x6c, 0x74, 0x65, 0x72, 0x73, 0x52, 0x0f, 0x77, 0x6f, 0x72, 0x6b, 0x6c, 0x6f, + 0x61, 0x64, 0x5f, 0x6c, 0x61, 0x62, 0x65, 0x6c, 0x73, 0x42, 0x22, 0x5a, 0x20, 0x69, 0x73, 0x74, + 0x69, 0x6f, 0x2e, 0x69, 0x6f, 0x2f, 0x61, 0x70, 0x69, 0x2f, 0x6e, 0x65, 0x74, 0x77, 0x6f, 0x72, + 0x6b, 0x69, 0x6e, 0x67, 0x2f, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x33, 0x62, 0x06, 0x70, + 0x72, 0x6f, 0x74, 0x6f, 0x33, +} + +var ( + file_networking_v1alpha3_envoy_filter_proto_rawDescOnce sync.Once + file_networking_v1alpha3_envoy_filter_proto_rawDescData = file_networking_v1alpha3_envoy_filter_proto_rawDesc +) + +func file_networking_v1alpha3_envoy_filter_proto_rawDescGZIP() []byte { + file_networking_v1alpha3_envoy_filter_proto_rawDescOnce.Do(func() { + file_networking_v1alpha3_envoy_filter_proto_rawDescData = protoimpl.X.CompressGZIP(file_networking_v1alpha3_envoy_filter_proto_rawDescData) + }) + return file_networking_v1alpha3_envoy_filter_proto_rawDescData +} + +var file_networking_v1alpha3_envoy_filter_proto_enumTypes = make([]protoimpl.EnumInfo, 5) +var file_networking_v1alpha3_envoy_filter_proto_msgTypes = make([]protoimpl.MessageInfo, 14) +var file_networking_v1alpha3_envoy_filter_proto_goTypes = []any{ + (EnvoyFilter_ApplyTo)(0), // 0: istio.networking.v1alpha3.EnvoyFilter.ApplyTo + (EnvoyFilter_PatchContext)(0), // 1: istio.networking.v1alpha3.EnvoyFilter.PatchContext + (EnvoyFilter_RouteConfigurationMatch_RouteMatch_Action)(0), // 2: istio.networking.v1alpha3.EnvoyFilter.RouteConfigurationMatch.RouteMatch.Action + (EnvoyFilter_Patch_Operation)(0), // 3: istio.networking.v1alpha3.EnvoyFilter.Patch.Operation + (EnvoyFilter_Patch_FilterClass)(0), // 4: istio.networking.v1alpha3.EnvoyFilter.Patch.FilterClass + (*EnvoyFilter)(nil), // 5: istio.networking.v1alpha3.EnvoyFilter + (*EnvoyFilter_ProxyMatch)(nil), // 6: istio.networking.v1alpha3.EnvoyFilter.ProxyMatch + (*EnvoyFilter_ClusterMatch)(nil), // 7: istio.networking.v1alpha3.EnvoyFilter.ClusterMatch + (*EnvoyFilter_RouteConfigurationMatch)(nil), // 8: istio.networking.v1alpha3.EnvoyFilter.RouteConfigurationMatch + (*EnvoyFilter_ListenerMatch)(nil), // 9: istio.networking.v1alpha3.EnvoyFilter.ListenerMatch + (*EnvoyFilter_Patch)(nil), // 10: istio.networking.v1alpha3.EnvoyFilter.Patch + (*EnvoyFilter_EnvoyConfigObjectMatch)(nil), // 11: istio.networking.v1alpha3.EnvoyFilter.EnvoyConfigObjectMatch + (*EnvoyFilter_EnvoyConfigObjectPatch)(nil), // 12: istio.networking.v1alpha3.EnvoyFilter.EnvoyConfigObjectPatch + nil, // 13: istio.networking.v1alpha3.EnvoyFilter.ProxyMatch.MetadataEntry + (*EnvoyFilter_RouteConfigurationMatch_RouteMatch)(nil), // 14: istio.networking.v1alpha3.EnvoyFilter.RouteConfigurationMatch.RouteMatch + (*EnvoyFilter_RouteConfigurationMatch_VirtualHostMatch)(nil), // 15: istio.networking.v1alpha3.EnvoyFilter.RouteConfigurationMatch.VirtualHostMatch + (*EnvoyFilter_ListenerMatch_FilterChainMatch)(nil), // 16: istio.networking.v1alpha3.EnvoyFilter.ListenerMatch.FilterChainMatch + (*EnvoyFilter_ListenerMatch_FilterMatch)(nil), // 17: istio.networking.v1alpha3.EnvoyFilter.ListenerMatch.FilterMatch + (*EnvoyFilter_ListenerMatch_SubFilterMatch)(nil), // 18: istio.networking.v1alpha3.EnvoyFilter.ListenerMatch.SubFilterMatch + (*WorkloadSelector)(nil), // 19: istio.networking.v1alpha3.WorkloadSelector + (*v1beta1.PolicyTargetReference)(nil), // 20: istio.type.v1beta1.PolicyTargetReference + (*_struct.Struct)(nil), // 21: google.protobuf.Struct +} +var file_networking_v1alpha3_envoy_filter_proto_depIdxs = []int32{ + 19, // 0: istio.networking.v1alpha3.EnvoyFilter.workload_selector:type_name -> istio.networking.v1alpha3.WorkloadSelector + 20, // 1: istio.networking.v1alpha3.EnvoyFilter.targetRefs:type_name -> istio.type.v1beta1.PolicyTargetReference + 12, // 2: istio.networking.v1alpha3.EnvoyFilter.config_patches:type_name -> istio.networking.v1alpha3.EnvoyFilter.EnvoyConfigObjectPatch + 13, // 3: istio.networking.v1alpha3.EnvoyFilter.ProxyMatch.metadata:type_name -> istio.networking.v1alpha3.EnvoyFilter.ProxyMatch.MetadataEntry + 15, // 4: istio.networking.v1alpha3.EnvoyFilter.RouteConfigurationMatch.vhost:type_name -> istio.networking.v1alpha3.EnvoyFilter.RouteConfigurationMatch.VirtualHostMatch + 16, // 5: istio.networking.v1alpha3.EnvoyFilter.ListenerMatch.filter_chain:type_name -> istio.networking.v1alpha3.EnvoyFilter.ListenerMatch.FilterChainMatch + 3, // 6: istio.networking.v1alpha3.EnvoyFilter.Patch.operation:type_name -> istio.networking.v1alpha3.EnvoyFilter.Patch.Operation + 21, // 7: istio.networking.v1alpha3.EnvoyFilter.Patch.value:type_name -> google.protobuf.Struct + 4, // 8: istio.networking.v1alpha3.EnvoyFilter.Patch.filter_class:type_name -> istio.networking.v1alpha3.EnvoyFilter.Patch.FilterClass + 1, // 9: istio.networking.v1alpha3.EnvoyFilter.EnvoyConfigObjectMatch.context:type_name -> istio.networking.v1alpha3.EnvoyFilter.PatchContext + 6, // 10: istio.networking.v1alpha3.EnvoyFilter.EnvoyConfigObjectMatch.proxy:type_name -> istio.networking.v1alpha3.EnvoyFilter.ProxyMatch + 9, // 11: istio.networking.v1alpha3.EnvoyFilter.EnvoyConfigObjectMatch.listener:type_name -> istio.networking.v1alpha3.EnvoyFilter.ListenerMatch + 8, // 12: istio.networking.v1alpha3.EnvoyFilter.EnvoyConfigObjectMatch.route_configuration:type_name -> istio.networking.v1alpha3.EnvoyFilter.RouteConfigurationMatch + 7, // 13: istio.networking.v1alpha3.EnvoyFilter.EnvoyConfigObjectMatch.cluster:type_name -> istio.networking.v1alpha3.EnvoyFilter.ClusterMatch + 0, // 14: istio.networking.v1alpha3.EnvoyFilter.EnvoyConfigObjectPatch.apply_to:type_name -> istio.networking.v1alpha3.EnvoyFilter.ApplyTo + 11, // 15: istio.networking.v1alpha3.EnvoyFilter.EnvoyConfigObjectPatch.match:type_name -> istio.networking.v1alpha3.EnvoyFilter.EnvoyConfigObjectMatch + 10, // 16: istio.networking.v1alpha3.EnvoyFilter.EnvoyConfigObjectPatch.patch:type_name -> istio.networking.v1alpha3.EnvoyFilter.Patch + 2, // 17: istio.networking.v1alpha3.EnvoyFilter.RouteConfigurationMatch.RouteMatch.action:type_name -> istio.networking.v1alpha3.EnvoyFilter.RouteConfigurationMatch.RouteMatch.Action + 14, // 18: istio.networking.v1alpha3.EnvoyFilter.RouteConfigurationMatch.VirtualHostMatch.route:type_name -> istio.networking.v1alpha3.EnvoyFilter.RouteConfigurationMatch.RouteMatch + 17, // 19: istio.networking.v1alpha3.EnvoyFilter.ListenerMatch.FilterChainMatch.filter:type_name -> istio.networking.v1alpha3.EnvoyFilter.ListenerMatch.FilterMatch + 18, // 20: istio.networking.v1alpha3.EnvoyFilter.ListenerMatch.FilterMatch.sub_filter:type_name -> istio.networking.v1alpha3.EnvoyFilter.ListenerMatch.SubFilterMatch + 21, // [21:21] is the sub-list for method output_type + 21, // [21:21] is the sub-list for method input_type + 21, // [21:21] is the sub-list for extension type_name + 21, // [21:21] is the sub-list for extension extendee + 0, // [0:21] is the sub-list for field type_name +} + +func init() { file_networking_v1alpha3_envoy_filter_proto_init() } +func file_networking_v1alpha3_envoy_filter_proto_init() { + if File_networking_v1alpha3_envoy_filter_proto != nil { + return + } + file_networking_v1alpha3_sidecar_proto_init() + file_networking_v1alpha3_envoy_filter_proto_msgTypes[6].OneofWrappers = []any{ + (*EnvoyFilter_EnvoyConfigObjectMatch_Listener)(nil), + (*EnvoyFilter_EnvoyConfigObjectMatch_RouteConfiguration)(nil), + (*EnvoyFilter_EnvoyConfigObjectMatch_Cluster)(nil), + } + type x struct{} + out := protoimpl.TypeBuilder{ + File: protoimpl.DescBuilder{ + GoPackagePath: reflect.TypeOf(x{}).PkgPath(), + RawDescriptor: file_networking_v1alpha3_envoy_filter_proto_rawDesc, + NumEnums: 5, + NumMessages: 14, + NumExtensions: 0, + NumServices: 0, + }, + GoTypes: file_networking_v1alpha3_envoy_filter_proto_goTypes, + DependencyIndexes: file_networking_v1alpha3_envoy_filter_proto_depIdxs, + EnumInfos: file_networking_v1alpha3_envoy_filter_proto_enumTypes, + MessageInfos: file_networking_v1alpha3_envoy_filter_proto_msgTypes, + }.Build() + File_networking_v1alpha3_envoy_filter_proto = out.File + file_networking_v1alpha3_envoy_filter_proto_rawDesc = nil + file_networking_v1alpha3_envoy_filter_proto_goTypes = nil + file_networking_v1alpha3_envoy_filter_proto_depIdxs = nil +} diff --git a/vendor/istio.io/api/networking/v1alpha3/envoy_filter.pb.html b/vendor/istio.io/api/networking/v1alpha3/envoy_filter.pb.html new file mode 100644 index 000000000..a3911b2c3 --- /dev/null +++ b/vendor/istio.io/api/networking/v1alpha3/envoy_filter.pb.html @@ -0,0 +1,1411 @@ +--- +title: Envoy Filter +description: Customizing Envoy configuration generated by Istio. +location: https://istio.io/docs/reference/config/networking/envoy-filter.html +layout: protoc-gen-docs +generator: protoc-gen-docs +schema: istio.networking.v1alpha3.EnvoyFilter +aliases: [/docs/reference/config/networking/v1alpha3/envoy-filter] +number_of_entries: 18 +--- +

EnvoyFilter provides a mechanism to customize the Envoy +configuration generated by istiod. Use EnvoyFilter to modify +values for certain fields, add specific filters, or even add +entirely new listeners, clusters, etc. This feature must be used +with care, as incorrect configurations could potentially +destabilize the entire mesh. Unlike other Istio networking objects, +EnvoyFilters are additively applied. Any number of EnvoyFilters can +exist for a given workload in a specific namespace. The order of +application of these EnvoyFilters is as follows: all EnvoyFilters +in the config root +namespace, +followed by all matching EnvoyFilters in the workload’s namespace.

+

NOTE 1: Some aspects of this API are deeply tied to the internal +implementation in Istio networking subsystem as well as Envoy’s XDS +API. While the EnvoyFilter API by itself will maintain backward +compatibility, any envoy configuration provided through this +mechanism should be carefully monitored across Istio proxy version +upgrades, to ensure that deprecated fields are removed and replaced +appropriately.

+

NOTE 2: When multiple EnvoyFilters are bound to the same +workload in a given namespace, all patches will be processed +sequentially in order of creation time. The behavior is undefined +if multiple EnvoyFilter configurations conflict with each other.

+

NOTE 3: To apply an EnvoyFilter resource to all workloads +(sidecars and gateways) in the system, define the resource in the +config root +namespace, +without a workloadSelector.

+

The example below declares a global default EnvoyFilter resource in +the root namespace called istio-config, that adds a custom +protocol filter on all sidecars in the system, for outbound port +9307. The filter should be added before the terminating tcp_proxy +filter to take effect. In addition, it sets a 30s idle timeout for +all HTTP connections in both gateways and sidecars.

+
apiVersion: networking.istio.io/v1alpha3
+kind: EnvoyFilter
+metadata:
+  name: custom-protocol
+  namespace: istio-config # as defined in meshConfig resource.
+spec:
+  configPatches:
+  - applyTo: NETWORK_FILTER
+    match:
+      context: SIDECAR_OUTBOUND # will match outbound listeners in all sidecars
+      listener:
+        portNumber: 9307
+        filterChain:
+          filter:
+            name: "envoy.filters.network.tcp_proxy"
+    patch:
+      operation: INSERT_BEFORE
+      value:
+        # This is the full filter config including the name and typed_config section.
+        name: "envoy.extensions.filters.network.mongo_proxy"
+        typed_config:
+          "@type": "type.googleapis.com/envoy.extensions.filters.network.mongo_proxy.v3.MongoProxy"
+          ...
+  - applyTo: NETWORK_FILTER # http connection manager is a filter in Envoy
+    match:
+      # context omitted so that this applies to both sidecars and gateways
+      listener:
+        filterChain:
+          filter:
+            name: "envoy.filters.network.http_connection_manager"
+    patch:
+      operation: MERGE
+      value:
+        name: "envoy.filters.network.http_connection_manager"
+        typed_config:
+          "@type": "type.googleapis.com/envoy.extensions.filters.network.http_connection_manager.v3.HttpConnectionManager"
+          common_http_protocol_options:
+            idle_timeout: 30s
+
+

The following example enables Envoy’s Lua filter for all inbound +HTTP calls arriving at service port 8080 of the reviews service pod +with labels “app: reviews”, in the bookinfo namespace. The lua +filter calls out to an external service internal.org.net:8888 that +requires a special cluster definition in envoy. The cluster is also +added to the sidecar as part of this configuration.

+
apiVersion: networking.istio.io/v1alpha3
+kind: EnvoyFilter
+metadata:
+  name: reviews-lua
+  namespace: bookinfo
+spec:
+  workloadSelector:
+    labels:
+      app: reviews
+  configPatches:
+    # The first patch adds the lua filter to the listener/http connection manager
+  - applyTo: HTTP_FILTER
+    match:
+      context: SIDECAR_INBOUND
+      listener:
+        portNumber: 8080
+        filterChain:
+          filter:
+            name: "envoy.filters.network.http_connection_manager"
+            subFilter:
+              name: "envoy.filters.http.router"
+    patch:
+      operation: INSERT_BEFORE
+      value: # lua filter specification
+       name: envoy.filters.http.lua
+       typed_config:
+          "@type": "type.googleapis.com/envoy.extensions.filters.http.lua.v3.Lua"
+          defaultSourceCode:
+            inlineString: |
+              function envoy_on_request(request_handle)
+                -- Make an HTTP call to an upstream host with the following headers, body, and timeout.
+                local headers, body = request_handle:httpCall(
+                 "lua_cluster",
+                 {
+                  [":method"] = "POST",
+                  [":path"] = "/acl",
+                  [":authority"] = "internal.org.net"
+                 },
+                "authorize call",
+                5000)
+              end
+  # The second patch adds the cluster that is referenced by the lua code
+  # cds match is omitted as a new cluster is being added
+  - applyTo: CLUSTER
+    match:
+      context: SIDECAR_OUTBOUND
+    patch:
+      operation: ADD
+      value: # cluster specification
+        name: "lua_cluster"
+        type: STRICT_DNS
+        connect_timeout: 0.5s
+        lb_policy: ROUND_ROBIN
+        load_assignment:
+          cluster_name: lua_cluster
+          endpoints:
+          - lb_endpoints:
+            - endpoint:
+                address:
+                  socket_address:
+                    protocol: TCP
+                    address: "internal.org.net"
+                    port_value: 8888
+
+

The following example overwrites certain fields (HTTP idle timeout +and X-Forward-For trusted hops) in the HTTP connection manager in a +listener on the ingress gateway in istio-system namespace for the +SNI host app.example.com:

+
apiVersion: networking.istio.io/v1alpha3
+kind: EnvoyFilter
+metadata:
+  name: hcm-tweaks
+  namespace: istio-system
+spec:
+  workloadSelector:
+    labels:
+      istio: ingressgateway
+  configPatches:
+  - applyTo: NETWORK_FILTER # http connection manager is a filter in Envoy
+    match:
+      context: GATEWAY
+      listener:
+        filterChain:
+          sni: app.example.com
+          filter:
+            name: "envoy.filters.network.http_connection_manager"
+    patch:
+      operation: MERGE
+      value:
+        typed_config:
+          "@type": "type.googleapis.com/envoy.extensions.filters.network.http_connection_manager.v3.HttpConnectionManager"
+          xff_num_trusted_hops: 5
+          common_http_protocol_options:
+            idle_timeout: 30s
+
+

The following example inserts an attributegen filter +that produces istio_operationId attribute which is consumed +by the istio.stats filter. filterClass: STATS encodes this dependency.

+
apiVersion: networking.istio.io/v1alpha3
+kind: EnvoyFilter
+metadata:
+  name: reviews-request-operation
+  namespace: myns
+spec:
+  workloadSelector:
+    labels:
+      app: reviews
+  configPatches:
+  - applyTo: HTTP_FILTER
+    match:
+      context: SIDECAR_INBOUND
+    patch:
+      operation: ADD
+      filterClass: STATS # This filter will run *before* the Istio stats filter.
+      value:
+        name: istio.request_operation
+        typed_config:
+         "@type": type.googleapis.com/udpa.type.v1.TypedStruct
+         type_url: type.googleapis.com/envoy.extensions.filters.http.wasm.v3.Wasm
+         value:
+           config:
+             configuration: |
+               {
+                 "attributes": [
+                   {
+                     "output_attribute": "istio_operationId",
+                     "match": [
+                       {
+                         "value": "ListReviews",
+                         "condition": "request.url_path == '/reviews' && request.method == 'GET'"
+                       }]
+                   }]
+               }
+             vm_config:
+               runtime: envoy.wasm.runtime.null
+               code:
+                 local: { inline_string: "envoy.wasm.attributegen" }
+
+

The following example inserts an http ext_authz filter in the myns namespace.

+
apiVersion: networking.istio.io/v1alpha3
+kind: EnvoyFilter
+metadata:
+  name: myns-ext-authz
+  namespace: myns
+spec:
+  configPatches:
+  - applyTo: HTTP_FILTER
+    match:
+      context: SIDECAR_INBOUND
+    patch:
+      operation: ADD
+      filterClass: AUTHZ # This filter will run *after* the Istio authz filter.
+      value:
+        name: envoy.filters.http.ext_authz
+        typed_config:
+          "@type": type.googleapis.com/envoy.extensions.filters.http.ext_authz.v3.ExtAuthz
+          grpc_service:
+            envoy_grpc:
+              cluster_name: acme-ext-authz
+            initial_metadata:
+            - key: foo
+              value: myauth.acme # required by local ext auth server.
+
+

A workload in the myns namespace needs to access a different ext_auth server +that does not accept initial metadata. Since proto merge cannot remove fields, the +following configuration uses the REPLACE operation. If you do not need to inherit +fields, REPLACE is preferred over MERGE.

+
apiVersion: networking.istio.io/v1alpha3
+kind: EnvoyFilter
+metadata:
+  name: mysvc-ext-authz
+  namespace: myns
+spec:
+  workloadSelector:
+    labels:
+      app: mysvc
+  configPatches:
+  - applyTo: HTTP_FILTER
+    match:
+      context: SIDECAR_INBOUND
+    patch:
+      operation: REPLACE
+      value:
+        name: envoy.filters.http.ext_authz
+        typed_config:
+          "@type": type.googleapis.com/envoy.extensions.filters.http.ext_authz.v3.ExtAuthz
+          grpc_service:
+            envoy_grpc:
+              cluster_name: acme-ext-authz-alt
+
+

The following example deploys a Wasm extension for all inbound sidecar HTTP requests.

+
apiVersion: networking.istio.io/v1alpha3
+kind: EnvoyFilter
+metadata:
+  name: wasm-example
+  namespace: myns
+spec:
+  configPatches:
+  # The first patch defines a named Wasm extension and provides a URL to fetch Wasm binary from,
+  # and the binary configuration. It should come before the next patch that applies it.
+  # This resource is visible to all proxies in the namespace "myns". It is possible to provide
+  # multiple definitions for the same name "my-wasm-extension" in multiple namespaces. We recommend that:
+  # - if overriding is desired, then the root level definition can be overridden per namespace with REPLACE.
+  # - if overriding is not desired, then the name should be qualified with the namespace "myns/my-wasm-extension",
+  #   to avoid accidental name collisions.
+  - applyTo: EXTENSION_CONFIG
+    patch:
+      operation: ADD
+      value:
+        name: my-wasm-extension
+        typed_config:
+          "@type": type.googleapis.com/envoy.extensions.filters.http.wasm.v3.Wasm
+          config:
+            root_id: my-wasm-root-id
+            vm_config:
+              vm_id: my-wasm-vm-id
+              runtime: envoy.wasm.runtime.v8
+              code:
+                remote:
+                  http_uri:
+                    uri: http://my-wasm-binary-uri
+            configuration:
+              "@type": "type.googleapis.com/google.protobuf.StringValue"
+              value: |
+                {}
+  # The second patch instructs to apply the above Wasm filter to the listener/http connection manager.
+  - applyTo: HTTP_FILTER
+    match:
+      listener:
+        filterChain:
+          filter:
+            name: envoy.filters.network.http_connection_manager
+            subFilter:
+              name: envoy.filters.http.router
+    patch:
+      operation: INSERT_BEFORE
+      value:
+        name: my-wasm-extension # This must match the name above
+        config_discovery:
+          config_source:
+            ads: {}
+          type_urls: ["type.googleapis.com/envoy.extensions.filters.http.wasm.v3.Wasm"]
+
+

The following example inserts an envoy.filters.listener.proxy_protocol listener filter before the envoy.filters.listener.tls_inspector.

+
apiVersion: networking.istio.io/v1alpha3
+kind: EnvoyFilter
+metadata:
+  name: listener-filter-example
+  namespace: myns
+spec:
+  configPatches:
+  - applyTo: LISTENER_FILTER
+    match:
+      context: SIDECAR_INBOUND # will match inbound listeners in all sidecars
+      listener:
+        portNumber: 15006
+        listenerFilter: "envoy.filters.listener.tls_inspector"
+    patch:
+      operation: INSERT_BEFORE
+      value:
+        # This is the full filter config including the name and typed_config section.
+        name: "envoy.filters.listener.proxy_protocol"
+        typed_config:
+          "@type": "type.googleapis.com/envoy.extensions.filters.listener.proxy_protocol.v3.ProxyProtocol"
+ +

EnvoyFilter

+
+

EnvoyFilter provides a mechanism to customize the Envoy configuration +generated by istiod.

+ + + + + + + + + + + + + + + + + + + + + + + + + + +
FieldDescription
workloadSelector
+
WorkloadSelector
+
 +

Criteria used to select the specific set of pods/VMs on which +this patch configuration should be applied. If omitted, the set +of patches in this configuration will be applied to all workload +instances in the same namespace. If the EnvoyFilter is present +in the config root namespace, it will be applied to all applicable +workloads in any namespace.

+ +
targetRefs
+
PolicyTargetReference[]
+
 +

The targetRefs specifies a list of resources the policy should be +applied to. The targeted resources specified will determine which workloads +the policy applies to.

+

Currently, the following resource attachment types are supported:

+
    +
  • kind: Gateway with group: gateway.networking.k8s.io in the same namespace.
    • +
  • kind: Service with "" in the same namespace. This type is only supported for waypoints.
    • +
+

If not set, the policy is applied as defined by the selector. +At most one of the selector and targetRefs can be set.

+

NOTE: If you are using the targetRefs field in a multi-revision environment with Istio versions prior to 1.22, +it is highly recommended that you pin the policy to a revision running 1.22+ via the istio.io/rev label. +This is to prevent proxies connected to older control planes (that don’t know about the targetRefs field) +from misinterpreting the policy as namespace-wide during the upgrade process.

+

NOTE: Waypoint proxies are required to use this field for policies to apply; selector policies will be ignored.

+ +
configPatches
+
EnvoyConfigObjectPatch[]
+
 +

One or more patches with match conditions.

+ +
priority
+
int32
+
 +

Priority defines the order in which patch sets are applied within a context. +When one patch depends on another patch, the order of patch application +is significant. The API provides two primary ways to order patches. +Patch sets in the root namespace are applied before the patch sets in the +workload namespace. Patches within a patch set are processed in the order +that they appear in the configPatches list.

+

The default value for priority is 0 and the range is [ min-int32, max-int32 ]. +A patch set with a negative priority is processed before the default. A patch +set with a positive priority is processed after the default.

+

It is recommended to start with priority values that are multiples of 10 +to leave room for further insertion.

+

Patch sets are sorted in the following ascending key order: +priority, creation time, fully qualified resource name.

+ +
+
+

ProxyMatch

+
+

One or more properties of the proxy to match on.

+ + + + + + + + + + + + + + + + + + +
FieldDescription
proxyVersion
+
string
+
 +

A regular expression in golang regex format (RE2) that can be +used to select proxies using a specific version of istio +proxy. The Istio version for a given proxy is obtained from the +node metadata field ISTIO_VERSION supplied by the proxy when +connecting to istiod. This value is embedded as an environment +variable (ISTIO_META_ISTIO_VERSION) in the Istio proxy docker +image. Custom proxy implementations should provide this metadata +variable to take advantage of the Istio version check option.

+ +
metadata
+
map<string, string>
+
 +

Match on the node metadata supplied by a proxy when connecting +to istiod. Note that while Envoy’s node metadata is of +type Struct, only string key-value pairs are processed by +istiod. All keys specified in the metadata must match with exact +values. The match will fail if any of the specified keys are +absent or the values fail to match.

+ +
+
+

ClusterMatch

+
+

Conditions specified in ClusterMatch must be met for the patch +to be applied to a cluster.

+ + + + + + + + + + + + + + + + + + + + + + + + + + +
FieldDescription
portNumber
+
uint32
+
 +

The service port for which this cluster was generated. If +omitted, applies to clusters for any port. +Note: for inbound cluster, it is the service target port.

+ +
service
+
string
+
 +

The fully qualified service name for this cluster. If omitted, +applies to clusters for any service. For services defined +through service entries, the service name is same as the hosts +defined in the service entry. +Note: for inbound cluster, this is ignored.

+ +
subset
+
string
+
 +

The subset associated with the service. If omitted, applies to +clusters for any subset of a service.

+ +
name
+
string
+
 +

The exact name of the cluster to match. To match a specific +cluster by name, such as the internally generated Passthrough +cluster, leave all fields in clusterMatch empty, except the +name.

+ +
+
+

RouteConfigurationMatch

+
+

Conditions specified in RouteConfigurationMatch must be met for +the patch to be applied to a route configuration object or a +specific virtual host within the route configuration.

+ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
FieldDescription
portNumber
+
uint32
+
 +

The service port number or gateway server port number for which +this route configuration was generated. If omitted, applies to +route configurations for all ports.

+ +
portName
+
string
+
 +

Applicable only for GATEWAY context. The gateway server port +name for which this route configuration was generated.

+ +
gateway
+
string
+
 +

The Istio gateway config’s namespace/name for which this route +configuration was generated. Applies only if the context is +GATEWAY. Should be in the namespace/name format. Use this field +in conjunction with the portNumber and portName to accurately +select the Envoy route configuration for a specific HTTPS +server within a gateway config object.

+ +
vhost
+
VirtualHostMatch
+
 +

Match a specific virtual host in a route configuration and +apply the patch to the virtual host.

+ +
name
+
string
+
 +

Route configuration name to match on. Can be used to match a +specific route configuration by name, such as the internally +generated http_proxy route configuration for all sidecars.

+ +
+
+

RouteMatch

+
+

Match a specific route inside a virtual host in a route configuration.

+ + + + + + + + + + + + + + + + + + +
FieldDescription
name
+
string
+
 +

The Route objects generated by default are named as +default. Route objects generated using a virtual service +will carry the name used in the virtual service’s HTTP +routes.

+ +
action
+
Action
+
 +

Match a route with specific action type.

+ +
+
+
Action
+
+

Action refers to the route action taken by Envoy when a http route matches.

+ + + + + + + + + + + + + + + + + + + + + + + + + + +
NameDescription
ANY +

All three route actions

+ +
ROUTE +

Route traffic to a cluster / weighted clusters.

+ +
REDIRECT +

Redirect request.

+ +
DIRECT_RESPONSE +

directly respond to a request with specific payload.

+ +
+
+

VirtualHostMatch

+
+

Match a specific virtual host inside a route configuration.

+ + + + + + + + + + + + + + + + + + +
FieldDescription
name
+
string
+
 +

The VirtualHosts objects generated by Istio are named as +host:port, where the host typically corresponds to the +VirtualService’s host field or the hostname of a service in the +registry.

+ +
route
+
RouteMatch
+
 +

Match a specific route within the virtual host.

+ +
+
+

ListenerMatch

+
+

Conditions specified in a listener match must be met for the +patch to be applied to a specific listener across all filter +chains, or a specific filter chain inside the listener.

+ + + + + + + + + + + + + + + + + + + + + + + + + + +
FieldDescription
portNumber
+
uint32
+
 +

The service port/gateway port to which traffic is being +sent/received. If not specified, matches all listeners. Even though +inbound listeners are generated for the instance/pod ports, only +service ports should be used to match listeners.

+ +
filterChain
+
FilterChainMatch
+
 +

Match a specific filter chain in a listener. If specified, the +patch will be applied to the filter chain (and a specific +filter if specified) and not to other filter chains in the +listener.

+ +
listenerFilter
+
string
+
 +

Match a specific listener filter. If specified, the +patch will be applied to the listener filter.

+ +
name
+
string
+
 +

Match a specific listener by its name. The listeners generated +by istiod are typically named as IP:Port.

+ +
+
+

FilterChainMatch

+
+

For listeners with multiple filter chains (e.g., inbound +listeners on sidecars with permissive mTLS, gateway listeners +with multiple SNI matches), the filter chain match can be used +to select a specific filter chain to patch.

+ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
FieldDescription
name
+
string
+
 +

The name assigned to the filter chain.

+ +
sni
+
string
+
 +

The SNI value used by a filter chain’s match condition. This +condition will evaluate to false if the filter chain has no +sni match.

+ +
transportProtocol
+
string
+
 +

Applies only to SIDECAR_INBOUND context. If non-empty, a +transport protocol to consider when determining a filter +chain match. This value will be compared against the +transport protocol of a new connection, when it’s detected by +the tls_inspector listener filter.

+

Accepted values include:

+
    +
  • raw_buffer - default, used when no transport protocol is detected.
    • +
  • tls - set when TLS protocol is detected by the TLS inspector.
    • +
+ +
applicationProtocols
+
string
+
 +

Applies only to sidecars. If non-empty, a comma separated set +of application protocols to consider when determining a +filter chain match. This value will be compared against the +application protocols of a new connection, when it’s detected +by one of the listener filters such as the http_inspector.

+

Accepted values include: h2, http/1.1, http/1.0

+ +
filter
+
FilterMatch
+
 +

The name of a specific filter to apply the patch to. Set this +to envoy.filters.network.http_connection_manager to add a filter or apply a +patch to the HTTP connection manager.

+ +
destinationPort
+
uint32
+
 +

The destination_port value used by a filter chain’s match condition. +This condition will evaluate to false if the filter chain has no destination_port match.

+ +
+
+

FilterMatch

+
+

Conditions to match a specific filter within a filter chain.

+ + + + + + + + + + + + + + + + + + +
FieldDescription
name
+
string
+
 +

The filter name to match on. +For standard Envoy filters, canonical filter +names should be used.

+ +
subFilter
+
SubFilterMatch
+
 +

The next level filter within this filter to match +upon. Typically used for HTTP Connection Manager filters and +Thrift filters.

+ +
+
+

SubFilterMatch

+
+

Conditions to match a specific filter within another +filter. This field is typically useful to match a HTTP filter +inside the envoy.filters.network.http_connection_manager network filter. +This could also be applicable for thrift filters.

+ + + + + + + + + + + + + + +
FieldDescription
name
+
string
+
 +

The filter name to match on.

+ +
+
+

Patch

+
+

Patch specifies how the selected object should be modified.

+ + + + + + + + + + + + + + + + + + + + + + +
FieldDescription
operation
+
Operation
+
 +

Determines how the patch should be applied.

+ +
value
+
Struct
+
 +

The JSON config of the object being patched. This will be merged using +proto merge semantics with the existing proto in the path.

+ +
filterClass
+
FilterClass
+
 +

Determines the filter insertion order.

+ +
+
+

Operation

+
+

Operation denotes how the patch should be applied to the selected +configuration.

+ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
NameDescription
INVALID +
MERGE +

Merge the provided config with the generated config using +proto merge semantics. If you are specifying config in its +entirety, use REPLACE instead.

+ +
ADD +

Add the provided config to an existing list (of listeners, +clusters, virtual hosts, network filters, or http +filters). This operation will be ignored when applyTo is set +to ROUTE_CONFIGURATION, or HTTP_ROUTE.

+ +
REMOVE +

Remove the selected object from the list (of listeners, +clusters, virtual hosts, network filters, routes, or http +filters). Does not require a value to be specified. This +operation will be ignored when applyTo is set to +ROUTE_CONFIGURATION, or HTTP_ROUTE.

+ +
INSERT_BEFORE +

Insert operation on an array of named objects. This operation +is typically useful only in the context of filters or routes, +where the order of elements matter. Routes should be ordered +based on most to least specific matching criteria since the +first matching element is selected. For clusters and virtual hosts, +order of the element in the array does not matter. Insert +before the selected filter or sub filter. If no filter is +selected, the specified filter will be inserted at the front +of the list.

+ +
INSERT_AFTER +

Insert operation on an array of named objects. This operation +is typically useful only in the context of filters or routes, +where the order of elements matter. Routes should be ordered +based on most to least specific matching criteria since the +first matching element is selected. For clusters and virtual hosts, +order of the element in the array does not matter. Insert +after the selected filter or sub filter. If no filter is +selected, the specified filter will be inserted at the end +of the list.

+ +
INSERT_FIRST +

Insert operation on an array of named objects. This operation +is typically useful only in the context of filters or routes, +where the order of elements matter. Routes should be ordered +based on most to least specific matching criteria since the +first matching element is selected. For clusters and virtual hosts, +order of the element in the array does not matter. Insert +first in the list based on the presence of selected filter or not. +This is specifically useful when you want your filter first in the +list based on a match condition specified in Match clause.

+ +
REPLACE +

Replace contents of a named filter with new contents. +REPLACE operation is only valid for HTTP_FILTER and +NETWORK_FILTER. If the named filter is not found, this operation +has no effect.

+ +
+
+

FilterClass

+
+

FilterClass determines the filter insertion point in the filter chain +relative to the filters implicitly inserted by the control plane. +It is used in conjunction with the ADD operation. +This is the preferred insertion mechanism for adding filters over +the INSERT_* operations since those operations rely on potentially unstable +filter names. +Filter ordering is important if your filter depends on or affects the +functioning of a another filter in the filter chain. +Within a filter class, filters are inserted in the order of processing.

+ + + + + + + + + + + + + + + + + + + + + + + + + + +
NameDescription
UNSPECIFIED +

Control plane decides where to insert the filter. +Do not specify FilterClass if the filter is independent of others.

+ +
AUTHN +

Insert filter after Istio authentication filters.

+ +
AUTHZ +

Insert filter after Istio authorization filters.

+ +
STATS +

Insert filter before Istio stats filters.

+ +
+
+

EnvoyConfigObjectMatch

+
+

One or more match conditions to be met before a patch is applied +to the generated configuration for a given proxy.

+ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
FieldDescription
context
+
PatchContext
+
 +

The specific config generation context to match on. istiod +generates envoy configuration in the context of a gateway, +inbound traffic to sidecar and outbound traffic from sidecar.

+ +
proxy
+
ProxyMatch
+
 +

Match on properties associated with a proxy.

+ +
listener
+
ListenerMatch (oneof)
+
 +

Match on envoy listener attributes.

+ +
routeConfiguration
+
RouteConfigurationMatch (oneof)
+
 +

Match on envoy HTTP route configuration attributes.

+ +
cluster
+
ClusterMatch (oneof)
+
 +

Match on envoy cluster attributes.

+ +
+
+

EnvoyConfigObjectPatch

+
+

Changes to be made to various envoy config objects.

+ + + + + + + + + + + + + + + + + + + + + + +
FieldDescription
applyTo
+
ApplyTo
+
 +

Specifies where in the Envoy configuration, the patch should be +applied. The match is expected to select the appropriate +object based on applyTo. For example, an applyTo with +HTTP_FILTER is expected to have a match condition on the +listeners, with a network filter selection on +envoy.filters.network.http_connection_manager and a sub filter selection on the +HTTP filter relative to which the insertion should be +performed. Similarly, an applyTo on CLUSTER should have a match +(if provided) on the cluster and not on a listener.

+ +
match
+
EnvoyConfigObjectMatch
+
 +

Match on listener/route configuration/cluster.

+ +
patch
+
Patch
+
 +

The patch to apply along with the operation.

+ +
+
+

ApplyTo

+
+

ApplyTo specifies where in the Envoy configuration, the given patch should be applied.

+ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
NameDescription
INVALID +
LISTENER +

Applies the patch to the listener.

+ +
FILTER_CHAIN +

Applies the patch to the filter chain.

+ +
NETWORK_FILTER +

Applies the patch to the network filter chain, to modify an +existing filter or add a new filter.

+ +
HTTP_FILTER +

Applies the patch to the HTTP filter chain in the http +connection manager, to modify an existing filter or add a new +filter.

+ +
ROUTE_CONFIGURATION +

Applies the patch to the Route configuration (rds output) +inside a HTTP connection manager. This does not apply to the +virtual host. Currently, only MERGE operation is allowed on the +route configuration objects.

+ +
VIRTUAL_HOST +

Applies the patch to a virtual host inside a route configuration.

+ +
HTTP_ROUTE +

Applies the patch to a route object inside the matched virtual +host in a route configuration.

+ +
CLUSTER +

Applies the patch to a cluster in a CDS output. Also used to add new clusters.

+ +
EXTENSION_CONFIG +

Applies the patch to or adds an extension config in ECDS output. Note that ECDS +is only supported by HTTP filters.

+ +
BOOTSTRAP +

DEPRECATED. Applies the patch to bootstrap configuration.

+ +
LISTENER_FILTER +

Applies the patch to the listener filter.

+ +
+
+

PatchContext

+
+

PatchContext selects a class of configurations based on the +traffic flow direction and workload type.

+ + + + + + + + + + + + + + + + + + + + + + + + + + +
NameDescription
ANY +

All listeners/routes/clusters in both sidecars and gateways.

+ +
SIDECAR_INBOUND +

Inbound listener/route/cluster in sidecar.

+ +
SIDECAR_OUTBOUND +

Outbound listener/route/cluster in sidecar.

+ +
GATEWAY +

Gateway listener/route/cluster.

+ +
+
diff --git a/vendor/istio.io/api/networking/v1alpha3/envoy_filter.proto b/vendor/istio.io/api/networking/v1alpha3/envoy_filter.proto new file mode 100644 index 000000000..064f6a597 --- /dev/null +++ b/vendor/istio.io/api/networking/v1alpha3/envoy_filter.proto @@ -0,0 +1,893 @@ +// Copyright Istio Authors +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. + +syntax = "proto3"; + +import "google/protobuf/struct.proto"; +import "networking/v1alpha3/sidecar.proto"; +import "type/v1beta1/selector.proto"; + +// $schema: istio.networking.v1alpha3.EnvoyFilter +// $title: Envoy Filter +// $description: Customizing Envoy configuration generated by Istio. +// $location: https://istio.io/docs/reference/config/networking/envoy-filter.html +// $aliases: [/docs/reference/config/networking/v1alpha3/envoy-filter] + +// `EnvoyFilter` provides a mechanism to customize the Envoy +// configuration generated by istiod. Use EnvoyFilter to modify +// values for certain fields, add specific filters, or even add +// entirely new listeners, clusters, etc. This feature must be used +// with care, as incorrect configurations could potentially +// destabilize the entire mesh. Unlike other Istio networking objects, +// EnvoyFilters are additively applied. Any number of EnvoyFilters can +// exist for a given workload in a specific namespace. The order of +// application of these EnvoyFilters is as follows: all EnvoyFilters +// in the config [root +// namespace](https://istio.io/docs/reference/config/istio.mesh.v1alpha1/#MeshConfig), +// followed by all matching EnvoyFilters in the workload's namespace. +// +// **NOTE 1**: Some aspects of this API are deeply tied to the internal +// implementation in Istio networking subsystem as well as Envoy's XDS +// API. While the EnvoyFilter API by itself will maintain backward +// compatibility, any envoy configuration provided through this +// mechanism should be carefully monitored across Istio proxy version +// upgrades, to ensure that deprecated fields are removed and replaced +// appropriately. +// +// **NOTE 2**: When multiple EnvoyFilters are bound to the same +// workload in a given namespace, all patches will be processed +// sequentially in order of creation time. The behavior is undefined +// if multiple EnvoyFilter configurations conflict with each other. +// +// **NOTE 3**: To apply an EnvoyFilter resource to all workloads +// (sidecars and gateways) in the system, define the resource in the +// config [root +// namespace](https://istio.io/docs/reference/config/istio.mesh.v1alpha1/#MeshConfig), +// without a workloadSelector. +// +// The example below declares a global default EnvoyFilter resource in +// the root namespace called `istio-config`, that adds a custom +// protocol filter on all sidecars in the system, for outbound port +// 9307. The filter should be added before the terminating tcp_proxy +// filter to take effect. In addition, it sets a 30s idle timeout for +// all HTTP connections in both gateways and sidecars. +// +// ```yaml +// apiVersion: networking.istio.io/v1alpha3 +// kind: EnvoyFilter +// metadata: +// name: custom-protocol +// namespace: istio-config # as defined in meshConfig resource. +// spec: +// configPatches: +// - applyTo: NETWORK_FILTER +// match: +// context: SIDECAR_OUTBOUND # will match outbound listeners in all sidecars +// listener: +// portNumber: 9307 +// filterChain: +// filter: +// name: "envoy.filters.network.tcp_proxy" +// patch: +// operation: INSERT_BEFORE +// value: +// # This is the full filter config including the name and typed_config section. +// name: "envoy.extensions.filters.network.mongo_proxy" +// typed_config: +// "@type": "type.googleapis.com/envoy.extensions.filters.network.mongo_proxy.v3.MongoProxy" +// ... +// - applyTo: NETWORK_FILTER # http connection manager is a filter in Envoy +// match: +// # context omitted so that this applies to both sidecars and gateways +// listener: +// filterChain: +// filter: +// name: "envoy.filters.network.http_connection_manager" +// patch: +// operation: MERGE +// value: +// name: "envoy.filters.network.http_connection_manager" +// typed_config: +// "@type": "type.googleapis.com/envoy.extensions.filters.network.http_connection_manager.v3.HttpConnectionManager" +// common_http_protocol_options: +// idle_timeout: 30s +// ``` +// +// The following example enables Envoy's Lua filter for all inbound +// HTTP calls arriving at service port 8080 of the reviews service pod +// with labels "app: reviews", in the bookinfo namespace. The lua +// filter calls out to an external service internal.org.net:8888 that +// requires a special cluster definition in envoy. The cluster is also +// added to the sidecar as part of this configuration. +// +// ```yaml +// apiVersion: networking.istio.io/v1alpha3 +// kind: EnvoyFilter +// metadata: +// name: reviews-lua +// namespace: bookinfo +// spec: +// workloadSelector: +// labels: +// app: reviews +// configPatches: +// # The first patch adds the lua filter to the listener/http connection manager +// - applyTo: HTTP_FILTER +// match: +// context: SIDECAR_INBOUND +// listener: +// portNumber: 8080 +// filterChain: +// filter: +// name: "envoy.filters.network.http_connection_manager" +// subFilter: +// name: "envoy.filters.http.router" +// patch: +// operation: INSERT_BEFORE +// value: # lua filter specification +// name: envoy.filters.http.lua +// typed_config: +// "@type": "type.googleapis.com/envoy.extensions.filters.http.lua.v3.Lua" +// defaultSourceCode: +// inlineString: | +// function envoy_on_request(request_handle) +// -- Make an HTTP call to an upstream host with the following headers, body, and timeout. +// local headers, body = request_handle:httpCall( +// "lua_cluster", +// { +// [":method"] = "POST", +// [":path"] = "/acl", +// [":authority"] = "internal.org.net" +// }, +// "authorize call", +// 5000) +// end +// # The second patch adds the cluster that is referenced by the lua code +// # cds match is omitted as a new cluster is being added +// - applyTo: CLUSTER +// match: +// context: SIDECAR_OUTBOUND +// patch: +// operation: ADD +// value: # cluster specification +// name: "lua_cluster" +// type: STRICT_DNS +// connect_timeout: 0.5s +// lb_policy: ROUND_ROBIN +// load_assignment: +// cluster_name: lua_cluster +// endpoints: +// - lb_endpoints: +// - endpoint: +// address: +// socket_address: +// protocol: TCP +// address: "internal.org.net" +// port_value: 8888 +// ``` +// +// The following example overwrites certain fields (HTTP idle timeout +// and X-Forward-For trusted hops) in the HTTP connection manager in a +// listener on the ingress gateway in istio-system namespace for the +// SNI host app.example.com: +// +// ```yaml +// apiVersion: networking.istio.io/v1alpha3 +// kind: EnvoyFilter +// metadata: +// name: hcm-tweaks +// namespace: istio-system +// spec: +// workloadSelector: +// labels: +// istio: ingressgateway +// configPatches: +// - applyTo: NETWORK_FILTER # http connection manager is a filter in Envoy +// match: +// context: GATEWAY +// listener: +// filterChain: +// sni: app.example.com +// filter: +// name: "envoy.filters.network.http_connection_manager" +// patch: +// operation: MERGE +// value: +// typed_config: +// "@type": "type.googleapis.com/envoy.extensions.filters.network.http_connection_manager.v3.HttpConnectionManager" +// xff_num_trusted_hops: 5 +// common_http_protocol_options: +// idle_timeout: 30s +// ``` +// +// The following example inserts an attributegen filter +// that produces `istio_operationId` attribute which is consumed +// by the istio.stats filter. `filterClass: STATS` encodes this dependency. +// +// +// ```yaml +// apiVersion: networking.istio.io/v1alpha3 +// kind: EnvoyFilter +// metadata: +// name: reviews-request-operation +// namespace: myns +// spec: +// workloadSelector: +// labels: +// app: reviews +// configPatches: +// - applyTo: HTTP_FILTER +// match: +// context: SIDECAR_INBOUND +// patch: +// operation: ADD +// filterClass: STATS # This filter will run *before* the Istio stats filter. +// value: +// name: istio.request_operation +// typed_config: +// "@type": type.googleapis.com/udpa.type.v1.TypedStruct +// type_url: type.googleapis.com/envoy.extensions.filters.http.wasm.v3.Wasm +// value: +// config: +// configuration: | +// { +// "attributes": [ +// { +// "output_attribute": "istio_operationId", +// "match": [ +// { +// "value": "ListReviews", +// "condition": "request.url_path == '/reviews' && request.method == 'GET'" +// }] +// }] +// } +// vm_config: +// runtime: envoy.wasm.runtime.null +// code: +// local: { inline_string: "envoy.wasm.attributegen" } +// ``` +// +// The following example inserts an http ext_authz filter in the `myns` namespace. +// +// ```yaml +// apiVersion: networking.istio.io/v1alpha3 +// kind: EnvoyFilter +// metadata: +// name: myns-ext-authz +// namespace: myns +// spec: +// configPatches: +// - applyTo: HTTP_FILTER +// match: +// context: SIDECAR_INBOUND +// patch: +// operation: ADD +// filterClass: AUTHZ # This filter will run *after* the Istio authz filter. +// value: +// name: envoy.filters.http.ext_authz +// typed_config: +// "@type": type.googleapis.com/envoy.extensions.filters.http.ext_authz.v3.ExtAuthz +// grpc_service: +// envoy_grpc: +// cluster_name: acme-ext-authz +// initial_metadata: +// - key: foo +// value: myauth.acme # required by local ext auth server. +// ``` +// +// A workload in the `myns` namespace needs to access a different ext_auth server +// that does not accept initial metadata. Since proto merge cannot remove fields, the +// following configuration uses the `REPLACE` operation. If you do not need to inherit +// fields, REPLACE is preferred over MERGE. +// +// ```yaml +// apiVersion: networking.istio.io/v1alpha3 +// kind: EnvoyFilter +// metadata: +// name: mysvc-ext-authz +// namespace: myns +// spec: +// workloadSelector: +// labels: +// app: mysvc +// configPatches: +// - applyTo: HTTP_FILTER +// match: +// context: SIDECAR_INBOUND +// patch: +// operation: REPLACE +// value: +// name: envoy.filters.http.ext_authz +// typed_config: +// "@type": type.googleapis.com/envoy.extensions.filters.http.ext_authz.v3.ExtAuthz +// grpc_service: +// envoy_grpc: +// cluster_name: acme-ext-authz-alt +// ``` +// +// The following example deploys a Wasm extension for all inbound sidecar HTTP requests. +// +// ```yaml +// apiVersion: networking.istio.io/v1alpha3 +// kind: EnvoyFilter +// metadata: +// name: wasm-example +// namespace: myns +// spec: +// configPatches: +// # The first patch defines a named Wasm extension and provides a URL to fetch Wasm binary from, +// # and the binary configuration. It should come before the next patch that applies it. +// # This resource is visible to all proxies in the namespace "myns". It is possible to provide +// # multiple definitions for the same name "my-wasm-extension" in multiple namespaces. We recommend that: +// # - if overriding is desired, then the root level definition can be overridden per namespace with REPLACE. +// # - if overriding is not desired, then the name should be qualified with the namespace "myns/my-wasm-extension", +// # to avoid accidental name collisions. +// - applyTo: EXTENSION_CONFIG +// patch: +// operation: ADD +// value: +// name: my-wasm-extension +// typed_config: +// "@type": type.googleapis.com/envoy.extensions.filters.http.wasm.v3.Wasm +// config: +// root_id: my-wasm-root-id +// vm_config: +// vm_id: my-wasm-vm-id +// runtime: envoy.wasm.runtime.v8 +// code: +// remote: +// http_uri: +// uri: http://my-wasm-binary-uri +// configuration: +// "@type": "type.googleapis.com/google.protobuf.StringValue" +// value: | +// {} +// # The second patch instructs to apply the above Wasm filter to the listener/http connection manager. +// - applyTo: HTTP_FILTER +// match: +// listener: +// filterChain: +// filter: +// name: envoy.filters.network.http_connection_manager +// subFilter: +// name: envoy.filters.http.router +// patch: +// operation: INSERT_BEFORE +// value: +// name: my-wasm-extension # This must match the name above +// config_discovery: +// config_source: +// ads: {} +// type_urls: ["type.googleapis.com/envoy.extensions.filters.http.wasm.v3.Wasm"] +// ``` +// +// The following example inserts an `envoy.filters.listener.proxy_protocol` listener filter before the `envoy.filters.listener.tls_inspector`. +// +// ```yaml +// apiVersion: networking.istio.io/v1alpha3 +// kind: EnvoyFilter +// metadata: +// name: listener-filter-example +// namespace: myns +// spec: +// configPatches: +// - applyTo: LISTENER_FILTER +// match: +// context: SIDECAR_INBOUND # will match inbound listeners in all sidecars +// listener: +// portNumber: 15006 +// listenerFilter: "envoy.filters.listener.tls_inspector" +// patch: +// operation: INSERT_BEFORE +// value: +// # This is the full filter config including the name and typed_config section. +// name: "envoy.filters.listener.proxy_protocol" +// typed_config: +// "@type": "type.googleapis.com/envoy.extensions.filters.listener.proxy_protocol.v3.ProxyProtocol" +package istio.networking.v1alpha3; + +option go_package = "istio.io/api/networking/v1alpha3"; + +// EnvoyFilter provides a mechanism to customize the Envoy configuration +// generated by istiod. +// +// +// +// +// +kubebuilder:validation:XValidation:message="only one of targetRefs or workloadSelector can be set",rule="(has(self.workloadSelector)?1:0)+(has(self.targetRefs)?1:0)<=1" +message EnvoyFilter { + // `ApplyTo` specifies where in the Envoy configuration, the given patch should be applied. + enum ApplyTo { + + INVALID = 0; + + // Applies the patch to the listener. + LISTENER = 1; + + // Applies the patch to the filter chain. + FILTER_CHAIN = 2; + + // Applies the patch to the network filter chain, to modify an + // existing filter or add a new filter. + NETWORK_FILTER = 3; + + // Applies the patch to the HTTP filter chain in the http + // connection manager, to modify an existing filter or add a new + // filter. + HTTP_FILTER = 4; + + // Applies the patch to the Route configuration (rds output) + // inside a HTTP connection manager. This does not apply to the + // virtual host. Currently, only `MERGE` operation is allowed on the + // route configuration objects. + ROUTE_CONFIGURATION = 5; + + // Applies the patch to a virtual host inside a route configuration. + VIRTUAL_HOST = 6; + + // Applies the patch to a route object inside the matched virtual + // host in a route configuration. + HTTP_ROUTE = 7; + + // Applies the patch to a cluster in a CDS output. Also used to add new clusters. + CLUSTER = 8; + + // Applies the patch to or adds an extension config in ECDS output. Note that ECDS + // is only supported by HTTP filters. + EXTENSION_CONFIG = 9; + + // DEPRECATED. Applies the patch to bootstrap configuration. + BOOTSTRAP = 10; + + // Applies the patch to the listener filter. + LISTENER_FILTER = 11; + }; + + // PatchContext selects a class of configurations based on the + // traffic flow direction and workload type. + enum PatchContext { + // All listeners/routes/clusters in both sidecars and gateways. + ANY = 0; + + // Inbound listener/route/cluster in sidecar. + SIDECAR_INBOUND = 1; + + // Outbound listener/route/cluster in sidecar. + SIDECAR_OUTBOUND = 2; + + // Gateway listener/route/cluster. + GATEWAY = 3; + }; + + // One or more properties of the proxy to match on. + message ProxyMatch { + // A regular expression in golang regex format (RE2) that can be + // used to select proxies using a specific version of istio + // proxy. The Istio version for a given proxy is obtained from the + // node metadata field `ISTIO_VERSION` supplied by the proxy when + // connecting to istiod. This value is embedded as an environment + // variable (`ISTIO_META_ISTIO_VERSION`) in the Istio proxy docker + // image. Custom proxy implementations should provide this metadata + // variable to take advantage of the Istio version check option. + string proxy_version = 1; + + // Match on the node metadata supplied by a proxy when connecting + // to istiod. Note that while Envoy's node metadata is of + // type Struct, only string key-value pairs are processed by + // istiod. All keys specified in the metadata must match with exact + // values. The match will fail if any of the specified keys are + // absent or the values fail to match. + map metadata = 2; + }; + + // Conditions specified in `ClusterMatch` must be met for the patch + // to be applied to a cluster. + message ClusterMatch { + // The service port for which this cluster was generated. If + // omitted, applies to clusters for any port. + // **Note:** for inbound cluster, it is the service target port. + uint32 port_number = 1; + + // The fully qualified service name for this cluster. If omitted, + // applies to clusters for any service. For services defined + // through service entries, the service name is same as the hosts + // defined in the service entry. + // **Note:** for inbound cluster, this is ignored. + string service = 2; + + // The subset associated with the service. If omitted, applies to + // clusters for any subset of a service. + string subset = 3; + + // The exact name of the cluster to match. To match a specific + // cluster by name, such as the internally generated `Passthrough` + // cluster, leave all fields in clusterMatch empty, except the + // name. + string name = 4; + }; + + // Conditions specified in RouteConfigurationMatch must be met for + // the patch to be applied to a route configuration object or a + // specific virtual host within the route configuration. + message RouteConfigurationMatch { + // Match a specific route inside a virtual host in a route configuration. + message RouteMatch { + // The Route objects generated by default are named as + // default. Route objects generated using a virtual service + // will carry the name used in the virtual service's HTTP + // routes. + string name = 1; + + // Action refers to the route action taken by Envoy when a http route matches. + enum Action { + // All three route actions + ANY = 0; + // Route traffic to a cluster / weighted clusters. + ROUTE = 1; + // Redirect request. + REDIRECT = 2; + // directly respond to a request with specific payload. + DIRECT_RESPONSE = 3; + }; + + // Match a route with specific action type. + Action action = 2; + } + + // Match a specific virtual host inside a route configuration. + message VirtualHostMatch { + // The VirtualHosts objects generated by Istio are named as + // host:port, where the host typically corresponds to the + // VirtualService's host field or the hostname of a service in the + // registry. + string name = 1; + + // Match a specific route within the virtual host. + RouteMatch route = 2; + } + + // The service port number or gateway server port number for which + // this route configuration was generated. If omitted, applies to + // route configurations for all ports. + uint32 port_number = 1; + + // Applicable only for GATEWAY context. The gateway server port + // name for which this route configuration was generated. + string port_name = 2; + + // The Istio gateway config's namespace/name for which this route + // configuration was generated. Applies only if the context is + // GATEWAY. Should be in the namespace/name format. Use this field + // in conjunction with the `portNumber` and `portName` to accurately + // select the Envoy route configuration for a specific HTTPS + // server within a gateway config object. + string gateway = 3; + + // Match a specific virtual host in a route configuration and + // apply the patch to the virtual host. + VirtualHostMatch vhost = 4; + + // Route configuration name to match on. Can be used to match a + // specific route configuration by name, such as the internally + // generated `http_proxy` route configuration for all sidecars. + string name = 5; + }; + + // Conditions specified in a listener match must be met for the + // patch to be applied to a specific listener across all filter + // chains, or a specific filter chain inside the listener. + message ListenerMatch { + // For listeners with multiple filter chains (e.g., inbound + // listeners on sidecars with permissive mTLS, gateway listeners + // with multiple SNI matches), the filter chain match can be used + // to select a specific filter chain to patch. + message FilterChainMatch { + // The name assigned to the filter chain. + string name = 1; + + // The SNI value used by a filter chain's match condition. This + // condition will evaluate to false if the filter chain has no + // sni match. + string sni = 2; + + // Applies only to `SIDECAR_INBOUND` context. If non-empty, a + // transport protocol to consider when determining a filter + // chain match. This value will be compared against the + // transport protocol of a new connection, when it's detected by + // the `tls_inspector` listener filter. + // + // Accepted values include: + // + // * `raw_buffer` - default, used when no transport protocol is detected. + // * `tls` - set when TLS protocol is detected by the TLS inspector. + string transport_protocol = 3; + + // Applies only to sidecars. If non-empty, a comma separated set + // of application protocols to consider when determining a + // filter chain match. This value will be compared against the + // application protocols of a new connection, when it's detected + // by one of the listener filters such as the `http_inspector`. + // + // Accepted values include: h2, http/1.1, http/1.0 + string application_protocols = 4; + + // The name of a specific filter to apply the patch to. Set this + // to `envoy.filters.network.http_connection_manager` to add a filter or apply a + // patch to the HTTP connection manager. + FilterMatch filter = 5; + + // The destination_port value used by a filter chain's match condition. + // This condition will evaluate to false if the filter chain has no destination_port match. + uint32 destination_port = 6; + }; + + // Conditions to match a specific filter within a filter chain. + message FilterMatch { + // The filter name to match on. + // For standard Envoy filters, [canonical filter](https://www.envoyproxy.io/docs/envoy/latest/version_history/v1.14.0#deprecated) + // names should be used. + string name = 1; + // The next level filter within this filter to match + // upon. Typically used for HTTP Connection Manager filters and + // Thrift filters. + SubFilterMatch sub_filter = 2; + }; + + // Conditions to match a specific filter within another + // filter. This field is typically useful to match a HTTP filter + // inside the `envoy.filters.network.http_connection_manager` network filter. + // This could also be applicable for thrift filters. + message SubFilterMatch { + // The filter name to match on. + string name = 1; + }; + + // The service port/gateway port to which traffic is being + // sent/received. If not specified, matches all listeners. Even though + // inbound listeners are generated for the instance/pod ports, only + // service ports should be used to match listeners. + uint32 port_number = 1; + + // Instead of using specific port numbers, a set of ports matching + // a given service's port name can be selected. Matching is case + // insensitive. + // Not implemented. + // $hide_from_docs + string port_name = 2; + + // Match a specific filter chain in a listener. If specified, the + // patch will be applied to the filter chain (and a specific + // filter if specified) and not to other filter chains in the + // listener. + FilterChainMatch filter_chain = 3; + + // Match a specific listener filter. If specified, the + // patch will be applied to the listener filter. + string listener_filter = 5; + + // Match a specific listener by its name. The listeners generated + // by istiod are typically named as IP:Port. + string name = 4; + }; + + // Patch specifies how the selected object should be modified. + message Patch { + + // Operation denotes how the patch should be applied to the selected + // configuration. + enum Operation { + INVALID = 0; + + // Merge the provided config with the generated config using + // proto merge semantics. If you are specifying config in its + // entirety, use `REPLACE` instead. + MERGE = 1; + + // Add the provided config to an existing list (of listeners, + // clusters, virtual hosts, network filters, or http + // filters). This operation will be ignored when `applyTo` is set + // to `ROUTE_CONFIGURATION`, or `HTTP_ROUTE`. + ADD = 2; + + // Remove the selected object from the list (of listeners, + // clusters, virtual hosts, network filters, routes, or http + // filters). Does not require a value to be specified. This + // operation will be ignored when `applyTo` is set to + // `ROUTE_CONFIGURATION`, or `HTTP_ROUTE`. + REMOVE = 3; + + // Insert operation on an array of named objects. This operation + // is typically useful only in the context of filters or routes, + // where the order of elements matter. Routes should be ordered + // based on most to least specific matching criteria since the + // first matching element is selected. For clusters and virtual hosts, + // order of the element in the array does not matter. Insert + // before the selected filter or sub filter. If no filter is + // selected, the specified filter will be inserted at the front + // of the list. + INSERT_BEFORE = 4; + + // Insert operation on an array of named objects. This operation + // is typically useful only in the context of filters or routes, + // where the order of elements matter. Routes should be ordered + // based on most to least specific matching criteria since the + // first matching element is selected. For clusters and virtual hosts, + // order of the element in the array does not matter. Insert + // after the selected filter or sub filter. If no filter is + // selected, the specified filter will be inserted at the end + // of the list. + INSERT_AFTER = 5; + + // Insert operation on an array of named objects. This operation + // is typically useful only in the context of filters or routes, + // where the order of elements matter. Routes should be ordered + // based on most to least specific matching criteria since the + // first matching element is selected. For clusters and virtual hosts, + // order of the element in the array does not matter. Insert + // first in the list based on the presence of selected filter or not. + // This is specifically useful when you want your filter first in the + // list based on a match condition specified in Match clause. + INSERT_FIRST = 6; + + // Replace contents of a named filter with new contents. + // `REPLACE` operation is only valid for `HTTP_FILTER` and + // `NETWORK_FILTER`. If the named filter is not found, this operation + // has no effect. + REPLACE = 7; + } + + // Determines how the patch should be applied. + Operation operation = 1; + + // The JSON config of the object being patched. This will be merged using + // proto merge semantics with the existing proto in the path. + google.protobuf.Struct value = 2; + + // FilterClass determines the filter insertion point in the filter chain + // relative to the filters implicitly inserted by the control plane. + // It is used in conjunction with the `ADD` operation. + // This is the preferred insertion mechanism for adding filters over + // the `INSERT_*` operations since those operations rely on potentially unstable + // filter names. + // Filter ordering is important if your filter depends on or affects the + // functioning of a another filter in the filter chain. + // Within a filter class, filters are inserted in the order of processing. + enum FilterClass { + // Control plane decides where to insert the filter. + // Do not specify `FilterClass` if the filter is independent of others. + UNSPECIFIED = 0; + + // Insert filter after Istio authentication filters. + AUTHN = 1; + + // Insert filter after Istio authorization filters. + AUTHZ = 2; + + // Insert filter before Istio stats filters. + STATS = 3; + }; + + // Determines the filter insertion order. + FilterClass filter_class = 3; + }; + + // One or more match conditions to be met before a patch is applied + // to the generated configuration for a given proxy. + message EnvoyConfigObjectMatch { + // The specific config generation context to match on. istiod + // generates envoy configuration in the context of a gateway, + // inbound traffic to sidecar and outbound traffic from sidecar. + PatchContext context = 1; + + // Match on properties associated with a proxy. + ProxyMatch proxy = 2; + + oneof object_types { + // Match on envoy listener attributes. + ListenerMatch listener = 3; + // Match on envoy HTTP route configuration attributes. + RouteConfigurationMatch route_configuration = 4; + // Match on envoy cluster attributes. + ClusterMatch cluster = 5; + } + }; + + // Changes to be made to various envoy config objects. + message EnvoyConfigObjectPatch { + // Specifies where in the Envoy configuration, the patch should be + // applied. The match is expected to select the appropriate + // object based on applyTo. For example, an applyTo with + // `HTTP_FILTER` is expected to have a match condition on the + // listeners, with a network filter selection on + // `envoy.filters.network.http_connection_manager` and a sub filter selection on the + // HTTP filter relative to which the insertion should be + // performed. Similarly, an applyTo on `CLUSTER` should have a match + // (if provided) on the cluster and not on a listener. + ApplyTo apply_to = 1; + + // Match on listener/route configuration/cluster. + EnvoyConfigObjectMatch match = 2; + + // The patch to apply along with the operation. + Patch patch = 3; + } + + reserved 1, 2; + reserved "filters", "workload_labels"; + + // Criteria used to select the specific set of pods/VMs on which + // this patch configuration should be applied. If omitted, the set + // of patches in this configuration will be applied to all workload + // instances in the same namespace. If the `EnvoyFilter` is present + // in the config root namespace, it will be applied to all applicable + // workloads in any namespace. + WorkloadSelector workload_selector = 3; + + // Optional. The targetRefs specifies a list of resources the policy should be + // applied to. The targeted resources specified will determine which workloads + // the policy applies to. + // + // Currently, the following resource attachment types are supported: + // * `kind: Gateway` with `group: gateway.networking.k8s.io` in the same namespace. + // * `kind: Service` with `""` in the same namespace. This type is only supported for waypoints. + // + // If not set, the policy is applied as defined by the selector. + // At most one of the selector and targetRefs can be set. + // + // NOTE: If you are using the `targetRefs` field in a multi-revision environment with Istio versions prior to 1.22, + // it is highly recommended that you pin the policy to a revision running 1.22+ via the `istio.io/rev` label. + // This is to prevent proxies connected to older control planes (that don't know about the `targetRefs` field) + // from misinterpreting the policy as namespace-wide during the upgrade process. + // + // NOTE: Waypoint proxies are required to use this field for policies to apply; `selector` policies will be ignored. + // +kubebuilder:validation:MaxItems=16 + repeated istio.type.v1beta1.PolicyTargetReference targetRefs = 6; + + // One or more patches with match conditions. + repeated EnvoyConfigObjectPatch config_patches = 4; + + // Priority defines the order in which patch sets are applied within a context. + // When one patch depends on another patch, the order of patch application + // is significant. The API provides two primary ways to order patches. + // Patch sets in the root namespace are applied before the patch sets in the + // workload namespace. Patches within a patch set are processed in the order + // that they appear in the `configPatches` list. + // + // The default value for priority is 0 and the range is [ min-int32, max-int32 ]. + // A patch set with a negative priority is processed before the default. A patch + // set with a positive priority is processed after the default. + // + // It is recommended to start with priority values that are multiples of 10 + // to leave room for further insertion. + // + // Patch sets are sorted in the following ascending key order: + // priority, creation time, fully qualified resource name. + int32 priority = 5; +} diff --git a/vendor/istio.io/api/networking/v1alpha3/envoy_filter_deepcopy.gen.go b/vendor/istio.io/api/networking/v1alpha3/envoy_filter_deepcopy.gen.go new file mode 100644 index 000000000..1d402e3b8 --- /dev/null +++ b/vendor/istio.io/api/networking/v1alpha3/envoy_filter_deepcopy.gen.go @@ -0,0 +1,279 @@ +// Code generated by protoc-gen-deepcopy. DO NOT EDIT. +package v1alpha3 + +import ( + proto "google.golang.org/protobuf/proto" +) + +// DeepCopyInto supports using EnvoyFilter within kubernetes types, where deepcopy-gen is used. +func (in *EnvoyFilter) DeepCopyInto(out *EnvoyFilter) { + p := proto.Clone(in).(*EnvoyFilter) + *out = *p +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new EnvoyFilter. Required by controller-gen. +func (in *EnvoyFilter) DeepCopy() *EnvoyFilter { + if in == nil { + return nil + } + out := new(EnvoyFilter) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInterface is an autogenerated deepcopy function, copying the receiver, creating a new EnvoyFilter. Required by controller-gen. +func (in *EnvoyFilter) DeepCopyInterface() interface{} { + return in.DeepCopy() +} + +// DeepCopyInto supports using EnvoyFilter_ProxyMatch within kubernetes types, where deepcopy-gen is used. +func (in *EnvoyFilter_ProxyMatch) DeepCopyInto(out *EnvoyFilter_ProxyMatch) { + p := proto.Clone(in).(*EnvoyFilter_ProxyMatch) + *out = *p +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new EnvoyFilter_ProxyMatch. Required by controller-gen. +func (in *EnvoyFilter_ProxyMatch) DeepCopy() *EnvoyFilter_ProxyMatch { + if in == nil { + return nil + } + out := new(EnvoyFilter_ProxyMatch) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInterface is an autogenerated deepcopy function, copying the receiver, creating a new EnvoyFilter_ProxyMatch. Required by controller-gen. +func (in *EnvoyFilter_ProxyMatch) DeepCopyInterface() interface{} { + return in.DeepCopy() +} + +// DeepCopyInto supports using EnvoyFilter_ClusterMatch within kubernetes types, where deepcopy-gen is used. +func (in *EnvoyFilter_ClusterMatch) DeepCopyInto(out *EnvoyFilter_ClusterMatch) { + p := proto.Clone(in).(*EnvoyFilter_ClusterMatch) + *out = *p +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new EnvoyFilter_ClusterMatch. Required by controller-gen. +func (in *EnvoyFilter_ClusterMatch) DeepCopy() *EnvoyFilter_ClusterMatch { + if in == nil { + return nil + } + out := new(EnvoyFilter_ClusterMatch) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInterface is an autogenerated deepcopy function, copying the receiver, creating a new EnvoyFilter_ClusterMatch. Required by controller-gen. +func (in *EnvoyFilter_ClusterMatch) DeepCopyInterface() interface{} { + return in.DeepCopy() +} + +// DeepCopyInto supports using EnvoyFilter_RouteConfigurationMatch within kubernetes types, where deepcopy-gen is used. +func (in *EnvoyFilter_RouteConfigurationMatch) DeepCopyInto(out *EnvoyFilter_RouteConfigurationMatch) { + p := proto.Clone(in).(*EnvoyFilter_RouteConfigurationMatch) + *out = *p +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new EnvoyFilter_RouteConfigurationMatch. Required by controller-gen. +func (in *EnvoyFilter_RouteConfigurationMatch) DeepCopy() *EnvoyFilter_RouteConfigurationMatch { + if in == nil { + return nil + } + out := new(EnvoyFilter_RouteConfigurationMatch) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInterface is an autogenerated deepcopy function, copying the receiver, creating a new EnvoyFilter_RouteConfigurationMatch. Required by controller-gen. +func (in *EnvoyFilter_RouteConfigurationMatch) DeepCopyInterface() interface{} { + return in.DeepCopy() +} + +// DeepCopyInto supports using EnvoyFilter_RouteConfigurationMatch_RouteMatch within kubernetes types, where deepcopy-gen is used. +func (in *EnvoyFilter_RouteConfigurationMatch_RouteMatch) DeepCopyInto(out *EnvoyFilter_RouteConfigurationMatch_RouteMatch) { + p := proto.Clone(in).(*EnvoyFilter_RouteConfigurationMatch_RouteMatch) + *out = *p +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new EnvoyFilter_RouteConfigurationMatch_RouteMatch. Required by controller-gen. +func (in *EnvoyFilter_RouteConfigurationMatch_RouteMatch) DeepCopy() *EnvoyFilter_RouteConfigurationMatch_RouteMatch { + if in == nil { + return nil + } + out := new(EnvoyFilter_RouteConfigurationMatch_RouteMatch) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInterface is an autogenerated deepcopy function, copying the receiver, creating a new EnvoyFilter_RouteConfigurationMatch_RouteMatch. Required by controller-gen. +func (in *EnvoyFilter_RouteConfigurationMatch_RouteMatch) DeepCopyInterface() interface{} { + return in.DeepCopy() +} + +// DeepCopyInto supports using EnvoyFilter_RouteConfigurationMatch_VirtualHostMatch within kubernetes types, where deepcopy-gen is used. +func (in *EnvoyFilter_RouteConfigurationMatch_VirtualHostMatch) DeepCopyInto(out *EnvoyFilter_RouteConfigurationMatch_VirtualHostMatch) { + p := proto.Clone(in).(*EnvoyFilter_RouteConfigurationMatch_VirtualHostMatch) + *out = *p +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new EnvoyFilter_RouteConfigurationMatch_VirtualHostMatch. Required by controller-gen. +func (in *EnvoyFilter_RouteConfigurationMatch_VirtualHostMatch) DeepCopy() *EnvoyFilter_RouteConfigurationMatch_VirtualHostMatch { + if in == nil { + return nil + } + out := new(EnvoyFilter_RouteConfigurationMatch_VirtualHostMatch) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInterface is an autogenerated deepcopy function, copying the receiver, creating a new EnvoyFilter_RouteConfigurationMatch_VirtualHostMatch. Required by controller-gen. +func (in *EnvoyFilter_RouteConfigurationMatch_VirtualHostMatch) DeepCopyInterface() interface{} { + return in.DeepCopy() +} + +// DeepCopyInto supports using EnvoyFilter_ListenerMatch within kubernetes types, where deepcopy-gen is used. +func (in *EnvoyFilter_ListenerMatch) DeepCopyInto(out *EnvoyFilter_ListenerMatch) { + p := proto.Clone(in).(*EnvoyFilter_ListenerMatch) + *out = *p +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new EnvoyFilter_ListenerMatch. Required by controller-gen. +func (in *EnvoyFilter_ListenerMatch) DeepCopy() *EnvoyFilter_ListenerMatch { + if in == nil { + return nil + } + out := new(EnvoyFilter_ListenerMatch) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInterface is an autogenerated deepcopy function, copying the receiver, creating a new EnvoyFilter_ListenerMatch. Required by controller-gen. +func (in *EnvoyFilter_ListenerMatch) DeepCopyInterface() interface{} { + return in.DeepCopy() +} + +// DeepCopyInto supports using EnvoyFilter_ListenerMatch_FilterChainMatch within kubernetes types, where deepcopy-gen is used. +func (in *EnvoyFilter_ListenerMatch_FilterChainMatch) DeepCopyInto(out *EnvoyFilter_ListenerMatch_FilterChainMatch) { + p := proto.Clone(in).(*EnvoyFilter_ListenerMatch_FilterChainMatch) + *out = *p +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new EnvoyFilter_ListenerMatch_FilterChainMatch. Required by controller-gen. +func (in *EnvoyFilter_ListenerMatch_FilterChainMatch) DeepCopy() *EnvoyFilter_ListenerMatch_FilterChainMatch { + if in == nil { + return nil + } + out := new(EnvoyFilter_ListenerMatch_FilterChainMatch) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInterface is an autogenerated deepcopy function, copying the receiver, creating a new EnvoyFilter_ListenerMatch_FilterChainMatch. Required by controller-gen. +func (in *EnvoyFilter_ListenerMatch_FilterChainMatch) DeepCopyInterface() interface{} { + return in.DeepCopy() +} + +// DeepCopyInto supports using EnvoyFilter_ListenerMatch_FilterMatch within kubernetes types, where deepcopy-gen is used. +func (in *EnvoyFilter_ListenerMatch_FilterMatch) DeepCopyInto(out *EnvoyFilter_ListenerMatch_FilterMatch) { + p := proto.Clone(in).(*EnvoyFilter_ListenerMatch_FilterMatch) + *out = *p +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new EnvoyFilter_ListenerMatch_FilterMatch. Required by controller-gen. +func (in *EnvoyFilter_ListenerMatch_FilterMatch) DeepCopy() *EnvoyFilter_ListenerMatch_FilterMatch { + if in == nil { + return nil + } + out := new(EnvoyFilter_ListenerMatch_FilterMatch) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInterface is an autogenerated deepcopy function, copying the receiver, creating a new EnvoyFilter_ListenerMatch_FilterMatch. Required by controller-gen. +func (in *EnvoyFilter_ListenerMatch_FilterMatch) DeepCopyInterface() interface{} { + return in.DeepCopy() +} + +// DeepCopyInto supports using EnvoyFilter_ListenerMatch_SubFilterMatch within kubernetes types, where deepcopy-gen is used. +func (in *EnvoyFilter_ListenerMatch_SubFilterMatch) DeepCopyInto(out *EnvoyFilter_ListenerMatch_SubFilterMatch) { + p := proto.Clone(in).(*EnvoyFilter_ListenerMatch_SubFilterMatch) + *out = *p +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new EnvoyFilter_ListenerMatch_SubFilterMatch. Required by controller-gen. +func (in *EnvoyFilter_ListenerMatch_SubFilterMatch) DeepCopy() *EnvoyFilter_ListenerMatch_SubFilterMatch { + if in == nil { + return nil + } + out := new(EnvoyFilter_ListenerMatch_SubFilterMatch) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInterface is an autogenerated deepcopy function, copying the receiver, creating a new EnvoyFilter_ListenerMatch_SubFilterMatch. Required by controller-gen. +func (in *EnvoyFilter_ListenerMatch_SubFilterMatch) DeepCopyInterface() interface{} { + return in.DeepCopy() +} + +// DeepCopyInto supports using EnvoyFilter_Patch within kubernetes types, where deepcopy-gen is used. +func (in *EnvoyFilter_Patch) DeepCopyInto(out *EnvoyFilter_Patch) { + p := proto.Clone(in).(*EnvoyFilter_Patch) + *out = *p +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new EnvoyFilter_Patch. Required by controller-gen. +func (in *EnvoyFilter_Patch) DeepCopy() *EnvoyFilter_Patch { + if in == nil { + return nil + } + out := new(EnvoyFilter_Patch) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInterface is an autogenerated deepcopy function, copying the receiver, creating a new EnvoyFilter_Patch. Required by controller-gen. +func (in *EnvoyFilter_Patch) DeepCopyInterface() interface{} { + return in.DeepCopy() +} + +// DeepCopyInto supports using EnvoyFilter_EnvoyConfigObjectMatch within kubernetes types, where deepcopy-gen is used. +func (in *EnvoyFilter_EnvoyConfigObjectMatch) DeepCopyInto(out *EnvoyFilter_EnvoyConfigObjectMatch) { + p := proto.Clone(in).(*EnvoyFilter_EnvoyConfigObjectMatch) + *out = *p +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new EnvoyFilter_EnvoyConfigObjectMatch. Required by controller-gen. +func (in *EnvoyFilter_EnvoyConfigObjectMatch) DeepCopy() *EnvoyFilter_EnvoyConfigObjectMatch { + if in == nil { + return nil + } + out := new(EnvoyFilter_EnvoyConfigObjectMatch) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInterface is an autogenerated deepcopy function, copying the receiver, creating a new EnvoyFilter_EnvoyConfigObjectMatch. Required by controller-gen. +func (in *EnvoyFilter_EnvoyConfigObjectMatch) DeepCopyInterface() interface{} { + return in.DeepCopy() +} + +// DeepCopyInto supports using EnvoyFilter_EnvoyConfigObjectPatch within kubernetes types, where deepcopy-gen is used. +func (in *EnvoyFilter_EnvoyConfigObjectPatch) DeepCopyInto(out *EnvoyFilter_EnvoyConfigObjectPatch) { + p := proto.Clone(in).(*EnvoyFilter_EnvoyConfigObjectPatch) + *out = *p +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new EnvoyFilter_EnvoyConfigObjectPatch. Required by controller-gen. +func (in *EnvoyFilter_EnvoyConfigObjectPatch) DeepCopy() *EnvoyFilter_EnvoyConfigObjectPatch { + if in == nil { + return nil + } + out := new(EnvoyFilter_EnvoyConfigObjectPatch) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInterface is an autogenerated deepcopy function, copying the receiver, creating a new EnvoyFilter_EnvoyConfigObjectPatch. Required by controller-gen. +func (in *EnvoyFilter_EnvoyConfigObjectPatch) DeepCopyInterface() interface{} { + return in.DeepCopy() +} diff --git a/vendor/istio.io/api/networking/v1alpha3/envoy_filter_json.gen.go b/vendor/istio.io/api/networking/v1alpha3/envoy_filter_json.gen.go new file mode 100644 index 000000000..24c1268e5 --- /dev/null +++ b/vendor/istio.io/api/networking/v1alpha3/envoy_filter_json.gen.go @@ -0,0 +1,155 @@ +// Code generated by protoc-gen-jsonshim. DO NOT EDIT. +package v1alpha3 + +import ( + bytes "bytes" + jsonpb "github.com/golang/protobuf/jsonpb" +) + +// MarshalJSON is a custom marshaler for EnvoyFilter +func (this *EnvoyFilter) MarshalJSON() ([]byte, error) { + str, err := EnvoyFilterMarshaler.MarshalToString(this) + return []byte(str), err +} + +// UnmarshalJSON is a custom unmarshaler for EnvoyFilter +func (this *EnvoyFilter) UnmarshalJSON(b []byte) error { + return EnvoyFilterUnmarshaler.Unmarshal(bytes.NewReader(b), this) +} + +// MarshalJSON is a custom marshaler for EnvoyFilter_ProxyMatch +func (this *EnvoyFilter_ProxyMatch) MarshalJSON() ([]byte, error) { + str, err := EnvoyFilterMarshaler.MarshalToString(this) + return []byte(str), err +} + +// UnmarshalJSON is a custom unmarshaler for EnvoyFilter_ProxyMatch +func (this *EnvoyFilter_ProxyMatch) UnmarshalJSON(b []byte) error { + return EnvoyFilterUnmarshaler.Unmarshal(bytes.NewReader(b), this) +} + +// MarshalJSON is a custom marshaler for EnvoyFilter_ClusterMatch +func (this *EnvoyFilter_ClusterMatch) MarshalJSON() ([]byte, error) { + str, err := EnvoyFilterMarshaler.MarshalToString(this) + return []byte(str), err +} + +// UnmarshalJSON is a custom unmarshaler for EnvoyFilter_ClusterMatch +func (this *EnvoyFilter_ClusterMatch) UnmarshalJSON(b []byte) error { + return EnvoyFilterUnmarshaler.Unmarshal(bytes.NewReader(b), this) +} + +// MarshalJSON is a custom marshaler for EnvoyFilter_RouteConfigurationMatch +func (this *EnvoyFilter_RouteConfigurationMatch) MarshalJSON() ([]byte, error) { + str, err := EnvoyFilterMarshaler.MarshalToString(this) + return []byte(str), err +} + +// UnmarshalJSON is a custom unmarshaler for EnvoyFilter_RouteConfigurationMatch +func (this *EnvoyFilter_RouteConfigurationMatch) UnmarshalJSON(b []byte) error { + return EnvoyFilterUnmarshaler.Unmarshal(bytes.NewReader(b), this) +} + +// MarshalJSON is a custom marshaler for EnvoyFilter_RouteConfigurationMatch_RouteMatch +func (this *EnvoyFilter_RouteConfigurationMatch_RouteMatch) MarshalJSON() ([]byte, error) { + str, err := EnvoyFilterMarshaler.MarshalToString(this) + return []byte(str), err +} + +// UnmarshalJSON is a custom unmarshaler for EnvoyFilter_RouteConfigurationMatch_RouteMatch +func (this *EnvoyFilter_RouteConfigurationMatch_RouteMatch) UnmarshalJSON(b []byte) error { + return EnvoyFilterUnmarshaler.Unmarshal(bytes.NewReader(b), this) +} + +// MarshalJSON is a custom marshaler for EnvoyFilter_RouteConfigurationMatch_VirtualHostMatch +func (this *EnvoyFilter_RouteConfigurationMatch_VirtualHostMatch) MarshalJSON() ([]byte, error) { + str, err := EnvoyFilterMarshaler.MarshalToString(this) + return []byte(str), err +} + +// UnmarshalJSON is a custom unmarshaler for EnvoyFilter_RouteConfigurationMatch_VirtualHostMatch +func (this *EnvoyFilter_RouteConfigurationMatch_VirtualHostMatch) UnmarshalJSON(b []byte) error { + return EnvoyFilterUnmarshaler.Unmarshal(bytes.NewReader(b), this) +} + +// MarshalJSON is a custom marshaler for EnvoyFilter_ListenerMatch +func (this *EnvoyFilter_ListenerMatch) MarshalJSON() ([]byte, error) { + str, err := EnvoyFilterMarshaler.MarshalToString(this) + return []byte(str), err +} + +// UnmarshalJSON is a custom unmarshaler for EnvoyFilter_ListenerMatch +func (this *EnvoyFilter_ListenerMatch) UnmarshalJSON(b []byte) error { + return EnvoyFilterUnmarshaler.Unmarshal(bytes.NewReader(b), this) +} + +// MarshalJSON is a custom marshaler for EnvoyFilter_ListenerMatch_FilterChainMatch +func (this *EnvoyFilter_ListenerMatch_FilterChainMatch) MarshalJSON() ([]byte, error) { + str, err := EnvoyFilterMarshaler.MarshalToString(this) + return []byte(str), err +} + +// UnmarshalJSON is a custom unmarshaler for EnvoyFilter_ListenerMatch_FilterChainMatch +func (this *EnvoyFilter_ListenerMatch_FilterChainMatch) UnmarshalJSON(b []byte) error { + return EnvoyFilterUnmarshaler.Unmarshal(bytes.NewReader(b), this) +} + +// MarshalJSON is a custom marshaler for EnvoyFilter_ListenerMatch_FilterMatch +func (this *EnvoyFilter_ListenerMatch_FilterMatch) MarshalJSON() ([]byte, error) { + str, err := EnvoyFilterMarshaler.MarshalToString(this) + return []byte(str), err +} + +// UnmarshalJSON is a custom unmarshaler for EnvoyFilter_ListenerMatch_FilterMatch +func (this *EnvoyFilter_ListenerMatch_FilterMatch) UnmarshalJSON(b []byte) error { + return EnvoyFilterUnmarshaler.Unmarshal(bytes.NewReader(b), this) +} + +// MarshalJSON is a custom marshaler for EnvoyFilter_ListenerMatch_SubFilterMatch +func (this *EnvoyFilter_ListenerMatch_SubFilterMatch) MarshalJSON() ([]byte, error) { + str, err := EnvoyFilterMarshaler.MarshalToString(this) + return []byte(str), err +} + +// UnmarshalJSON is a custom unmarshaler for EnvoyFilter_ListenerMatch_SubFilterMatch +func (this *EnvoyFilter_ListenerMatch_SubFilterMatch) UnmarshalJSON(b []byte) error { + return EnvoyFilterUnmarshaler.Unmarshal(bytes.NewReader(b), this) +} + +// MarshalJSON is a custom marshaler for EnvoyFilter_Patch +func (this *EnvoyFilter_Patch) MarshalJSON() ([]byte, error) { + str, err := EnvoyFilterMarshaler.MarshalToString(this) + return []byte(str), err +} + +// UnmarshalJSON is a custom unmarshaler for EnvoyFilter_Patch +func (this *EnvoyFilter_Patch) UnmarshalJSON(b []byte) error { + return EnvoyFilterUnmarshaler.Unmarshal(bytes.NewReader(b), this) +} + +// MarshalJSON is a custom marshaler for EnvoyFilter_EnvoyConfigObjectMatch +func (this *EnvoyFilter_EnvoyConfigObjectMatch) MarshalJSON() ([]byte, error) { + str, err := EnvoyFilterMarshaler.MarshalToString(this) + return []byte(str), err +} + +// UnmarshalJSON is a custom unmarshaler for EnvoyFilter_EnvoyConfigObjectMatch +func (this *EnvoyFilter_EnvoyConfigObjectMatch) UnmarshalJSON(b []byte) error { + return EnvoyFilterUnmarshaler.Unmarshal(bytes.NewReader(b), this) +} + +// MarshalJSON is a custom marshaler for EnvoyFilter_EnvoyConfigObjectPatch +func (this *EnvoyFilter_EnvoyConfigObjectPatch) MarshalJSON() ([]byte, error) { + str, err := EnvoyFilterMarshaler.MarshalToString(this) + return []byte(str), err +} + +// UnmarshalJSON is a custom unmarshaler for EnvoyFilter_EnvoyConfigObjectPatch +func (this *EnvoyFilter_EnvoyConfigObjectPatch) UnmarshalJSON(b []byte) error { + return EnvoyFilterUnmarshaler.Unmarshal(bytes.NewReader(b), this) +} + +var ( + EnvoyFilterMarshaler = &jsonpb.Marshaler{} + EnvoyFilterUnmarshaler = &jsonpb.Unmarshaler{AllowUnknownFields: true} +) diff --git a/vendor/istio.io/api/networking/v1beta1/gateway.pb.go b/vendor/istio.io/api/networking/v1alpha3/gateway.pb.go similarity index 54% rename from vendor/istio.io/api/networking/v1beta1/gateway.pb.go rename to vendor/istio.io/api/networking/v1alpha3/gateway.pb.go index 0fccae34c..c54e4f9d8 100644 --- a/vendor/istio.io/api/networking/v1beta1/gateway.pb.go +++ b/vendor/istio.io/api/networking/v1alpha3/gateway.pb.go @@ -1,4 +1,4 @@ -// Copyright 2020 Istio Authors +// Copyright 2017 Istio Authors // // Licensed under the Apache License, Version 2.0 (the "License"); // you may not use this file except in compliance with the License. @@ -14,16 +14,15 @@ // Code generated by protoc-gen-go. DO NOT EDIT. // versions: -// protoc-gen-go v1.28.1 +// protoc-gen-go v1.35.2 // protoc (unknown) -// source: networking/v1beta1/gateway.proto +// source: networking/v1alpha3/gateway.proto -// $schema: istio.networking.v1beta1.Gateway +// $schema: istio.networking.v1alpha3.Gateway // $title: Gateway // $description: Configuration affecting edge load balancer. // $location: https://istio.io/docs/reference/config/networking/gateway.html -// $aliases: [/docs/reference/config/networking/v1beta1/gateway] -// $mode: none +// $aliases: [/docs/reference/config/networking/v1alpha3/gateway] // `Gateway` describes a load balancer operating at the edge of the mesh // receiving incoming or outgoing HTTP/TCP connections. The specification @@ -38,10 +37,8 @@ // on these ports, it is the responsibility of the user to ensure that // external traffic to these ports are allowed into the mesh. // -// {{}} -// {{}} // ```yaml -// apiVersion: networking.istio.io/v1alpha3 +// apiVersion: networking.istio.io/v1 // kind: Gateway // metadata: // name: my-gateway @@ -92,63 +89,6 @@ // hosts: // - "*" // ``` -// {{}} -// -// {{}} -// ```yaml -// apiVersion: networking.istio.io/v1beta1 -// kind: Gateway -// metadata: -// name: my-gateway -// namespace: some-config-namespace -// spec: -// selector: -// app: my-gateway-controller -// servers: -// - port: -// number: 80 -// name: http -// protocol: HTTP -// hosts: -// - uk.bookinfo.com -// - eu.bookinfo.com -// tls: -// httpsRedirect: true # sends 301 redirect for http requests -// - port: -// number: 443 -// name: https-443 -// protocol: HTTPS -// hosts: -// - uk.bookinfo.com -// - eu.bookinfo.com -// tls: -// mode: SIMPLE # enables HTTPS on this port -// serverCertificate: /etc/certs/servercert.pem -// privateKey: /etc/certs/privatekey.pem -// - port: -// number: 9443 -// name: https-9443 -// protocol: HTTPS -// hosts: -// - "bookinfo-namespace/*.bookinfo.com" -// tls: -// mode: SIMPLE # enables HTTPS on this port -// credentialName: bookinfo-secret # fetches certs from Kubernetes secret -// - port: -// number: 9080 -// name: http-wildcard -// protocol: HTTP -// hosts: -// - "*" -// - port: -// number: 2379 # to expose internal service via external port 2379 -// name: mongo -// protocol: MONGO -// hosts: -// - "*" -// ``` -// {{}} -// {{}} // // The Gateway specification above describes the L4-L6 properties of a load // balancer. A `VirtualService` can then be bound to a gateway to control @@ -165,50 +105,8 @@ // applicable across ports 443, 9080. Note that `http://uk.bookinfo.com` // gets redirected to `https://uk.bookinfo.com` (i.e. 80 redirects to 443). // -// {{}} -// {{}} -// ```yaml -// apiVersion: networking.istio.io/v1alpha3 -// kind: VirtualService -// metadata: -// name: bookinfo-rule -// namespace: bookinfo-namespace -// spec: -// hosts: -// - reviews.prod.svc.cluster.local -// - uk.bookinfo.com -// - eu.bookinfo.com -// gateways: -// - some-config-namespace/my-gateway -// - mesh # applies to all the sidecars in the mesh -// http: -// - match: -// - headers: -// cookie: -// exact: "user=dev-123" -// route: -// - destination: -// port: -// number: 7777 -// host: reviews.qa.svc.cluster.local -// - match: -// - uri: -// prefix: /reviews/ -// route: -// - destination: -// port: -// number: 9080 # can be omitted if it's the only port for reviews -// host: reviews.prod.svc.cluster.local -// weight: 80 -// - destination: -// host: reviews.qa.svc.cluster.local -// weight: 20 -// ``` -// {{}} -// -// {{}} // ```yaml -// apiVersion: networking.istio.io/v1beta1 +// apiVersion: networking.istio.io/v1 // kind: VirtualService // metadata: // name: bookinfo-rule @@ -244,41 +142,14 @@ // host: reviews.qa.svc.cluster.local // weight: 20 // ``` -// {{}} -// {{}} // // The following VirtualService forwards traffic arriving at (external) // port 27017 to internal Mongo server on port 5555. This rule is not // applicable internally in the mesh as the gateway list omits the // reserved name `mesh`. // -// {{}} -// {{}} -// ```yaml -// apiVersion: networking.istio.io/v1alpha3 -// kind: VirtualService -// metadata: -// name: bookinfo-mongo -// namespace: bookinfo-namespace -// spec: -// hosts: -// - mongosvr.prod.svc.cluster.local # name of internal Mongo service -// gateways: -// - some-config-namespace/my-gateway # can omit the namespace if gateway is in same namespace as virtual service. -// tcp: -// - match: -// - port: 27017 -// route: -// - destination: -// host: mongo.prod.svc.cluster.local -// port: -// number: 5555 -// ``` -// {{}} -// -// {{}} // ```yaml -// apiVersion: networking.istio.io/v1beta1 +// apiVersion: networking.istio.io/v1 // kind: VirtualService // metadata: // name: bookinfo-mongo @@ -297,8 +168,6 @@ // port: // number: 5555 // ``` -// {{}} -// {{}} // // It is possible to restrict the set of virtual services that can bind to // a gateway server using the namespace/hostname syntax in the hosts field. @@ -306,10 +175,8 @@ // namespace to bind to it, while restricting only the virtual service with // foo.bar.com host in the ns2 namespace to bind to it. // -// {{}} -// {{}} // ```yaml -// apiVersion: networking.istio.io/v1alpha3 +// apiVersion: networking.istio.io/v1 // kind: Gateway // metadata: // name: my-gateway @@ -326,32 +193,9 @@ // - "ns1/*" // - "ns2/foo.bar.com" // ``` -// {{}} -// -// {{}} -// ```yaml -// apiVersion: networking.istio.io/v1beta1 -// kind: Gateway -// metadata: -// name: my-gateway -// namespace: some-config-namespace -// spec: -// selector: -// app: my-gateway-controller -// servers: -// - port: -// number: 80 -// name: http -// protocol: HTTP -// hosts: -// - "ns1/*" -// - "ns2/foo.bar.com" -// ``` -// {{}} -// {{}} // -package v1beta1 +package v1alpha3 import ( _ "google.golang.org/genproto/googleapis/api/annotations" @@ -376,10 +220,13 @@ const ( // match criterion in a VirtualService TLS route to determine // the destination service from the service registry. ServerTLSSettings_PASSTHROUGH ServerTLSSettings_TLSmode = 0 - // Secure connections with standard TLS semantics. + // Secure connections with standard TLS semantics. In this mode + // client certificate is not requested during handshake. ServerTLSSettings_SIMPLE ServerTLSSettings_TLSmode = 1 // Secure connections to the downstream using mutual TLS by // presenting server certificates for authentication. + // A client certificate will also be requested during the handshake and + // at least one valid certificate is required to be sent by the client. ServerTLSSettings_MUTUAL ServerTLSSettings_TLSmode = 2 // Similar to the passthrough mode, except servers with this TLS // mode do not require an associated VirtualService to map from @@ -400,6 +247,13 @@ const ( // for mTLS authentication. When this mode is used, all other // fields in `TLSOptions` should be empty. ServerTLSSettings_ISTIO_MUTUAL ServerTLSSettings_TLSmode = 4 + // Similar to MUTUAL mode, except that the client certificate + // is optional. Unlike SIMPLE mode, A client certificate will + // still be explicitly requested during handshake, but the client + // is not required to send a certificate. If a client certificate + // is presented, it will be validated. ca_certificates should + // be specified for validating client certificates. + ServerTLSSettings_OPTIONAL_MUTUAL ServerTLSSettings_TLSmode = 5 ) // Enum value maps for ServerTLSSettings_TLSmode. @@ -410,6 +264,7 @@ var ( 2: "MUTUAL", 3: "AUTO_PASSTHROUGH", 4: "ISTIO_MUTUAL", + 5: "OPTIONAL_MUTUAL", } ServerTLSSettings_TLSmode_value = map[string]int32{ "PASSTHROUGH": 0, @@ -417,6 +272,7 @@ var ( "MUTUAL": 2, "AUTO_PASSTHROUGH": 3, "ISTIO_MUTUAL": 4, + "OPTIONAL_MUTUAL": 5, } ) @@ -431,11 +287,11 @@ func (x ServerTLSSettings_TLSmode) String() string { } func (ServerTLSSettings_TLSmode) Descriptor() protoreflect.EnumDescriptor { - return file_networking_v1beta1_gateway_proto_enumTypes[0].Descriptor() + return file_networking_v1alpha3_gateway_proto_enumTypes[0].Descriptor() } func (ServerTLSSettings_TLSmode) Type() protoreflect.EnumType { - return &file_networking_v1beta1_gateway_proto_enumTypes[0] + return &file_networking_v1alpha3_gateway_proto_enumTypes[0] } func (x ServerTLSSettings_TLSmode) Number() protoreflect.EnumNumber { @@ -444,7 +300,7 @@ func (x ServerTLSSettings_TLSmode) Number() protoreflect.EnumNumber { // Deprecated: Use ServerTLSSettings_TLSmode.Descriptor instead. func (ServerTLSSettings_TLSmode) EnumDescriptor() ([]byte, []int) { - return file_networking_v1beta1_gateway_proto_rawDescGZIP(), []int{3, 0} + return file_networking_v1alpha3_gateway_proto_rawDescGZIP(), []int{3, 0} } // TLS protocol versions. @@ -492,11 +348,11 @@ func (x ServerTLSSettings_TLSProtocol) String() string { } func (ServerTLSSettings_TLSProtocol) Descriptor() protoreflect.EnumDescriptor { - return file_networking_v1beta1_gateway_proto_enumTypes[1].Descriptor() + return file_networking_v1alpha3_gateway_proto_enumTypes[1].Descriptor() } func (ServerTLSSettings_TLSProtocol) Type() protoreflect.EnumType { - return &file_networking_v1beta1_gateway_proto_enumTypes[1] + return &file_networking_v1alpha3_gateway_proto_enumTypes[1] } func (x ServerTLSSettings_TLSProtocol) Number() protoreflect.EnumNumber { @@ -505,7 +361,7 @@ func (x ServerTLSSettings_TLSProtocol) Number() protoreflect.EnumNumber { // Deprecated: Use ServerTLSSettings_TLSProtocol.Descriptor instead. func (ServerTLSSettings_TLSProtocol) EnumDescriptor() ([]byte, []int) { - return file_networking_v1beta1_gateway_proto_rawDescGZIP(), []int{3, 1} + return file_networking_v1alpha3_gateway_proto_rawDescGZIP(), []int{3, 1} } // Gateway describes a load balancer operating at the edge of the mesh @@ -513,7 +369,7 @@ func (ServerTLSSettings_TLSProtocol) EnumDescriptor() ([]byte, []int) { // // -// type Gateway struct { state protoimpl.MessageState sizeCache protoimpl.SizeCache @@ -555,11 +408,9 @@ type Gateway struct { func (x *Gateway) Reset() { *x = Gateway{} - if protoimpl.UnsafeEnabled { - mi := &file_networking_v1beta1_gateway_proto_msgTypes[0] - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - ms.StoreMessageInfo(mi) - } + mi := &file_networking_v1alpha3_gateway_proto_msgTypes[0] + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + ms.StoreMessageInfo(mi) } func (x *Gateway) String() string { @@ -569,8 +420,8 @@ func (x *Gateway) String() string { func (*Gateway) ProtoMessage() {} func (x *Gateway) ProtoReflect() protoreflect.Message { - mi := &file_networking_v1beta1_gateway_proto_msgTypes[0] - if protoimpl.UnsafeEnabled && x != nil { + mi := &file_networking_v1alpha3_gateway_proto_msgTypes[0] + if x != nil { ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) if ms.LoadMessageInfo() == nil { ms.StoreMessageInfo(mi) @@ -582,7 +433,7 @@ func (x *Gateway) ProtoReflect() protoreflect.Message { // Deprecated: Use Gateway.ProtoReflect.Descriptor instead. func (*Gateway) Descriptor() ([]byte, []int) { - return file_networking_v1beta1_gateway_proto_rawDescGZIP(), []int{0} + return file_networking_v1alpha3_gateway_proto_rawDescGZIP(), []int{0} } func (x *Gateway) GetServers() []*Server { @@ -602,33 +453,8 @@ func (x *Gateway) GetSelector() map[string]string { // `Server` describes the properties of the proxy on a given load balancer // port. For example, // -// {{}} -// {{}} -// ```yaml -// apiVersion: networking.istio.io/v1alpha3 -// kind: Gateway -// metadata: -// -// name: my-ingress -// -// spec: -// -// selector: -// app: my-ingressgateway -// servers: -// - port: -// number: 80 -// name: http2 -// protocol: HTTP2 -// hosts: -// - "*" -// -// ``` -// {{}} -// -// {{}} // ```yaml -// apiVersion: networking.istio.io/v1beta1 +// apiVersion: networking.istio.io/v1 // kind: Gateway // metadata: // @@ -647,38 +473,11 @@ func (x *Gateway) GetSelector() map[string]string { // - "*" // // ``` -// {{}} -// {{}} // // # Another example // -// {{}} -// {{}} -// ```yaml -// apiVersion: networking.istio.io/v1alpha3 -// kind: Gateway -// metadata: -// -// name: my-tcp-ingress -// -// spec: -// -// selector: -// app: my-tcp-ingressgateway -// servers: -// - port: -// number: 27018 -// name: mongo -// protocol: MONGO -// hosts: -// - "*" -// -// ``` -// {{}} -// -// {{}} // ```yaml -// apiVersion: networking.istio.io/v1beta1 +// apiVersion: networking.istio.io/v1 // kind: Gateway // metadata: // @@ -697,41 +496,11 @@ func (x *Gateway) GetSelector() map[string]string { // - "*" // // ``` -// {{}} -// {{}} // // # The following is an example of TLS configuration for port 443 // -// {{}} -// {{}} -// ```yaml -// apiVersion: networking.istio.io/v1alpha3 -// kind: Gateway -// metadata: -// -// name: my-tls-ingress -// -// spec: -// -// selector: -// app: my-tls-ingressgateway -// servers: -// - port: -// number: 443 -// name: https -// protocol: HTTPS -// hosts: -// - "*" -// tls: -// mode: SIMPLE -// credentialName: tls-cert -// -// ``` -// {{}} -// -// {{}} // ```yaml -// apiVersion: networking.istio.io/v1beta1 +// apiVersion: networking.istio.io/v1 // kind: Gateway // metadata: // @@ -753,8 +522,6 @@ func (x *Gateway) GetSelector() map[string]string { // credentialName: tls-cert // // ``` -// {{}} -// {{}} type Server struct { state protoimpl.MessageState sizeCache protoimpl.SizeCache @@ -820,11 +587,9 @@ type Server struct { func (x *Server) Reset() { *x = Server{} - if protoimpl.UnsafeEnabled { - mi := &file_networking_v1beta1_gateway_proto_msgTypes[1] - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - ms.StoreMessageInfo(mi) - } + mi := &file_networking_v1alpha3_gateway_proto_msgTypes[1] + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + ms.StoreMessageInfo(mi) } func (x *Server) String() string { @@ -834,8 +599,8 @@ func (x *Server) String() string { func (*Server) ProtoMessage() {} func (x *Server) ProtoReflect() protoreflect.Message { - mi := &file_networking_v1beta1_gateway_proto_msgTypes[1] - if protoimpl.UnsafeEnabled && x != nil { + mi := &file_networking_v1alpha3_gateway_proto_msgTypes[1] + if x != nil { ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) if ms.LoadMessageInfo() == nil { ms.StoreMessageInfo(mi) @@ -847,7 +612,7 @@ func (x *Server) ProtoReflect() protoreflect.Message { // Deprecated: Use Server.ProtoReflect.Descriptor instead. func (*Server) Descriptor() ([]byte, []int) { - return file_networking_v1beta1_gateway_proto_rawDescGZIP(), []int{1} + return file_networking_v1alpha3_gateway_proto_rawDescGZIP(), []int{1} } func (x *Server) GetPort() *Port { @@ -901,24 +666,25 @@ type Port struct { // A valid non-negative integer port number. Number uint32 `protobuf:"varint,1,opt,name=number,proto3" json:"number,omitempty"` // The protocol exposed on the port. - // MUST BE one of HTTP|HTTPS|GRPC|HTTP2|MONGO|TCP|TLS. - // TLS implies the connection will be routed based on the SNI header to - // the destination without terminating the TLS connection. + // MUST be one of HTTP|HTTPS|GRPC|GRPC-WEB|HTTP2|MONGO|TCP|TLS. + // TLS can be either used to terminate non-HTTP based connections on a specific port + // or to route traffic based on SNI header to the destination without terminating the TLS connection. Protocol string `protobuf:"bytes,2,opt,name=protocol,proto3" json:"protocol,omitempty"` // Label assigned to the port. Name string `protobuf:"bytes,3,opt,name=name,proto3" json:"name,omitempty"` // The port number on the endpoint where the traffic will be // received. Applicable only when used with ServiceEntries. + // $hide_from_docs + // + // Deprecated: Marked as deprecated in networking/v1alpha3/gateway.proto. TargetPort uint32 `protobuf:"varint,4,opt,name=target_port,json=targetPort,proto3" json:"target_port,omitempty"` } func (x *Port) Reset() { *x = Port{} - if protoimpl.UnsafeEnabled { - mi := &file_networking_v1beta1_gateway_proto_msgTypes[2] - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - ms.StoreMessageInfo(mi) - } + mi := &file_networking_v1alpha3_gateway_proto_msgTypes[2] + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + ms.StoreMessageInfo(mi) } func (x *Port) String() string { @@ -928,8 +694,8 @@ func (x *Port) String() string { func (*Port) ProtoMessage() {} func (x *Port) ProtoReflect() protoreflect.Message { - mi := &file_networking_v1beta1_gateway_proto_msgTypes[2] - if protoimpl.UnsafeEnabled && x != nil { + mi := &file_networking_v1alpha3_gateway_proto_msgTypes[2] + if x != nil { ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) if ms.LoadMessageInfo() == nil { ms.StoreMessageInfo(mi) @@ -941,7 +707,7 @@ func (x *Port) ProtoReflect() protoreflect.Message { // Deprecated: Use Port.ProtoReflect.Descriptor instead. func (*Port) Descriptor() ([]byte, []int) { - return file_networking_v1beta1_gateway_proto_rawDescGZIP(), []int{2} + return file_networking_v1alpha3_gateway_proto_rawDescGZIP(), []int{2} } func (x *Port) GetNumber() uint32 { @@ -965,6 +731,7 @@ func (x *Port) GetName() string { return "" } +// Deprecated: Marked as deprecated in networking/v1alpha3/gateway.proto. func (x *Port) GetTargetPort() uint32 { if x != nil { return x.TargetPort @@ -983,31 +750,39 @@ type ServerTLSSettings struct { // Optional: Indicates whether connections to this port should be // secured using TLS. The value of this field determines how TLS is // enforced. - Mode ServerTLSSettings_TLSmode `protobuf:"varint,2,opt,name=mode,proto3,enum=istio.networking.v1beta1.ServerTLSSettings_TLSmode" json:"mode,omitempty"` + Mode ServerTLSSettings_TLSmode `protobuf:"varint,2,opt,name=mode,proto3,enum=istio.networking.v1alpha3.ServerTLSSettings_TLSmode" json:"mode,omitempty"` // REQUIRED if mode is `SIMPLE` or `MUTUAL`. The path to the file // holding the server-side TLS certificate to use. ServerCertificate string `protobuf:"bytes,3,opt,name=server_certificate,json=serverCertificate,proto3" json:"server_certificate,omitempty"` // REQUIRED if mode is `SIMPLE` or `MUTUAL`. The path to the file // holding the server's private key. PrivateKey string `protobuf:"bytes,4,opt,name=private_key,json=privateKey,proto3" json:"private_key,omitempty"` - // REQUIRED if mode is `MUTUAL`. The path to a file containing - // certificate authority certificates to use in verifying a presented + // REQUIRED if mode is `MUTUAL` or `OPTIONAL_MUTUAL`. The path to a file + // containing certificate authority certificates to use in verifying a presented // client side certificate. CaCertificates string `protobuf:"bytes,5,opt,name=ca_certificates,json=caCertificates,proto3" json:"ca_certificates,omitempty"` + // OPTIONAL: The path to the file containing the certificate revocation list (CRL) + // to use in verifying a presented client side certificate. `CRL` is a list of certificates + // that have been revoked by the CA (Certificate Authority) before their scheduled expiration date. + // If specified, the proxy will verify if the presented certificate is part of the revoked list of certificates. + // If omitted, the proxy will not verify the certificate against the `crl`. + CaCrl string `protobuf:"bytes,13,opt,name=ca_crl,json=caCrl,proto3" json:"ca_crl,omitempty"` // For gateways running on Kubernetes, the name of the secret that // holds the TLS certs including the CA certificates. Applicable - // only on Kubernetes. The secret (of type `generic`) should - // contain the following keys and values: `key: - // ` and `cert: `. For mutual TLS, - // `cacert: ` can be provided in the same secret or - // a separate secret named `-cacert`. - // Secret of type tls for server certificates along with - // ca.crt key for CA certificates is also supported. + // only on Kubernetes. An Opaque secret should contain the following + // keys and values: `tls.key: ` and `tls.crt: ` or + // `key: ` and `cert: `. + // For mutual TLS, `cacert: ` and `crl: ` + // can be provided in the same secret or a separate secret named `-cacert`. + // A TLS secret for server certificates with an additional `tls.ocsp-staple` key + // for specifying OCSP staple information, `ca.crt` key for CA certificates + // and `ca.crl` for certificate revocation list is also supported. // Only one of server certificates and CA certificate // or credentialName can be specified. CredentialName string `protobuf:"bytes,10,opt,name=credential_name,json=credentialName,proto3" json:"credential_name,omitempty"` // A list of alternate names to verify the subject identity in the // certificate presented by the client. + // Requires TLS mode to be set to `MUTUAL`. SubjectAltNames []string `protobuf:"bytes,6,rep,name=subject_alt_names,json=subjectAltNames,proto3" json:"subject_alt_names,omitempty"` // An optional list of base64-encoded SHA-256 hashes of the SPKIs of // authorized client certificates. @@ -1027,21 +802,36 @@ type ServerTLSSettings struct { // `cipherSuites` setting as they no longer include compatible ciphers. // // Note: Using TLS protocol versions below TLSV1_2 has serious security risks. - MinProtocolVersion ServerTLSSettings_TLSProtocol `protobuf:"varint,7,opt,name=min_protocol_version,json=minProtocolVersion,proto3,enum=istio.networking.v1beta1.ServerTLSSettings_TLSProtocol" json:"min_protocol_version,omitempty"` + MinProtocolVersion ServerTLSSettings_TLSProtocol `protobuf:"varint,7,opt,name=min_protocol_version,json=minProtocolVersion,proto3,enum=istio.networking.v1alpha3.ServerTLSSettings_TLSProtocol" json:"min_protocol_version,omitempty"` // Optional: Maximum TLS protocol version. - MaxProtocolVersion ServerTLSSettings_TLSProtocol `protobuf:"varint,8,opt,name=max_protocol_version,json=maxProtocolVersion,proto3,enum=istio.networking.v1beta1.ServerTLSSettings_TLSProtocol" json:"max_protocol_version,omitempty"` + MaxProtocolVersion ServerTLSSettings_TLSProtocol `protobuf:"varint,8,opt,name=max_protocol_version,json=maxProtocolVersion,proto3,enum=istio.networking.v1alpha3.ServerTLSSettings_TLSProtocol" json:"max_protocol_version,omitempty"` // Optional: If specified, only support the specified cipher list. - // Otherwise default to the default cipher list supported by Envoy. + // Otherwise default to the default cipher list supported by Envoy + // as specified [here](https://www.envoyproxy.io/docs/envoy/latest/api-v3/extensions/transport_sockets/tls/v3/common.proto). + // The supported list of ciphers are: + // * `ECDHE-ECDSA-AES128-GCM-SHA256` + // * `ECDHE-RSA-AES128-GCM-SHA256` + // * `ECDHE-ECDSA-AES256-GCM-SHA384` + // * `ECDHE-RSA-AES256-GCM-SHA384` + // * `ECDHE-ECDSA-CHACHA20-POLY1305` + // * `ECDHE-RSA-CHACHA20-POLY1305` + // * `ECDHE-ECDSA-AES128-SHA` + // * `ECDHE-RSA-AES128-SHA` + // * `ECDHE-ECDSA-AES256-SHA` + // * `ECDHE-RSA-AES256-SHA` + // * `AES128-GCM-SHA256` + // * `AES256-GCM-SHA384` + // * `AES128-SHA` + // * `AES256-SHA` + // * `DES-CBC3-SHA` CipherSuites []string `protobuf:"bytes,9,rep,name=cipher_suites,json=cipherSuites,proto3" json:"cipher_suites,omitempty"` } func (x *ServerTLSSettings) Reset() { *x = ServerTLSSettings{} - if protoimpl.UnsafeEnabled { - mi := &file_networking_v1beta1_gateway_proto_msgTypes[3] - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - ms.StoreMessageInfo(mi) - } + mi := &file_networking_v1alpha3_gateway_proto_msgTypes[3] + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + ms.StoreMessageInfo(mi) } func (x *ServerTLSSettings) String() string { @@ -1051,8 +841,8 @@ func (x *ServerTLSSettings) String() string { func (*ServerTLSSettings) ProtoMessage() {} func (x *ServerTLSSettings) ProtoReflect() protoreflect.Message { - mi := &file_networking_v1beta1_gateway_proto_msgTypes[3] - if protoimpl.UnsafeEnabled && x != nil { + mi := &file_networking_v1alpha3_gateway_proto_msgTypes[3] + if x != nil { ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) if ms.LoadMessageInfo() == nil { ms.StoreMessageInfo(mi) @@ -1064,7 +854,7 @@ func (x *ServerTLSSettings) ProtoReflect() protoreflect.Message { // Deprecated: Use ServerTLSSettings.ProtoReflect.Descriptor instead. func (*ServerTLSSettings) Descriptor() ([]byte, []int) { - return file_networking_v1beta1_gateway_proto_rawDescGZIP(), []int{3} + return file_networking_v1alpha3_gateway_proto_rawDescGZIP(), []int{3} } func (x *ServerTLSSettings) GetHttpsRedirect() bool { @@ -1102,6 +892,13 @@ func (x *ServerTLSSettings) GetCaCertificates() string { return "" } +func (x *ServerTLSSettings) GetCaCrl() string { + if x != nil { + return x.CaCrl + } + return "" +} + func (x *ServerTLSSettings) GetCredentialName() string { if x != nil { return x.CredentialName @@ -1151,143 +948,146 @@ func (x *ServerTLSSettings) GetCipherSuites() []string { return nil } -var File_networking_v1beta1_gateway_proto protoreflect.FileDescriptor - -var file_networking_v1beta1_gateway_proto_rawDesc = []byte{ - 0x0a, 0x20, 0x6e, 0x65, 0x74, 0x77, 0x6f, 0x72, 0x6b, 0x69, 0x6e, 0x67, 0x2f, 0x76, 0x31, 0x62, - 0x65, 0x74, 0x61, 0x31, 0x2f, 0x67, 0x61, 0x74, 0x65, 0x77, 0x61, 0x79, 0x2e, 0x70, 0x72, 0x6f, - 0x74, 0x6f, 0x12, 0x18, 0x69, 0x73, 0x74, 0x69, 0x6f, 0x2e, 0x6e, 0x65, 0x74, 0x77, 0x6f, 0x72, - 0x6b, 0x69, 0x6e, 0x67, 0x2e, 0x76, 0x31, 0x62, 0x65, 0x74, 0x61, 0x31, 0x1a, 0x1f, 0x67, 0x6f, - 0x6f, 0x67, 0x6c, 0x65, 0x2f, 0x61, 0x70, 0x69, 0x2f, 0x66, 0x69, 0x65, 0x6c, 0x64, 0x5f, 0x62, - 0x65, 0x68, 0x61, 0x76, 0x69, 0x6f, 0x72, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x22, 0xdb, 0x01, - 0x0a, 0x07, 0x47, 0x61, 0x74, 0x65, 0x77, 0x61, 0x79, 0x12, 0x40, 0x0a, 0x07, 0x73, 0x65, 0x72, - 0x76, 0x65, 0x72, 0x73, 0x18, 0x01, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x20, 0x2e, 0x69, 0x73, 0x74, +var File_networking_v1alpha3_gateway_proto protoreflect.FileDescriptor + +var file_networking_v1alpha3_gateway_proto_rawDesc = []byte{ + 0x0a, 0x21, 0x6e, 0x65, 0x74, 0x77, 0x6f, 0x72, 0x6b, 0x69, 0x6e, 0x67, 0x2f, 0x76, 0x31, 0x61, + 0x6c, 0x70, 0x68, 0x61, 0x33, 0x2f, 0x67, 0x61, 0x74, 0x65, 0x77, 0x61, 0x79, 0x2e, 0x70, 0x72, + 0x6f, 0x74, 0x6f, 0x12, 0x19, 0x69, 0x73, 0x74, 0x69, 0x6f, 0x2e, 0x6e, 0x65, 0x74, 0x77, 0x6f, + 0x72, 0x6b, 0x69, 0x6e, 0x67, 0x2e, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x33, 0x1a, 0x1f, + 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2f, 0x61, 0x70, 0x69, 0x2f, 0x66, 0x69, 0x65, 0x6c, 0x64, + 0x5f, 0x62, 0x65, 0x68, 0x61, 0x76, 0x69, 0x6f, 0x72, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x22, + 0xd1, 0x01, 0x0a, 0x07, 0x47, 0x61, 0x74, 0x65, 0x77, 0x61, 0x79, 0x12, 0x3b, 0x0a, 0x07, 0x73, + 0x65, 0x72, 0x76, 0x65, 0x72, 0x73, 0x18, 0x01, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x21, 0x2e, 0x69, + 0x73, 0x74, 0x69, 0x6f, 0x2e, 0x6e, 0x65, 0x74, 0x77, 0x6f, 0x72, 0x6b, 0x69, 0x6e, 0x67, 0x2e, + 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x33, 0x2e, 0x53, 0x65, 0x72, 0x76, 0x65, 0x72, 0x52, + 0x07, 0x73, 0x65, 0x72, 0x76, 0x65, 0x72, 0x73, 0x12, 0x4c, 0x0a, 0x08, 0x73, 0x65, 0x6c, 0x65, + 0x63, 0x74, 0x6f, 0x72, 0x18, 0x02, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x30, 0x2e, 0x69, 0x73, 0x74, 0x69, 0x6f, 0x2e, 0x6e, 0x65, 0x74, 0x77, 0x6f, 0x72, 0x6b, 0x69, 0x6e, 0x67, 0x2e, 0x76, 0x31, - 0x62, 0x65, 0x74, 0x61, 0x31, 0x2e, 0x53, 0x65, 0x72, 0x76, 0x65, 0x72, 0x42, 0x04, 0xe2, 0x41, - 0x01, 0x02, 0x52, 0x07, 0x73, 0x65, 0x72, 0x76, 0x65, 0x72, 0x73, 0x12, 0x51, 0x0a, 0x08, 0x73, - 0x65, 0x6c, 0x65, 0x63, 0x74, 0x6f, 0x72, 0x18, 0x02, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x2f, 0x2e, - 0x69, 0x73, 0x74, 0x69, 0x6f, 0x2e, 0x6e, 0x65, 0x74, 0x77, 0x6f, 0x72, 0x6b, 0x69, 0x6e, 0x67, - 0x2e, 0x76, 0x31, 0x62, 0x65, 0x74, 0x61, 0x31, 0x2e, 0x47, 0x61, 0x74, 0x65, 0x77, 0x61, 0x79, - 0x2e, 0x53, 0x65, 0x6c, 0x65, 0x63, 0x74, 0x6f, 0x72, 0x45, 0x6e, 0x74, 0x72, 0x79, 0x42, 0x04, - 0xe2, 0x41, 0x01, 0x02, 0x52, 0x08, 0x73, 0x65, 0x6c, 0x65, 0x63, 0x74, 0x6f, 0x72, 0x1a, 0x3b, - 0x0a, 0x0d, 0x53, 0x65, 0x6c, 0x65, 0x63, 0x74, 0x6f, 0x72, 0x45, 0x6e, 0x74, 0x72, 0x79, 0x12, - 0x10, 0x0a, 0x03, 0x6b, 0x65, 0x79, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x03, 0x6b, 0x65, - 0x79, 0x12, 0x14, 0x0a, 0x05, 0x76, 0x61, 0x6c, 0x75, 0x65, 0x18, 0x02, 0x20, 0x01, 0x28, 0x09, - 0x52, 0x05, 0x76, 0x61, 0x6c, 0x75, 0x65, 0x3a, 0x02, 0x38, 0x01, 0x22, 0xf0, 0x01, 0x0a, 0x06, - 0x53, 0x65, 0x72, 0x76, 0x65, 0x72, 0x12, 0x38, 0x0a, 0x04, 0x70, 0x6f, 0x72, 0x74, 0x18, 0x01, - 0x20, 0x01, 0x28, 0x0b, 0x32, 0x1e, 0x2e, 0x69, 0x73, 0x74, 0x69, 0x6f, 0x2e, 0x6e, 0x65, 0x74, - 0x77, 0x6f, 0x72, 0x6b, 0x69, 0x6e, 0x67, 0x2e, 0x76, 0x31, 0x62, 0x65, 0x74, 0x61, 0x31, 0x2e, - 0x50, 0x6f, 0x72, 0x74, 0x42, 0x04, 0xe2, 0x41, 0x01, 0x02, 0x52, 0x04, 0x70, 0x6f, 0x72, 0x74, - 0x12, 0x12, 0x0a, 0x04, 0x62, 0x69, 0x6e, 0x64, 0x18, 0x04, 0x20, 0x01, 0x28, 0x09, 0x52, 0x04, - 0x62, 0x69, 0x6e, 0x64, 0x12, 0x1a, 0x0a, 0x05, 0x68, 0x6f, 0x73, 0x74, 0x73, 0x18, 0x02, 0x20, - 0x03, 0x28, 0x09, 0x42, 0x04, 0xe2, 0x41, 0x01, 0x02, 0x52, 0x05, 0x68, 0x6f, 0x73, 0x74, 0x73, - 0x12, 0x3d, 0x0a, 0x03, 0x74, 0x6c, 0x73, 0x18, 0x03, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x2b, 0x2e, - 0x69, 0x73, 0x74, 0x69, 0x6f, 0x2e, 0x6e, 0x65, 0x74, 0x77, 0x6f, 0x72, 0x6b, 0x69, 0x6e, 0x67, - 0x2e, 0x76, 0x31, 0x62, 0x65, 0x74, 0x61, 0x31, 0x2e, 0x53, 0x65, 0x72, 0x76, 0x65, 0x72, 0x54, - 0x4c, 0x53, 0x53, 0x65, 0x74, 0x74, 0x69, 0x6e, 0x67, 0x73, 0x52, 0x03, 0x74, 0x6c, 0x73, 0x12, - 0x29, 0x0a, 0x10, 0x64, 0x65, 0x66, 0x61, 0x75, 0x6c, 0x74, 0x5f, 0x65, 0x6e, 0x64, 0x70, 0x6f, - 0x69, 0x6e, 0x74, 0x18, 0x05, 0x20, 0x01, 0x28, 0x09, 0x52, 0x0f, 0x64, 0x65, 0x66, 0x61, 0x75, - 0x6c, 0x74, 0x45, 0x6e, 0x64, 0x70, 0x6f, 0x69, 0x6e, 0x74, 0x12, 0x12, 0x0a, 0x04, 0x6e, 0x61, - 0x6d, 0x65, 0x18, 0x06, 0x20, 0x01, 0x28, 0x09, 0x52, 0x04, 0x6e, 0x61, 0x6d, 0x65, 0x22, 0x81, - 0x01, 0x0a, 0x04, 0x50, 0x6f, 0x72, 0x74, 0x12, 0x1c, 0x0a, 0x06, 0x6e, 0x75, 0x6d, 0x62, 0x65, - 0x72, 0x18, 0x01, 0x20, 0x01, 0x28, 0x0d, 0x42, 0x04, 0xe2, 0x41, 0x01, 0x02, 0x52, 0x06, 0x6e, - 0x75, 0x6d, 0x62, 0x65, 0x72, 0x12, 0x20, 0x0a, 0x08, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x63, 0x6f, - 0x6c, 0x18, 0x02, 0x20, 0x01, 0x28, 0x09, 0x42, 0x04, 0xe2, 0x41, 0x01, 0x02, 0x52, 0x08, 0x70, - 0x72, 0x6f, 0x74, 0x6f, 0x63, 0x6f, 0x6c, 0x12, 0x18, 0x0a, 0x04, 0x6e, 0x61, 0x6d, 0x65, 0x18, - 0x03, 0x20, 0x01, 0x28, 0x09, 0x42, 0x04, 0xe2, 0x41, 0x01, 0x02, 0x52, 0x04, 0x6e, 0x61, 0x6d, - 0x65, 0x12, 0x1f, 0x0a, 0x0b, 0x74, 0x61, 0x72, 0x67, 0x65, 0x74, 0x5f, 0x70, 0x6f, 0x72, 0x74, - 0x18, 0x04, 0x20, 0x01, 0x28, 0x0d, 0x52, 0x0a, 0x74, 0x61, 0x72, 0x67, 0x65, 0x74, 0x50, 0x6f, - 0x72, 0x74, 0x22, 0xe9, 0x06, 0x0a, 0x11, 0x53, 0x65, 0x72, 0x76, 0x65, 0x72, 0x54, 0x4c, 0x53, - 0x53, 0x65, 0x74, 0x74, 0x69, 0x6e, 0x67, 0x73, 0x12, 0x25, 0x0a, 0x0e, 0x68, 0x74, 0x74, 0x70, - 0x73, 0x5f, 0x72, 0x65, 0x64, 0x69, 0x72, 0x65, 0x63, 0x74, 0x18, 0x01, 0x20, 0x01, 0x28, 0x08, - 0x52, 0x0d, 0x68, 0x74, 0x74, 0x70, 0x73, 0x52, 0x65, 0x64, 0x69, 0x72, 0x65, 0x63, 0x74, 0x12, - 0x47, 0x0a, 0x04, 0x6d, 0x6f, 0x64, 0x65, 0x18, 0x02, 0x20, 0x01, 0x28, 0x0e, 0x32, 0x33, 0x2e, - 0x69, 0x73, 0x74, 0x69, 0x6f, 0x2e, 0x6e, 0x65, 0x74, 0x77, 0x6f, 0x72, 0x6b, 0x69, 0x6e, 0x67, - 0x2e, 0x76, 0x31, 0x62, 0x65, 0x74, 0x61, 0x31, 0x2e, 0x53, 0x65, 0x72, 0x76, 0x65, 0x72, 0x54, - 0x4c, 0x53, 0x53, 0x65, 0x74, 0x74, 0x69, 0x6e, 0x67, 0x73, 0x2e, 0x54, 0x4c, 0x53, 0x6d, 0x6f, - 0x64, 0x65, 0x52, 0x04, 0x6d, 0x6f, 0x64, 0x65, 0x12, 0x2d, 0x0a, 0x12, 0x73, 0x65, 0x72, 0x76, - 0x65, 0x72, 0x5f, 0x63, 0x65, 0x72, 0x74, 0x69, 0x66, 0x69, 0x63, 0x61, 0x74, 0x65, 0x18, 0x03, - 0x20, 0x01, 0x28, 0x09, 0x52, 0x11, 0x73, 0x65, 0x72, 0x76, 0x65, 0x72, 0x43, 0x65, 0x72, 0x74, - 0x69, 0x66, 0x69, 0x63, 0x61, 0x74, 0x65, 0x12, 0x1f, 0x0a, 0x0b, 0x70, 0x72, 0x69, 0x76, 0x61, - 0x74, 0x65, 0x5f, 0x6b, 0x65, 0x79, 0x18, 0x04, 0x20, 0x01, 0x28, 0x09, 0x52, 0x0a, 0x70, 0x72, - 0x69, 0x76, 0x61, 0x74, 0x65, 0x4b, 0x65, 0x79, 0x12, 0x27, 0x0a, 0x0f, 0x63, 0x61, 0x5f, 0x63, - 0x65, 0x72, 0x74, 0x69, 0x66, 0x69, 0x63, 0x61, 0x74, 0x65, 0x73, 0x18, 0x05, 0x20, 0x01, 0x28, - 0x09, 0x52, 0x0e, 0x63, 0x61, 0x43, 0x65, 0x72, 0x74, 0x69, 0x66, 0x69, 0x63, 0x61, 0x74, 0x65, - 0x73, 0x12, 0x27, 0x0a, 0x0f, 0x63, 0x72, 0x65, 0x64, 0x65, 0x6e, 0x74, 0x69, 0x61, 0x6c, 0x5f, - 0x6e, 0x61, 0x6d, 0x65, 0x18, 0x0a, 0x20, 0x01, 0x28, 0x09, 0x52, 0x0e, 0x63, 0x72, 0x65, 0x64, - 0x65, 0x6e, 0x74, 0x69, 0x61, 0x6c, 0x4e, 0x61, 0x6d, 0x65, 0x12, 0x2a, 0x0a, 0x11, 0x73, 0x75, - 0x62, 0x6a, 0x65, 0x63, 0x74, 0x5f, 0x61, 0x6c, 0x74, 0x5f, 0x6e, 0x61, 0x6d, 0x65, 0x73, 0x18, - 0x06, 0x20, 0x03, 0x28, 0x09, 0x52, 0x0f, 0x73, 0x75, 0x62, 0x6a, 0x65, 0x63, 0x74, 0x41, 0x6c, - 0x74, 0x4e, 0x61, 0x6d, 0x65, 0x73, 0x12, 0x36, 0x0a, 0x17, 0x76, 0x65, 0x72, 0x69, 0x66, 0x79, - 0x5f, 0x63, 0x65, 0x72, 0x74, 0x69, 0x66, 0x69, 0x63, 0x61, 0x74, 0x65, 0x5f, 0x73, 0x70, 0x6b, - 0x69, 0x18, 0x0b, 0x20, 0x03, 0x28, 0x09, 0x52, 0x15, 0x76, 0x65, 0x72, 0x69, 0x66, 0x79, 0x43, - 0x65, 0x72, 0x74, 0x69, 0x66, 0x69, 0x63, 0x61, 0x74, 0x65, 0x53, 0x70, 0x6b, 0x69, 0x12, 0x36, - 0x0a, 0x17, 0x76, 0x65, 0x72, 0x69, 0x66, 0x79, 0x5f, 0x63, 0x65, 0x72, 0x74, 0x69, 0x66, 0x69, - 0x63, 0x61, 0x74, 0x65, 0x5f, 0x68, 0x61, 0x73, 0x68, 0x18, 0x0c, 0x20, 0x03, 0x28, 0x09, 0x52, - 0x15, 0x76, 0x65, 0x72, 0x69, 0x66, 0x79, 0x43, 0x65, 0x72, 0x74, 0x69, 0x66, 0x69, 0x63, 0x61, - 0x74, 0x65, 0x48, 0x61, 0x73, 0x68, 0x12, 0x69, 0x0a, 0x14, 0x6d, 0x69, 0x6e, 0x5f, 0x70, 0x72, - 0x6f, 0x74, 0x6f, 0x63, 0x6f, 0x6c, 0x5f, 0x76, 0x65, 0x72, 0x73, 0x69, 0x6f, 0x6e, 0x18, 0x07, - 0x20, 0x01, 0x28, 0x0e, 0x32, 0x37, 0x2e, 0x69, 0x73, 0x74, 0x69, 0x6f, 0x2e, 0x6e, 0x65, 0x74, - 0x77, 0x6f, 0x72, 0x6b, 0x69, 0x6e, 0x67, 0x2e, 0x76, 0x31, 0x62, 0x65, 0x74, 0x61, 0x31, 0x2e, - 0x53, 0x65, 0x72, 0x76, 0x65, 0x72, 0x54, 0x4c, 0x53, 0x53, 0x65, 0x74, 0x74, 0x69, 0x6e, 0x67, - 0x73, 0x2e, 0x54, 0x4c, 0x53, 0x50, 0x72, 0x6f, 0x74, 0x6f, 0x63, 0x6f, 0x6c, 0x52, 0x12, 0x6d, - 0x69, 0x6e, 0x50, 0x72, 0x6f, 0x74, 0x6f, 0x63, 0x6f, 0x6c, 0x56, 0x65, 0x72, 0x73, 0x69, 0x6f, - 0x6e, 0x12, 0x69, 0x0a, 0x14, 0x6d, 0x61, 0x78, 0x5f, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x63, 0x6f, - 0x6c, 0x5f, 0x76, 0x65, 0x72, 0x73, 0x69, 0x6f, 0x6e, 0x18, 0x08, 0x20, 0x01, 0x28, 0x0e, 0x32, - 0x37, 0x2e, 0x69, 0x73, 0x74, 0x69, 0x6f, 0x2e, 0x6e, 0x65, 0x74, 0x77, 0x6f, 0x72, 0x6b, 0x69, - 0x6e, 0x67, 0x2e, 0x76, 0x31, 0x62, 0x65, 0x74, 0x61, 0x31, 0x2e, 0x53, 0x65, 0x72, 0x76, 0x65, - 0x72, 0x54, 0x4c, 0x53, 0x53, 0x65, 0x74, 0x74, 0x69, 0x6e, 0x67, 0x73, 0x2e, 0x54, 0x4c, 0x53, - 0x50, 0x72, 0x6f, 0x74, 0x6f, 0x63, 0x6f, 0x6c, 0x52, 0x12, 0x6d, 0x61, 0x78, 0x50, 0x72, 0x6f, - 0x74, 0x6f, 0x63, 0x6f, 0x6c, 0x56, 0x65, 0x72, 0x73, 0x69, 0x6f, 0x6e, 0x12, 0x23, 0x0a, 0x0d, - 0x63, 0x69, 0x70, 0x68, 0x65, 0x72, 0x5f, 0x73, 0x75, 0x69, 0x74, 0x65, 0x73, 0x18, 0x09, 0x20, - 0x03, 0x28, 0x09, 0x52, 0x0c, 0x63, 0x69, 0x70, 0x68, 0x65, 0x72, 0x53, 0x75, 0x69, 0x74, 0x65, - 0x73, 0x22, 0x5a, 0x0a, 0x07, 0x54, 0x4c, 0x53, 0x6d, 0x6f, 0x64, 0x65, 0x12, 0x0f, 0x0a, 0x0b, - 0x50, 0x41, 0x53, 0x53, 0x54, 0x48, 0x52, 0x4f, 0x55, 0x47, 0x48, 0x10, 0x00, 0x12, 0x0a, 0x0a, - 0x06, 0x53, 0x49, 0x4d, 0x50, 0x4c, 0x45, 0x10, 0x01, 0x12, 0x0a, 0x0a, 0x06, 0x4d, 0x55, 0x54, - 0x55, 0x41, 0x4c, 0x10, 0x02, 0x12, 0x14, 0x0a, 0x10, 0x41, 0x55, 0x54, 0x4f, 0x5f, 0x50, 0x41, - 0x53, 0x53, 0x54, 0x48, 0x52, 0x4f, 0x55, 0x47, 0x48, 0x10, 0x03, 0x12, 0x10, 0x0a, 0x0c, 0x49, - 0x53, 0x54, 0x49, 0x4f, 0x5f, 0x4d, 0x55, 0x54, 0x55, 0x41, 0x4c, 0x10, 0x04, 0x22, 0x4f, 0x0a, - 0x0b, 0x54, 0x4c, 0x53, 0x50, 0x72, 0x6f, 0x74, 0x6f, 0x63, 0x6f, 0x6c, 0x12, 0x0c, 0x0a, 0x08, - 0x54, 0x4c, 0x53, 0x5f, 0x41, 0x55, 0x54, 0x4f, 0x10, 0x00, 0x12, 0x0b, 0x0a, 0x07, 0x54, 0x4c, - 0x53, 0x56, 0x31, 0x5f, 0x30, 0x10, 0x01, 0x12, 0x0b, 0x0a, 0x07, 0x54, 0x4c, 0x53, 0x56, 0x31, - 0x5f, 0x31, 0x10, 0x02, 0x12, 0x0b, 0x0a, 0x07, 0x54, 0x4c, 0x53, 0x56, 0x31, 0x5f, 0x32, 0x10, - 0x03, 0x12, 0x0b, 0x0a, 0x07, 0x54, 0x4c, 0x53, 0x56, 0x31, 0x5f, 0x33, 0x10, 0x04, 0x42, 0x21, - 0x5a, 0x1f, 0x69, 0x73, 0x74, 0x69, 0x6f, 0x2e, 0x69, 0x6f, 0x2f, 0x61, 0x70, 0x69, 0x2f, 0x6e, - 0x65, 0x74, 0x77, 0x6f, 0x72, 0x6b, 0x69, 0x6e, 0x67, 0x2f, 0x76, 0x31, 0x62, 0x65, 0x74, 0x61, - 0x31, 0x62, 0x06, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x33, + 0x61, 0x6c, 0x70, 0x68, 0x61, 0x33, 0x2e, 0x47, 0x61, 0x74, 0x65, 0x77, 0x61, 0x79, 0x2e, 0x53, + 0x65, 0x6c, 0x65, 0x63, 0x74, 0x6f, 0x72, 0x45, 0x6e, 0x74, 0x72, 0x79, 0x52, 0x08, 0x73, 0x65, + 0x6c, 0x65, 0x63, 0x74, 0x6f, 0x72, 0x1a, 0x3b, 0x0a, 0x0d, 0x53, 0x65, 0x6c, 0x65, 0x63, 0x74, + 0x6f, 0x72, 0x45, 0x6e, 0x74, 0x72, 0x79, 0x12, 0x10, 0x0a, 0x03, 0x6b, 0x65, 0x79, 0x18, 0x01, + 0x20, 0x01, 0x28, 0x09, 0x52, 0x03, 0x6b, 0x65, 0x79, 0x12, 0x14, 0x0a, 0x05, 0x76, 0x61, 0x6c, + 0x75, 0x65, 0x18, 0x02, 0x20, 0x01, 0x28, 0x09, 0x52, 0x05, 0x76, 0x61, 0x6c, 0x75, 0x65, 0x3a, + 0x02, 0x38, 0x01, 0x22, 0xf2, 0x01, 0x0a, 0x06, 0x53, 0x65, 0x72, 0x76, 0x65, 0x72, 0x12, 0x39, + 0x0a, 0x04, 0x70, 0x6f, 0x72, 0x74, 0x18, 0x01, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x1f, 0x2e, 0x69, + 0x73, 0x74, 0x69, 0x6f, 0x2e, 0x6e, 0x65, 0x74, 0x77, 0x6f, 0x72, 0x6b, 0x69, 0x6e, 0x67, 0x2e, + 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x33, 0x2e, 0x50, 0x6f, 0x72, 0x74, 0x42, 0x04, 0xe2, + 0x41, 0x01, 0x02, 0x52, 0x04, 0x70, 0x6f, 0x72, 0x74, 0x12, 0x12, 0x0a, 0x04, 0x62, 0x69, 0x6e, + 0x64, 0x18, 0x04, 0x20, 0x01, 0x28, 0x09, 0x52, 0x04, 0x62, 0x69, 0x6e, 0x64, 0x12, 0x1a, 0x0a, + 0x05, 0x68, 0x6f, 0x73, 0x74, 0x73, 0x18, 0x02, 0x20, 0x03, 0x28, 0x09, 0x42, 0x04, 0xe2, 0x41, + 0x01, 0x02, 0x52, 0x05, 0x68, 0x6f, 0x73, 0x74, 0x73, 0x12, 0x3e, 0x0a, 0x03, 0x74, 0x6c, 0x73, + 0x18, 0x03, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x2c, 0x2e, 0x69, 0x73, 0x74, 0x69, 0x6f, 0x2e, 0x6e, + 0x65, 0x74, 0x77, 0x6f, 0x72, 0x6b, 0x69, 0x6e, 0x67, 0x2e, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, + 0x61, 0x33, 0x2e, 0x53, 0x65, 0x72, 0x76, 0x65, 0x72, 0x54, 0x4c, 0x53, 0x53, 0x65, 0x74, 0x74, + 0x69, 0x6e, 0x67, 0x73, 0x52, 0x03, 0x74, 0x6c, 0x73, 0x12, 0x29, 0x0a, 0x10, 0x64, 0x65, 0x66, + 0x61, 0x75, 0x6c, 0x74, 0x5f, 0x65, 0x6e, 0x64, 0x70, 0x6f, 0x69, 0x6e, 0x74, 0x18, 0x05, 0x20, + 0x01, 0x28, 0x09, 0x52, 0x0f, 0x64, 0x65, 0x66, 0x61, 0x75, 0x6c, 0x74, 0x45, 0x6e, 0x64, 0x70, + 0x6f, 0x69, 0x6e, 0x74, 0x12, 0x12, 0x0a, 0x04, 0x6e, 0x61, 0x6d, 0x65, 0x18, 0x06, 0x20, 0x01, + 0x28, 0x09, 0x52, 0x04, 0x6e, 0x61, 0x6d, 0x65, 0x22, 0x85, 0x01, 0x0a, 0x04, 0x50, 0x6f, 0x72, + 0x74, 0x12, 0x1c, 0x0a, 0x06, 0x6e, 0x75, 0x6d, 0x62, 0x65, 0x72, 0x18, 0x01, 0x20, 0x01, 0x28, + 0x0d, 0x42, 0x04, 0xe2, 0x41, 0x01, 0x02, 0x52, 0x06, 0x6e, 0x75, 0x6d, 0x62, 0x65, 0x72, 0x12, + 0x20, 0x0a, 0x08, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x63, 0x6f, 0x6c, 0x18, 0x02, 0x20, 0x01, 0x28, + 0x09, 0x42, 0x04, 0xe2, 0x41, 0x01, 0x02, 0x52, 0x08, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x63, 0x6f, + 0x6c, 0x12, 0x18, 0x0a, 0x04, 0x6e, 0x61, 0x6d, 0x65, 0x18, 0x03, 0x20, 0x01, 0x28, 0x09, 0x42, + 0x04, 0xe2, 0x41, 0x01, 0x02, 0x52, 0x04, 0x6e, 0x61, 0x6d, 0x65, 0x12, 0x23, 0x0a, 0x0b, 0x74, + 0x61, 0x72, 0x67, 0x65, 0x74, 0x5f, 0x70, 0x6f, 0x72, 0x74, 0x18, 0x04, 0x20, 0x01, 0x28, 0x0d, + 0x42, 0x02, 0x18, 0x01, 0x52, 0x0a, 0x74, 0x61, 0x72, 0x67, 0x65, 0x74, 0x50, 0x6f, 0x72, 0x74, + 0x22, 0x98, 0x07, 0x0a, 0x11, 0x53, 0x65, 0x72, 0x76, 0x65, 0x72, 0x54, 0x4c, 0x53, 0x53, 0x65, + 0x74, 0x74, 0x69, 0x6e, 0x67, 0x73, 0x12, 0x25, 0x0a, 0x0e, 0x68, 0x74, 0x74, 0x70, 0x73, 0x5f, + 0x72, 0x65, 0x64, 0x69, 0x72, 0x65, 0x63, 0x74, 0x18, 0x01, 0x20, 0x01, 0x28, 0x08, 0x52, 0x0d, + 0x68, 0x74, 0x74, 0x70, 0x73, 0x52, 0x65, 0x64, 0x69, 0x72, 0x65, 0x63, 0x74, 0x12, 0x48, 0x0a, + 0x04, 0x6d, 0x6f, 0x64, 0x65, 0x18, 0x02, 0x20, 0x01, 0x28, 0x0e, 0x32, 0x34, 0x2e, 0x69, 0x73, + 0x74, 0x69, 0x6f, 0x2e, 0x6e, 0x65, 0x74, 0x77, 0x6f, 0x72, 0x6b, 0x69, 0x6e, 0x67, 0x2e, 0x76, + 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x33, 0x2e, 0x53, 0x65, 0x72, 0x76, 0x65, 0x72, 0x54, 0x4c, + 0x53, 0x53, 0x65, 0x74, 0x74, 0x69, 0x6e, 0x67, 0x73, 0x2e, 0x54, 0x4c, 0x53, 0x6d, 0x6f, 0x64, + 0x65, 0x52, 0x04, 0x6d, 0x6f, 0x64, 0x65, 0x12, 0x2d, 0x0a, 0x12, 0x73, 0x65, 0x72, 0x76, 0x65, + 0x72, 0x5f, 0x63, 0x65, 0x72, 0x74, 0x69, 0x66, 0x69, 0x63, 0x61, 0x74, 0x65, 0x18, 0x03, 0x20, + 0x01, 0x28, 0x09, 0x52, 0x11, 0x73, 0x65, 0x72, 0x76, 0x65, 0x72, 0x43, 0x65, 0x72, 0x74, 0x69, + 0x66, 0x69, 0x63, 0x61, 0x74, 0x65, 0x12, 0x1f, 0x0a, 0x0b, 0x70, 0x72, 0x69, 0x76, 0x61, 0x74, + 0x65, 0x5f, 0x6b, 0x65, 0x79, 0x18, 0x04, 0x20, 0x01, 0x28, 0x09, 0x52, 0x0a, 0x70, 0x72, 0x69, + 0x76, 0x61, 0x74, 0x65, 0x4b, 0x65, 0x79, 0x12, 0x27, 0x0a, 0x0f, 0x63, 0x61, 0x5f, 0x63, 0x65, + 0x72, 0x74, 0x69, 0x66, 0x69, 0x63, 0x61, 0x74, 0x65, 0x73, 0x18, 0x05, 0x20, 0x01, 0x28, 0x09, + 0x52, 0x0e, 0x63, 0x61, 0x43, 0x65, 0x72, 0x74, 0x69, 0x66, 0x69, 0x63, 0x61, 0x74, 0x65, 0x73, + 0x12, 0x15, 0x0a, 0x06, 0x63, 0x61, 0x5f, 0x63, 0x72, 0x6c, 0x18, 0x0d, 0x20, 0x01, 0x28, 0x09, + 0x52, 0x05, 0x63, 0x61, 0x43, 0x72, 0x6c, 0x12, 0x27, 0x0a, 0x0f, 0x63, 0x72, 0x65, 0x64, 0x65, + 0x6e, 0x74, 0x69, 0x61, 0x6c, 0x5f, 0x6e, 0x61, 0x6d, 0x65, 0x18, 0x0a, 0x20, 0x01, 0x28, 0x09, + 0x52, 0x0e, 0x63, 0x72, 0x65, 0x64, 0x65, 0x6e, 0x74, 0x69, 0x61, 0x6c, 0x4e, 0x61, 0x6d, 0x65, + 0x12, 0x2a, 0x0a, 0x11, 0x73, 0x75, 0x62, 0x6a, 0x65, 0x63, 0x74, 0x5f, 0x61, 0x6c, 0x74, 0x5f, + 0x6e, 0x61, 0x6d, 0x65, 0x73, 0x18, 0x06, 0x20, 0x03, 0x28, 0x09, 0x52, 0x0f, 0x73, 0x75, 0x62, + 0x6a, 0x65, 0x63, 0x74, 0x41, 0x6c, 0x74, 0x4e, 0x61, 0x6d, 0x65, 0x73, 0x12, 0x36, 0x0a, 0x17, + 0x76, 0x65, 0x72, 0x69, 0x66, 0x79, 0x5f, 0x63, 0x65, 0x72, 0x74, 0x69, 0x66, 0x69, 0x63, 0x61, + 0x74, 0x65, 0x5f, 0x73, 0x70, 0x6b, 0x69, 0x18, 0x0b, 0x20, 0x03, 0x28, 0x09, 0x52, 0x15, 0x76, + 0x65, 0x72, 0x69, 0x66, 0x79, 0x43, 0x65, 0x72, 0x74, 0x69, 0x66, 0x69, 0x63, 0x61, 0x74, 0x65, + 0x53, 0x70, 0x6b, 0x69, 0x12, 0x36, 0x0a, 0x17, 0x76, 0x65, 0x72, 0x69, 0x66, 0x79, 0x5f, 0x63, + 0x65, 0x72, 0x74, 0x69, 0x66, 0x69, 0x63, 0x61, 0x74, 0x65, 0x5f, 0x68, 0x61, 0x73, 0x68, 0x18, + 0x0c, 0x20, 0x03, 0x28, 0x09, 0x52, 0x15, 0x76, 0x65, 0x72, 0x69, 0x66, 0x79, 0x43, 0x65, 0x72, + 0x74, 0x69, 0x66, 0x69, 0x63, 0x61, 0x74, 0x65, 0x48, 0x61, 0x73, 0x68, 0x12, 0x6a, 0x0a, 0x14, + 0x6d, 0x69, 0x6e, 0x5f, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x63, 0x6f, 0x6c, 0x5f, 0x76, 0x65, 0x72, + 0x73, 0x69, 0x6f, 0x6e, 0x18, 0x07, 0x20, 0x01, 0x28, 0x0e, 0x32, 0x38, 0x2e, 0x69, 0x73, 0x74, + 0x69, 0x6f, 0x2e, 0x6e, 0x65, 0x74, 0x77, 0x6f, 0x72, 0x6b, 0x69, 0x6e, 0x67, 0x2e, 0x76, 0x31, + 0x61, 0x6c, 0x70, 0x68, 0x61, 0x33, 0x2e, 0x53, 0x65, 0x72, 0x76, 0x65, 0x72, 0x54, 0x4c, 0x53, + 0x53, 0x65, 0x74, 0x74, 0x69, 0x6e, 0x67, 0x73, 0x2e, 0x54, 0x4c, 0x53, 0x50, 0x72, 0x6f, 0x74, + 0x6f, 0x63, 0x6f, 0x6c, 0x52, 0x12, 0x6d, 0x69, 0x6e, 0x50, 0x72, 0x6f, 0x74, 0x6f, 0x63, 0x6f, + 0x6c, 0x56, 0x65, 0x72, 0x73, 0x69, 0x6f, 0x6e, 0x12, 0x6a, 0x0a, 0x14, 0x6d, 0x61, 0x78, 0x5f, + 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x63, 0x6f, 0x6c, 0x5f, 0x76, 0x65, 0x72, 0x73, 0x69, 0x6f, 0x6e, + 0x18, 0x08, 0x20, 0x01, 0x28, 0x0e, 0x32, 0x38, 0x2e, 0x69, 0x73, 0x74, 0x69, 0x6f, 0x2e, 0x6e, + 0x65, 0x74, 0x77, 0x6f, 0x72, 0x6b, 0x69, 0x6e, 0x67, 0x2e, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, + 0x61, 0x33, 0x2e, 0x53, 0x65, 0x72, 0x76, 0x65, 0x72, 0x54, 0x4c, 0x53, 0x53, 0x65, 0x74, 0x74, + 0x69, 0x6e, 0x67, 0x73, 0x2e, 0x54, 0x4c, 0x53, 0x50, 0x72, 0x6f, 0x74, 0x6f, 0x63, 0x6f, 0x6c, + 0x52, 0x12, 0x6d, 0x61, 0x78, 0x50, 0x72, 0x6f, 0x74, 0x6f, 0x63, 0x6f, 0x6c, 0x56, 0x65, 0x72, + 0x73, 0x69, 0x6f, 0x6e, 0x12, 0x23, 0x0a, 0x0d, 0x63, 0x69, 0x70, 0x68, 0x65, 0x72, 0x5f, 0x73, + 0x75, 0x69, 0x74, 0x65, 0x73, 0x18, 0x09, 0x20, 0x03, 0x28, 0x09, 0x52, 0x0c, 0x63, 0x69, 0x70, + 0x68, 0x65, 0x72, 0x53, 0x75, 0x69, 0x74, 0x65, 0x73, 0x22, 0x6f, 0x0a, 0x07, 0x54, 0x4c, 0x53, + 0x6d, 0x6f, 0x64, 0x65, 0x12, 0x0f, 0x0a, 0x0b, 0x50, 0x41, 0x53, 0x53, 0x54, 0x48, 0x52, 0x4f, + 0x55, 0x47, 0x48, 0x10, 0x00, 0x12, 0x0a, 0x0a, 0x06, 0x53, 0x49, 0x4d, 0x50, 0x4c, 0x45, 0x10, + 0x01, 0x12, 0x0a, 0x0a, 0x06, 0x4d, 0x55, 0x54, 0x55, 0x41, 0x4c, 0x10, 0x02, 0x12, 0x14, 0x0a, + 0x10, 0x41, 0x55, 0x54, 0x4f, 0x5f, 0x50, 0x41, 0x53, 0x53, 0x54, 0x48, 0x52, 0x4f, 0x55, 0x47, + 0x48, 0x10, 0x03, 0x12, 0x10, 0x0a, 0x0c, 0x49, 0x53, 0x54, 0x49, 0x4f, 0x5f, 0x4d, 0x55, 0x54, + 0x55, 0x41, 0x4c, 0x10, 0x04, 0x12, 0x13, 0x0a, 0x0f, 0x4f, 0x50, 0x54, 0x49, 0x4f, 0x4e, 0x41, + 0x4c, 0x5f, 0x4d, 0x55, 0x54, 0x55, 0x41, 0x4c, 0x10, 0x05, 0x22, 0x4f, 0x0a, 0x0b, 0x54, 0x4c, + 0x53, 0x50, 0x72, 0x6f, 0x74, 0x6f, 0x63, 0x6f, 0x6c, 0x12, 0x0c, 0x0a, 0x08, 0x54, 0x4c, 0x53, + 0x5f, 0x41, 0x55, 0x54, 0x4f, 0x10, 0x00, 0x12, 0x0b, 0x0a, 0x07, 0x54, 0x4c, 0x53, 0x56, 0x31, + 0x5f, 0x30, 0x10, 0x01, 0x12, 0x0b, 0x0a, 0x07, 0x54, 0x4c, 0x53, 0x56, 0x31, 0x5f, 0x31, 0x10, + 0x02, 0x12, 0x0b, 0x0a, 0x07, 0x54, 0x4c, 0x53, 0x56, 0x31, 0x5f, 0x32, 0x10, 0x03, 0x12, 0x0b, + 0x0a, 0x07, 0x54, 0x4c, 0x53, 0x56, 0x31, 0x5f, 0x33, 0x10, 0x04, 0x42, 0x22, 0x5a, 0x20, 0x69, + 0x73, 0x74, 0x69, 0x6f, 0x2e, 0x69, 0x6f, 0x2f, 0x61, 0x70, 0x69, 0x2f, 0x6e, 0x65, 0x74, 0x77, + 0x6f, 0x72, 0x6b, 0x69, 0x6e, 0x67, 0x2f, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x33, 0x62, + 0x06, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x33, } var ( - file_networking_v1beta1_gateway_proto_rawDescOnce sync.Once - file_networking_v1beta1_gateway_proto_rawDescData = file_networking_v1beta1_gateway_proto_rawDesc + file_networking_v1alpha3_gateway_proto_rawDescOnce sync.Once + file_networking_v1alpha3_gateway_proto_rawDescData = file_networking_v1alpha3_gateway_proto_rawDesc ) -func file_networking_v1beta1_gateway_proto_rawDescGZIP() []byte { - file_networking_v1beta1_gateway_proto_rawDescOnce.Do(func() { - file_networking_v1beta1_gateway_proto_rawDescData = protoimpl.X.CompressGZIP(file_networking_v1beta1_gateway_proto_rawDescData) +func file_networking_v1alpha3_gateway_proto_rawDescGZIP() []byte { + file_networking_v1alpha3_gateway_proto_rawDescOnce.Do(func() { + file_networking_v1alpha3_gateway_proto_rawDescData = protoimpl.X.CompressGZIP(file_networking_v1alpha3_gateway_proto_rawDescData) }) - return file_networking_v1beta1_gateway_proto_rawDescData + return file_networking_v1alpha3_gateway_proto_rawDescData } -var file_networking_v1beta1_gateway_proto_enumTypes = make([]protoimpl.EnumInfo, 2) -var file_networking_v1beta1_gateway_proto_msgTypes = make([]protoimpl.MessageInfo, 5) -var file_networking_v1beta1_gateway_proto_goTypes = []interface{}{ - (ServerTLSSettings_TLSmode)(0), // 0: istio.networking.v1beta1.ServerTLSSettings.TLSmode - (ServerTLSSettings_TLSProtocol)(0), // 1: istio.networking.v1beta1.ServerTLSSettings.TLSProtocol - (*Gateway)(nil), // 2: istio.networking.v1beta1.Gateway - (*Server)(nil), // 3: istio.networking.v1beta1.Server - (*Port)(nil), // 4: istio.networking.v1beta1.Port - (*ServerTLSSettings)(nil), // 5: istio.networking.v1beta1.ServerTLSSettings - nil, // 6: istio.networking.v1beta1.Gateway.SelectorEntry +var file_networking_v1alpha3_gateway_proto_enumTypes = make([]protoimpl.EnumInfo, 2) +var file_networking_v1alpha3_gateway_proto_msgTypes = make([]protoimpl.MessageInfo, 5) +var file_networking_v1alpha3_gateway_proto_goTypes = []any{ + (ServerTLSSettings_TLSmode)(0), // 0: istio.networking.v1alpha3.ServerTLSSettings.TLSmode + (ServerTLSSettings_TLSProtocol)(0), // 1: istio.networking.v1alpha3.ServerTLSSettings.TLSProtocol + (*Gateway)(nil), // 2: istio.networking.v1alpha3.Gateway + (*Server)(nil), // 3: istio.networking.v1alpha3.Server + (*Port)(nil), // 4: istio.networking.v1alpha3.Port + (*ServerTLSSettings)(nil), // 5: istio.networking.v1alpha3.ServerTLSSettings + nil, // 6: istio.networking.v1alpha3.Gateway.SelectorEntry } -var file_networking_v1beta1_gateway_proto_depIdxs = []int32{ - 3, // 0: istio.networking.v1beta1.Gateway.servers:type_name -> istio.networking.v1beta1.Server - 6, // 1: istio.networking.v1beta1.Gateway.selector:type_name -> istio.networking.v1beta1.Gateway.SelectorEntry - 4, // 2: istio.networking.v1beta1.Server.port:type_name -> istio.networking.v1beta1.Port - 5, // 3: istio.networking.v1beta1.Server.tls:type_name -> istio.networking.v1beta1.ServerTLSSettings - 0, // 4: istio.networking.v1beta1.ServerTLSSettings.mode:type_name -> istio.networking.v1beta1.ServerTLSSettings.TLSmode - 1, // 5: istio.networking.v1beta1.ServerTLSSettings.min_protocol_version:type_name -> istio.networking.v1beta1.ServerTLSSettings.TLSProtocol - 1, // 6: istio.networking.v1beta1.ServerTLSSettings.max_protocol_version:type_name -> istio.networking.v1beta1.ServerTLSSettings.TLSProtocol +var file_networking_v1alpha3_gateway_proto_depIdxs = []int32{ + 3, // 0: istio.networking.v1alpha3.Gateway.servers:type_name -> istio.networking.v1alpha3.Server + 6, // 1: istio.networking.v1alpha3.Gateway.selector:type_name -> istio.networking.v1alpha3.Gateway.SelectorEntry + 4, // 2: istio.networking.v1alpha3.Server.port:type_name -> istio.networking.v1alpha3.Port + 5, // 3: istio.networking.v1alpha3.Server.tls:type_name -> istio.networking.v1alpha3.ServerTLSSettings + 0, // 4: istio.networking.v1alpha3.ServerTLSSettings.mode:type_name -> istio.networking.v1alpha3.ServerTLSSettings.TLSmode + 1, // 5: istio.networking.v1alpha3.ServerTLSSettings.min_protocol_version:type_name -> istio.networking.v1alpha3.ServerTLSSettings.TLSProtocol + 1, // 6: istio.networking.v1alpha3.ServerTLSSettings.max_protocol_version:type_name -> istio.networking.v1alpha3.ServerTLSSettings.TLSProtocol 7, // [7:7] is the sub-list for method output_type 7, // [7:7] is the sub-list for method input_type 7, // [7:7] is the sub-list for extension type_name @@ -1295,78 +1095,28 @@ var file_networking_v1beta1_gateway_proto_depIdxs = []int32{ 0, // [0:7] is the sub-list for field type_name } -func init() { file_networking_v1beta1_gateway_proto_init() } -func file_networking_v1beta1_gateway_proto_init() { - if File_networking_v1beta1_gateway_proto != nil { +func init() { file_networking_v1alpha3_gateway_proto_init() } +func file_networking_v1alpha3_gateway_proto_init() { + if File_networking_v1alpha3_gateway_proto != nil { return } - if !protoimpl.UnsafeEnabled { - file_networking_v1beta1_gateway_proto_msgTypes[0].Exporter = func(v interface{}, i int) interface{} { - switch v := v.(*Gateway); i { - case 0: - return &v.state - case 1: - return &v.sizeCache - case 2: - return &v.unknownFields - default: - return nil - } - } - file_networking_v1beta1_gateway_proto_msgTypes[1].Exporter = func(v interface{}, i int) interface{} { - switch v := v.(*Server); i { - case 0: - return &v.state - case 1: - return &v.sizeCache - case 2: - return &v.unknownFields - default: - return nil - } - } - file_networking_v1beta1_gateway_proto_msgTypes[2].Exporter = func(v interface{}, i int) interface{} { - switch v := v.(*Port); i { - case 0: - return &v.state - case 1: - return &v.sizeCache - case 2: - return &v.unknownFields - default: - return nil - } - } - file_networking_v1beta1_gateway_proto_msgTypes[3].Exporter = func(v interface{}, i int) interface{} { - switch v := v.(*ServerTLSSettings); i { - case 0: - return &v.state - case 1: - return &v.sizeCache - case 2: - return &v.unknownFields - default: - return nil - } - } - } type x struct{} out := protoimpl.TypeBuilder{ File: protoimpl.DescBuilder{ GoPackagePath: reflect.TypeOf(x{}).PkgPath(), - RawDescriptor: file_networking_v1beta1_gateway_proto_rawDesc, + RawDescriptor: file_networking_v1alpha3_gateway_proto_rawDesc, NumEnums: 2, NumMessages: 5, NumExtensions: 0, NumServices: 0, }, - GoTypes: file_networking_v1beta1_gateway_proto_goTypes, - DependencyIndexes: file_networking_v1beta1_gateway_proto_depIdxs, - EnumInfos: file_networking_v1beta1_gateway_proto_enumTypes, - MessageInfos: file_networking_v1beta1_gateway_proto_msgTypes, + GoTypes: file_networking_v1alpha3_gateway_proto_goTypes, + DependencyIndexes: file_networking_v1alpha3_gateway_proto_depIdxs, + EnumInfos: file_networking_v1alpha3_gateway_proto_enumTypes, + MessageInfos: file_networking_v1alpha3_gateway_proto_msgTypes, }.Build() - File_networking_v1beta1_gateway_proto = out.File - file_networking_v1beta1_gateway_proto_rawDesc = nil - file_networking_v1beta1_gateway_proto_goTypes = nil - file_networking_v1beta1_gateway_proto_depIdxs = nil + File_networking_v1alpha3_gateway_proto = out.File + file_networking_v1alpha3_gateway_proto_rawDesc = nil + file_networking_v1alpha3_gateway_proto_goTypes = nil + file_networking_v1alpha3_gateway_proto_depIdxs = nil } diff --git a/vendor/istio.io/api/networking/v1alpha3/gateway.pb.html b/vendor/istio.io/api/networking/v1alpha3/gateway.pb.html new file mode 100644 index 000000000..be2b7d2e4 --- /dev/null +++ b/vendor/istio.io/api/networking/v1alpha3/gateway.pb.html @@ -0,0 +1,728 @@ +--- +title: Gateway +description: Configuration affecting edge load balancer. +location: https://istio.io/docs/reference/config/networking/gateway.html +layout: protoc-gen-docs +generator: protoc-gen-docs +schema: istio.networking.v1alpha3.Gateway +aliases: [/docs/reference/config/networking/v1alpha3/gateway] +number_of_entries: 6 +--- +

Gateway describes a load balancer operating at the edge of the mesh +receiving incoming or outgoing HTTP/TCP connections. The specification +describes a set of ports that should be exposed, the type of protocol to +use, SNI configuration for the load balancer, etc.

+

For example, the following Gateway configuration sets up a proxy to act +as a load balancer exposing port 80 and 9080 (http), 443 (https), +9443(https) and port 2379 (TCP) for ingress. The gateway will be +applied to the proxy running on a pod with labels app: my-gateway-controller. While Istio will configure the proxy to listen +on these ports, it is the responsibility of the user to ensure that +external traffic to these ports are allowed into the mesh.

+
apiVersion: networking.istio.io/v1
+kind: Gateway
+metadata:
+  name: my-gateway
+  namespace: some-config-namespace
+spec:
+  selector:
+    app: my-gateway-controller
+  servers:
+  - port:
+      number: 80
+      name: http
+      protocol: HTTP
+    hosts:
+    - uk.bookinfo.com
+    - eu.bookinfo.com
+    tls:
+      httpsRedirect: true # sends 301 redirect for http requests
+  - port:
+      number: 443
+      name: https-443
+      protocol: HTTPS
+    hosts:
+    - uk.bookinfo.com
+    - eu.bookinfo.com
+    tls:
+      mode: SIMPLE # enables HTTPS on this port
+      serverCertificate: /etc/certs/servercert.pem
+      privateKey: /etc/certs/privatekey.pem
+  - port:
+      number: 9443
+      name: https-9443
+      protocol: HTTPS
+    hosts:
+    - "bookinfo-namespace/*.bookinfo.com"
+    tls:
+      mode: SIMPLE # enables HTTPS on this port
+      credentialName: bookinfo-secret # fetches certs from Kubernetes secret
+  - port:
+      number: 9080
+      name: http-wildcard
+      protocol: HTTP
+    hosts:
+    - "*"
+  - port:
+      number: 2379 # to expose internal service via external port 2379
+      name: mongo
+      protocol: MONGO
+    hosts:
+    - "*"
+
+

The Gateway specification above describes the L4-L6 properties of a load +balancer. A VirtualService can then be bound to a gateway to control +the forwarding of traffic arriving at a particular host or gateway port.

+

For example, the following VirtualService splits traffic for +https://uk.bookinfo.com/reviews, https://eu.bookinfo.com/reviews, +http://uk.bookinfo.com:9080/reviews, +http://eu.bookinfo.com:9080/reviews into two versions (prod and qa) of +an internal reviews service on port 9080. In addition, requests +containing the cookie “user: dev-123” will be sent to special port 7777 +in the qa version. The same rule is also applicable inside the mesh for +requests to the “reviews.prod.svc.cluster.local” service. This rule is +applicable across ports 443, 9080. Note that http://uk.bookinfo.com +gets redirected to https://uk.bookinfo.com (i.e. 80 redirects to 443).

+
apiVersion: networking.istio.io/v1
+kind: VirtualService
+metadata:
+  name: bookinfo-rule
+  namespace: bookinfo-namespace
+spec:
+  hosts:
+  - reviews.prod.svc.cluster.local
+  - uk.bookinfo.com
+  - eu.bookinfo.com
+  gateways:
+  - some-config-namespace/my-gateway
+  - mesh # applies to all the sidecars in the mesh
+  http:
+  - match:
+    - headers:
+        cookie:
+          exact: "user=dev-123"
+    route:
+    - destination:
+        port:
+          number: 7777
+        host: reviews.qa.svc.cluster.local
+  - match:
+    - uri:
+        prefix: /reviews/
+    route:
+    - destination:
+        port:
+          number: 9080 # can be omitted if it's the only port for reviews
+        host: reviews.prod.svc.cluster.local
+      weight: 80
+    - destination:
+        host: reviews.qa.svc.cluster.local
+      weight: 20
+
+

The following VirtualService forwards traffic arriving at (external) +port 27017 to internal Mongo server on port 5555. This rule is not +applicable internally in the mesh as the gateway list omits the +reserved name mesh.

+
apiVersion: networking.istio.io/v1
+kind: VirtualService
+metadata:
+  name: bookinfo-mongo
+  namespace: bookinfo-namespace
+spec:
+  hosts:
+  - mongosvr.prod.svc.cluster.local # name of internal Mongo service
+  gateways:
+  - some-config-namespace/my-gateway # can omit the namespace if gateway is in same namespace as virtual service.
+  tcp:
+  - match:
+    - port: 27017
+    route:
+    - destination:
+        host: mongo.prod.svc.cluster.local
+        port:
+          number: 5555
+
+

It is possible to restrict the set of virtual services that can bind to +a gateway server using the namespace/hostname syntax in the hosts field. +For example, the following Gateway allows any virtual service in the ns1 +namespace to bind to it, while restricting only the virtual service with +foo.bar.com host in the ns2 namespace to bind to it.

+
apiVersion: networking.istio.io/v1
+kind: Gateway
+metadata:
+  name: my-gateway
+  namespace: some-config-namespace
+spec:
+  selector:
+    app: my-gateway-controller
+  servers:
+  - port:
+      number: 80
+      name: http
+      protocol: HTTP
+    hosts:
+    - "ns1/*"
+    - "ns2/foo.bar.com"
+
+ +

Gateway

+
+

Gateway describes a load balancer operating at the edge of the mesh +receiving incoming or outgoing HTTP/TCP connections.

+ + + + + + + + + + + + + + + + + + +
FieldDescription
servers
+
Server[]
+
 +

A list of server specifications.

+ +
selector
+
map<string, string>
+
 +

One or more labels that indicate a specific set of pods/VMs +on which this gateway configuration should be applied. +By default workloads are searched across all namespaces based on label selectors. +This implies that a gateway resource in the namespace “foo” can select pods in +the namespace “bar” based on labels. +This behavior can be controlled via the PILOT_SCOPE_GATEWAY_TO_NAMESPACE +environment variable in istiod. If this variable is set +to true, the scope of label search is restricted to the configuration +namespace in which the the resource is present. In other words, the Gateway +resource must reside in the same namespace as the gateway workload +instance. +If selector is nil, the Gateway will be applied to all workloads.

+ +
+
+

Server

+
+

Server describes the properties of the proxy on a given load balancer +port. For example,

+
apiVersion: networking.istio.io/v1
+kind: Gateway
+metadata:
+  name: my-ingress
+spec:
+  selector:
+    app: my-ingressgateway
+  servers:
+  - port:
+      number: 80
+      name: http2
+      protocol: HTTP2
+    hosts:
+    - "*"
+
+

Another example

+
apiVersion: networking.istio.io/v1
+kind: Gateway
+metadata:
+  name: my-tcp-ingress
+spec:
+  selector:
+    app: my-tcp-ingressgateway
+  servers:
+  - port:
+      number: 27018
+      name: mongo
+      protocol: MONGO
+    hosts:
+    - "*"
+
+

The following is an example of TLS configuration for port 443

+
apiVersion: networking.istio.io/v1
+kind: Gateway
+metadata:
+  name: my-tls-ingress
+spec:
+  selector:
+    app: my-tls-ingressgateway
+  servers:
+  - port:
+      number: 443
+      name: https
+      protocol: HTTPS
+    hosts:
+    - "*"
+    tls:
+      mode: SIMPLE
+      credentialName: tls-cert
+
+ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
FieldDescription
port
+
Port
+
Required
+
 +

The Port on which the proxy should listen for incoming +connections.

+ +
bind
+
string
+
 +

The ip or the Unix domain socket to which the listener should be bound +to. Format: x.x.x.x or unix:///path/to/uds or unix://@foobar +(Linux abstract namespace). When using Unix domain sockets, the port +number should be 0. +This can be used to restrict the reachability of this server to be gateway internal only. +This is typically used when a gateway needs to communicate to another mesh service +e.g. publishing metrics. In such case, the server created with the +specified bind will not be available to external gateway clients.

+ +
hosts
+
string[]
+
Required
+
 +

One or more hosts exposed by this gateway. +While typically applicable to +HTTP services, it can also be used for TCP services using TLS with SNI. +A host is specified as a dnsName with an optional namespace/ prefix. +The dnsName should be specified using FQDN format, optionally including +a wildcard character in the left-most component (e.g., prod/*.example.com). +Set the dnsName to * to select all VirtualService hosts from the +specified namespace (e.g.,prod/*).

+

The namespace can be set to * or ., representing any or the current +namespace, respectively. For example, */foo.example.com selects the +service from any available namespace while ./foo.example.com only selects +the service from the namespace of the sidecar. The default, if no namespace/ +is specified, is */, that is, select services from any namespace. +Any associated DestinationRule in the selected namespace will also be used.

+

A VirtualService must be bound to the gateway and must have one or +more hosts that match the hosts specified in a server. The match +could be an exact match or a suffix match with the server’s hosts. For +example, if the server’s hosts specifies *.example.com, a +VirtualService with hosts dev.example.com or prod.example.com will +match. However, a VirtualService with host example.com or +newexample.com will not match.

+

NOTE: Only virtual services exported to the gateway’s namespace +(e.g., exportTo value of *) can be referenced. +Private configurations (e.g., exportTo set to .) will not be +available. Refer to the exportTo setting in VirtualService, +DestinationRule, and ServiceEntry configurations for details.

+ +
tls
+
ServerTLSSettings
+
 +

Set of TLS related options that govern the server’s behavior. Use +these options to control if all http requests should be redirected to +https, and the TLS modes to use.

+ +
name
+
string
+
 +

An optional name of the server, when set must be unique across all servers. +This will be used for variety of purposes like prefixing stats generated with +this name etc.

+ +
+
+

Port

+
+

Port describes the properties of a specific port of a service.

+ + + + + + + + + + + + + + + + + + + + + + +
FieldDescription
number
+
uint32
+
Required
+
 +

A valid non-negative integer port number.

+ +
protocol
+
string
+
Required
+
 +

The protocol exposed on the port. +MUST be one of HTTP|HTTPS|GRPC|GRPC-WEB|HTTP2|MONGO|TCP|TLS. +TLS can be either used to terminate non-HTTP based connections on a specific port +or to route traffic based on SNI header to the destination without terminating the TLS connection.

+ +
name
+
string
+
Required
+
 +

Label assigned to the port.

+ +
+
+

ServerTLSSettings

+
+ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
FieldDescription
httpsRedirect
+
bool
+
 +

If set to true, the load balancer will send a 301 redirect for +all http connections, asking the clients to use HTTPS.

+ +
mode
+
TLSmode
+
 +

Indicates whether connections to this port should be +secured using TLS. The value of this field determines how TLS is +enforced.

+ +
serverCertificate
+
string
+
 +

REQUIRED if mode is SIMPLE or MUTUAL. The path to the file +holding the server-side TLS certificate to use.

+ +
privateKey
+
string
+
 +

REQUIRED if mode is SIMPLE or MUTUAL. The path to the file +holding the server’s private key.

+ +
caCertificates
+
string
+
 +

REQUIRED if mode is MUTUAL or OPTIONAL_MUTUAL. The path to a file +containing certificate authority certificates to use in verifying a presented +client side certificate.

+ +
caCrl
+
string
+
 +

OPTIONAL: The path to the file containing the certificate revocation list (CRL) +to use in verifying a presented client side certificate. CRL is a list of certificates +that have been revoked by the CA (Certificate Authority) before their scheduled expiration date. +If specified, the proxy will verify if the presented certificate is part of the revoked list of certificates. +If omitted, the proxy will not verify the certificate against the crl.

+ +
credentialName
+
string
+
 +

For gateways running on Kubernetes, the name of the secret that +holds the TLS certs including the CA certificates. Applicable +only on Kubernetes. An Opaque secret should contain the following +keys and values: tls.key: <privateKey> and tls.crt: <serverCert> or +key: <privateKey> and cert: <serverCert>. +For mutual TLS, cacert: <CACertificate> and crl: <CertificateRevocationList> +can be provided in the same secret or a separate secret named <secret>-cacert. +A TLS secret for server certificates with an additional tls.ocsp-staple key +for specifying OCSP staple information, ca.crt key for CA certificates +and ca.crl for certificate revocation list is also supported. +Only one of server certificates and CA certificate +or credentialName can be specified.

+ +
subjectAltNames
+
string[]
+
 +

A list of alternate names to verify the subject identity in the +certificate presented by the client. +Requires TLS mode to be set to MUTUAL.

+ +
verifyCertificateSpki
+
string[]
+
 +

An optional list of base64-encoded SHA-256 hashes of the SPKIs of +authorized client certificates. +Note: When both verify_certificate_hash and verify_certificate_spki +are specified, a hash matching either value will result in the +certificate being accepted.

+ +
verifyCertificateHash
+
string[]
+
 +

An optional list of hex-encoded SHA-256 hashes of the +authorized client certificates. Both simple and colon separated +formats are acceptable. +Note: When both verify_certificate_hash and verify_certificate_spki +are specified, a hash matching either value will result in the +certificate being accepted.

+ +
minProtocolVersion
+
TLSProtocol
+
 +

Minimum TLS protocol version. By default, it is TLSV1_2. +TLS protocol versions below TLSV1_2 require setting compatible ciphers with the +cipherSuites setting as they no longer include compatible ciphers.

+

Note: Using TLS protocol versions below TLSV1_2 has serious security risks.

+ +
maxProtocolVersion
+
TLSProtocol
+
 +

Maximum TLS protocol version.

+ +
cipherSuites
+
string[]
+
 +

If specified, only support the specified cipher list. +Otherwise default to the default cipher list supported by Envoy +as specified here. +The supported list of ciphers are:

+
    +
  • ECDHE-ECDSA-AES128-GCM-SHA256
    • +
  • ECDHE-RSA-AES128-GCM-SHA256
    • +
  • ECDHE-ECDSA-AES256-GCM-SHA384
    • +
  • ECDHE-RSA-AES256-GCM-SHA384
    • +
  • ECDHE-ECDSA-CHACHA20-POLY1305
    • +
  • ECDHE-RSA-CHACHA20-POLY1305
    • +
  • ECDHE-ECDSA-AES128-SHA
    • +
  • ECDHE-RSA-AES128-SHA
    • +
  • ECDHE-ECDSA-AES256-SHA
    • +
  • ECDHE-RSA-AES256-SHA
    • +
  • AES128-GCM-SHA256
    • +
  • AES256-GCM-SHA384
    • +
  • AES128-SHA
    • +
  • AES256-SHA
    • +
  • DES-CBC3-SHA
    • +
+ +
+
+

TLSmode

+
+

TLS modes enforced by the proxy

+ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
NameDescription
PASSTHROUGH +

The SNI string presented by the client will be used as the +match criterion in a VirtualService TLS route to determine +the destination service from the service registry.

+ +
SIMPLE +

Secure connections with standard TLS semantics. In this mode +client certificate is not requested during handshake.

+ +
MUTUAL +

Secure connections to the downstream using mutual TLS by +presenting server certificates for authentication. +A client certificate will also be requested during the handshake and +at least one valid certificate is required to be sent by the client.

+ +
AUTO_PASSTHROUGH +

Similar to the passthrough mode, except servers with this TLS +mode do not require an associated VirtualService to map from +the SNI value to service in the registry. The destination +details such as the service/subset/port are encoded in the +SNI value. The proxy will forward to the upstream (Envoy) +cluster (a group of endpoints) specified by the SNI +value. This server is typically used to provide connectivity +between services in disparate L3 networks that otherwise do +not have direct connectivity between their respective +endpoints. Use of this mode assumes that both the source and +the destination are using Istio mTLS to secure traffic.

+ +
ISTIO_MUTUAL +

Secure connections from the downstream using mutual TLS by +presenting server certificates for authentication. Compared +to Mutual mode, this mode uses certificates, representing +gateway workload identity, generated automatically by Istio +for mTLS authentication. When this mode is used, all other +fields in TLSOptions should be empty.

+ +
OPTIONAL_MUTUAL +

Similar to MUTUAL mode, except that the client certificate +is optional. Unlike SIMPLE mode, A client certificate will +still be explicitly requested during handshake, but the client +is not required to send a certificate. If a client certificate +is presented, it will be validated. ca_certificates should +be specified for validating client certificates.

+ +
+
+

TLSProtocol

+
+

TLS protocol versions.

+ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
NameDescription
TLS_AUTO +

Automatically choose the optimal TLS version.

+ +
TLSV1_0 +

TLS version 1.0

+ +
TLSV1_1 +

TLS version 1.1

+ +
TLSV1_2 +

TLS version 1.2

+ +
TLSV1_3 +

TLS version 1.3

+ +
+
diff --git a/vendor/istio.io/api/networking/v1beta1/gateway.proto b/vendor/istio.io/api/networking/v1alpha3/gateway.proto similarity index 70% rename from vendor/istio.io/api/networking/v1beta1/gateway.proto rename to vendor/istio.io/api/networking/v1alpha3/gateway.proto index 4204de402..448824a42 100644 --- a/vendor/istio.io/api/networking/v1beta1/gateway.proto +++ b/vendor/istio.io/api/networking/v1alpha3/gateway.proto @@ -1,4 +1,4 @@ -// Copyright 2020 Istio Authors +// Copyright 2017 Istio Authors // // Licensed under the Apache License, Version 2.0 (the "License"); // you may not use this file except in compliance with the License. @@ -16,12 +16,11 @@ syntax = "proto3"; import "google/api/field_behavior.proto"; -// $schema: istio.networking.v1beta1.Gateway +// $schema: istio.networking.v1alpha3.Gateway // $title: Gateway // $description: Configuration affecting edge load balancer. // $location: https://istio.io/docs/reference/config/networking/gateway.html -// $aliases: [/docs/reference/config/networking/v1beta1/gateway] -// $mode: none +// $aliases: [/docs/reference/config/networking/v1alpha3/gateway] // `Gateway` describes a load balancer operating at the edge of the mesh // receiving incoming or outgoing HTTP/TCP connections. The specification @@ -36,10 +35,8 @@ import "google/api/field_behavior.proto"; // on these ports, it is the responsibility of the user to ensure that // external traffic to these ports are allowed into the mesh. // -// {{}} -// {{}} // ```yaml -// apiVersion: networking.istio.io/v1alpha3 +// apiVersion: networking.istio.io/v1 // kind: Gateway // metadata: // name: my-gateway @@ -90,63 +87,6 @@ import "google/api/field_behavior.proto"; // hosts: // - "*" // ``` -// {{}} -// -// {{}} -// ```yaml -// apiVersion: networking.istio.io/v1beta1 -// kind: Gateway -// metadata: -// name: my-gateway -// namespace: some-config-namespace -// spec: -// selector: -// app: my-gateway-controller -// servers: -// - port: -// number: 80 -// name: http -// protocol: HTTP -// hosts: -// - uk.bookinfo.com -// - eu.bookinfo.com -// tls: -// httpsRedirect: true # sends 301 redirect for http requests -// - port: -// number: 443 -// name: https-443 -// protocol: HTTPS -// hosts: -// - uk.bookinfo.com -// - eu.bookinfo.com -// tls: -// mode: SIMPLE # enables HTTPS on this port -// serverCertificate: /etc/certs/servercert.pem -// privateKey: /etc/certs/privatekey.pem -// - port: -// number: 9443 -// name: https-9443 -// protocol: HTTPS -// hosts: -// - "bookinfo-namespace/*.bookinfo.com" -// tls: -// mode: SIMPLE # enables HTTPS on this port -// credentialName: bookinfo-secret # fetches certs from Kubernetes secret -// - port: -// number: 9080 -// name: http-wildcard -// protocol: HTTP -// hosts: -// - "*" -// - port: -// number: 2379 # to expose internal service via external port 2379 -// name: mongo -// protocol: MONGO -// hosts: -// - "*" -// ``` -// {{}} -// {{}} // // The Gateway specification above describes the L4-L6 properties of a load // balancer. A `VirtualService` can then be bound to a gateway to control @@ -163,10 +103,8 @@ import "google/api/field_behavior.proto"; // applicable across ports 443, 9080. Note that `http://uk.bookinfo.com` // gets redirected to `https://uk.bookinfo.com` (i.e. 80 redirects to 443). // -// {{}} -// {{}} // ```yaml -// apiVersion: networking.istio.io/v1alpha3 +// apiVersion: networking.istio.io/v1 // kind: VirtualService // metadata: // name: bookinfo-rule @@ -202,81 +140,14 @@ import "google/api/field_behavior.proto"; // host: reviews.qa.svc.cluster.local // weight: 20 // ``` -// {{}} -// -// {{}} -// ```yaml -// apiVersion: networking.istio.io/v1beta1 -// kind: VirtualService -// metadata: -// name: bookinfo-rule -// namespace: bookinfo-namespace -// spec: -// hosts: -// - reviews.prod.svc.cluster.local -// - uk.bookinfo.com -// - eu.bookinfo.com -// gateways: -// - some-config-namespace/my-gateway -// - mesh # applies to all the sidecars in the mesh -// http: -// - match: -// - headers: -// cookie: -// exact: "user=dev-123" -// route: -// - destination: -// port: -// number: 7777 -// host: reviews.qa.svc.cluster.local -// - match: -// - uri: -// prefix: /reviews/ -// route: -// - destination: -// port: -// number: 9080 # can be omitted if it's the only port for reviews -// host: reviews.prod.svc.cluster.local -// weight: 80 -// - destination: -// host: reviews.qa.svc.cluster.local -// weight: 20 -// ``` -// {{}} -// {{}} // // The following VirtualService forwards traffic arriving at (external) // port 27017 to internal Mongo server on port 5555. This rule is not // applicable internally in the mesh as the gateway list omits the // reserved name `mesh`. // -// {{}} -// {{}} -// ```yaml -// apiVersion: networking.istio.io/v1alpha3 -// kind: VirtualService -// metadata: -// name: bookinfo-mongo -// namespace: bookinfo-namespace -// spec: -// hosts: -// - mongosvr.prod.svc.cluster.local # name of internal Mongo service -// gateways: -// - some-config-namespace/my-gateway # can omit the namespace if gateway is in same namespace as virtual service. -// tcp: -// - match: -// - port: 27017 -// route: -// - destination: -// host: mongo.prod.svc.cluster.local -// port: -// number: 5555 -// ``` -// {{}} -// -// {{}} // ```yaml -// apiVersion: networking.istio.io/v1beta1 +// apiVersion: networking.istio.io/v1 // kind: VirtualService // metadata: // name: bookinfo-mongo @@ -295,8 +166,6 @@ import "google/api/field_behavior.proto"; // port: // number: 5555 // ``` -// {{}} -// {{}} // // It is possible to restrict the set of virtual services that can bind to // a gateway server using the namespace/hostname syntax in the hosts field. @@ -304,31 +173,8 @@ import "google/api/field_behavior.proto"; // namespace to bind to it, while restricting only the virtual service with // foo.bar.com host in the ns2 namespace to bind to it. // -// {{}} -// {{}} -// ```yaml -// apiVersion: networking.istio.io/v1alpha3 -// kind: Gateway -// metadata: -// name: my-gateway -// namespace: some-config-namespace -// spec: -// selector: -// app: my-gateway-controller -// servers: -// - port: -// number: 80 -// name: http -// protocol: HTTP -// hosts: -// - "ns1/*" -// - "ns2/foo.bar.com" -// ``` -// {{}} -// -// {{}} // ```yaml -// apiVersion: networking.istio.io/v1beta1 +// apiVersion: networking.istio.io/v1 // kind: Gateway // metadata: // name: my-gateway @@ -345,19 +191,17 @@ import "google/api/field_behavior.proto"; // - "ns1/*" // - "ns2/foo.bar.com" // ``` -// {{}} -// {{}} // -package istio.networking.v1beta1; +package istio.networking.v1alpha3; -option go_package = "istio.io/api/networking/v1beta1"; +option go_package = "istio.io/api/networking/v1alpha3"; // Gateway describes a load balancer operating at the edge of the mesh // receiving incoming or outgoing HTTP/TCP connections. // // -// message Gateway { // A list of server specifications. - repeated Server servers = 1 [(google.api.field_behavior) = REQUIRED]; + repeated Server servers = 1; // One or more labels that indicate a specific set of pods/VMs // on which this gateway configuration should be applied. @@ -391,16 +232,14 @@ message Gateway { // resource must reside in the same namespace as the gateway workload // instance. // If selector is nil, the Gateway will be applied to all workloads. - map selector = 2 [(google.api.field_behavior) = REQUIRED]; + map selector = 2; } // `Server` describes the properties of the proxy on a given load balancer // port. For example, // -// {{}} -// {{}} // ```yaml -// apiVersion: networking.istio.io/v1alpha3 +// apiVersion: networking.istio.io/v1 // kind: Gateway // metadata: // name: my-ingress @@ -415,53 +254,11 @@ message Gateway { // hosts: // - "*" // ``` -// {{}} -// -// {{}} -// ```yaml -// apiVersion: networking.istio.io/v1beta1 -// kind: Gateway -// metadata: -// name: my-ingress -// spec: -// selector: -// app: my-ingressgateway -// servers: -// - port: -// number: 80 -// name: http2 -// protocol: HTTP2 -// hosts: -// - "*" -// ``` -// {{}} -// {{}} // // Another example // -// {{}} -// {{}} -// ```yaml -// apiVersion: networking.istio.io/v1alpha3 -// kind: Gateway -// metadata: -// name: my-tcp-ingress -// spec: -// selector: -// app: my-tcp-ingressgateway -// servers: -// - port: -// number: 27018 -// name: mongo -// protocol: MONGO -// hosts: -// - "*" -// ``` -// {{}} -// -// {{}} // ```yaml -// apiVersion: networking.istio.io/v1beta1 +// apiVersion: networking.istio.io/v1 // kind: Gateway // metadata: // name: my-tcp-ingress @@ -476,15 +273,11 @@ message Gateway { // hosts: // - "*" // ``` -// {{}} -// {{}} // // The following is an example of TLS configuration for port 443 // -// {{}} -// {{}} // ```yaml -// apiVersion: networking.istio.io/v1alpha3 +// apiVersion: networking.istio.io/v1 // kind: Gateway // metadata: // name: my-tls-ingress @@ -502,30 +295,6 @@ message Gateway { // mode: SIMPLE // credentialName: tls-cert // ``` -// {{}} -// -// {{}} -// ```yaml -// apiVersion: networking.istio.io/v1beta1 -// kind: Gateway -// metadata: -// name: my-tls-ingress -// spec: -// selector: -// app: my-tls-ingressgateway -// servers: -// - port: -// number: 443 -// name: https -// protocol: HTTPS -// hosts: -// - "*" -// tls: -// mode: SIMPLE -// credentialName: tls-cert -// ``` -// {{}} -// {{}} // message Server { // The Port on which the proxy should listen for incoming @@ -597,9 +366,9 @@ message Port { uint32 number = 1 [(google.api.field_behavior) = REQUIRED]; // The protocol exposed on the port. - // MUST BE one of HTTP|HTTPS|GRPC|HTTP2|MONGO|TCP|TLS. - // TLS implies the connection will be routed based on the SNI header to - // the destination without terminating the TLS connection. + // MUST be one of HTTP|HTTPS|GRPC|GRPC-WEB|HTTP2|MONGO|TCP|TLS. + // TLS can be either used to terminate non-HTTP based connections on a specific port + // or to route traffic based on SNI header to the destination without terminating the TLS connection. string protocol = 2 [(google.api.field_behavior) = REQUIRED]; // Label assigned to the port. @@ -607,7 +376,8 @@ message Port { // The port number on the endpoint where the traffic will be // received. Applicable only when used with ServiceEntries. - uint32 target_port = 4; + // $hide_from_docs + uint32 target_port = 4 [deprecated=true]; } message ServerTLSSettings { @@ -622,11 +392,14 @@ message ServerTLSSettings { // the destination service from the service registry. PASSTHROUGH = 0; - // Secure connections with standard TLS semantics. + // Secure connections with standard TLS semantics. In this mode + // client certificate is not requested during handshake. SIMPLE = 1; // Secure connections to the downstream using mutual TLS by // presenting server certificates for authentication. + // A client certificate will also be requested during the handshake and + // at least one valid certificate is required to be sent by the client. MUTUAL = 2; // Similar to the passthrough mode, except servers with this TLS @@ -649,6 +422,14 @@ message ServerTLSSettings { // for mTLS authentication. When this mode is used, all other // fields in `TLSOptions` should be empty. ISTIO_MUTUAL = 4; + + // Similar to MUTUAL mode, except that the client certificate + // is optional. Unlike SIMPLE mode, A client certificate will + // still be explicitly requested during handshake, but the client + // is not required to send a certificate. If a client certificate + // is presented, it will be validated. ca_certificates should + // be specified for validating client certificates. + OPTIONAL_MUTUAL = 5; }; // Optional: Indicates whether connections to this port should be @@ -664,26 +445,35 @@ message ServerTLSSettings { // holding the server's private key. string private_key = 4; - // REQUIRED if mode is `MUTUAL`. The path to a file containing - // certificate authority certificates to use in verifying a presented + // REQUIRED if mode is `MUTUAL` or `OPTIONAL_MUTUAL`. The path to a file + // containing certificate authority certificates to use in verifying a presented // client side certificate. string ca_certificates = 5; + // OPTIONAL: The path to the file containing the certificate revocation list (CRL) + // to use in verifying a presented client side certificate. `CRL` is a list of certificates + // that have been revoked by the CA (Certificate Authority) before their scheduled expiration date. + // If specified, the proxy will verify if the presented certificate is part of the revoked list of certificates. + // If omitted, the proxy will not verify the certificate against the `crl`. + string ca_crl = 13; + // For gateways running on Kubernetes, the name of the secret that // holds the TLS certs including the CA certificates. Applicable - // only on Kubernetes. The secret (of type `generic`) should - // contain the following keys and values: `key: - // ` and `cert: `. For mutual TLS, - // `cacert: ` can be provided in the same secret or - // a separate secret named `-cacert`. - // Secret of type tls for server certificates along with - // ca.crt key for CA certificates is also supported. + // only on Kubernetes. An Opaque secret should contain the following + // keys and values: `tls.key: ` and `tls.crt: ` or + // `key: ` and `cert: `. + // For mutual TLS, `cacert: ` and `crl: ` + // can be provided in the same secret or a separate secret named `-cacert`. + // A TLS secret for server certificates with an additional `tls.ocsp-staple` key + // for specifying OCSP staple information, `ca.crt` key for CA certificates + // and `ca.crl` for certificate revocation list is also supported. // Only one of server certificates and CA certificate // or credentialName can be specified. string credential_name = 10; // A list of alternate names to verify the subject identity in the // certificate presented by the client. + // Requires TLS mode to be set to `MUTUAL`. repeated string subject_alt_names = 6; // An optional list of base64-encoded SHA-256 hashes of the SPKIs of @@ -730,6 +520,23 @@ message ServerTLSSettings { TLSProtocol max_protocol_version = 8; // Optional: If specified, only support the specified cipher list. - // Otherwise default to the default cipher list supported by Envoy. + // Otherwise default to the default cipher list supported by Envoy + // as specified [here](https://www.envoyproxy.io/docs/envoy/latest/api-v3/extensions/transport_sockets/tls/v3/common.proto). + // The supported list of ciphers are: + // * `ECDHE-ECDSA-AES128-GCM-SHA256` + // * `ECDHE-RSA-AES128-GCM-SHA256` + // * `ECDHE-ECDSA-AES256-GCM-SHA384` + // * `ECDHE-RSA-AES256-GCM-SHA384` + // * `ECDHE-ECDSA-CHACHA20-POLY1305` + // * `ECDHE-RSA-CHACHA20-POLY1305` + // * `ECDHE-ECDSA-AES128-SHA` + // * `ECDHE-RSA-AES128-SHA` + // * `ECDHE-ECDSA-AES256-SHA` + // * `ECDHE-RSA-AES256-SHA` + // * `AES128-GCM-SHA256` + // * `AES256-GCM-SHA384` + // * `AES128-SHA` + // * `AES256-SHA` + // * `DES-CBC3-SHA` repeated string cipher_suites = 9; } diff --git a/vendor/istio.io/api/networking/v1beta1/gateway_deepcopy.gen.go b/vendor/istio.io/api/networking/v1alpha3/gateway_deepcopy.gen.go similarity index 97% rename from vendor/istio.io/api/networking/v1beta1/gateway_deepcopy.gen.go rename to vendor/istio.io/api/networking/v1alpha3/gateway_deepcopy.gen.go index 1a4088603..9abd99580 100644 --- a/vendor/istio.io/api/networking/v1beta1/gateway_deepcopy.gen.go +++ b/vendor/istio.io/api/networking/v1alpha3/gateway_deepcopy.gen.go @@ -1,8 +1,8 @@ // Code generated by protoc-gen-deepcopy. DO NOT EDIT. -package v1beta1 +package v1alpha3 import ( - proto "github.com/golang/protobuf/proto" + proto "google.golang.org/protobuf/proto" ) // DeepCopyInto supports using Gateway within kubernetes types, where deepcopy-gen is used. diff --git a/vendor/istio.io/api/networking/v1beta1/gateway_json.gen.go b/vendor/istio.io/api/networking/v1alpha3/gateway_json.gen.go similarity index 99% rename from vendor/istio.io/api/networking/v1beta1/gateway_json.gen.go rename to vendor/istio.io/api/networking/v1alpha3/gateway_json.gen.go index 7f6c0b55f..8dd2ce87e 100644 --- a/vendor/istio.io/api/networking/v1beta1/gateway_json.gen.go +++ b/vendor/istio.io/api/networking/v1alpha3/gateway_json.gen.go @@ -1,5 +1,5 @@ // Code generated by protoc-gen-jsonshim. DO NOT EDIT. -package v1beta1 +package v1alpha3 import ( bytes "bytes" diff --git a/vendor/istio.io/api/networking/v1beta1/service_entry.pb.go b/vendor/istio.io/api/networking/v1alpha3/service_entry.pb.go similarity index 52% rename from vendor/istio.io/api/networking/v1beta1/service_entry.pb.go rename to vendor/istio.io/api/networking/v1alpha3/service_entry.pb.go index c81f5da66..7b5c8cc12 100644 --- a/vendor/istio.io/api/networking/v1beta1/service_entry.pb.go +++ b/vendor/istio.io/api/networking/v1alpha3/service_entry.pb.go @@ -1,4 +1,4 @@ -// Copyright 2020 Istio Authors +// Copyright 2018 Istio Authors // // Licensed under the Apache License, Version 2.0 (the "License"); // you may not use this file except in compliance with the License. @@ -14,16 +14,15 @@ // Code generated by protoc-gen-go. DO NOT EDIT. // versions: -// protoc-gen-go v1.28.1 +// protoc-gen-go v1.35.2 // protoc (unknown) -// source: networking/v1beta1/service_entry.proto +// source: networking/v1alpha3/service_entry.proto -// $schema: istio.networking.v1beta1.ServiceEntry +// $schema: istio.networking.v1alpha3.ServiceEntry // $title: Service Entry // $description: Configuration affecting service registry. // $location: https://istio.io/docs/reference/config/networking/service-entry.html -// $aliases: [/docs/reference/config/networking/v1beta1/service-entry] -// $mode: none +// $aliases: [/docs/reference/config/networking/v1alpha3/service-entry] // `ServiceEntry` enables adding additional entries into Istio's // internal service registry, so that auto-discovered services in the @@ -45,10 +44,8 @@ // applications over HTTPS. The sidecar inspects the SNI value in the // ClientHello message to route to the appropriate external service. // -// {{}} -// {{}} // ```yaml -// apiVersion: networking.istio.io/v1alpha3 +// apiVersion: networking.istio.io/v1 // kind: ServiceEntry // metadata: // name: external-svc-https @@ -64,61 +61,14 @@ // protocol: TLS // resolution: DNS // ``` -// {{}} -// -// {{}} -// ```yaml -// apiVersion: networking.istio.io/v1beta1 -// kind: ServiceEntry -// metadata: -// name: external-svc-https -// spec: -// hosts: -// - api.dropboxapi.com -// - www.googleapis.com -// - api.facebook.com -// location: MESH_EXTERNAL -// ports: -// - number: 443 -// name: https -// protocol: TLS -// resolution: DNS -// ``` -// {{}} -// {{}} // // The following configuration adds a set of MongoDB instances running on // unmanaged VMs to Istio's registry, so that these services can be treated // as any other service in the mesh. The associated DestinationRule is used // to initiate mTLS connections to the database instances. // -// {{}} -// {{}} -// ```yaml -// apiVersion: networking.istio.io/v1alpha3 -// kind: ServiceEntry -// metadata: -// name: external-svc-mongocluster -// spec: -// hosts: -// - mymongodb.somedomain # not used -// addresses: -// - 192.192.192.192/24 # VIPs -// ports: -// - number: 27018 -// name: mongodb -// protocol: MONGO -// location: MESH_INTERNAL -// resolution: STATIC -// endpoints: -// - address: 2.2.2.2 -// - address: 3.3.3.3 -// ``` -// {{}} -// -// {{}} // ```yaml -// apiVersion: networking.istio.io/v1beta1 +// apiVersion: networking.istio.io/v1 // kind: ServiceEntry // metadata: // name: external-svc-mongocluster @@ -137,15 +87,11 @@ // - address: 2.2.2.2 // - address: 3.3.3.3 // ``` -// {{}} -// {{}} // // and the associated DestinationRule // -// {{}} -// {{}} // ```yaml -// apiVersion: networking.istio.io/v1alpha3 +// apiVersion: networking.istio.io/v1 // kind: DestinationRule // metadata: // name: mtls-mongocluster @@ -158,34 +104,13 @@ // privateKey: /etc/certs/client_private_key.pem // caCertificates: /etc/certs/rootcacerts.pem // ``` -// {{}} -// -// {{}} -// ```yaml -// apiVersion: networking.istio.io/v1beta1 -// kind: DestinationRule -// metadata: -// name: mtls-mongocluster -// spec: -// host: mymongodb.somedomain -// trafficPolicy: -// tls: -// mode: MUTUAL -// clientCertificate: /etc/certs/myclientcert.pem -// privateKey: /etc/certs/client_private_key.pem -// caCertificates: /etc/certs/rootcacerts.pem -// ``` -// {{}} -// {{}} // // The following example uses a combination of service entry and TLS // routing in a virtual service to steer traffic based on the SNI value to // an internal egress firewall. // -// {{}} -// {{}} // ```yaml -// apiVersion: networking.istio.io/v1alpha3 +// apiVersion: networking.istio.io/v1 // kind: ServiceEntry // metadata: // name: external-svc-redirect @@ -200,34 +125,11 @@ // protocol: TLS // resolution: NONE // ``` -// {{}} -// -// {{}} -// ```yaml -// apiVersion: networking.istio.io/v1beta1 -// kind: ServiceEntry -// metadata: -// name: external-svc-redirect -// spec: -// hosts: -// - wikipedia.org -// - "*.wikipedia.org" -// location: MESH_EXTERNAL -// ports: -// - number: 443 -// name: https -// protocol: TLS -// resolution: NONE -// ``` -// {{}} -// {{}} // // And the associated VirtualService to route based on the SNI value. // -// {{}} -// {{}} // ```yaml -// apiVersion: networking.istio.io/v1alpha3 +// apiVersion: networking.istio.io/v1 // kind: VirtualService // metadata: // name: tls-routing @@ -244,29 +146,6 @@ // - destination: // host: internal-egress-firewall.ns1.svc.cluster.local // ``` -// {{}} -// -// {{}} -// ```yaml -// apiVersion: networking.istio.io/v1beta1 -// kind: VirtualService -// metadata: -// name: tls-routing -// spec: -// hosts: -// - wikipedia.org -// - "*.wikipedia.org" -// tls: -// - match: -// - sniHosts: -// - wikipedia.org -// - "*.wikipedia.org" -// route: -// - destination: -// host: internal-egress-firewall.ns1.svc.cluster.local -// ``` -// {{}} -// {{}} // // The virtual service with TLS match serves to override the default SNI // match. In the absence of a virtual service, traffic will be forwarded to @@ -280,10 +159,8 @@ // current namespace, represented by ".", so that it cannot be used by other // namespaces. // -// {{}} -// {{}} // ```yaml -// apiVersion: networking.istio.io/v1alpha3 +// apiVersion: networking.istio.io/v1 // kind: ServiceEntry // metadata: // name: external-svc-httpbin @@ -300,36 +177,11 @@ // protocol: HTTP // resolution: DNS // ``` -// {{}} -// -// {{}} -// ```yaml -// apiVersion: networking.istio.io/v1beta1 -// kind: ServiceEntry -// metadata: -// name: external-svc-httpbin -// namespace : egress -// spec: -// hosts: -// - example.com -// exportTo: -// - "." -// location: MESH_EXTERNAL -// ports: -// - number: 80 -// name: http -// protocol: HTTP -// resolution: DNS -// ``` -// {{}} -// {{}} // // Define a gateway to handle all egress traffic. // -// {{}} -// {{}} // ```yaml -// apiVersion: networking.istio.io/v1alpha3 +// apiVersion: networking.istio.io/v1 // kind: Gateway // metadata: // name: istio-egressgateway @@ -345,28 +197,6 @@ // hosts: // - "*" // ``` -// {{}} -// -// {{}} -// ```yaml -// apiVersion: networking.istio.io/v1beta1 -// kind: Gateway -// metadata: -// name: istio-egressgateway -// namespace: istio-system -// spec: -// selector: -// istio: egressgateway -// servers: -// - port: -// number: 80 -// name: http -// protocol: HTTP -// hosts: -// - "*" -// ``` -// {{}} -// {{}} // // And the associated `VirtualService` to route from the sidecar to the // gateway service (`istio-egressgateway.istio-system.svc.cluster.local`), as @@ -375,43 +205,8 @@ // through the gateway to the external service. Forcing traffic to go through // a managed middle proxy like this is a common practice. // -// {{}} -// {{}} -// ```yaml -// apiVersion: networking.istio.io/v1alpha3 -// kind: VirtualService -// metadata: -// name: gateway-routing -// namespace: egress -// spec: -// hosts: -// - example.com -// exportTo: -// - "*" -// gateways: -// - mesh -// - istio-egressgateway -// http: -// - match: -// - port: 80 -// gateways: -// - mesh -// route: -// - destination: -// host: istio-egressgateway.istio-system.svc.cluster.local -// - match: -// - port: 80 -// gateways: -// - istio-egressgateway -// route: -// - destination: -// host: example.com -// ``` -// {{}} -// -// {{}} // ```yaml -// apiVersion: networking.istio.io/v1beta1 +// apiVersion: networking.istio.io/v1 // kind: VirtualService // metadata: // name: gateway-routing @@ -440,18 +235,14 @@ // - destination: // host: example.com // ``` -// {{}} -// {{}} // // The following example demonstrates the use of wildcards in the hosts for // external services. If the connection has to be routed to the IP address // requested by the application (i.e. application resolves DNS and attempts -// to connect to a specific IP), the discovery mode must be set to `NONE`. +// to connect to a specific IP), the resolution mode must be set to `NONE`. // -// {{}} -// {{}} // ```yaml -// apiVersion: networking.istio.io/v1alpha3 +// apiVersion: networking.istio.io/v1 // kind: ServiceEntry // metadata: // name: external-svc-wildcard-example @@ -465,35 +256,13 @@ // protocol: HTTP // resolution: NONE // ``` -// {{}} -// -// {{}} -// ```yaml -// apiVersion: networking.istio.io/v1beta1 -// kind: ServiceEntry -// metadata: -// name: external-svc-wildcard-example -// spec: -// hosts: -// - "*.bar.com" -// location: MESH_EXTERNAL -// ports: -// - number: 80 -// name: http -// protocol: HTTP -// resolution: NONE -// ``` -// {{}} -// {{}} // // The following example demonstrates a service that is available via a // Unix Domain Socket on the host of the client. The resolution must be // set to STATIC to use Unix address endpoints. // -// {{}} -// {{}} // ```yaml -// apiVersion: networking.istio.io/v1alpha3 +// apiVersion: networking.istio.io/v1 // kind: ServiceEntry // metadata: // name: unix-domain-socket-example @@ -509,28 +278,6 @@ // endpoints: // - address: unix:///var/run/example/socket // ``` -// {{}} -// -// {{}} -// ```yaml -// apiVersion: networking.istio.io/v1beta1 -// kind: ServiceEntry -// metadata: -// name: unix-domain-socket-example -// spec: -// hosts: -// - "example.unix.local" -// location: MESH_EXTERNAL -// ports: -// - number: 80 -// name: http -// protocol: HTTP -// resolution: STATIC -// endpoints: -// - address: unix:///var/run/example/socket -// ``` -// {{}} -// {{}} // // For HTTP-based services, it is possible to create a `VirtualService` // backed by multiple DNS addressable endpoints. In such a scenario, the @@ -540,10 +287,8 @@ // service called foo.bar.com backed by three domains: us.foo.bar.com:8080, // uk.foo.bar.com:9080, and in.foo.bar.com:7080 // -// {{}} -// {{}} // ```yaml -// apiVersion: networking.istio.io/v1alpha3 +// apiVersion: networking.istio.io/v1 // kind: ServiceEntry // metadata: // name: external-svc-dns @@ -567,36 +312,6 @@ // ports: // http: 7080 // ``` -// {{}} -// -// {{}} -// ```yaml -// apiVersion: networking.istio.io/v1beta1 -// kind: ServiceEntry -// metadata: -// name: external-svc-dns -// spec: -// hosts: -// - foo.bar.com -// location: MESH_EXTERNAL -// ports: -// - number: 80 -// name: http -// protocol: HTTP -// resolution: DNS -// endpoints: -// - address: us.foo.bar.com -// ports: -// http: 8080 -// - address: uk.foo.bar.com -// ports: -// http: 9080 -// - address: in.foo.bar.com -// ports: -// http: 7080 -// ``` -// {{}} -// {{}} // // With `HTTP_PROXY=http://localhost/`, calls from the application to // `http://foo.bar.com` will be load balanced across the three domains @@ -607,10 +322,8 @@ // containing a subject alternate name // whose format conforms to the [SPIFFE standard](https://github.com/spiffe/spiffe/blob/master/standards/SPIFFE-ID.md): // -// {{}} -// {{}} // ```yaml -// apiVersion: networking.istio.io/v1alpha3 +// apiVersion: networking.istio.io/v1 // kind: ServiceEntry // metadata: // name: httpbin @@ -630,32 +343,6 @@ // subjectAltNames: // - "spiffe://cluster.local/ns/httpbin-ns/sa/httpbin-service-account" // ``` -// {{}} -// -// {{}} -// ```yaml -// apiVersion: networking.istio.io/v1beta1 -// kind: ServiceEntry -// metadata: -// name: httpbin -// namespace : httpbin-ns -// spec: -// hosts: -// - example.com -// location: MESH_INTERNAL -// ports: -// - number: 80 -// name: http -// protocol: HTTP -// resolution: STATIC -// endpoints: -// - address: 2.2.2.2 -// - address: 3.3.3.3 -// subjectAltNames: -// - "spiffe://cluster.local/ns/httpbin-ns/sa/httpbin-service-account" -// ``` -// {{}} -// {{}} // // The following example demonstrates the use of `ServiceEntry` with a // `workloadSelector` to handle the migration of a service @@ -663,42 +350,10 @@ // VM-based instances with sidecars as well as a set of Kubernetes // pods managed by a standard deployment object. Consumers of this // service in the mesh will be automatically load balanced across the -// VMs and Kubernetes. VM for the `details.bookinfo.com` -// service. This VM has sidecar installed and bootstrapped using the -// `details-legacy` service account. The sidecar receives HTTP traffic -// on port 80 (wrapped in istio mutual TLS) and forwards it to the -// application on the localhost on the same port. -// -// {{}} -// {{}} -// ```yaml -// apiVersion: networking.istio.io/v1alpha3 -// kind: WorkloadEntry -// metadata: -// name: details-vm-1 -// spec: -// serviceAccount: details -// address: 2.2.2.2 -// labels: -// app: details -// instance-id: vm1 -// --- -// apiVersion: networking.istio.io/v1alpha3 -// kind: WorkloadEntry -// metadata: -// name: details-vm-2 -// spec: -// serviceAccount: details -// address: 3.3.3.3 -// labels: -// app: details -// instance-id: vm2 -// ``` -// {{}} +// VMs and Kubernetes. // -// {{}} // ```yaml -// apiVersion: networking.istio.io/v1beta1 +// apiVersion: networking.istio.io/v1 // kind: WorkloadEntry // metadata: // name: details-vm-1 @@ -709,7 +364,7 @@ // app: details // instance-id: vm1 // --- -// apiVersion: networking.istio.io/v1beta1 +// apiVersion: networking.istio.io/v1 // kind: WorkloadEntry // metadata: // name: details-vm-2 @@ -720,18 +375,14 @@ // app: details // instance-id: vm2 // ``` -// {{}} -// {{}} // // Assuming there is also a Kubernetes deployment with pod labels // `app: details` using the same service account `details`, the // following service entry declares a service spanning both VMs and // Kubernetes: // -// {{}} -// {{}} // ```yaml -// apiVersion: networking.istio.io/v1alpha3 +// apiVersion: networking.istio.io/v1 // kind: ServiceEntry // metadata: // name: details-svc @@ -748,36 +399,15 @@ // labels: // app: details // ``` -// {{}} -// -// {{}} -// ```yaml -// apiVersion: networking.istio.io/v1beta1 -// kind: ServiceEntry -// metadata: -// name: details-svc -// spec: -// hosts: -// - details.bookinfo.com -// location: MESH_INTERNAL -// ports: -// - number: 80 -// name: http -// protocol: HTTP -// resolution: STATIC -// workloadSelector: -// labels: -// app: details -// ``` -// {{}} -// {{}} -package v1beta1 +package v1alpha3 import ( _ "google.golang.org/genproto/googleapis/api/annotations" protoreflect "google.golang.org/protobuf/reflect/protoreflect" protoimpl "google.golang.org/protobuf/runtime/protoimpl" + v1alpha11 "istio.io/api/analysis/v1alpha1" + v1alpha1 "istio.io/api/meta/v1alpha1" reflect "reflect" sync "sync" ) @@ -792,9 +422,7 @@ const ( // Location specifies whether the service is part of Istio mesh or // outside the mesh. Location determines the behavior of several // features, such as service-to-service mTLS authentication, policy -// enforcement, etc. When communicating with services outside the mesh, -// Istio's mTLS authentication is disabled, and policy enforcement is -// performed on the client-side as opposed to server-side. +// enforcement, etc. type ServiceEntry_Location int32 const ( @@ -831,11 +459,11 @@ func (x ServiceEntry_Location) String() string { } func (ServiceEntry_Location) Descriptor() protoreflect.EnumDescriptor { - return file_networking_v1beta1_service_entry_proto_enumTypes[0].Descriptor() + return file_networking_v1alpha3_service_entry_proto_enumTypes[0].Descriptor() } func (ServiceEntry_Location) Type() protoreflect.EnumType { - return &file_networking_v1beta1_service_entry_proto_enumTypes[0] + return &file_networking_v1alpha3_service_entry_proto_enumTypes[0] } func (x ServiceEntry_Location) Number() protoreflect.EnumNumber { @@ -844,7 +472,7 @@ func (x ServiceEntry_Location) Number() protoreflect.EnumNumber { // Deprecated: Use ServiceEntry_Location.Descriptor instead. func (ServiceEntry_Location) EnumDescriptor() ([]byte, []int) { - return file_networking_v1beta1_service_entry_proto_rawDescGZIP(), []int{0, 0} + return file_networking_v1alpha3_service_entry_proto_rawDescGZIP(), []int{0, 0} } // Resolution determines how the proxy will resolve the IP addresses of @@ -917,11 +545,11 @@ func (x ServiceEntry_Resolution) String() string { } func (ServiceEntry_Resolution) Descriptor() protoreflect.EnumDescriptor { - return file_networking_v1beta1_service_entry_proto_enumTypes[1].Descriptor() + return file_networking_v1alpha3_service_entry_proto_enumTypes[1].Descriptor() } func (ServiceEntry_Resolution) Type() protoreflect.EnumType { - return &file_networking_v1beta1_service_entry_proto_enumTypes[1] + return &file_networking_v1alpha3_service_entry_proto_enumTypes[1] } func (x ServiceEntry_Resolution) Number() protoreflect.EnumNumber { @@ -930,7 +558,7 @@ func (x ServiceEntry_Resolution) Number() protoreflect.EnumNumber { // Deprecated: Use ServiceEntry_Resolution.Descriptor instead. func (ServiceEntry_Resolution) EnumDescriptor() ([]byte, []int) { - return file_networking_v1beta1_service_entry_proto_rawDescGZIP(), []int{0, 1} + return file_networking_v1alpha3_service_entry_proto_rawDescGZIP(), []int{0, 1} } // ServiceEntry enables adding additional entries into Istio's internal @@ -938,7 +566,7 @@ func (ServiceEntry_Resolution) EnumDescriptor() ([]byte, []int) { // // // // -// +// +kubebuilder:validation:XValidation:message="only one of WorkloadSelector or Endpoints can be set",rule="(has(self.workloadSelector)?1:0)+(has(self.endpoints)?1:0)<=1" +// +kubebuilder:validation:XValidation:message="CIDR addresses are allowed only for NONE/STATIC resolution types",rule="!(has(self.addresses) && self.addresses.exists(k, k.contains('/')) && (has(self.resolution) && self.resolution != 'STATIC' && self.resolution != 'NONE'))" +// +kubebuilder:validation:XValidation:message="NONE mode cannot set endpoints",rule="(!has(self.resolution) || self.resolution == 'NONE') ? !has(self.endpoints) : true" +// +kubebuilder:validation:XValidation:message="DNS_ROUND_ROBIN mode cannot have multiple endpoints",rule="(has(self.resolution) && self.resolution == 'DNS_ROUND_ROBIN') ? (!has(self.endpoints) || size(self.endpoints) == 1) : true" type ServiceEntry struct { state protoimpl.MessageState sizeCache protoimpl.SizeCache @@ -987,12 +618,16 @@ type ServiceEntry struct { // supplies its own set of endpoints, the ServiceEntry will be // treated as a decorator of the existing Kubernetes // service. Properties in the service entry will be added to the - // Kubernetes service if applicable. Currently, the only the - // following additional properties will be considered by `istiod`: + // Kubernetes service if applicable. Currently, only the following + // additional properties will be considered by `istiod`: // // 1. subjectAltNames: In addition to verifying the SANs of the // service accounts associated with the pods of the service, the // SANs specified here will also be verified. + // + // +kubebuilder:validation:MinItems=1 + // +kubebuilder:validation:MaxItems=256 + // +protoc-gen-crd:list-value-validation:XValidation:message="hostname cannot be wildcard",rule="self != '*'" Hosts []string `protobuf:"bytes,1,rep,name=hosts,proto3" json:"hosts,omitempty"` // The virtual IP addresses associated with the service. Could be CIDR // prefix. For HTTP traffic, generated route configurations will include http route @@ -1008,21 +643,28 @@ type ServiceEntry struct { // simple TCP proxy, forwarding incoming traffic on a specified port to // the specified destination endpoint IP/host. Unix domain socket // addresses are not supported in this field. + // +kubebuilder:validation:MaxItems=256 + // +protoc-gen-crd:list-value-validation:MaxLength=64 Addresses []string `protobuf:"bytes,2,rep,name=addresses,proto3" json:"addresses,omitempty"` // The ports associated with the external service. If the // Endpoints are Unix domain socket addresses, there must be exactly one // port. - Ports []*Port `protobuf:"bytes,3,rep,name=ports,proto3" json:"ports,omitempty"` + // +listType=map + // +listMapKey=name + // +kubebuilder:validation:MaxItems=256 + // +kubebuilder:validation:XValidation:message="port number cannot be duplicated",rule="self.all(l1, self.exists_one(l2, l1.number == l2.number))" + Ports []*ServicePort `protobuf:"bytes,3,rep,name=ports,proto3" json:"ports,omitempty"` // Specify whether the service should be considered external to the mesh // or part of the mesh. - Location ServiceEntry_Location `protobuf:"varint,4,opt,name=location,proto3,enum=istio.networking.v1beta1.ServiceEntry_Location" json:"location,omitempty"` - // Service discovery mode for the hosts. Care must be taken + Location ServiceEntry_Location `protobuf:"varint,4,opt,name=location,proto3,enum=istio.networking.v1alpha3.ServiceEntry_Location" json:"location,omitempty"` + // Service resolution mode for the hosts. Care must be taken // when setting the resolution mode to NONE for a TCP port without // accompanying IP addresses. In such cases, traffic to any IP on // said port will be allowed (i.e. `0.0.0.0:`). - Resolution ServiceEntry_Resolution `protobuf:"varint,5,opt,name=resolution,proto3,enum=istio.networking.v1beta1.ServiceEntry_Resolution" json:"resolution,omitempty"` + Resolution ServiceEntry_Resolution `protobuf:"varint,5,opt,name=resolution,proto3,enum=istio.networking.v1alpha3.ServiceEntry_Resolution" json:"resolution,omitempty"` // One or more endpoints associated with the service. Only one of // `endpoints` or `workloadSelector` can be specified. + // +kubebuilder:validation:MaxItems=4096 Endpoints []*WorkloadEntry `protobuf:"bytes,6,rep,name=endpoints,proto3" json:"endpoints,omitempty"` // Applicable only for MESH_INTERNAL services. Only one of // `endpoints` or `workloadSelector` can be specified. Selects one @@ -1060,11 +702,9 @@ type ServiceEntry struct { func (x *ServiceEntry) Reset() { *x = ServiceEntry{} - if protoimpl.UnsafeEnabled { - mi := &file_networking_v1beta1_service_entry_proto_msgTypes[0] - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - ms.StoreMessageInfo(mi) - } + mi := &file_networking_v1alpha3_service_entry_proto_msgTypes[0] + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + ms.StoreMessageInfo(mi) } func (x *ServiceEntry) String() string { @@ -1074,8 +714,8 @@ func (x *ServiceEntry) String() string { func (*ServiceEntry) ProtoMessage() {} func (x *ServiceEntry) ProtoReflect() protoreflect.Message { - mi := &file_networking_v1beta1_service_entry_proto_msgTypes[0] - if protoimpl.UnsafeEnabled && x != nil { + mi := &file_networking_v1alpha3_service_entry_proto_msgTypes[0] + if x != nil { ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) if ms.LoadMessageInfo() == nil { ms.StoreMessageInfo(mi) @@ -1087,7 +727,7 @@ func (x *ServiceEntry) ProtoReflect() protoreflect.Message { // Deprecated: Use ServiceEntry.ProtoReflect.Descriptor instead. func (*ServiceEntry) Descriptor() ([]byte, []int) { - return file_networking_v1beta1_service_entry_proto_rawDescGZIP(), []int{0} + return file_networking_v1alpha3_service_entry_proto_rawDescGZIP(), []int{0} } func (x *ServiceEntry) GetHosts() []string { @@ -1104,7 +744,7 @@ func (x *ServiceEntry) GetAddresses() []string { return nil } -func (x *ServiceEntry) GetPorts() []*Port { +func (x *ServiceEntry) GetPorts() []*ServicePort { if x != nil { return x.Ports } @@ -1153,142 +793,390 @@ func (x *ServiceEntry) GetSubjectAltNames() []string { return nil } -var File_networking_v1beta1_service_entry_proto protoreflect.FileDescriptor - -var file_networking_v1beta1_service_entry_proto_rawDesc = []byte{ - 0x0a, 0x26, 0x6e, 0x65, 0x74, 0x77, 0x6f, 0x72, 0x6b, 0x69, 0x6e, 0x67, 0x2f, 0x76, 0x31, 0x62, - 0x65, 0x74, 0x61, 0x31, 0x2f, 0x73, 0x65, 0x72, 0x76, 0x69, 0x63, 0x65, 0x5f, 0x65, 0x6e, 0x74, - 0x72, 0x79, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x12, 0x18, 0x69, 0x73, 0x74, 0x69, 0x6f, 0x2e, - 0x6e, 0x65, 0x74, 0x77, 0x6f, 0x72, 0x6b, 0x69, 0x6e, 0x67, 0x2e, 0x76, 0x31, 0x62, 0x65, 0x74, - 0x61, 0x31, 0x1a, 0x1f, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2f, 0x61, 0x70, 0x69, 0x2f, 0x66, - 0x69, 0x65, 0x6c, 0x64, 0x5f, 0x62, 0x65, 0x68, 0x61, 0x76, 0x69, 0x6f, 0x72, 0x2e, 0x70, 0x72, - 0x6f, 0x74, 0x6f, 0x1a, 0x20, 0x6e, 0x65, 0x74, 0x77, 0x6f, 0x72, 0x6b, 0x69, 0x6e, 0x67, 0x2f, - 0x76, 0x31, 0x62, 0x65, 0x74, 0x61, 0x31, 0x2f, 0x67, 0x61, 0x74, 0x65, 0x77, 0x61, 0x79, 0x2e, - 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x1a, 0x20, 0x6e, 0x65, 0x74, 0x77, 0x6f, 0x72, 0x6b, 0x69, 0x6e, - 0x67, 0x2f, 0x76, 0x31, 0x62, 0x65, 0x74, 0x61, 0x31, 0x2f, 0x73, 0x69, 0x64, 0x65, 0x63, 0x61, - 0x72, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x1a, 0x27, 0x6e, 0x65, 0x74, 0x77, 0x6f, 0x72, 0x6b, - 0x69, 0x6e, 0x67, 0x2f, 0x76, 0x31, 0x62, 0x65, 0x74, 0x61, 0x31, 0x2f, 0x77, 0x6f, 0x72, 0x6b, - 0x6c, 0x6f, 0x61, 0x64, 0x5f, 0x65, 0x6e, 0x74, 0x72, 0x79, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, - 0x22, 0x87, 0x05, 0x0a, 0x0c, 0x53, 0x65, 0x72, 0x76, 0x69, 0x63, 0x65, 0x45, 0x6e, 0x74, 0x72, - 0x79, 0x12, 0x1a, 0x0a, 0x05, 0x68, 0x6f, 0x73, 0x74, 0x73, 0x18, 0x01, 0x20, 0x03, 0x28, 0x09, - 0x42, 0x04, 0xe2, 0x41, 0x01, 0x02, 0x52, 0x05, 0x68, 0x6f, 0x73, 0x74, 0x73, 0x12, 0x1c, 0x0a, - 0x09, 0x61, 0x64, 0x64, 0x72, 0x65, 0x73, 0x73, 0x65, 0x73, 0x18, 0x02, 0x20, 0x03, 0x28, 0x09, - 0x52, 0x09, 0x61, 0x64, 0x64, 0x72, 0x65, 0x73, 0x73, 0x65, 0x73, 0x12, 0x3a, 0x0a, 0x05, 0x70, - 0x6f, 0x72, 0x74, 0x73, 0x18, 0x03, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x1e, 0x2e, 0x69, 0x73, 0x74, +// ServicePort describes the properties of a specific port of a service. +type ServicePort struct { + state protoimpl.MessageState + sizeCache protoimpl.SizeCache + unknownFields protoimpl.UnknownFields + + // A valid non-negative integer port number. + // +kubebuilder:validation:XValidation:message="port must be between 1-65535",rule="0 < self && self <= 65535" + Number uint32 `protobuf:"varint,1,opt,name=number,proto3" json:"number,omitempty"` + // The protocol exposed on the port. + // MUST be one of HTTP|HTTPS|GRPC|HTTP2|MONGO|TCP|TLS. + // TLS implies the connection will be routed based on the SNI header to + // the destination without terminating the TLS connection. + // +kubebuilder:validation:MaxLength=256 + Protocol string `protobuf:"bytes,2,opt,name=protocol,proto3" json:"protocol,omitempty"` + // Label assigned to the port. + // +kubebuilder:validation:MaxLength=256 + Name string `protobuf:"bytes,3,opt,name=name,proto3" json:"name,omitempty"` + // The port number on the endpoint where the traffic will be + // received. If unset, default to `number`. + // +kubebuilder:validation:XValidation:message="port must be between 1-65535",rule="0 < self && self <= 65535" + TargetPort uint32 `protobuf:"varint,4,opt,name=target_port,json=targetPort,proto3" json:"target_port,omitempty"` +} + +func (x *ServicePort) Reset() { + *x = ServicePort{} + mi := &file_networking_v1alpha3_service_entry_proto_msgTypes[1] + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + ms.StoreMessageInfo(mi) +} + +func (x *ServicePort) String() string { + return protoimpl.X.MessageStringOf(x) +} + +func (*ServicePort) ProtoMessage() {} + +func (x *ServicePort) ProtoReflect() protoreflect.Message { + mi := &file_networking_v1alpha3_service_entry_proto_msgTypes[1] + if x != nil { + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + if ms.LoadMessageInfo() == nil { + ms.StoreMessageInfo(mi) + } + return ms + } + return mi.MessageOf(x) +} + +// Deprecated: Use ServicePort.ProtoReflect.Descriptor instead. +func (*ServicePort) Descriptor() ([]byte, []int) { + return file_networking_v1alpha3_service_entry_proto_rawDescGZIP(), []int{1} +} + +func (x *ServicePort) GetNumber() uint32 { + if x != nil { + return x.Number + } + return 0 +} + +func (x *ServicePort) GetProtocol() string { + if x != nil { + return x.Protocol + } + return "" +} + +func (x *ServicePort) GetName() string { + if x != nil { + return x.Name + } + return "" +} + +func (x *ServicePort) GetTargetPort() uint32 { + if x != nil { + return x.TargetPort + } + return 0 +} + +type ServiceEntryStatus struct { + state protoimpl.MessageState + sizeCache protoimpl.SizeCache + unknownFields protoimpl.UnknownFields + + // Current service state of ServiceEntry. + // More info: https://istio.io/docs/reference/config/config-status/ + // +optional + // +patchMergeKey=type + // +patchStrategy=merge + Conditions []*v1alpha1.IstioCondition `protobuf:"bytes,1,rep,name=conditions,proto3" json:"conditions,omitempty"` + // Includes any errors or warnings detected by Istio's analyzers. + // +optional + // +patchMergeKey=type + // +patchStrategy=merge + ValidationMessages []*v1alpha11.AnalysisMessageBase `protobuf:"bytes,2,rep,name=validation_messages,json=validationMessages,proto3" json:"validation_messages,omitempty"` + // Resource Generation to which the Reconciled Condition refers. + // When this value is not equal to the object's metadata generation, reconciled condition calculation for the current + // generation is still in progress. See https://istio.io/latest/docs/reference/config/config-status/ for more info. + // +optional + ObservedGeneration int64 `protobuf:"varint,3,opt,name=observed_generation,json=observedGeneration,proto3" json:"observed_generation,omitempty"` + // List of addresses which were assigned to this ServiceEntry. + // +optional + Addresses []*ServiceEntryAddress `protobuf:"bytes,10,rep,name=addresses,proto3" json:"addresses,omitempty"` +} + +func (x *ServiceEntryStatus) Reset() { + *x = ServiceEntryStatus{} + mi := &file_networking_v1alpha3_service_entry_proto_msgTypes[2] + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + ms.StoreMessageInfo(mi) +} + +func (x *ServiceEntryStatus) String() string { + return protoimpl.X.MessageStringOf(x) +} + +func (*ServiceEntryStatus) ProtoMessage() {} + +func (x *ServiceEntryStatus) ProtoReflect() protoreflect.Message { + mi := &file_networking_v1alpha3_service_entry_proto_msgTypes[2] + if x != nil { + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + if ms.LoadMessageInfo() == nil { + ms.StoreMessageInfo(mi) + } + return ms + } + return mi.MessageOf(x) +} + +// Deprecated: Use ServiceEntryStatus.ProtoReflect.Descriptor instead. +func (*ServiceEntryStatus) Descriptor() ([]byte, []int) { + return file_networking_v1alpha3_service_entry_proto_rawDescGZIP(), []int{2} +} + +func (x *ServiceEntryStatus) GetConditions() []*v1alpha1.IstioCondition { + if x != nil { + return x.Conditions + } + return nil +} + +func (x *ServiceEntryStatus) GetValidationMessages() []*v1alpha11.AnalysisMessageBase { + if x != nil { + return x.ValidationMessages + } + return nil +} + +func (x *ServiceEntryStatus) GetObservedGeneration() int64 { + if x != nil { + return x.ObservedGeneration + } + return 0 +} + +func (x *ServiceEntryStatus) GetAddresses() []*ServiceEntryAddress { + if x != nil { + return x.Addresses + } + return nil +} + +// A minor abstraction to allow for adding hostnames if relevant. +type ServiceEntryAddress struct { + state protoimpl.MessageState + sizeCache protoimpl.SizeCache + unknownFields protoimpl.UnknownFields + + // The address (e.g. 192.168.0.2) + Value string `protobuf:"bytes,1,opt,name=value,proto3" json:"value,omitempty"` + // The host name associated with this address + Host string `protobuf:"bytes,2,opt,name=host,proto3" json:"host,omitempty"` +} + +func (x *ServiceEntryAddress) Reset() { + *x = ServiceEntryAddress{} + mi := &file_networking_v1alpha3_service_entry_proto_msgTypes[3] + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + ms.StoreMessageInfo(mi) +} + +func (x *ServiceEntryAddress) String() string { + return protoimpl.X.MessageStringOf(x) +} + +func (*ServiceEntryAddress) ProtoMessage() {} + +func (x *ServiceEntryAddress) ProtoReflect() protoreflect.Message { + mi := &file_networking_v1alpha3_service_entry_proto_msgTypes[3] + if x != nil { + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + if ms.LoadMessageInfo() == nil { + ms.StoreMessageInfo(mi) + } + return ms + } + return mi.MessageOf(x) +} + +// Deprecated: Use ServiceEntryAddress.ProtoReflect.Descriptor instead. +func (*ServiceEntryAddress) Descriptor() ([]byte, []int) { + return file_networking_v1alpha3_service_entry_proto_rawDescGZIP(), []int{3} +} + +func (x *ServiceEntryAddress) GetValue() string { + if x != nil { + return x.Value + } + return "" +} + +func (x *ServiceEntryAddress) GetHost() string { + if x != nil { + return x.Host + } + return "" +} + +var File_networking_v1alpha3_service_entry_proto protoreflect.FileDescriptor + +var file_networking_v1alpha3_service_entry_proto_rawDesc = []byte{ + 0x0a, 0x27, 0x6e, 0x65, 0x74, 0x77, 0x6f, 0x72, 0x6b, 0x69, 0x6e, 0x67, 0x2f, 0x76, 0x31, 0x61, + 0x6c, 0x70, 0x68, 0x61, 0x33, 0x2f, 0x73, 0x65, 0x72, 0x76, 0x69, 0x63, 0x65, 0x5f, 0x65, 0x6e, + 0x74, 0x72, 0x79, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x12, 0x19, 0x69, 0x73, 0x74, 0x69, 0x6f, + 0x2e, 0x6e, 0x65, 0x74, 0x77, 0x6f, 0x72, 0x6b, 0x69, 0x6e, 0x67, 0x2e, 0x76, 0x31, 0x61, 0x6c, + 0x70, 0x68, 0x61, 0x33, 0x1a, 0x1f, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2f, 0x61, 0x70, 0x69, + 0x2f, 0x66, 0x69, 0x65, 0x6c, 0x64, 0x5f, 0x62, 0x65, 0x68, 0x61, 0x76, 0x69, 0x6f, 0x72, 0x2e, + 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x1a, 0x21, 0x6e, 0x65, 0x74, 0x77, 0x6f, 0x72, 0x6b, 0x69, 0x6e, + 0x67, 0x2f, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x33, 0x2f, 0x73, 0x69, 0x64, 0x65, 0x63, + 0x61, 0x72, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x1a, 0x28, 0x6e, 0x65, 0x74, 0x77, 0x6f, 0x72, + 0x6b, 0x69, 0x6e, 0x67, 0x2f, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x33, 0x2f, 0x77, 0x6f, + 0x72, 0x6b, 0x6c, 0x6f, 0x61, 0x64, 0x5f, 0x65, 0x6e, 0x74, 0x72, 0x79, 0x2e, 0x70, 0x72, 0x6f, + 0x74, 0x6f, 0x1a, 0x1f, 0x61, 0x6e, 0x61, 0x6c, 0x79, 0x73, 0x69, 0x73, 0x2f, 0x76, 0x31, 0x61, + 0x6c, 0x70, 0x68, 0x61, 0x31, 0x2f, 0x6d, 0x65, 0x73, 0x73, 0x61, 0x67, 0x65, 0x2e, 0x70, 0x72, + 0x6f, 0x74, 0x6f, 0x1a, 0x1a, 0x6d, 0x65, 0x74, 0x61, 0x2f, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, + 0x61, 0x31, 0x2f, 0x73, 0x74, 0x61, 0x74, 0x75, 0x73, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x22, + 0x87, 0x05, 0x0a, 0x0c, 0x53, 0x65, 0x72, 0x76, 0x69, 0x63, 0x65, 0x45, 0x6e, 0x74, 0x72, 0x79, + 0x12, 0x1a, 0x0a, 0x05, 0x68, 0x6f, 0x73, 0x74, 0x73, 0x18, 0x01, 0x20, 0x03, 0x28, 0x09, 0x42, + 0x04, 0xe2, 0x41, 0x01, 0x02, 0x52, 0x05, 0x68, 0x6f, 0x73, 0x74, 0x73, 0x12, 0x1c, 0x0a, 0x09, + 0x61, 0x64, 0x64, 0x72, 0x65, 0x73, 0x73, 0x65, 0x73, 0x18, 0x02, 0x20, 0x03, 0x28, 0x09, 0x52, + 0x09, 0x61, 0x64, 0x64, 0x72, 0x65, 0x73, 0x73, 0x65, 0x73, 0x12, 0x3c, 0x0a, 0x05, 0x70, 0x6f, + 0x72, 0x74, 0x73, 0x18, 0x03, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x26, 0x2e, 0x69, 0x73, 0x74, 0x69, + 0x6f, 0x2e, 0x6e, 0x65, 0x74, 0x77, 0x6f, 0x72, 0x6b, 0x69, 0x6e, 0x67, 0x2e, 0x76, 0x31, 0x61, + 0x6c, 0x70, 0x68, 0x61, 0x33, 0x2e, 0x53, 0x65, 0x72, 0x76, 0x69, 0x63, 0x65, 0x50, 0x6f, 0x72, + 0x74, 0x52, 0x05, 0x70, 0x6f, 0x72, 0x74, 0x73, 0x12, 0x4c, 0x0a, 0x08, 0x6c, 0x6f, 0x63, 0x61, + 0x74, 0x69, 0x6f, 0x6e, 0x18, 0x04, 0x20, 0x01, 0x28, 0x0e, 0x32, 0x30, 0x2e, 0x69, 0x73, 0x74, 0x69, 0x6f, 0x2e, 0x6e, 0x65, 0x74, 0x77, 0x6f, 0x72, 0x6b, 0x69, 0x6e, 0x67, 0x2e, 0x76, 0x31, - 0x62, 0x65, 0x74, 0x61, 0x31, 0x2e, 0x50, 0x6f, 0x72, 0x74, 0x42, 0x04, 0xe2, 0x41, 0x01, 0x02, - 0x52, 0x05, 0x70, 0x6f, 0x72, 0x74, 0x73, 0x12, 0x4b, 0x0a, 0x08, 0x6c, 0x6f, 0x63, 0x61, 0x74, - 0x69, 0x6f, 0x6e, 0x18, 0x04, 0x20, 0x01, 0x28, 0x0e, 0x32, 0x2f, 0x2e, 0x69, 0x73, 0x74, 0x69, - 0x6f, 0x2e, 0x6e, 0x65, 0x74, 0x77, 0x6f, 0x72, 0x6b, 0x69, 0x6e, 0x67, 0x2e, 0x76, 0x31, 0x62, - 0x65, 0x74, 0x61, 0x31, 0x2e, 0x53, 0x65, 0x72, 0x76, 0x69, 0x63, 0x65, 0x45, 0x6e, 0x74, 0x72, - 0x79, 0x2e, 0x4c, 0x6f, 0x63, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x52, 0x08, 0x6c, 0x6f, 0x63, 0x61, - 0x74, 0x69, 0x6f, 0x6e, 0x12, 0x57, 0x0a, 0x0a, 0x72, 0x65, 0x73, 0x6f, 0x6c, 0x75, 0x74, 0x69, - 0x6f, 0x6e, 0x18, 0x05, 0x20, 0x01, 0x28, 0x0e, 0x32, 0x31, 0x2e, 0x69, 0x73, 0x74, 0x69, 0x6f, - 0x2e, 0x6e, 0x65, 0x74, 0x77, 0x6f, 0x72, 0x6b, 0x69, 0x6e, 0x67, 0x2e, 0x76, 0x31, 0x62, 0x65, - 0x74, 0x61, 0x31, 0x2e, 0x53, 0x65, 0x72, 0x76, 0x69, 0x63, 0x65, 0x45, 0x6e, 0x74, 0x72, 0x79, - 0x2e, 0x52, 0x65, 0x73, 0x6f, 0x6c, 0x75, 0x74, 0x69, 0x6f, 0x6e, 0x42, 0x04, 0xe2, 0x41, 0x01, - 0x02, 0x52, 0x0a, 0x72, 0x65, 0x73, 0x6f, 0x6c, 0x75, 0x74, 0x69, 0x6f, 0x6e, 0x12, 0x45, 0x0a, - 0x09, 0x65, 0x6e, 0x64, 0x70, 0x6f, 0x69, 0x6e, 0x74, 0x73, 0x18, 0x06, 0x20, 0x03, 0x28, 0x0b, - 0x32, 0x27, 0x2e, 0x69, 0x73, 0x74, 0x69, 0x6f, 0x2e, 0x6e, 0x65, 0x74, 0x77, 0x6f, 0x72, 0x6b, - 0x69, 0x6e, 0x67, 0x2e, 0x76, 0x31, 0x62, 0x65, 0x74, 0x61, 0x31, 0x2e, 0x57, 0x6f, 0x72, 0x6b, - 0x6c, 0x6f, 0x61, 0x64, 0x45, 0x6e, 0x74, 0x72, 0x79, 0x52, 0x09, 0x65, 0x6e, 0x64, 0x70, 0x6f, - 0x69, 0x6e, 0x74, 0x73, 0x12, 0x57, 0x0a, 0x11, 0x77, 0x6f, 0x72, 0x6b, 0x6c, 0x6f, 0x61, 0x64, - 0x5f, 0x73, 0x65, 0x6c, 0x65, 0x63, 0x74, 0x6f, 0x72, 0x18, 0x09, 0x20, 0x01, 0x28, 0x0b, 0x32, - 0x2a, 0x2e, 0x69, 0x73, 0x74, 0x69, 0x6f, 0x2e, 0x6e, 0x65, 0x74, 0x77, 0x6f, 0x72, 0x6b, 0x69, - 0x6e, 0x67, 0x2e, 0x76, 0x31, 0x62, 0x65, 0x74, 0x61, 0x31, 0x2e, 0x57, 0x6f, 0x72, 0x6b, 0x6c, - 0x6f, 0x61, 0x64, 0x53, 0x65, 0x6c, 0x65, 0x63, 0x74, 0x6f, 0x72, 0x52, 0x10, 0x77, 0x6f, 0x72, - 0x6b, 0x6c, 0x6f, 0x61, 0x64, 0x53, 0x65, 0x6c, 0x65, 0x63, 0x74, 0x6f, 0x72, 0x12, 0x1b, 0x0a, - 0x09, 0x65, 0x78, 0x70, 0x6f, 0x72, 0x74, 0x5f, 0x74, 0x6f, 0x18, 0x07, 0x20, 0x03, 0x28, 0x09, - 0x52, 0x08, 0x65, 0x78, 0x70, 0x6f, 0x72, 0x74, 0x54, 0x6f, 0x12, 0x2a, 0x0a, 0x11, 0x73, 0x75, - 0x62, 0x6a, 0x65, 0x63, 0x74, 0x5f, 0x61, 0x6c, 0x74, 0x5f, 0x6e, 0x61, 0x6d, 0x65, 0x73, 0x18, - 0x08, 0x20, 0x03, 0x28, 0x09, 0x52, 0x0f, 0x73, 0x75, 0x62, 0x6a, 0x65, 0x63, 0x74, 0x41, 0x6c, - 0x74, 0x4e, 0x61, 0x6d, 0x65, 0x73, 0x22, 0x30, 0x0a, 0x08, 0x4c, 0x6f, 0x63, 0x61, 0x74, 0x69, - 0x6f, 0x6e, 0x12, 0x11, 0x0a, 0x0d, 0x4d, 0x45, 0x53, 0x48, 0x5f, 0x45, 0x58, 0x54, 0x45, 0x52, - 0x4e, 0x41, 0x4c, 0x10, 0x00, 0x12, 0x11, 0x0a, 0x0d, 0x4d, 0x45, 0x53, 0x48, 0x5f, 0x49, 0x4e, - 0x54, 0x45, 0x52, 0x4e, 0x41, 0x4c, 0x10, 0x01, 0x22, 0x40, 0x0a, 0x0a, 0x52, 0x65, 0x73, 0x6f, - 0x6c, 0x75, 0x74, 0x69, 0x6f, 0x6e, 0x12, 0x08, 0x0a, 0x04, 0x4e, 0x4f, 0x4e, 0x45, 0x10, 0x00, - 0x12, 0x0a, 0x0a, 0x06, 0x53, 0x54, 0x41, 0x54, 0x49, 0x43, 0x10, 0x01, 0x12, 0x07, 0x0a, 0x03, - 0x44, 0x4e, 0x53, 0x10, 0x02, 0x12, 0x13, 0x0a, 0x0f, 0x44, 0x4e, 0x53, 0x5f, 0x52, 0x4f, 0x55, - 0x4e, 0x44, 0x5f, 0x52, 0x4f, 0x42, 0x49, 0x4e, 0x10, 0x03, 0x42, 0x21, 0x5a, 0x1f, 0x69, 0x73, - 0x74, 0x69, 0x6f, 0x2e, 0x69, 0x6f, 0x2f, 0x61, 0x70, 0x69, 0x2f, 0x6e, 0x65, 0x74, 0x77, 0x6f, - 0x72, 0x6b, 0x69, 0x6e, 0x67, 0x2f, 0x76, 0x31, 0x62, 0x65, 0x74, 0x61, 0x31, 0x62, 0x06, 0x70, + 0x61, 0x6c, 0x70, 0x68, 0x61, 0x33, 0x2e, 0x53, 0x65, 0x72, 0x76, 0x69, 0x63, 0x65, 0x45, 0x6e, + 0x74, 0x72, 0x79, 0x2e, 0x4c, 0x6f, 0x63, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x52, 0x08, 0x6c, 0x6f, + 0x63, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x12, 0x52, 0x0a, 0x0a, 0x72, 0x65, 0x73, 0x6f, 0x6c, 0x75, + 0x74, 0x69, 0x6f, 0x6e, 0x18, 0x05, 0x20, 0x01, 0x28, 0x0e, 0x32, 0x32, 0x2e, 0x69, 0x73, 0x74, + 0x69, 0x6f, 0x2e, 0x6e, 0x65, 0x74, 0x77, 0x6f, 0x72, 0x6b, 0x69, 0x6e, 0x67, 0x2e, 0x76, 0x31, + 0x61, 0x6c, 0x70, 0x68, 0x61, 0x33, 0x2e, 0x53, 0x65, 0x72, 0x76, 0x69, 0x63, 0x65, 0x45, 0x6e, + 0x74, 0x72, 0x79, 0x2e, 0x52, 0x65, 0x73, 0x6f, 0x6c, 0x75, 0x74, 0x69, 0x6f, 0x6e, 0x52, 0x0a, + 0x72, 0x65, 0x73, 0x6f, 0x6c, 0x75, 0x74, 0x69, 0x6f, 0x6e, 0x12, 0x46, 0x0a, 0x09, 0x65, 0x6e, + 0x64, 0x70, 0x6f, 0x69, 0x6e, 0x74, 0x73, 0x18, 0x06, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x28, 0x2e, + 0x69, 0x73, 0x74, 0x69, 0x6f, 0x2e, 0x6e, 0x65, 0x74, 0x77, 0x6f, 0x72, 0x6b, 0x69, 0x6e, 0x67, + 0x2e, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x33, 0x2e, 0x57, 0x6f, 0x72, 0x6b, 0x6c, 0x6f, + 0x61, 0x64, 0x45, 0x6e, 0x74, 0x72, 0x79, 0x52, 0x09, 0x65, 0x6e, 0x64, 0x70, 0x6f, 0x69, 0x6e, + 0x74, 0x73, 0x12, 0x58, 0x0a, 0x11, 0x77, 0x6f, 0x72, 0x6b, 0x6c, 0x6f, 0x61, 0x64, 0x5f, 0x73, + 0x65, 0x6c, 0x65, 0x63, 0x74, 0x6f, 0x72, 0x18, 0x09, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x2b, 0x2e, + 0x69, 0x73, 0x74, 0x69, 0x6f, 0x2e, 0x6e, 0x65, 0x74, 0x77, 0x6f, 0x72, 0x6b, 0x69, 0x6e, 0x67, + 0x2e, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x33, 0x2e, 0x57, 0x6f, 0x72, 0x6b, 0x6c, 0x6f, + 0x61, 0x64, 0x53, 0x65, 0x6c, 0x65, 0x63, 0x74, 0x6f, 0x72, 0x52, 0x10, 0x77, 0x6f, 0x72, 0x6b, + 0x6c, 0x6f, 0x61, 0x64, 0x53, 0x65, 0x6c, 0x65, 0x63, 0x74, 0x6f, 0x72, 0x12, 0x1b, 0x0a, 0x09, + 0x65, 0x78, 0x70, 0x6f, 0x72, 0x74, 0x5f, 0x74, 0x6f, 0x18, 0x07, 0x20, 0x03, 0x28, 0x09, 0x52, + 0x08, 0x65, 0x78, 0x70, 0x6f, 0x72, 0x74, 0x54, 0x6f, 0x12, 0x2a, 0x0a, 0x11, 0x73, 0x75, 0x62, + 0x6a, 0x65, 0x63, 0x74, 0x5f, 0x61, 0x6c, 0x74, 0x5f, 0x6e, 0x61, 0x6d, 0x65, 0x73, 0x18, 0x08, + 0x20, 0x03, 0x28, 0x09, 0x52, 0x0f, 0x73, 0x75, 0x62, 0x6a, 0x65, 0x63, 0x74, 0x41, 0x6c, 0x74, + 0x4e, 0x61, 0x6d, 0x65, 0x73, 0x22, 0x30, 0x0a, 0x08, 0x4c, 0x6f, 0x63, 0x61, 0x74, 0x69, 0x6f, + 0x6e, 0x12, 0x11, 0x0a, 0x0d, 0x4d, 0x45, 0x53, 0x48, 0x5f, 0x45, 0x58, 0x54, 0x45, 0x52, 0x4e, + 0x41, 0x4c, 0x10, 0x00, 0x12, 0x11, 0x0a, 0x0d, 0x4d, 0x45, 0x53, 0x48, 0x5f, 0x49, 0x4e, 0x54, + 0x45, 0x52, 0x4e, 0x41, 0x4c, 0x10, 0x01, 0x22, 0x40, 0x0a, 0x0a, 0x52, 0x65, 0x73, 0x6f, 0x6c, + 0x75, 0x74, 0x69, 0x6f, 0x6e, 0x12, 0x08, 0x0a, 0x04, 0x4e, 0x4f, 0x4e, 0x45, 0x10, 0x00, 0x12, + 0x0a, 0x0a, 0x06, 0x53, 0x54, 0x41, 0x54, 0x49, 0x43, 0x10, 0x01, 0x12, 0x07, 0x0a, 0x03, 0x44, + 0x4e, 0x53, 0x10, 0x02, 0x12, 0x13, 0x0a, 0x0f, 0x44, 0x4e, 0x53, 0x5f, 0x52, 0x4f, 0x55, 0x4e, + 0x44, 0x5f, 0x52, 0x4f, 0x42, 0x49, 0x4e, 0x10, 0x03, 0x22, 0x82, 0x01, 0x0a, 0x0b, 0x53, 0x65, + 0x72, 0x76, 0x69, 0x63, 0x65, 0x50, 0x6f, 0x72, 0x74, 0x12, 0x1c, 0x0a, 0x06, 0x6e, 0x75, 0x6d, + 0x62, 0x65, 0x72, 0x18, 0x01, 0x20, 0x01, 0x28, 0x0d, 0x42, 0x04, 0xe2, 0x41, 0x01, 0x02, 0x52, + 0x06, 0x6e, 0x75, 0x6d, 0x62, 0x65, 0x72, 0x12, 0x1a, 0x0a, 0x08, 0x70, 0x72, 0x6f, 0x74, 0x6f, + 0x63, 0x6f, 0x6c, 0x18, 0x02, 0x20, 0x01, 0x28, 0x09, 0x52, 0x08, 0x70, 0x72, 0x6f, 0x74, 0x6f, + 0x63, 0x6f, 0x6c, 0x12, 0x18, 0x0a, 0x04, 0x6e, 0x61, 0x6d, 0x65, 0x18, 0x03, 0x20, 0x01, 0x28, + 0x09, 0x42, 0x04, 0xe2, 0x41, 0x01, 0x02, 0x52, 0x04, 0x6e, 0x61, 0x6d, 0x65, 0x12, 0x1f, 0x0a, + 0x0b, 0x74, 0x61, 0x72, 0x67, 0x65, 0x74, 0x5f, 0x70, 0x6f, 0x72, 0x74, 0x18, 0x04, 0x20, 0x01, + 0x28, 0x0d, 0x52, 0x0a, 0x74, 0x61, 0x72, 0x67, 0x65, 0x74, 0x50, 0x6f, 0x72, 0x74, 0x22, 0xb7, + 0x02, 0x0a, 0x12, 0x53, 0x65, 0x72, 0x76, 0x69, 0x63, 0x65, 0x45, 0x6e, 0x74, 0x72, 0x79, 0x53, + 0x74, 0x61, 0x74, 0x75, 0x73, 0x12, 0x43, 0x0a, 0x0a, 0x63, 0x6f, 0x6e, 0x64, 0x69, 0x74, 0x69, + 0x6f, 0x6e, 0x73, 0x18, 0x01, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x23, 0x2e, 0x69, 0x73, 0x74, 0x69, + 0x6f, 0x2e, 0x6d, 0x65, 0x74, 0x61, 0x2e, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x31, 0x2e, + 0x49, 0x73, 0x74, 0x69, 0x6f, 0x43, 0x6f, 0x6e, 0x64, 0x69, 0x74, 0x69, 0x6f, 0x6e, 0x52, 0x0a, + 0x63, 0x6f, 0x6e, 0x64, 0x69, 0x74, 0x69, 0x6f, 0x6e, 0x73, 0x12, 0x5d, 0x0a, 0x13, 0x76, 0x61, + 0x6c, 0x69, 0x64, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x5f, 0x6d, 0x65, 0x73, 0x73, 0x61, 0x67, 0x65, + 0x73, 0x18, 0x02, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x2c, 0x2e, 0x69, 0x73, 0x74, 0x69, 0x6f, 0x2e, + 0x61, 0x6e, 0x61, 0x6c, 0x79, 0x73, 0x69, 0x73, 0x2e, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, + 0x31, 0x2e, 0x41, 0x6e, 0x61, 0x6c, 0x79, 0x73, 0x69, 0x73, 0x4d, 0x65, 0x73, 0x73, 0x61, 0x67, + 0x65, 0x42, 0x61, 0x73, 0x65, 0x52, 0x12, 0x76, 0x61, 0x6c, 0x69, 0x64, 0x61, 0x74, 0x69, 0x6f, + 0x6e, 0x4d, 0x65, 0x73, 0x73, 0x61, 0x67, 0x65, 0x73, 0x12, 0x2f, 0x0a, 0x13, 0x6f, 0x62, 0x73, + 0x65, 0x72, 0x76, 0x65, 0x64, 0x5f, 0x67, 0x65, 0x6e, 0x65, 0x72, 0x61, 0x74, 0x69, 0x6f, 0x6e, + 0x18, 0x03, 0x20, 0x01, 0x28, 0x03, 0x52, 0x12, 0x6f, 0x62, 0x73, 0x65, 0x72, 0x76, 0x65, 0x64, + 0x47, 0x65, 0x6e, 0x65, 0x72, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x12, 0x4c, 0x0a, 0x09, 0x61, 0x64, + 0x64, 0x72, 0x65, 0x73, 0x73, 0x65, 0x73, 0x18, 0x0a, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x2e, 0x2e, + 0x69, 0x73, 0x74, 0x69, 0x6f, 0x2e, 0x6e, 0x65, 0x74, 0x77, 0x6f, 0x72, 0x6b, 0x69, 0x6e, 0x67, + 0x2e, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x33, 0x2e, 0x53, 0x65, 0x72, 0x76, 0x69, 0x63, + 0x65, 0x45, 0x6e, 0x74, 0x72, 0x79, 0x41, 0x64, 0x64, 0x72, 0x65, 0x73, 0x73, 0x52, 0x09, 0x61, + 0x64, 0x64, 0x72, 0x65, 0x73, 0x73, 0x65, 0x73, 0x22, 0x3f, 0x0a, 0x13, 0x53, 0x65, 0x72, 0x76, + 0x69, 0x63, 0x65, 0x45, 0x6e, 0x74, 0x72, 0x79, 0x41, 0x64, 0x64, 0x72, 0x65, 0x73, 0x73, 0x12, + 0x14, 0x0a, 0x05, 0x76, 0x61, 0x6c, 0x75, 0x65, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x05, + 0x76, 0x61, 0x6c, 0x75, 0x65, 0x12, 0x12, 0x0a, 0x04, 0x68, 0x6f, 0x73, 0x74, 0x18, 0x02, 0x20, + 0x01, 0x28, 0x09, 0x52, 0x04, 0x68, 0x6f, 0x73, 0x74, 0x42, 0x22, 0x5a, 0x20, 0x69, 0x73, 0x74, + 0x69, 0x6f, 0x2e, 0x69, 0x6f, 0x2f, 0x61, 0x70, 0x69, 0x2f, 0x6e, 0x65, 0x74, 0x77, 0x6f, 0x72, + 0x6b, 0x69, 0x6e, 0x67, 0x2f, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x33, 0x62, 0x06, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x33, } var ( - file_networking_v1beta1_service_entry_proto_rawDescOnce sync.Once - file_networking_v1beta1_service_entry_proto_rawDescData = file_networking_v1beta1_service_entry_proto_rawDesc + file_networking_v1alpha3_service_entry_proto_rawDescOnce sync.Once + file_networking_v1alpha3_service_entry_proto_rawDescData = file_networking_v1alpha3_service_entry_proto_rawDesc ) -func file_networking_v1beta1_service_entry_proto_rawDescGZIP() []byte { - file_networking_v1beta1_service_entry_proto_rawDescOnce.Do(func() { - file_networking_v1beta1_service_entry_proto_rawDescData = protoimpl.X.CompressGZIP(file_networking_v1beta1_service_entry_proto_rawDescData) +func file_networking_v1alpha3_service_entry_proto_rawDescGZIP() []byte { + file_networking_v1alpha3_service_entry_proto_rawDescOnce.Do(func() { + file_networking_v1alpha3_service_entry_proto_rawDescData = protoimpl.X.CompressGZIP(file_networking_v1alpha3_service_entry_proto_rawDescData) }) - return file_networking_v1beta1_service_entry_proto_rawDescData + return file_networking_v1alpha3_service_entry_proto_rawDescData } -var file_networking_v1beta1_service_entry_proto_enumTypes = make([]protoimpl.EnumInfo, 2) -var file_networking_v1beta1_service_entry_proto_msgTypes = make([]protoimpl.MessageInfo, 1) -var file_networking_v1beta1_service_entry_proto_goTypes = []interface{}{ - (ServiceEntry_Location)(0), // 0: istio.networking.v1beta1.ServiceEntry.Location - (ServiceEntry_Resolution)(0), // 1: istio.networking.v1beta1.ServiceEntry.Resolution - (*ServiceEntry)(nil), // 2: istio.networking.v1beta1.ServiceEntry - (*Port)(nil), // 3: istio.networking.v1beta1.Port - (*WorkloadEntry)(nil), // 4: istio.networking.v1beta1.WorkloadEntry - (*WorkloadSelector)(nil), // 5: istio.networking.v1beta1.WorkloadSelector +var file_networking_v1alpha3_service_entry_proto_enumTypes = make([]protoimpl.EnumInfo, 2) +var file_networking_v1alpha3_service_entry_proto_msgTypes = make([]protoimpl.MessageInfo, 4) +var file_networking_v1alpha3_service_entry_proto_goTypes = []any{ + (ServiceEntry_Location)(0), // 0: istio.networking.v1alpha3.ServiceEntry.Location + (ServiceEntry_Resolution)(0), // 1: istio.networking.v1alpha3.ServiceEntry.Resolution + (*ServiceEntry)(nil), // 2: istio.networking.v1alpha3.ServiceEntry + (*ServicePort)(nil), // 3: istio.networking.v1alpha3.ServicePort + (*ServiceEntryStatus)(nil), // 4: istio.networking.v1alpha3.ServiceEntryStatus + (*ServiceEntryAddress)(nil), // 5: istio.networking.v1alpha3.ServiceEntryAddress + (*WorkloadEntry)(nil), // 6: istio.networking.v1alpha3.WorkloadEntry + (*WorkloadSelector)(nil), // 7: istio.networking.v1alpha3.WorkloadSelector + (*v1alpha1.IstioCondition)(nil), // 8: istio.meta.v1alpha1.IstioCondition + (*v1alpha11.AnalysisMessageBase)(nil), // 9: istio.analysis.v1alpha1.AnalysisMessageBase } -var file_networking_v1beta1_service_entry_proto_depIdxs = []int32{ - 3, // 0: istio.networking.v1beta1.ServiceEntry.ports:type_name -> istio.networking.v1beta1.Port - 0, // 1: istio.networking.v1beta1.ServiceEntry.location:type_name -> istio.networking.v1beta1.ServiceEntry.Location - 1, // 2: istio.networking.v1beta1.ServiceEntry.resolution:type_name -> istio.networking.v1beta1.ServiceEntry.Resolution - 4, // 3: istio.networking.v1beta1.ServiceEntry.endpoints:type_name -> istio.networking.v1beta1.WorkloadEntry - 5, // 4: istio.networking.v1beta1.ServiceEntry.workload_selector:type_name -> istio.networking.v1beta1.WorkloadSelector - 5, // [5:5] is the sub-list for method output_type - 5, // [5:5] is the sub-list for method input_type - 5, // [5:5] is the sub-list for extension type_name - 5, // [5:5] is the sub-list for extension extendee - 0, // [0:5] is the sub-list for field type_name +var file_networking_v1alpha3_service_entry_proto_depIdxs = []int32{ + 3, // 0: istio.networking.v1alpha3.ServiceEntry.ports:type_name -> istio.networking.v1alpha3.ServicePort + 0, // 1: istio.networking.v1alpha3.ServiceEntry.location:type_name -> istio.networking.v1alpha3.ServiceEntry.Location + 1, // 2: istio.networking.v1alpha3.ServiceEntry.resolution:type_name -> istio.networking.v1alpha3.ServiceEntry.Resolution + 6, // 3: istio.networking.v1alpha3.ServiceEntry.endpoints:type_name -> istio.networking.v1alpha3.WorkloadEntry + 7, // 4: istio.networking.v1alpha3.ServiceEntry.workload_selector:type_name -> istio.networking.v1alpha3.WorkloadSelector + 8, // 5: istio.networking.v1alpha3.ServiceEntryStatus.conditions:type_name -> istio.meta.v1alpha1.IstioCondition + 9, // 6: istio.networking.v1alpha3.ServiceEntryStatus.validation_messages:type_name -> istio.analysis.v1alpha1.AnalysisMessageBase + 5, // 7: istio.networking.v1alpha3.ServiceEntryStatus.addresses:type_name -> istio.networking.v1alpha3.ServiceEntryAddress + 8, // [8:8] is the sub-list for method output_type + 8, // [8:8] is the sub-list for method input_type + 8, // [8:8] is the sub-list for extension type_name + 8, // [8:8] is the sub-list for extension extendee + 0, // [0:8] is the sub-list for field type_name } -func init() { file_networking_v1beta1_service_entry_proto_init() } -func file_networking_v1beta1_service_entry_proto_init() { - if File_networking_v1beta1_service_entry_proto != nil { +func init() { file_networking_v1alpha3_service_entry_proto_init() } +func file_networking_v1alpha3_service_entry_proto_init() { + if File_networking_v1alpha3_service_entry_proto != nil { return } - file_networking_v1beta1_gateway_proto_init() - file_networking_v1beta1_sidecar_proto_init() - file_networking_v1beta1_workload_entry_proto_init() - if !protoimpl.UnsafeEnabled { - file_networking_v1beta1_service_entry_proto_msgTypes[0].Exporter = func(v interface{}, i int) interface{} { - switch v := v.(*ServiceEntry); i { - case 0: - return &v.state - case 1: - return &v.sizeCache - case 2: - return &v.unknownFields - default: - return nil - } - } - } + file_networking_v1alpha3_sidecar_proto_init() + file_networking_v1alpha3_workload_entry_proto_init() type x struct{} out := protoimpl.TypeBuilder{ File: protoimpl.DescBuilder{ GoPackagePath: reflect.TypeOf(x{}).PkgPath(), - RawDescriptor: file_networking_v1beta1_service_entry_proto_rawDesc, + RawDescriptor: file_networking_v1alpha3_service_entry_proto_rawDesc, NumEnums: 2, - NumMessages: 1, + NumMessages: 4, NumExtensions: 0, NumServices: 0, }, - GoTypes: file_networking_v1beta1_service_entry_proto_goTypes, - DependencyIndexes: file_networking_v1beta1_service_entry_proto_depIdxs, - EnumInfos: file_networking_v1beta1_service_entry_proto_enumTypes, - MessageInfos: file_networking_v1beta1_service_entry_proto_msgTypes, + GoTypes: file_networking_v1alpha3_service_entry_proto_goTypes, + DependencyIndexes: file_networking_v1alpha3_service_entry_proto_depIdxs, + EnumInfos: file_networking_v1alpha3_service_entry_proto_enumTypes, + MessageInfos: file_networking_v1alpha3_service_entry_proto_msgTypes, }.Build() - File_networking_v1beta1_service_entry_proto = out.File - file_networking_v1beta1_service_entry_proto_rawDesc = nil - file_networking_v1beta1_service_entry_proto_goTypes = nil - file_networking_v1beta1_service_entry_proto_depIdxs = nil + File_networking_v1alpha3_service_entry_proto = out.File + file_networking_v1alpha3_service_entry_proto_rawDesc = nil + file_networking_v1alpha3_service_entry_proto_goTypes = nil + file_networking_v1alpha3_service_entry_proto_depIdxs = nil } diff --git a/vendor/istio.io/api/networking/v1alpha3/service_entry.pb.html b/vendor/istio.io/api/networking/v1alpha3/service_entry.pb.html new file mode 100644 index 000000000..e428190c7 --- /dev/null +++ b/vendor/istio.io/api/networking/v1alpha3/service_entry.pb.html @@ -0,0 +1,754 @@ +--- +title: Service Entry +description: Configuration affecting service registry. +location: https://istio.io/docs/reference/config/networking/service-entry.html +layout: protoc-gen-docs +generator: protoc-gen-docs +schema: istio.networking.v1alpha3.ServiceEntry +aliases: [/docs/reference/config/networking/v1alpha3/service-entry] +number_of_entries: 6 +--- +

ServiceEntry enables adding additional entries into Istio’s +internal service registry, so that auto-discovered services in the +mesh can access/route to these manually specified services. A +service entry describes the properties of a service (DNS name, +VIPs, ports, protocols, endpoints). These services could be +external to the mesh (e.g., web APIs) or mesh-internal services +that are not part of the platform’s service registry (e.g., a set +of VMs talking to services in Kubernetes). In addition, the +endpoints of a service entry can also be dynamically selected by +using the workloadSelector field. These endpoints can be VM +workloads declared using the WorkloadEntry object or Kubernetes +pods. The ability to select both pods and VMs under a single +service allows for migration of services from VMs to Kubernetes +without having to change the existing DNS names associated with the +services.

+

The following example declares a few external APIs accessed by internal +applications over HTTPS. The sidecar inspects the SNI value in the +ClientHello message to route to the appropriate external service.

+
apiVersion: networking.istio.io/v1
+kind: ServiceEntry
+metadata:
+  name: external-svc-https
+spec:
+  hosts:
+  - api.dropboxapi.com
+  - www.googleapis.com
+  - api.facebook.com
+  location: MESH_EXTERNAL
+  ports:
+  - number: 443
+    name: https
+    protocol: TLS
+  resolution: DNS
+
+

The following configuration adds a set of MongoDB instances running on +unmanaged VMs to Istio’s registry, so that these services can be treated +as any other service in the mesh. The associated DestinationRule is used +to initiate mTLS connections to the database instances.

+
apiVersion: networking.istio.io/v1
+kind: ServiceEntry
+metadata:
+  name: external-svc-mongocluster
+spec:
+  hosts:
+  - mymongodb.somedomain # not used
+  addresses:
+  - 192.192.192.192/24 # VIPs
+  ports:
+  - number: 27018
+    name: mongodb
+    protocol: MONGO
+  location: MESH_INTERNAL
+  resolution: STATIC
+  endpoints:
+  - address: 2.2.2.2
+  - address: 3.3.3.3
+
+

and the associated DestinationRule

+
apiVersion: networking.istio.io/v1
+kind: DestinationRule
+metadata:
+  name: mtls-mongocluster
+spec:
+  host: mymongodb.somedomain
+  trafficPolicy:
+    tls:
+      mode: MUTUAL
+      clientCertificate: /etc/certs/myclientcert.pem
+      privateKey: /etc/certs/client_private_key.pem
+      caCertificates: /etc/certs/rootcacerts.pem
+
+

The following example uses a combination of service entry and TLS +routing in a virtual service to steer traffic based on the SNI value to +an internal egress firewall.

+
apiVersion: networking.istio.io/v1
+kind: ServiceEntry
+metadata:
+  name: external-svc-redirect
+spec:
+  hosts:
+  - wikipedia.org
+  - "*.wikipedia.org"
+  location: MESH_EXTERNAL
+  ports:
+  - number: 443
+    name: https
+    protocol: TLS
+  resolution: NONE
+
+

And the associated VirtualService to route based on the SNI value.

+
apiVersion: networking.istio.io/v1
+kind: VirtualService
+metadata:
+  name: tls-routing
+spec:
+  hosts:
+  - wikipedia.org
+  - "*.wikipedia.org"
+  tls:
+  - match:
+    - sniHosts:
+      - wikipedia.org
+      - "*.wikipedia.org"
+    route:
+    - destination:
+        host: internal-egress-firewall.ns1.svc.cluster.local
+
+

The virtual service with TLS match serves to override the default SNI +match. In the absence of a virtual service, traffic will be forwarded to +the wikipedia domains.

+

The following example demonstrates the use of a dedicated egress gateway +through which all external service traffic is forwarded. +The ’exportTo’ field allows for control over the visibility of a service +declaration to other namespaces in the mesh. By default, a service is exported +to all namespaces. The following example restricts the visibility to the +current namespace, represented by “.”, so that it cannot be used by other +namespaces.

+
apiVersion: networking.istio.io/v1
+kind: ServiceEntry
+metadata:
+  name: external-svc-httpbin
+  namespace : egress
+spec:
+  hosts:
+  - example.com
+  exportTo:
+  - "."
+  location: MESH_EXTERNAL
+  ports:
+  - number: 80
+    name: http
+    protocol: HTTP
+  resolution: DNS
+
+

Define a gateway to handle all egress traffic.

+
apiVersion: networking.istio.io/v1
+kind: Gateway
+metadata:
+ name: istio-egressgateway
+ namespace: istio-system
+spec:
+ selector:
+   istio: egressgateway
+ servers:
+ - port:
+     number: 80
+     name: http
+     protocol: HTTP
+   hosts:
+   - "*"
+
+

And the associated VirtualService to route from the sidecar to the +gateway service (istio-egressgateway.istio-system.svc.cluster.local), as +well as route from the gateway to the external service. Note that the +virtual service is exported to all namespaces enabling them to route traffic +through the gateway to the external service. Forcing traffic to go through +a managed middle proxy like this is a common practice.

+
apiVersion: networking.istio.io/v1
+kind: VirtualService
+metadata:
+  name: gateway-routing
+  namespace: egress
+spec:
+  hosts:
+  - example.com
+  exportTo:
+  - "*"
+  gateways:
+  - mesh
+  - istio-egressgateway
+  http:
+  - match:
+    - port: 80
+      gateways:
+      - mesh
+    route:
+    - destination:
+        host: istio-egressgateway.istio-system.svc.cluster.local
+  - match:
+    - port: 80
+      gateways:
+      - istio-egressgateway
+    route:
+    - destination:
+        host: example.com
+
+

The following example demonstrates the use of wildcards in the hosts for +external services. If the connection has to be routed to the IP address +requested by the application (i.e. application resolves DNS and attempts +to connect to a specific IP), the resolution mode must be set to NONE.

+
apiVersion: networking.istio.io/v1
+kind: ServiceEntry
+metadata:
+  name: external-svc-wildcard-example
+spec:
+  hosts:
+  - "*.bar.com"
+  location: MESH_EXTERNAL
+  ports:
+  - number: 80
+    name: http
+    protocol: HTTP
+  resolution: NONE
+
+

The following example demonstrates a service that is available via a +Unix Domain Socket on the host of the client. The resolution must be +set to STATIC to use Unix address endpoints.

+
apiVersion: networking.istio.io/v1
+kind: ServiceEntry
+metadata:
+  name: unix-domain-socket-example
+spec:
+  hosts:
+  - "example.unix.local"
+  location: MESH_EXTERNAL
+  ports:
+  - number: 80
+    name: http
+    protocol: HTTP
+  resolution: STATIC
+  endpoints:
+  - address: unix:///var/run/example/socket
+
+

For HTTP-based services, it is possible to create a VirtualService +backed by multiple DNS addressable endpoints. In such a scenario, the +application can use the HTTP_PROXY environment variable to transparently +reroute API calls for the VirtualService to a chosen backend. For +example, the following configuration creates a non-existent external +service called foo.bar.com backed by three domains: us.foo.bar.com:8080, +uk.foo.bar.com:9080, and in.foo.bar.com:7080

+
apiVersion: networking.istio.io/v1
+kind: ServiceEntry
+metadata:
+  name: external-svc-dns
+spec:
+  hosts:
+  - foo.bar.com
+  location: MESH_EXTERNAL
+  ports:
+  - number: 80
+    name: http
+    protocol: HTTP
+  resolution: DNS
+  endpoints:
+  - address: us.foo.bar.com
+    ports:
+      http: 8080
+  - address: uk.foo.bar.com
+    ports:
+      http: 9080
+  - address: in.foo.bar.com
+    ports:
+      http: 7080
+
+

With HTTP_PROXY=http://localhost/, calls from the application to +http://foo.bar.com will be load balanced across the three domains +specified above. In other words, a call to http://foo.bar.com/baz would +be translated to http://uk.foo.bar.com/baz.

+

The following example illustrates the usage of a ServiceEntry +containing a subject alternate name +whose format conforms to the SPIFFE standard:

+
apiVersion: networking.istio.io/v1
+kind: ServiceEntry
+metadata:
+  name: httpbin
+  namespace : httpbin-ns
+spec:
+  hosts:
+  - example.com
+  location: MESH_INTERNAL
+  ports:
+  - number: 80
+    name: http
+    protocol: HTTP
+  resolution: STATIC
+  endpoints:
+  - address: 2.2.2.2
+  - address: 3.3.3.3
+  subjectAltNames:
+  - "spiffe://cluster.local/ns/httpbin-ns/sa/httpbin-service-account"
+
+

The following example demonstrates the use of ServiceEntry with a +workloadSelector to handle the migration of a service +details.bookinfo.com from VMs to Kubernetes. The service has two +VM-based instances with sidecars as well as a set of Kubernetes +pods managed by a standard deployment object. Consumers of this +service in the mesh will be automatically load balanced across the +VMs and Kubernetes.

+
apiVersion: networking.istio.io/v1
+kind: WorkloadEntry
+metadata:
+  name: details-vm-1
+spec:
+  serviceAccount: details
+  address: 2.2.2.2
+  labels:
+    app: details
+    instance-id: vm1
+---
+apiVersion: networking.istio.io/v1
+kind: WorkloadEntry
+metadata:
+  name: details-vm-2
+spec:
+  serviceAccount: details
+  address: 3.3.3.3
+  labels:
+    app: details
+    instance-id: vm2
+
+

Assuming there is also a Kubernetes deployment with pod labels +app: details using the same service account details, the +following service entry declares a service spanning both VMs and +Kubernetes:

+
apiVersion: networking.istio.io/v1
+kind: ServiceEntry
+metadata:
+  name: details-svc
+spec:
+  hosts:
+  - details.bookinfo.com
+  location: MESH_INTERNAL
+  ports:
+  - number: 80
+    name: http
+    protocol: HTTP
+  resolution: STATIC
+  workloadSelector:
+    labels:
+      app: details
+
+ +

ServiceEntry

+
+

ServiceEntry enables adding additional entries into Istio’s internal +service registry.

+ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
FieldDescription
hosts
+
string[]
+
Required
+
 +

The hosts associated with the ServiceEntry. Could be a DNS +name with wildcard prefix.

+
    +
  1. The hosts field is used to select matching hosts in VirtualServices and DestinationRules.
    2. +
  2. For HTTP traffic the HTTP Host/Authority header will be matched against the hosts field.
    3. +
  3. For HTTPs or TLS traffic containing Server Name Indication (SNI), the SNI value +will be matched against the hosts field.
    4. +
+

NOTE 1: When resolution is set to type DNS and no endpoints +are specified, the host field will be used as the DNS name of the +endpoint to route traffic to.

+

NOTE 2: If the hostname matches with the name of a service +from another service registry such as Kubernetes that also +supplies its own set of endpoints, the ServiceEntry will be +treated as a decorator of the existing Kubernetes +service. Properties in the service entry will be added to the +Kubernetes service if applicable. Currently, only the following +additional properties will be considered by istiod:

+
    +
  1. subjectAltNames: In addition to verifying the SANs of the +service accounts associated with the pods of the service, the +SANs specified here will also be verified.
    2. +
+ +
addresses
+
string[]
+
 +

The virtual IP addresses associated with the service. Could be CIDR +prefix. For HTTP traffic, generated route configurations will include http route +domains for both the addresses and hosts field values and the destination will +be identified based on the HTTP Host/Authority header. +If one or more IP addresses are specified, +the incoming traffic will be identified as belonging to this service +if the destination IP matches the IP/CIDRs specified in the addresses +field. If the Addresses field is empty, traffic will be identified +solely based on the destination port. In such scenarios, the port on +which the service is being accessed must not be shared by any other +service in the mesh. In other words, the sidecar will behave as a +simple TCP proxy, forwarding incoming traffic on a specified port to +the specified destination endpoint IP/host. Unix domain socket +addresses are not supported in this field.

+ +
ports
+
ServicePort[]
+
 +

The ports associated with the external service. If the +Endpoints are Unix domain socket addresses, there must be exactly one +port.

+ +
location
+
Location
+
 +

Specify whether the service should be considered external to the mesh +or part of the mesh.

+ +
resolution
+
Resolution
+
 +

Service resolution mode for the hosts. Care must be taken +when setting the resolution mode to NONE for a TCP port without +accompanying IP addresses. In such cases, traffic to any IP on +said port will be allowed (i.e. 0.0.0.0:<port>).

+ +
endpoints
+
WorkloadEntry[]
+
 +

One or more endpoints associated with the service. Only one of +endpoints or workloadSelector can be specified.

+ +
workloadSelector
+
WorkloadSelector
+
 +

Applicable only for MESH_INTERNAL services. Only one of +endpoints or workloadSelector can be specified. Selects one +or more Kubernetes pods or VM workloads (specified using +WorkloadEntry) based on their labels. The WorkloadEntry object +representing the VMs should be defined in the same namespace as +the ServiceEntry.

+ +
exportTo
+
string[]
+
 +

A list of namespaces to which this service is exported. Exporting a service +allows it to be used by sidecars, gateways and virtual services defined in +other namespaces. This feature provides a mechanism for service owners +and mesh administrators to control the visibility of services across +namespace boundaries.

+

If no namespaces are specified then the service is exported to all +namespaces by default.

+

The value “.” is reserved and defines an export to the same namespace that +the service is declared in. Similarly the value “*” is reserved and +defines an export to all namespaces.

+

For a Kubernetes Service, the equivalent effect can be achieved by setting +the annotation “networking.istio.io/exportTo” to a comma-separated list +of namespace names.

+ +
subjectAltNames
+
string[]
+
 +

If specified, the proxy will verify that the server certificate’s +subject alternate name matches one of the specified values.

+

NOTE: When using the workloadEntry with workloadSelectors, the +service account specified in the workloadEntry will also be used +to derive the additional subject alternate names that should be +verified.

+ +
+
+

Location

+
+

Location specifies whether the service is part of Istio mesh or +outside the mesh. Location determines the behavior of several +features, such as service-to-service mTLS authentication, policy +enforcement, etc.

+ + + + + + + + + + + + + + + + + + +
NameDescription
MESH_EXTERNAL +

Signifies that the service is external to the mesh. Typically used +to indicate external services consumed through APIs.

+ +
MESH_INTERNAL +

Signifies that the service is part of the mesh. Typically used to +indicate services added explicitly as part of expanding the service +mesh to include unmanaged infrastructure (e.g., VMs added to a +Kubernetes based service mesh).

+ +
+
+

Resolution

+
+

Resolution determines how the proxy will resolve the IP addresses of +the network endpoints associated with the service, so that it can +route to one of them. The resolution mode specified here has no impact +on how the application resolves the IP address associated with the +service. The application may still have to use DNS to resolve the +service to an IP so that the outbound traffic can be captured by the +Proxy. Alternatively, for HTTP services, the application could +directly communicate with the proxy (e.g., by setting HTTP_PROXY) to +talk to these services.

+ + + + + + + + + + + + + + + + + + + + + + + + + + +
NameDescription
NONE +

Assume that incoming connections have already been resolved (to a +specific destination IP address). Such connections are typically +routed via the proxy using mechanisms such as IP table REDIRECT/ +eBPF. After performing any routing related transformations, the +proxy will forward the connection to the IP address to which the +connection was bound.

+ +
STATIC +

Use the static IP addresses specified in endpoints (see below) as the +backing instances associated with the service.

+ +
DNS +

Attempt to resolve the IP address by querying the ambient DNS, +asynchronously. If no endpoints are specified, the proxy +will resolve the DNS address specified in the hosts field, if +wildcards are not used. If endpoints are specified, the DNS +addresses specified in the endpoints will be resolved to determine +the destination IP address. DNS resolution cannot be used with Unix +domain socket endpoints.

+ +
DNS_ROUND_ROBIN +

Attempt to resolve the IP address by querying the ambient DNS, +asynchronously. Unlike DNS, DNS_ROUND_ROBIN only uses the +first IP address returned when a new connection needs to be initiated +without relying on complete results of DNS resolution, and connections +made to hosts will be retained even if DNS records change frequently +eliminating draining connection pools and connection cycling. +This is best suited for large web scale services that +must be accessed via DNS. The proxy will resolve the DNS address +specified in the hosts field, if wildcards are not used. DNS resolution +cannot be used with Unix domain socket endpoints.

+ +
+
+

ServicePort

+
+

ServicePort describes the properties of a specific port of a service.

+ + + + + + + + + + + + + + + + + + + + + + + + + + +
FieldDescription
number
+
uint32
+
Required
+
 +

A valid non-negative integer port number.

+ +
protocol
+
string
+
 +

The protocol exposed on the port. +MUST be one of HTTP|HTTPS|GRPC|HTTP2|MONGO|TCP|TLS. +TLS implies the connection will be routed based on the SNI header to +the destination without terminating the TLS connection.

+ +
name
+
string
+
Required
+
 +

Label assigned to the port.

+ +
targetPort
+
uint32
+
 +

The port number on the endpoint where the traffic will be +received. If unset, default to number.

+ +
+
+

ServiceEntryStatus

+
+ + + + + + + + + + + + + + + + + + + + + + + + + +
FieldDescription
conditions
+
IstioCondition[]
+
 +

Current service state of ServiceEntry. +More info: https://istio.io/docs/reference/config/config-status/

+ +
validationMessages
+
AnalysisMessageBase[]
+
 +

Includes any errors or warnings detected by Istio’s analyzers.

+ +
observedGeneration
+
int64
+
 +

Resource Generation to which the Reconciled Condition refers. +When this value is not equal to the object’s metadata generation, reconciled condition calculation for the current +generation is still in progress. See https://istio.io/latest/docs/reference/config/config-status/ for more info.

+ +
addresses
+
ServiceEntryAddress[]
+
 +

List of addresses which were assigned to this ServiceEntry.

+ +
+
+

ServiceEntryAddress

+
+

A minor abstraction to allow for adding hostnames if relevant.

+ + + + + + + + + + + + + + + + + + +
FieldDescription
value
+
string
+
 +

The address (e.g. 192.168.0.2)

+ +
host
+
string
+
 +

The host name associated with this address

+ +
+
diff --git a/vendor/istio.io/api/networking/v1beta1/service_entry.proto b/vendor/istio.io/api/networking/v1alpha3/service_entry.proto similarity index 65% rename from vendor/istio.io/api/networking/v1beta1/service_entry.proto rename to vendor/istio.io/api/networking/v1alpha3/service_entry.proto index 25d5540f7..972a805b6 100644 --- a/vendor/istio.io/api/networking/v1beta1/service_entry.proto +++ b/vendor/istio.io/api/networking/v1alpha3/service_entry.proto @@ -1,4 +1,4 @@ -// Copyright 2020 Istio Authors +// Copyright 2018 Istio Authors // // Licensed under the Apache License, Version 2.0 (the "License"); // you may not use this file except in compliance with the License. @@ -15,16 +15,16 @@ syntax = "proto3"; import "google/api/field_behavior.proto"; -import "networking/v1beta1/gateway.proto"; -import "networking/v1beta1/sidecar.proto"; -import "networking/v1beta1/workload_entry.proto"; +import "networking/v1alpha3/sidecar.proto"; +import "networking/v1alpha3/workload_entry.proto"; +import "analysis/v1alpha1/message.proto"; +import "meta/v1alpha1/status.proto"; -// $schema: istio.networking.v1beta1.ServiceEntry +// $schema: istio.networking.v1alpha3.ServiceEntry // $title: Service Entry // $description: Configuration affecting service registry. // $location: https://istio.io/docs/reference/config/networking/service-entry.html -// $aliases: [/docs/reference/config/networking/v1beta1/service-entry] -// $mode: none +// $aliases: [/docs/reference/config/networking/v1alpha3/service-entry] // `ServiceEntry` enables adding additional entries into Istio's // internal service registry, so that auto-discovered services in the @@ -46,10 +46,8 @@ import "networking/v1beta1/workload_entry.proto"; // applications over HTTPS. The sidecar inspects the SNI value in the // ClientHello message to route to the appropriate external service. // -// {{}} -// {{}} // ```yaml -// apiVersion: networking.istio.io/v1alpha3 +// apiVersion: networking.istio.io/v1 // kind: ServiceEntry // metadata: // name: external-svc-https @@ -65,61 +63,14 @@ import "networking/v1beta1/workload_entry.proto"; // protocol: TLS // resolution: DNS // ``` -// {{}} -// -// {{}} -// ```yaml -// apiVersion: networking.istio.io/v1beta1 -// kind: ServiceEntry -// metadata: -// name: external-svc-https -// spec: -// hosts: -// - api.dropboxapi.com -// - www.googleapis.com -// - api.facebook.com -// location: MESH_EXTERNAL -// ports: -// - number: 443 -// name: https -// protocol: TLS -// resolution: DNS -// ``` -// {{}} -// {{}} // // The following configuration adds a set of MongoDB instances running on // unmanaged VMs to Istio's registry, so that these services can be treated // as any other service in the mesh. The associated DestinationRule is used // to initiate mTLS connections to the database instances. // -// {{}} -// {{}} -// ```yaml -// apiVersion: networking.istio.io/v1alpha3 -// kind: ServiceEntry -// metadata: -// name: external-svc-mongocluster -// spec: -// hosts: -// - mymongodb.somedomain # not used -// addresses: -// - 192.192.192.192/24 # VIPs -// ports: -// - number: 27018 -// name: mongodb -// protocol: MONGO -// location: MESH_INTERNAL -// resolution: STATIC -// endpoints: -// - address: 2.2.2.2 -// - address: 3.3.3.3 -// ``` -// {{}} -// -// {{}} // ```yaml -// apiVersion: networking.istio.io/v1beta1 +// apiVersion: networking.istio.io/v1 // kind: ServiceEntry // metadata: // name: external-svc-mongocluster @@ -138,32 +89,11 @@ import "networking/v1beta1/workload_entry.proto"; // - address: 2.2.2.2 // - address: 3.3.3.3 // ``` -// {{}} -// {{}} // // and the associated DestinationRule // -// {{}} -// {{}} -// ```yaml -// apiVersion: networking.istio.io/v1alpha3 -// kind: DestinationRule -// metadata: -// name: mtls-mongocluster -// spec: -// host: mymongodb.somedomain -// trafficPolicy: -// tls: -// mode: MUTUAL -// clientCertificate: /etc/certs/myclientcert.pem -// privateKey: /etc/certs/client_private_key.pem -// caCertificates: /etc/certs/rootcacerts.pem -// ``` -// {{}} -// -// {{}} // ```yaml -// apiVersion: networking.istio.io/v1beta1 +// apiVersion: networking.istio.io/v1 // kind: DestinationRule // metadata: // name: mtls-mongocluster @@ -176,36 +106,13 @@ import "networking/v1beta1/workload_entry.proto"; // privateKey: /etc/certs/client_private_key.pem // caCertificates: /etc/certs/rootcacerts.pem // ``` -// {{}} -// {{}} // // The following example uses a combination of service entry and TLS // routing in a virtual service to steer traffic based on the SNI value to // an internal egress firewall. // -// {{}} -// {{}} -// ```yaml -// apiVersion: networking.istio.io/v1alpha3 -// kind: ServiceEntry -// metadata: -// name: external-svc-redirect -// spec: -// hosts: -// - wikipedia.org -// - "*.wikipedia.org" -// location: MESH_EXTERNAL -// ports: -// - number: 443 -// name: https -// protocol: TLS -// resolution: NONE -// ``` -// {{}} -// -// {{}} // ```yaml -// apiVersion: networking.istio.io/v1beta1 +// apiVersion: networking.istio.io/v1 // kind: ServiceEntry // metadata: // name: external-svc-redirect @@ -220,15 +127,11 @@ import "networking/v1beta1/workload_entry.proto"; // protocol: TLS // resolution: NONE // ``` -// {{}} -// {{}} // // And the associated VirtualService to route based on the SNI value. // -// {{}} -// {{}} // ```yaml -// apiVersion: networking.istio.io/v1alpha3 +// apiVersion: networking.istio.io/v1 // kind: VirtualService // metadata: // name: tls-routing @@ -245,29 +148,6 @@ import "networking/v1beta1/workload_entry.proto"; // - destination: // host: internal-egress-firewall.ns1.svc.cluster.local // ``` -// {{}} -// -// {{}} -// ```yaml -// apiVersion: networking.istio.io/v1beta1 -// kind: VirtualService -// metadata: -// name: tls-routing -// spec: -// hosts: -// - wikipedia.org -// - "*.wikipedia.org" -// tls: -// - match: -// - sniHosts: -// - wikipedia.org -// - "*.wikipedia.org" -// route: -// - destination: -// host: internal-egress-firewall.ns1.svc.cluster.local -// ``` -// {{}} -// {{}} // // The virtual service with TLS match serves to override the default SNI // match. In the absence of a virtual service, traffic will be forwarded to @@ -281,31 +161,8 @@ import "networking/v1beta1/workload_entry.proto"; // current namespace, represented by ".", so that it cannot be used by other // namespaces. // -// {{}} -// {{}} -// ```yaml -// apiVersion: networking.istio.io/v1alpha3 -// kind: ServiceEntry -// metadata: -// name: external-svc-httpbin -// namespace : egress -// spec: -// hosts: -// - example.com -// exportTo: -// - "." -// location: MESH_EXTERNAL -// ports: -// - number: 80 -// name: http -// protocol: HTTP -// resolution: DNS -// ``` -// {{}} -// -// {{}} // ```yaml -// apiVersion: networking.istio.io/v1beta1 +// apiVersion: networking.istio.io/v1 // kind: ServiceEntry // metadata: // name: external-svc-httpbin @@ -322,15 +179,11 @@ import "networking/v1beta1/workload_entry.proto"; // protocol: HTTP // resolution: DNS // ``` -// {{}} -// {{}} // // Define a gateway to handle all egress traffic. // -// {{}} -// {{}} // ```yaml -// apiVersion: networking.istio.io/v1alpha3 +// apiVersion: networking.istio.io/v1 // kind: Gateway // metadata: // name: istio-egressgateway @@ -346,28 +199,6 @@ import "networking/v1beta1/workload_entry.proto"; // hosts: // - "*" // ``` -// {{}} -// -// {{}} -// ```yaml -// apiVersion: networking.istio.io/v1beta1 -// kind: Gateway -// metadata: -// name: istio-egressgateway -// namespace: istio-system -// spec: -// selector: -// istio: egressgateway -// servers: -// - port: -// number: 80 -// name: http -// protocol: HTTP -// hosts: -// - "*" -// ``` -// {{}} -// {{}} // // And the associated `VirtualService` to route from the sidecar to the // gateway service (`istio-egressgateway.istio-system.svc.cluster.local`), as @@ -376,10 +207,8 @@ import "networking/v1beta1/workload_entry.proto"; // through the gateway to the external service. Forcing traffic to go through // a managed middle proxy like this is a common practice. // -// {{}} -// {{}} // ```yaml -// apiVersion: networking.istio.io/v1alpha3 +// apiVersion: networking.istio.io/v1 // kind: VirtualService // metadata: // name: gateway-routing @@ -408,69 +237,14 @@ import "networking/v1beta1/workload_entry.proto"; // - destination: // host: example.com // ``` -// {{}} -// -// {{}} -// ```yaml -// apiVersion: networking.istio.io/v1beta1 -// kind: VirtualService -// metadata: -// name: gateway-routing -// namespace: egress -// spec: -// hosts: -// - example.com -// exportTo: -// - "*" -// gateways: -// - mesh -// - istio-egressgateway -// http: -// - match: -// - port: 80 -// gateways: -// - mesh -// route: -// - destination: -// host: istio-egressgateway.istio-system.svc.cluster.local -// - match: -// - port: 80 -// gateways: -// - istio-egressgateway -// route: -// - destination: -// host: example.com -// ``` -// {{}} -// {{}} // // The following example demonstrates the use of wildcards in the hosts for // external services. If the connection has to be routed to the IP address // requested by the application (i.e. application resolves DNS and attempts -// to connect to a specific IP), the discovery mode must be set to `NONE`. -// -// {{}} -// {{}} -// ```yaml -// apiVersion: networking.istio.io/v1alpha3 -// kind: ServiceEntry -// metadata: -// name: external-svc-wildcard-example -// spec: -// hosts: -// - "*.bar.com" -// location: MESH_EXTERNAL -// ports: -// - number: 80 -// name: http -// protocol: HTTP -// resolution: NONE -// ``` -// {{}} +// to connect to a specific IP), the resolution mode must be set to `NONE`. // -// {{}} // ```yaml -// apiVersion: networking.istio.io/v1beta1 +// apiVersion: networking.istio.io/v1 // kind: ServiceEntry // metadata: // name: external-svc-wildcard-example @@ -484,17 +258,13 @@ import "networking/v1beta1/workload_entry.proto"; // protocol: HTTP // resolution: NONE // ``` -// {{}} -// {{}} // // The following example demonstrates a service that is available via a // Unix Domain Socket on the host of the client. The resolution must be // set to STATIC to use Unix address endpoints. // -// {{}} -// {{}} // ```yaml -// apiVersion: networking.istio.io/v1alpha3 +// apiVersion: networking.istio.io/v1 // kind: ServiceEntry // metadata: // name: unix-domain-socket-example @@ -510,28 +280,6 @@ import "networking/v1beta1/workload_entry.proto"; // endpoints: // - address: unix:///var/run/example/socket // ``` -// {{}} -// -// {{}} -// ```yaml -// apiVersion: networking.istio.io/v1beta1 -// kind: ServiceEntry -// metadata: -// name: unix-domain-socket-example -// spec: -// hosts: -// - "example.unix.local" -// location: MESH_EXTERNAL -// ports: -// - number: 80 -// name: http -// protocol: HTTP -// resolution: STATIC -// endpoints: -// - address: unix:///var/run/example/socket -// ``` -// {{}} -// {{}} // // For HTTP-based services, it is possible to create a `VirtualService` // backed by multiple DNS addressable endpoints. In such a scenario, the @@ -541,10 +289,8 @@ import "networking/v1beta1/workload_entry.proto"; // service called foo.bar.com backed by three domains: us.foo.bar.com:8080, // uk.foo.bar.com:9080, and in.foo.bar.com:7080 // -// {{}} -// {{}} // ```yaml -// apiVersion: networking.istio.io/v1alpha3 +// apiVersion: networking.istio.io/v1 // kind: ServiceEntry // metadata: // name: external-svc-dns @@ -568,36 +314,6 @@ import "networking/v1beta1/workload_entry.proto"; // ports: // http: 7080 // ``` -// {{}} -// -// {{}} -// ```yaml -// apiVersion: networking.istio.io/v1beta1 -// kind: ServiceEntry -// metadata: -// name: external-svc-dns -// spec: -// hosts: -// - foo.bar.com -// location: MESH_EXTERNAL -// ports: -// - number: 80 -// name: http -// protocol: HTTP -// resolution: DNS -// endpoints: -// - address: us.foo.bar.com -// ports: -// http: 8080 -// - address: uk.foo.bar.com -// ports: -// http: 9080 -// - address: in.foo.bar.com -// ports: -// http: 7080 -// ``` -// {{}} -// {{}} // // With `HTTP_PROXY=http://localhost/`, calls from the application to // `http://foo.bar.com` will be load balanced across the three domains @@ -608,34 +324,8 @@ import "networking/v1beta1/workload_entry.proto"; // containing a subject alternate name // whose format conforms to the [SPIFFE standard](https://github.com/spiffe/spiffe/blob/master/standards/SPIFFE-ID.md): // -// {{}} -// {{}} -// ```yaml -// apiVersion: networking.istio.io/v1alpha3 -// kind: ServiceEntry -// metadata: -// name: httpbin -// namespace : httpbin-ns -// spec: -// hosts: -// - example.com -// location: MESH_INTERNAL -// ports: -// - number: 80 -// name: http -// protocol: HTTP -// resolution: STATIC -// endpoints: -// - address: 2.2.2.2 -// - address: 3.3.3.3 -// subjectAltNames: -// - "spiffe://cluster.local/ns/httpbin-ns/sa/httpbin-service-account" -// ``` -// {{}} -// -// {{}} // ```yaml -// apiVersion: networking.istio.io/v1beta1 +// apiVersion: networking.istio.io/v1 // kind: ServiceEntry // metadata: // name: httpbin @@ -655,8 +345,6 @@ import "networking/v1beta1/workload_entry.proto"; // subjectAltNames: // - "spiffe://cluster.local/ns/httpbin-ns/sa/httpbin-service-account" // ``` -// {{}} -// {{}} // // The following example demonstrates the use of `ServiceEntry` with a // `workloadSelector` to handle the migration of a service @@ -664,42 +352,10 @@ import "networking/v1beta1/workload_entry.proto"; // VM-based instances with sidecars as well as a set of Kubernetes // pods managed by a standard deployment object. Consumers of this // service in the mesh will be automatically load balanced across the -// VMs and Kubernetes. VM for the `details.bookinfo.com` -// service. This VM has sidecar installed and bootstrapped using the -// `details-legacy` service account. The sidecar receives HTTP traffic -// on port 80 (wrapped in istio mutual TLS) and forwards it to the -// application on the localhost on the same port. -// -// {{}} -// {{}} -// ```yaml -// apiVersion: networking.istio.io/v1alpha3 -// kind: WorkloadEntry -// metadata: -// name: details-vm-1 -// spec: -// serviceAccount: details -// address: 2.2.2.2 -// labels: -// app: details -// instance-id: vm1 -// --- -// apiVersion: networking.istio.io/v1alpha3 -// kind: WorkloadEntry -// metadata: -// name: details-vm-2 -// spec: -// serviceAccount: details -// address: 3.3.3.3 -// labels: -// app: details -// instance-id: vm2 -// ``` -// {{}} +// VMs and Kubernetes. // -// {{}} // ```yaml -// apiVersion: networking.istio.io/v1beta1 +// apiVersion: networking.istio.io/v1 // kind: WorkloadEntry // metadata: // name: details-vm-1 @@ -710,7 +366,7 @@ import "networking/v1beta1/workload_entry.proto"; // app: details // instance-id: vm1 // --- -// apiVersion: networking.istio.io/v1beta1 +// apiVersion: networking.istio.io/v1 // kind: WorkloadEntry // metadata: // name: details-vm-2 @@ -721,18 +377,14 @@ import "networking/v1beta1/workload_entry.proto"; // app: details // instance-id: vm2 // ``` -// {{}} -// {{}} // // Assuming there is also a Kubernetes deployment with pod labels // `app: details` using the same service account `details`, the // following service entry declares a service spanning both VMs and // Kubernetes: // -// {{}} -// {{}} // ```yaml -// apiVersion: networking.istio.io/v1alpha3 +// apiVersion: networking.istio.io/v1 // kind: ServiceEntry // metadata: // name: details-svc @@ -749,39 +401,17 @@ import "networking/v1beta1/workload_entry.proto"; // labels: // app: details // ``` -// {{}} -// -// {{}} -// ```yaml -// apiVersion: networking.istio.io/v1beta1 -// kind: ServiceEntry -// metadata: -// name: details-svc -// spec: -// hosts: -// - details.bookinfo.com -// location: MESH_INTERNAL -// ports: -// - number: 80 -// name: http -// protocol: HTTP -// resolution: STATIC -// workloadSelector: -// labels: -// app: details -// ``` -// {{}} -// {{}} -package istio.networking.v1beta1; +package istio.networking.v1alpha3; + +option go_package = "istio.io/api/networking/v1alpha3"; -option go_package = "istio.io/api/networking/v1beta1"; // ServiceEntry enables adding additional entries into Istio's internal // service registry. // // // // -// +// +kubebuilder:validation:XValidation:message="only one of WorkloadSelector or Endpoints can be set",rule="(has(self.workloadSelector)?1:0)+(has(self.endpoints)?1:0)<=1" +// +kubebuilder:validation:XValidation:message="CIDR addresses are allowed only for NONE/STATIC resolution types",rule="!(has(self.addresses) && self.addresses.exists(k, k.contains('/')) && (has(self.resolution) && self.resolution != 'STATIC' && self.resolution != 'NONE'))" +// +kubebuilder:validation:XValidation:message="NONE mode cannot set endpoints",rule="(!has(self.resolution) || self.resolution == 'NONE') ? !has(self.endpoints) : true" +// +kubebuilder:validation:XValidation:message="DNS_ROUND_ROBIN mode cannot have multiple endpoints",rule="(has(self.resolution) && self.resolution == 'DNS_ROUND_ROBIN') ? (!has(self.endpoints) || size(self.endpoints) == 1) : true" message ServiceEntry { // The hosts associated with the ServiceEntry. Could be a DNS // name with wildcard prefix. @@ -826,13 +459,15 @@ message ServiceEntry { // supplies its own set of endpoints, the ServiceEntry will be // treated as a decorator of the existing Kubernetes // service. Properties in the service entry will be added to the - // Kubernetes service if applicable. Currently, the only the - // following additional properties will be considered by `istiod`: + // Kubernetes service if applicable. Currently, only the following + // additional properties will be considered by `istiod`: // // 1. subjectAltNames: In addition to verifying the SANs of the // service accounts associated with the pods of the service, the // SANs specified here will also be verified. - // + // +kubebuilder:validation:MinItems=1 + // +kubebuilder:validation:MaxItems=256 + // +protoc-gen-crd:list-value-validation:XValidation:message="hostname cannot be wildcard",rule="self != '*'" repeated string hosts = 1 [(google.api.field_behavior) = REQUIRED]; // The virtual IP addresses associated with the service. Could be CIDR @@ -849,19 +484,23 @@ message ServiceEntry { // simple TCP proxy, forwarding incoming traffic on a specified port to // the specified destination endpoint IP/host. Unix domain socket // addresses are not supported in this field. + // +kubebuilder:validation:MaxItems=256 + // +protoc-gen-crd:list-value-validation:MaxLength=64 repeated string addresses = 2; // The ports associated with the external service. If the // Endpoints are Unix domain socket addresses, there must be exactly one // port. - repeated Port ports = 3 [(google.api.field_behavior) = REQUIRED]; + // +listType=map + // +listMapKey=name + // +kubebuilder:validation:MaxItems=256 + // +kubebuilder:validation:XValidation:message="port number cannot be duplicated",rule="self.all(l1, self.exists_one(l2, l1.number == l2.number))" + repeated ServicePort ports = 3; // Location specifies whether the service is part of Istio mesh or // outside the mesh. Location determines the behavior of several // features, such as service-to-service mTLS authentication, policy - // enforcement, etc. When communicating with services outside the mesh, - // Istio's mTLS authentication is disabled, and policy enforcement is - // performed on the client-side as opposed to server-side. + // enforcement, etc. enum Location { // Signifies that the service is external to the mesh. Typically used // to indicate external services consumed through APIs. @@ -922,14 +561,15 @@ message ServiceEntry { DNS_ROUND_ROBIN = 3; }; - // Service discovery mode for the hosts. Care must be taken + // Service resolution mode for the hosts. Care must be taken // when setting the resolution mode to NONE for a TCP port without // accompanying IP addresses. In such cases, traffic to any IP on // said port will be allowed (i.e. `0.0.0.0:`). - Resolution resolution = 5 [(google.api.field_behavior) = REQUIRED]; + Resolution resolution = 5; // One or more endpoints associated with the service. Only one of // `endpoints` or `workloadSelector` can be specified. + // +kubebuilder:validation:MaxItems=4096 repeated WorkloadEntry endpoints = 6; // Applicable only for MESH_INTERNAL services. Only one of @@ -967,3 +607,63 @@ message ServiceEntry { // verified. repeated string subject_alt_names = 8; } + +// ServicePort describes the properties of a specific port of a service. +message ServicePort { + // A valid non-negative integer port number. + // +kubebuilder:validation:XValidation:message="port must be between 1-65535",rule="0 < self && self <= 65535" + uint32 number = 1 [(google.api.field_behavior) = REQUIRED]; + + // The protocol exposed on the port. + // MUST be one of HTTP|HTTPS|GRPC|HTTP2|MONGO|TCP|TLS. + // TLS implies the connection will be routed based on the SNI header to + // the destination without terminating the TLS connection. + // +kubebuilder:validation:MaxLength=256 + string protocol = 2; + + // Label assigned to the port. + // +kubebuilder:validation:MaxLength=256 + string name = 3 [(google.api.field_behavior) = REQUIRED]; + + // The port number on the endpoint where the traffic will be + // received. If unset, default to `number`. + // +kubebuilder:validation:XValidation:message="port must be between 1-65535",rule="0 < self && self <= 65535" + uint32 target_port = 4; +} + +message ServiceEntryStatus { + // Current service state of ServiceEntry. + // More info: https://istio.io/docs/reference/config/config-status/ + // +optional + // +patchMergeKey=type + // +patchStrategy=merge + repeated meta.v1alpha1.IstioCondition conditions = 1; + + // Includes any errors or warnings detected by Istio's analyzers. + // +optional + // +patchMergeKey=type + // +patchStrategy=merge + repeated analysis.v1alpha1.AnalysisMessageBase validation_messages = 2; + + // Resource Generation to which the Reconciled Condition refers. + // When this value is not equal to the object's metadata generation, reconciled condition calculation for the current + // generation is still in progress. See https://istio.io/latest/docs/reference/config/config-status/ for more info. + // +optional + int64 observed_generation = 3; + + // Above this is just a copy of the common IstioStatus since proto cannot embed an anonymous message whole cloth + + // List of addresses which were assigned to this ServiceEntry. + // +optional + repeated ServiceEntryAddress addresses = 10; +} + +// A minor abstraction to allow for adding hostnames if relevant. +message ServiceEntryAddress{ + // The address (e.g. 192.168.0.2) + string value = 1; + + // The host name associated with this address + string host = 2; +} + diff --git a/vendor/istio.io/api/networking/v1alpha3/service_entry_deepcopy.gen.go b/vendor/istio.io/api/networking/v1alpha3/service_entry_deepcopy.gen.go new file mode 100644 index 000000000..6c1353760 --- /dev/null +++ b/vendor/istio.io/api/networking/v1alpha3/service_entry_deepcopy.gen.go @@ -0,0 +1,90 @@ +// Code generated by protoc-gen-deepcopy. DO NOT EDIT. +package v1alpha3 + +import ( + proto "google.golang.org/protobuf/proto" +) + +// DeepCopyInto supports using ServiceEntry within kubernetes types, where deepcopy-gen is used. +func (in *ServiceEntry) DeepCopyInto(out *ServiceEntry) { + p := proto.Clone(in).(*ServiceEntry) + *out = *p +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ServiceEntry. Required by controller-gen. +func (in *ServiceEntry) DeepCopy() *ServiceEntry { + if in == nil { + return nil + } + out := new(ServiceEntry) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInterface is an autogenerated deepcopy function, copying the receiver, creating a new ServiceEntry. Required by controller-gen. +func (in *ServiceEntry) DeepCopyInterface() interface{} { + return in.DeepCopy() +} + +// DeepCopyInto supports using ServicePort within kubernetes types, where deepcopy-gen is used. +func (in *ServicePort) DeepCopyInto(out *ServicePort) { + p := proto.Clone(in).(*ServicePort) + *out = *p +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ServicePort. Required by controller-gen. +func (in *ServicePort) DeepCopy() *ServicePort { + if in == nil { + return nil + } + out := new(ServicePort) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInterface is an autogenerated deepcopy function, copying the receiver, creating a new ServicePort. Required by controller-gen. +func (in *ServicePort) DeepCopyInterface() interface{} { + return in.DeepCopy() +} + +// DeepCopyInto supports using ServiceEntryStatus within kubernetes types, where deepcopy-gen is used. +func (in *ServiceEntryStatus) DeepCopyInto(out *ServiceEntryStatus) { + p := proto.Clone(in).(*ServiceEntryStatus) + *out = *p +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ServiceEntryStatus. Required by controller-gen. +func (in *ServiceEntryStatus) DeepCopy() *ServiceEntryStatus { + if in == nil { + return nil + } + out := new(ServiceEntryStatus) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInterface is an autogenerated deepcopy function, copying the receiver, creating a new ServiceEntryStatus. Required by controller-gen. +func (in *ServiceEntryStatus) DeepCopyInterface() interface{} { + return in.DeepCopy() +} + +// DeepCopyInto supports using ServiceEntryAddress within kubernetes types, where deepcopy-gen is used. +func (in *ServiceEntryAddress) DeepCopyInto(out *ServiceEntryAddress) { + p := proto.Clone(in).(*ServiceEntryAddress) + *out = *p +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ServiceEntryAddress. Required by controller-gen. +func (in *ServiceEntryAddress) DeepCopy() *ServiceEntryAddress { + if in == nil { + return nil + } + out := new(ServiceEntryAddress) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInterface is an autogenerated deepcopy function, copying the receiver, creating a new ServiceEntryAddress. Required by controller-gen. +func (in *ServiceEntryAddress) DeepCopyInterface() interface{} { + return in.DeepCopy() +} diff --git a/vendor/istio.io/api/networking/v1alpha3/service_entry_json.gen.go b/vendor/istio.io/api/networking/v1alpha3/service_entry_json.gen.go new file mode 100644 index 000000000..aa9732e61 --- /dev/null +++ b/vendor/istio.io/api/networking/v1alpha3/service_entry_json.gen.go @@ -0,0 +1,56 @@ +// Code generated by protoc-gen-jsonshim. DO NOT EDIT. +package v1alpha3 + +import ( + bytes "bytes" + jsonpb "github.com/golang/protobuf/jsonpb" +) + +// MarshalJSON is a custom marshaler for ServiceEntry +func (this *ServiceEntry) MarshalJSON() ([]byte, error) { + str, err := ServiceEntryMarshaler.MarshalToString(this) + return []byte(str), err +} + +// UnmarshalJSON is a custom unmarshaler for ServiceEntry +func (this *ServiceEntry) UnmarshalJSON(b []byte) error { + return ServiceEntryUnmarshaler.Unmarshal(bytes.NewReader(b), this) +} + +// MarshalJSON is a custom marshaler for ServicePort +func (this *ServicePort) MarshalJSON() ([]byte, error) { + str, err := ServiceEntryMarshaler.MarshalToString(this) + return []byte(str), err +} + +// UnmarshalJSON is a custom unmarshaler for ServicePort +func (this *ServicePort) UnmarshalJSON(b []byte) error { + return ServiceEntryUnmarshaler.Unmarshal(bytes.NewReader(b), this) +} + +// MarshalJSON is a custom marshaler for ServiceEntryStatus +func (this *ServiceEntryStatus) MarshalJSON() ([]byte, error) { + str, err := ServiceEntryMarshaler.MarshalToString(this) + return []byte(str), err +} + +// UnmarshalJSON is a custom unmarshaler for ServiceEntryStatus +func (this *ServiceEntryStatus) UnmarshalJSON(b []byte) error { + return ServiceEntryUnmarshaler.Unmarshal(bytes.NewReader(b), this) +} + +// MarshalJSON is a custom marshaler for ServiceEntryAddress +func (this *ServiceEntryAddress) MarshalJSON() ([]byte, error) { + str, err := ServiceEntryMarshaler.MarshalToString(this) + return []byte(str), err +} + +// UnmarshalJSON is a custom unmarshaler for ServiceEntryAddress +func (this *ServiceEntryAddress) UnmarshalJSON(b []byte) error { + return ServiceEntryUnmarshaler.Unmarshal(bytes.NewReader(b), this) +} + +var ( + ServiceEntryMarshaler = &jsonpb.Marshaler{} + ServiceEntryUnmarshaler = &jsonpb.Unmarshaler{AllowUnknownFields: true} +) diff --git a/vendor/istio.io/api/networking/v1alpha3/sidecar.pb.go b/vendor/istio.io/api/networking/v1alpha3/sidecar.pb.go new file mode 100644 index 000000000..f42f4f857 --- /dev/null +++ b/vendor/istio.io/api/networking/v1alpha3/sidecar.pb.go @@ -0,0 +1,1271 @@ +// Copyright 2018 Istio Authors +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. + +// Code generated by protoc-gen-go. DO NOT EDIT. +// versions: +// protoc-gen-go v1.35.2 +// protoc (unknown) +// source: networking/v1alpha3/sidecar.proto + +// $schema: istio.networking.v1alpha3.Sidecar +// $title: Sidecar +// $description: Configuration affecting network reachability of a sidecar. +// $location: https://istio.io/docs/reference/config/networking/sidecar.html +// $aliases: [/docs/reference/config/networking/v1alpha3/sidecar] + +// `Sidecar` describes the configuration of the sidecar proxy that mediates +// inbound and outbound communication to the workload instance it is attached to. By +// default, Istio will program all sidecar proxies in the mesh with the +// necessary configuration required to reach every workload instance in the mesh, as +// well as accept traffic on all the ports associated with the +// workload. The `Sidecar` configuration provides a way to fine tune the set of +// ports, protocols that the proxy will accept when forwarding traffic to +// and from the workload. +// +// One the common usages of `Sidecar` is to limit the set of configuration for outbound traffic. +// This configuration scoping, among [other options](/docs/ops/configuration/mesh/configuration-scoping/), is useful to prune +// out unneeded configuration, to improve scalability of the mesh. +// A common misunderstanding is that restricting the configuration amounts to *blocking* the traffic. +// If requests are sent to destinations not included in the scoping, the traffic will be treated as +// [unmatched traffic](/docs/ops/configuration/traffic-management/traffic-routing/#unmatched-traffic), which is often still allowed. +// The sidecar is not able to enforce an outbound traffic restriction (see [Egress Gateways](/docs/tasks/traffic-management/egress/egress-gateway/) for how to achieve this). +// +// Services and configuration in a mesh are organized into one or more +// namespaces (e.g., a Kubernetes namespace or a CF org/space). A `Sidecar` +// configuration in a namespace will apply to one or more workload instances in the same +// namespace, selected using the `workloadSelector` field. In the absence of a +// `workloadSelector`, it will apply to all workload instances in the same +// namespace. When determining the `Sidecar` configuration to be applied to a +// workload instance, preference will be given to the resource with a +// `workloadSelector` that selects this workload instance, over a `Sidecar` configuration +// without any `workloadSelector`. +// +// **NOTE 1**: *_Each namespace can have only one `Sidecar` +// configuration without any `workloadSelector`_ that specifies the +// default for all pods in that namespace*. It is recommended to use +// the name `default` for the namespace-wide sidecar. The behavior of +// the system is undefined if more than one selector-less `Sidecar` +// configurations exist in a given namespace. The behavior of the +// system is undefined if two or more `Sidecar` configurations with a +// `workloadSelector` select the same workload instance. +// +// **NOTE 2**: *_A `Sidecar` configuration in the `MeshConfig` +// [root namespace](https://istio.io/docs/reference/config/istio.mesh.v1alpha1/#MeshConfig) +// will be applied by default to all namespaces without a `Sidecar` +// configuration_*. This global default `Sidecar` configuration should not have +// any `workloadSelector`. +// +// **NOTE 3**: *_A `Sidecar` is not applicable to gateways, even though gateways are istio-proxies_*. +// +// The example below declares a global default `Sidecar` configuration +// in the root namespace called `istio-config`, that configures +// sidecars in all namespaces to configure egress traffic only to other +// workloads in the same namespace as well as to services in the +// `istio-system` namespace. +// +// ```yaml +// apiVersion: networking.istio.io/v1 +// kind: Sidecar +// metadata: +// name: default +// namespace: istio-config +// spec: +// egress: +// - hosts: +// - "./*" +// - "istio-system/*" +// ``` +// +// The example below declares a `Sidecar` configuration in the +// `prod-us1` namespace that overrides the global default defined +// above, and configures the sidecars in the namespace to configure egress +// traffic to public services in the `prod-us1`, `prod-apis`, and the +// `istio-system` namespaces. +// +// ```yaml +// apiVersion: networking.istio.io/v1 +// kind: Sidecar +// metadata: +// name: default +// namespace: prod-us1 +// spec: +// egress: +// - hosts: +// - "prod-us1/*" +// - "prod-apis/*" +// - "istio-system/*" +// ``` +// +// The following example declares a `Sidecar` configuration in the +// `prod-us1` namespace for all pods with labels `app: ratings` +// belonging to the `ratings.prod-us1` service. The workload accepts +// inbound HTTP traffic on port 9080. The traffic is then forwarded to +// the attached workload instance listening on a Unix domain +// socket. In the egress direction, in addition to the `istio-system` +// namespace, the sidecar proxies only HTTP traffic bound for port +// 9080 for services in the `prod-us1` namespace. +// +// ```yaml +// apiVersion: networking.istio.io/v1 +// kind: Sidecar +// metadata: +// name: ratings +// namespace: prod-us1 +// spec: +// workloadSelector: +// labels: +// app: ratings +// ingress: +// - port: +// number: 9080 +// protocol: HTTP +// name: somename +// defaultEndpoint: unix:///var/run/someuds.sock +// egress: +// - port: +// number: 9080 +// protocol: HTTP +// name: egresshttp +// hosts: +// - "prod-us1/*" +// - hosts: +// - "istio-system/*" +// ``` +// +// If the workload is deployed without IPTables-based traffic capture, +// the `Sidecar` configuration is the only way to configure the ports +// on the proxy attached to the workload instance. The following +// example declares a `Sidecar` configuration in the `prod-us1` +// namespace for all pods with labels `app: productpage` belonging to +// the `productpage.prod-us1` service. Assuming that these pods are +// deployed without IPtable rules (i.e. the `istio-init` container) +// and the proxy metadata `ISTIO_META_INTERCEPTION_MODE` is set to +// `NONE`, the specification, below, allows such pods to receive HTTP +// traffic on port 9080 (wrapped inside Istio mutual TLS) and forward +// it to the application listening on `127.0.0.1:8080`. It also allows +// the application to communicate with a backing MySQL database on +// `127.0.0.1:3306`, that then gets proxied to the externally hosted +// MySQL service at `mysql.foo.com:3306`. +// +// ```yaml +// apiVersion: networking.istio.io/v1 +// kind: Sidecar +// metadata: +// name: no-ip-tables +// namespace: prod-us1 +// spec: +// workloadSelector: +// labels: +// app: productpage +// ingress: +// - port: +// number: 9080 # binds to proxy_instance_ip:9080 (0.0.0.0:9080, if no unicast IP is available for the instance) +// protocol: HTTP +// name: somename +// defaultEndpoint: 127.0.0.1:8080 +// captureMode: NONE # not needed if metadata is set for entire proxy +// egress: +// - port: +// number: 3306 +// protocol: MYSQL +// name: egressmysql +// captureMode: NONE # not needed if metadata is set for entire proxy +// bind: 127.0.0.1 +// hosts: +// - "*/mysql.foo.com" +// ``` +// +// And the associated service entry for routing to `mysql.foo.com:3306` +// +// ```yaml +// apiVersion: networking.istio.io/v1 +// kind: ServiceEntry +// metadata: +// name: external-svc-mysql +// namespace: ns1 +// spec: +// hosts: +// - mysql.foo.com +// ports: +// - number: 3306 +// name: mysql +// protocol: MYSQL +// location: MESH_EXTERNAL +// resolution: DNS +// ``` +// +// It is also possible to mix and match traffic capture modes in a single +// proxy. For example, consider a setup where internal services are on the +// `192.168.0.0/16` subnet. So, IP tables are setup on the VM to capture all +// outbound traffic on `192.168.0.0/16` subnet. Assume that the VM has an +// additional network interface on `172.16.0.0/16` subnet for inbound +// traffic. The following `Sidecar` configuration allows the VM to expose a +// listener on `172.16.1.32:80` (the VM's IP) for traffic arriving from the +// `172.16.0.0/16` subnet. +// +// **NOTE**: The `ISTIO_META_INTERCEPTION_MODE` metadata on the +// proxy in the VM should contain `REDIRECT` or `TPROXY` as its value, +// implying that IP tables based traffic capture is active. +// +// ```yaml +// apiVersion: networking.istio.io/v1 +// kind: Sidecar +// metadata: +// name: partial-ip-tables +// namespace: prod-us1 +// spec: +// workloadSelector: +// labels: +// app: productpage +// ingress: +// - bind: 172.16.1.32 +// port: +// number: 80 # binds to 172.16.1.32:80 +// protocol: HTTP +// name: somename +// defaultEndpoint: 127.0.0.1:8080 +// captureMode: NONE +// egress: +// # use the system detected defaults +// # sets up configuration to handle outbound traffic to services +// # in 192.168.0.0/16 subnet, based on information provided by the +// # service registry +// - captureMode: IPTABLES +// hosts: +// - "*/*" +// ``` +// +// The following example declares a `Sidecar` configuration in the +// `prod-us1` namespace for all pods with labels `app: ratings` +// belonging to the `ratings.prod-us1` service. The service accepts +// inbound HTTPS traffic on port 8443 and the sidecar proxy terminates +// one way TLS using the given server certificates. +// The traffic is then forwarded to the attached workload instance +// listening on a Unix domain socket. +// It is expected that PeerAuthentication policy would be configured +// in order to set mTLS mode to "DISABLE" on specific +// ports. +// In this example, the mTLS mode is disabled on PORT 80. +// This feature is currently experimental. +// +// ```yaml +// apiVersion: networking.istio.io/v1 +// kind: Sidecar +// metadata: +// name: ratings +// namespace: prod-us1 +// spec: +// workloadSelector: +// labels: +// app: ratings +// ingress: +// - port: +// number: 80 +// protocol: HTTPS +// name: somename +// defaultEndpoint: unix:///var/run/someuds.sock +// tls: +// mode: SIMPLE +// privateKey: "/etc/certs/privatekey.pem" +// serverCertificate: "/etc/certs/servercert.pem" +// --- +// apiVersion: v1 +// kind: Service +// metadata: +// name: ratings +// labels: +// app: ratings +// service: ratings +// spec: +// ports: +// - port: 8443 +// name: https +// targetPort: 80 +// selector: +// app: ratings +// --- +// apiVersion: security.istio.io/v1 +// kind: PeerAuthentication +// metadata: +// name: ratings-peer-auth +// namespace: prod-us1 +// spec: +// selector: +// matchLabels: +// app: ratings +// mtls: +// mode: STRICT +// portLevelMtls: +// 80: +// mode: DISABLE +// ``` +// +// In addition to configuring traffic capture and how traffic is forwarded to the app, +// it's possible to control inbound connection pool settings. By default, Istio pushes +// connection pool settings from `DestinationRules` to both clients (for outbound +// connections to the service) as well as servers (for inbound connections to a service +// instance). Using the `InboundConnectionPool` and per-port `ConnectionPool` settings +// in a `Sidecar` allow you to control those connection pools for the server separately +// from the settings pushed to all clients. +// +// ```yaml +// apiVersion: networking.istio.io/v1 +// kind: Sidecar +// metadata: +// name: connection-pool-settings +// namespace: prod-us1 +// spec: +// workloadSelector: +// labels: +// app: productpage +// inboundConnectionPool: +// http: +// http1MaxPendingRequests: 1024 +// http2MaxRequests: 1024 +// maxRequestsPerConnection: 1024 +// maxRetries: 100 +// ingress: +// - port: +// number: 80 +// protocol: HTTP +// name: somename +// connectionPool: +// http: +// http1MaxPendingRequests: 1024 +// http2MaxRequests: 1024 +// maxRequestsPerConnection: 1024 +// maxRetries: 100 +// tcp: +// maxConnections: 100 +// ``` + +package v1alpha3 + +import ( + _ "google.golang.org/genproto/googleapis/api/annotations" + protoreflect "google.golang.org/protobuf/reflect/protoreflect" + protoimpl "google.golang.org/protobuf/runtime/protoimpl" + reflect "reflect" + sync "sync" +) + +const ( + // Verify that this generated code is sufficiently up-to-date. + _ = protoimpl.EnforceVersion(20 - protoimpl.MinVersion) + // Verify that runtime/protoimpl is sufficiently up-to-date. + _ = protoimpl.EnforceVersion(protoimpl.MaxVersion - 20) +) + +// `CaptureMode` describes how traffic to a listener is expected to be +// captured. Applicable only when the listener is bound to an IP. +type CaptureMode int32 + +const ( + // The default capture mode defined by the environment. + CaptureMode_DEFAULT CaptureMode = 0 + // Capture traffic using IPtables redirection. + CaptureMode_IPTABLES CaptureMode = 1 + // No traffic capture. When used in an egress listener, the application is + // expected to explicitly communicate with the listener port or Unix + // domain socket. When used in an ingress listener, care needs to be taken + // to ensure that the listener port is not in use by other processes on + // the host. + CaptureMode_NONE CaptureMode = 2 +) + +// Enum value maps for CaptureMode. +var ( + CaptureMode_name = map[int32]string{ + 0: "DEFAULT", + 1: "IPTABLES", + 2: "NONE", + } + CaptureMode_value = map[string]int32{ + "DEFAULT": 0, + "IPTABLES": 1, + "NONE": 2, + } +) + +func (x CaptureMode) Enum() *CaptureMode { + p := new(CaptureMode) + *p = x + return p +} + +func (x CaptureMode) String() string { + return protoimpl.X.EnumStringOf(x.Descriptor(), protoreflect.EnumNumber(x)) +} + +func (CaptureMode) Descriptor() protoreflect.EnumDescriptor { + return file_networking_v1alpha3_sidecar_proto_enumTypes[0].Descriptor() +} + +func (CaptureMode) Type() protoreflect.EnumType { + return &file_networking_v1alpha3_sidecar_proto_enumTypes[0] +} + +func (x CaptureMode) Number() protoreflect.EnumNumber { + return protoreflect.EnumNumber(x) +} + +// Deprecated: Use CaptureMode.Descriptor instead. +func (CaptureMode) EnumDescriptor() ([]byte, []int) { + return file_networking_v1alpha3_sidecar_proto_rawDescGZIP(), []int{0} +} + +type OutboundTrafficPolicy_Mode int32 + +const ( + // In `REGISTRY_ONLY` mode, unknown outbound traffic will be dropped. + // Traffic destinations must be explicitly declared into the service registry through `ServiceEntry` configurations. + // + // Note: Istio [does not offer an outbound traffic security policy](https://istio.io/latest/docs/ops/best-practices/security/#understand-traffic-capture-limitations). + // This option does not act as one, or as any form of an outbound firewall. + // Instead, this option exists primarily to offer users a way to detect missing `ServiceEntry` configurations by explicitly failing. + OutboundTrafficPolicy_REGISTRY_ONLY OutboundTrafficPolicy_Mode = 0 + // In `ALLOW_ANY` mode, any traffic to unknown destinations will be allowed. + // Unknown destination traffic will have limited functionality, however, such as reduced observability. + // This mode allows users that do not have all possible egress destinations registered through `ServiceEntry` configurations to still connect + // to arbitrary destinations. + OutboundTrafficPolicy_ALLOW_ANY OutboundTrafficPolicy_Mode = 1 +) + +// Enum value maps for OutboundTrafficPolicy_Mode. +var ( + OutboundTrafficPolicy_Mode_name = map[int32]string{ + 0: "REGISTRY_ONLY", + 1: "ALLOW_ANY", + } + OutboundTrafficPolicy_Mode_value = map[string]int32{ + "REGISTRY_ONLY": 0, + "ALLOW_ANY": 1, + } +) + +func (x OutboundTrafficPolicy_Mode) Enum() *OutboundTrafficPolicy_Mode { + p := new(OutboundTrafficPolicy_Mode) + *p = x + return p +} + +func (x OutboundTrafficPolicy_Mode) String() string { + return protoimpl.X.EnumStringOf(x.Descriptor(), protoreflect.EnumNumber(x)) +} + +func (OutboundTrafficPolicy_Mode) Descriptor() protoreflect.EnumDescriptor { + return file_networking_v1alpha3_sidecar_proto_enumTypes[1].Descriptor() +} + +func (OutboundTrafficPolicy_Mode) Type() protoreflect.EnumType { + return &file_networking_v1alpha3_sidecar_proto_enumTypes[1] +} + +func (x OutboundTrafficPolicy_Mode) Number() protoreflect.EnumNumber { + return protoreflect.EnumNumber(x) +} + +// Deprecated: Use OutboundTrafficPolicy_Mode.Descriptor instead. +func (OutboundTrafficPolicy_Mode) EnumDescriptor() ([]byte, []int) { + return file_networking_v1alpha3_sidecar_proto_rawDescGZIP(), []int{4, 0} +} + +// `Sidecar` describes the configuration of the sidecar proxy that mediates +// inbound and outbound communication of the workload instance to which it is +// attached. +// +// +// +// +type Sidecar struct { + state protoimpl.MessageState + sizeCache protoimpl.SizeCache + unknownFields protoimpl.UnknownFields + + // Criteria used to select the specific set of pods/VMs on which this + // `Sidecar` configuration should be applied. If omitted, the `Sidecar` + // configuration will be applied to all workload instances in the same namespace. + WorkloadSelector *WorkloadSelector `protobuf:"bytes,1,opt,name=workload_selector,json=workloadSelector,proto3" json:"workload_selector,omitempty"` + // Ingress specifies the configuration of the sidecar for processing + // inbound traffic to the attached workload instance. If omitted, Istio will + // automatically configure the sidecar based on the information about the workload + // obtained from the orchestration platform (e.g., exposed ports, services, + // etc.). If specified, inbound ports are configured if and only if the + // workload instance is associated with a service. + Ingress []*IstioIngressListener `protobuf:"bytes,2,rep,name=ingress,proto3" json:"ingress,omitempty"` + // Egress specifies the configuration of the sidecar for processing + // outbound traffic from the attached workload instance to other + // services in the mesh. If not specified, inherits the system + // detected defaults from the namespace-wide or the global default Sidecar. + Egress []*IstioEgressListener `protobuf:"bytes,3,rep,name=egress,proto3" json:"egress,omitempty"` + // Settings controlling the volume of connections Envoy will accept from the network. + // This default will apply for all inbound listeners and can be overridden per-port + // in the `Ingress` field. This configuration mirrors the `DestinationRule`'s + // [`connectionPool`](https://istio.io/latest/docs/reference/config/networking/destination-rule/#ConnectionPoolSettings) field. + // + // By default, Istio applies a service's `DestinationRule` to client sidecars + // for outbound traffic directed at the service -- the usual case folks think + // of when configuring a `DestinationRule` -- but also to the server's inbound + // sidecar. The `Sidecar`'s connection pool configures the server's inbound + // sidecar directly, so its settings can be different than clients'. This is + // valuable, for example, when you have many clients calling few servers: a + // `DestinationRule` can limit the concurrency of any single client, while + // the `Sidecar` allows you to configure much higher concurrency on the server + // side. + // + // Connection pool settings for a server's inbound sidecar are configured in the + // following precedence, highest to lowest: + // - per-port `ConnectionPool` from the `Sidecar` + // - top level `InboundConnectionPool` from the `Sidecar` + // - per-port `TrafficPolicy.ConnectionPool` from the `DestinationRule` + // - top level `TrafficPolicy.ConnectionPool` from the `DestinationRule` + // - default connection pool settings (essentially unlimited) + // + // In every case, the connection pool settings are overridden, not merged. + InboundConnectionPool *ConnectionPoolSettings `protobuf:"bytes,7,opt,name=inbound_connection_pool,json=inboundConnectionPool,proto3" json:"inbound_connection_pool,omitempty"` + // Set the default behavior of the sidecar for handling outbound + // traffic from the application. + // + // Default mode is `ALLOW_ANY`, which means outbound traffic to unknown destinations will be allowed. + OutboundTrafficPolicy *OutboundTrafficPolicy `protobuf:"bytes,4,opt,name=outbound_traffic_policy,json=outboundTrafficPolicy,proto3" json:"outbound_traffic_policy,omitempty"` +} + +func (x *Sidecar) Reset() { + *x = Sidecar{} + mi := &file_networking_v1alpha3_sidecar_proto_msgTypes[0] + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + ms.StoreMessageInfo(mi) +} + +func (x *Sidecar) String() string { + return protoimpl.X.MessageStringOf(x) +} + +func (*Sidecar) ProtoMessage() {} + +func (x *Sidecar) ProtoReflect() protoreflect.Message { + mi := &file_networking_v1alpha3_sidecar_proto_msgTypes[0] + if x != nil { + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + if ms.LoadMessageInfo() == nil { + ms.StoreMessageInfo(mi) + } + return ms + } + return mi.MessageOf(x) +} + +// Deprecated: Use Sidecar.ProtoReflect.Descriptor instead. +func (*Sidecar) Descriptor() ([]byte, []int) { + return file_networking_v1alpha3_sidecar_proto_rawDescGZIP(), []int{0} +} + +func (x *Sidecar) GetWorkloadSelector() *WorkloadSelector { + if x != nil { + return x.WorkloadSelector + } + return nil +} + +func (x *Sidecar) GetIngress() []*IstioIngressListener { + if x != nil { + return x.Ingress + } + return nil +} + +func (x *Sidecar) GetEgress() []*IstioEgressListener { + if x != nil { + return x.Egress + } + return nil +} + +func (x *Sidecar) GetInboundConnectionPool() *ConnectionPoolSettings { + if x != nil { + return x.InboundConnectionPool + } + return nil +} + +func (x *Sidecar) GetOutboundTrafficPolicy() *OutboundTrafficPolicy { + if x != nil { + return x.OutboundTrafficPolicy + } + return nil +} + +// `IstioIngressListener` specifies the properties of an inbound +// traffic listener on the sidecar proxy attached to a workload instance. +type IstioIngressListener struct { + state protoimpl.MessageState + sizeCache protoimpl.SizeCache + unknownFields protoimpl.UnknownFields + + // The port associated with the listener. + Port *SidecarPort `protobuf:"bytes,1,opt,name=port,proto3" json:"port,omitempty"` + // The IP(IPv4 or IPv6) to which the listener should be bound. + // Unix domain socket addresses are not allowed in + // the bind field for ingress listeners. If omitted, Istio will + // automatically configure the defaults based on imported services + // and the workload instances to which this configuration is applied + // to. + Bind string `protobuf:"bytes,2,opt,name=bind,proto3" json:"bind,omitempty"` + // The captureMode option dictates how traffic to the listener is + // expected to be captured (or not). + CaptureMode CaptureMode `protobuf:"varint,3,opt,name=capture_mode,json=captureMode,proto3,enum=istio.networking.v1alpha3.CaptureMode" json:"capture_mode,omitempty"` + // The IP endpoint or Unix domain socket to which + // traffic should be forwarded to. This configuration can be used to + // redirect traffic arriving at the bind `IP:Port` on the sidecar to a `localhost:port` + // or Unix domain socket where the application workload instance is listening for + // connections. Arbitrary IPs are not supported. Format should be one of + // `127.0.0.1:PORT`, `[::1]:PORT` (forward to localhost), + // `0.0.0.0:PORT`, `[::]:PORT` (forward to the instance IP), + // or `unix:///path/to/socket` (forward to Unix domain socket). + DefaultEndpoint string `protobuf:"bytes,4,opt,name=default_endpoint,json=defaultEndpoint,proto3" json:"default_endpoint,omitempty"` + // Set of TLS related options that will enable TLS termination on the + // sidecar for requests originating from outside the mesh. + // Currently supports only SIMPLE and MUTUAL TLS modes. + Tls *ServerTLSSettings `protobuf:"bytes,7,opt,name=tls,proto3" json:"tls,omitempty"` + // Settings controlling the volume of connections Envoy will accept from the network. + // This setting overrides the top-level default `inboundConnectionPool` to configure + // specific settings for this port. This configuration mirrors the `DestinationRule`'s + // [`PortTrafficPolicy.connectionPool`](https://istio.io/latest/docs/reference/config/networking/destination-rule/#TrafficPolicy-PortTrafficPolicy) field. + // This port level connection pool has the highest precedence in configuration, + // overriding both the `Sidecar`'s top level `InboundConnectionPool` as well as any + // connection pooling settings from the `DestinationRule`. + ConnectionPool *ConnectionPoolSettings `protobuf:"bytes,8,opt,name=connection_pool,json=connectionPool,proto3" json:"connection_pool,omitempty"` +} + +func (x *IstioIngressListener) Reset() { + *x = IstioIngressListener{} + mi := &file_networking_v1alpha3_sidecar_proto_msgTypes[1] + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + ms.StoreMessageInfo(mi) +} + +func (x *IstioIngressListener) String() string { + return protoimpl.X.MessageStringOf(x) +} + +func (*IstioIngressListener) ProtoMessage() {} + +func (x *IstioIngressListener) ProtoReflect() protoreflect.Message { + mi := &file_networking_v1alpha3_sidecar_proto_msgTypes[1] + if x != nil { + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + if ms.LoadMessageInfo() == nil { + ms.StoreMessageInfo(mi) + } + return ms + } + return mi.MessageOf(x) +} + +// Deprecated: Use IstioIngressListener.ProtoReflect.Descriptor instead. +func (*IstioIngressListener) Descriptor() ([]byte, []int) { + return file_networking_v1alpha3_sidecar_proto_rawDescGZIP(), []int{1} +} + +func (x *IstioIngressListener) GetPort() *SidecarPort { + if x != nil { + return x.Port + } + return nil +} + +func (x *IstioIngressListener) GetBind() string { + if x != nil { + return x.Bind + } + return "" +} + +func (x *IstioIngressListener) GetCaptureMode() CaptureMode { + if x != nil { + return x.CaptureMode + } + return CaptureMode_DEFAULT +} + +func (x *IstioIngressListener) GetDefaultEndpoint() string { + if x != nil { + return x.DefaultEndpoint + } + return "" +} + +func (x *IstioIngressListener) GetTls() *ServerTLSSettings { + if x != nil { + return x.Tls + } + return nil +} + +func (x *IstioIngressListener) GetConnectionPool() *ConnectionPoolSettings { + if x != nil { + return x.ConnectionPool + } + return nil +} + +// `IstioEgressListener` specifies the properties of an outbound traffic +// listener on the sidecar proxy attached to a workload instance. +type IstioEgressListener struct { + state protoimpl.MessageState + sizeCache protoimpl.SizeCache + unknownFields protoimpl.UnknownFields + + // The port associated with the listener. If using Unix domain socket, + // use 0 as the port number, with a valid protocol. The port if + // specified, will be used as the default destination port associated + // with the imported hosts. If the port is omitted, Istio will infer the + // listener ports based on the imported hosts. Note that when multiple + // egress listeners are specified, where one or more listeners have + // specific ports while others have no port, the hosts exposed on a + // listener port will be based on the listener with the most specific + // port. + Port *SidecarPort `protobuf:"bytes,1,opt,name=port,proto3" json:"port,omitempty"` + // The IP(IPv4 or IPv6) or the Unix domain socket to which the listener should be bound + // to. Port MUST be specified if bind is not empty. Format: IPv4 or IPv6 address formats or + // `unix:///path/to/uds` or `unix://@foobar` (Linux abstract namespace). If + // omitted, Istio will automatically configure the defaults based on imported + // services, the workload instances to which this configuration is applied to and + // the captureMode. If captureMode is `NONE`, bind will default to + // 127.0.0.1. + Bind string `protobuf:"bytes,2,opt,name=bind,proto3" json:"bind,omitempty"` + // When the bind address is an IP, the captureMode option dictates + // how traffic to the listener is expected to be captured (or not). + // captureMode must be DEFAULT or `NONE` for Unix domain socket binds. + CaptureMode CaptureMode `protobuf:"varint,3,opt,name=capture_mode,json=captureMode,proto3,enum=istio.networking.v1alpha3.CaptureMode" json:"capture_mode,omitempty"` + // One or more service hosts exposed by the listener + // in `namespace/dnsName` format. Services in the specified namespace + // matching `dnsName` will be exposed. + // The corresponding service can be a service in the service registry + // (e.g., a Kubernetes or cloud foundry service) or a service specified + // using a `ServiceEntry` or `VirtualService` configuration. Any + // associated `DestinationRule` in the same namespace will also be used. + // + // The `dnsName` should be specified using FQDN format, optionally including + // a wildcard character in the left-most component (e.g., `prod/*.example.com`). + // Set the `dnsName` to `*` to select all services from the specified namespace + // (e.g., `prod/*`). + // + // The `namespace` can be set to `*`, `.`, or `~`, representing any, the current, + // or no namespace, respectively. For example, `*/foo.example.com` selects the + // service from any available namespace while `./foo.example.com` only selects + // the service from the namespace of the sidecar. If a host is set to `*/*`, + // Istio will configure the sidecar to be able to reach every service in the + // mesh that is exported to the sidecar's namespace. The value `~/*` can be used + // to completely trim the configuration for sidecars that simply receive traffic + // and respond, but make no outbound connections of their own. + // + // NOTE: Only services and configuration artifacts exported to the sidecar's + // namespace (e.g., `exportTo` value of `*`) can be referenced. + // Private configurations (e.g., `exportTo` set to `.`) will + // not be available. Refer to the `exportTo` setting in `VirtualService`, + // `DestinationRule`, and `ServiceEntry` configurations for details. + Hosts []string `protobuf:"bytes,4,rep,name=hosts,proto3" json:"hosts,omitempty"` +} + +func (x *IstioEgressListener) Reset() { + *x = IstioEgressListener{} + mi := &file_networking_v1alpha3_sidecar_proto_msgTypes[2] + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + ms.StoreMessageInfo(mi) +} + +func (x *IstioEgressListener) String() string { + return protoimpl.X.MessageStringOf(x) +} + +func (*IstioEgressListener) ProtoMessage() {} + +func (x *IstioEgressListener) ProtoReflect() protoreflect.Message { + mi := &file_networking_v1alpha3_sidecar_proto_msgTypes[2] + if x != nil { + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + if ms.LoadMessageInfo() == nil { + ms.StoreMessageInfo(mi) + } + return ms + } + return mi.MessageOf(x) +} + +// Deprecated: Use IstioEgressListener.ProtoReflect.Descriptor instead. +func (*IstioEgressListener) Descriptor() ([]byte, []int) { + return file_networking_v1alpha3_sidecar_proto_rawDescGZIP(), []int{2} +} + +func (x *IstioEgressListener) GetPort() *SidecarPort { + if x != nil { + return x.Port + } + return nil +} + +func (x *IstioEgressListener) GetBind() string { + if x != nil { + return x.Bind + } + return "" +} + +func (x *IstioEgressListener) GetCaptureMode() CaptureMode { + if x != nil { + return x.CaptureMode + } + return CaptureMode_DEFAULT +} + +func (x *IstioEgressListener) GetHosts() []string { + if x != nil { + return x.Hosts + } + return nil +} + +// `WorkloadSelector` specifies the criteria used to determine if the +// `Gateway`, `Sidecar`, `EnvoyFilter`, `ServiceEntry`, or `DestinationRule` +// configuration can be applied to a proxy. The matching criteria +// includes the metadata associated with a proxy, workload instance +// info such as labels attached to the pod/VM, or any other info that +// the proxy provides to Istio during the initial handshake. If +// multiple conditions are specified, all conditions need to match in +// order for the workload instance to be selected. Currently, only +// label based selection mechanism is supported. +type WorkloadSelector struct { + state protoimpl.MessageState + sizeCache protoimpl.SizeCache + unknownFields protoimpl.UnknownFields + + // One or more labels that indicate a specific set of pods/VMs + // on which the configuration should be applied. The scope of + // label search is restricted to the configuration namespace in which the + // the resource is present. + // +kubebuilder:validation:MaxProperties=256 + // +protoc-gen-crd:map-value-validation:MaxLength=63 + // +protoc-gen-crd:map-value-validation:XValidation:message="wildcard is not supported in selector",rule="!self.contains('*')" + Labels map[string]string `protobuf:"bytes,1,rep,name=labels,proto3" json:"labels,omitempty" protobuf_key:"bytes,1,opt,name=key,proto3" protobuf_val:"bytes,2,opt,name=value,proto3"` +} + +func (x *WorkloadSelector) Reset() { + *x = WorkloadSelector{} + mi := &file_networking_v1alpha3_sidecar_proto_msgTypes[3] + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + ms.StoreMessageInfo(mi) +} + +func (x *WorkloadSelector) String() string { + return protoimpl.X.MessageStringOf(x) +} + +func (*WorkloadSelector) ProtoMessage() {} + +func (x *WorkloadSelector) ProtoReflect() protoreflect.Message { + mi := &file_networking_v1alpha3_sidecar_proto_msgTypes[3] + if x != nil { + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + if ms.LoadMessageInfo() == nil { + ms.StoreMessageInfo(mi) + } + return ms + } + return mi.MessageOf(x) +} + +// Deprecated: Use WorkloadSelector.ProtoReflect.Descriptor instead. +func (*WorkloadSelector) Descriptor() ([]byte, []int) { + return file_networking_v1alpha3_sidecar_proto_rawDescGZIP(), []int{3} +} + +func (x *WorkloadSelector) GetLabels() map[string]string { + if x != nil { + return x.Labels + } + return nil +} + +// `OutboundTrafficPolicy` sets the default behavior of the sidecar for +// handling unknown outbound traffic from the application. +type OutboundTrafficPolicy struct { + state protoimpl.MessageState + sizeCache protoimpl.SizeCache + unknownFields protoimpl.UnknownFields + + Mode OutboundTrafficPolicy_Mode `protobuf:"varint,1,opt,name=mode,proto3,enum=istio.networking.v1alpha3.OutboundTrafficPolicy_Mode" json:"mode,omitempty"` + // Specifies the details of the egress proxy to which unknown + // traffic should be forwarded to from the sidecar. Valid only if + // the mode is set to ALLOW_ANY. If not specified when the mode is + // ALLOW_ANY, the sidecar will send the unknown traffic directly to + // the IP requested by the application. + // + // ** NOTE 1**: The specified egress host must be imported in the + // egress section for the traffic forwarding to work. + // + // ** NOTE 2**: An Envoy based egress gateway is unlikely to be able + // to handle plain text TCP connections forwarded from the sidecar. + // Envoy's dynamic forward proxy can handle only HTTP and TLS + // connections. + // $hide_from_docs + EgressProxy *Destination `protobuf:"bytes,2,opt,name=egress_proxy,json=egressProxy,proto3" json:"egress_proxy,omitempty"` +} + +func (x *OutboundTrafficPolicy) Reset() { + *x = OutboundTrafficPolicy{} + mi := &file_networking_v1alpha3_sidecar_proto_msgTypes[4] + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + ms.StoreMessageInfo(mi) +} + +func (x *OutboundTrafficPolicy) String() string { + return protoimpl.X.MessageStringOf(x) +} + +func (*OutboundTrafficPolicy) ProtoMessage() {} + +func (x *OutboundTrafficPolicy) ProtoReflect() protoreflect.Message { + mi := &file_networking_v1alpha3_sidecar_proto_msgTypes[4] + if x != nil { + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + if ms.LoadMessageInfo() == nil { + ms.StoreMessageInfo(mi) + } + return ms + } + return mi.MessageOf(x) +} + +// Deprecated: Use OutboundTrafficPolicy.ProtoReflect.Descriptor instead. +func (*OutboundTrafficPolicy) Descriptor() ([]byte, []int) { + return file_networking_v1alpha3_sidecar_proto_rawDescGZIP(), []int{4} +} + +func (x *OutboundTrafficPolicy) GetMode() OutboundTrafficPolicy_Mode { + if x != nil { + return x.Mode + } + return OutboundTrafficPolicy_REGISTRY_ONLY +} + +func (x *OutboundTrafficPolicy) GetEgressProxy() *Destination { + if x != nil { + return x.EgressProxy + } + return nil +} + +// Port describes the properties of a specific port of a service. +type SidecarPort struct { + state protoimpl.MessageState + sizeCache protoimpl.SizeCache + unknownFields protoimpl.UnknownFields + + // A valid non-negative integer port number. + Number uint32 `protobuf:"varint,1,opt,name=number,proto3" json:"number,omitempty"` + // The protocol exposed on the port. + // MUST be one of HTTP|HTTPS|GRPC|HTTP2|MONGO|TCP|TLS. + // TLS can be either used to terminate non-HTTP based connections on a specific port + // or to route traffic based on SNI header to the destination without terminating the TLS connection. + Protocol string `protobuf:"bytes,2,opt,name=protocol,proto3" json:"protocol,omitempty"` + // Label assigned to the port. + Name string `protobuf:"bytes,3,opt,name=name,proto3" json:"name,omitempty"` + // Has no effect, only for backwards compatibility + // received. Applicable only when used with ServiceEntries. + // $hide_from_docs + // + // Deprecated: Marked as deprecated in networking/v1alpha3/sidecar.proto. + TargetPort uint32 `protobuf:"varint,4,opt,name=target_port,json=targetPort,proto3" json:"target_port,omitempty"` +} + +func (x *SidecarPort) Reset() { + *x = SidecarPort{} + mi := &file_networking_v1alpha3_sidecar_proto_msgTypes[5] + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + ms.StoreMessageInfo(mi) +} + +func (x *SidecarPort) String() string { + return protoimpl.X.MessageStringOf(x) +} + +func (*SidecarPort) ProtoMessage() {} + +func (x *SidecarPort) ProtoReflect() protoreflect.Message { + mi := &file_networking_v1alpha3_sidecar_proto_msgTypes[5] + if x != nil { + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + if ms.LoadMessageInfo() == nil { + ms.StoreMessageInfo(mi) + } + return ms + } + return mi.MessageOf(x) +} + +// Deprecated: Use SidecarPort.ProtoReflect.Descriptor instead. +func (*SidecarPort) Descriptor() ([]byte, []int) { + return file_networking_v1alpha3_sidecar_proto_rawDescGZIP(), []int{5} +} + +func (x *SidecarPort) GetNumber() uint32 { + if x != nil { + return x.Number + } + return 0 +} + +func (x *SidecarPort) GetProtocol() string { + if x != nil { + return x.Protocol + } + return "" +} + +func (x *SidecarPort) GetName() string { + if x != nil { + return x.Name + } + return "" +} + +// Deprecated: Marked as deprecated in networking/v1alpha3/sidecar.proto. +func (x *SidecarPort) GetTargetPort() uint32 { + if x != nil { + return x.TargetPort + } + return 0 +} + +var File_networking_v1alpha3_sidecar_proto protoreflect.FileDescriptor + +var file_networking_v1alpha3_sidecar_proto_rawDesc = []byte{ + 0x0a, 0x21, 0x6e, 0x65, 0x74, 0x77, 0x6f, 0x72, 0x6b, 0x69, 0x6e, 0x67, 0x2f, 0x76, 0x31, 0x61, + 0x6c, 0x70, 0x68, 0x61, 0x33, 0x2f, 0x73, 0x69, 0x64, 0x65, 0x63, 0x61, 0x72, 0x2e, 0x70, 0x72, + 0x6f, 0x74, 0x6f, 0x12, 0x19, 0x69, 0x73, 0x74, 0x69, 0x6f, 0x2e, 0x6e, 0x65, 0x74, 0x77, 0x6f, + 0x72, 0x6b, 0x69, 0x6e, 0x67, 0x2e, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x33, 0x1a, 0x1f, + 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2f, 0x61, 0x70, 0x69, 0x2f, 0x66, 0x69, 0x65, 0x6c, 0x64, + 0x5f, 0x62, 0x65, 0x68, 0x61, 0x76, 0x69, 0x6f, 0x72, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x1a, + 0x2a, 0x6e, 0x65, 0x74, 0x77, 0x6f, 0x72, 0x6b, 0x69, 0x6e, 0x67, 0x2f, 0x76, 0x31, 0x61, 0x6c, + 0x70, 0x68, 0x61, 0x33, 0x2f, 0x64, 0x65, 0x73, 0x74, 0x69, 0x6e, 0x61, 0x74, 0x69, 0x6f, 0x6e, + 0x5f, 0x72, 0x75, 0x6c, 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x1a, 0x21, 0x6e, 0x65, 0x74, + 0x77, 0x6f, 0x72, 0x6b, 0x69, 0x6e, 0x67, 0x2f, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x33, + 0x2f, 0x67, 0x61, 0x74, 0x65, 0x77, 0x61, 0x79, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x1a, 0x29, + 0x6e, 0x65, 0x74, 0x77, 0x6f, 0x72, 0x6b, 0x69, 0x6e, 0x67, 0x2f, 0x76, 0x31, 0x61, 0x6c, 0x70, + 0x68, 0x61, 0x33, 0x2f, 0x76, 0x69, 0x72, 0x74, 0x75, 0x61, 0x6c, 0x5f, 0x73, 0x65, 0x72, 0x76, + 0x69, 0x63, 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x22, 0xe2, 0x03, 0x0a, 0x07, 0x53, 0x69, + 0x64, 0x65, 0x63, 0x61, 0x72, 0x12, 0x58, 0x0a, 0x11, 0x77, 0x6f, 0x72, 0x6b, 0x6c, 0x6f, 0x61, + 0x64, 0x5f, 0x73, 0x65, 0x6c, 0x65, 0x63, 0x74, 0x6f, 0x72, 0x18, 0x01, 0x20, 0x01, 0x28, 0x0b, + 0x32, 0x2b, 0x2e, 0x69, 0x73, 0x74, 0x69, 0x6f, 0x2e, 0x6e, 0x65, 0x74, 0x77, 0x6f, 0x72, 0x6b, + 0x69, 0x6e, 0x67, 0x2e, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x33, 0x2e, 0x57, 0x6f, 0x72, + 0x6b, 0x6c, 0x6f, 0x61, 0x64, 0x53, 0x65, 0x6c, 0x65, 0x63, 0x74, 0x6f, 0x72, 0x52, 0x10, 0x77, + 0x6f, 0x72, 0x6b, 0x6c, 0x6f, 0x61, 0x64, 0x53, 0x65, 0x6c, 0x65, 0x63, 0x74, 0x6f, 0x72, 0x12, + 0x49, 0x0a, 0x07, 0x69, 0x6e, 0x67, 0x72, 0x65, 0x73, 0x73, 0x18, 0x02, 0x20, 0x03, 0x28, 0x0b, + 0x32, 0x2f, 0x2e, 0x69, 0x73, 0x74, 0x69, 0x6f, 0x2e, 0x6e, 0x65, 0x74, 0x77, 0x6f, 0x72, 0x6b, + 0x69, 0x6e, 0x67, 0x2e, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x33, 0x2e, 0x49, 0x73, 0x74, + 0x69, 0x6f, 0x49, 0x6e, 0x67, 0x72, 0x65, 0x73, 0x73, 0x4c, 0x69, 0x73, 0x74, 0x65, 0x6e, 0x65, + 0x72, 0x52, 0x07, 0x69, 0x6e, 0x67, 0x72, 0x65, 0x73, 0x73, 0x12, 0x46, 0x0a, 0x06, 0x65, 0x67, + 0x72, 0x65, 0x73, 0x73, 0x18, 0x03, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x2e, 0x2e, 0x69, 0x73, 0x74, + 0x69, 0x6f, 0x2e, 0x6e, 0x65, 0x74, 0x77, 0x6f, 0x72, 0x6b, 0x69, 0x6e, 0x67, 0x2e, 0x76, 0x31, + 0x61, 0x6c, 0x70, 0x68, 0x61, 0x33, 0x2e, 0x49, 0x73, 0x74, 0x69, 0x6f, 0x45, 0x67, 0x72, 0x65, + 0x73, 0x73, 0x4c, 0x69, 0x73, 0x74, 0x65, 0x6e, 0x65, 0x72, 0x52, 0x06, 0x65, 0x67, 0x72, 0x65, + 0x73, 0x73, 0x12, 0x69, 0x0a, 0x17, 0x69, 0x6e, 0x62, 0x6f, 0x75, 0x6e, 0x64, 0x5f, 0x63, 0x6f, + 0x6e, 0x6e, 0x65, 0x63, 0x74, 0x69, 0x6f, 0x6e, 0x5f, 0x70, 0x6f, 0x6f, 0x6c, 0x18, 0x07, 0x20, + 0x01, 0x28, 0x0b, 0x32, 0x31, 0x2e, 0x69, 0x73, 0x74, 0x69, 0x6f, 0x2e, 0x6e, 0x65, 0x74, 0x77, + 0x6f, 0x72, 0x6b, 0x69, 0x6e, 0x67, 0x2e, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x33, 0x2e, + 0x43, 0x6f, 0x6e, 0x6e, 0x65, 0x63, 0x74, 0x69, 0x6f, 0x6e, 0x50, 0x6f, 0x6f, 0x6c, 0x53, 0x65, + 0x74, 0x74, 0x69, 0x6e, 0x67, 0x73, 0x52, 0x15, 0x69, 0x6e, 0x62, 0x6f, 0x75, 0x6e, 0x64, 0x43, + 0x6f, 0x6e, 0x6e, 0x65, 0x63, 0x74, 0x69, 0x6f, 0x6e, 0x50, 0x6f, 0x6f, 0x6c, 0x12, 0x68, 0x0a, + 0x17, 0x6f, 0x75, 0x74, 0x62, 0x6f, 0x75, 0x6e, 0x64, 0x5f, 0x74, 0x72, 0x61, 0x66, 0x66, 0x69, + 0x63, 0x5f, 0x70, 0x6f, 0x6c, 0x69, 0x63, 0x79, 0x18, 0x04, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x30, + 0x2e, 0x69, 0x73, 0x74, 0x69, 0x6f, 0x2e, 0x6e, 0x65, 0x74, 0x77, 0x6f, 0x72, 0x6b, 0x69, 0x6e, + 0x67, 0x2e, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x33, 0x2e, 0x4f, 0x75, 0x74, 0x62, 0x6f, + 0x75, 0x6e, 0x64, 0x54, 0x72, 0x61, 0x66, 0x66, 0x69, 0x63, 0x50, 0x6f, 0x6c, 0x69, 0x63, 0x79, + 0x52, 0x15, 0x6f, 0x75, 0x74, 0x62, 0x6f, 0x75, 0x6e, 0x64, 0x54, 0x72, 0x61, 0x66, 0x66, 0x69, + 0x63, 0x50, 0x6f, 0x6c, 0x69, 0x63, 0x79, 0x4a, 0x04, 0x08, 0x05, 0x10, 0x06, 0x4a, 0x04, 0x08, + 0x06, 0x10, 0x07, 0x52, 0x09, 0x6c, 0x6f, 0x63, 0x61, 0x6c, 0x68, 0x6f, 0x73, 0x74, 0x22, 0xa0, + 0x03, 0x0a, 0x14, 0x49, 0x73, 0x74, 0x69, 0x6f, 0x49, 0x6e, 0x67, 0x72, 0x65, 0x73, 0x73, 0x4c, + 0x69, 0x73, 0x74, 0x65, 0x6e, 0x65, 0x72, 0x12, 0x40, 0x0a, 0x04, 0x70, 0x6f, 0x72, 0x74, 0x18, + 0x01, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x26, 0x2e, 0x69, 0x73, 0x74, 0x69, 0x6f, 0x2e, 0x6e, 0x65, + 0x74, 0x77, 0x6f, 0x72, 0x6b, 0x69, 0x6e, 0x67, 0x2e, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, + 0x33, 0x2e, 0x53, 0x69, 0x64, 0x65, 0x63, 0x61, 0x72, 0x50, 0x6f, 0x72, 0x74, 0x42, 0x04, 0xe2, + 0x41, 0x01, 0x02, 0x52, 0x04, 0x70, 0x6f, 0x72, 0x74, 0x12, 0x12, 0x0a, 0x04, 0x62, 0x69, 0x6e, + 0x64, 0x18, 0x02, 0x20, 0x01, 0x28, 0x09, 0x52, 0x04, 0x62, 0x69, 0x6e, 0x64, 0x12, 0x49, 0x0a, + 0x0c, 0x63, 0x61, 0x70, 0x74, 0x75, 0x72, 0x65, 0x5f, 0x6d, 0x6f, 0x64, 0x65, 0x18, 0x03, 0x20, + 0x01, 0x28, 0x0e, 0x32, 0x26, 0x2e, 0x69, 0x73, 0x74, 0x69, 0x6f, 0x2e, 0x6e, 0x65, 0x74, 0x77, + 0x6f, 0x72, 0x6b, 0x69, 0x6e, 0x67, 0x2e, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x33, 0x2e, + 0x43, 0x61, 0x70, 0x74, 0x75, 0x72, 0x65, 0x4d, 0x6f, 0x64, 0x65, 0x52, 0x0b, 0x63, 0x61, 0x70, + 0x74, 0x75, 0x72, 0x65, 0x4d, 0x6f, 0x64, 0x65, 0x12, 0x29, 0x0a, 0x10, 0x64, 0x65, 0x66, 0x61, + 0x75, 0x6c, 0x74, 0x5f, 0x65, 0x6e, 0x64, 0x70, 0x6f, 0x69, 0x6e, 0x74, 0x18, 0x04, 0x20, 0x01, + 0x28, 0x09, 0x52, 0x0f, 0x64, 0x65, 0x66, 0x61, 0x75, 0x6c, 0x74, 0x45, 0x6e, 0x64, 0x70, 0x6f, + 0x69, 0x6e, 0x74, 0x12, 0x3e, 0x0a, 0x03, 0x74, 0x6c, 0x73, 0x18, 0x07, 0x20, 0x01, 0x28, 0x0b, + 0x32, 0x2c, 0x2e, 0x69, 0x73, 0x74, 0x69, 0x6f, 0x2e, 0x6e, 0x65, 0x74, 0x77, 0x6f, 0x72, 0x6b, + 0x69, 0x6e, 0x67, 0x2e, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x33, 0x2e, 0x53, 0x65, 0x72, + 0x76, 0x65, 0x72, 0x54, 0x4c, 0x53, 0x53, 0x65, 0x74, 0x74, 0x69, 0x6e, 0x67, 0x73, 0x52, 0x03, + 0x74, 0x6c, 0x73, 0x12, 0x5a, 0x0a, 0x0f, 0x63, 0x6f, 0x6e, 0x6e, 0x65, 0x63, 0x74, 0x69, 0x6f, + 0x6e, 0x5f, 0x70, 0x6f, 0x6f, 0x6c, 0x18, 0x08, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x31, 0x2e, 0x69, + 0x73, 0x74, 0x69, 0x6f, 0x2e, 0x6e, 0x65, 0x74, 0x77, 0x6f, 0x72, 0x6b, 0x69, 0x6e, 0x67, 0x2e, + 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x33, 0x2e, 0x43, 0x6f, 0x6e, 0x6e, 0x65, 0x63, 0x74, + 0x69, 0x6f, 0x6e, 0x50, 0x6f, 0x6f, 0x6c, 0x53, 0x65, 0x74, 0x74, 0x69, 0x6e, 0x67, 0x73, 0x52, + 0x0e, 0x63, 0x6f, 0x6e, 0x6e, 0x65, 0x63, 0x74, 0x69, 0x6f, 0x6e, 0x50, 0x6f, 0x6f, 0x6c, 0x4a, + 0x04, 0x08, 0x05, 0x10, 0x06, 0x4a, 0x04, 0x08, 0x06, 0x10, 0x07, 0x52, 0x14, 0x6c, 0x6f, 0x63, + 0x61, 0x6c, 0x68, 0x6f, 0x73, 0x74, 0x5f, 0x63, 0x6c, 0x69, 0x65, 0x6e, 0x74, 0x5f, 0x74, 0x6c, + 0x73, 0x22, 0xee, 0x01, 0x0a, 0x13, 0x49, 0x73, 0x74, 0x69, 0x6f, 0x45, 0x67, 0x72, 0x65, 0x73, + 0x73, 0x4c, 0x69, 0x73, 0x74, 0x65, 0x6e, 0x65, 0x72, 0x12, 0x3a, 0x0a, 0x04, 0x70, 0x6f, 0x72, + 0x74, 0x18, 0x01, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x26, 0x2e, 0x69, 0x73, 0x74, 0x69, 0x6f, 0x2e, + 0x6e, 0x65, 0x74, 0x77, 0x6f, 0x72, 0x6b, 0x69, 0x6e, 0x67, 0x2e, 0x76, 0x31, 0x61, 0x6c, 0x70, + 0x68, 0x61, 0x33, 0x2e, 0x53, 0x69, 0x64, 0x65, 0x63, 0x61, 0x72, 0x50, 0x6f, 0x72, 0x74, 0x52, + 0x04, 0x70, 0x6f, 0x72, 0x74, 0x12, 0x12, 0x0a, 0x04, 0x62, 0x69, 0x6e, 0x64, 0x18, 0x02, 0x20, + 0x01, 0x28, 0x09, 0x52, 0x04, 0x62, 0x69, 0x6e, 0x64, 0x12, 0x49, 0x0a, 0x0c, 0x63, 0x61, 0x70, + 0x74, 0x75, 0x72, 0x65, 0x5f, 0x6d, 0x6f, 0x64, 0x65, 0x18, 0x03, 0x20, 0x01, 0x28, 0x0e, 0x32, + 0x26, 0x2e, 0x69, 0x73, 0x74, 0x69, 0x6f, 0x2e, 0x6e, 0x65, 0x74, 0x77, 0x6f, 0x72, 0x6b, 0x69, + 0x6e, 0x67, 0x2e, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x33, 0x2e, 0x43, 0x61, 0x70, 0x74, + 0x75, 0x72, 0x65, 0x4d, 0x6f, 0x64, 0x65, 0x52, 0x0b, 0x63, 0x61, 0x70, 0x74, 0x75, 0x72, 0x65, + 0x4d, 0x6f, 0x64, 0x65, 0x12, 0x1a, 0x0a, 0x05, 0x68, 0x6f, 0x73, 0x74, 0x73, 0x18, 0x04, 0x20, + 0x03, 0x28, 0x09, 0x42, 0x04, 0xe2, 0x41, 0x01, 0x02, 0x52, 0x05, 0x68, 0x6f, 0x73, 0x74, 0x73, + 0x4a, 0x04, 0x08, 0x05, 0x10, 0x06, 0x4a, 0x04, 0x08, 0x06, 0x10, 0x07, 0x52, 0x14, 0x6c, 0x6f, + 0x63, 0x61, 0x6c, 0x68, 0x6f, 0x73, 0x74, 0x5f, 0x73, 0x65, 0x72, 0x76, 0x65, 0x72, 0x5f, 0x74, + 0x6c, 0x73, 0x22, 0x9e, 0x01, 0x0a, 0x10, 0x57, 0x6f, 0x72, 0x6b, 0x6c, 0x6f, 0x61, 0x64, 0x53, + 0x65, 0x6c, 0x65, 0x63, 0x74, 0x6f, 0x72, 0x12, 0x4f, 0x0a, 0x06, 0x6c, 0x61, 0x62, 0x65, 0x6c, + 0x73, 0x18, 0x01, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x37, 0x2e, 0x69, 0x73, 0x74, 0x69, 0x6f, 0x2e, + 0x6e, 0x65, 0x74, 0x77, 0x6f, 0x72, 0x6b, 0x69, 0x6e, 0x67, 0x2e, 0x76, 0x31, 0x61, 0x6c, 0x70, + 0x68, 0x61, 0x33, 0x2e, 0x57, 0x6f, 0x72, 0x6b, 0x6c, 0x6f, 0x61, 0x64, 0x53, 0x65, 0x6c, 0x65, + 0x63, 0x74, 0x6f, 0x72, 0x2e, 0x4c, 0x61, 0x62, 0x65, 0x6c, 0x73, 0x45, 0x6e, 0x74, 0x72, 0x79, + 0x52, 0x06, 0x6c, 0x61, 0x62, 0x65, 0x6c, 0x73, 0x1a, 0x39, 0x0a, 0x0b, 0x4c, 0x61, 0x62, 0x65, + 0x6c, 0x73, 0x45, 0x6e, 0x74, 0x72, 0x79, 0x12, 0x10, 0x0a, 0x03, 0x6b, 0x65, 0x79, 0x18, 0x01, + 0x20, 0x01, 0x28, 0x09, 0x52, 0x03, 0x6b, 0x65, 0x79, 0x12, 0x14, 0x0a, 0x05, 0x76, 0x61, 0x6c, + 0x75, 0x65, 0x18, 0x02, 0x20, 0x01, 0x28, 0x09, 0x52, 0x05, 0x76, 0x61, 0x6c, 0x75, 0x65, 0x3a, + 0x02, 0x38, 0x01, 0x22, 0xd7, 0x01, 0x0a, 0x15, 0x4f, 0x75, 0x74, 0x62, 0x6f, 0x75, 0x6e, 0x64, + 0x54, 0x72, 0x61, 0x66, 0x66, 0x69, 0x63, 0x50, 0x6f, 0x6c, 0x69, 0x63, 0x79, 0x12, 0x49, 0x0a, + 0x04, 0x6d, 0x6f, 0x64, 0x65, 0x18, 0x01, 0x20, 0x01, 0x28, 0x0e, 0x32, 0x35, 0x2e, 0x69, 0x73, + 0x74, 0x69, 0x6f, 0x2e, 0x6e, 0x65, 0x74, 0x77, 0x6f, 0x72, 0x6b, 0x69, 0x6e, 0x67, 0x2e, 0x76, + 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x33, 0x2e, 0x4f, 0x75, 0x74, 0x62, 0x6f, 0x75, 0x6e, 0x64, + 0x54, 0x72, 0x61, 0x66, 0x66, 0x69, 0x63, 0x50, 0x6f, 0x6c, 0x69, 0x63, 0x79, 0x2e, 0x4d, 0x6f, + 0x64, 0x65, 0x52, 0x04, 0x6d, 0x6f, 0x64, 0x65, 0x12, 0x49, 0x0a, 0x0c, 0x65, 0x67, 0x72, 0x65, + 0x73, 0x73, 0x5f, 0x70, 0x72, 0x6f, 0x78, 0x79, 0x18, 0x02, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x26, + 0x2e, 0x69, 0x73, 0x74, 0x69, 0x6f, 0x2e, 0x6e, 0x65, 0x74, 0x77, 0x6f, 0x72, 0x6b, 0x69, 0x6e, + 0x67, 0x2e, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x33, 0x2e, 0x44, 0x65, 0x73, 0x74, 0x69, + 0x6e, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x52, 0x0b, 0x65, 0x67, 0x72, 0x65, 0x73, 0x73, 0x50, 0x72, + 0x6f, 0x78, 0x79, 0x22, 0x28, 0x0a, 0x04, 0x4d, 0x6f, 0x64, 0x65, 0x12, 0x11, 0x0a, 0x0d, 0x52, + 0x45, 0x47, 0x49, 0x53, 0x54, 0x52, 0x59, 0x5f, 0x4f, 0x4e, 0x4c, 0x59, 0x10, 0x00, 0x12, 0x0d, + 0x0a, 0x09, 0x41, 0x4c, 0x4c, 0x4f, 0x57, 0x5f, 0x41, 0x4e, 0x59, 0x10, 0x01, 0x22, 0x7a, 0x0a, + 0x0b, 0x53, 0x69, 0x64, 0x65, 0x63, 0x61, 0x72, 0x50, 0x6f, 0x72, 0x74, 0x12, 0x16, 0x0a, 0x06, + 0x6e, 0x75, 0x6d, 0x62, 0x65, 0x72, 0x18, 0x01, 0x20, 0x01, 0x28, 0x0d, 0x52, 0x06, 0x6e, 0x75, + 0x6d, 0x62, 0x65, 0x72, 0x12, 0x1a, 0x0a, 0x08, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x63, 0x6f, 0x6c, + 0x18, 0x02, 0x20, 0x01, 0x28, 0x09, 0x52, 0x08, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x63, 0x6f, 0x6c, + 0x12, 0x12, 0x0a, 0x04, 0x6e, 0x61, 0x6d, 0x65, 0x18, 0x03, 0x20, 0x01, 0x28, 0x09, 0x52, 0x04, + 0x6e, 0x61, 0x6d, 0x65, 0x12, 0x23, 0x0a, 0x0b, 0x74, 0x61, 0x72, 0x67, 0x65, 0x74, 0x5f, 0x70, + 0x6f, 0x72, 0x74, 0x18, 0x04, 0x20, 0x01, 0x28, 0x0d, 0x42, 0x02, 0x18, 0x01, 0x52, 0x0a, 0x74, + 0x61, 0x72, 0x67, 0x65, 0x74, 0x50, 0x6f, 0x72, 0x74, 0x2a, 0x32, 0x0a, 0x0b, 0x43, 0x61, 0x70, + 0x74, 0x75, 0x72, 0x65, 0x4d, 0x6f, 0x64, 0x65, 0x12, 0x0b, 0x0a, 0x07, 0x44, 0x45, 0x46, 0x41, + 0x55, 0x4c, 0x54, 0x10, 0x00, 0x12, 0x0c, 0x0a, 0x08, 0x49, 0x50, 0x54, 0x41, 0x42, 0x4c, 0x45, + 0x53, 0x10, 0x01, 0x12, 0x08, 0x0a, 0x04, 0x4e, 0x4f, 0x4e, 0x45, 0x10, 0x02, 0x42, 0x22, 0x5a, + 0x20, 0x69, 0x73, 0x74, 0x69, 0x6f, 0x2e, 0x69, 0x6f, 0x2f, 0x61, 0x70, 0x69, 0x2f, 0x6e, 0x65, + 0x74, 0x77, 0x6f, 0x72, 0x6b, 0x69, 0x6e, 0x67, 0x2f, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, + 0x33, 0x62, 0x06, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x33, +} + +var ( + file_networking_v1alpha3_sidecar_proto_rawDescOnce sync.Once + file_networking_v1alpha3_sidecar_proto_rawDescData = file_networking_v1alpha3_sidecar_proto_rawDesc +) + +func file_networking_v1alpha3_sidecar_proto_rawDescGZIP() []byte { + file_networking_v1alpha3_sidecar_proto_rawDescOnce.Do(func() { + file_networking_v1alpha3_sidecar_proto_rawDescData = protoimpl.X.CompressGZIP(file_networking_v1alpha3_sidecar_proto_rawDescData) + }) + return file_networking_v1alpha3_sidecar_proto_rawDescData +} + +var file_networking_v1alpha3_sidecar_proto_enumTypes = make([]protoimpl.EnumInfo, 2) +var file_networking_v1alpha3_sidecar_proto_msgTypes = make([]protoimpl.MessageInfo, 7) +var file_networking_v1alpha3_sidecar_proto_goTypes = []any{ + (CaptureMode)(0), // 0: istio.networking.v1alpha3.CaptureMode + (OutboundTrafficPolicy_Mode)(0), // 1: istio.networking.v1alpha3.OutboundTrafficPolicy.Mode + (*Sidecar)(nil), // 2: istio.networking.v1alpha3.Sidecar + (*IstioIngressListener)(nil), // 3: istio.networking.v1alpha3.IstioIngressListener + (*IstioEgressListener)(nil), // 4: istio.networking.v1alpha3.IstioEgressListener + (*WorkloadSelector)(nil), // 5: istio.networking.v1alpha3.WorkloadSelector + (*OutboundTrafficPolicy)(nil), // 6: istio.networking.v1alpha3.OutboundTrafficPolicy + (*SidecarPort)(nil), // 7: istio.networking.v1alpha3.SidecarPort + nil, // 8: istio.networking.v1alpha3.WorkloadSelector.LabelsEntry + (*ConnectionPoolSettings)(nil), // 9: istio.networking.v1alpha3.ConnectionPoolSettings + (*ServerTLSSettings)(nil), // 10: istio.networking.v1alpha3.ServerTLSSettings + (*Destination)(nil), // 11: istio.networking.v1alpha3.Destination +} +var file_networking_v1alpha3_sidecar_proto_depIdxs = []int32{ + 5, // 0: istio.networking.v1alpha3.Sidecar.workload_selector:type_name -> istio.networking.v1alpha3.WorkloadSelector + 3, // 1: istio.networking.v1alpha3.Sidecar.ingress:type_name -> istio.networking.v1alpha3.IstioIngressListener + 4, // 2: istio.networking.v1alpha3.Sidecar.egress:type_name -> istio.networking.v1alpha3.IstioEgressListener + 9, // 3: istio.networking.v1alpha3.Sidecar.inbound_connection_pool:type_name -> istio.networking.v1alpha3.ConnectionPoolSettings + 6, // 4: istio.networking.v1alpha3.Sidecar.outbound_traffic_policy:type_name -> istio.networking.v1alpha3.OutboundTrafficPolicy + 7, // 5: istio.networking.v1alpha3.IstioIngressListener.port:type_name -> istio.networking.v1alpha3.SidecarPort + 0, // 6: istio.networking.v1alpha3.IstioIngressListener.capture_mode:type_name -> istio.networking.v1alpha3.CaptureMode + 10, // 7: istio.networking.v1alpha3.IstioIngressListener.tls:type_name -> istio.networking.v1alpha3.ServerTLSSettings + 9, // 8: istio.networking.v1alpha3.IstioIngressListener.connection_pool:type_name -> istio.networking.v1alpha3.ConnectionPoolSettings + 7, // 9: istio.networking.v1alpha3.IstioEgressListener.port:type_name -> istio.networking.v1alpha3.SidecarPort + 0, // 10: istio.networking.v1alpha3.IstioEgressListener.capture_mode:type_name -> istio.networking.v1alpha3.CaptureMode + 8, // 11: istio.networking.v1alpha3.WorkloadSelector.labels:type_name -> istio.networking.v1alpha3.WorkloadSelector.LabelsEntry + 1, // 12: istio.networking.v1alpha3.OutboundTrafficPolicy.mode:type_name -> istio.networking.v1alpha3.OutboundTrafficPolicy.Mode + 11, // 13: istio.networking.v1alpha3.OutboundTrafficPolicy.egress_proxy:type_name -> istio.networking.v1alpha3.Destination + 14, // [14:14] is the sub-list for method output_type + 14, // [14:14] is the sub-list for method input_type + 14, // [14:14] is the sub-list for extension type_name + 14, // [14:14] is the sub-list for extension extendee + 0, // [0:14] is the sub-list for field type_name +} + +func init() { file_networking_v1alpha3_sidecar_proto_init() } +func file_networking_v1alpha3_sidecar_proto_init() { + if File_networking_v1alpha3_sidecar_proto != nil { + return + } + file_networking_v1alpha3_destination_rule_proto_init() + file_networking_v1alpha3_gateway_proto_init() + file_networking_v1alpha3_virtual_service_proto_init() + type x struct{} + out := protoimpl.TypeBuilder{ + File: protoimpl.DescBuilder{ + GoPackagePath: reflect.TypeOf(x{}).PkgPath(), + RawDescriptor: file_networking_v1alpha3_sidecar_proto_rawDesc, + NumEnums: 2, + NumMessages: 7, + NumExtensions: 0, + NumServices: 0, + }, + GoTypes: file_networking_v1alpha3_sidecar_proto_goTypes, + DependencyIndexes: file_networking_v1alpha3_sidecar_proto_depIdxs, + EnumInfos: file_networking_v1alpha3_sidecar_proto_enumTypes, + MessageInfos: file_networking_v1alpha3_sidecar_proto_msgTypes, + }.Build() + File_networking_v1alpha3_sidecar_proto = out.File + file_networking_v1alpha3_sidecar_proto_rawDesc = nil + file_networking_v1alpha3_sidecar_proto_goTypes = nil + file_networking_v1alpha3_sidecar_proto_depIdxs = nil +} diff --git a/vendor/istio.io/api/networking/v1alpha3/sidecar.pb.html b/vendor/istio.io/api/networking/v1alpha3/sidecar.pb.html new file mode 100644 index 000000000..a4d72f07b --- /dev/null +++ b/vendor/istio.io/api/networking/v1alpha3/sidecar.pb.html @@ -0,0 +1,764 @@ +--- +title: Sidecar +description: Configuration affecting network reachability of a sidecar. +location: https://istio.io/docs/reference/config/networking/sidecar.html +layout: protoc-gen-docs +generator: protoc-gen-docs +schema: istio.networking.v1alpha3.Sidecar +aliases: [/docs/reference/config/networking/v1alpha3/sidecar] +number_of_entries: 8 +--- +

Sidecar describes the configuration of the sidecar proxy that mediates +inbound and outbound communication to the workload instance it is attached to. By +default, Istio will program all sidecar proxies in the mesh with the +necessary configuration required to reach every workload instance in the mesh, as +well as accept traffic on all the ports associated with the +workload. The Sidecar configuration provides a way to fine tune the set of +ports, protocols that the proxy will accept when forwarding traffic to +and from the workload.

+

One the common usages of Sidecar is to limit the set of configuration for outbound traffic. +This configuration scoping, among other options, is useful to prune +out unneeded configuration, to improve scalability of the mesh. +A common misunderstanding is that restricting the configuration amounts to blocking the traffic. +If requests are sent to destinations not included in the scoping, the traffic will be treated as +unmatched traffic, which is often still allowed. +The sidecar is not able to enforce an outbound traffic restriction (see Egress Gateways for how to achieve this).

+

Services and configuration in a mesh are organized into one or more +namespaces (e.g., a Kubernetes namespace or a CF org/space). A Sidecar +configuration in a namespace will apply to one or more workload instances in the same +namespace, selected using the workloadSelector field. In the absence of a +workloadSelector, it will apply to all workload instances in the same +namespace. When determining the Sidecar configuration to be applied to a +workload instance, preference will be given to the resource with a +workloadSelector that selects this workload instance, over a Sidecar configuration +without any workloadSelector.

+

NOTE 1: Each namespace can have only one Sidecar +configuration without any workloadSelector that specifies the +default for all pods in that namespace. It is recommended to use +the name default for the namespace-wide sidecar. The behavior of +the system is undefined if more than one selector-less Sidecar +configurations exist in a given namespace. The behavior of the +system is undefined if two or more Sidecar configurations with a +workloadSelector select the same workload instance.

+

NOTE 2: A Sidecar configuration in the MeshConfig +root namespace +will be applied by default to all namespaces without a Sidecar +configuration. This global default Sidecar configuration should not have +any workloadSelector.

+

NOTE 3: A Sidecar is not applicable to gateways, even though gateways are istio-proxies.

+

The example below declares a global default Sidecar configuration +in the root namespace called istio-config, that configures +sidecars in all namespaces to configure egress traffic only to other +workloads in the same namespace as well as to services in the +istio-system namespace.

+
apiVersion: networking.istio.io/v1
+kind: Sidecar
+metadata:
+  name: default
+  namespace: istio-config
+spec:
+  egress:
+  - hosts:
+    - "./*"
+    - "istio-system/*"
+
+

The example below declares a Sidecar configuration in the +prod-us1 namespace that overrides the global default defined +above, and configures the sidecars in the namespace to configure egress +traffic to public services in the prod-us1, prod-apis, and the +istio-system namespaces.

+
apiVersion: networking.istio.io/v1
+kind: Sidecar
+metadata:
+  name: default
+  namespace: prod-us1
+spec:
+  egress:
+  - hosts:
+    - "prod-us1/*"
+    - "prod-apis/*"
+    - "istio-system/*"
+
+

The following example declares a Sidecar configuration in the +prod-us1 namespace for all pods with labels app: ratings +belonging to the ratings.prod-us1 service. The workload accepts +inbound HTTP traffic on port 9080. The traffic is then forwarded to +the attached workload instance listening on a Unix domain +socket. In the egress direction, in addition to the istio-system +namespace, the sidecar proxies only HTTP traffic bound for port +9080 for services in the prod-us1 namespace.

+
apiVersion: networking.istio.io/v1
+kind: Sidecar
+metadata:
+  name: ratings
+  namespace: prod-us1
+spec:
+  workloadSelector:
+    labels:
+      app: ratings
+  ingress:
+  - port:
+      number: 9080
+      protocol: HTTP
+      name: somename
+    defaultEndpoint: unix:///var/run/someuds.sock
+  egress:
+  - port:
+      number: 9080
+      protocol: HTTP
+      name: egresshttp
+    hosts:
+    - "prod-us1/*"
+  - hosts:
+    - "istio-system/*"
+
+

If the workload is deployed without IPTables-based traffic capture, +the Sidecar configuration is the only way to configure the ports +on the proxy attached to the workload instance. The following +example declares a Sidecar configuration in the prod-us1 +namespace for all pods with labels app: productpage belonging to +the productpage.prod-us1 service. Assuming that these pods are +deployed without IPtable rules (i.e. the istio-init container) +and the proxy metadata ISTIO_META_INTERCEPTION_MODE is set to +NONE, the specification, below, allows such pods to receive HTTP +traffic on port 9080 (wrapped inside Istio mutual TLS) and forward +it to the application listening on 127.0.0.1:8080. It also allows +the application to communicate with a backing MySQL database on +127.0.0.1:3306, that then gets proxied to the externally hosted +MySQL service at mysql.foo.com:3306.

+
apiVersion: networking.istio.io/v1
+kind: Sidecar
+metadata:
+  name: no-ip-tables
+  namespace: prod-us1
+spec:
+  workloadSelector:
+    labels:
+      app: productpage
+  ingress:
+  - port:
+      number: 9080 # binds to proxy_instance_ip:9080 (0.0.0.0:9080, if no unicast IP is available for the instance)
+      protocol: HTTP
+      name: somename
+    defaultEndpoint: 127.0.0.1:8080
+    captureMode: NONE # not needed if metadata is set for entire proxy
+  egress:
+  - port:
+      number: 3306
+      protocol: MYSQL
+      name: egressmysql
+    captureMode: NONE # not needed if metadata is set for entire proxy
+    bind: 127.0.0.1
+    hosts:
+    - "*/mysql.foo.com"
+
+

And the associated service entry for routing to mysql.foo.com:3306

+
apiVersion: networking.istio.io/v1
+kind: ServiceEntry
+metadata:
+  name: external-svc-mysql
+  namespace: ns1
+spec:
+  hosts:
+  - mysql.foo.com
+  ports:
+  - number: 3306
+    name: mysql
+    protocol: MYSQL
+  location: MESH_EXTERNAL
+  resolution: DNS
+
+

It is also possible to mix and match traffic capture modes in a single +proxy. For example, consider a setup where internal services are on the +192.168.0.0/16 subnet. So, IP tables are setup on the VM to capture all +outbound traffic on 192.168.0.0/16 subnet. Assume that the VM has an +additional network interface on 172.16.0.0/16 subnet for inbound +traffic. The following Sidecar configuration allows the VM to expose a +listener on 172.16.1.32:80 (the VM’s IP) for traffic arriving from the +172.16.0.0/16 subnet.

+

NOTE: The ISTIO_META_INTERCEPTION_MODE metadata on the +proxy in the VM should contain REDIRECT or TPROXY as its value, +implying that IP tables based traffic capture is active.

+
apiVersion: networking.istio.io/v1
+kind: Sidecar
+metadata:
+  name: partial-ip-tables
+  namespace: prod-us1
+spec:
+  workloadSelector:
+    labels:
+      app: productpage
+  ingress:
+  - bind: 172.16.1.32
+    port:
+      number: 80 # binds to 172.16.1.32:80
+      protocol: HTTP
+      name: somename
+    defaultEndpoint: 127.0.0.1:8080
+    captureMode: NONE
+  egress:
+    # use the system detected defaults
+    # sets up configuration to handle outbound traffic to services
+    # in 192.168.0.0/16 subnet, based on information provided by the
+    # service registry
+  - captureMode: IPTABLES
+    hosts:
+    - "*/*"
+
+

The following example declares a Sidecar configuration in the +prod-us1 namespace for all pods with labels app: ratings +belonging to the ratings.prod-us1 service. The service accepts +inbound HTTPS traffic on port 8443 and the sidecar proxy terminates +one way TLS using the given server certificates. +The traffic is then forwarded to the attached workload instance +listening on a Unix domain socket. +It is expected that PeerAuthentication policy would be configured +in order to set mTLS mode to “DISABLE” on specific +ports. +In this example, the mTLS mode is disabled on PORT 80. +This feature is currently experimental.

+
apiVersion: networking.istio.io/v1
+kind: Sidecar
+metadata:
+  name: ratings
+  namespace: prod-us1
+spec:
+  workloadSelector:
+    labels:
+      app: ratings
+  ingress:
+  - port:
+      number: 80
+      protocol: HTTPS
+      name: somename
+    defaultEndpoint: unix:///var/run/someuds.sock
+    tls:
+      mode: SIMPLE
+      privateKey: "/etc/certs/privatekey.pem"
+      serverCertificate: "/etc/certs/servercert.pem"
+---
+apiVersion: v1
+kind: Service
+metadata:
+  name: ratings
+  labels:
+    app: ratings
+    service: ratings
+spec:
+  ports:
+  - port: 8443
+    name: https
+    targetPort: 80
+  selector:
+    app: ratings
+---
+apiVersion: security.istio.io/v1
+kind: PeerAuthentication
+metadata:
+  name: ratings-peer-auth
+  namespace: prod-us1
+spec:
+  selector:
+    matchLabels:
+      app: ratings
+  mtls:
+    mode: STRICT
+  portLevelMtls:
+    80:
+      mode: DISABLE
+
+

In addition to configuring traffic capture and how traffic is forwarded to the app, +it’s possible to control inbound connection pool settings. By default, Istio pushes +connection pool settings from DestinationRules to both clients (for outbound +connections to the service) as well as servers (for inbound connections to a service +instance). Using the InboundConnectionPool and per-port ConnectionPool settings +in a Sidecar allow you to control those connection pools for the server separately +from the settings pushed to all clients.

+
apiVersion: networking.istio.io/v1
+kind: Sidecar
+metadata:
+  name: connection-pool-settings
+  namespace: prod-us1
+spec:
+  workloadSelector:
+    labels:
+      app: productpage
+  inboundConnectionPool:
+      http:
+        http1MaxPendingRequests: 1024
+        http2MaxRequests: 1024
+        maxRequestsPerConnection: 1024
+        maxRetries: 100
+  ingress:
+  - port:
+      number: 80
+      protocol: HTTP
+      name: somename
+    connectionPool:
+      http:
+        http1MaxPendingRequests: 1024
+        http2MaxRequests: 1024
+        maxRequestsPerConnection: 1024
+        maxRetries: 100
+      tcp:
+        maxConnections: 100
+
+ +

Sidecar

+
+

Sidecar describes the configuration of the sidecar proxy that mediates +inbound and outbound communication of the workload instance to which it is +attached.

+ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
FieldDescription
workloadSelector
+
WorkloadSelector
+
 +

Criteria used to select the specific set of pods/VMs on which this +Sidecar configuration should be applied. If omitted, the Sidecar +configuration will be applied to all workload instances in the same namespace.

+ +
ingress
+
IstioIngressListener[]
+
 +

Ingress specifies the configuration of the sidecar for processing +inbound traffic to the attached workload instance. If omitted, Istio will +automatically configure the sidecar based on the information about the workload +obtained from the orchestration platform (e.g., exposed ports, services, +etc.). If specified, inbound ports are configured if and only if the +workload instance is associated with a service.

+ +
egress
+
IstioEgressListener[]
+
 +

Egress specifies the configuration of the sidecar for processing +outbound traffic from the attached workload instance to other +services in the mesh. If not specified, inherits the system +detected defaults from the namespace-wide or the global default Sidecar.

+ +
inboundConnectionPool
+
ConnectionPoolSettings
+
 +

Settings controlling the volume of connections Envoy will accept from the network. +This default will apply for all inbound listeners and can be overridden per-port +in the Ingress field. This configuration mirrors the DestinationRule’s +connectionPool field.

+

By default, Istio applies a service’s DestinationRule to client sidecars +for outbound traffic directed at the service – the usual case folks think +of when configuring a DestinationRule – but also to the server’s inbound +sidecar. The Sidecar’s connection pool configures the server’s inbound +sidecar directly, so its settings can be different than clients’. This is +valuable, for example, when you have many clients calling few servers: a +DestinationRule can limit the concurrency of any single client, while +the Sidecar allows you to configure much higher concurrency on the server +side.

+

Connection pool settings for a server’s inbound sidecar are configured in the +following precedence, highest to lowest:

+
    +
  • per-port ConnectionPool from the Sidecar
    • +
  • top level InboundConnectionPool from the Sidecar
    • +
  • per-port TrafficPolicy.ConnectionPool from the DestinationRule
    • +
  • top level TrafficPolicy.ConnectionPool from the DestinationRule
    • +
  • default connection pool settings (essentially unlimited)
    • +
+

In every case, the connection pool settings are overridden, not merged.

+ +
outboundTrafficPolicy
+
OutboundTrafficPolicy
+
 +

Set the default behavior of the sidecar for handling outbound +traffic from the application.

+

Default mode is ALLOW_ANY, which means outbound traffic to unknown destinations will be allowed.

+ +
+
+

IstioIngressListener

+
+

IstioIngressListener specifies the properties of an inbound +traffic listener on the sidecar proxy attached to a workload instance.

+ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
FieldDescription
port
+
SidecarPort
+
Required
+
 +

The port associated with the listener.

+ +
bind
+
string
+
 +

The IP(IPv4 or IPv6) to which the listener should be bound. +Unix domain socket addresses are not allowed in +the bind field for ingress listeners. If omitted, Istio will +automatically configure the defaults based on imported services +and the workload instances to which this configuration is applied +to.

+ +
captureMode
+
CaptureMode
+
 +

The captureMode option dictates how traffic to the listener is +expected to be captured (or not).

+ +
defaultEndpoint
+
string
+
 +

The IP endpoint or Unix domain socket to which +traffic should be forwarded to. This configuration can be used to +redirect traffic arriving at the bind IP:Port on the sidecar to a localhost:port +or Unix domain socket where the application workload instance is listening for +connections. Arbitrary IPs are not supported. Format should be one of +127.0.0.1:PORT, [::1]:PORT (forward to localhost), +0.0.0.0:PORT, [::]:PORT (forward to the instance IP), +or unix:///path/to/socket (forward to Unix domain socket).

+ +
tls
+
ServerTLSSettings
+
 +

Set of TLS related options that will enable TLS termination on the +sidecar for requests originating from outside the mesh. +Currently supports only SIMPLE and MUTUAL TLS modes.

+ +
connectionPool
+
ConnectionPoolSettings
+
 +

Settings controlling the volume of connections Envoy will accept from the network. +This setting overrides the top-level default inboundConnectionPool to configure +specific settings for this port. This configuration mirrors the DestinationRule’s +PortTrafficPolicy.connectionPool field. +This port level connection pool has the highest precedence in configuration, +overriding both the Sidecar’s top level InboundConnectionPool as well as any +connection pooling settings from the DestinationRule.

+ +
+
+

IstioEgressListener

+
+

IstioEgressListener specifies the properties of an outbound traffic +listener on the sidecar proxy attached to a workload instance.

+ + + + + + + + + + + + + + + + + + + + + + + + + + +
FieldDescription
port
+
SidecarPort
+
 +

The port associated with the listener. If using Unix domain socket, +use 0 as the port number, with a valid protocol. The port if +specified, will be used as the default destination port associated +with the imported hosts. If the port is omitted, Istio will infer the +listener ports based on the imported hosts. Note that when multiple +egress listeners are specified, where one or more listeners have +specific ports while others have no port, the hosts exposed on a +listener port will be based on the listener with the most specific +port.

+ +
bind
+
string
+
 +

The IP(IPv4 or IPv6) or the Unix domain socket to which the listener should be bound +to. Port MUST be specified if bind is not empty. Format: IPv4 or IPv6 address formats or +unix:///path/to/uds or unix://@foobar (Linux abstract namespace). If +omitted, Istio will automatically configure the defaults based on imported +services, the workload instances to which this configuration is applied to and +the captureMode. If captureMode is NONE, bind will default to +127.0.0.1.

+ +
captureMode
+
CaptureMode
+
 +

When the bind address is an IP, the captureMode option dictates +how traffic to the listener is expected to be captured (or not). +captureMode must be DEFAULT or NONE for Unix domain socket binds.

+ +
hosts
+
string[]
+
Required
+
 +

One or more service hosts exposed by the listener +in namespace/dnsName format. Services in the specified namespace +matching dnsName will be exposed. +The corresponding service can be a service in the service registry +(e.g., a Kubernetes or cloud foundry service) or a service specified +using a ServiceEntry or VirtualService configuration. Any +associated DestinationRule in the same namespace will also be used.

+

The dnsName should be specified using FQDN format, optionally including +a wildcard character in the left-most component (e.g., prod/*.example.com). +Set the dnsName to * to select all services from the specified namespace +(e.g., prod/*).

+

The namespace can be set to *, ., or ~, representing any, the current, +or no namespace, respectively. For example, */foo.example.com selects the +service from any available namespace while ./foo.example.com only selects +the service from the namespace of the sidecar. If a host is set to */*, +Istio will configure the sidecar to be able to reach every service in the +mesh that is exported to the sidecar’s namespace. The value ~/* can be used +to completely trim the configuration for sidecars that simply receive traffic +and respond, but make no outbound connections of their own.

+

NOTE: Only services and configuration artifacts exported to the sidecar’s +namespace (e.g., exportTo value of *) can be referenced. +Private configurations (e.g., exportTo set to .) will +not be available. Refer to the exportTo setting in VirtualService, +DestinationRule, and ServiceEntry configurations for details.

+ +
+
+

WorkloadSelector

+
+

WorkloadSelector specifies the criteria used to determine if the +Gateway, Sidecar, EnvoyFilter, ServiceEntry, or DestinationRule +configuration can be applied to a proxy. The matching criteria +includes the metadata associated with a proxy, workload instance +info such as labels attached to the pod/VM, or any other info that +the proxy provides to Istio during the initial handshake. If +multiple conditions are specified, all conditions need to match in +order for the workload instance to be selected. Currently, only +label based selection mechanism is supported.

+ + + + + + + + + + + + + + +
FieldDescription
labels
+
map<string, string>
+
 +

One or more labels that indicate a specific set of pods/VMs +on which the configuration should be applied. The scope of +label search is restricted to the configuration namespace in which the +the resource is present.

+ +
+
+

OutboundTrafficPolicy

+
+

OutboundTrafficPolicy sets the default behavior of the sidecar for +handling unknown outbound traffic from the application.

+ + + + + + + + + + + + + + +
FieldDescription
mode
+
Mode
+
 +
+
+

Mode

+
+ + + + + + + + + + + + + + + + + +
NameDescription
REGISTRY_ONLY +

In REGISTRY_ONLY mode, unknown outbound traffic will be dropped. +Traffic destinations must be explicitly declared into the service registry through ServiceEntry configurations.

+

Note: Istio does not offer an outbound traffic security policy. +This option does not act as one, or as any form of an outbound firewall. +Instead, this option exists primarily to offer users a way to detect missing ServiceEntry configurations by explicitly failing.

+ +
ALLOW_ANY +

In ALLOW_ANY mode, any traffic to unknown destinations will be allowed. +Unknown destination traffic will have limited functionality, however, such as reduced observability. +This mode allows users that do not have all possible egress destinations registered through ServiceEntry configurations to still connect +to arbitrary destinations.

+ +
+
+

SidecarPort

+
+

Port describes the properties of a specific port of a service.

+ + + + + + + + + + + + + + + + + + + + + + +
FieldDescription
number
+
uint32
+
 +

A valid non-negative integer port number.

+ +
protocol
+
string
+
 +

The protocol exposed on the port. +MUST be one of HTTP|HTTPS|GRPC|HTTP2|MONGO|TCP|TLS. +TLS can be either used to terminate non-HTTP based connections on a specific port +or to route traffic based on SNI header to the destination without terminating the TLS connection.

+ +
name
+
string
+
 +

Label assigned to the port.

+ +
+
+

CaptureMode

+
+

CaptureMode describes how traffic to a listener is expected to be +captured. Applicable only when the listener is bound to an IP.

+ + + + + + + + + + + + + + + + + + + + + + +
NameDescription
DEFAULT +

The default capture mode defined by the environment.

+ +
IPTABLES +

Capture traffic using IPtables redirection.

+ +
NONE +

No traffic capture. When used in an egress listener, the application is +expected to explicitly communicate with the listener port or Unix +domain socket. When used in an ingress listener, care needs to be taken +to ensure that the listener port is not in use by other processes on +the host.

+ +
+
diff --git a/vendor/istio.io/api/networking/v1beta1/sidecar.proto b/vendor/istio.io/api/networking/v1alpha3/sidecar.proto similarity index 67% rename from vendor/istio.io/api/networking/v1beta1/sidecar.proto rename to vendor/istio.io/api/networking/v1alpha3/sidecar.proto index 5d2dcad9d..b8f5b7b7b 100644 --- a/vendor/istio.io/api/networking/v1beta1/sidecar.proto +++ b/vendor/istio.io/api/networking/v1alpha3/sidecar.proto @@ -1,4 +1,4 @@ -// Copyright 2020 Istio Authors +// Copyright 2018 Istio Authors // // Licensed under the Apache License, Version 2.0 (the "License"); // you may not use this file except in compliance with the License. @@ -15,15 +15,15 @@ syntax = "proto3"; import "google/api/field_behavior.proto"; -import "networking/v1beta1/gateway.proto"; -import "networking/v1beta1/virtual_service.proto"; +import "networking/v1alpha3/destination_rule.proto"; +import "networking/v1alpha3/gateway.proto"; +import "networking/v1alpha3/virtual_service.proto"; -// $schema: istio.networking.v1beta1.Sidecar +// $schema: istio.networking.v1alpha3.Sidecar // $title: Sidecar // $description: Configuration affecting network reachability of a sidecar. // $location: https://istio.io/docs/reference/config/networking/sidecar.html -// $aliases: [/docs/reference/config/networking/v1beta1/sidecar] -// $mode: none +// $aliases: [/docs/reference/config/networking/v1alpha3/sidecar] // `Sidecar` describes the configuration of the sidecar proxy that mediates // inbound and outbound communication to the workload instance it is attached to. By @@ -32,9 +32,15 @@ import "networking/v1beta1/virtual_service.proto"; // well as accept traffic on all the ports associated with the // workload. The `Sidecar` configuration provides a way to fine tune the set of // ports, protocols that the proxy will accept when forwarding traffic to -// and from the workload. In addition, it is possible to restrict the set -// of services that the proxy can reach when forwarding outbound traffic -// from workload instances. +// and from the workload. +// +// One the common usages of `Sidecar` is to limit the set of configuration for outbound traffic. +// This configuration scoping, among [other options](/docs/ops/configuration/mesh/configuration-scoping/), is useful to prune +// out unneeded configuration, to improve scalability of the mesh. +// A common misunderstanding is that restricting the configuration amounts to *blocking* the traffic. +// If requests are sent to destinations not included in the scoping, the traffic will be treated as +// [unmatched traffic](/docs/ops/configuration/traffic-management/traffic-routing/#unmatched-traffic), which is often still allowed. +// The sidecar is not able to enforce an outbound traffic restriction (see [Egress Gateways](/docs/tasks/traffic-management/egress/egress-gateway/) for how to achieve this). // // Services and configuration in a mesh are organized into one or more // namespaces (e.g., a Kubernetes namespace or a CF org/space). A `Sidecar` @@ -61,16 +67,16 @@ import "networking/v1beta1/virtual_service.proto"; // configuration_*. This global default `Sidecar` configuration should not have // any `workloadSelector`. // +// **NOTE 3**: *_A `Sidecar` is not applicable to gateways, even though gateways are istio-proxies_*. +// // The example below declares a global default `Sidecar` configuration // in the root namespace called `istio-config`, that configures -// sidecars in all namespaces to allow egress traffic only to other +// sidecars in all namespaces to configure egress traffic only to other // workloads in the same namespace as well as to services in the // `istio-system` namespace. // -// {{}} -// {{}} // ```yaml -// apiVersion: networking.istio.io/v1alpha3 +// apiVersion: networking.istio.io/v1 // kind: Sidecar // metadata: // name: default @@ -81,50 +87,15 @@ import "networking/v1beta1/virtual_service.proto"; // - "./*" // - "istio-system/*" // ``` -// {{}} -// -// {{}} -// ```yaml -// apiVersion: networking.istio.io/v1beta1 -// kind: Sidecar -// metadata: -// name: default -// namespace: istio-config -// spec: -// egress: -// - hosts: -// - "./*" -// - "istio-system/*" -// ``` -// {{}} -// {{}} // // The example below declares a `Sidecar` configuration in the // `prod-us1` namespace that overrides the global default defined -// above, and configures the sidecars in the namespace to allow egress +// above, and configures the sidecars in the namespace to configure egress // traffic to public services in the `prod-us1`, `prod-apis`, and the // `istio-system` namespaces. // -// {{}} -// {{}} -// ```yaml -// apiVersion: networking.istio.io/v1alpha3 -// kind: Sidecar -// metadata: -// name: default -// namespace: prod-us1 -// spec: -// egress: -// - hosts: -// - "prod-us1/*" -// - "prod-apis/*" -// - "istio-system/*" -// ``` -// {{}} -// -// {{}} // ```yaml -// apiVersion: networking.istio.io/v1beta1 +// apiVersion: networking.istio.io/v1 // kind: Sidecar // metadata: // name: default @@ -136,8 +107,6 @@ import "networking/v1beta1/virtual_service.proto"; // - "prod-apis/*" // - "istio-system/*" // ``` -// {{}} -// {{}} // // The following example declares a `Sidecar` configuration in the // `prod-us1` namespace for all pods with labels `app: ratings` @@ -148,39 +117,8 @@ import "networking/v1beta1/virtual_service.proto"; // namespace, the sidecar proxies only HTTP traffic bound for port // 9080 for services in the `prod-us1` namespace. // -// {{}} -// {{}} -// ```yaml -// apiVersion: networking.istio.io/v1alpha3 -// kind: Sidecar -// metadata: -// name: ratings -// namespace: prod-us1 -// spec: -// workloadSelector: -// labels: -// app: ratings -// ingress: -// - port: -// number: 9080 -// protocol: HTTP -// name: somename -// defaultEndpoint: unix:///var/run/someuds.sock -// egress: -// - port: -// number: 9080 -// protocol: HTTP -// name: egresshttp -// hosts: -// - "prod-us1/*" -// - hosts: -// - "istio-system/*" -// ``` -// {{}} -// -// {{}} // ```yaml -// apiVersion: networking.istio.io/v1beta1 +// apiVersion: networking.istio.io/v1 // kind: Sidecar // metadata: // name: ratings @@ -205,8 +143,6 @@ import "networking/v1beta1/virtual_service.proto"; // - hosts: // - "istio-system/*" // ``` -// {{}} -// {{}} // // If the workload is deployed without IPTables-based traffic capture, // the `Sidecar` configuration is the only way to configure the ports @@ -223,40 +159,8 @@ import "networking/v1beta1/virtual_service.proto"; // `127.0.0.1:3306`, that then gets proxied to the externally hosted // MySQL service at `mysql.foo.com:3306`. // -// {{}} -// {{}} -// ```yaml -// apiVersion: networking.istio.io/v1alpha3 -// kind: Sidecar -// metadata: -// name: no-ip-tables -// namespace: prod-us1 -// spec: -// workloadSelector: -// labels: -// app: productpage -// ingress: -// - port: -// number: 9080 # binds to proxy_instance_ip:9080 (0.0.0.0:9080, if no unicast IP is available for the instance) -// protocol: HTTP -// name: somename -// defaultEndpoint: 127.0.0.1:8080 -// captureMode: NONE # not needed if metadata is set for entire proxy -// egress: -// - port: -// number: 3306 -// protocol: MYSQL -// name: egressmysql -// captureMode: NONE # not needed if metadata is set for entire proxy -// bind: 127.0.0.1 -// hosts: -// - "*/mysql.foo.com" -// ``` -// {{}} -// -// {{}} // ```yaml -// apiVersion: networking.istio.io/v1beta1 +// apiVersion: networking.istio.io/v1 // kind: Sidecar // metadata: // name: no-ip-tables @@ -282,34 +186,11 @@ import "networking/v1beta1/virtual_service.proto"; // hosts: // - "*/mysql.foo.com" // ``` -// {{}} -// {{}} // // And the associated service entry for routing to `mysql.foo.com:3306` // -// {{}} -// {{}} -// ```yaml -// apiVersion: networking.istio.io/v1alpha3 -// kind: ServiceEntry -// metadata: -// name: external-svc-mysql -// namespace: ns1 -// spec: -// hosts: -// - mysql.foo.com -// ports: -// - number: 3306 -// name: mysql -// protocol: MYSQL -// location: MESH_EXTERNAL -// resolution: DNS -// ``` -// {{}} -// -// {{}} // ```yaml -// apiVersion: networking.istio.io/v1beta1 +// apiVersion: networking.istio.io/v1 // kind: ServiceEntry // metadata: // name: external-svc-mysql @@ -324,8 +205,6 @@ import "networking/v1beta1/virtual_service.proto"; // location: MESH_EXTERNAL // resolution: DNS // ``` -// {{}} -// {{}} // // It is also possible to mix and match traffic capture modes in a single // proxy. For example, consider a setup where internal services are on the @@ -340,10 +219,8 @@ import "networking/v1beta1/virtual_service.proto"; // proxy in the VM should contain `REDIRECT` or `TPROXY` as its value, // implying that IP tables based traffic capture is active. // -// {{}} -// {{}} // ```yaml -// apiVersion: networking.istio.io/v1alpha3 +// apiVersion: networking.istio.io/v1 // kind: Sidecar // metadata: // name: partial-ip-tables @@ -369,42 +246,113 @@ import "networking/v1beta1/virtual_service.proto"; // hosts: // - "*/*" // ``` -// {{}} // -// {{}} +// The following example declares a `Sidecar` configuration in the +// `prod-us1` namespace for all pods with labels `app: ratings` +// belonging to the `ratings.prod-us1` service. The service accepts +// inbound HTTPS traffic on port 8443 and the sidecar proxy terminates +// one way TLS using the given server certificates. +// The traffic is then forwarded to the attached workload instance +// listening on a Unix domain socket. +// It is expected that PeerAuthentication policy would be configured +// in order to set mTLS mode to "DISABLE" on specific +// ports. +// In this example, the mTLS mode is disabled on PORT 80. +// This feature is currently experimental. +// // ```yaml -// apiVersion: networking.istio.io/v1beta1 +// apiVersion: networking.istio.io/v1 // kind: Sidecar // metadata: -// name: partial-ip-tables +// name: ratings +// namespace: prod-us1 +// spec: +// workloadSelector: +// labels: +// app: ratings +// ingress: +// - port: +// number: 80 +// protocol: HTTPS +// name: somename +// defaultEndpoint: unix:///var/run/someuds.sock +// tls: +// mode: SIMPLE +// privateKey: "/etc/certs/privatekey.pem" +// serverCertificate: "/etc/certs/servercert.pem" +// --- +// apiVersion: v1 +// kind: Service +// metadata: +// name: ratings +// labels: +// app: ratings +// service: ratings +// spec: +// ports: +// - port: 8443 +// name: https +// targetPort: 80 +// selector: +// app: ratings +// --- +// apiVersion: security.istio.io/v1 +// kind: PeerAuthentication +// metadata: +// name: ratings-peer-auth +// namespace: prod-us1 +// spec: +// selector: +// matchLabels: +// app: ratings +// mtls: +// mode: STRICT +// portLevelMtls: +// 80: +// mode: DISABLE +// ``` +// +// In addition to configuring traffic capture and how traffic is forwarded to the app, +// it's possible to control inbound connection pool settings. By default, Istio pushes +// connection pool settings from `DestinationRules` to both clients (for outbound +// connections to the service) as well as servers (for inbound connections to a service +// instance). Using the `InboundConnectionPool` and per-port `ConnectionPool` settings +// in a `Sidecar` allow you to control those connection pools for the server separately +// from the settings pushed to all clients. +// +// ```yaml +// apiVersion: networking.istio.io/v1 +// kind: Sidecar +// metadata: +// name: connection-pool-settings // namespace: prod-us1 // spec: // workloadSelector: // labels: // app: productpage +// inboundConnectionPool: +// http: +// http1MaxPendingRequests: 1024 +// http2MaxRequests: 1024 +// maxRequestsPerConnection: 1024 +// maxRetries: 100 // ingress: -// - bind: 172.16.1.32 -// port: -// number: 80 # binds to 172.16.1.32:80 +// - port: +// number: 80 // protocol: HTTP // name: somename -// defaultEndpoint: 127.0.0.1:8080 -// captureMode: NONE -// egress: -// # use the system detected defaults -// # sets up configuration to handle outbound traffic to services -// # in 192.168.0.0/16 subnet, based on information provided by the -// # service registry -// - captureMode: IPTABLES -// hosts: -// - "*/*" +// connectionPool: +// http: +// http1MaxPendingRequests: 1024 +// http2MaxRequests: 1024 +// maxRequestsPerConnection: 1024 +// maxRetries: 100 +// tcp: +// maxConnections: 100 // ``` -// {{}} -// {{}} -// -package istio.networking.v1beta1; +package istio.networking.v1alpha3; -option go_package = "istio.io/api/networking/v1beta1"; +option go_package = "istio.io/api/networking/v1alpha3"; // `Sidecar` describes the configuration of the sidecar proxy that mediates // inbound and outbound communication of the workload instance to which it is @@ -412,7 +360,7 @@ option go_package = "istio.io/api/networking/v1beta1"; // // -// message Sidecar { // Criteria used to select the specific set of pods/VMs on which this // `Sidecar` configuration should be applied. If omitted, the `Sidecar` @@ -450,13 +395,36 @@ message Sidecar { // detected defaults from the namespace-wide or the global default Sidecar. repeated IstioEgressListener egress = 3; - // Configuration for the outbound traffic policy. If your - // application uses one or more external services that are not known - // apriori, setting the policy to `ALLOW_ANY` will cause the - // sidecars to route any unknown traffic originating from the - // application to its requested destination. If not specified, - // inherits the system detected defaults from the namespace-wide or - // the global default Sidecar. + // Settings controlling the volume of connections Envoy will accept from the network. + // This default will apply for all inbound listeners and can be overridden per-port + // in the `Ingress` field. This configuration mirrors the `DestinationRule`'s + // [`connectionPool`](https://istio.io/latest/docs/reference/config/networking/destination-rule/#ConnectionPoolSettings) field. + // + // By default, Istio applies a service's `DestinationRule` to client sidecars + // for outbound traffic directed at the service -- the usual case folks think + // of when configuring a `DestinationRule` -- but also to the server's inbound + // sidecar. The `Sidecar`'s connection pool configures the server's inbound + // sidecar directly, so its settings can be different than clients'. This is + // valuable, for example, when you have many clients calling few servers: a + // `DestinationRule` can limit the concurrency of any single client, while + // the `Sidecar` allows you to configure much higher concurrency on the server + // side. + // + // Connection pool settings for a server's inbound sidecar are configured in the + // following precedence, highest to lowest: + // - per-port `ConnectionPool` from the `Sidecar` + // - top level `InboundConnectionPool` from the `Sidecar` + // - per-port `TrafficPolicy.ConnectionPool` from the `DestinationRule` + // - top level `TrafficPolicy.ConnectionPool` from the `DestinationRule` + // - default connection pool settings (essentially unlimited) + // + // In every case, the connection pool settings are overridden, not merged. + ConnectionPoolSettings inbound_connection_pool = 7; + + // Set the default behavior of the sidecar for handling outbound + // traffic from the application. + // + // Default mode is `ALLOW_ANY`, which means outbound traffic to unknown destinations will be allowed. OutboundTrafficPolicy outbound_traffic_policy = 4; reserved "localhost"; @@ -467,7 +435,7 @@ message Sidecar { // traffic listener on the sidecar proxy attached to a workload instance. message IstioIngressListener { // The port associated with the listener. - Port port = 1 [(google.api.field_behavior) = REQUIRED]; + SidecarPort port = 1 [(google.api.field_behavior) = REQUIRED]; // The IP(IPv4 or IPv6) to which the listener should be bound. // Unix domain socket addresses are not allowed in @@ -489,7 +457,7 @@ message IstioIngressListener { // `127.0.0.1:PORT`, `[::1]:PORT` (forward to localhost), // `0.0.0.0:PORT`, `[::]:PORT` (forward to the instance IP), // or `unix:///path/to/socket` (forward to Unix domain socket). - string default_endpoint = 4 [(google.api.field_behavior) = REQUIRED]; + string default_endpoint = 4; reserved "localhost_client_tls"; reserved 5, 6; @@ -498,6 +466,15 @@ message IstioIngressListener { // sidecar for requests originating from outside the mesh. // Currently supports only SIMPLE and MUTUAL TLS modes. ServerTLSSettings tls = 7; + + // Settings controlling the volume of connections Envoy will accept from the network. + // This setting overrides the top-level default `inboundConnectionPool` to configure + // specific settings for this port. This configuration mirrors the `DestinationRule`'s + // [`PortTrafficPolicy.connectionPool`](https://istio.io/latest/docs/reference/config/networking/destination-rule/#TrafficPolicy-PortTrafficPolicy) field. + // This port level connection pool has the highest precedence in configuration, + // overriding both the `Sidecar`'s top level `InboundConnectionPool` as well as any + // connection pooling settings from the `DestinationRule`. + ConnectionPoolSettings connection_pool = 8; } // `IstioEgressListener` specifies the properties of an outbound traffic @@ -512,7 +489,7 @@ message IstioEgressListener { // specific ports while others have no port, the hosts exposed on a // listener port will be based on the listener with the most specific // port. - Port port = 1; + SidecarPort port = 1; // The IP(IPv4 or IPv6) or the Unix domain socket to which the listener should be bound // to. Port MUST be specified if bind is not empty. Format: IPv4 or IPv6 address formats or @@ -575,30 +552,32 @@ message WorkloadSelector { // on which the configuration should be applied. The scope of // label search is restricted to the configuration namespace in which the // the resource is present. - map labels = 1 [(google.api.field_behavior) = REQUIRED]; + // +kubebuilder:validation:MaxProperties=256 + // +protoc-gen-crd:map-value-validation:MaxLength=63 + // +protoc-gen-crd:map-value-validation:XValidation:message="wildcard is not supported in selector",rule="!self.contains('*')" + map labels = 1; // $hide_from_docs // other forms of identification supplied by the proxy - // when connecting to Pilot, such as X509 fields, tenant IDs, JWT, + // when connecting to istiod, such as X509 fields, tenant IDs, JWT, // etc. This has nothing to do with the request level authN etc. } // `OutboundTrafficPolicy` sets the default behavior of the sidecar for -// handling outbound traffic from the application. -// If your application uses one or more external -// services that are not known apriori, setting the policy to `ALLOW_ANY` -// will cause the sidecars to route any unknown traffic originating from -// the application to its requested destination. Users are strongly -// encouraged to use `ServiceEntry` configurations to explicitly declare any external -// dependencies, instead of using `ALLOW_ANY`, so that traffic to these -// services can be monitored. +// handling unknown outbound traffic from the application. message OutboundTrafficPolicy { enum Mode { - // Outbound traffic will be restricted to services defined in the - // service registry as well as those defined through `ServiceEntry` configurations. + // In `REGISTRY_ONLY` mode, unknown outbound traffic will be dropped. + // Traffic destinations must be explicitly declared into the service registry through `ServiceEntry` configurations. + // + // Note: Istio [does not offer an outbound traffic security policy](https://istio.io/latest/docs/ops/best-practices/security/#understand-traffic-capture-limitations). + // This option does not act as one, or as any form of an outbound firewall. + // Instead, this option exists primarily to offer users a way to detect missing `ServiceEntry` configurations by explicitly failing. REGISTRY_ONLY = 0; - // Outbound traffic to unknown destinations will be allowed, in case - // there are no services or `ServiceEntry` configurations for the destination port. + // In `ALLOW_ANY` mode, any traffic to unknown destinations will be allowed. + // Unknown destination traffic will have limited functionality, however, such as reduced observability. + // This mode allows users that do not have all possible egress destinations registered through `ServiceEntry` configurations to still connect + // to arbitrary destinations. ALLOW_ANY = 1; } Mode mode = 1; @@ -637,3 +616,23 @@ enum CaptureMode { // the host. NONE = 2; } + +// Port describes the properties of a specific port of a service. +message SidecarPort { + // A valid non-negative integer port number. + uint32 number = 1; + + // The protocol exposed on the port. + // MUST be one of HTTP|HTTPS|GRPC|HTTP2|MONGO|TCP|TLS. + // TLS can be either used to terminate non-HTTP based connections on a specific port + // or to route traffic based on SNI header to the destination without terminating the TLS connection. + string protocol = 2; + + // Label assigned to the port. + string name = 3; + + // Has no effect, only for backwards compatibility + // received. Applicable only when used with ServiceEntries. + // $hide_from_docs + uint32 target_port = 4 [deprecated=true]; +} diff --git a/vendor/istio.io/api/networking/v1beta1/sidecar_deepcopy.gen.go b/vendor/istio.io/api/networking/v1alpha3/sidecar_deepcopy.gen.go similarity index 83% rename from vendor/istio.io/api/networking/v1beta1/sidecar_deepcopy.gen.go rename to vendor/istio.io/api/networking/v1alpha3/sidecar_deepcopy.gen.go index 45fba46e0..eff0c21d7 100644 --- a/vendor/istio.io/api/networking/v1beta1/sidecar_deepcopy.gen.go +++ b/vendor/istio.io/api/networking/v1alpha3/sidecar_deepcopy.gen.go @@ -1,8 +1,8 @@ // Code generated by protoc-gen-deepcopy. DO NOT EDIT. -package v1beta1 +package v1alpha3 import ( - proto "github.com/golang/protobuf/proto" + proto "google.golang.org/protobuf/proto" ) // DeepCopyInto supports using Sidecar within kubernetes types, where deepcopy-gen is used. @@ -109,3 +109,24 @@ func (in *OutboundTrafficPolicy) DeepCopy() *OutboundTrafficPolicy { func (in *OutboundTrafficPolicy) DeepCopyInterface() interface{} { return in.DeepCopy() } + +// DeepCopyInto supports using SidecarPort within kubernetes types, where deepcopy-gen is used. +func (in *SidecarPort) DeepCopyInto(out *SidecarPort) { + p := proto.Clone(in).(*SidecarPort) + *out = *p +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new SidecarPort. Required by controller-gen. +func (in *SidecarPort) DeepCopy() *SidecarPort { + if in == nil { + return nil + } + out := new(SidecarPort) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInterface is an autogenerated deepcopy function, copying the receiver, creating a new SidecarPort. Required by controller-gen. +func (in *SidecarPort) DeepCopyInterface() interface{} { + return in.DeepCopy() +} diff --git a/vendor/istio.io/api/networking/v1beta1/sidecar_json.gen.go b/vendor/istio.io/api/networking/v1alpha3/sidecar_json.gen.go similarity index 85% rename from vendor/istio.io/api/networking/v1beta1/sidecar_json.gen.go rename to vendor/istio.io/api/networking/v1alpha3/sidecar_json.gen.go index 551669c66..f21b971b8 100644 --- a/vendor/istio.io/api/networking/v1beta1/sidecar_json.gen.go +++ b/vendor/istio.io/api/networking/v1alpha3/sidecar_json.gen.go @@ -1,5 +1,5 @@ // Code generated by protoc-gen-jsonshim. DO NOT EDIT. -package v1beta1 +package v1alpha3 import ( bytes "bytes" @@ -61,6 +61,17 @@ func (this *OutboundTrafficPolicy) UnmarshalJSON(b []byte) error { return SidecarUnmarshaler.Unmarshal(bytes.NewReader(b), this) } +// MarshalJSON is a custom marshaler for SidecarPort +func (this *SidecarPort) MarshalJSON() ([]byte, error) { + str, err := SidecarMarshaler.MarshalToString(this) + return []byte(str), err +} + +// UnmarshalJSON is a custom unmarshaler for SidecarPort +func (this *SidecarPort) UnmarshalJSON(b []byte) error { + return SidecarUnmarshaler.Unmarshal(bytes.NewReader(b), this) +} + var ( SidecarMarshaler = &jsonpb.Marshaler{} SidecarUnmarshaler = &jsonpb.Unmarshaler{AllowUnknownFields: true} diff --git a/vendor/istio.io/api/networking/v1beta1/virtual_service.pb.go b/vendor/istio.io/api/networking/v1alpha3/virtual_service.pb.go similarity index 55% rename from vendor/istio.io/api/networking/v1beta1/virtual_service.pb.go rename to vendor/istio.io/api/networking/v1alpha3/virtual_service.pb.go index 20aed9bf9..2da479320 100644 --- a/vendor/istio.io/api/networking/v1beta1/virtual_service.pb.go +++ b/vendor/istio.io/api/networking/v1alpha3/virtual_service.pb.go @@ -1,4 +1,4 @@ -// Copyright 2020 Istio Authors +// Copyright 2017-2018 Istio Authors // // Licensed under the Apache License, Version 2.0 (the "License"); // you may not use this file except in compliance with the License. @@ -14,16 +14,15 @@ // Code generated by protoc-gen-go. DO NOT EDIT. // versions: -// protoc-gen-go v1.28.1 +// protoc-gen-go v1.35.2 // protoc (unknown) -// source: networking/v1beta1/virtual_service.proto +// source: networking/v1alpha3/virtual_service.proto -// $schema: istio.networking.v1beta1.VirtualService +// $schema: istio.networking.v1alpha3.VirtualService // $title: Virtual Service // $description: Configuration affecting label/content routing, sni routing, etc. // $location: https://istio.io/docs/reference/config/networking/virtual-service.html -// $aliases: [/docs/reference/config/networking/v1beta1/virtual-service] -// $mode: none +// $aliases: [/docs/reference/config/networking/v1alpha3/virtual-service] // Configuration affecting traffic routing. Here are a few terms useful to define // in the context of traffic routing. @@ -68,10 +67,8 @@ // be rewritten to /newcatalog and sent to pods with label "version: v2". // // -// {{}} -// {{}} // ```yaml -// apiVersion: networking.istio.io/v1alpha3 +// apiVersion: networking.istio.io/v1 // kind: VirtualService // metadata: // name: reviews-route @@ -97,65 +94,13 @@ // host: reviews.prod.svc.cluster.local // subset: v1 // ``` -// {{}} -// -// {{}} -// ```yaml -// apiVersion: networking.istio.io/v1beta1 -// kind: VirtualService -// metadata: -// name: reviews-route -// spec: -// hosts: -// - reviews.prod.svc.cluster.local -// http: -// - name: "reviews-v2-routes" -// match: -// - uri: -// prefix: "/wpcatalog" -// - uri: -// prefix: "/consumercatalog" -// rewrite: -// uri: "/newcatalog" -// route: -// - destination: -// host: reviews.prod.svc.cluster.local -// subset: v2 -// - name: "reviews-v1-route" -// route: -// - destination: -// host: reviews.prod.svc.cluster.local -// subset: v1 -// ``` -// {{}} -// {{}} // // A subset/version of a route destination is identified with a reference // to a named service subset which must be declared in a corresponding // `DestinationRule`. // -// {{}} -// {{}} -// ```yaml -// apiVersion: networking.istio.io/v1alpha3 -// kind: DestinationRule -// metadata: -// name: reviews-destination -// spec: -// host: reviews.prod.svc.cluster.local -// subsets: -// - name: v1 -// labels: -// version: v1 -// - name: v2 -// labels: -// version: v2 -// ``` -// {{}} -// -// {{}} // ```yaml -// apiVersion: networking.istio.io/v1beta1 +// apiVersion: networking.istio.io/v1 // kind: DestinationRule // metadata: // name: reviews-destination @@ -169,11 +114,9 @@ // labels: // version: v2 // ``` -// {{}} -// {{}} // -package v1beta1 +package v1alpha3 import ( duration "github.com/golang/protobuf/ptypes/duration" @@ -222,11 +165,11 @@ func (x HTTPRedirect_RedirectPortSelection) String() string { } func (HTTPRedirect_RedirectPortSelection) Descriptor() protoreflect.EnumDescriptor { - return file_networking_v1beta1_virtual_service_proto_enumTypes[0].Descriptor() + return file_networking_v1alpha3_virtual_service_proto_enumTypes[0].Descriptor() } func (HTTPRedirect_RedirectPortSelection) Type() protoreflect.EnumType { - return &file_networking_v1beta1_virtual_service_proto_enumTypes[0] + return &file_networking_v1alpha3_virtual_service_proto_enumTypes[0] } func (x HTTPRedirect_RedirectPortSelection) Number() protoreflect.EnumNumber { @@ -235,14 +178,68 @@ func (x HTTPRedirect_RedirectPortSelection) Number() protoreflect.EnumNumber { // Deprecated: Use HTTPRedirect_RedirectPortSelection.Descriptor instead. func (HTTPRedirect_RedirectPortSelection) EnumDescriptor() ([]byte, []int) { - return file_networking_v1beta1_virtual_service_proto_rawDescGZIP(), []int{12, 0} + return file_networking_v1alpha3_virtual_service_proto_rawDescGZIP(), []int{12, 0} +} + +type CorsPolicy_UnmatchedPreflights int32 + +const ( + // Default to FORWARD + CorsPolicy_UNSPECIFIED CorsPolicy_UnmatchedPreflights = 0 + // Preflight requests not matching the configured allowed origin + // will be forwarded to the upstream. + CorsPolicy_FORWARD CorsPolicy_UnmatchedPreflights = 1 + // Preflight requests not matching the configured allowed origin + // will not be forwarded to the upstream. + CorsPolicy_IGNORE CorsPolicy_UnmatchedPreflights = 2 +) + +// Enum value maps for CorsPolicy_UnmatchedPreflights. +var ( + CorsPolicy_UnmatchedPreflights_name = map[int32]string{ + 0: "UNSPECIFIED", + 1: "FORWARD", + 2: "IGNORE", + } + CorsPolicy_UnmatchedPreflights_value = map[string]int32{ + "UNSPECIFIED": 0, + "FORWARD": 1, + "IGNORE": 2, + } +) + +func (x CorsPolicy_UnmatchedPreflights) Enum() *CorsPolicy_UnmatchedPreflights { + p := new(CorsPolicy_UnmatchedPreflights) + *p = x + return p +} + +func (x CorsPolicy_UnmatchedPreflights) String() string { + return protoimpl.X.EnumStringOf(x.Descriptor(), protoreflect.EnumNumber(x)) +} + +func (CorsPolicy_UnmatchedPreflights) Descriptor() protoreflect.EnumDescriptor { + return file_networking_v1alpha3_virtual_service_proto_enumTypes[1].Descriptor() +} + +func (CorsPolicy_UnmatchedPreflights) Type() protoreflect.EnumType { + return &file_networking_v1alpha3_virtual_service_proto_enumTypes[1] +} + +func (x CorsPolicy_UnmatchedPreflights) Number() protoreflect.EnumNumber { + return protoreflect.EnumNumber(x) +} + +// Deprecated: Use CorsPolicy_UnmatchedPreflights.Descriptor instead. +func (CorsPolicy_UnmatchedPreflights) EnumDescriptor() ([]byte, []int) { + return file_networking_v1alpha3_virtual_service_proto_rawDescGZIP(), []int{19, 0} } // Configuration affecting traffic routing. // // -// type VirtualService struct { state protoimpl.MessageState sizeCache protoimpl.SizeCache @@ -317,8 +311,8 @@ type VirtualService struct { // gateways and sidecars, specify `mesh` as one of the gateway names. Gateways []string `protobuf:"bytes,2,rep,name=gateways,proto3" json:"gateways,omitempty"` // An ordered list of route rules for HTTP traffic. HTTP routes will be - // applied to platform service ports named 'http-*'/'http2-*'/'grpc-*', gateway - // ports with protocol HTTP/HTTP2/GRPC/ TLS-terminated-HTTPS and service + // applied to platform service ports using HTTP/HTTP2/GRPC protocols, gateway + // ports with protocol HTTP/HTTP2/GRPC/TLS-terminated-HTTPS and service // entry ports using HTTP/HTTP2/GRPC protocols. The first rule matching // an incoming request is used. Http []*HTTPRoute `protobuf:"bytes,3,rep,name=http,proto3" json:"http,omitempty"` @@ -353,11 +347,9 @@ type VirtualService struct { func (x *VirtualService) Reset() { *x = VirtualService{} - if protoimpl.UnsafeEnabled { - mi := &file_networking_v1beta1_virtual_service_proto_msgTypes[0] - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - ms.StoreMessageInfo(mi) - } + mi := &file_networking_v1alpha3_virtual_service_proto_msgTypes[0] + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + ms.StoreMessageInfo(mi) } func (x *VirtualService) String() string { @@ -367,8 +359,8 @@ func (x *VirtualService) String() string { func (*VirtualService) ProtoMessage() {} func (x *VirtualService) ProtoReflect() protoreflect.Message { - mi := &file_networking_v1beta1_virtual_service_proto_msgTypes[0] - if protoimpl.UnsafeEnabled && x != nil { + mi := &file_networking_v1alpha3_virtual_service_proto_msgTypes[0] + if x != nil { ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) if ms.LoadMessageInfo() == nil { ms.StoreMessageInfo(mi) @@ -380,7 +372,7 @@ func (x *VirtualService) ProtoReflect() protoreflect.Message { // Deprecated: Use VirtualService.ProtoReflect.Descriptor instead. func (*VirtualService) Descriptor() ([]byte, []int) { - return file_networking_v1beta1_virtual_service_proto_rawDescGZIP(), []int{0} + return file_networking_v1alpha3_virtual_service_proto_rawDescGZIP(), []int{0} } func (x *VirtualService) GetHosts() []string { @@ -436,7 +428,7 @@ func (x *VirtualService) GetExportTo() []string { // *Note for Kubernetes users*: When short names are used (e.g. "reviews" // instead of "reviews.default.svc.cluster.local"), Istio will interpret // the short name based on the namespace of the rule, not the service. A -// rule in the "default" namespace containing a host "reviews will be +// rule in the "default" namespace containing a host "reviews" will be // interpreted as "reviews.default.svc.cluster.local", irrespective of the // actual namespace associated with the reviews service. _To avoid potential // misconfigurations, it is recommended to always use fully qualified @@ -446,43 +438,8 @@ func (x *VirtualService) GetExportTo() []string { // of the reviews service with label "version: v1" (i.e., subset v1), and // some to subset v2, in a Kubernetes environment. // -// {{}} -// {{}} -// ```yaml -// apiVersion: networking.istio.io/v1alpha3 -// kind: VirtualService -// metadata: -// -// name: reviews-route -// namespace: foo -// -// spec: -// -// hosts: -// - reviews # interpreted as reviews.foo.svc.cluster.local -// http: -// - match: -// - uri: -// prefix: "/wpcatalog" -// - uri: -// prefix: "/consumercatalog" -// rewrite: -// uri: "/newcatalog" -// route: -// - destination: -// host: reviews # interpreted as reviews.foo.svc.cluster.local -// subset: v2 -// - route: -// - destination: -// host: reviews # interpreted as reviews.foo.svc.cluster.local -// subset: v1 -// -// ``` -// {{}} -// -// {{}} // ```yaml -// apiVersion: networking.istio.io/v1beta1 +// apiVersion: networking.istio.io/v1 // kind: VirtualService // metadata: // @@ -511,38 +468,11 @@ func (x *VirtualService) GetExportTo() []string { // subset: v1 // // ``` -// {{}} -// {{}} // // # And the associated DestinationRule // -// {{}} -// {{}} -// ```yaml -// apiVersion: networking.istio.io/v1alpha3 -// kind: DestinationRule -// metadata: -// -// name: reviews-destination -// namespace: foo -// -// spec: -// -// host: reviews # interpreted as reviews.foo.svc.cluster.local -// subsets: -// - name: v1 -// labels: -// version: v1 -// - name: v2 -// labels: -// version: v2 -// -// ``` -// {{}} -// -// {{}} // ```yaml -// apiVersion: networking.istio.io/v1beta1 +// apiVersion: networking.istio.io/v1 // kind: DestinationRule // metadata: // @@ -561,8 +491,6 @@ func (x *VirtualService) GetExportTo() []string { // version: v2 // // ``` -// {{}} -// {{}} // // The following VirtualService sets a timeout of 5s for all calls to // productpage.prod.svc.cluster.local service in Kubernetes. Notice that @@ -574,32 +502,8 @@ func (x *VirtualService) GetExportTo() []string { // productpage.prod.svc.cluster.local. Therefore the rule's namespace does // not have an impact in resolving the name of the productpage service. // -// {{}} -// {{}} -// ```yaml -// apiVersion: networking.istio.io/v1alpha3 -// kind: VirtualService -// metadata: -// -// name: my-productpage-rule -// namespace: istio-system -// -// spec: -// -// hosts: -// - productpage.prod.svc.cluster.local # ignores rule namespace -// http: -// - timeout: 5s -// route: -// - destination: -// host: productpage.prod.svc.cluster.local -// -// ``` -// {{}} -// -// {{}} // ```yaml -// apiVersion: networking.istio.io/v1beta1 +// apiVersion: networking.istio.io/v1 // kind: VirtualService // metadata: // @@ -617,8 +521,6 @@ func (x *VirtualService) GetExportTo() []string { // host: productpage.prod.svc.cluster.local // // ``` -// {{}} -// {{}} // // To control routing for traffic bound to services outside the mesh, external // services must first be added to Istio's internal service registry using the @@ -626,49 +528,8 @@ func (x *VirtualService) GetExportTo() []string { // bound to these external services. For example, the following rules define a // Service for wikipedia.org and set a timeout of 5s for HTTP requests. // -// {{}} -// {{}} -// ```yaml -// apiVersion: networking.istio.io/v1alpha3 -// kind: ServiceEntry -// metadata: -// -// name: external-svc-wikipedia -// -// spec: -// -// hosts: -// - wikipedia.org -// location: MESH_EXTERNAL -// ports: -// - number: 80 -// name: example-http -// protocol: HTTP -// resolution: DNS -// -// --- -// apiVersion: networking.istio.io/v1alpha3 -// kind: VirtualService -// metadata: -// -// name: my-wiki-rule -// -// spec: -// -// hosts: -// - wikipedia.org -// http: -// - timeout: 5s -// route: -// - destination: -// host: wikipedia.org -// -// ``` -// {{}} -// -// {{}} // ```yaml -// apiVersion: networking.istio.io/v1beta1 +// apiVersion: networking.istio.io/v1 // kind: ServiceEntry // metadata: // @@ -686,7 +547,7 @@ func (x *VirtualService) GetExportTo() []string { // resolution: DNS // // --- -// apiVersion: networking.istio.io/v1beta1 +// apiVersion: networking.istio.io/v1 // kind: VirtualService // metadata: // @@ -703,8 +564,6 @@ func (x *VirtualService) GetExportTo() []string { // host: wikipedia.org // // ``` -// {{}} -// {{}} type Destination struct { state protoimpl.MessageState sizeCache protoimpl.SizeCache @@ -719,7 +578,7 @@ type Destination struct { // *Note for Kubernetes users*: When short names are used (e.g. "reviews" // instead of "reviews.default.svc.cluster.local"), Istio will interpret // the short name based on the namespace of the rule, not the service. A - // rule in the "default" namespace containing a host "reviews will be + // rule in the "default" namespace containing a host "reviews" will be // interpreted as "reviews.default.svc.cluster.local", irrespective of // the actual namespace associated with the reviews service. To avoid // potential misconfiguration, it is recommended to always use fully @@ -737,11 +596,9 @@ type Destination struct { func (x *Destination) Reset() { *x = Destination{} - if protoimpl.UnsafeEnabled { - mi := &file_networking_v1beta1_virtual_service_proto_msgTypes[1] - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - ms.StoreMessageInfo(mi) - } + mi := &file_networking_v1alpha3_virtual_service_proto_msgTypes[1] + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + ms.StoreMessageInfo(mi) } func (x *Destination) String() string { @@ -751,8 +608,8 @@ func (x *Destination) String() string { func (*Destination) ProtoMessage() {} func (x *Destination) ProtoReflect() protoreflect.Message { - mi := &file_networking_v1beta1_virtual_service_proto_msgTypes[1] - if protoimpl.UnsafeEnabled && x != nil { + mi := &file_networking_v1alpha3_virtual_service_proto_msgTypes[1] + if x != nil { ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) if ms.LoadMessageInfo() == nil { ms.StoreMessageInfo(mi) @@ -764,7 +621,7 @@ func (x *Destination) ProtoReflect() protoreflect.Message { // Deprecated: Use Destination.ProtoReflect.Descriptor instead. func (*Destination) Descriptor() ([]byte, []int) { - return file_networking_v1beta1_virtual_service_proto_rawDescGZIP(), []int{1} + return file_networking_v1alpha3_virtual_service_proto_rawDescGZIP(), []int{1} } func (x *Destination) GetHost() string { @@ -840,6 +697,15 @@ type HTTPRoute struct { // Timeout for HTTP requests, default is disabled. Timeout *duration.Duration `protobuf:"bytes,6,opt,name=timeout,proto3" json:"timeout,omitempty"` // Retry policy for HTTP requests. + // + // Note: the default cluster-wide retry policy, if not specified, is: + // + // ```yaml + // attempts: 2 + // retryOn: "connect-failure,refused-stream,unavailable,cancelled,503" + // ``` + // + // This can be customized in [`Mesh Config` `defaultHttpRetryPolicy`](https://istio.io/latest/docs/reference/config/istio.mesh.v1alpha1/#MeshConfig). Retries *HTTPRetry `protobuf:"bytes,7,opt,name=retries,proto3" json:"retries,omitempty"` // Fault injection policy to apply on HTTP traffic at the client side. // Note that timeouts or retries will not be enabled when faults are @@ -852,12 +718,20 @@ type HTTPRoute struct { // original destination. Statistics will be generated for the mirrored // destination. Mirror *Destination `protobuf:"bytes,9,opt,name=mirror,proto3" json:"mirror,omitempty"` + // Specifies the destinations to mirror HTTP traffic in addition + // to the original destination. Mirrored traffic is on a + // best effort basis where the sidecar/gateway will not wait for the + // mirrored destinations to respond before returning the response from the + // original destination. Statistics will be generated for the mirrored + // destination. + Mirrors []*HTTPMirrorPolicy `protobuf:"bytes,22,rep,name=mirrors,proto3" json:"mirrors,omitempty"` // Percentage of the traffic to be mirrored by the `mirror` field. // Use of integer `mirror_percent` value is deprecated. Use the // double `mirror_percentage` field instead // $hide_from_docs + // +kubebuilder:altName=mirror_percent // - // Deprecated: Do not use. + // Deprecated: Marked as deprecated in networking/v1alpha3/virtual_service.proto. MirrorPercent *wrappers.UInt32Value `protobuf:"bytes,18,opt,name=mirror_percent,json=mirrorPercent,proto3" json:"mirror_percent,omitempty"` // Percentage of the traffic to be mirrored by the `mirror` field. // If this field is absent, all the traffic (100%) will be mirrored. @@ -873,11 +747,9 @@ type HTTPRoute struct { func (x *HTTPRoute) Reset() { *x = HTTPRoute{} - if protoimpl.UnsafeEnabled { - mi := &file_networking_v1beta1_virtual_service_proto_msgTypes[2] - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - ms.StoreMessageInfo(mi) - } + mi := &file_networking_v1alpha3_virtual_service_proto_msgTypes[2] + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + ms.StoreMessageInfo(mi) } func (x *HTTPRoute) String() string { @@ -887,8 +759,8 @@ func (x *HTTPRoute) String() string { func (*HTTPRoute) ProtoMessage() {} func (x *HTTPRoute) ProtoReflect() protoreflect.Message { - mi := &file_networking_v1beta1_virtual_service_proto_msgTypes[2] - if protoimpl.UnsafeEnabled && x != nil { + mi := &file_networking_v1alpha3_virtual_service_proto_msgTypes[2] + if x != nil { ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) if ms.LoadMessageInfo() == nil { ms.StoreMessageInfo(mi) @@ -900,7 +772,7 @@ func (x *HTTPRoute) ProtoReflect() protoreflect.Message { // Deprecated: Use HTTPRoute.ProtoReflect.Descriptor instead. func (*HTTPRoute) Descriptor() ([]byte, []int) { - return file_networking_v1beta1_virtual_service_proto_rawDescGZIP(), []int{2} + return file_networking_v1alpha3_virtual_service_proto_rawDescGZIP(), []int{2} } func (x *HTTPRoute) GetName() string { @@ -980,7 +852,14 @@ func (x *HTTPRoute) GetMirror() *Destination { return nil } -// Deprecated: Do not use. +func (x *HTTPRoute) GetMirrors() []*HTTPMirrorPolicy { + if x != nil { + return x.Mirrors + } + return nil +} + +// Deprecated: Marked as deprecated in networking/v1alpha3/virtual_service.proto. func (x *HTTPRoute) GetMirrorPercent() *wrappers.UInt32Value { if x != nil { return x.MirrorPercent @@ -1014,7 +893,7 @@ func (x *HTTPRoute) GetHeaders() *Headers { // forward the traffic to `/reviews` by a delegate VirtualService named `reviews`. // // ```yaml -// apiVersion: networking.istio.io/v1alpha3 +// apiVersion: networking.istio.io/v1 // kind: VirtualService // metadata: // @@ -1043,7 +922,7 @@ func (x *HTTPRoute) GetHeaders() *Headers { // ``` // // ```yaml -// apiVersion: networking.istio.io/v1alpha3 +// apiVersion: networking.istio.io/v1 // kind: VirtualService // metadata: // @@ -1066,7 +945,7 @@ func (x *HTTPRoute) GetHeaders() *Headers { // ``` // // ```yaml -// apiVersion: networking.istio.io/v1alpha3 +// apiVersion: networking.istio.io/v1 // kind: VirtualService // metadata: // @@ -1095,11 +974,9 @@ type Delegate struct { func (x *Delegate) Reset() { *x = Delegate{} - if protoimpl.UnsafeEnabled { - mi := &file_networking_v1beta1_virtual_service_proto_msgTypes[3] - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - ms.StoreMessageInfo(mi) - } + mi := &file_networking_v1alpha3_virtual_service_proto_msgTypes[3] + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + ms.StoreMessageInfo(mi) } func (x *Delegate) String() string { @@ -1109,8 +986,8 @@ func (x *Delegate) String() string { func (*Delegate) ProtoMessage() {} func (x *Delegate) ProtoReflect() protoreflect.Message { - mi := &file_networking_v1beta1_virtual_service_proto_msgTypes[3] - if protoimpl.UnsafeEnabled && x != nil { + mi := &file_networking_v1alpha3_virtual_service_proto_msgTypes[3] + if x != nil { ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) if ms.LoadMessageInfo() == nil { ms.StoreMessageInfo(mi) @@ -1122,7 +999,7 @@ func (x *Delegate) ProtoReflect() protoreflect.Message { // Deprecated: Use Delegate.ProtoReflect.Descriptor instead. func (*Delegate) Descriptor() ([]byte, []int) { - return file_networking_v1beta1_virtual_service_proto_rawDescGZIP(), []int{3} + return file_networking_v1alpha3_virtual_service_proto_rawDescGZIP(), []int{3} } func (x *Delegate) GetName() string { @@ -1147,44 +1024,8 @@ func (x *Delegate) GetNamespace() string { // It also removes the `foo` response header, but only from responses // coming from the `v1` subset (version) of the `reviews` service. // -// {{}} -// {{}} -// ```yaml -// apiVersion: networking.istio.io/v1alpha3 -// kind: VirtualService -// metadata: -// -// name: reviews-route -// -// spec: -// -// hosts: -// - reviews.prod.svc.cluster.local -// http: -// - headers: -// request: -// set: -// test: "true" -// route: -// - destination: -// host: reviews.prod.svc.cluster.local -// subset: v2 -// weight: 25 -// - destination: -// host: reviews.prod.svc.cluster.local -// subset: v1 -// headers: -// response: -// remove: -// - foo -// weight: 75 -// -// ``` -// {{}} -// -// {{}} // ```yaml -// apiVersion: networking.istio.io/v1beta1 +// apiVersion: networking.istio.io/v1 // kind: VirtualService // metadata: // @@ -1214,8 +1055,6 @@ func (x *Delegate) GetNamespace() string { // weight: 75 // // ``` -// {{}} -// {{}} type Headers struct { state protoimpl.MessageState sizeCache protoimpl.SizeCache @@ -1231,11 +1070,9 @@ type Headers struct { func (x *Headers) Reset() { *x = Headers{} - if protoimpl.UnsafeEnabled { - mi := &file_networking_v1beta1_virtual_service_proto_msgTypes[4] - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - ms.StoreMessageInfo(mi) - } + mi := &file_networking_v1alpha3_virtual_service_proto_msgTypes[4] + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + ms.StoreMessageInfo(mi) } func (x *Headers) String() string { @@ -1245,8 +1082,8 @@ func (x *Headers) String() string { func (*Headers) ProtoMessage() {} func (x *Headers) ProtoReflect() protoreflect.Message { - mi := &file_networking_v1beta1_virtual_service_proto_msgTypes[4] - if protoimpl.UnsafeEnabled && x != nil { + mi := &file_networking_v1alpha3_virtual_service_proto_msgTypes[4] + if x != nil { ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) if ms.LoadMessageInfo() == nil { ms.StoreMessageInfo(mi) @@ -1258,7 +1095,7 @@ func (x *Headers) ProtoReflect() protoreflect.Message { // Deprecated: Use Headers.ProtoReflect.Descriptor instead. func (*Headers) Descriptor() ([]byte, []int) { - return file_networking_v1beta1_virtual_service_proto_rawDescGZIP(), []int{4} + return file_networking_v1alpha3_virtual_service_proto_rawDescGZIP(), []int{4} } func (x *Headers) GetRequest() *Headers_HeaderOperations { @@ -1280,10 +1117,8 @@ func (x *Headers) GetResponse() *Headers_HeaderOperations { // traffic arriving at port 443 of gateway called "mygateway" to internal // services in the mesh based on the SNI value. // -// {{}} -// {{}} // ```yaml -// apiVersion: networking.istio.io/v1alpha3 +// apiVersion: networking.istio.io/v1 // kind: VirtualService // metadata: // @@ -1312,41 +1147,6 @@ func (x *Headers) GetResponse() *Headers_HeaderOperations { // host: reviews.prod.svc.cluster.local // // ``` -// {{}} -// -// {{}} -// ```yaml -// apiVersion: networking.istio.io/v1beta1 -// kind: VirtualService -// metadata: -// -// name: bookinfo-sni -// -// spec: -// -// hosts: -// - "*.bookinfo.com" -// gateways: -// - mygateway -// tls: -// - match: -// - port: 443 -// sniHosts: -// - login.bookinfo.com -// route: -// - destination: -// host: login.prod.svc.cluster.local -// - match: -// - port: 443 -// sniHosts: -// - reviews.bookinfo.com -// route: -// - destination: -// host: reviews.prod.svc.cluster.local -// -// ``` -// {{}} -// {{}} type TLSRoute struct { state protoimpl.MessageState sizeCache protoimpl.SizeCache @@ -1363,11 +1163,9 @@ type TLSRoute struct { func (x *TLSRoute) Reset() { *x = TLSRoute{} - if protoimpl.UnsafeEnabled { - mi := &file_networking_v1beta1_virtual_service_proto_msgTypes[5] - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - ms.StoreMessageInfo(mi) - } + mi := &file_networking_v1alpha3_virtual_service_proto_msgTypes[5] + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + ms.StoreMessageInfo(mi) } func (x *TLSRoute) String() string { @@ -1377,8 +1175,8 @@ func (x *TLSRoute) String() string { func (*TLSRoute) ProtoMessage() {} func (x *TLSRoute) ProtoReflect() protoreflect.Message { - mi := &file_networking_v1beta1_virtual_service_proto_msgTypes[5] - if protoimpl.UnsafeEnabled && x != nil { + mi := &file_networking_v1alpha3_virtual_service_proto_msgTypes[5] + if x != nil { ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) if ms.LoadMessageInfo() == nil { ms.StoreMessageInfo(mi) @@ -1390,7 +1188,7 @@ func (x *TLSRoute) ProtoReflect() protoreflect.Message { // Deprecated: Use TLSRoute.ProtoReflect.Descriptor instead. func (*TLSRoute) Descriptor() ([]byte, []int) { - return file_networking_v1beta1_virtual_service_proto_rawDescGZIP(), []int{5} + return file_networking_v1alpha3_virtual_service_proto_rawDescGZIP(), []int{5} } func (x *TLSRoute) GetMatch() []*TLSMatchAttributes { @@ -1411,34 +1209,8 @@ func (x *TLSRoute) GetRoute() []*RouteDestination { // following routing rule forwards traffic arriving at port 27017 for // mongo.prod.svc.cluster.local to another Mongo server on port 5555. // -// {{}} -// {{}} -// ```yaml -// apiVersion: networking.istio.io/v1alpha3 -// kind: VirtualService -// metadata: -// -// name: bookinfo-mongo -// -// spec: -// -// hosts: -// - mongo.prod.svc.cluster.local -// tcp: -// - match: -// - port: 27017 -// route: -// - destination: -// host: mongo.backup.svc.cluster.local -// port: -// number: 5555 -// -// ``` -// {{}} -// -// {{}} // ```yaml -// apiVersion: networking.istio.io/v1beta1 +// apiVersion: networking.istio.io/v1 // kind: VirtualService // metadata: // @@ -1458,8 +1230,6 @@ func (x *TLSRoute) GetRoute() []*RouteDestination { // number: 5555 // // ``` -// {{}} -// {{}} type TCPRoute struct { state protoimpl.MessageState sizeCache protoimpl.SizeCache @@ -1476,11 +1246,9 @@ type TCPRoute struct { func (x *TCPRoute) Reset() { *x = TCPRoute{} - if protoimpl.UnsafeEnabled { - mi := &file_networking_v1beta1_virtual_service_proto_msgTypes[6] - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - ms.StoreMessageInfo(mi) - } + mi := &file_networking_v1alpha3_virtual_service_proto_msgTypes[6] + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + ms.StoreMessageInfo(mi) } func (x *TCPRoute) String() string { @@ -1490,8 +1258,8 @@ func (x *TCPRoute) String() string { func (*TCPRoute) ProtoMessage() {} func (x *TCPRoute) ProtoReflect() protoreflect.Message { - mi := &file_networking_v1beta1_virtual_service_proto_msgTypes[6] - if protoimpl.UnsafeEnabled && x != nil { + mi := &file_networking_v1alpha3_virtual_service_proto_msgTypes[6] + if x != nil { ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) if ms.LoadMessageInfo() == nil { ms.StoreMessageInfo(mi) @@ -1503,7 +1271,7 @@ func (x *TCPRoute) ProtoReflect() protoreflect.Message { // Deprecated: Use TCPRoute.ProtoReflect.Descriptor instead. func (*TCPRoute) Descriptor() ([]byte, []int) { - return file_networking_v1beta1_virtual_service_proto_rawDescGZIP(), []int{6} + return file_networking_v1alpha3_virtual_service_proto_rawDescGZIP(), []int{6} } func (x *TCPRoute) GetMatch() []*L4MatchAttributes { @@ -1520,43 +1288,14 @@ func (x *TCPRoute) GetRoute() []*RouteDestination { return nil } -// HttpMatchRequest specifies a set of criterion to be met in order for the +// HttpMatchRequest specifies a set of criteria to be met in order for the // rule to be applied to the HTTP request. For example, the following // restricts the rule to match only requests where the URL path // starts with /ratings/v2/ and the request contains a custom `end-user` header // with value `jason`. // -// {{}} -// {{}} -// ```yaml -// apiVersion: networking.istio.io/v1alpha3 -// kind: VirtualService -// metadata: -// -// name: ratings-route -// -// spec: -// -// hosts: -// - ratings.prod.svc.cluster.local -// http: -// - match: -// - headers: -// end-user: -// exact: jason -// uri: -// prefix: "/ratings/v2/" -// ignoreUriCase: true -// route: -// - destination: -// host: ratings.prod.svc.cluster.local -// -// ``` -// {{}} -// -// {{}} // ```yaml -// apiVersion: networking.istio.io/v1beta1 +// apiVersion: networking.istio.io/v1 // kind: VirtualService // metadata: // @@ -1579,11 +1318,11 @@ func (x *TCPRoute) GetRoute() []*RouteDestination { // host: ratings.prod.svc.cluster.local // // ``` -// {{}} -// {{}} // // HTTPMatchRequest CANNOT be empty. -// **Note:** No regex string match can be set when delegate VirtualService is specified. +// **Note:** +// 1. If a root VirtualService have matched any property (path, header etc.) by regex, delegate VirtualServices should not have any other matches on the same property. +// 2. If a delegate VirtualService have matched any property (path, header etc.) by regex, root VirtualServices should not have any other matches on the same property. type HTTPMatchRequest struct { state protoimpl.MessageState sizeCache protoimpl.SizeCache @@ -1600,10 +1339,10 @@ type HTTPMatchRequest struct { // // - `prefix: "value"` for prefix-based match // - // - `regex: "value"` for RE2 style regex-based match (https://github.com/google/re2/wiki/Syntax). + // - `regex: "value"` for [RE2 style regex-based match](https://github.com/google/re2/wiki/Syntax). // // **Note:** Case-insensitive matching could be enabled via the - // `ignore_uri_case` flag. + // `ignoreUriCase` flag. Uri *StringMatch `protobuf:"bytes,1,opt,name=uri,proto3" json:"uri,omitempty"` // URI Scheme // values are case-sensitive and formatted as follows: @@ -1612,7 +1351,7 @@ type HTTPMatchRequest struct { // // - `prefix: "value"` for prefix-based match // - // - `regex: "value"` for RE2 style regex-based match (https://github.com/google/re2/wiki/Syntax). + // - `regex: "value"` for [RE2 style regex-based match](https://github.com/google/re2/wiki/Syntax). Scheme *StringMatch `protobuf:"bytes,2,opt,name=scheme,proto3" json:"scheme,omitempty"` // HTTP Method // values are case-sensitive and formatted as follows: @@ -1621,7 +1360,7 @@ type HTTPMatchRequest struct { // // - `prefix: "value"` for prefix-based match // - // - `regex: "value"` for RE2 style regex-based match (https://github.com/google/re2/wiki/Syntax). + // - `regex: "value"` for [RE2 style regex-based match](https://github.com/google/re2/wiki/Syntax). Method *StringMatch `protobuf:"bytes,3,opt,name=method,proto3" json:"method,omitempty"` // HTTP Authority // values are case-sensitive and formatted as follows: @@ -1630,7 +1369,7 @@ type HTTPMatchRequest struct { // // - `prefix: "value"` for prefix-based match // - // - `regex: "value"` for RE2 style regex-based match (https://github.com/google/re2/wiki/Syntax). + // - `regex: "value"` for [RE2 style regex-based match](https://github.com/google/re2/wiki/Syntax). Authority *StringMatch `protobuf:"bytes,4,opt,name=authority,proto3" json:"authority,omitempty"` // The header keys must be lowercase and use hyphen as the separator, // e.g. _x-request-id_. @@ -1641,9 +1380,17 @@ type HTTPMatchRequest struct { // // - `prefix: "value"` for prefix-based match // - // - `regex: "value"` for RE2 style regex-based match (https://github.com/google/re2/wiki/Syntax). + // - `regex: "value"` for [RE2 style regex-based match](https://github.com/google/re2/wiki/Syntax). + // + // If the value is empty and only the name of header is specified, presence of the header is checked. + // To provide an empty value, use `{}`, for example: + // + // ``` + // - match: + // - headers: + // myheader: {} // - // If the value is empty and only the name of header is specfied, presence of the header is checked. + // ``` // **Note:** The keys `uri`, `scheme`, `method`, and `authority` will be ignored. Headers map[string]*StringMatch `protobuf:"bytes,5,rep,name=headers,proto3" json:"headers,omitempty" protobuf_key:"bytes,1,opt,name=key,proto3" protobuf_val:"bytes,2,opt,name=value,proto3"` // Specifies the ports on the host that is being addressed. Many services @@ -1669,11 +1416,12 @@ type HTTPMatchRequest struct { // - For a query parameter like "?key", the map key would be "key" and the // string match could be defined as `exact: ""`. // + // - For a query parameter like "?key=abc" or "?key=abx", the map key would be "key" and the + // string match could be defined as `prefix: "ab"`. + // // - For a query parameter like "?key=123", the map key would be "key" and the // string match could be defined as `regex: "\d+$"`. Note that this // configuration will only match values like "123" but not "a123" or "123a". - // - // **Note:** `prefix` matching is currently not supported. QueryParams map[string]*StringMatch `protobuf:"bytes,9,rep,name=query_params,json=queryParams,proto3" json:"query_params,omitempty" protobuf_key:"bytes,1,opt,name=key,proto3" protobuf_val:"bytes,2,opt,name=value,proto3"` // Flag to specify whether the URI matching should be case-insensitive. // @@ -1698,11 +1446,9 @@ type HTTPMatchRequest struct { func (x *HTTPMatchRequest) Reset() { *x = HTTPMatchRequest{} - if protoimpl.UnsafeEnabled { - mi := &file_networking_v1beta1_virtual_service_proto_msgTypes[7] - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - ms.StoreMessageInfo(mi) - } + mi := &file_networking_v1alpha3_virtual_service_proto_msgTypes[7] + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + ms.StoreMessageInfo(mi) } func (x *HTTPMatchRequest) String() string { @@ -1712,8 +1458,8 @@ func (x *HTTPMatchRequest) String() string { func (*HTTPMatchRequest) ProtoMessage() {} func (x *HTTPMatchRequest) ProtoReflect() protoreflect.Message { - mi := &file_networking_v1beta1_virtual_service_proto_msgTypes[7] - if protoimpl.UnsafeEnabled && x != nil { + mi := &file_networking_v1alpha3_virtual_service_proto_msgTypes[7] + if x != nil { ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) if ms.LoadMessageInfo() == nil { ms.StoreMessageInfo(mi) @@ -1725,7 +1471,7 @@ func (x *HTTPMatchRequest) ProtoReflect() protoreflect.Message { // Deprecated: Use HTTPMatchRequest.ProtoReflect.Descriptor instead. func (*HTTPMatchRequest) Descriptor() ([]byte, []int) { - return file_networking_v1beta1_virtual_service_proto_rawDescGZIP(), []int{7} + return file_networking_v1alpha3_virtual_service_proto_rawDescGZIP(), []int{7} } func (x *HTTPMatchRequest) GetName() string { @@ -1833,36 +1579,8 @@ func (x *HTTPMatchRequest) GetStatPrefix() string { // instances with the "v2" tag and the remaining traffic (i.e., 75%) to // "v1". // -// {{}} -// {{}} -// ```yaml -// apiVersion: networking.istio.io/v1alpha3 -// kind: VirtualService -// metadata: -// -// name: reviews-route -// -// spec: -// -// hosts: -// - reviews.prod.svc.cluster.local -// http: -// - route: -// - destination: -// host: reviews.prod.svc.cluster.local -// subset: v2 -// weight: 25 -// - destination: -// host: reviews.prod.svc.cluster.local -// subset: v1 -// weight: 75 -// -// ``` -// {{}} -// -// {{}} // ```yaml -// apiVersion: networking.istio.io/v1beta1 +// apiVersion: networking.istio.io/v1 // kind: VirtualService // metadata: // @@ -1884,37 +1602,11 @@ func (x *HTTPMatchRequest) GetStatPrefix() string { // weight: 75 // // ``` -// {{}} -// {{}} // // # And the associated DestinationRule // -// {{}} -// {{}} -// ```yaml -// apiVersion: networking.istio.io/v1alpha3 -// kind: DestinationRule -// metadata: -// -// name: reviews-destination -// -// spec: -// -// host: reviews.prod.svc.cluster.local -// subsets: -// - name: v1 -// labels: -// version: v1 -// - name: v2 -// labels: -// version: v2 -// -// ``` -// {{}} -// -// {{}} // ```yaml -// apiVersion: networking.istio.io/v1beta1 +// apiVersion: networking.istio.io/v1 // kind: DestinationRule // metadata: // @@ -1932,41 +1624,13 @@ func (x *HTTPMatchRequest) GetStatPrefix() string { // version: v2 // // ``` -// {{}} -// {{}} // // Traffic can also be split across two entirely different services without // having to define new subsets. For example, the following rule forwards 25% of // traffic to reviews.com to dev.reviews.com // -// {{}} -// {{}} -// ```yaml -// apiVersion: networking.istio.io/v1alpha3 -// kind: VirtualService -// metadata: -// -// name: reviews-route-two-domains -// -// spec: -// -// hosts: -// - reviews.com -// http: -// - route: -// - destination: -// host: dev.reviews.com -// weight: 25 -// - destination: -// host: reviews.com -// weight: 75 -// -// ``` -// {{}} -// -// {{}} // ```yaml -// apiVersion: networking.istio.io/v1beta1 +// apiVersion: networking.istio.io/v1 // kind: VirtualService // metadata: // @@ -1986,8 +1650,6 @@ func (x *HTTPMatchRequest) GetStatPrefix() string { // weight: 75 // // ``` -// {{}} -// {{}} type HTTPRouteDestination struct { state protoimpl.MessageState sizeCache protoimpl.SizeCache @@ -2006,11 +1668,9 @@ type HTTPRouteDestination struct { func (x *HTTPRouteDestination) Reset() { *x = HTTPRouteDestination{} - if protoimpl.UnsafeEnabled { - mi := &file_networking_v1beta1_virtual_service_proto_msgTypes[8] - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - ms.StoreMessageInfo(mi) - } + mi := &file_networking_v1alpha3_virtual_service_proto_msgTypes[8] + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + ms.StoreMessageInfo(mi) } func (x *HTTPRouteDestination) String() string { @@ -2020,8 +1680,8 @@ func (x *HTTPRouteDestination) String() string { func (*HTTPRouteDestination) ProtoMessage() {} func (x *HTTPRouteDestination) ProtoReflect() protoreflect.Message { - mi := &file_networking_v1beta1_virtual_service_proto_msgTypes[8] - if protoimpl.UnsafeEnabled && x != nil { + mi := &file_networking_v1alpha3_virtual_service_proto_msgTypes[8] + if x != nil { ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) if ms.LoadMessageInfo() == nil { ms.StoreMessageInfo(mi) @@ -2033,7 +1693,7 @@ func (x *HTTPRouteDestination) ProtoReflect() protoreflect.Message { // Deprecated: Use HTTPRouteDestination.ProtoReflect.Descriptor instead. func (*HTTPRouteDestination) Descriptor() ([]byte, []int) { - return file_networking_v1beta1_virtual_service_proto_rawDescGZIP(), []int{8} + return file_networking_v1alpha3_virtual_service_proto_rawDescGZIP(), []int{8} } func (x *HTTPRouteDestination) GetDestination() *Destination { @@ -2074,11 +1734,9 @@ type RouteDestination struct { func (x *RouteDestination) Reset() { *x = RouteDestination{} - if protoimpl.UnsafeEnabled { - mi := &file_networking_v1beta1_virtual_service_proto_msgTypes[9] - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - ms.StoreMessageInfo(mi) - } + mi := &file_networking_v1alpha3_virtual_service_proto_msgTypes[9] + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + ms.StoreMessageInfo(mi) } func (x *RouteDestination) String() string { @@ -2088,8 +1746,8 @@ func (x *RouteDestination) String() string { func (*RouteDestination) ProtoMessage() {} func (x *RouteDestination) ProtoReflect() protoreflect.Message { - mi := &file_networking_v1beta1_virtual_service_proto_msgTypes[9] - if protoimpl.UnsafeEnabled && x != nil { + mi := &file_networking_v1alpha3_virtual_service_proto_msgTypes[9] + if x != nil { ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) if ms.LoadMessageInfo() == nil { ms.StoreMessageInfo(mi) @@ -2101,7 +1759,7 @@ func (x *RouteDestination) ProtoReflect() protoreflect.Message { // Deprecated: Use RouteDestination.ProtoReflect.Descriptor instead. func (*RouteDestination) Descriptor() ([]byte, []int) { - return file_networking_v1beta1_virtual_service_proto_rawDescGZIP(), []int{9} + return file_networking_v1alpha3_virtual_service_proto_rawDescGZIP(), []int{9} } func (x *RouteDestination) GetDestination() *Destination { @@ -2153,11 +1811,9 @@ type L4MatchAttributes struct { func (x *L4MatchAttributes) Reset() { *x = L4MatchAttributes{} - if protoimpl.UnsafeEnabled { - mi := &file_networking_v1beta1_virtual_service_proto_msgTypes[10] - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - ms.StoreMessageInfo(mi) - } + mi := &file_networking_v1alpha3_virtual_service_proto_msgTypes[10] + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + ms.StoreMessageInfo(mi) } func (x *L4MatchAttributes) String() string { @@ -2167,8 +1823,8 @@ func (x *L4MatchAttributes) String() string { func (*L4MatchAttributes) ProtoMessage() {} func (x *L4MatchAttributes) ProtoReflect() protoreflect.Message { - mi := &file_networking_v1beta1_virtual_service_proto_msgTypes[10] - if protoimpl.UnsafeEnabled && x != nil { + mi := &file_networking_v1alpha3_virtual_service_proto_msgTypes[10] + if x != nil { ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) if ms.LoadMessageInfo() == nil { ms.StoreMessageInfo(mi) @@ -2180,7 +1836,7 @@ func (x *L4MatchAttributes) ProtoReflect() protoreflect.Message { // Deprecated: Use L4MatchAttributes.ProtoReflect.Descriptor instead. func (*L4MatchAttributes) Descriptor() ([]byte, []int) { - return file_networking_v1beta1_virtual_service_proto_rawDescGZIP(), []int{10} + return file_networking_v1alpha3_virtual_service_proto_rawDescGZIP(), []int{10} } func (x *L4MatchAttributes) GetDestinationSubnets() []string { @@ -2234,7 +1890,7 @@ type TLSMatchAttributes struct { // SNI (server name indicator) to match on. Wildcard prefixes // can be used in the SNI value, e.g., *.com will match foo.example.com // as well as example.com. An SNI value must be a subset (i.e., fall - // within the domain) of the corresponding virtual serivce's hosts. + // within the domain) of the corresponding virtual service's hosts. SniHosts []string `protobuf:"bytes,1,rep,name=sni_hosts,json=sniHosts,proto3" json:"sni_hosts,omitempty"` // IPv4 or IPv6 ip addresses of destination with optional subnet. E.g., // a.b.c.d/xx form or just a.b.c.d. @@ -2261,11 +1917,9 @@ type TLSMatchAttributes struct { func (x *TLSMatchAttributes) Reset() { *x = TLSMatchAttributes{} - if protoimpl.UnsafeEnabled { - mi := &file_networking_v1beta1_virtual_service_proto_msgTypes[11] - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - ms.StoreMessageInfo(mi) - } + mi := &file_networking_v1alpha3_virtual_service_proto_msgTypes[11] + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + ms.StoreMessageInfo(mi) } func (x *TLSMatchAttributes) String() string { @@ -2275,8 +1929,8 @@ func (x *TLSMatchAttributes) String() string { func (*TLSMatchAttributes) ProtoMessage() {} func (x *TLSMatchAttributes) ProtoReflect() protoreflect.Message { - mi := &file_networking_v1beta1_virtual_service_proto_msgTypes[11] - if protoimpl.UnsafeEnabled && x != nil { + mi := &file_networking_v1alpha3_virtual_service_proto_msgTypes[11] + if x != nil { ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) if ms.LoadMessageInfo() == nil { ms.StoreMessageInfo(mi) @@ -2288,7 +1942,7 @@ func (x *TLSMatchAttributes) ProtoReflect() protoreflect.Message { // Deprecated: Use TLSMatchAttributes.ProtoReflect.Descriptor instead. func (*TLSMatchAttributes) Descriptor() ([]byte, []int) { - return file_networking_v1beta1_virtual_service_proto_rawDescGZIP(), []int{11} + return file_networking_v1alpha3_virtual_service_proto_rawDescGZIP(), []int{11} } func (x *TLSMatchAttributes) GetSniHosts() []string { @@ -2339,34 +1993,8 @@ func (x *TLSMatchAttributes) GetSourceNamespace() string { // requests for /v1/getProductRatings API on the ratings service to // /v1/bookRatings provided by the bookratings service. // -// {{}} -// {{}} -// ```yaml -// apiVersion: networking.istio.io/v1alpha3 -// kind: VirtualService -// metadata: -// -// name: ratings-route -// -// spec: -// -// hosts: -// - ratings.prod.svc.cluster.local -// http: -// - match: -// - uri: -// exact: /v1/getProductRatings -// redirect: -// uri: /v1/bookRatings -// authority: newratings.default.svc.cluster.local -// ... -// -// ``` -// {{}} -// -// {{}} // ```yaml -// apiVersion: networking.istio.io/v1beta1 +// apiVersion: networking.istio.io/v1 // kind: VirtualService // metadata: // @@ -2386,8 +2014,6 @@ func (x *TLSMatchAttributes) GetSourceNamespace() string { // ... // // ``` -// {{}} -// {{}} type HTTPRedirect struct { state protoimpl.MessageState sizeCache protoimpl.SizeCache @@ -2417,11 +2043,9 @@ type HTTPRedirect struct { func (x *HTTPRedirect) Reset() { *x = HTTPRedirect{} - if protoimpl.UnsafeEnabled { - mi := &file_networking_v1beta1_virtual_service_proto_msgTypes[12] - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - ms.StoreMessageInfo(mi) - } + mi := &file_networking_v1alpha3_virtual_service_proto_msgTypes[12] + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + ms.StoreMessageInfo(mi) } func (x *HTTPRedirect) String() string { @@ -2431,8 +2055,8 @@ func (x *HTTPRedirect) String() string { func (*HTTPRedirect) ProtoMessage() {} func (x *HTTPRedirect) ProtoReflect() protoreflect.Message { - mi := &file_networking_v1beta1_virtual_service_proto_msgTypes[12] - if protoimpl.UnsafeEnabled && x != nil { + mi := &file_networking_v1alpha3_virtual_service_proto_msgTypes[12] + if x != nil { ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) if ms.LoadMessageInfo() == nil { ms.StoreMessageInfo(mi) @@ -2444,7 +2068,7 @@ func (x *HTTPRedirect) ProtoReflect() protoreflect.Message { // Deprecated: Use HTTPRedirect.ProtoReflect.Descriptor instead. func (*HTTPRedirect) Descriptor() ([]byte, []int) { - return file_networking_v1beta1_virtual_service_proto_rawDescGZIP(), []int{12} + return file_networking_v1alpha3_virtual_service_proto_rawDescGZIP(), []int{12} } func (x *HTTPRedirect) GetUri() string { @@ -2509,7 +2133,7 @@ type HTTPRedirect_DerivePort struct { // On a redirect, dynamically set the port: // * FROM_PROTOCOL_DEFAULT: automatically set to 80 for HTTP and 443 for HTTPS. // * FROM_REQUEST_PORT: automatically use the port of the request. - DerivePort HTTPRedirect_RedirectPortSelection `protobuf:"varint,5,opt,name=derive_port,json=derivePort,proto3,enum=istio.networking.v1beta1.HTTPRedirect_RedirectPortSelection,oneof"` + DerivePort HTTPRedirect_RedirectPortSelection `protobuf:"varint,5,opt,name=derive_port,json=derivePort,proto3,enum=istio.networking.v1alpha3.HTTPRedirect_RedirectPortSelection,oneof"` } func (*HTTPRedirect_Port) isHTTPRedirect_RedirectPort() {} @@ -2520,10 +2144,8 @@ func (*HTTPRedirect_DerivePort) isHTTPRedirect_RedirectPort() {} // For example, the following rule returns a fixed 503 status with a body // to requests for /v1/getProductRatings API. // -// {{}} -// {{}} // ```yaml -// apiVersion: networking.istio.io/v1alpha3 +// apiVersion: networking.istio.io/v1 // kind: VirtualService // metadata: // @@ -2544,66 +2166,12 @@ func (*HTTPRedirect_DerivePort) isHTTPRedirect_RedirectPort() {} // ... // // ``` -// {{}} -// -// {{}} -// ```yaml -// apiVersion: networking.istio.io/v1beta1 -// kind: VirtualService -// metadata: -// -// name: ratings-route -// -// spec: -// -// hosts: -// - ratings.prod.svc.cluster.local -// http: -// - match: -// - uri: -// exact: /v1/getProductRatings -// directResponse: -// status: 503 -// body: -// string: "unknown error" -// ... -// -// ``` -// {{}} -// {{}} // // It is also possible to specify a binary response body. // This is mostly useful for non text-based protocols such as gRPC. // -// {{}} -// {{}} -// ```yaml -// apiVersion: networking.istio.io/v1alpha3 -// kind: VirtualService -// metadata: -// -// name: ratings-route -// -// spec: -// -// hosts: -// - ratings.prod.svc.cluster.local -// http: -// - match: -// - uri: -// exact: /v1/getProductRatings -// directResponse: -// status: 503 -// body: -// bytes: "dW5rbm93biBlcnJvcg==" # "unknown error" in base64 -// ... -// -// ``` -// {{}} -// -// {{}} // ```yaml -// apiVersion: networking.istio.io/v1beta1 +// apiVersion: networking.istio.io/v1 // kind: VirtualService // metadata: // @@ -2624,46 +2192,13 @@ func (*HTTPRedirect_DerivePort) isHTTPRedirect_RedirectPort() {} // ... // // ``` -// {{}} -// {{}} // // It is good practice to add headers in the HTTPRoute // as well as the direct_response, for example to specify // the returned Content-Type. // -// {{}} -// {{}} -// ```yaml -// apiVersion: networking.istio.io/v1alpha3 -// kind: VirtualService -// metadata: -// -// name: ratings-route -// -// spec: -// -// hosts: -// - ratings.prod.svc.cluster.local -// http: -// - match: -// - uri: -// exact: /v1/getProductRatings -// directResponse: -// status: 503 -// body: -// string: "{\"error\": \"unknown error\"}" -// headers: -// response: -// set: -// content-type: "appliation/json" -// ... -// -// ``` -// {{}} -// -// {{}} // ```yaml -// apiVersion: networking.istio.io/v1beta1 +// apiVersion: networking.istio.io/v1 // kind: VirtualService // metadata: // @@ -2688,8 +2223,6 @@ func (*HTTPRedirect_DerivePort) isHTTPRedirect_RedirectPort() {} // ... // // ``` -// {{}} -// {{}} type HTTPDirectResponse struct { state protoimpl.MessageState sizeCache protoimpl.SizeCache @@ -2704,11 +2237,9 @@ type HTTPDirectResponse struct { func (x *HTTPDirectResponse) Reset() { *x = HTTPDirectResponse{} - if protoimpl.UnsafeEnabled { - mi := &file_networking_v1beta1_virtual_service_proto_msgTypes[13] - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - ms.StoreMessageInfo(mi) - } + mi := &file_networking_v1alpha3_virtual_service_proto_msgTypes[13] + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + ms.StoreMessageInfo(mi) } func (x *HTTPDirectResponse) String() string { @@ -2718,8 +2249,8 @@ func (x *HTTPDirectResponse) String() string { func (*HTTPDirectResponse) ProtoMessage() {} func (x *HTTPDirectResponse) ProtoReflect() protoreflect.Message { - mi := &file_networking_v1beta1_virtual_service_proto_msgTypes[13] - if protoimpl.UnsafeEnabled && x != nil { + mi := &file_networking_v1alpha3_virtual_service_proto_msgTypes[13] + if x != nil { ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) if ms.LoadMessageInfo() == nil { ms.StoreMessageInfo(mi) @@ -2731,7 +2262,7 @@ func (x *HTTPDirectResponse) ProtoReflect() protoreflect.Message { // Deprecated: Use HTTPDirectResponse.ProtoReflect.Descriptor instead. func (*HTTPDirectResponse) Descriptor() ([]byte, []int) { - return file_networking_v1beta1_virtual_service_proto_rawDescGZIP(), []int{13} + return file_networking_v1alpha3_virtual_service_proto_rawDescGZIP(), []int{13} } func (x *HTTPDirectResponse) GetStatus() uint32 { @@ -2762,11 +2293,9 @@ type HTTPBody struct { func (x *HTTPBody) Reset() { *x = HTTPBody{} - if protoimpl.UnsafeEnabled { - mi := &file_networking_v1beta1_virtual_service_proto_msgTypes[14] - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - ms.StoreMessageInfo(mi) - } + mi := &file_networking_v1alpha3_virtual_service_proto_msgTypes[14] + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + ms.StoreMessageInfo(mi) } func (x *HTTPBody) String() string { @@ -2776,8 +2305,8 @@ func (x *HTTPBody) String() string { func (*HTTPBody) ProtoMessage() {} func (x *HTTPBody) ProtoReflect() protoreflect.Message { - mi := &file_networking_v1beta1_virtual_service_proto_msgTypes[14] - if protoimpl.UnsafeEnabled && x != nil { + mi := &file_networking_v1alpha3_virtual_service_proto_msgTypes[14] + if x != nil { ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) if ms.LoadMessageInfo() == nil { ms.StoreMessageInfo(mi) @@ -2789,7 +2318,7 @@ func (x *HTTPBody) ProtoReflect() protoreflect.Message { // Deprecated: Use HTTPBody.ProtoReflect.Descriptor instead. func (*HTTPBody) Descriptor() ([]byte, []int) { - return file_networking_v1beta1_virtual_service_proto_rawDescGZIP(), []int{14} + return file_networking_v1alpha3_virtual_service_proto_rawDescGZIP(), []int{14} } func (m *HTTPBody) GetSpecifier() isHTTPBody_Specifier { @@ -2837,10 +2366,8 @@ func (*HTTPBody_Bytes) isHTTPBody_Specifier() {} // demonstrates how to rewrite the URL prefix for api call (/ratings) to // ratings service before making the actual API call. // -// {{}} -// {{}} // ```yaml -// apiVersion: networking.istio.io/v1alpha3 +// apiVersion: networking.istio.io/v1 // kind: VirtualService // metadata: // @@ -2862,34 +2389,6 @@ func (*HTTPBody_Bytes) isHTTPBody_Specifier() {} // subset: v1 // // ``` -// {{}} -// -// {{}} -// ```yaml -// apiVersion: networking.istio.io/v1beta1 -// kind: VirtualService -// metadata: -// -// name: ratings-route -// -// spec: -// -// hosts: -// - ratings.prod.svc.cluster.local -// http: -// - match: -// - uri: -// prefix: /ratings -// rewrite: -// uri: /v1/bookRatings -// route: -// - destination: -// host: ratings.prod.svc.cluster.local -// subset: v1 -// -// ``` -// {{}} -// {{}} type HTTPRewrite struct { state protoimpl.MessageState sizeCache protoimpl.SizeCache @@ -2901,15 +2400,15 @@ type HTTPRewrite struct { Uri string `protobuf:"bytes,1,opt,name=uri,proto3" json:"uri,omitempty"` // rewrite the Authority/Host header with this value. Authority string `protobuf:"bytes,2,opt,name=authority,proto3" json:"authority,omitempty"` + // rewrite the path portion of the URI with the specified regex. + UriRegexRewrite *RegexRewrite `protobuf:"bytes,3,opt,name=uri_regex_rewrite,json=uriRegexRewrite,proto3" json:"uri_regex_rewrite,omitempty"` } func (x *HTTPRewrite) Reset() { *x = HTTPRewrite{} - if protoimpl.UnsafeEnabled { - mi := &file_networking_v1beta1_virtual_service_proto_msgTypes[15] - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - ms.StoreMessageInfo(mi) - } + mi := &file_networking_v1alpha3_virtual_service_proto_msgTypes[15] + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + ms.StoreMessageInfo(mi) } func (x *HTTPRewrite) String() string { @@ -2919,8 +2418,8 @@ func (x *HTTPRewrite) String() string { func (*HTTPRewrite) ProtoMessage() {} func (x *HTTPRewrite) ProtoReflect() protoreflect.Message { - mi := &file_networking_v1beta1_virtual_service_proto_msgTypes[15] - if protoimpl.UnsafeEnabled && x != nil { + mi := &file_networking_v1alpha3_virtual_service_proto_msgTypes[15] + if x != nil { ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) if ms.LoadMessageInfo() == nil { ms.StoreMessageInfo(mi) @@ -2932,7 +2431,7 @@ func (x *HTTPRewrite) ProtoReflect() protoreflect.Message { // Deprecated: Use HTTPRewrite.ProtoReflect.Descriptor instead. func (*HTTPRewrite) Descriptor() ([]byte, []int) { - return file_networking_v1beta1_virtual_service_proto_rawDescGZIP(), []int{15} + return file_networking_v1alpha3_virtual_service_proto_rawDescGZIP(), []int{15} } func (x *HTTPRewrite) GetUri() string { @@ -2949,8 +2448,80 @@ func (x *HTTPRewrite) GetAuthority() string { return "" } -// Describes how to match a given string in HTTP headers. Match is -// case-sensitive. +func (x *HTTPRewrite) GetUriRegexRewrite() *RegexRewrite { + if x != nil { + return x.UriRegexRewrite + } + return nil +} + +type RegexRewrite struct { + state protoimpl.MessageState + sizeCache protoimpl.SizeCache + unknownFields protoimpl.UnknownFields + + // [RE2 style regex-based match](https://github.com/google/re2/wiki/Syntax). + Match string `protobuf:"bytes,1,opt,name=match,proto3" json:"match,omitempty"` + // The string that should replace into matching portions of original URI. + // Capture groups in the pattern can be referenced in the new URI. + // Examples: + // + // Example 1: rewrite with capture groups + // Path pattern "/service/update/v1/api" with match "^/service/([^/]+)(/.*)$" and + // rewrite string of "/customprefix/\2/\1" would transform into "/customprefix/v1/api/update". + // + // Example 2: case insensitive rewrite + // Path pattern "/aaa/XxX/bbb" with match "(?i)/xxx/" and a rewrite string of /yyy/ would do a + // case-insensitive match and transform the path to "/aaa/yyy/bbb". + Rewrite string `protobuf:"bytes,2,opt,name=rewrite,proto3" json:"rewrite,omitempty"` +} + +func (x *RegexRewrite) Reset() { + *x = RegexRewrite{} + mi := &file_networking_v1alpha3_virtual_service_proto_msgTypes[16] + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + ms.StoreMessageInfo(mi) +} + +func (x *RegexRewrite) String() string { + return protoimpl.X.MessageStringOf(x) +} + +func (*RegexRewrite) ProtoMessage() {} + +func (x *RegexRewrite) ProtoReflect() protoreflect.Message { + mi := &file_networking_v1alpha3_virtual_service_proto_msgTypes[16] + if x != nil { + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + if ms.LoadMessageInfo() == nil { + ms.StoreMessageInfo(mi) + } + return ms + } + return mi.MessageOf(x) +} + +// Deprecated: Use RegexRewrite.ProtoReflect.Descriptor instead. +func (*RegexRewrite) Descriptor() ([]byte, []int) { + return file_networking_v1alpha3_virtual_service_proto_rawDescGZIP(), []int{16} +} + +func (x *RegexRewrite) GetMatch() string { + if x != nil { + return x.Match + } + return "" +} + +func (x *RegexRewrite) GetRewrite() string { + if x != nil { + return x.Rewrite + } + return "" +} + +// Describes how to match a given string in HTTP headers. `exact` and `prefix` matching is +// case-sensitive. `regex` matching supports case-insensitive matches. type StringMatch struct { state protoimpl.MessageState sizeCache protoimpl.SizeCache @@ -2966,11 +2537,9 @@ type StringMatch struct { func (x *StringMatch) Reset() { *x = StringMatch{} - if protoimpl.UnsafeEnabled { - mi := &file_networking_v1beta1_virtual_service_proto_msgTypes[16] - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - ms.StoreMessageInfo(mi) - } + mi := &file_networking_v1alpha3_virtual_service_proto_msgTypes[17] + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + ms.StoreMessageInfo(mi) } func (x *StringMatch) String() string { @@ -2980,8 +2549,8 @@ func (x *StringMatch) String() string { func (*StringMatch) ProtoMessage() {} func (x *StringMatch) ProtoReflect() protoreflect.Message { - mi := &file_networking_v1beta1_virtual_service_proto_msgTypes[16] - if protoimpl.UnsafeEnabled && x != nil { + mi := &file_networking_v1alpha3_virtual_service_proto_msgTypes[17] + if x != nil { ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) if ms.LoadMessageInfo() == nil { ms.StoreMessageInfo(mi) @@ -2993,7 +2562,7 @@ func (x *StringMatch) ProtoReflect() protoreflect.Message { // Deprecated: Use StringMatch.ProtoReflect.Descriptor instead. func (*StringMatch) Descriptor() ([]byte, []int) { - return file_networking_v1beta1_virtual_service_proto_rawDescGZIP(), []int{16} + return file_networking_v1alpha3_virtual_service_proto_rawDescGZIP(), []int{17} } func (m *StringMatch) GetMatchType() isStringMatch_MatchType { @@ -3039,7 +2608,9 @@ type StringMatch_Prefix struct { } type StringMatch_Regex struct { - // RE2 style regex-based match (https://github.com/google/re2/wiki/Syntax). + // [RE2 style regex-based match](https://github.com/google/re2/wiki/Syntax). + // + // Example: `(?i)^aaa$` can be used to case-insensitive match a string consisting of three a's. Regex string `protobuf:"bytes,3,opt,name=regex,proto3,oneof"` } @@ -3055,35 +2626,8 @@ func (*StringMatch_Regex) isStringMatch_MatchType() {} // A retry will be attempted if there is a connect-failure, refused_stream // or when the upstream server responds with Service Unavailable(503). // -// {{}} -// {{}} // ```yaml -// apiVersion: networking.istio.io/v1alpha3 -// kind: VirtualService -// metadata: -// -// name: ratings-route -// -// spec: -// -// hosts: -// - ratings.prod.svc.cluster.local -// http: -// - route: -// - destination: -// host: ratings.prod.svc.cluster.local -// subset: v1 -// retries: -// attempts: 3 -// perTryTimeout: 2s -// retryOn: connect-failure,refused-stream,503 -// -// ``` -// {{}} -// -// {{}} -// ```yaml -// apiVersion: networking.istio.io/v1beta1 +// apiVersion: networking.istio.io/v1 // kind: VirtualService // metadata: // @@ -3104,8 +2648,6 @@ func (*StringMatch_Regex) isStringMatch_MatchType() {} // retryOn: gateway-error,connect-failure,refused-stream // // ``` -// {{}} -// {{}} type HTTPRetry struct { state protoimpl.MessageState sizeCache protoimpl.SizeCache @@ -3115,18 +2657,25 @@ type HTTPRetry struct { // between retries will be determined automatically (25ms+). When request // `timeout` of the [HTTP route](https://istio.io/docs/reference/config/networking/virtual-service/#HTTPRoute) // or `per_try_timeout` is configured, the actual number of retries attempted also depends on - // the specified request `timeout` and `per_try_timeout` values. + // the specified request `timeout` and `per_try_timeout` values. MUST be >= 0. If `0`, retries will be disabled. + // The maximum possible number of requests made will be 1 + `attempts`. Attempts int32 `protobuf:"varint,1,opt,name=attempts,proto3" json:"attempts,omitempty"` - // Timeout per attempt for a given request, including the initial call and any retries. Format: 1h/1m/1s/1ms. MUST BE >=1ms. + // Timeout per attempt for a given request, including the initial call and any retries. Format: 1h/1m/1s/1ms. MUST be >=1ms. // Default is same value as request // `timeout` of the [HTTP route](https://istio.io/docs/reference/config/networking/virtual-service/#HTTPRoute), // which means no timeout. PerTryTimeout *duration.Duration `protobuf:"bytes,2,opt,name=per_try_timeout,json=perTryTimeout,proto3" json:"per_try_timeout,omitempty"` // Specifies the conditions under which retry takes place. // One or more policies can be specified using a ‘,’ delimited list. - // If `retry_on` specifies a valid HTTP status, it will be added to retriable_status_codes retry policy. // See the [retry policies](https://www.envoyproxy.io/docs/envoy/latest/configuration/http/http_filters/router_filter#x-envoy-retry-on) // and [gRPC retry policies](https://www.envoyproxy.io/docs/envoy/latest/configuration/http/http_filters/router_filter#x-envoy-retry-grpc-on) for more details. + // + // In addition to the policies specified above, a list of HTTP status codes can be passed, such as `retryOn: "503,reset"`. + // Note these status codes refer to the actual responses received from the destination. + // For example, if a connection is reset, Istio will translate this to 503 for it's response. + // However, the destination did not return a 503 error, so this would not match `"503"` (it would, however, match `"reset"`). + // + // If not specified, this defaults to `connect-failure,refused-stream,unavailable,cancelled,503`. RetryOn string `protobuf:"bytes,3,opt,name=retry_on,json=retryOn,proto3" json:"retry_on,omitempty"` // Flag to specify whether the retries should retry to other localities. // See the [retry plugin configuration](https://www.envoyproxy.io/docs/envoy/latest/intro/arch_overview/http/http_connection_management#retry-plugin-configuration) for more details. @@ -3135,11 +2684,9 @@ type HTTPRetry struct { func (x *HTTPRetry) Reset() { *x = HTTPRetry{} - if protoimpl.UnsafeEnabled { - mi := &file_networking_v1beta1_virtual_service_proto_msgTypes[17] - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - ms.StoreMessageInfo(mi) - } + mi := &file_networking_v1alpha3_virtual_service_proto_msgTypes[18] + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + ms.StoreMessageInfo(mi) } func (x *HTTPRetry) String() string { @@ -3149,8 +2696,8 @@ func (x *HTTPRetry) String() string { func (*HTTPRetry) ProtoMessage() {} func (x *HTTPRetry) ProtoReflect() protoreflect.Message { - mi := &file_networking_v1beta1_virtual_service_proto_msgTypes[17] - if protoimpl.UnsafeEnabled && x != nil { + mi := &file_networking_v1alpha3_virtual_service_proto_msgTypes[18] + if x != nil { ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) if ms.LoadMessageInfo() == nil { ms.StoreMessageInfo(mi) @@ -3162,7 +2709,7 @@ func (x *HTTPRetry) ProtoReflect() protoreflect.Message { // Deprecated: Use HTTPRetry.ProtoReflect.Descriptor instead. func (*HTTPRetry) Descriptor() ([]byte, []int) { - return file_networking_v1beta1_virtual_service_proto_rawDescGZIP(), []int{17} + return file_networking_v1alpha3_virtual_service_proto_rawDescGZIP(), []int{18} } func (x *HTTPRetry) GetAttempts() int32 { @@ -3201,41 +2748,8 @@ func (x *HTTPRetry) GetRetryRemoteLocalities() *wrappers.BoolValue { // `Access-Control-Allow-Credentials` header to false. In addition, it only // exposes `X-Foo-bar` header and sets an expiry period of 1 day. // -// {{}} -// {{}} -// ```yaml -// apiVersion: networking.istio.io/v1alpha3 -// kind: VirtualService -// metadata: -// -// name: ratings-route -// -// spec: -// -// hosts: -// - ratings.prod.svc.cluster.local -// http: -// - route: -// - destination: -// host: ratings.prod.svc.cluster.local -// subset: v1 -// corsPolicy: -// allowOrigins: -// - exact: https://example.com -// allowMethods: -// - POST -// - GET -// allowCredentials: false -// allowHeaders: -// - X-Foo-Bar -// maxAge: "24h" -// -// ``` -// {{}} -// -// {{}} // ```yaml -// apiVersion: networking.istio.io/v1beta1 +// apiVersion: networking.istio.io/v1 // kind: VirtualService // metadata: // @@ -3262,8 +2776,6 @@ func (x *HTTPRetry) GetRetryRemoteLocalities() *wrappers.BoolValue { // maxAge: "24h" // // ``` -// {{}} -// {{}} type CorsPolicy struct { state protoimpl.MessageState sizeCache protoimpl.SizeCache @@ -3274,7 +2786,7 @@ type CorsPolicy struct { // header. Wildcard * will allow all origins. // $hide_from_docs // - // Deprecated: Do not use. + // Deprecated: Marked as deprecated in networking/v1alpha3/virtual_service.proto. AllowOrigin []string `protobuf:"bytes,1,rep,name=allow_origin,json=allowOrigin,proto3" json:"allow_origin,omitempty"` // String patterns that match allowed origins. // An origin is allowed if any of the string matchers match. @@ -3296,15 +2808,17 @@ type CorsPolicy struct { // (not the preflight) using credentials. Translates to // `Access-Control-Allow-Credentials` header. AllowCredentials *wrappers.BoolValue `protobuf:"bytes,6,opt,name=allow_credentials,json=allowCredentials,proto3" json:"allow_credentials,omitempty"` + // Indicates whether preflight requests not matching the configured + // allowed origin shouldn't be forwarded to the upstream. + // Default is forward to upstream. + UnmatchedPreflights CorsPolicy_UnmatchedPreflights `protobuf:"varint,8,opt,name=unmatched_preflights,json=unmatchedPreflights,proto3,enum=istio.networking.v1alpha3.CorsPolicy_UnmatchedPreflights" json:"unmatched_preflights,omitempty"` } func (x *CorsPolicy) Reset() { *x = CorsPolicy{} - if protoimpl.UnsafeEnabled { - mi := &file_networking_v1beta1_virtual_service_proto_msgTypes[18] - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - ms.StoreMessageInfo(mi) - } + mi := &file_networking_v1alpha3_virtual_service_proto_msgTypes[19] + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + ms.StoreMessageInfo(mi) } func (x *CorsPolicy) String() string { @@ -3314,8 +2828,8 @@ func (x *CorsPolicy) String() string { func (*CorsPolicy) ProtoMessage() {} func (x *CorsPolicy) ProtoReflect() protoreflect.Message { - mi := &file_networking_v1beta1_virtual_service_proto_msgTypes[18] - if protoimpl.UnsafeEnabled && x != nil { + mi := &file_networking_v1alpha3_virtual_service_proto_msgTypes[19] + if x != nil { ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) if ms.LoadMessageInfo() == nil { ms.StoreMessageInfo(mi) @@ -3327,10 +2841,10 @@ func (x *CorsPolicy) ProtoReflect() protoreflect.Message { // Deprecated: Use CorsPolicy.ProtoReflect.Descriptor instead. func (*CorsPolicy) Descriptor() ([]byte, []int) { - return file_networking_v1beta1_virtual_service_proto_rawDescGZIP(), []int{18} + return file_networking_v1alpha3_virtual_service_proto_rawDescGZIP(), []int{19} } -// Deprecated: Do not use. +// Deprecated: Marked as deprecated in networking/v1alpha3/virtual_service.proto. func (x *CorsPolicy) GetAllowOrigin() []string { if x != nil { return x.AllowOrigin @@ -3380,6 +2894,13 @@ func (x *CorsPolicy) GetAllowCredentials() *wrappers.BoolValue { return nil } +func (x *CorsPolicy) GetUnmatchedPreflights() CorsPolicy_UnmatchedPreflights { + if x != nil { + return x.UnmatchedPreflights + } + return CorsPolicy_UNSPECIFIED +} + // HTTPFaultInjection can be used to specify one or more faults to inject // while forwarding HTTP requests to the destination specified in a route. // Fault specification is part of a VirtualService rule. Faults include @@ -3403,11 +2924,9 @@ type HTTPFaultInjection struct { func (x *HTTPFaultInjection) Reset() { *x = HTTPFaultInjection{} - if protoimpl.UnsafeEnabled { - mi := &file_networking_v1beta1_virtual_service_proto_msgTypes[19] - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - ms.StoreMessageInfo(mi) - } + mi := &file_networking_v1alpha3_virtual_service_proto_msgTypes[20] + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + ms.StoreMessageInfo(mi) } func (x *HTTPFaultInjection) String() string { @@ -3417,8 +2936,8 @@ func (x *HTTPFaultInjection) String() string { func (*HTTPFaultInjection) ProtoMessage() {} func (x *HTTPFaultInjection) ProtoReflect() protoreflect.Message { - mi := &file_networking_v1beta1_virtual_service_proto_msgTypes[19] - if protoimpl.UnsafeEnabled && x != nil { + mi := &file_networking_v1alpha3_virtual_service_proto_msgTypes[20] + if x != nil { ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) if ms.LoadMessageInfo() == nil { ms.StoreMessageInfo(mi) @@ -3430,7 +2949,7 @@ func (x *HTTPFaultInjection) ProtoReflect() protoreflect.Message { // Deprecated: Use HTTPFaultInjection.ProtoReflect.Descriptor instead. func (*HTTPFaultInjection) Descriptor() ([]byte, []int) { - return file_networking_v1beta1_virtual_service_proto_rawDescGZIP(), []int{19} + return file_networking_v1alpha3_virtual_service_proto_rawDescGZIP(), []int{20} } func (x *HTTPFaultInjection) GetDelay() *HTTPFaultInjection_Delay { @@ -3447,6 +2966,69 @@ func (x *HTTPFaultInjection) GetAbort() *HTTPFaultInjection_Abort { return nil } +// HTTPMirrorPolicy can be used to specify the destinations to mirror HTTP traffic in addition +// to the original destination. Mirrored traffic is on a +// best effort basis where the sidecar/gateway will not wait for the +// mirrored destinations to respond before returning the response from the +// original destination. Statistics will be generated for the mirrored +// destination. +type HTTPMirrorPolicy struct { + state protoimpl.MessageState + sizeCache protoimpl.SizeCache + unknownFields protoimpl.UnknownFields + + // Destination specifies the target of the mirror operation. + Destination *Destination `protobuf:"bytes,1,opt,name=destination,proto3" json:"destination,omitempty"` + // Percentage of the traffic to be mirrored by the `destination` field. + // If this field is absent, all the traffic (100%) will be mirrored. + // Max value is 100. + Percentage *Percent `protobuf:"bytes,2,opt,name=percentage,proto3" json:"percentage,omitempty"` +} + +func (x *HTTPMirrorPolicy) Reset() { + *x = HTTPMirrorPolicy{} + mi := &file_networking_v1alpha3_virtual_service_proto_msgTypes[21] + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + ms.StoreMessageInfo(mi) +} + +func (x *HTTPMirrorPolicy) String() string { + return protoimpl.X.MessageStringOf(x) +} + +func (*HTTPMirrorPolicy) ProtoMessage() {} + +func (x *HTTPMirrorPolicy) ProtoReflect() protoreflect.Message { + mi := &file_networking_v1alpha3_virtual_service_proto_msgTypes[21] + if x != nil { + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + if ms.LoadMessageInfo() == nil { + ms.StoreMessageInfo(mi) + } + return ms + } + return mi.MessageOf(x) +} + +// Deprecated: Use HTTPMirrorPolicy.ProtoReflect.Descriptor instead. +func (*HTTPMirrorPolicy) Descriptor() ([]byte, []int) { + return file_networking_v1alpha3_virtual_service_proto_rawDescGZIP(), []int{21} +} + +func (x *HTTPMirrorPolicy) GetDestination() *Destination { + if x != nil { + return x.Destination + } + return nil +} + +func (x *HTTPMirrorPolicy) GetPercentage() *Percent { + if x != nil { + return x.Percentage + } + return nil +} + // PortSelector specifies the number of a port to be used for // matching or selection for final routing. type PortSelector struct { @@ -3460,11 +3042,9 @@ type PortSelector struct { func (x *PortSelector) Reset() { *x = PortSelector{} - if protoimpl.UnsafeEnabled { - mi := &file_networking_v1beta1_virtual_service_proto_msgTypes[20] - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - ms.StoreMessageInfo(mi) - } + mi := &file_networking_v1alpha3_virtual_service_proto_msgTypes[22] + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + ms.StoreMessageInfo(mi) } func (x *PortSelector) String() string { @@ -3474,8 +3054,8 @@ func (x *PortSelector) String() string { func (*PortSelector) ProtoMessage() {} func (x *PortSelector) ProtoReflect() protoreflect.Message { - mi := &file_networking_v1beta1_virtual_service_proto_msgTypes[20] - if protoimpl.UnsafeEnabled && x != nil { + mi := &file_networking_v1alpha3_virtual_service_proto_msgTypes[22] + if x != nil { ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) if ms.LoadMessageInfo() == nil { ms.StoreMessageInfo(mi) @@ -3487,7 +3067,7 @@ func (x *PortSelector) ProtoReflect() protoreflect.Message { // Deprecated: Use PortSelector.ProtoReflect.Descriptor instead. func (*PortSelector) Descriptor() ([]byte, []int) { - return file_networking_v1beta1_virtual_service_proto_rawDescGZIP(), []int{20} + return file_networking_v1alpha3_virtual_service_proto_rawDescGZIP(), []int{22} } func (x *PortSelector) GetNumber() uint32 { @@ -3508,11 +3088,9 @@ type Percent struct { func (x *Percent) Reset() { *x = Percent{} - if protoimpl.UnsafeEnabled { - mi := &file_networking_v1beta1_virtual_service_proto_msgTypes[21] - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - ms.StoreMessageInfo(mi) - } + mi := &file_networking_v1alpha3_virtual_service_proto_msgTypes[23] + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + ms.StoreMessageInfo(mi) } func (x *Percent) String() string { @@ -3522,8 +3100,8 @@ func (x *Percent) String() string { func (*Percent) ProtoMessage() {} func (x *Percent) ProtoReflect() protoreflect.Message { - mi := &file_networking_v1beta1_virtual_service_proto_msgTypes[21] - if protoimpl.UnsafeEnabled && x != nil { + mi := &file_networking_v1alpha3_virtual_service_proto_msgTypes[23] + if x != nil { ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) if ms.LoadMessageInfo() == nil { ms.StoreMessageInfo(mi) @@ -3535,7 +3113,7 @@ func (x *Percent) ProtoReflect() protoreflect.Message { // Deprecated: Use Percent.ProtoReflect.Descriptor instead. func (*Percent) Descriptor() ([]byte, []int) { - return file_networking_v1beta1_virtual_service_proto_rawDescGZIP(), []int{21} + return file_networking_v1alpha3_virtual_service_proto_rawDescGZIP(), []int{23} } func (x *Percent) GetValue() float64 { @@ -3562,11 +3140,9 @@ type Headers_HeaderOperations struct { func (x *Headers_HeaderOperations) Reset() { *x = Headers_HeaderOperations{} - if protoimpl.UnsafeEnabled { - mi := &file_networking_v1beta1_virtual_service_proto_msgTypes[22] - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - ms.StoreMessageInfo(mi) - } + mi := &file_networking_v1alpha3_virtual_service_proto_msgTypes[24] + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + ms.StoreMessageInfo(mi) } func (x *Headers_HeaderOperations) String() string { @@ -3576,8 +3152,8 @@ func (x *Headers_HeaderOperations) String() string { func (*Headers_HeaderOperations) ProtoMessage() {} func (x *Headers_HeaderOperations) ProtoReflect() protoreflect.Message { - mi := &file_networking_v1beta1_virtual_service_proto_msgTypes[22] - if protoimpl.UnsafeEnabled && x != nil { + mi := &file_networking_v1alpha3_virtual_service_proto_msgTypes[24] + if x != nil { ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) if ms.LoadMessageInfo() == nil { ms.StoreMessageInfo(mi) @@ -3589,7 +3165,7 @@ func (x *Headers_HeaderOperations) ProtoReflect() protoreflect.Message { // Deprecated: Use Headers_HeaderOperations.ProtoReflect.Descriptor instead. func (*Headers_HeaderOperations) Descriptor() ([]byte, []int) { - return file_networking_v1beta1_virtual_service_proto_rawDescGZIP(), []int{4, 0} + return file_networking_v1alpha3_virtual_service_proto_rawDescGZIP(), []int{4, 0} } func (x *Headers_HeaderOperations) GetSet() map[string]string { @@ -3618,10 +3194,8 @@ func (x *Headers_HeaderOperations) GetRemove() []string { // in 1 out of every 1000 requests to the "v1" version of the "reviews" // service from all pods with label env: prod // -// {{}} -// {{}} // ```yaml -// apiVersion: networking.istio.io/v1alpha3 +// apiVersion: networking.istio.io/v1 // kind: VirtualService // metadata: // @@ -3646,37 +3220,6 @@ func (x *Headers_HeaderOperations) GetRemove() []string { // fixedDelay: 5s // // ``` -// {{}} -// -// {{}} -// ```yaml -// apiVersion: networking.istio.io/v1beta1 -// kind: VirtualService -// metadata: -// -// name: reviews-route -// -// spec: -// -// hosts: -// - reviews.prod.svc.cluster.local -// http: -// - match: -// - sourceLabels: -// env: prod -// route: -// - destination: -// host: reviews.prod.svc.cluster.local -// subset: v1 -// fault: -// delay: -// percentage: -// value: 0.1 -// fixedDelay: 5s -// -// ``` -// {{}} -// {{}} // // The _fixedDelay_ field is used to indicate the amount of delay in seconds. // The optional _percentage_ field can be used to only delay a certain @@ -3690,7 +3233,7 @@ type HTTPFaultInjection_Delay struct { // Use of integer `percent` value is deprecated. Use the double `percentage` // field instead. // - // Deprecated: Do not use. + // Deprecated: Marked as deprecated in networking/v1alpha3/virtual_service.proto. Percent int32 `protobuf:"varint,1,opt,name=percent,proto3" json:"percent,omitempty"` // Types that are assignable to HttpDelayType: // @@ -3704,11 +3247,9 @@ type HTTPFaultInjection_Delay struct { func (x *HTTPFaultInjection_Delay) Reset() { *x = HTTPFaultInjection_Delay{} - if protoimpl.UnsafeEnabled { - mi := &file_networking_v1beta1_virtual_service_proto_msgTypes[31] - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - ms.StoreMessageInfo(mi) - } + mi := &file_networking_v1alpha3_virtual_service_proto_msgTypes[33] + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + ms.StoreMessageInfo(mi) } func (x *HTTPFaultInjection_Delay) String() string { @@ -3718,8 +3259,8 @@ func (x *HTTPFaultInjection_Delay) String() string { func (*HTTPFaultInjection_Delay) ProtoMessage() {} func (x *HTTPFaultInjection_Delay) ProtoReflect() protoreflect.Message { - mi := &file_networking_v1beta1_virtual_service_proto_msgTypes[31] - if protoimpl.UnsafeEnabled && x != nil { + mi := &file_networking_v1alpha3_virtual_service_proto_msgTypes[33] + if x != nil { ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) if ms.LoadMessageInfo() == nil { ms.StoreMessageInfo(mi) @@ -3731,10 +3272,10 @@ func (x *HTTPFaultInjection_Delay) ProtoReflect() protoreflect.Message { // Deprecated: Use HTTPFaultInjection_Delay.ProtoReflect.Descriptor instead. func (*HTTPFaultInjection_Delay) Descriptor() ([]byte, []int) { - return file_networking_v1beta1_virtual_service_proto_rawDescGZIP(), []int{19, 0} + return file_networking_v1alpha3_virtual_service_proto_rawDescGZIP(), []int{20, 0} } -// Deprecated: Do not use. +// Deprecated: Marked as deprecated in networking/v1alpha3/virtual_service.proto. func (x *HTTPFaultInjection_Delay) GetPercent() int32 { if x != nil { return x.Percent @@ -3793,10 +3334,8 @@ func (*HTTPFaultInjection_Delay_ExponentialDelay) isHTTPFaultInjection_Delay_Htt // pre-specified error code. The following example will return an HTTP 400 // error code for 1 out of every 1000 requests to the "ratings" service "v1". // -// {{}} -// {{}} // ```yaml -// apiVersion: networking.istio.io/v1alpha3 +// apiVersion: networking.istio.io/v1 // kind: VirtualService // metadata: // @@ -3818,34 +3357,6 @@ func (*HTTPFaultInjection_Delay_ExponentialDelay) isHTTPFaultInjection_Delay_Htt // httpStatus: 400 // // ``` -// {{}} -// -// {{}} -// ```yaml -// apiVersion: networking.istio.io/v1beta1 -// kind: VirtualService -// metadata: -// -// name: ratings-route -// -// spec: -// -// hosts: -// - ratings.prod.svc.cluster.local -// http: -// - route: -// - destination: -// host: ratings.prod.svc.cluster.local -// subset: v1 -// fault: -// abort: -// percentage: -// value: 0.1 -// httpStatus: 400 -// -// ``` -// {{}} -// {{}} // // The _httpStatus_ field is used to indicate the HTTP status code to // return to the caller. The optional _percentage_ field can be used to only @@ -3869,11 +3380,9 @@ type HTTPFaultInjection_Abort struct { func (x *HTTPFaultInjection_Abort) Reset() { *x = HTTPFaultInjection_Abort{} - if protoimpl.UnsafeEnabled { - mi := &file_networking_v1beta1_virtual_service_proto_msgTypes[32] - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - ms.StoreMessageInfo(mi) - } + mi := &file_networking_v1alpha3_virtual_service_proto_msgTypes[34] + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + ms.StoreMessageInfo(mi) } func (x *HTTPFaultInjection_Abort) String() string { @@ -3883,8 +3392,8 @@ func (x *HTTPFaultInjection_Abort) String() string { func (*HTTPFaultInjection_Abort) ProtoMessage() {} func (x *HTTPFaultInjection_Abort) ProtoReflect() protoreflect.Message { - mi := &file_networking_v1beta1_virtual_service_proto_msgTypes[32] - if protoimpl.UnsafeEnabled && x != nil { + mi := &file_networking_v1alpha3_virtual_service_proto_msgTypes[34] + if x != nil { ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) if ms.LoadMessageInfo() == nil { ms.StoreMessageInfo(mi) @@ -3896,7 +3405,7 @@ func (x *HTTPFaultInjection_Abort) ProtoReflect() protoreflect.Message { // Deprecated: Use HTTPFaultInjection_Abort.ProtoReflect.Descriptor instead. func (*HTTPFaultInjection_Abort) Descriptor() ([]byte, []int) { - return file_networking_v1beta1_virtual_service_proto_rawDescGZIP(), []int{19, 1} + return file_networking_v1alpha3_virtual_service_proto_rawDescGZIP(), []int{20, 1} } func (m *HTTPFaultInjection_Abort) GetErrorType() isHTTPFaultInjection_Abort_ErrorType { @@ -3962,281 +3471,288 @@ func (*HTTPFaultInjection_Abort_GrpcStatus) isHTTPFaultInjection_Abort_ErrorType func (*HTTPFaultInjection_Abort_Http2Error) isHTTPFaultInjection_Abort_ErrorType() {} -var File_networking_v1beta1_virtual_service_proto protoreflect.FileDescriptor - -var file_networking_v1beta1_virtual_service_proto_rawDesc = []byte{ - 0x0a, 0x28, 0x6e, 0x65, 0x74, 0x77, 0x6f, 0x72, 0x6b, 0x69, 0x6e, 0x67, 0x2f, 0x76, 0x31, 0x62, - 0x65, 0x74, 0x61, 0x31, 0x2f, 0x76, 0x69, 0x72, 0x74, 0x75, 0x61, 0x6c, 0x5f, 0x73, 0x65, 0x72, - 0x76, 0x69, 0x63, 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x12, 0x18, 0x69, 0x73, 0x74, 0x69, - 0x6f, 0x2e, 0x6e, 0x65, 0x74, 0x77, 0x6f, 0x72, 0x6b, 0x69, 0x6e, 0x67, 0x2e, 0x76, 0x31, 0x62, - 0x65, 0x74, 0x61, 0x31, 0x1a, 0x1f, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2f, 0x61, 0x70, 0x69, - 0x2f, 0x66, 0x69, 0x65, 0x6c, 0x64, 0x5f, 0x62, 0x65, 0x68, 0x61, 0x76, 0x69, 0x6f, 0x72, 0x2e, - 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x1a, 0x1e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2f, 0x70, 0x72, - 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2f, 0x64, 0x75, 0x72, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x2e, - 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x1a, 0x1e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2f, 0x70, 0x72, - 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2f, 0x77, 0x72, 0x61, 0x70, 0x70, 0x65, 0x72, 0x73, 0x2e, - 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x22, 0x84, 0x02, 0x0a, 0x0e, 0x56, 0x69, 0x72, 0x74, 0x75, 0x61, - 0x6c, 0x53, 0x65, 0x72, 0x76, 0x69, 0x63, 0x65, 0x12, 0x14, 0x0a, 0x05, 0x68, 0x6f, 0x73, 0x74, - 0x73, 0x18, 0x01, 0x20, 0x03, 0x28, 0x09, 0x52, 0x05, 0x68, 0x6f, 0x73, 0x74, 0x73, 0x12, 0x1a, - 0x0a, 0x08, 0x67, 0x61, 0x74, 0x65, 0x77, 0x61, 0x79, 0x73, 0x18, 0x02, 0x20, 0x03, 0x28, 0x09, - 0x52, 0x08, 0x67, 0x61, 0x74, 0x65, 0x77, 0x61, 0x79, 0x73, 0x12, 0x37, 0x0a, 0x04, 0x68, 0x74, - 0x74, 0x70, 0x18, 0x03, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x23, 0x2e, 0x69, 0x73, 0x74, 0x69, 0x6f, - 0x2e, 0x6e, 0x65, 0x74, 0x77, 0x6f, 0x72, 0x6b, 0x69, 0x6e, 0x67, 0x2e, 0x76, 0x31, 0x62, 0x65, - 0x74, 0x61, 0x31, 0x2e, 0x48, 0x54, 0x54, 0x50, 0x52, 0x6f, 0x75, 0x74, 0x65, 0x52, 0x04, 0x68, - 0x74, 0x74, 0x70, 0x12, 0x34, 0x0a, 0x03, 0x74, 0x6c, 0x73, 0x18, 0x05, 0x20, 0x03, 0x28, 0x0b, - 0x32, 0x22, 0x2e, 0x69, 0x73, 0x74, 0x69, 0x6f, 0x2e, 0x6e, 0x65, 0x74, 0x77, 0x6f, 0x72, 0x6b, - 0x69, 0x6e, 0x67, 0x2e, 0x76, 0x31, 0x62, 0x65, 0x74, 0x61, 0x31, 0x2e, 0x54, 0x4c, 0x53, 0x52, - 0x6f, 0x75, 0x74, 0x65, 0x52, 0x03, 0x74, 0x6c, 0x73, 0x12, 0x34, 0x0a, 0x03, 0x74, 0x63, 0x70, - 0x18, 0x04, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x22, 0x2e, 0x69, 0x73, 0x74, 0x69, 0x6f, 0x2e, 0x6e, - 0x65, 0x74, 0x77, 0x6f, 0x72, 0x6b, 0x69, 0x6e, 0x67, 0x2e, 0x76, 0x31, 0x62, 0x65, 0x74, 0x61, - 0x31, 0x2e, 0x54, 0x43, 0x50, 0x52, 0x6f, 0x75, 0x74, 0x65, 0x52, 0x03, 0x74, 0x63, 0x70, 0x12, - 0x1b, 0x0a, 0x09, 0x65, 0x78, 0x70, 0x6f, 0x72, 0x74, 0x5f, 0x74, 0x6f, 0x18, 0x06, 0x20, 0x03, - 0x28, 0x09, 0x52, 0x08, 0x65, 0x78, 0x70, 0x6f, 0x72, 0x74, 0x54, 0x6f, 0x22, 0x7b, 0x0a, 0x0b, - 0x44, 0x65, 0x73, 0x74, 0x69, 0x6e, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x12, 0x18, 0x0a, 0x04, 0x68, - 0x6f, 0x73, 0x74, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x42, 0x04, 0xe2, 0x41, 0x01, 0x02, 0x52, - 0x04, 0x68, 0x6f, 0x73, 0x74, 0x12, 0x16, 0x0a, 0x06, 0x73, 0x75, 0x62, 0x73, 0x65, 0x74, 0x18, - 0x02, 0x20, 0x01, 0x28, 0x09, 0x52, 0x06, 0x73, 0x75, 0x62, 0x73, 0x65, 0x74, 0x12, 0x3a, 0x0a, - 0x04, 0x70, 0x6f, 0x72, 0x74, 0x18, 0x03, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x26, 0x2e, 0x69, 0x73, - 0x74, 0x69, 0x6f, 0x2e, 0x6e, 0x65, 0x74, 0x77, 0x6f, 0x72, 0x6b, 0x69, 0x6e, 0x67, 0x2e, 0x76, - 0x31, 0x62, 0x65, 0x74, 0x61, 0x31, 0x2e, 0x50, 0x6f, 0x72, 0x74, 0x53, 0x65, 0x6c, 0x65, 0x63, - 0x74, 0x6f, 0x72, 0x52, 0x04, 0x70, 0x6f, 0x72, 0x74, 0x22, 0xe8, 0x08, 0x0a, 0x09, 0x48, 0x54, - 0x54, 0x50, 0x52, 0x6f, 0x75, 0x74, 0x65, 0x12, 0x12, 0x0a, 0x04, 0x6e, 0x61, 0x6d, 0x65, 0x18, - 0x11, 0x20, 0x01, 0x28, 0x09, 0x52, 0x04, 0x6e, 0x61, 0x6d, 0x65, 0x12, 0x40, 0x0a, 0x05, 0x6d, - 0x61, 0x74, 0x63, 0x68, 0x18, 0x01, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x2a, 0x2e, 0x69, 0x73, 0x74, +var File_networking_v1alpha3_virtual_service_proto protoreflect.FileDescriptor + +var file_networking_v1alpha3_virtual_service_proto_rawDesc = []byte{ + 0x0a, 0x29, 0x6e, 0x65, 0x74, 0x77, 0x6f, 0x72, 0x6b, 0x69, 0x6e, 0x67, 0x2f, 0x76, 0x31, 0x61, + 0x6c, 0x70, 0x68, 0x61, 0x33, 0x2f, 0x76, 0x69, 0x72, 0x74, 0x75, 0x61, 0x6c, 0x5f, 0x73, 0x65, + 0x72, 0x76, 0x69, 0x63, 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x12, 0x19, 0x69, 0x73, 0x74, 0x69, 0x6f, 0x2e, 0x6e, 0x65, 0x74, 0x77, 0x6f, 0x72, 0x6b, 0x69, 0x6e, 0x67, 0x2e, 0x76, 0x31, - 0x62, 0x65, 0x74, 0x61, 0x31, 0x2e, 0x48, 0x54, 0x54, 0x50, 0x4d, 0x61, 0x74, 0x63, 0x68, 0x52, - 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x52, 0x05, 0x6d, 0x61, 0x74, 0x63, 0x68, 0x12, 0x44, 0x0a, - 0x05, 0x72, 0x6f, 0x75, 0x74, 0x65, 0x18, 0x02, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x2e, 0x2e, 0x69, - 0x73, 0x74, 0x69, 0x6f, 0x2e, 0x6e, 0x65, 0x74, 0x77, 0x6f, 0x72, 0x6b, 0x69, 0x6e, 0x67, 0x2e, - 0x76, 0x31, 0x62, 0x65, 0x74, 0x61, 0x31, 0x2e, 0x48, 0x54, 0x54, 0x50, 0x52, 0x6f, 0x75, 0x74, - 0x65, 0x44, 0x65, 0x73, 0x74, 0x69, 0x6e, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x52, 0x05, 0x72, 0x6f, - 0x75, 0x74, 0x65, 0x12, 0x42, 0x0a, 0x08, 0x72, 0x65, 0x64, 0x69, 0x72, 0x65, 0x63, 0x74, 0x18, - 0x03, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x26, 0x2e, 0x69, 0x73, 0x74, 0x69, 0x6f, 0x2e, 0x6e, 0x65, - 0x74, 0x77, 0x6f, 0x72, 0x6b, 0x69, 0x6e, 0x67, 0x2e, 0x76, 0x31, 0x62, 0x65, 0x74, 0x61, 0x31, - 0x2e, 0x48, 0x54, 0x54, 0x50, 0x52, 0x65, 0x64, 0x69, 0x72, 0x65, 0x63, 0x74, 0x52, 0x08, 0x72, - 0x65, 0x64, 0x69, 0x72, 0x65, 0x63, 0x74, 0x12, 0x55, 0x0a, 0x0f, 0x64, 0x69, 0x72, 0x65, 0x63, - 0x74, 0x5f, 0x72, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x18, 0x15, 0x20, 0x01, 0x28, 0x0b, - 0x32, 0x2c, 0x2e, 0x69, 0x73, 0x74, 0x69, 0x6f, 0x2e, 0x6e, 0x65, 0x74, 0x77, 0x6f, 0x72, 0x6b, - 0x69, 0x6e, 0x67, 0x2e, 0x76, 0x31, 0x62, 0x65, 0x74, 0x61, 0x31, 0x2e, 0x48, 0x54, 0x54, 0x50, - 0x44, 0x69, 0x72, 0x65, 0x63, 0x74, 0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x52, 0x0e, - 0x64, 0x69, 0x72, 0x65, 0x63, 0x74, 0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x12, 0x3e, - 0x0a, 0x08, 0x64, 0x65, 0x6c, 0x65, 0x67, 0x61, 0x74, 0x65, 0x18, 0x14, 0x20, 0x01, 0x28, 0x0b, - 0x32, 0x22, 0x2e, 0x69, 0x73, 0x74, 0x69, 0x6f, 0x2e, 0x6e, 0x65, 0x74, 0x77, 0x6f, 0x72, 0x6b, - 0x69, 0x6e, 0x67, 0x2e, 0x76, 0x31, 0x62, 0x65, 0x74, 0x61, 0x31, 0x2e, 0x44, 0x65, 0x6c, 0x65, - 0x67, 0x61, 0x74, 0x65, 0x52, 0x08, 0x64, 0x65, 0x6c, 0x65, 0x67, 0x61, 0x74, 0x65, 0x12, 0x3f, - 0x0a, 0x07, 0x72, 0x65, 0x77, 0x72, 0x69, 0x74, 0x65, 0x18, 0x04, 0x20, 0x01, 0x28, 0x0b, 0x32, - 0x25, 0x2e, 0x69, 0x73, 0x74, 0x69, 0x6f, 0x2e, 0x6e, 0x65, 0x74, 0x77, 0x6f, 0x72, 0x6b, 0x69, - 0x6e, 0x67, 0x2e, 0x76, 0x31, 0x62, 0x65, 0x74, 0x61, 0x31, 0x2e, 0x48, 0x54, 0x54, 0x50, 0x52, - 0x65, 0x77, 0x72, 0x69, 0x74, 0x65, 0x52, 0x07, 0x72, 0x65, 0x77, 0x72, 0x69, 0x74, 0x65, 0x12, - 0x33, 0x0a, 0x07, 0x74, 0x69, 0x6d, 0x65, 0x6f, 0x75, 0x74, 0x18, 0x06, 0x20, 0x01, 0x28, 0x0b, - 0x32, 0x19, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, - 0x75, 0x66, 0x2e, 0x44, 0x75, 0x72, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x52, 0x07, 0x74, 0x69, 0x6d, - 0x65, 0x6f, 0x75, 0x74, 0x12, 0x3d, 0x0a, 0x07, 0x72, 0x65, 0x74, 0x72, 0x69, 0x65, 0x73, 0x18, - 0x07, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x23, 0x2e, 0x69, 0x73, 0x74, 0x69, 0x6f, 0x2e, 0x6e, 0x65, - 0x74, 0x77, 0x6f, 0x72, 0x6b, 0x69, 0x6e, 0x67, 0x2e, 0x76, 0x31, 0x62, 0x65, 0x74, 0x61, 0x31, - 0x2e, 0x48, 0x54, 0x54, 0x50, 0x52, 0x65, 0x74, 0x72, 0x79, 0x52, 0x07, 0x72, 0x65, 0x74, 0x72, - 0x69, 0x65, 0x73, 0x12, 0x42, 0x0a, 0x05, 0x66, 0x61, 0x75, 0x6c, 0x74, 0x18, 0x08, 0x20, 0x01, - 0x28, 0x0b, 0x32, 0x2c, 0x2e, 0x69, 0x73, 0x74, 0x69, 0x6f, 0x2e, 0x6e, 0x65, 0x74, 0x77, 0x6f, - 0x72, 0x6b, 0x69, 0x6e, 0x67, 0x2e, 0x76, 0x31, 0x62, 0x65, 0x74, 0x61, 0x31, 0x2e, 0x48, 0x54, - 0x54, 0x50, 0x46, 0x61, 0x75, 0x6c, 0x74, 0x49, 0x6e, 0x6a, 0x65, 0x63, 0x74, 0x69, 0x6f, 0x6e, - 0x52, 0x05, 0x66, 0x61, 0x75, 0x6c, 0x74, 0x12, 0x3d, 0x0a, 0x06, 0x6d, 0x69, 0x72, 0x72, 0x6f, - 0x72, 0x18, 0x09, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x25, 0x2e, 0x69, 0x73, 0x74, 0x69, 0x6f, 0x2e, - 0x6e, 0x65, 0x74, 0x77, 0x6f, 0x72, 0x6b, 0x69, 0x6e, 0x67, 0x2e, 0x76, 0x31, 0x62, 0x65, 0x74, - 0x61, 0x31, 0x2e, 0x44, 0x65, 0x73, 0x74, 0x69, 0x6e, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x52, 0x06, - 0x6d, 0x69, 0x72, 0x72, 0x6f, 0x72, 0x12, 0x47, 0x0a, 0x0e, 0x6d, 0x69, 0x72, 0x72, 0x6f, 0x72, - 0x5f, 0x70, 0x65, 0x72, 0x63, 0x65, 0x6e, 0x74, 0x18, 0x12, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x1c, - 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, - 0x2e, 0x55, 0x49, 0x6e, 0x74, 0x33, 0x32, 0x56, 0x61, 0x6c, 0x75, 0x65, 0x42, 0x02, 0x18, 0x01, - 0x52, 0x0d, 0x6d, 0x69, 0x72, 0x72, 0x6f, 0x72, 0x50, 0x65, 0x72, 0x63, 0x65, 0x6e, 0x74, 0x12, - 0x4e, 0x0a, 0x11, 0x6d, 0x69, 0x72, 0x72, 0x6f, 0x72, 0x5f, 0x70, 0x65, 0x72, 0x63, 0x65, 0x6e, - 0x74, 0x61, 0x67, 0x65, 0x18, 0x13, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x21, 0x2e, 0x69, 0x73, 0x74, + 0x61, 0x6c, 0x70, 0x68, 0x61, 0x33, 0x1a, 0x1f, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2f, 0x61, + 0x70, 0x69, 0x2f, 0x66, 0x69, 0x65, 0x6c, 0x64, 0x5f, 0x62, 0x65, 0x68, 0x61, 0x76, 0x69, 0x6f, + 0x72, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x1a, 0x1e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2f, + 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2f, 0x64, 0x75, 0x72, 0x61, 0x74, 0x69, 0x6f, + 0x6e, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x1a, 0x1e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2f, + 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2f, 0x77, 0x72, 0x61, 0x70, 0x70, 0x65, 0x72, + 0x73, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x22, 0x87, 0x02, 0x0a, 0x0e, 0x56, 0x69, 0x72, 0x74, + 0x75, 0x61, 0x6c, 0x53, 0x65, 0x72, 0x76, 0x69, 0x63, 0x65, 0x12, 0x14, 0x0a, 0x05, 0x68, 0x6f, + 0x73, 0x74, 0x73, 0x18, 0x01, 0x20, 0x03, 0x28, 0x09, 0x52, 0x05, 0x68, 0x6f, 0x73, 0x74, 0x73, + 0x12, 0x1a, 0x0a, 0x08, 0x67, 0x61, 0x74, 0x65, 0x77, 0x61, 0x79, 0x73, 0x18, 0x02, 0x20, 0x03, + 0x28, 0x09, 0x52, 0x08, 0x67, 0x61, 0x74, 0x65, 0x77, 0x61, 0x79, 0x73, 0x12, 0x38, 0x0a, 0x04, + 0x68, 0x74, 0x74, 0x70, 0x18, 0x03, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x24, 0x2e, 0x69, 0x73, 0x74, 0x69, 0x6f, 0x2e, 0x6e, 0x65, 0x74, 0x77, 0x6f, 0x72, 0x6b, 0x69, 0x6e, 0x67, 0x2e, 0x76, 0x31, - 0x62, 0x65, 0x74, 0x61, 0x31, 0x2e, 0x50, 0x65, 0x72, 0x63, 0x65, 0x6e, 0x74, 0x52, 0x10, 0x6d, - 0x69, 0x72, 0x72, 0x6f, 0x72, 0x50, 0x65, 0x72, 0x63, 0x65, 0x6e, 0x74, 0x61, 0x67, 0x65, 0x12, - 0x45, 0x0a, 0x0b, 0x63, 0x6f, 0x72, 0x73, 0x5f, 0x70, 0x6f, 0x6c, 0x69, 0x63, 0x79, 0x18, 0x0a, - 0x20, 0x01, 0x28, 0x0b, 0x32, 0x24, 0x2e, 0x69, 0x73, 0x74, 0x69, 0x6f, 0x2e, 0x6e, 0x65, 0x74, - 0x77, 0x6f, 0x72, 0x6b, 0x69, 0x6e, 0x67, 0x2e, 0x76, 0x31, 0x62, 0x65, 0x74, 0x61, 0x31, 0x2e, - 0x43, 0x6f, 0x72, 0x73, 0x50, 0x6f, 0x6c, 0x69, 0x63, 0x79, 0x52, 0x0a, 0x63, 0x6f, 0x72, 0x73, - 0x50, 0x6f, 0x6c, 0x69, 0x63, 0x79, 0x12, 0x3b, 0x0a, 0x07, 0x68, 0x65, 0x61, 0x64, 0x65, 0x72, - 0x73, 0x18, 0x10, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x21, 0x2e, 0x69, 0x73, 0x74, 0x69, 0x6f, 0x2e, - 0x6e, 0x65, 0x74, 0x77, 0x6f, 0x72, 0x6b, 0x69, 0x6e, 0x67, 0x2e, 0x76, 0x31, 0x62, 0x65, 0x74, - 0x61, 0x31, 0x2e, 0x48, 0x65, 0x61, 0x64, 0x65, 0x72, 0x73, 0x52, 0x07, 0x68, 0x65, 0x61, 0x64, - 0x65, 0x72, 0x73, 0x4a, 0x04, 0x08, 0x05, 0x10, 0x06, 0x4a, 0x04, 0x08, 0x0b, 0x10, 0x10, 0x52, - 0x11, 0x77, 0x65, 0x62, 0x73, 0x6f, 0x63, 0x6b, 0x65, 0x74, 0x5f, 0x75, 0x70, 0x67, 0x72, 0x61, - 0x64, 0x65, 0x52, 0x0e, 0x61, 0x70, 0x70, 0x65, 0x6e, 0x64, 0x5f, 0x68, 0x65, 0x61, 0x64, 0x65, - 0x72, 0x73, 0x52, 0x17, 0x72, 0x65, 0x6d, 0x6f, 0x76, 0x65, 0x5f, 0x72, 0x65, 0x73, 0x70, 0x6f, - 0x6e, 0x73, 0x65, 0x5f, 0x68, 0x65, 0x61, 0x64, 0x65, 0x72, 0x73, 0x52, 0x17, 0x61, 0x70, 0x70, - 0x65, 0x6e, 0x64, 0x5f, 0x72, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x5f, 0x68, 0x65, 0x61, - 0x64, 0x65, 0x72, 0x73, 0x52, 0x16, 0x72, 0x65, 0x6d, 0x6f, 0x76, 0x65, 0x5f, 0x72, 0x65, 0x71, - 0x75, 0x65, 0x73, 0x74, 0x5f, 0x68, 0x65, 0x61, 0x64, 0x65, 0x72, 0x73, 0x52, 0x16, 0x61, 0x70, - 0x70, 0x65, 0x6e, 0x64, 0x5f, 0x72, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x5f, 0x68, 0x65, 0x61, - 0x64, 0x65, 0x72, 0x73, 0x22, 0x3c, 0x0a, 0x08, 0x44, 0x65, 0x6c, 0x65, 0x67, 0x61, 0x74, 0x65, - 0x12, 0x12, 0x0a, 0x04, 0x6e, 0x61, 0x6d, 0x65, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x04, - 0x6e, 0x61, 0x6d, 0x65, 0x12, 0x1c, 0x0a, 0x09, 0x6e, 0x61, 0x6d, 0x65, 0x73, 0x70, 0x61, 0x63, - 0x65, 0x18, 0x02, 0x20, 0x01, 0x28, 0x09, 0x52, 0x09, 0x6e, 0x61, 0x6d, 0x65, 0x73, 0x70, 0x61, - 0x63, 0x65, 0x22, 0xe2, 0x03, 0x0a, 0x07, 0x48, 0x65, 0x61, 0x64, 0x65, 0x72, 0x73, 0x12, 0x4c, - 0x0a, 0x07, 0x72, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x18, 0x01, 0x20, 0x01, 0x28, 0x0b, 0x32, - 0x32, 0x2e, 0x69, 0x73, 0x74, 0x69, 0x6f, 0x2e, 0x6e, 0x65, 0x74, 0x77, 0x6f, 0x72, 0x6b, 0x69, - 0x6e, 0x67, 0x2e, 0x76, 0x31, 0x62, 0x65, 0x74, 0x61, 0x31, 0x2e, 0x48, 0x65, 0x61, 0x64, 0x65, - 0x72, 0x73, 0x2e, 0x48, 0x65, 0x61, 0x64, 0x65, 0x72, 0x4f, 0x70, 0x65, 0x72, 0x61, 0x74, 0x69, - 0x6f, 0x6e, 0x73, 0x52, 0x07, 0x72, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x12, 0x4e, 0x0a, 0x08, - 0x72, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x18, 0x02, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x32, - 0x2e, 0x69, 0x73, 0x74, 0x69, 0x6f, 0x2e, 0x6e, 0x65, 0x74, 0x77, 0x6f, 0x72, 0x6b, 0x69, 0x6e, - 0x67, 0x2e, 0x76, 0x31, 0x62, 0x65, 0x74, 0x61, 0x31, 0x2e, 0x48, 0x65, 0x61, 0x64, 0x65, 0x72, - 0x73, 0x2e, 0x48, 0x65, 0x61, 0x64, 0x65, 0x72, 0x4f, 0x70, 0x65, 0x72, 0x61, 0x74, 0x69, 0x6f, - 0x6e, 0x73, 0x52, 0x08, 0x72, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x1a, 0xb8, 0x02, 0x0a, - 0x10, 0x48, 0x65, 0x61, 0x64, 0x65, 0x72, 0x4f, 0x70, 0x65, 0x72, 0x61, 0x74, 0x69, 0x6f, 0x6e, - 0x73, 0x12, 0x4d, 0x0a, 0x03, 0x73, 0x65, 0x74, 0x18, 0x01, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x3b, - 0x2e, 0x69, 0x73, 0x74, 0x69, 0x6f, 0x2e, 0x6e, 0x65, 0x74, 0x77, 0x6f, 0x72, 0x6b, 0x69, 0x6e, - 0x67, 0x2e, 0x76, 0x31, 0x62, 0x65, 0x74, 0x61, 0x31, 0x2e, 0x48, 0x65, 0x61, 0x64, 0x65, 0x72, - 0x73, 0x2e, 0x48, 0x65, 0x61, 0x64, 0x65, 0x72, 0x4f, 0x70, 0x65, 0x72, 0x61, 0x74, 0x69, 0x6f, - 0x6e, 0x73, 0x2e, 0x53, 0x65, 0x74, 0x45, 0x6e, 0x74, 0x72, 0x79, 0x52, 0x03, 0x73, 0x65, 0x74, - 0x12, 0x4d, 0x0a, 0x03, 0x61, 0x64, 0x64, 0x18, 0x02, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x3b, 0x2e, - 0x69, 0x73, 0x74, 0x69, 0x6f, 0x2e, 0x6e, 0x65, 0x74, 0x77, 0x6f, 0x72, 0x6b, 0x69, 0x6e, 0x67, - 0x2e, 0x76, 0x31, 0x62, 0x65, 0x74, 0x61, 0x31, 0x2e, 0x48, 0x65, 0x61, 0x64, 0x65, 0x72, 0x73, - 0x2e, 0x48, 0x65, 0x61, 0x64, 0x65, 0x72, 0x4f, 0x70, 0x65, 0x72, 0x61, 0x74, 0x69, 0x6f, 0x6e, - 0x73, 0x2e, 0x41, 0x64, 0x64, 0x45, 0x6e, 0x74, 0x72, 0x79, 0x52, 0x03, 0x61, 0x64, 0x64, 0x12, - 0x16, 0x0a, 0x06, 0x72, 0x65, 0x6d, 0x6f, 0x76, 0x65, 0x18, 0x03, 0x20, 0x03, 0x28, 0x09, 0x52, - 0x06, 0x72, 0x65, 0x6d, 0x6f, 0x76, 0x65, 0x1a, 0x36, 0x0a, 0x08, 0x53, 0x65, 0x74, 0x45, 0x6e, - 0x74, 0x72, 0x79, 0x12, 0x10, 0x0a, 0x03, 0x6b, 0x65, 0x79, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, - 0x52, 0x03, 0x6b, 0x65, 0x79, 0x12, 0x14, 0x0a, 0x05, 0x76, 0x61, 0x6c, 0x75, 0x65, 0x18, 0x02, - 0x20, 0x01, 0x28, 0x09, 0x52, 0x05, 0x76, 0x61, 0x6c, 0x75, 0x65, 0x3a, 0x02, 0x38, 0x01, 0x1a, - 0x36, 0x0a, 0x08, 0x41, 0x64, 0x64, 0x45, 0x6e, 0x74, 0x72, 0x79, 0x12, 0x10, 0x0a, 0x03, 0x6b, - 0x65, 0x79, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x03, 0x6b, 0x65, 0x79, 0x12, 0x14, 0x0a, - 0x05, 0x76, 0x61, 0x6c, 0x75, 0x65, 0x18, 0x02, 0x20, 0x01, 0x28, 0x09, 0x52, 0x05, 0x76, 0x61, - 0x6c, 0x75, 0x65, 0x3a, 0x02, 0x38, 0x01, 0x22, 0x96, 0x01, 0x0a, 0x08, 0x54, 0x4c, 0x53, 0x52, - 0x6f, 0x75, 0x74, 0x65, 0x12, 0x48, 0x0a, 0x05, 0x6d, 0x61, 0x74, 0x63, 0x68, 0x18, 0x01, 0x20, - 0x03, 0x28, 0x0b, 0x32, 0x2c, 0x2e, 0x69, 0x73, 0x74, 0x69, 0x6f, 0x2e, 0x6e, 0x65, 0x74, 0x77, - 0x6f, 0x72, 0x6b, 0x69, 0x6e, 0x67, 0x2e, 0x76, 0x31, 0x62, 0x65, 0x74, 0x61, 0x31, 0x2e, 0x54, - 0x4c, 0x53, 0x4d, 0x61, 0x74, 0x63, 0x68, 0x41, 0x74, 0x74, 0x72, 0x69, 0x62, 0x75, 0x74, 0x65, - 0x73, 0x42, 0x04, 0xe2, 0x41, 0x01, 0x02, 0x52, 0x05, 0x6d, 0x61, 0x74, 0x63, 0x68, 0x12, 0x40, - 0x0a, 0x05, 0x72, 0x6f, 0x75, 0x74, 0x65, 0x18, 0x02, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x2a, 0x2e, + 0x61, 0x6c, 0x70, 0x68, 0x61, 0x33, 0x2e, 0x48, 0x54, 0x54, 0x50, 0x52, 0x6f, 0x75, 0x74, 0x65, + 0x52, 0x04, 0x68, 0x74, 0x74, 0x70, 0x12, 0x35, 0x0a, 0x03, 0x74, 0x6c, 0x73, 0x18, 0x05, 0x20, + 0x03, 0x28, 0x0b, 0x32, 0x23, 0x2e, 0x69, 0x73, 0x74, 0x69, 0x6f, 0x2e, 0x6e, 0x65, 0x74, 0x77, + 0x6f, 0x72, 0x6b, 0x69, 0x6e, 0x67, 0x2e, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x33, 0x2e, + 0x54, 0x4c, 0x53, 0x52, 0x6f, 0x75, 0x74, 0x65, 0x52, 0x03, 0x74, 0x6c, 0x73, 0x12, 0x35, 0x0a, + 0x03, 0x74, 0x63, 0x70, 0x18, 0x04, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x23, 0x2e, 0x69, 0x73, 0x74, + 0x69, 0x6f, 0x2e, 0x6e, 0x65, 0x74, 0x77, 0x6f, 0x72, 0x6b, 0x69, 0x6e, 0x67, 0x2e, 0x76, 0x31, + 0x61, 0x6c, 0x70, 0x68, 0x61, 0x33, 0x2e, 0x54, 0x43, 0x50, 0x52, 0x6f, 0x75, 0x74, 0x65, 0x52, + 0x03, 0x74, 0x63, 0x70, 0x12, 0x1b, 0x0a, 0x09, 0x65, 0x78, 0x70, 0x6f, 0x72, 0x74, 0x5f, 0x74, + 0x6f, 0x18, 0x06, 0x20, 0x03, 0x28, 0x09, 0x52, 0x08, 0x65, 0x78, 0x70, 0x6f, 0x72, 0x74, 0x54, + 0x6f, 0x22, 0x7c, 0x0a, 0x0b, 0x44, 0x65, 0x73, 0x74, 0x69, 0x6e, 0x61, 0x74, 0x69, 0x6f, 0x6e, + 0x12, 0x18, 0x0a, 0x04, 0x68, 0x6f, 0x73, 0x74, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x42, 0x04, + 0xe2, 0x41, 0x01, 0x02, 0x52, 0x04, 0x68, 0x6f, 0x73, 0x74, 0x12, 0x16, 0x0a, 0x06, 0x73, 0x75, + 0x62, 0x73, 0x65, 0x74, 0x18, 0x02, 0x20, 0x01, 0x28, 0x09, 0x52, 0x06, 0x73, 0x75, 0x62, 0x73, + 0x65, 0x74, 0x12, 0x3b, 0x0a, 0x04, 0x70, 0x6f, 0x72, 0x74, 0x18, 0x03, 0x20, 0x01, 0x28, 0x0b, + 0x32, 0x27, 0x2e, 0x69, 0x73, 0x74, 0x69, 0x6f, 0x2e, 0x6e, 0x65, 0x74, 0x77, 0x6f, 0x72, 0x6b, + 0x69, 0x6e, 0x67, 0x2e, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x33, 0x2e, 0x50, 0x6f, 0x72, + 0x74, 0x53, 0x65, 0x6c, 0x65, 0x63, 0x74, 0x6f, 0x72, 0x52, 0x04, 0x70, 0x6f, 0x72, 0x74, 0x22, + 0xbb, 0x09, 0x0a, 0x09, 0x48, 0x54, 0x54, 0x50, 0x52, 0x6f, 0x75, 0x74, 0x65, 0x12, 0x12, 0x0a, + 0x04, 0x6e, 0x61, 0x6d, 0x65, 0x18, 0x11, 0x20, 0x01, 0x28, 0x09, 0x52, 0x04, 0x6e, 0x61, 0x6d, + 0x65, 0x12, 0x41, 0x0a, 0x05, 0x6d, 0x61, 0x74, 0x63, 0x68, 0x18, 0x01, 0x20, 0x03, 0x28, 0x0b, + 0x32, 0x2b, 0x2e, 0x69, 0x73, 0x74, 0x69, 0x6f, 0x2e, 0x6e, 0x65, 0x74, 0x77, 0x6f, 0x72, 0x6b, + 0x69, 0x6e, 0x67, 0x2e, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x33, 0x2e, 0x48, 0x54, 0x54, + 0x50, 0x4d, 0x61, 0x74, 0x63, 0x68, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x52, 0x05, 0x6d, + 0x61, 0x74, 0x63, 0x68, 0x12, 0x45, 0x0a, 0x05, 0x72, 0x6f, 0x75, 0x74, 0x65, 0x18, 0x02, 0x20, + 0x03, 0x28, 0x0b, 0x32, 0x2f, 0x2e, 0x69, 0x73, 0x74, 0x69, 0x6f, 0x2e, 0x6e, 0x65, 0x74, 0x77, + 0x6f, 0x72, 0x6b, 0x69, 0x6e, 0x67, 0x2e, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x33, 0x2e, + 0x48, 0x54, 0x54, 0x50, 0x52, 0x6f, 0x75, 0x74, 0x65, 0x44, 0x65, 0x73, 0x74, 0x69, 0x6e, 0x61, + 0x74, 0x69, 0x6f, 0x6e, 0x52, 0x05, 0x72, 0x6f, 0x75, 0x74, 0x65, 0x12, 0x43, 0x0a, 0x08, 0x72, + 0x65, 0x64, 0x69, 0x72, 0x65, 0x63, 0x74, 0x18, 0x03, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x27, 0x2e, 0x69, 0x73, 0x74, 0x69, 0x6f, 0x2e, 0x6e, 0x65, 0x74, 0x77, 0x6f, 0x72, 0x6b, 0x69, 0x6e, 0x67, - 0x2e, 0x76, 0x31, 0x62, 0x65, 0x74, 0x61, 0x31, 0x2e, 0x52, 0x6f, 0x75, 0x74, 0x65, 0x44, 0x65, - 0x73, 0x74, 0x69, 0x6e, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x52, 0x05, 0x72, 0x6f, 0x75, 0x74, 0x65, - 0x22, 0x8f, 0x01, 0x0a, 0x08, 0x54, 0x43, 0x50, 0x52, 0x6f, 0x75, 0x74, 0x65, 0x12, 0x41, 0x0a, - 0x05, 0x6d, 0x61, 0x74, 0x63, 0x68, 0x18, 0x01, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x2b, 0x2e, 0x69, - 0x73, 0x74, 0x69, 0x6f, 0x2e, 0x6e, 0x65, 0x74, 0x77, 0x6f, 0x72, 0x6b, 0x69, 0x6e, 0x67, 0x2e, - 0x76, 0x31, 0x62, 0x65, 0x74, 0x61, 0x31, 0x2e, 0x4c, 0x34, 0x4d, 0x61, 0x74, 0x63, 0x68, 0x41, - 0x74, 0x74, 0x72, 0x69, 0x62, 0x75, 0x74, 0x65, 0x73, 0x52, 0x05, 0x6d, 0x61, 0x74, 0x63, 0x68, - 0x12, 0x40, 0x0a, 0x05, 0x72, 0x6f, 0x75, 0x74, 0x65, 0x18, 0x02, 0x20, 0x03, 0x28, 0x0b, 0x32, - 0x2a, 0x2e, 0x69, 0x73, 0x74, 0x69, 0x6f, 0x2e, 0x6e, 0x65, 0x74, 0x77, 0x6f, 0x72, 0x6b, 0x69, - 0x6e, 0x67, 0x2e, 0x76, 0x31, 0x62, 0x65, 0x74, 0x61, 0x31, 0x2e, 0x52, 0x6f, 0x75, 0x74, 0x65, - 0x44, 0x65, 0x73, 0x74, 0x69, 0x6e, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x52, 0x05, 0x72, 0x6f, 0x75, - 0x74, 0x65, 0x22, 0xba, 0x09, 0x0a, 0x10, 0x48, 0x54, 0x54, 0x50, 0x4d, 0x61, 0x74, 0x63, 0x68, - 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x12, 0x12, 0x0a, 0x04, 0x6e, 0x61, 0x6d, 0x65, 0x18, - 0x0b, 0x20, 0x01, 0x28, 0x09, 0x52, 0x04, 0x6e, 0x61, 0x6d, 0x65, 0x12, 0x37, 0x0a, 0x03, 0x75, - 0x72, 0x69, 0x18, 0x01, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x25, 0x2e, 0x69, 0x73, 0x74, 0x69, 0x6f, - 0x2e, 0x6e, 0x65, 0x74, 0x77, 0x6f, 0x72, 0x6b, 0x69, 0x6e, 0x67, 0x2e, 0x76, 0x31, 0x62, 0x65, - 0x74, 0x61, 0x31, 0x2e, 0x53, 0x74, 0x72, 0x69, 0x6e, 0x67, 0x4d, 0x61, 0x74, 0x63, 0x68, 0x52, - 0x03, 0x75, 0x72, 0x69, 0x12, 0x3d, 0x0a, 0x06, 0x73, 0x63, 0x68, 0x65, 0x6d, 0x65, 0x18, 0x02, - 0x20, 0x01, 0x28, 0x0b, 0x32, 0x25, 0x2e, 0x69, 0x73, 0x74, 0x69, 0x6f, 0x2e, 0x6e, 0x65, 0x74, - 0x77, 0x6f, 0x72, 0x6b, 0x69, 0x6e, 0x67, 0x2e, 0x76, 0x31, 0x62, 0x65, 0x74, 0x61, 0x31, 0x2e, - 0x53, 0x74, 0x72, 0x69, 0x6e, 0x67, 0x4d, 0x61, 0x74, 0x63, 0x68, 0x52, 0x06, 0x73, 0x63, 0x68, - 0x65, 0x6d, 0x65, 0x12, 0x3d, 0x0a, 0x06, 0x6d, 0x65, 0x74, 0x68, 0x6f, 0x64, 0x18, 0x03, 0x20, - 0x01, 0x28, 0x0b, 0x32, 0x25, 0x2e, 0x69, 0x73, 0x74, 0x69, 0x6f, 0x2e, 0x6e, 0x65, 0x74, 0x77, - 0x6f, 0x72, 0x6b, 0x69, 0x6e, 0x67, 0x2e, 0x76, 0x31, 0x62, 0x65, 0x74, 0x61, 0x31, 0x2e, 0x53, - 0x74, 0x72, 0x69, 0x6e, 0x67, 0x4d, 0x61, 0x74, 0x63, 0x68, 0x52, 0x06, 0x6d, 0x65, 0x74, 0x68, - 0x6f, 0x64, 0x12, 0x43, 0x0a, 0x09, 0x61, 0x75, 0x74, 0x68, 0x6f, 0x72, 0x69, 0x74, 0x79, 0x18, - 0x04, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x25, 0x2e, 0x69, 0x73, 0x74, 0x69, 0x6f, 0x2e, 0x6e, 0x65, - 0x74, 0x77, 0x6f, 0x72, 0x6b, 0x69, 0x6e, 0x67, 0x2e, 0x76, 0x31, 0x62, 0x65, 0x74, 0x61, 0x31, - 0x2e, 0x53, 0x74, 0x72, 0x69, 0x6e, 0x67, 0x4d, 0x61, 0x74, 0x63, 0x68, 0x52, 0x09, 0x61, 0x75, - 0x74, 0x68, 0x6f, 0x72, 0x69, 0x74, 0x79, 0x12, 0x51, 0x0a, 0x07, 0x68, 0x65, 0x61, 0x64, 0x65, - 0x72, 0x73, 0x18, 0x05, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x37, 0x2e, 0x69, 0x73, 0x74, 0x69, 0x6f, - 0x2e, 0x6e, 0x65, 0x74, 0x77, 0x6f, 0x72, 0x6b, 0x69, 0x6e, 0x67, 0x2e, 0x76, 0x31, 0x62, 0x65, - 0x74, 0x61, 0x31, 0x2e, 0x48, 0x54, 0x54, 0x50, 0x4d, 0x61, 0x74, 0x63, 0x68, 0x52, 0x65, 0x71, - 0x75, 0x65, 0x73, 0x74, 0x2e, 0x48, 0x65, 0x61, 0x64, 0x65, 0x72, 0x73, 0x45, 0x6e, 0x74, 0x72, - 0x79, 0x52, 0x07, 0x68, 0x65, 0x61, 0x64, 0x65, 0x72, 0x73, 0x12, 0x12, 0x0a, 0x04, 0x70, 0x6f, - 0x72, 0x74, 0x18, 0x06, 0x20, 0x01, 0x28, 0x0d, 0x52, 0x04, 0x70, 0x6f, 0x72, 0x74, 0x12, 0x61, - 0x0a, 0x0d, 0x73, 0x6f, 0x75, 0x72, 0x63, 0x65, 0x5f, 0x6c, 0x61, 0x62, 0x65, 0x6c, 0x73, 0x18, - 0x07, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x3c, 0x2e, 0x69, 0x73, 0x74, 0x69, 0x6f, 0x2e, 0x6e, 0x65, - 0x74, 0x77, 0x6f, 0x72, 0x6b, 0x69, 0x6e, 0x67, 0x2e, 0x76, 0x31, 0x62, 0x65, 0x74, 0x61, 0x31, - 0x2e, 0x48, 0x54, 0x54, 0x50, 0x4d, 0x61, 0x74, 0x63, 0x68, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, - 0x74, 0x2e, 0x53, 0x6f, 0x75, 0x72, 0x63, 0x65, 0x4c, 0x61, 0x62, 0x65, 0x6c, 0x73, 0x45, 0x6e, - 0x74, 0x72, 0x79, 0x52, 0x0c, 0x73, 0x6f, 0x75, 0x72, 0x63, 0x65, 0x4c, 0x61, 0x62, 0x65, 0x6c, - 0x73, 0x12, 0x1a, 0x0a, 0x08, 0x67, 0x61, 0x74, 0x65, 0x77, 0x61, 0x79, 0x73, 0x18, 0x08, 0x20, - 0x03, 0x28, 0x09, 0x52, 0x08, 0x67, 0x61, 0x74, 0x65, 0x77, 0x61, 0x79, 0x73, 0x12, 0x5e, 0x0a, - 0x0c, 0x71, 0x75, 0x65, 0x72, 0x79, 0x5f, 0x70, 0x61, 0x72, 0x61, 0x6d, 0x73, 0x18, 0x09, 0x20, - 0x03, 0x28, 0x0b, 0x32, 0x3b, 0x2e, 0x69, 0x73, 0x74, 0x69, 0x6f, 0x2e, 0x6e, 0x65, 0x74, 0x77, - 0x6f, 0x72, 0x6b, 0x69, 0x6e, 0x67, 0x2e, 0x76, 0x31, 0x62, 0x65, 0x74, 0x61, 0x31, 0x2e, 0x48, - 0x54, 0x54, 0x50, 0x4d, 0x61, 0x74, 0x63, 0x68, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x2e, - 0x51, 0x75, 0x65, 0x72, 0x79, 0x50, 0x61, 0x72, 0x61, 0x6d, 0x73, 0x45, 0x6e, 0x74, 0x72, 0x79, - 0x52, 0x0b, 0x71, 0x75, 0x65, 0x72, 0x79, 0x50, 0x61, 0x72, 0x61, 0x6d, 0x73, 0x12, 0x26, 0x0a, - 0x0f, 0x69, 0x67, 0x6e, 0x6f, 0x72, 0x65, 0x5f, 0x75, 0x72, 0x69, 0x5f, 0x63, 0x61, 0x73, 0x65, - 0x18, 0x0a, 0x20, 0x01, 0x28, 0x08, 0x52, 0x0d, 0x69, 0x67, 0x6e, 0x6f, 0x72, 0x65, 0x55, 0x72, - 0x69, 0x43, 0x61, 0x73, 0x65, 0x12, 0x67, 0x0a, 0x0f, 0x77, 0x69, 0x74, 0x68, 0x6f, 0x75, 0x74, - 0x5f, 0x68, 0x65, 0x61, 0x64, 0x65, 0x72, 0x73, 0x18, 0x0c, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x3e, - 0x2e, 0x69, 0x73, 0x74, 0x69, 0x6f, 0x2e, 0x6e, 0x65, 0x74, 0x77, 0x6f, 0x72, 0x6b, 0x69, 0x6e, - 0x67, 0x2e, 0x76, 0x31, 0x62, 0x65, 0x74, 0x61, 0x31, 0x2e, 0x48, 0x54, 0x54, 0x50, 0x4d, 0x61, - 0x74, 0x63, 0x68, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x2e, 0x57, 0x69, 0x74, 0x68, 0x6f, - 0x75, 0x74, 0x48, 0x65, 0x61, 0x64, 0x65, 0x72, 0x73, 0x45, 0x6e, 0x74, 0x72, 0x79, 0x52, 0x0e, - 0x77, 0x69, 0x74, 0x68, 0x6f, 0x75, 0x74, 0x48, 0x65, 0x61, 0x64, 0x65, 0x72, 0x73, 0x12, 0x29, - 0x0a, 0x10, 0x73, 0x6f, 0x75, 0x72, 0x63, 0x65, 0x5f, 0x6e, 0x61, 0x6d, 0x65, 0x73, 0x70, 0x61, - 0x63, 0x65, 0x18, 0x0d, 0x20, 0x01, 0x28, 0x09, 0x52, 0x0f, 0x73, 0x6f, 0x75, 0x72, 0x63, 0x65, - 0x4e, 0x61, 0x6d, 0x65, 0x73, 0x70, 0x61, 0x63, 0x65, 0x12, 0x1f, 0x0a, 0x0b, 0x73, 0x74, 0x61, - 0x74, 0x5f, 0x70, 0x72, 0x65, 0x66, 0x69, 0x78, 0x18, 0x0e, 0x20, 0x01, 0x28, 0x09, 0x52, 0x0a, - 0x73, 0x74, 0x61, 0x74, 0x50, 0x72, 0x65, 0x66, 0x69, 0x78, 0x1a, 0x61, 0x0a, 0x0c, 0x48, 0x65, - 0x61, 0x64, 0x65, 0x72, 0x73, 0x45, 0x6e, 0x74, 0x72, 0x79, 0x12, 0x10, 0x0a, 0x03, 0x6b, 0x65, - 0x79, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x03, 0x6b, 0x65, 0x79, 0x12, 0x3b, 0x0a, 0x05, - 0x76, 0x61, 0x6c, 0x75, 0x65, 0x18, 0x02, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x25, 0x2e, 0x69, 0x73, + 0x2e, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x33, 0x2e, 0x48, 0x54, 0x54, 0x50, 0x52, 0x65, + 0x64, 0x69, 0x72, 0x65, 0x63, 0x74, 0x52, 0x08, 0x72, 0x65, 0x64, 0x69, 0x72, 0x65, 0x63, 0x74, + 0x12, 0x56, 0x0a, 0x0f, 0x64, 0x69, 0x72, 0x65, 0x63, 0x74, 0x5f, 0x72, 0x65, 0x73, 0x70, 0x6f, + 0x6e, 0x73, 0x65, 0x18, 0x15, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x2d, 0x2e, 0x69, 0x73, 0x74, 0x69, + 0x6f, 0x2e, 0x6e, 0x65, 0x74, 0x77, 0x6f, 0x72, 0x6b, 0x69, 0x6e, 0x67, 0x2e, 0x76, 0x31, 0x61, + 0x6c, 0x70, 0x68, 0x61, 0x33, 0x2e, 0x48, 0x54, 0x54, 0x50, 0x44, 0x69, 0x72, 0x65, 0x63, 0x74, + 0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x52, 0x0e, 0x64, 0x69, 0x72, 0x65, 0x63, 0x74, + 0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x12, 0x3f, 0x0a, 0x08, 0x64, 0x65, 0x6c, 0x65, + 0x67, 0x61, 0x74, 0x65, 0x18, 0x14, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x23, 0x2e, 0x69, 0x73, 0x74, + 0x69, 0x6f, 0x2e, 0x6e, 0x65, 0x74, 0x77, 0x6f, 0x72, 0x6b, 0x69, 0x6e, 0x67, 0x2e, 0x76, 0x31, + 0x61, 0x6c, 0x70, 0x68, 0x61, 0x33, 0x2e, 0x44, 0x65, 0x6c, 0x65, 0x67, 0x61, 0x74, 0x65, 0x52, + 0x08, 0x64, 0x65, 0x6c, 0x65, 0x67, 0x61, 0x74, 0x65, 0x12, 0x40, 0x0a, 0x07, 0x72, 0x65, 0x77, + 0x72, 0x69, 0x74, 0x65, 0x18, 0x04, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x26, 0x2e, 0x69, 0x73, 0x74, + 0x69, 0x6f, 0x2e, 0x6e, 0x65, 0x74, 0x77, 0x6f, 0x72, 0x6b, 0x69, 0x6e, 0x67, 0x2e, 0x76, 0x31, + 0x61, 0x6c, 0x70, 0x68, 0x61, 0x33, 0x2e, 0x48, 0x54, 0x54, 0x50, 0x52, 0x65, 0x77, 0x72, 0x69, + 0x74, 0x65, 0x52, 0x07, 0x72, 0x65, 0x77, 0x72, 0x69, 0x74, 0x65, 0x12, 0x33, 0x0a, 0x07, 0x74, + 0x69, 0x6d, 0x65, 0x6f, 0x75, 0x74, 0x18, 0x06, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x19, 0x2e, 0x67, + 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2e, 0x44, + 0x75, 0x72, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x52, 0x07, 0x74, 0x69, 0x6d, 0x65, 0x6f, 0x75, 0x74, + 0x12, 0x3e, 0x0a, 0x07, 0x72, 0x65, 0x74, 0x72, 0x69, 0x65, 0x73, 0x18, 0x07, 0x20, 0x01, 0x28, + 0x0b, 0x32, 0x24, 0x2e, 0x69, 0x73, 0x74, 0x69, 0x6f, 0x2e, 0x6e, 0x65, 0x74, 0x77, 0x6f, 0x72, + 0x6b, 0x69, 0x6e, 0x67, 0x2e, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x33, 0x2e, 0x48, 0x54, + 0x54, 0x50, 0x52, 0x65, 0x74, 0x72, 0x79, 0x52, 0x07, 0x72, 0x65, 0x74, 0x72, 0x69, 0x65, 0x73, + 0x12, 0x43, 0x0a, 0x05, 0x66, 0x61, 0x75, 0x6c, 0x74, 0x18, 0x08, 0x20, 0x01, 0x28, 0x0b, 0x32, + 0x2d, 0x2e, 0x69, 0x73, 0x74, 0x69, 0x6f, 0x2e, 0x6e, 0x65, 0x74, 0x77, 0x6f, 0x72, 0x6b, 0x69, + 0x6e, 0x67, 0x2e, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x33, 0x2e, 0x48, 0x54, 0x54, 0x50, + 0x46, 0x61, 0x75, 0x6c, 0x74, 0x49, 0x6e, 0x6a, 0x65, 0x63, 0x74, 0x69, 0x6f, 0x6e, 0x52, 0x05, + 0x66, 0x61, 0x75, 0x6c, 0x74, 0x12, 0x3e, 0x0a, 0x06, 0x6d, 0x69, 0x72, 0x72, 0x6f, 0x72, 0x18, + 0x09, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x26, 0x2e, 0x69, 0x73, 0x74, 0x69, 0x6f, 0x2e, 0x6e, 0x65, + 0x74, 0x77, 0x6f, 0x72, 0x6b, 0x69, 0x6e, 0x67, 0x2e, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, + 0x33, 0x2e, 0x44, 0x65, 0x73, 0x74, 0x69, 0x6e, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x52, 0x06, 0x6d, + 0x69, 0x72, 0x72, 0x6f, 0x72, 0x12, 0x45, 0x0a, 0x07, 0x6d, 0x69, 0x72, 0x72, 0x6f, 0x72, 0x73, + 0x18, 0x16, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x2b, 0x2e, 0x69, 0x73, 0x74, 0x69, 0x6f, 0x2e, 0x6e, + 0x65, 0x74, 0x77, 0x6f, 0x72, 0x6b, 0x69, 0x6e, 0x67, 0x2e, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, + 0x61, 0x33, 0x2e, 0x48, 0x54, 0x54, 0x50, 0x4d, 0x69, 0x72, 0x72, 0x6f, 0x72, 0x50, 0x6f, 0x6c, + 0x69, 0x63, 0x79, 0x52, 0x07, 0x6d, 0x69, 0x72, 0x72, 0x6f, 0x72, 0x73, 0x12, 0x47, 0x0a, 0x0e, + 0x6d, 0x69, 0x72, 0x72, 0x6f, 0x72, 0x5f, 0x70, 0x65, 0x72, 0x63, 0x65, 0x6e, 0x74, 0x18, 0x12, + 0x20, 0x01, 0x28, 0x0b, 0x32, 0x1c, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x70, 0x72, + 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2e, 0x55, 0x49, 0x6e, 0x74, 0x33, 0x32, 0x56, 0x61, 0x6c, + 0x75, 0x65, 0x42, 0x02, 0x18, 0x01, 0x52, 0x0d, 0x6d, 0x69, 0x72, 0x72, 0x6f, 0x72, 0x50, 0x65, + 0x72, 0x63, 0x65, 0x6e, 0x74, 0x12, 0x4f, 0x0a, 0x11, 0x6d, 0x69, 0x72, 0x72, 0x6f, 0x72, 0x5f, + 0x70, 0x65, 0x72, 0x63, 0x65, 0x6e, 0x74, 0x61, 0x67, 0x65, 0x18, 0x13, 0x20, 0x01, 0x28, 0x0b, + 0x32, 0x22, 0x2e, 0x69, 0x73, 0x74, 0x69, 0x6f, 0x2e, 0x6e, 0x65, 0x74, 0x77, 0x6f, 0x72, 0x6b, + 0x69, 0x6e, 0x67, 0x2e, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x33, 0x2e, 0x50, 0x65, 0x72, + 0x63, 0x65, 0x6e, 0x74, 0x52, 0x10, 0x6d, 0x69, 0x72, 0x72, 0x6f, 0x72, 0x50, 0x65, 0x72, 0x63, + 0x65, 0x6e, 0x74, 0x61, 0x67, 0x65, 0x12, 0x46, 0x0a, 0x0b, 0x63, 0x6f, 0x72, 0x73, 0x5f, 0x70, + 0x6f, 0x6c, 0x69, 0x63, 0x79, 0x18, 0x0a, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x25, 0x2e, 0x69, 0x73, + 0x74, 0x69, 0x6f, 0x2e, 0x6e, 0x65, 0x74, 0x77, 0x6f, 0x72, 0x6b, 0x69, 0x6e, 0x67, 0x2e, 0x76, + 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x33, 0x2e, 0x43, 0x6f, 0x72, 0x73, 0x50, 0x6f, 0x6c, 0x69, + 0x63, 0x79, 0x52, 0x0a, 0x63, 0x6f, 0x72, 0x73, 0x50, 0x6f, 0x6c, 0x69, 0x63, 0x79, 0x12, 0x3c, + 0x0a, 0x07, 0x68, 0x65, 0x61, 0x64, 0x65, 0x72, 0x73, 0x18, 0x10, 0x20, 0x01, 0x28, 0x0b, 0x32, + 0x22, 0x2e, 0x69, 0x73, 0x74, 0x69, 0x6f, 0x2e, 0x6e, 0x65, 0x74, 0x77, 0x6f, 0x72, 0x6b, 0x69, + 0x6e, 0x67, 0x2e, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x33, 0x2e, 0x48, 0x65, 0x61, 0x64, + 0x65, 0x72, 0x73, 0x52, 0x07, 0x68, 0x65, 0x61, 0x64, 0x65, 0x72, 0x73, 0x4a, 0x04, 0x08, 0x05, + 0x10, 0x06, 0x4a, 0x04, 0x08, 0x0b, 0x10, 0x10, 0x52, 0x11, 0x77, 0x65, 0x62, 0x73, 0x6f, 0x63, + 0x6b, 0x65, 0x74, 0x5f, 0x75, 0x70, 0x67, 0x72, 0x61, 0x64, 0x65, 0x52, 0x0e, 0x61, 0x70, 0x70, + 0x65, 0x6e, 0x64, 0x5f, 0x68, 0x65, 0x61, 0x64, 0x65, 0x72, 0x73, 0x52, 0x17, 0x72, 0x65, 0x6d, + 0x6f, 0x76, 0x65, 0x5f, 0x72, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x5f, 0x68, 0x65, 0x61, + 0x64, 0x65, 0x72, 0x73, 0x52, 0x17, 0x61, 0x70, 0x70, 0x65, 0x6e, 0x64, 0x5f, 0x72, 0x65, 0x73, + 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x5f, 0x68, 0x65, 0x61, 0x64, 0x65, 0x72, 0x73, 0x52, 0x16, 0x72, + 0x65, 0x6d, 0x6f, 0x76, 0x65, 0x5f, 0x72, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x5f, 0x68, 0x65, + 0x61, 0x64, 0x65, 0x72, 0x73, 0x52, 0x16, 0x61, 0x70, 0x70, 0x65, 0x6e, 0x64, 0x5f, 0x72, 0x65, + 0x71, 0x75, 0x65, 0x73, 0x74, 0x5f, 0x68, 0x65, 0x61, 0x64, 0x65, 0x72, 0x73, 0x22, 0x3c, 0x0a, + 0x08, 0x44, 0x65, 0x6c, 0x65, 0x67, 0x61, 0x74, 0x65, 0x12, 0x12, 0x0a, 0x04, 0x6e, 0x61, 0x6d, + 0x65, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x04, 0x6e, 0x61, 0x6d, 0x65, 0x12, 0x1c, 0x0a, + 0x09, 0x6e, 0x61, 0x6d, 0x65, 0x73, 0x70, 0x61, 0x63, 0x65, 0x18, 0x02, 0x20, 0x01, 0x28, 0x09, + 0x52, 0x09, 0x6e, 0x61, 0x6d, 0x65, 0x73, 0x70, 0x61, 0x63, 0x65, 0x22, 0xe6, 0x03, 0x0a, 0x07, + 0x48, 0x65, 0x61, 0x64, 0x65, 0x72, 0x73, 0x12, 0x4d, 0x0a, 0x07, 0x72, 0x65, 0x71, 0x75, 0x65, + 0x73, 0x74, 0x18, 0x01, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x33, 0x2e, 0x69, 0x73, 0x74, 0x69, 0x6f, + 0x2e, 0x6e, 0x65, 0x74, 0x77, 0x6f, 0x72, 0x6b, 0x69, 0x6e, 0x67, 0x2e, 0x76, 0x31, 0x61, 0x6c, + 0x70, 0x68, 0x61, 0x33, 0x2e, 0x48, 0x65, 0x61, 0x64, 0x65, 0x72, 0x73, 0x2e, 0x48, 0x65, 0x61, + 0x64, 0x65, 0x72, 0x4f, 0x70, 0x65, 0x72, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x73, 0x52, 0x07, 0x72, + 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x12, 0x4f, 0x0a, 0x08, 0x72, 0x65, 0x73, 0x70, 0x6f, 0x6e, + 0x73, 0x65, 0x18, 0x02, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x33, 0x2e, 0x69, 0x73, 0x74, 0x69, 0x6f, + 0x2e, 0x6e, 0x65, 0x74, 0x77, 0x6f, 0x72, 0x6b, 0x69, 0x6e, 0x67, 0x2e, 0x76, 0x31, 0x61, 0x6c, + 0x70, 0x68, 0x61, 0x33, 0x2e, 0x48, 0x65, 0x61, 0x64, 0x65, 0x72, 0x73, 0x2e, 0x48, 0x65, 0x61, + 0x64, 0x65, 0x72, 0x4f, 0x70, 0x65, 0x72, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x73, 0x52, 0x08, 0x72, + 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x1a, 0xba, 0x02, 0x0a, 0x10, 0x48, 0x65, 0x61, 0x64, + 0x65, 0x72, 0x4f, 0x70, 0x65, 0x72, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x73, 0x12, 0x4e, 0x0a, 0x03, + 0x73, 0x65, 0x74, 0x18, 0x01, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x3c, 0x2e, 0x69, 0x73, 0x74, 0x69, + 0x6f, 0x2e, 0x6e, 0x65, 0x74, 0x77, 0x6f, 0x72, 0x6b, 0x69, 0x6e, 0x67, 0x2e, 0x76, 0x31, 0x61, + 0x6c, 0x70, 0x68, 0x61, 0x33, 0x2e, 0x48, 0x65, 0x61, 0x64, 0x65, 0x72, 0x73, 0x2e, 0x48, 0x65, + 0x61, 0x64, 0x65, 0x72, 0x4f, 0x70, 0x65, 0x72, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x73, 0x2e, 0x53, + 0x65, 0x74, 0x45, 0x6e, 0x74, 0x72, 0x79, 0x52, 0x03, 0x73, 0x65, 0x74, 0x12, 0x4e, 0x0a, 0x03, + 0x61, 0x64, 0x64, 0x18, 0x02, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x3c, 0x2e, 0x69, 0x73, 0x74, 0x69, + 0x6f, 0x2e, 0x6e, 0x65, 0x74, 0x77, 0x6f, 0x72, 0x6b, 0x69, 0x6e, 0x67, 0x2e, 0x76, 0x31, 0x61, + 0x6c, 0x70, 0x68, 0x61, 0x33, 0x2e, 0x48, 0x65, 0x61, 0x64, 0x65, 0x72, 0x73, 0x2e, 0x48, 0x65, + 0x61, 0x64, 0x65, 0x72, 0x4f, 0x70, 0x65, 0x72, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x73, 0x2e, 0x41, + 0x64, 0x64, 0x45, 0x6e, 0x74, 0x72, 0x79, 0x52, 0x03, 0x61, 0x64, 0x64, 0x12, 0x16, 0x0a, 0x06, + 0x72, 0x65, 0x6d, 0x6f, 0x76, 0x65, 0x18, 0x03, 0x20, 0x03, 0x28, 0x09, 0x52, 0x06, 0x72, 0x65, + 0x6d, 0x6f, 0x76, 0x65, 0x1a, 0x36, 0x0a, 0x08, 0x53, 0x65, 0x74, 0x45, 0x6e, 0x74, 0x72, 0x79, + 0x12, 0x10, 0x0a, 0x03, 0x6b, 0x65, 0x79, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x03, 0x6b, + 0x65, 0x79, 0x12, 0x14, 0x0a, 0x05, 0x76, 0x61, 0x6c, 0x75, 0x65, 0x18, 0x02, 0x20, 0x01, 0x28, + 0x09, 0x52, 0x05, 0x76, 0x61, 0x6c, 0x75, 0x65, 0x3a, 0x02, 0x38, 0x01, 0x1a, 0x36, 0x0a, 0x08, + 0x41, 0x64, 0x64, 0x45, 0x6e, 0x74, 0x72, 0x79, 0x12, 0x10, 0x0a, 0x03, 0x6b, 0x65, 0x79, 0x18, + 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x03, 0x6b, 0x65, 0x79, 0x12, 0x14, 0x0a, 0x05, 0x76, 0x61, + 0x6c, 0x75, 0x65, 0x18, 0x02, 0x20, 0x01, 0x28, 0x09, 0x52, 0x05, 0x76, 0x61, 0x6c, 0x75, 0x65, + 0x3a, 0x02, 0x38, 0x01, 0x22, 0x98, 0x01, 0x0a, 0x08, 0x54, 0x4c, 0x53, 0x52, 0x6f, 0x75, 0x74, + 0x65, 0x12, 0x49, 0x0a, 0x05, 0x6d, 0x61, 0x74, 0x63, 0x68, 0x18, 0x01, 0x20, 0x03, 0x28, 0x0b, + 0x32, 0x2d, 0x2e, 0x69, 0x73, 0x74, 0x69, 0x6f, 0x2e, 0x6e, 0x65, 0x74, 0x77, 0x6f, 0x72, 0x6b, + 0x69, 0x6e, 0x67, 0x2e, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x33, 0x2e, 0x54, 0x4c, 0x53, + 0x4d, 0x61, 0x74, 0x63, 0x68, 0x41, 0x74, 0x74, 0x72, 0x69, 0x62, 0x75, 0x74, 0x65, 0x73, 0x42, + 0x04, 0xe2, 0x41, 0x01, 0x02, 0x52, 0x05, 0x6d, 0x61, 0x74, 0x63, 0x68, 0x12, 0x41, 0x0a, 0x05, + 0x72, 0x6f, 0x75, 0x74, 0x65, 0x18, 0x02, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x2b, 0x2e, 0x69, 0x73, 0x74, 0x69, 0x6f, 0x2e, 0x6e, 0x65, 0x74, 0x77, 0x6f, 0x72, 0x6b, 0x69, 0x6e, 0x67, 0x2e, 0x76, - 0x31, 0x62, 0x65, 0x74, 0x61, 0x31, 0x2e, 0x53, 0x74, 0x72, 0x69, 0x6e, 0x67, 0x4d, 0x61, 0x74, - 0x63, 0x68, 0x52, 0x05, 0x76, 0x61, 0x6c, 0x75, 0x65, 0x3a, 0x02, 0x38, 0x01, 0x1a, 0x3f, 0x0a, - 0x11, 0x53, 0x6f, 0x75, 0x72, 0x63, 0x65, 0x4c, 0x61, 0x62, 0x65, 0x6c, 0x73, 0x45, 0x6e, 0x74, - 0x72, 0x79, 0x12, 0x10, 0x0a, 0x03, 0x6b, 0x65, 0x79, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, - 0x03, 0x6b, 0x65, 0x79, 0x12, 0x14, 0x0a, 0x05, 0x76, 0x61, 0x6c, 0x75, 0x65, 0x18, 0x02, 0x20, - 0x01, 0x28, 0x09, 0x52, 0x05, 0x76, 0x61, 0x6c, 0x75, 0x65, 0x3a, 0x02, 0x38, 0x01, 0x1a, 0x65, - 0x0a, 0x10, 0x51, 0x75, 0x65, 0x72, 0x79, 0x50, 0x61, 0x72, 0x61, 0x6d, 0x73, 0x45, 0x6e, 0x74, - 0x72, 0x79, 0x12, 0x10, 0x0a, 0x03, 0x6b, 0x65, 0x79, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, - 0x03, 0x6b, 0x65, 0x79, 0x12, 0x3b, 0x0a, 0x05, 0x76, 0x61, 0x6c, 0x75, 0x65, 0x18, 0x02, 0x20, - 0x01, 0x28, 0x0b, 0x32, 0x25, 0x2e, 0x69, 0x73, 0x74, 0x69, 0x6f, 0x2e, 0x6e, 0x65, 0x74, 0x77, - 0x6f, 0x72, 0x6b, 0x69, 0x6e, 0x67, 0x2e, 0x76, 0x31, 0x62, 0x65, 0x74, 0x61, 0x31, 0x2e, 0x53, - 0x74, 0x72, 0x69, 0x6e, 0x67, 0x4d, 0x61, 0x74, 0x63, 0x68, 0x52, 0x05, 0x76, 0x61, 0x6c, 0x75, - 0x65, 0x3a, 0x02, 0x38, 0x01, 0x1a, 0x68, 0x0a, 0x13, 0x57, 0x69, 0x74, 0x68, 0x6f, 0x75, 0x74, - 0x48, 0x65, 0x61, 0x64, 0x65, 0x72, 0x73, 0x45, 0x6e, 0x74, 0x72, 0x79, 0x12, 0x10, 0x0a, 0x03, - 0x6b, 0x65, 0x79, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x03, 0x6b, 0x65, 0x79, 0x12, 0x3b, - 0x0a, 0x05, 0x76, 0x61, 0x6c, 0x75, 0x65, 0x18, 0x02, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x25, 0x2e, + 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x33, 0x2e, 0x52, 0x6f, 0x75, 0x74, 0x65, 0x44, 0x65, 0x73, + 0x74, 0x69, 0x6e, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x52, 0x05, 0x72, 0x6f, 0x75, 0x74, 0x65, 0x22, + 0x91, 0x01, 0x0a, 0x08, 0x54, 0x43, 0x50, 0x52, 0x6f, 0x75, 0x74, 0x65, 0x12, 0x42, 0x0a, 0x05, + 0x6d, 0x61, 0x74, 0x63, 0x68, 0x18, 0x01, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x2c, 0x2e, 0x69, 0x73, + 0x74, 0x69, 0x6f, 0x2e, 0x6e, 0x65, 0x74, 0x77, 0x6f, 0x72, 0x6b, 0x69, 0x6e, 0x67, 0x2e, 0x76, + 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x33, 0x2e, 0x4c, 0x34, 0x4d, 0x61, 0x74, 0x63, 0x68, 0x41, + 0x74, 0x74, 0x72, 0x69, 0x62, 0x75, 0x74, 0x65, 0x73, 0x52, 0x05, 0x6d, 0x61, 0x74, 0x63, 0x68, + 0x12, 0x41, 0x0a, 0x05, 0x72, 0x6f, 0x75, 0x74, 0x65, 0x18, 0x02, 0x20, 0x03, 0x28, 0x0b, 0x32, + 0x2b, 0x2e, 0x69, 0x73, 0x74, 0x69, 0x6f, 0x2e, 0x6e, 0x65, 0x74, 0x77, 0x6f, 0x72, 0x6b, 0x69, + 0x6e, 0x67, 0x2e, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x33, 0x2e, 0x52, 0x6f, 0x75, 0x74, + 0x65, 0x44, 0x65, 0x73, 0x74, 0x69, 0x6e, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x52, 0x05, 0x72, 0x6f, + 0x75, 0x74, 0x65, 0x22, 0xc5, 0x09, 0x0a, 0x10, 0x48, 0x54, 0x54, 0x50, 0x4d, 0x61, 0x74, 0x63, + 0x68, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x12, 0x12, 0x0a, 0x04, 0x6e, 0x61, 0x6d, 0x65, + 0x18, 0x0b, 0x20, 0x01, 0x28, 0x09, 0x52, 0x04, 0x6e, 0x61, 0x6d, 0x65, 0x12, 0x38, 0x0a, 0x03, + 0x75, 0x72, 0x69, 0x18, 0x01, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x26, 0x2e, 0x69, 0x73, 0x74, 0x69, + 0x6f, 0x2e, 0x6e, 0x65, 0x74, 0x77, 0x6f, 0x72, 0x6b, 0x69, 0x6e, 0x67, 0x2e, 0x76, 0x31, 0x61, + 0x6c, 0x70, 0x68, 0x61, 0x33, 0x2e, 0x53, 0x74, 0x72, 0x69, 0x6e, 0x67, 0x4d, 0x61, 0x74, 0x63, + 0x68, 0x52, 0x03, 0x75, 0x72, 0x69, 0x12, 0x3e, 0x0a, 0x06, 0x73, 0x63, 0x68, 0x65, 0x6d, 0x65, + 0x18, 0x02, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x26, 0x2e, 0x69, 0x73, 0x74, 0x69, 0x6f, 0x2e, 0x6e, + 0x65, 0x74, 0x77, 0x6f, 0x72, 0x6b, 0x69, 0x6e, 0x67, 0x2e, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, + 0x61, 0x33, 0x2e, 0x53, 0x74, 0x72, 0x69, 0x6e, 0x67, 0x4d, 0x61, 0x74, 0x63, 0x68, 0x52, 0x06, + 0x73, 0x63, 0x68, 0x65, 0x6d, 0x65, 0x12, 0x3e, 0x0a, 0x06, 0x6d, 0x65, 0x74, 0x68, 0x6f, 0x64, + 0x18, 0x03, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x26, 0x2e, 0x69, 0x73, 0x74, 0x69, 0x6f, 0x2e, 0x6e, + 0x65, 0x74, 0x77, 0x6f, 0x72, 0x6b, 0x69, 0x6e, 0x67, 0x2e, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, + 0x61, 0x33, 0x2e, 0x53, 0x74, 0x72, 0x69, 0x6e, 0x67, 0x4d, 0x61, 0x74, 0x63, 0x68, 0x52, 0x06, + 0x6d, 0x65, 0x74, 0x68, 0x6f, 0x64, 0x12, 0x44, 0x0a, 0x09, 0x61, 0x75, 0x74, 0x68, 0x6f, 0x72, + 0x69, 0x74, 0x79, 0x18, 0x04, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x26, 0x2e, 0x69, 0x73, 0x74, 0x69, + 0x6f, 0x2e, 0x6e, 0x65, 0x74, 0x77, 0x6f, 0x72, 0x6b, 0x69, 0x6e, 0x67, 0x2e, 0x76, 0x31, 0x61, + 0x6c, 0x70, 0x68, 0x61, 0x33, 0x2e, 0x53, 0x74, 0x72, 0x69, 0x6e, 0x67, 0x4d, 0x61, 0x74, 0x63, + 0x68, 0x52, 0x09, 0x61, 0x75, 0x74, 0x68, 0x6f, 0x72, 0x69, 0x74, 0x79, 0x12, 0x52, 0x0a, 0x07, + 0x68, 0x65, 0x61, 0x64, 0x65, 0x72, 0x73, 0x18, 0x05, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x38, 0x2e, 0x69, 0x73, 0x74, 0x69, 0x6f, 0x2e, 0x6e, 0x65, 0x74, 0x77, 0x6f, 0x72, 0x6b, 0x69, 0x6e, 0x67, - 0x2e, 0x76, 0x31, 0x62, 0x65, 0x74, 0x61, 0x31, 0x2e, 0x53, 0x74, 0x72, 0x69, 0x6e, 0x67, 0x4d, - 0x61, 0x74, 0x63, 0x68, 0x52, 0x05, 0x76, 0x61, 0x6c, 0x75, 0x65, 0x3a, 0x02, 0x38, 0x01, 0x22, - 0xa2, 0x02, 0x0a, 0x14, 0x48, 0x54, 0x54, 0x50, 0x52, 0x6f, 0x75, 0x74, 0x65, 0x44, 0x65, 0x73, - 0x74, 0x69, 0x6e, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x12, 0x4d, 0x0a, 0x0b, 0x64, 0x65, 0x73, 0x74, - 0x69, 0x6e, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x18, 0x01, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x25, 0x2e, + 0x2e, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x33, 0x2e, 0x48, 0x54, 0x54, 0x50, 0x4d, 0x61, + 0x74, 0x63, 0x68, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x2e, 0x48, 0x65, 0x61, 0x64, 0x65, + 0x72, 0x73, 0x45, 0x6e, 0x74, 0x72, 0x79, 0x52, 0x07, 0x68, 0x65, 0x61, 0x64, 0x65, 0x72, 0x73, + 0x12, 0x12, 0x0a, 0x04, 0x70, 0x6f, 0x72, 0x74, 0x18, 0x06, 0x20, 0x01, 0x28, 0x0d, 0x52, 0x04, + 0x70, 0x6f, 0x72, 0x74, 0x12, 0x62, 0x0a, 0x0d, 0x73, 0x6f, 0x75, 0x72, 0x63, 0x65, 0x5f, 0x6c, + 0x61, 0x62, 0x65, 0x6c, 0x73, 0x18, 0x07, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x3d, 0x2e, 0x69, 0x73, + 0x74, 0x69, 0x6f, 0x2e, 0x6e, 0x65, 0x74, 0x77, 0x6f, 0x72, 0x6b, 0x69, 0x6e, 0x67, 0x2e, 0x76, + 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x33, 0x2e, 0x48, 0x54, 0x54, 0x50, 0x4d, 0x61, 0x74, 0x63, + 0x68, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x2e, 0x53, 0x6f, 0x75, 0x72, 0x63, 0x65, 0x4c, + 0x61, 0x62, 0x65, 0x6c, 0x73, 0x45, 0x6e, 0x74, 0x72, 0x79, 0x52, 0x0c, 0x73, 0x6f, 0x75, 0x72, + 0x63, 0x65, 0x4c, 0x61, 0x62, 0x65, 0x6c, 0x73, 0x12, 0x1a, 0x0a, 0x08, 0x67, 0x61, 0x74, 0x65, + 0x77, 0x61, 0x79, 0x73, 0x18, 0x08, 0x20, 0x03, 0x28, 0x09, 0x52, 0x08, 0x67, 0x61, 0x74, 0x65, + 0x77, 0x61, 0x79, 0x73, 0x12, 0x5f, 0x0a, 0x0c, 0x71, 0x75, 0x65, 0x72, 0x79, 0x5f, 0x70, 0x61, + 0x72, 0x61, 0x6d, 0x73, 0x18, 0x09, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x3c, 0x2e, 0x69, 0x73, 0x74, + 0x69, 0x6f, 0x2e, 0x6e, 0x65, 0x74, 0x77, 0x6f, 0x72, 0x6b, 0x69, 0x6e, 0x67, 0x2e, 0x76, 0x31, + 0x61, 0x6c, 0x70, 0x68, 0x61, 0x33, 0x2e, 0x48, 0x54, 0x54, 0x50, 0x4d, 0x61, 0x74, 0x63, 0x68, + 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x2e, 0x51, 0x75, 0x65, 0x72, 0x79, 0x50, 0x61, 0x72, + 0x61, 0x6d, 0x73, 0x45, 0x6e, 0x74, 0x72, 0x79, 0x52, 0x0b, 0x71, 0x75, 0x65, 0x72, 0x79, 0x50, + 0x61, 0x72, 0x61, 0x6d, 0x73, 0x12, 0x26, 0x0a, 0x0f, 0x69, 0x67, 0x6e, 0x6f, 0x72, 0x65, 0x5f, + 0x75, 0x72, 0x69, 0x5f, 0x63, 0x61, 0x73, 0x65, 0x18, 0x0a, 0x20, 0x01, 0x28, 0x08, 0x52, 0x0d, + 0x69, 0x67, 0x6e, 0x6f, 0x72, 0x65, 0x55, 0x72, 0x69, 0x43, 0x61, 0x73, 0x65, 0x12, 0x68, 0x0a, + 0x0f, 0x77, 0x69, 0x74, 0x68, 0x6f, 0x75, 0x74, 0x5f, 0x68, 0x65, 0x61, 0x64, 0x65, 0x72, 0x73, + 0x18, 0x0c, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x3f, 0x2e, 0x69, 0x73, 0x74, 0x69, 0x6f, 0x2e, 0x6e, + 0x65, 0x74, 0x77, 0x6f, 0x72, 0x6b, 0x69, 0x6e, 0x67, 0x2e, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, + 0x61, 0x33, 0x2e, 0x48, 0x54, 0x54, 0x50, 0x4d, 0x61, 0x74, 0x63, 0x68, 0x52, 0x65, 0x71, 0x75, + 0x65, 0x73, 0x74, 0x2e, 0x57, 0x69, 0x74, 0x68, 0x6f, 0x75, 0x74, 0x48, 0x65, 0x61, 0x64, 0x65, + 0x72, 0x73, 0x45, 0x6e, 0x74, 0x72, 0x79, 0x52, 0x0e, 0x77, 0x69, 0x74, 0x68, 0x6f, 0x75, 0x74, + 0x48, 0x65, 0x61, 0x64, 0x65, 0x72, 0x73, 0x12, 0x29, 0x0a, 0x10, 0x73, 0x6f, 0x75, 0x72, 0x63, + 0x65, 0x5f, 0x6e, 0x61, 0x6d, 0x65, 0x73, 0x70, 0x61, 0x63, 0x65, 0x18, 0x0d, 0x20, 0x01, 0x28, + 0x09, 0x52, 0x0f, 0x73, 0x6f, 0x75, 0x72, 0x63, 0x65, 0x4e, 0x61, 0x6d, 0x65, 0x73, 0x70, 0x61, + 0x63, 0x65, 0x12, 0x1f, 0x0a, 0x0b, 0x73, 0x74, 0x61, 0x74, 0x5f, 0x70, 0x72, 0x65, 0x66, 0x69, + 0x78, 0x18, 0x0e, 0x20, 0x01, 0x28, 0x09, 0x52, 0x0a, 0x73, 0x74, 0x61, 0x74, 0x50, 0x72, 0x65, + 0x66, 0x69, 0x78, 0x1a, 0x62, 0x0a, 0x0c, 0x48, 0x65, 0x61, 0x64, 0x65, 0x72, 0x73, 0x45, 0x6e, + 0x74, 0x72, 0x79, 0x12, 0x10, 0x0a, 0x03, 0x6b, 0x65, 0x79, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, + 0x52, 0x03, 0x6b, 0x65, 0x79, 0x12, 0x3c, 0x0a, 0x05, 0x76, 0x61, 0x6c, 0x75, 0x65, 0x18, 0x02, + 0x20, 0x01, 0x28, 0x0b, 0x32, 0x26, 0x2e, 0x69, 0x73, 0x74, 0x69, 0x6f, 0x2e, 0x6e, 0x65, 0x74, + 0x77, 0x6f, 0x72, 0x6b, 0x69, 0x6e, 0x67, 0x2e, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x33, + 0x2e, 0x53, 0x74, 0x72, 0x69, 0x6e, 0x67, 0x4d, 0x61, 0x74, 0x63, 0x68, 0x52, 0x05, 0x76, 0x61, + 0x6c, 0x75, 0x65, 0x3a, 0x02, 0x38, 0x01, 0x1a, 0x3f, 0x0a, 0x11, 0x53, 0x6f, 0x75, 0x72, 0x63, + 0x65, 0x4c, 0x61, 0x62, 0x65, 0x6c, 0x73, 0x45, 0x6e, 0x74, 0x72, 0x79, 0x12, 0x10, 0x0a, 0x03, + 0x6b, 0x65, 0x79, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x03, 0x6b, 0x65, 0x79, 0x12, 0x14, + 0x0a, 0x05, 0x76, 0x61, 0x6c, 0x75, 0x65, 0x18, 0x02, 0x20, 0x01, 0x28, 0x09, 0x52, 0x05, 0x76, + 0x61, 0x6c, 0x75, 0x65, 0x3a, 0x02, 0x38, 0x01, 0x1a, 0x66, 0x0a, 0x10, 0x51, 0x75, 0x65, 0x72, + 0x79, 0x50, 0x61, 0x72, 0x61, 0x6d, 0x73, 0x45, 0x6e, 0x74, 0x72, 0x79, 0x12, 0x10, 0x0a, 0x03, + 0x6b, 0x65, 0x79, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x03, 0x6b, 0x65, 0x79, 0x12, 0x3c, + 0x0a, 0x05, 0x76, 0x61, 0x6c, 0x75, 0x65, 0x18, 0x02, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x26, 0x2e, 0x69, 0x73, 0x74, 0x69, 0x6f, 0x2e, 0x6e, 0x65, 0x74, 0x77, 0x6f, 0x72, 0x6b, 0x69, 0x6e, 0x67, - 0x2e, 0x76, 0x31, 0x62, 0x65, 0x74, 0x61, 0x31, 0x2e, 0x44, 0x65, 0x73, 0x74, 0x69, 0x6e, 0x61, - 0x74, 0x69, 0x6f, 0x6e, 0x42, 0x04, 0xe2, 0x41, 0x01, 0x02, 0x52, 0x0b, 0x64, 0x65, 0x73, 0x74, - 0x69, 0x6e, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x12, 0x16, 0x0a, 0x06, 0x77, 0x65, 0x69, 0x67, 0x68, - 0x74, 0x18, 0x02, 0x20, 0x01, 0x28, 0x05, 0x52, 0x06, 0x77, 0x65, 0x69, 0x67, 0x68, 0x74, 0x12, - 0x3b, 0x0a, 0x07, 0x68, 0x65, 0x61, 0x64, 0x65, 0x72, 0x73, 0x18, 0x07, 0x20, 0x01, 0x28, 0x0b, - 0x32, 0x21, 0x2e, 0x69, 0x73, 0x74, 0x69, 0x6f, 0x2e, 0x6e, 0x65, 0x74, 0x77, 0x6f, 0x72, 0x6b, - 0x69, 0x6e, 0x67, 0x2e, 0x76, 0x31, 0x62, 0x65, 0x74, 0x61, 0x31, 0x2e, 0x48, 0x65, 0x61, 0x64, - 0x65, 0x72, 0x73, 0x52, 0x07, 0x68, 0x65, 0x61, 0x64, 0x65, 0x72, 0x73, 0x4a, 0x04, 0x08, 0x03, - 0x10, 0x07, 0x52, 0x17, 0x72, 0x65, 0x6d, 0x6f, 0x76, 0x65, 0x5f, 0x72, 0x65, 0x73, 0x70, 0x6f, - 0x6e, 0x73, 0x65, 0x5f, 0x68, 0x65, 0x61, 0x64, 0x65, 0x72, 0x73, 0x52, 0x17, 0x61, 0x70, 0x70, - 0x65, 0x6e, 0x64, 0x5f, 0x72, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x5f, 0x68, 0x65, 0x61, - 0x64, 0x65, 0x72, 0x73, 0x52, 0x16, 0x72, 0x65, 0x6d, 0x6f, 0x76, 0x65, 0x5f, 0x72, 0x65, 0x71, - 0x75, 0x65, 0x73, 0x74, 0x5f, 0x68, 0x65, 0x61, 0x64, 0x65, 0x72, 0x73, 0x52, 0x16, 0x61, 0x70, - 0x70, 0x65, 0x6e, 0x64, 0x5f, 0x72, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x5f, 0x68, 0x65, 0x61, - 0x64, 0x65, 0x72, 0x73, 0x22, 0x79, 0x0a, 0x10, 0x52, 0x6f, 0x75, 0x74, 0x65, 0x44, 0x65, 0x73, - 0x74, 0x69, 0x6e, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x12, 0x4d, 0x0a, 0x0b, 0x64, 0x65, 0x73, 0x74, - 0x69, 0x6e, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x18, 0x01, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x25, 0x2e, + 0x2e, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x33, 0x2e, 0x53, 0x74, 0x72, 0x69, 0x6e, 0x67, + 0x4d, 0x61, 0x74, 0x63, 0x68, 0x52, 0x05, 0x76, 0x61, 0x6c, 0x75, 0x65, 0x3a, 0x02, 0x38, 0x01, + 0x1a, 0x69, 0x0a, 0x13, 0x57, 0x69, 0x74, 0x68, 0x6f, 0x75, 0x74, 0x48, 0x65, 0x61, 0x64, 0x65, + 0x72, 0x73, 0x45, 0x6e, 0x74, 0x72, 0x79, 0x12, 0x10, 0x0a, 0x03, 0x6b, 0x65, 0x79, 0x18, 0x01, + 0x20, 0x01, 0x28, 0x09, 0x52, 0x03, 0x6b, 0x65, 0x79, 0x12, 0x3c, 0x0a, 0x05, 0x76, 0x61, 0x6c, + 0x75, 0x65, 0x18, 0x02, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x26, 0x2e, 0x69, 0x73, 0x74, 0x69, 0x6f, + 0x2e, 0x6e, 0x65, 0x74, 0x77, 0x6f, 0x72, 0x6b, 0x69, 0x6e, 0x67, 0x2e, 0x76, 0x31, 0x61, 0x6c, + 0x70, 0x68, 0x61, 0x33, 0x2e, 0x53, 0x74, 0x72, 0x69, 0x6e, 0x67, 0x4d, 0x61, 0x74, 0x63, 0x68, + 0x52, 0x05, 0x76, 0x61, 0x6c, 0x75, 0x65, 0x3a, 0x02, 0x38, 0x01, 0x22, 0xa4, 0x02, 0x0a, 0x14, + 0x48, 0x54, 0x54, 0x50, 0x52, 0x6f, 0x75, 0x74, 0x65, 0x44, 0x65, 0x73, 0x74, 0x69, 0x6e, 0x61, + 0x74, 0x69, 0x6f, 0x6e, 0x12, 0x4e, 0x0a, 0x0b, 0x64, 0x65, 0x73, 0x74, 0x69, 0x6e, 0x61, 0x74, + 0x69, 0x6f, 0x6e, 0x18, 0x01, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x26, 0x2e, 0x69, 0x73, 0x74, 0x69, + 0x6f, 0x2e, 0x6e, 0x65, 0x74, 0x77, 0x6f, 0x72, 0x6b, 0x69, 0x6e, 0x67, 0x2e, 0x76, 0x31, 0x61, + 0x6c, 0x70, 0x68, 0x61, 0x33, 0x2e, 0x44, 0x65, 0x73, 0x74, 0x69, 0x6e, 0x61, 0x74, 0x69, 0x6f, + 0x6e, 0x42, 0x04, 0xe2, 0x41, 0x01, 0x02, 0x52, 0x0b, 0x64, 0x65, 0x73, 0x74, 0x69, 0x6e, 0x61, + 0x74, 0x69, 0x6f, 0x6e, 0x12, 0x16, 0x0a, 0x06, 0x77, 0x65, 0x69, 0x67, 0x68, 0x74, 0x18, 0x02, + 0x20, 0x01, 0x28, 0x05, 0x52, 0x06, 0x77, 0x65, 0x69, 0x67, 0x68, 0x74, 0x12, 0x3c, 0x0a, 0x07, + 0x68, 0x65, 0x61, 0x64, 0x65, 0x72, 0x73, 0x18, 0x07, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x22, 0x2e, 0x69, 0x73, 0x74, 0x69, 0x6f, 0x2e, 0x6e, 0x65, 0x74, 0x77, 0x6f, 0x72, 0x6b, 0x69, 0x6e, 0x67, - 0x2e, 0x76, 0x31, 0x62, 0x65, 0x74, 0x61, 0x31, 0x2e, 0x44, 0x65, 0x73, 0x74, 0x69, 0x6e, 0x61, - 0x74, 0x69, 0x6f, 0x6e, 0x42, 0x04, 0xe2, 0x41, 0x01, 0x02, 0x52, 0x0b, 0x64, 0x65, 0x73, 0x74, - 0x69, 0x6e, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x12, 0x16, 0x0a, 0x06, 0x77, 0x65, 0x69, 0x67, 0x68, - 0x74, 0x18, 0x02, 0x20, 0x01, 0x28, 0x05, 0x52, 0x06, 0x77, 0x65, 0x69, 0x67, 0x68, 0x74, 0x22, - 0xe9, 0x02, 0x0a, 0x11, 0x4c, 0x34, 0x4d, 0x61, 0x74, 0x63, 0x68, 0x41, 0x74, 0x74, 0x72, 0x69, - 0x62, 0x75, 0x74, 0x65, 0x73, 0x12, 0x2f, 0x0a, 0x13, 0x64, 0x65, 0x73, 0x74, 0x69, 0x6e, 0x61, - 0x74, 0x69, 0x6f, 0x6e, 0x5f, 0x73, 0x75, 0x62, 0x6e, 0x65, 0x74, 0x73, 0x18, 0x01, 0x20, 0x03, - 0x28, 0x09, 0x52, 0x12, 0x64, 0x65, 0x73, 0x74, 0x69, 0x6e, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x53, - 0x75, 0x62, 0x6e, 0x65, 0x74, 0x73, 0x12, 0x12, 0x0a, 0x04, 0x70, 0x6f, 0x72, 0x74, 0x18, 0x02, - 0x20, 0x01, 0x28, 0x0d, 0x52, 0x04, 0x70, 0x6f, 0x72, 0x74, 0x12, 0x23, 0x0a, 0x0d, 0x73, 0x6f, - 0x75, 0x72, 0x63, 0x65, 0x5f, 0x73, 0x75, 0x62, 0x6e, 0x65, 0x74, 0x18, 0x03, 0x20, 0x01, 0x28, - 0x09, 0x52, 0x0c, 0x73, 0x6f, 0x75, 0x72, 0x63, 0x65, 0x53, 0x75, 0x62, 0x6e, 0x65, 0x74, 0x12, - 0x62, 0x0a, 0x0d, 0x73, 0x6f, 0x75, 0x72, 0x63, 0x65, 0x5f, 0x6c, 0x61, 0x62, 0x65, 0x6c, 0x73, - 0x18, 0x04, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x3d, 0x2e, 0x69, 0x73, 0x74, 0x69, 0x6f, 0x2e, 0x6e, - 0x65, 0x74, 0x77, 0x6f, 0x72, 0x6b, 0x69, 0x6e, 0x67, 0x2e, 0x76, 0x31, 0x62, 0x65, 0x74, 0x61, - 0x31, 0x2e, 0x4c, 0x34, 0x4d, 0x61, 0x74, 0x63, 0x68, 0x41, 0x74, 0x74, 0x72, 0x69, 0x62, 0x75, + 0x2e, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x33, 0x2e, 0x48, 0x65, 0x61, 0x64, 0x65, 0x72, + 0x73, 0x52, 0x07, 0x68, 0x65, 0x61, 0x64, 0x65, 0x72, 0x73, 0x4a, 0x04, 0x08, 0x03, 0x10, 0x07, + 0x52, 0x17, 0x72, 0x65, 0x6d, 0x6f, 0x76, 0x65, 0x5f, 0x72, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, + 0x65, 0x5f, 0x68, 0x65, 0x61, 0x64, 0x65, 0x72, 0x73, 0x52, 0x17, 0x61, 0x70, 0x70, 0x65, 0x6e, + 0x64, 0x5f, 0x72, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x5f, 0x68, 0x65, 0x61, 0x64, 0x65, + 0x72, 0x73, 0x52, 0x16, 0x72, 0x65, 0x6d, 0x6f, 0x76, 0x65, 0x5f, 0x72, 0x65, 0x71, 0x75, 0x65, + 0x73, 0x74, 0x5f, 0x68, 0x65, 0x61, 0x64, 0x65, 0x72, 0x73, 0x52, 0x16, 0x61, 0x70, 0x70, 0x65, + 0x6e, 0x64, 0x5f, 0x72, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x5f, 0x68, 0x65, 0x61, 0x64, 0x65, + 0x72, 0x73, 0x22, 0x7a, 0x0a, 0x10, 0x52, 0x6f, 0x75, 0x74, 0x65, 0x44, 0x65, 0x73, 0x74, 0x69, + 0x6e, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x12, 0x4e, 0x0a, 0x0b, 0x64, 0x65, 0x73, 0x74, 0x69, 0x6e, + 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x18, 0x01, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x26, 0x2e, 0x69, 0x73, + 0x74, 0x69, 0x6f, 0x2e, 0x6e, 0x65, 0x74, 0x77, 0x6f, 0x72, 0x6b, 0x69, 0x6e, 0x67, 0x2e, 0x76, + 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x33, 0x2e, 0x44, 0x65, 0x73, 0x74, 0x69, 0x6e, 0x61, 0x74, + 0x69, 0x6f, 0x6e, 0x42, 0x04, 0xe2, 0x41, 0x01, 0x02, 0x52, 0x0b, 0x64, 0x65, 0x73, 0x74, 0x69, + 0x6e, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x12, 0x16, 0x0a, 0x06, 0x77, 0x65, 0x69, 0x67, 0x68, 0x74, + 0x18, 0x02, 0x20, 0x01, 0x28, 0x05, 0x52, 0x06, 0x77, 0x65, 0x69, 0x67, 0x68, 0x74, 0x22, 0xea, + 0x02, 0x0a, 0x11, 0x4c, 0x34, 0x4d, 0x61, 0x74, 0x63, 0x68, 0x41, 0x74, 0x74, 0x72, 0x69, 0x62, + 0x75, 0x74, 0x65, 0x73, 0x12, 0x2f, 0x0a, 0x13, 0x64, 0x65, 0x73, 0x74, 0x69, 0x6e, 0x61, 0x74, + 0x69, 0x6f, 0x6e, 0x5f, 0x73, 0x75, 0x62, 0x6e, 0x65, 0x74, 0x73, 0x18, 0x01, 0x20, 0x03, 0x28, + 0x09, 0x52, 0x12, 0x64, 0x65, 0x73, 0x74, 0x69, 0x6e, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x53, 0x75, + 0x62, 0x6e, 0x65, 0x74, 0x73, 0x12, 0x12, 0x0a, 0x04, 0x70, 0x6f, 0x72, 0x74, 0x18, 0x02, 0x20, + 0x01, 0x28, 0x0d, 0x52, 0x04, 0x70, 0x6f, 0x72, 0x74, 0x12, 0x23, 0x0a, 0x0d, 0x73, 0x6f, 0x75, + 0x72, 0x63, 0x65, 0x5f, 0x73, 0x75, 0x62, 0x6e, 0x65, 0x74, 0x18, 0x03, 0x20, 0x01, 0x28, 0x09, + 0x52, 0x0c, 0x73, 0x6f, 0x75, 0x72, 0x63, 0x65, 0x53, 0x75, 0x62, 0x6e, 0x65, 0x74, 0x12, 0x63, + 0x0a, 0x0d, 0x73, 0x6f, 0x75, 0x72, 0x63, 0x65, 0x5f, 0x6c, 0x61, 0x62, 0x65, 0x6c, 0x73, 0x18, + 0x04, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x3e, 0x2e, 0x69, 0x73, 0x74, 0x69, 0x6f, 0x2e, 0x6e, 0x65, + 0x74, 0x77, 0x6f, 0x72, 0x6b, 0x69, 0x6e, 0x67, 0x2e, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, + 0x33, 0x2e, 0x4c, 0x34, 0x4d, 0x61, 0x74, 0x63, 0x68, 0x41, 0x74, 0x74, 0x72, 0x69, 0x62, 0x75, 0x74, 0x65, 0x73, 0x2e, 0x53, 0x6f, 0x75, 0x72, 0x63, 0x65, 0x4c, 0x61, 0x62, 0x65, 0x6c, 0x73, 0x45, 0x6e, 0x74, 0x72, 0x79, 0x52, 0x0c, 0x73, 0x6f, 0x75, 0x72, 0x63, 0x65, 0x4c, 0x61, 0x62, 0x65, 0x6c, 0x73, 0x12, 0x1a, 0x0a, 0x08, 0x67, 0x61, 0x74, 0x65, 0x77, 0x61, 0x79, 0x73, 0x18, @@ -4247,7 +3763,7 @@ var file_networking_v1beta1_virtual_service_proto_rawDesc = []byte{ 0x75, 0x72, 0x63, 0x65, 0x4c, 0x61, 0x62, 0x65, 0x6c, 0x73, 0x45, 0x6e, 0x74, 0x72, 0x79, 0x12, 0x10, 0x0a, 0x03, 0x6b, 0x65, 0x79, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x03, 0x6b, 0x65, 0x79, 0x12, 0x14, 0x0a, 0x05, 0x76, 0x61, 0x6c, 0x75, 0x65, 0x18, 0x02, 0x20, 0x01, 0x28, 0x09, - 0x52, 0x05, 0x76, 0x61, 0x6c, 0x75, 0x65, 0x3a, 0x02, 0x38, 0x01, 0x22, 0xfe, 0x02, 0x0a, 0x12, + 0x52, 0x05, 0x76, 0x61, 0x6c, 0x75, 0x65, 0x3a, 0x02, 0x38, 0x01, 0x22, 0xff, 0x02, 0x0a, 0x12, 0x54, 0x4c, 0x53, 0x4d, 0x61, 0x74, 0x63, 0x68, 0x41, 0x74, 0x74, 0x72, 0x69, 0x62, 0x75, 0x74, 0x65, 0x73, 0x12, 0x21, 0x0a, 0x09, 0x73, 0x6e, 0x69, 0x5f, 0x68, 0x6f, 0x73, 0x74, 0x73, 0x18, 0x01, 0x20, 0x03, 0x28, 0x09, 0x42, 0x04, 0xe2, 0x41, 0x01, 0x02, 0x52, 0x08, 0x73, 0x6e, 0x69, @@ -4255,595 +3771,332 @@ var file_networking_v1beta1_virtual_service_proto_rawDesc = []byte{ 0x74, 0x69, 0x6f, 0x6e, 0x5f, 0x73, 0x75, 0x62, 0x6e, 0x65, 0x74, 0x73, 0x18, 0x02, 0x20, 0x03, 0x28, 0x09, 0x52, 0x12, 0x64, 0x65, 0x73, 0x74, 0x69, 0x6e, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x53, 0x75, 0x62, 0x6e, 0x65, 0x74, 0x73, 0x12, 0x12, 0x0a, 0x04, 0x70, 0x6f, 0x72, 0x74, 0x18, 0x03, - 0x20, 0x01, 0x28, 0x0d, 0x52, 0x04, 0x70, 0x6f, 0x72, 0x74, 0x12, 0x63, 0x0a, 0x0d, 0x73, 0x6f, + 0x20, 0x01, 0x28, 0x0d, 0x52, 0x04, 0x70, 0x6f, 0x72, 0x74, 0x12, 0x64, 0x0a, 0x0d, 0x73, 0x6f, 0x75, 0x72, 0x63, 0x65, 0x5f, 0x6c, 0x61, 0x62, 0x65, 0x6c, 0x73, 0x18, 0x05, 0x20, 0x03, 0x28, - 0x0b, 0x32, 0x3e, 0x2e, 0x69, 0x73, 0x74, 0x69, 0x6f, 0x2e, 0x6e, 0x65, 0x74, 0x77, 0x6f, 0x72, - 0x6b, 0x69, 0x6e, 0x67, 0x2e, 0x76, 0x31, 0x62, 0x65, 0x74, 0x61, 0x31, 0x2e, 0x54, 0x4c, 0x53, - 0x4d, 0x61, 0x74, 0x63, 0x68, 0x41, 0x74, 0x74, 0x72, 0x69, 0x62, 0x75, 0x74, 0x65, 0x73, 0x2e, - 0x53, 0x6f, 0x75, 0x72, 0x63, 0x65, 0x4c, 0x61, 0x62, 0x65, 0x6c, 0x73, 0x45, 0x6e, 0x74, 0x72, - 0x79, 0x52, 0x0c, 0x73, 0x6f, 0x75, 0x72, 0x63, 0x65, 0x4c, 0x61, 0x62, 0x65, 0x6c, 0x73, 0x12, - 0x1a, 0x0a, 0x08, 0x67, 0x61, 0x74, 0x65, 0x77, 0x61, 0x79, 0x73, 0x18, 0x06, 0x20, 0x03, 0x28, - 0x09, 0x52, 0x08, 0x67, 0x61, 0x74, 0x65, 0x77, 0x61, 0x79, 0x73, 0x12, 0x29, 0x0a, 0x10, 0x73, - 0x6f, 0x75, 0x72, 0x63, 0x65, 0x5f, 0x6e, 0x61, 0x6d, 0x65, 0x73, 0x70, 0x61, 0x63, 0x65, 0x18, - 0x07, 0x20, 0x01, 0x28, 0x09, 0x52, 0x0f, 0x73, 0x6f, 0x75, 0x72, 0x63, 0x65, 0x4e, 0x61, 0x6d, - 0x65, 0x73, 0x70, 0x61, 0x63, 0x65, 0x1a, 0x3f, 0x0a, 0x11, 0x53, 0x6f, 0x75, 0x72, 0x63, 0x65, - 0x4c, 0x61, 0x62, 0x65, 0x6c, 0x73, 0x45, 0x6e, 0x74, 0x72, 0x79, 0x12, 0x10, 0x0a, 0x03, 0x6b, - 0x65, 0x79, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x03, 0x6b, 0x65, 0x79, 0x12, 0x14, 0x0a, - 0x05, 0x76, 0x61, 0x6c, 0x75, 0x65, 0x18, 0x02, 0x20, 0x01, 0x28, 0x09, 0x52, 0x05, 0x76, 0x61, - 0x6c, 0x75, 0x65, 0x3a, 0x02, 0x38, 0x01, 0x4a, 0x04, 0x08, 0x04, 0x10, 0x05, 0x52, 0x0d, 0x73, - 0x6f, 0x75, 0x72, 0x63, 0x65, 0x5f, 0x73, 0x75, 0x62, 0x6e, 0x65, 0x74, 0x22, 0xce, 0x02, 0x0a, - 0x0c, 0x48, 0x54, 0x54, 0x50, 0x52, 0x65, 0x64, 0x69, 0x72, 0x65, 0x63, 0x74, 0x12, 0x10, 0x0a, - 0x03, 0x75, 0x72, 0x69, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x03, 0x75, 0x72, 0x69, 0x12, - 0x1c, 0x0a, 0x09, 0x61, 0x75, 0x74, 0x68, 0x6f, 0x72, 0x69, 0x74, 0x79, 0x18, 0x02, 0x20, 0x01, - 0x28, 0x09, 0x52, 0x09, 0x61, 0x75, 0x74, 0x68, 0x6f, 0x72, 0x69, 0x74, 0x79, 0x12, 0x14, 0x0a, - 0x04, 0x70, 0x6f, 0x72, 0x74, 0x18, 0x04, 0x20, 0x01, 0x28, 0x0d, 0x48, 0x00, 0x52, 0x04, 0x70, - 0x6f, 0x72, 0x74, 0x12, 0x5f, 0x0a, 0x0b, 0x64, 0x65, 0x72, 0x69, 0x76, 0x65, 0x5f, 0x70, 0x6f, - 0x72, 0x74, 0x18, 0x05, 0x20, 0x01, 0x28, 0x0e, 0x32, 0x3c, 0x2e, 0x69, 0x73, 0x74, 0x69, 0x6f, - 0x2e, 0x6e, 0x65, 0x74, 0x77, 0x6f, 0x72, 0x6b, 0x69, 0x6e, 0x67, 0x2e, 0x76, 0x31, 0x62, 0x65, - 0x74, 0x61, 0x31, 0x2e, 0x48, 0x54, 0x54, 0x50, 0x52, 0x65, 0x64, 0x69, 0x72, 0x65, 0x63, 0x74, - 0x2e, 0x52, 0x65, 0x64, 0x69, 0x72, 0x65, 0x63, 0x74, 0x50, 0x6f, 0x72, 0x74, 0x53, 0x65, 0x6c, - 0x65, 0x63, 0x74, 0x69, 0x6f, 0x6e, 0x48, 0x00, 0x52, 0x0a, 0x64, 0x65, 0x72, 0x69, 0x76, 0x65, - 0x50, 0x6f, 0x72, 0x74, 0x12, 0x16, 0x0a, 0x06, 0x73, 0x63, 0x68, 0x65, 0x6d, 0x65, 0x18, 0x06, - 0x20, 0x01, 0x28, 0x09, 0x52, 0x06, 0x73, 0x63, 0x68, 0x65, 0x6d, 0x65, 0x12, 0x23, 0x0a, 0x0d, - 0x72, 0x65, 0x64, 0x69, 0x72, 0x65, 0x63, 0x74, 0x5f, 0x63, 0x6f, 0x64, 0x65, 0x18, 0x03, 0x20, - 0x01, 0x28, 0x0d, 0x52, 0x0c, 0x72, 0x65, 0x64, 0x69, 0x72, 0x65, 0x63, 0x74, 0x43, 0x6f, 0x64, - 0x65, 0x22, 0x49, 0x0a, 0x15, 0x52, 0x65, 0x64, 0x69, 0x72, 0x65, 0x63, 0x74, 0x50, 0x6f, 0x72, - 0x74, 0x53, 0x65, 0x6c, 0x65, 0x63, 0x74, 0x69, 0x6f, 0x6e, 0x12, 0x19, 0x0a, 0x15, 0x46, 0x52, - 0x4f, 0x4d, 0x5f, 0x50, 0x52, 0x4f, 0x54, 0x4f, 0x43, 0x4f, 0x4c, 0x5f, 0x44, 0x45, 0x46, 0x41, - 0x55, 0x4c, 0x54, 0x10, 0x00, 0x12, 0x15, 0x0a, 0x11, 0x46, 0x52, 0x4f, 0x4d, 0x5f, 0x52, 0x45, - 0x51, 0x55, 0x45, 0x53, 0x54, 0x5f, 0x50, 0x4f, 0x52, 0x54, 0x10, 0x01, 0x42, 0x0f, 0x0a, 0x0d, - 0x72, 0x65, 0x64, 0x69, 0x72, 0x65, 0x63, 0x74, 0x5f, 0x70, 0x6f, 0x72, 0x74, 0x22, 0x6a, 0x0a, - 0x12, 0x48, 0x54, 0x54, 0x50, 0x44, 0x69, 0x72, 0x65, 0x63, 0x74, 0x52, 0x65, 0x73, 0x70, 0x6f, - 0x6e, 0x73, 0x65, 0x12, 0x1c, 0x0a, 0x06, 0x73, 0x74, 0x61, 0x74, 0x75, 0x73, 0x18, 0x01, 0x20, - 0x01, 0x28, 0x0d, 0x42, 0x04, 0xe2, 0x41, 0x01, 0x02, 0x52, 0x06, 0x73, 0x74, 0x61, 0x74, 0x75, - 0x73, 0x12, 0x36, 0x0a, 0x04, 0x62, 0x6f, 0x64, 0x79, 0x18, 0x02, 0x20, 0x01, 0x28, 0x0b, 0x32, - 0x22, 0x2e, 0x69, 0x73, 0x74, 0x69, 0x6f, 0x2e, 0x6e, 0x65, 0x74, 0x77, 0x6f, 0x72, 0x6b, 0x69, - 0x6e, 0x67, 0x2e, 0x76, 0x31, 0x62, 0x65, 0x74, 0x61, 0x31, 0x2e, 0x48, 0x54, 0x54, 0x50, 0x42, - 0x6f, 0x64, 0x79, 0x52, 0x04, 0x62, 0x6f, 0x64, 0x79, 0x22, 0x49, 0x0a, 0x08, 0x48, 0x54, 0x54, - 0x50, 0x42, 0x6f, 0x64, 0x79, 0x12, 0x18, 0x0a, 0x06, 0x73, 0x74, 0x72, 0x69, 0x6e, 0x67, 0x18, - 0x01, 0x20, 0x01, 0x28, 0x09, 0x48, 0x00, 0x52, 0x06, 0x73, 0x74, 0x72, 0x69, 0x6e, 0x67, 0x12, - 0x16, 0x0a, 0x05, 0x62, 0x79, 0x74, 0x65, 0x73, 0x18, 0x02, 0x20, 0x01, 0x28, 0x0c, 0x48, 0x00, - 0x52, 0x05, 0x62, 0x79, 0x74, 0x65, 0x73, 0x42, 0x0b, 0x0a, 0x09, 0x73, 0x70, 0x65, 0x63, 0x69, - 0x66, 0x69, 0x65, 0x72, 0x22, 0x3d, 0x0a, 0x0b, 0x48, 0x54, 0x54, 0x50, 0x52, 0x65, 0x77, 0x72, - 0x69, 0x74, 0x65, 0x12, 0x10, 0x0a, 0x03, 0x75, 0x72, 0x69, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, - 0x52, 0x03, 0x75, 0x72, 0x69, 0x12, 0x1c, 0x0a, 0x09, 0x61, 0x75, 0x74, 0x68, 0x6f, 0x72, 0x69, - 0x74, 0x79, 0x18, 0x02, 0x20, 0x01, 0x28, 0x09, 0x52, 0x09, 0x61, 0x75, 0x74, 0x68, 0x6f, 0x72, - 0x69, 0x74, 0x79, 0x22, 0x65, 0x0a, 0x0b, 0x53, 0x74, 0x72, 0x69, 0x6e, 0x67, 0x4d, 0x61, 0x74, - 0x63, 0x68, 0x12, 0x16, 0x0a, 0x05, 0x65, 0x78, 0x61, 0x63, 0x74, 0x18, 0x01, 0x20, 0x01, 0x28, - 0x09, 0x48, 0x00, 0x52, 0x05, 0x65, 0x78, 0x61, 0x63, 0x74, 0x12, 0x18, 0x0a, 0x06, 0x70, 0x72, - 0x65, 0x66, 0x69, 0x78, 0x18, 0x02, 0x20, 0x01, 0x28, 0x09, 0x48, 0x00, 0x52, 0x06, 0x70, 0x72, - 0x65, 0x66, 0x69, 0x78, 0x12, 0x16, 0x0a, 0x05, 0x72, 0x65, 0x67, 0x65, 0x78, 0x18, 0x03, 0x20, - 0x01, 0x28, 0x09, 0x48, 0x00, 0x52, 0x05, 0x72, 0x65, 0x67, 0x65, 0x78, 0x42, 0x0c, 0x0a, 0x0a, - 0x6d, 0x61, 0x74, 0x63, 0x68, 0x5f, 0x74, 0x79, 0x70, 0x65, 0x22, 0xdf, 0x01, 0x0a, 0x09, 0x48, - 0x54, 0x54, 0x50, 0x52, 0x65, 0x74, 0x72, 0x79, 0x12, 0x20, 0x0a, 0x08, 0x61, 0x74, 0x74, 0x65, - 0x6d, 0x70, 0x74, 0x73, 0x18, 0x01, 0x20, 0x01, 0x28, 0x05, 0x42, 0x04, 0xe2, 0x41, 0x01, 0x02, - 0x52, 0x08, 0x61, 0x74, 0x74, 0x65, 0x6d, 0x70, 0x74, 0x73, 0x12, 0x41, 0x0a, 0x0f, 0x70, 0x65, - 0x72, 0x5f, 0x74, 0x72, 0x79, 0x5f, 0x74, 0x69, 0x6d, 0x65, 0x6f, 0x75, 0x74, 0x18, 0x02, 0x20, - 0x01, 0x28, 0x0b, 0x32, 0x19, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x70, 0x72, 0x6f, - 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2e, 0x44, 0x75, 0x72, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x52, 0x0d, - 0x70, 0x65, 0x72, 0x54, 0x72, 0x79, 0x54, 0x69, 0x6d, 0x65, 0x6f, 0x75, 0x74, 0x12, 0x19, 0x0a, - 0x08, 0x72, 0x65, 0x74, 0x72, 0x79, 0x5f, 0x6f, 0x6e, 0x18, 0x03, 0x20, 0x01, 0x28, 0x09, 0x52, - 0x07, 0x72, 0x65, 0x74, 0x72, 0x79, 0x4f, 0x6e, 0x12, 0x52, 0x0a, 0x17, 0x72, 0x65, 0x74, 0x72, - 0x79, 0x5f, 0x72, 0x65, 0x6d, 0x6f, 0x74, 0x65, 0x5f, 0x6c, 0x6f, 0x63, 0x61, 0x6c, 0x69, 0x74, - 0x69, 0x65, 0x73, 0x18, 0x04, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x1a, 0x2e, 0x67, 0x6f, 0x6f, 0x67, - 0x6c, 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2e, 0x42, 0x6f, 0x6f, 0x6c, - 0x56, 0x61, 0x6c, 0x75, 0x65, 0x52, 0x15, 0x72, 0x65, 0x74, 0x72, 0x79, 0x52, 0x65, 0x6d, 0x6f, - 0x74, 0x65, 0x4c, 0x6f, 0x63, 0x61, 0x6c, 0x69, 0x74, 0x69, 0x65, 0x73, 0x22, 0xed, 0x02, 0x0a, - 0x0a, 0x43, 0x6f, 0x72, 0x73, 0x50, 0x6f, 0x6c, 0x69, 0x63, 0x79, 0x12, 0x25, 0x0a, 0x0c, 0x61, - 0x6c, 0x6c, 0x6f, 0x77, 0x5f, 0x6f, 0x72, 0x69, 0x67, 0x69, 0x6e, 0x18, 0x01, 0x20, 0x03, 0x28, - 0x09, 0x42, 0x02, 0x18, 0x01, 0x52, 0x0b, 0x61, 0x6c, 0x6c, 0x6f, 0x77, 0x4f, 0x72, 0x69, 0x67, - 0x69, 0x6e, 0x12, 0x4a, 0x0a, 0x0d, 0x61, 0x6c, 0x6c, 0x6f, 0x77, 0x5f, 0x6f, 0x72, 0x69, 0x67, - 0x69, 0x6e, 0x73, 0x18, 0x07, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x25, 0x2e, 0x69, 0x73, 0x74, 0x69, - 0x6f, 0x2e, 0x6e, 0x65, 0x74, 0x77, 0x6f, 0x72, 0x6b, 0x69, 0x6e, 0x67, 0x2e, 0x76, 0x31, 0x62, - 0x65, 0x74, 0x61, 0x31, 0x2e, 0x53, 0x74, 0x72, 0x69, 0x6e, 0x67, 0x4d, 0x61, 0x74, 0x63, 0x68, - 0x52, 0x0c, 0x61, 0x6c, 0x6c, 0x6f, 0x77, 0x4f, 0x72, 0x69, 0x67, 0x69, 0x6e, 0x73, 0x12, 0x23, - 0x0a, 0x0d, 0x61, 0x6c, 0x6c, 0x6f, 0x77, 0x5f, 0x6d, 0x65, 0x74, 0x68, 0x6f, 0x64, 0x73, 0x18, - 0x02, 0x20, 0x03, 0x28, 0x09, 0x52, 0x0c, 0x61, 0x6c, 0x6c, 0x6f, 0x77, 0x4d, 0x65, 0x74, 0x68, - 0x6f, 0x64, 0x73, 0x12, 0x23, 0x0a, 0x0d, 0x61, 0x6c, 0x6c, 0x6f, 0x77, 0x5f, 0x68, 0x65, 0x61, - 0x64, 0x65, 0x72, 0x73, 0x18, 0x03, 0x20, 0x03, 0x28, 0x09, 0x52, 0x0c, 0x61, 0x6c, 0x6c, 0x6f, - 0x77, 0x48, 0x65, 0x61, 0x64, 0x65, 0x72, 0x73, 0x12, 0x25, 0x0a, 0x0e, 0x65, 0x78, 0x70, 0x6f, - 0x73, 0x65, 0x5f, 0x68, 0x65, 0x61, 0x64, 0x65, 0x72, 0x73, 0x18, 0x04, 0x20, 0x03, 0x28, 0x09, - 0x52, 0x0d, 0x65, 0x78, 0x70, 0x6f, 0x73, 0x65, 0x48, 0x65, 0x61, 0x64, 0x65, 0x72, 0x73, 0x12, - 0x32, 0x0a, 0x07, 0x6d, 0x61, 0x78, 0x5f, 0x61, 0x67, 0x65, 0x18, 0x05, 0x20, 0x01, 0x28, 0x0b, - 0x32, 0x19, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, - 0x75, 0x66, 0x2e, 0x44, 0x75, 0x72, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x52, 0x06, 0x6d, 0x61, 0x78, - 0x41, 0x67, 0x65, 0x12, 0x47, 0x0a, 0x11, 0x61, 0x6c, 0x6c, 0x6f, 0x77, 0x5f, 0x63, 0x72, 0x65, - 0x64, 0x65, 0x6e, 0x74, 0x69, 0x61, 0x6c, 0x73, 0x18, 0x06, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x1a, - 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, - 0x2e, 0x42, 0x6f, 0x6f, 0x6c, 0x56, 0x61, 0x6c, 0x75, 0x65, 0x52, 0x10, 0x61, 0x6c, 0x6c, 0x6f, - 0x77, 0x43, 0x72, 0x65, 0x64, 0x65, 0x6e, 0x74, 0x69, 0x61, 0x6c, 0x73, 0x22, 0x8d, 0x05, 0x0a, - 0x12, 0x48, 0x54, 0x54, 0x50, 0x46, 0x61, 0x75, 0x6c, 0x74, 0x49, 0x6e, 0x6a, 0x65, 0x63, 0x74, - 0x69, 0x6f, 0x6e, 0x12, 0x48, 0x0a, 0x05, 0x64, 0x65, 0x6c, 0x61, 0x79, 0x18, 0x01, 0x20, 0x01, - 0x28, 0x0b, 0x32, 0x32, 0x2e, 0x69, 0x73, 0x74, 0x69, 0x6f, 0x2e, 0x6e, 0x65, 0x74, 0x77, 0x6f, - 0x72, 0x6b, 0x69, 0x6e, 0x67, 0x2e, 0x76, 0x31, 0x62, 0x65, 0x74, 0x61, 0x31, 0x2e, 0x48, 0x54, - 0x54, 0x50, 0x46, 0x61, 0x75, 0x6c, 0x74, 0x49, 0x6e, 0x6a, 0x65, 0x63, 0x74, 0x69, 0x6f, 0x6e, - 0x2e, 0x44, 0x65, 0x6c, 0x61, 0x79, 0x52, 0x05, 0x64, 0x65, 0x6c, 0x61, 0x79, 0x12, 0x48, 0x0a, - 0x05, 0x61, 0x62, 0x6f, 0x72, 0x74, 0x18, 0x02, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x32, 0x2e, 0x69, + 0x0b, 0x32, 0x3f, 0x2e, 0x69, 0x73, 0x74, 0x69, 0x6f, 0x2e, 0x6e, 0x65, 0x74, 0x77, 0x6f, 0x72, + 0x6b, 0x69, 0x6e, 0x67, 0x2e, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x33, 0x2e, 0x54, 0x4c, + 0x53, 0x4d, 0x61, 0x74, 0x63, 0x68, 0x41, 0x74, 0x74, 0x72, 0x69, 0x62, 0x75, 0x74, 0x65, 0x73, + 0x2e, 0x53, 0x6f, 0x75, 0x72, 0x63, 0x65, 0x4c, 0x61, 0x62, 0x65, 0x6c, 0x73, 0x45, 0x6e, 0x74, + 0x72, 0x79, 0x52, 0x0c, 0x73, 0x6f, 0x75, 0x72, 0x63, 0x65, 0x4c, 0x61, 0x62, 0x65, 0x6c, 0x73, + 0x12, 0x1a, 0x0a, 0x08, 0x67, 0x61, 0x74, 0x65, 0x77, 0x61, 0x79, 0x73, 0x18, 0x06, 0x20, 0x03, + 0x28, 0x09, 0x52, 0x08, 0x67, 0x61, 0x74, 0x65, 0x77, 0x61, 0x79, 0x73, 0x12, 0x29, 0x0a, 0x10, + 0x73, 0x6f, 0x75, 0x72, 0x63, 0x65, 0x5f, 0x6e, 0x61, 0x6d, 0x65, 0x73, 0x70, 0x61, 0x63, 0x65, + 0x18, 0x07, 0x20, 0x01, 0x28, 0x09, 0x52, 0x0f, 0x73, 0x6f, 0x75, 0x72, 0x63, 0x65, 0x4e, 0x61, + 0x6d, 0x65, 0x73, 0x70, 0x61, 0x63, 0x65, 0x1a, 0x3f, 0x0a, 0x11, 0x53, 0x6f, 0x75, 0x72, 0x63, + 0x65, 0x4c, 0x61, 0x62, 0x65, 0x6c, 0x73, 0x45, 0x6e, 0x74, 0x72, 0x79, 0x12, 0x10, 0x0a, 0x03, + 0x6b, 0x65, 0x79, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x03, 0x6b, 0x65, 0x79, 0x12, 0x14, + 0x0a, 0x05, 0x76, 0x61, 0x6c, 0x75, 0x65, 0x18, 0x02, 0x20, 0x01, 0x28, 0x09, 0x52, 0x05, 0x76, + 0x61, 0x6c, 0x75, 0x65, 0x3a, 0x02, 0x38, 0x01, 0x4a, 0x04, 0x08, 0x04, 0x10, 0x05, 0x52, 0x0d, + 0x73, 0x6f, 0x75, 0x72, 0x63, 0x65, 0x5f, 0x73, 0x75, 0x62, 0x6e, 0x65, 0x74, 0x22, 0xcf, 0x02, + 0x0a, 0x0c, 0x48, 0x54, 0x54, 0x50, 0x52, 0x65, 0x64, 0x69, 0x72, 0x65, 0x63, 0x74, 0x12, 0x10, + 0x0a, 0x03, 0x75, 0x72, 0x69, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x03, 0x75, 0x72, 0x69, + 0x12, 0x1c, 0x0a, 0x09, 0x61, 0x75, 0x74, 0x68, 0x6f, 0x72, 0x69, 0x74, 0x79, 0x18, 0x02, 0x20, + 0x01, 0x28, 0x09, 0x52, 0x09, 0x61, 0x75, 0x74, 0x68, 0x6f, 0x72, 0x69, 0x74, 0x79, 0x12, 0x14, + 0x0a, 0x04, 0x70, 0x6f, 0x72, 0x74, 0x18, 0x04, 0x20, 0x01, 0x28, 0x0d, 0x48, 0x00, 0x52, 0x04, + 0x70, 0x6f, 0x72, 0x74, 0x12, 0x60, 0x0a, 0x0b, 0x64, 0x65, 0x72, 0x69, 0x76, 0x65, 0x5f, 0x70, + 0x6f, 0x72, 0x74, 0x18, 0x05, 0x20, 0x01, 0x28, 0x0e, 0x32, 0x3d, 0x2e, 0x69, 0x73, 0x74, 0x69, + 0x6f, 0x2e, 0x6e, 0x65, 0x74, 0x77, 0x6f, 0x72, 0x6b, 0x69, 0x6e, 0x67, 0x2e, 0x76, 0x31, 0x61, + 0x6c, 0x70, 0x68, 0x61, 0x33, 0x2e, 0x48, 0x54, 0x54, 0x50, 0x52, 0x65, 0x64, 0x69, 0x72, 0x65, + 0x63, 0x74, 0x2e, 0x52, 0x65, 0x64, 0x69, 0x72, 0x65, 0x63, 0x74, 0x50, 0x6f, 0x72, 0x74, 0x53, + 0x65, 0x6c, 0x65, 0x63, 0x74, 0x69, 0x6f, 0x6e, 0x48, 0x00, 0x52, 0x0a, 0x64, 0x65, 0x72, 0x69, + 0x76, 0x65, 0x50, 0x6f, 0x72, 0x74, 0x12, 0x16, 0x0a, 0x06, 0x73, 0x63, 0x68, 0x65, 0x6d, 0x65, + 0x18, 0x06, 0x20, 0x01, 0x28, 0x09, 0x52, 0x06, 0x73, 0x63, 0x68, 0x65, 0x6d, 0x65, 0x12, 0x23, + 0x0a, 0x0d, 0x72, 0x65, 0x64, 0x69, 0x72, 0x65, 0x63, 0x74, 0x5f, 0x63, 0x6f, 0x64, 0x65, 0x18, + 0x03, 0x20, 0x01, 0x28, 0x0d, 0x52, 0x0c, 0x72, 0x65, 0x64, 0x69, 0x72, 0x65, 0x63, 0x74, 0x43, + 0x6f, 0x64, 0x65, 0x22, 0x49, 0x0a, 0x15, 0x52, 0x65, 0x64, 0x69, 0x72, 0x65, 0x63, 0x74, 0x50, + 0x6f, 0x72, 0x74, 0x53, 0x65, 0x6c, 0x65, 0x63, 0x74, 0x69, 0x6f, 0x6e, 0x12, 0x19, 0x0a, 0x15, + 0x46, 0x52, 0x4f, 0x4d, 0x5f, 0x50, 0x52, 0x4f, 0x54, 0x4f, 0x43, 0x4f, 0x4c, 0x5f, 0x44, 0x45, + 0x46, 0x41, 0x55, 0x4c, 0x54, 0x10, 0x00, 0x12, 0x15, 0x0a, 0x11, 0x46, 0x52, 0x4f, 0x4d, 0x5f, + 0x52, 0x45, 0x51, 0x55, 0x45, 0x53, 0x54, 0x5f, 0x50, 0x4f, 0x52, 0x54, 0x10, 0x01, 0x42, 0x0f, + 0x0a, 0x0d, 0x72, 0x65, 0x64, 0x69, 0x72, 0x65, 0x63, 0x74, 0x5f, 0x70, 0x6f, 0x72, 0x74, 0x22, + 0x6b, 0x0a, 0x12, 0x48, 0x54, 0x54, 0x50, 0x44, 0x69, 0x72, 0x65, 0x63, 0x74, 0x52, 0x65, 0x73, + 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x12, 0x1c, 0x0a, 0x06, 0x73, 0x74, 0x61, 0x74, 0x75, 0x73, 0x18, + 0x01, 0x20, 0x01, 0x28, 0x0d, 0x42, 0x04, 0xe2, 0x41, 0x01, 0x02, 0x52, 0x06, 0x73, 0x74, 0x61, + 0x74, 0x75, 0x73, 0x12, 0x37, 0x0a, 0x04, 0x62, 0x6f, 0x64, 0x79, 0x18, 0x02, 0x20, 0x01, 0x28, + 0x0b, 0x32, 0x23, 0x2e, 0x69, 0x73, 0x74, 0x69, 0x6f, 0x2e, 0x6e, 0x65, 0x74, 0x77, 0x6f, 0x72, + 0x6b, 0x69, 0x6e, 0x67, 0x2e, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x33, 0x2e, 0x48, 0x54, + 0x54, 0x50, 0x42, 0x6f, 0x64, 0x79, 0x52, 0x04, 0x62, 0x6f, 0x64, 0x79, 0x22, 0x49, 0x0a, 0x08, + 0x48, 0x54, 0x54, 0x50, 0x42, 0x6f, 0x64, 0x79, 0x12, 0x18, 0x0a, 0x06, 0x73, 0x74, 0x72, 0x69, + 0x6e, 0x67, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x48, 0x00, 0x52, 0x06, 0x73, 0x74, 0x72, 0x69, + 0x6e, 0x67, 0x12, 0x16, 0x0a, 0x05, 0x62, 0x79, 0x74, 0x65, 0x73, 0x18, 0x02, 0x20, 0x01, 0x28, + 0x0c, 0x48, 0x00, 0x52, 0x05, 0x62, 0x79, 0x74, 0x65, 0x73, 0x42, 0x0b, 0x0a, 0x09, 0x73, 0x70, + 0x65, 0x63, 0x69, 0x66, 0x69, 0x65, 0x72, 0x22, 0x92, 0x01, 0x0a, 0x0b, 0x48, 0x54, 0x54, 0x50, + 0x52, 0x65, 0x77, 0x72, 0x69, 0x74, 0x65, 0x12, 0x10, 0x0a, 0x03, 0x75, 0x72, 0x69, 0x18, 0x01, + 0x20, 0x01, 0x28, 0x09, 0x52, 0x03, 0x75, 0x72, 0x69, 0x12, 0x1c, 0x0a, 0x09, 0x61, 0x75, 0x74, + 0x68, 0x6f, 0x72, 0x69, 0x74, 0x79, 0x18, 0x02, 0x20, 0x01, 0x28, 0x09, 0x52, 0x09, 0x61, 0x75, + 0x74, 0x68, 0x6f, 0x72, 0x69, 0x74, 0x79, 0x12, 0x53, 0x0a, 0x11, 0x75, 0x72, 0x69, 0x5f, 0x72, + 0x65, 0x67, 0x65, 0x78, 0x5f, 0x72, 0x65, 0x77, 0x72, 0x69, 0x74, 0x65, 0x18, 0x03, 0x20, 0x01, + 0x28, 0x0b, 0x32, 0x27, 0x2e, 0x69, 0x73, 0x74, 0x69, 0x6f, 0x2e, 0x6e, 0x65, 0x74, 0x77, 0x6f, + 0x72, 0x6b, 0x69, 0x6e, 0x67, 0x2e, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x33, 0x2e, 0x52, + 0x65, 0x67, 0x65, 0x78, 0x52, 0x65, 0x77, 0x72, 0x69, 0x74, 0x65, 0x52, 0x0f, 0x75, 0x72, 0x69, + 0x52, 0x65, 0x67, 0x65, 0x78, 0x52, 0x65, 0x77, 0x72, 0x69, 0x74, 0x65, 0x22, 0x3e, 0x0a, 0x0c, + 0x52, 0x65, 0x67, 0x65, 0x78, 0x52, 0x65, 0x77, 0x72, 0x69, 0x74, 0x65, 0x12, 0x14, 0x0a, 0x05, + 0x6d, 0x61, 0x74, 0x63, 0x68, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x05, 0x6d, 0x61, 0x74, + 0x63, 0x68, 0x12, 0x18, 0x0a, 0x07, 0x72, 0x65, 0x77, 0x72, 0x69, 0x74, 0x65, 0x18, 0x02, 0x20, + 0x01, 0x28, 0x09, 0x52, 0x07, 0x72, 0x65, 0x77, 0x72, 0x69, 0x74, 0x65, 0x22, 0x65, 0x0a, 0x0b, + 0x53, 0x74, 0x72, 0x69, 0x6e, 0x67, 0x4d, 0x61, 0x74, 0x63, 0x68, 0x12, 0x16, 0x0a, 0x05, 0x65, + 0x78, 0x61, 0x63, 0x74, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x48, 0x00, 0x52, 0x05, 0x65, 0x78, + 0x61, 0x63, 0x74, 0x12, 0x18, 0x0a, 0x06, 0x70, 0x72, 0x65, 0x66, 0x69, 0x78, 0x18, 0x02, 0x20, + 0x01, 0x28, 0x09, 0x48, 0x00, 0x52, 0x06, 0x70, 0x72, 0x65, 0x66, 0x69, 0x78, 0x12, 0x16, 0x0a, + 0x05, 0x72, 0x65, 0x67, 0x65, 0x78, 0x18, 0x03, 0x20, 0x01, 0x28, 0x09, 0x48, 0x00, 0x52, 0x05, + 0x72, 0x65, 0x67, 0x65, 0x78, 0x42, 0x0c, 0x0a, 0x0a, 0x6d, 0x61, 0x74, 0x63, 0x68, 0x5f, 0x74, + 0x79, 0x70, 0x65, 0x22, 0xd9, 0x01, 0x0a, 0x09, 0x48, 0x54, 0x54, 0x50, 0x52, 0x65, 0x74, 0x72, + 0x79, 0x12, 0x1a, 0x0a, 0x08, 0x61, 0x74, 0x74, 0x65, 0x6d, 0x70, 0x74, 0x73, 0x18, 0x01, 0x20, + 0x01, 0x28, 0x05, 0x52, 0x08, 0x61, 0x74, 0x74, 0x65, 0x6d, 0x70, 0x74, 0x73, 0x12, 0x41, 0x0a, + 0x0f, 0x70, 0x65, 0x72, 0x5f, 0x74, 0x72, 0x79, 0x5f, 0x74, 0x69, 0x6d, 0x65, 0x6f, 0x75, 0x74, + 0x18, 0x02, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x19, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, + 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2e, 0x44, 0x75, 0x72, 0x61, 0x74, 0x69, 0x6f, + 0x6e, 0x52, 0x0d, 0x70, 0x65, 0x72, 0x54, 0x72, 0x79, 0x54, 0x69, 0x6d, 0x65, 0x6f, 0x75, 0x74, + 0x12, 0x19, 0x0a, 0x08, 0x72, 0x65, 0x74, 0x72, 0x79, 0x5f, 0x6f, 0x6e, 0x18, 0x03, 0x20, 0x01, + 0x28, 0x09, 0x52, 0x07, 0x72, 0x65, 0x74, 0x72, 0x79, 0x4f, 0x6e, 0x12, 0x52, 0x0a, 0x17, 0x72, + 0x65, 0x74, 0x72, 0x79, 0x5f, 0x72, 0x65, 0x6d, 0x6f, 0x74, 0x65, 0x5f, 0x6c, 0x6f, 0x63, 0x61, + 0x6c, 0x69, 0x74, 0x69, 0x65, 0x73, 0x18, 0x04, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x1a, 0x2e, 0x67, + 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2e, 0x42, + 0x6f, 0x6f, 0x6c, 0x56, 0x61, 0x6c, 0x75, 0x65, 0x52, 0x15, 0x72, 0x65, 0x74, 0x72, 0x79, 0x52, + 0x65, 0x6d, 0x6f, 0x74, 0x65, 0x4c, 0x6f, 0x63, 0x61, 0x6c, 0x69, 0x74, 0x69, 0x65, 0x73, 0x22, + 0x9d, 0x04, 0x0a, 0x0a, 0x43, 0x6f, 0x72, 0x73, 0x50, 0x6f, 0x6c, 0x69, 0x63, 0x79, 0x12, 0x25, + 0x0a, 0x0c, 0x61, 0x6c, 0x6c, 0x6f, 0x77, 0x5f, 0x6f, 0x72, 0x69, 0x67, 0x69, 0x6e, 0x18, 0x01, + 0x20, 0x03, 0x28, 0x09, 0x42, 0x02, 0x18, 0x01, 0x52, 0x0b, 0x61, 0x6c, 0x6c, 0x6f, 0x77, 0x4f, + 0x72, 0x69, 0x67, 0x69, 0x6e, 0x12, 0x4b, 0x0a, 0x0d, 0x61, 0x6c, 0x6c, 0x6f, 0x77, 0x5f, 0x6f, + 0x72, 0x69, 0x67, 0x69, 0x6e, 0x73, 0x18, 0x07, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x26, 0x2e, 0x69, 0x73, 0x74, 0x69, 0x6f, 0x2e, 0x6e, 0x65, 0x74, 0x77, 0x6f, 0x72, 0x6b, 0x69, 0x6e, 0x67, 0x2e, - 0x76, 0x31, 0x62, 0x65, 0x74, 0x61, 0x31, 0x2e, 0x48, 0x54, 0x54, 0x50, 0x46, 0x61, 0x75, 0x6c, - 0x74, 0x49, 0x6e, 0x6a, 0x65, 0x63, 0x74, 0x69, 0x6f, 0x6e, 0x2e, 0x41, 0x62, 0x6f, 0x72, 0x74, - 0x52, 0x05, 0x61, 0x62, 0x6f, 0x72, 0x74, 0x1a, 0x89, 0x02, 0x0a, 0x05, 0x44, 0x65, 0x6c, 0x61, - 0x79, 0x12, 0x1c, 0x0a, 0x07, 0x70, 0x65, 0x72, 0x63, 0x65, 0x6e, 0x74, 0x18, 0x01, 0x20, 0x01, - 0x28, 0x05, 0x42, 0x02, 0x18, 0x01, 0x52, 0x07, 0x70, 0x65, 0x72, 0x63, 0x65, 0x6e, 0x74, 0x12, - 0x42, 0x0a, 0x0b, 0x66, 0x69, 0x78, 0x65, 0x64, 0x5f, 0x64, 0x65, 0x6c, 0x61, 0x79, 0x18, 0x02, + 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x33, 0x2e, 0x53, 0x74, 0x72, 0x69, 0x6e, 0x67, 0x4d, + 0x61, 0x74, 0x63, 0x68, 0x52, 0x0c, 0x61, 0x6c, 0x6c, 0x6f, 0x77, 0x4f, 0x72, 0x69, 0x67, 0x69, + 0x6e, 0x73, 0x12, 0x23, 0x0a, 0x0d, 0x61, 0x6c, 0x6c, 0x6f, 0x77, 0x5f, 0x6d, 0x65, 0x74, 0x68, + 0x6f, 0x64, 0x73, 0x18, 0x02, 0x20, 0x03, 0x28, 0x09, 0x52, 0x0c, 0x61, 0x6c, 0x6c, 0x6f, 0x77, + 0x4d, 0x65, 0x74, 0x68, 0x6f, 0x64, 0x73, 0x12, 0x23, 0x0a, 0x0d, 0x61, 0x6c, 0x6c, 0x6f, 0x77, + 0x5f, 0x68, 0x65, 0x61, 0x64, 0x65, 0x72, 0x73, 0x18, 0x03, 0x20, 0x03, 0x28, 0x09, 0x52, 0x0c, + 0x61, 0x6c, 0x6c, 0x6f, 0x77, 0x48, 0x65, 0x61, 0x64, 0x65, 0x72, 0x73, 0x12, 0x25, 0x0a, 0x0e, + 0x65, 0x78, 0x70, 0x6f, 0x73, 0x65, 0x5f, 0x68, 0x65, 0x61, 0x64, 0x65, 0x72, 0x73, 0x18, 0x04, + 0x20, 0x03, 0x28, 0x09, 0x52, 0x0d, 0x65, 0x78, 0x70, 0x6f, 0x73, 0x65, 0x48, 0x65, 0x61, 0x64, + 0x65, 0x72, 0x73, 0x12, 0x32, 0x0a, 0x07, 0x6d, 0x61, 0x78, 0x5f, 0x61, 0x67, 0x65, 0x18, 0x05, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x19, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x70, 0x72, - 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2e, 0x44, 0x75, 0x72, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x42, - 0x04, 0xe2, 0x41, 0x01, 0x02, 0x48, 0x00, 0x52, 0x0a, 0x66, 0x69, 0x78, 0x65, 0x64, 0x44, 0x65, - 0x6c, 0x61, 0x79, 0x12, 0x48, 0x0a, 0x11, 0x65, 0x78, 0x70, 0x6f, 0x6e, 0x65, 0x6e, 0x74, 0x69, - 0x61, 0x6c, 0x5f, 0x64, 0x65, 0x6c, 0x61, 0x79, 0x18, 0x03, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x19, - 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, - 0x2e, 0x44, 0x75, 0x72, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x48, 0x00, 0x52, 0x10, 0x65, 0x78, 0x70, - 0x6f, 0x6e, 0x65, 0x6e, 0x74, 0x69, 0x61, 0x6c, 0x44, 0x65, 0x6c, 0x61, 0x79, 0x12, 0x41, 0x0a, - 0x0a, 0x70, 0x65, 0x72, 0x63, 0x65, 0x6e, 0x74, 0x61, 0x67, 0x65, 0x18, 0x05, 0x20, 0x01, 0x28, - 0x0b, 0x32, 0x21, 0x2e, 0x69, 0x73, 0x74, 0x69, 0x6f, 0x2e, 0x6e, 0x65, 0x74, 0x77, 0x6f, 0x72, - 0x6b, 0x69, 0x6e, 0x67, 0x2e, 0x76, 0x31, 0x62, 0x65, 0x74, 0x61, 0x31, 0x2e, 0x50, 0x65, 0x72, + 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2e, 0x44, 0x75, 0x72, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x52, + 0x06, 0x6d, 0x61, 0x78, 0x41, 0x67, 0x65, 0x12, 0x47, 0x0a, 0x11, 0x61, 0x6c, 0x6c, 0x6f, 0x77, + 0x5f, 0x63, 0x72, 0x65, 0x64, 0x65, 0x6e, 0x74, 0x69, 0x61, 0x6c, 0x73, 0x18, 0x06, 0x20, 0x01, + 0x28, 0x0b, 0x32, 0x1a, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, + 0x6f, 0x62, 0x75, 0x66, 0x2e, 0x42, 0x6f, 0x6f, 0x6c, 0x56, 0x61, 0x6c, 0x75, 0x65, 0x52, 0x10, + 0x61, 0x6c, 0x6c, 0x6f, 0x77, 0x43, 0x72, 0x65, 0x64, 0x65, 0x6e, 0x74, 0x69, 0x61, 0x6c, 0x73, + 0x12, 0x6c, 0x0a, 0x14, 0x75, 0x6e, 0x6d, 0x61, 0x74, 0x63, 0x68, 0x65, 0x64, 0x5f, 0x70, 0x72, + 0x65, 0x66, 0x6c, 0x69, 0x67, 0x68, 0x74, 0x73, 0x18, 0x08, 0x20, 0x01, 0x28, 0x0e, 0x32, 0x39, + 0x2e, 0x69, 0x73, 0x74, 0x69, 0x6f, 0x2e, 0x6e, 0x65, 0x74, 0x77, 0x6f, 0x72, 0x6b, 0x69, 0x6e, + 0x67, 0x2e, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x33, 0x2e, 0x43, 0x6f, 0x72, 0x73, 0x50, + 0x6f, 0x6c, 0x69, 0x63, 0x79, 0x2e, 0x55, 0x6e, 0x6d, 0x61, 0x74, 0x63, 0x68, 0x65, 0x64, 0x50, + 0x72, 0x65, 0x66, 0x6c, 0x69, 0x67, 0x68, 0x74, 0x73, 0x52, 0x13, 0x75, 0x6e, 0x6d, 0x61, 0x74, + 0x63, 0x68, 0x65, 0x64, 0x50, 0x72, 0x65, 0x66, 0x6c, 0x69, 0x67, 0x68, 0x74, 0x73, 0x22, 0x3f, + 0x0a, 0x13, 0x55, 0x6e, 0x6d, 0x61, 0x74, 0x63, 0x68, 0x65, 0x64, 0x50, 0x72, 0x65, 0x66, 0x6c, + 0x69, 0x67, 0x68, 0x74, 0x73, 0x12, 0x0f, 0x0a, 0x0b, 0x55, 0x4e, 0x53, 0x50, 0x45, 0x43, 0x49, + 0x46, 0x49, 0x45, 0x44, 0x10, 0x00, 0x12, 0x0b, 0x0a, 0x07, 0x46, 0x4f, 0x52, 0x57, 0x41, 0x52, + 0x44, 0x10, 0x01, 0x12, 0x0a, 0x0a, 0x06, 0x49, 0x47, 0x4e, 0x4f, 0x52, 0x45, 0x10, 0x02, 0x22, + 0x85, 0x05, 0x0a, 0x12, 0x48, 0x54, 0x54, 0x50, 0x46, 0x61, 0x75, 0x6c, 0x74, 0x49, 0x6e, 0x6a, + 0x65, 0x63, 0x74, 0x69, 0x6f, 0x6e, 0x12, 0x49, 0x0a, 0x05, 0x64, 0x65, 0x6c, 0x61, 0x79, 0x18, + 0x01, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x33, 0x2e, 0x69, 0x73, 0x74, 0x69, 0x6f, 0x2e, 0x6e, 0x65, + 0x74, 0x77, 0x6f, 0x72, 0x6b, 0x69, 0x6e, 0x67, 0x2e, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, + 0x33, 0x2e, 0x48, 0x54, 0x54, 0x50, 0x46, 0x61, 0x75, 0x6c, 0x74, 0x49, 0x6e, 0x6a, 0x65, 0x63, + 0x74, 0x69, 0x6f, 0x6e, 0x2e, 0x44, 0x65, 0x6c, 0x61, 0x79, 0x52, 0x05, 0x64, 0x65, 0x6c, 0x61, + 0x79, 0x12, 0x49, 0x0a, 0x05, 0x61, 0x62, 0x6f, 0x72, 0x74, 0x18, 0x02, 0x20, 0x01, 0x28, 0x0b, + 0x32, 0x33, 0x2e, 0x69, 0x73, 0x74, 0x69, 0x6f, 0x2e, 0x6e, 0x65, 0x74, 0x77, 0x6f, 0x72, 0x6b, + 0x69, 0x6e, 0x67, 0x2e, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x33, 0x2e, 0x48, 0x54, 0x54, + 0x50, 0x46, 0x61, 0x75, 0x6c, 0x74, 0x49, 0x6e, 0x6a, 0x65, 0x63, 0x74, 0x69, 0x6f, 0x6e, 0x2e, + 0x41, 0x62, 0x6f, 0x72, 0x74, 0x52, 0x05, 0x61, 0x62, 0x6f, 0x72, 0x74, 0x1a, 0x84, 0x02, 0x0a, + 0x05, 0x44, 0x65, 0x6c, 0x61, 0x79, 0x12, 0x1c, 0x0a, 0x07, 0x70, 0x65, 0x72, 0x63, 0x65, 0x6e, + 0x74, 0x18, 0x01, 0x20, 0x01, 0x28, 0x05, 0x42, 0x02, 0x18, 0x01, 0x52, 0x07, 0x70, 0x65, 0x72, + 0x63, 0x65, 0x6e, 0x74, 0x12, 0x3c, 0x0a, 0x0b, 0x66, 0x69, 0x78, 0x65, 0x64, 0x5f, 0x64, 0x65, + 0x6c, 0x61, 0x79, 0x18, 0x02, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x19, 0x2e, 0x67, 0x6f, 0x6f, 0x67, + 0x6c, 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2e, 0x44, 0x75, 0x72, 0x61, + 0x74, 0x69, 0x6f, 0x6e, 0x48, 0x00, 0x52, 0x0a, 0x66, 0x69, 0x78, 0x65, 0x64, 0x44, 0x65, 0x6c, + 0x61, 0x79, 0x12, 0x48, 0x0a, 0x11, 0x65, 0x78, 0x70, 0x6f, 0x6e, 0x65, 0x6e, 0x74, 0x69, 0x61, + 0x6c, 0x5f, 0x64, 0x65, 0x6c, 0x61, 0x79, 0x18, 0x03, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x19, 0x2e, + 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2e, + 0x44, 0x75, 0x72, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x48, 0x00, 0x52, 0x10, 0x65, 0x78, 0x70, 0x6f, + 0x6e, 0x65, 0x6e, 0x74, 0x69, 0x61, 0x6c, 0x44, 0x65, 0x6c, 0x61, 0x79, 0x12, 0x42, 0x0a, 0x0a, + 0x70, 0x65, 0x72, 0x63, 0x65, 0x6e, 0x74, 0x61, 0x67, 0x65, 0x18, 0x05, 0x20, 0x01, 0x28, 0x0b, + 0x32, 0x22, 0x2e, 0x69, 0x73, 0x74, 0x69, 0x6f, 0x2e, 0x6e, 0x65, 0x74, 0x77, 0x6f, 0x72, 0x6b, + 0x69, 0x6e, 0x67, 0x2e, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x33, 0x2e, 0x50, 0x65, 0x72, 0x63, 0x65, 0x6e, 0x74, 0x52, 0x0a, 0x70, 0x65, 0x72, 0x63, 0x65, 0x6e, 0x74, 0x61, 0x67, 0x65, 0x42, 0x11, 0x0a, 0x0f, 0x68, 0x74, 0x74, 0x70, 0x5f, 0x64, 0x65, 0x6c, 0x61, 0x79, 0x5f, 0x74, - 0x79, 0x70, 0x65, 0x1a, 0xd6, 0x01, 0x0a, 0x05, 0x41, 0x62, 0x6f, 0x72, 0x74, 0x12, 0x27, 0x0a, + 0x79, 0x70, 0x65, 0x1a, 0xd1, 0x01, 0x0a, 0x05, 0x41, 0x62, 0x6f, 0x72, 0x74, 0x12, 0x21, 0x0a, 0x0b, 0x68, 0x74, 0x74, 0x70, 0x5f, 0x73, 0x74, 0x61, 0x74, 0x75, 0x73, 0x18, 0x02, 0x20, 0x01, - 0x28, 0x05, 0x42, 0x04, 0xe2, 0x41, 0x01, 0x02, 0x48, 0x00, 0x52, 0x0a, 0x68, 0x74, 0x74, 0x70, - 0x53, 0x74, 0x61, 0x74, 0x75, 0x73, 0x12, 0x21, 0x0a, 0x0b, 0x67, 0x72, 0x70, 0x63, 0x5f, 0x73, - 0x74, 0x61, 0x74, 0x75, 0x73, 0x18, 0x03, 0x20, 0x01, 0x28, 0x09, 0x48, 0x00, 0x52, 0x0a, 0x67, - 0x72, 0x70, 0x63, 0x53, 0x74, 0x61, 0x74, 0x75, 0x73, 0x12, 0x21, 0x0a, 0x0b, 0x68, 0x74, 0x74, - 0x70, 0x32, 0x5f, 0x65, 0x72, 0x72, 0x6f, 0x72, 0x18, 0x04, 0x20, 0x01, 0x28, 0x09, 0x48, 0x00, - 0x52, 0x0a, 0x68, 0x74, 0x74, 0x70, 0x32, 0x45, 0x72, 0x72, 0x6f, 0x72, 0x12, 0x41, 0x0a, 0x0a, - 0x70, 0x65, 0x72, 0x63, 0x65, 0x6e, 0x74, 0x61, 0x67, 0x65, 0x18, 0x05, 0x20, 0x01, 0x28, 0x0b, - 0x32, 0x21, 0x2e, 0x69, 0x73, 0x74, 0x69, 0x6f, 0x2e, 0x6e, 0x65, 0x74, 0x77, 0x6f, 0x72, 0x6b, - 0x69, 0x6e, 0x67, 0x2e, 0x76, 0x31, 0x62, 0x65, 0x74, 0x61, 0x31, 0x2e, 0x50, 0x65, 0x72, 0x63, - 0x65, 0x6e, 0x74, 0x52, 0x0a, 0x70, 0x65, 0x72, 0x63, 0x65, 0x6e, 0x74, 0x61, 0x67, 0x65, 0x42, - 0x0c, 0x0a, 0x0a, 0x65, 0x72, 0x72, 0x6f, 0x72, 0x5f, 0x74, 0x79, 0x70, 0x65, 0x4a, 0x04, 0x08, - 0x01, 0x10, 0x02, 0x52, 0x07, 0x70, 0x65, 0x72, 0x63, 0x65, 0x6e, 0x74, 0x22, 0x32, 0x0a, 0x0c, - 0x50, 0x6f, 0x72, 0x74, 0x53, 0x65, 0x6c, 0x65, 0x63, 0x74, 0x6f, 0x72, 0x12, 0x16, 0x0a, 0x06, - 0x6e, 0x75, 0x6d, 0x62, 0x65, 0x72, 0x18, 0x01, 0x20, 0x01, 0x28, 0x0d, 0x52, 0x06, 0x6e, 0x75, - 0x6d, 0x62, 0x65, 0x72, 0x4a, 0x04, 0x08, 0x02, 0x10, 0x03, 0x52, 0x04, 0x6e, 0x61, 0x6d, 0x65, - 0x22, 0x1f, 0x0a, 0x07, 0x50, 0x65, 0x72, 0x63, 0x65, 0x6e, 0x74, 0x12, 0x14, 0x0a, 0x05, 0x76, - 0x61, 0x6c, 0x75, 0x65, 0x18, 0x01, 0x20, 0x01, 0x28, 0x01, 0x52, 0x05, 0x76, 0x61, 0x6c, 0x75, - 0x65, 0x42, 0x21, 0x5a, 0x1f, 0x69, 0x73, 0x74, 0x69, 0x6f, 0x2e, 0x69, 0x6f, 0x2f, 0x61, 0x70, - 0x69, 0x2f, 0x6e, 0x65, 0x74, 0x77, 0x6f, 0x72, 0x6b, 0x69, 0x6e, 0x67, 0x2f, 0x76, 0x31, 0x62, - 0x65, 0x74, 0x61, 0x31, 0x62, 0x06, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x33, + 0x28, 0x05, 0x48, 0x00, 0x52, 0x0a, 0x68, 0x74, 0x74, 0x70, 0x53, 0x74, 0x61, 0x74, 0x75, 0x73, + 0x12, 0x21, 0x0a, 0x0b, 0x67, 0x72, 0x70, 0x63, 0x5f, 0x73, 0x74, 0x61, 0x74, 0x75, 0x73, 0x18, + 0x03, 0x20, 0x01, 0x28, 0x09, 0x48, 0x00, 0x52, 0x0a, 0x67, 0x72, 0x70, 0x63, 0x53, 0x74, 0x61, + 0x74, 0x75, 0x73, 0x12, 0x21, 0x0a, 0x0b, 0x68, 0x74, 0x74, 0x70, 0x32, 0x5f, 0x65, 0x72, 0x72, + 0x6f, 0x72, 0x18, 0x04, 0x20, 0x01, 0x28, 0x09, 0x48, 0x00, 0x52, 0x0a, 0x68, 0x74, 0x74, 0x70, + 0x32, 0x45, 0x72, 0x72, 0x6f, 0x72, 0x12, 0x42, 0x0a, 0x0a, 0x70, 0x65, 0x72, 0x63, 0x65, 0x6e, + 0x74, 0x61, 0x67, 0x65, 0x18, 0x05, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x22, 0x2e, 0x69, 0x73, 0x74, + 0x69, 0x6f, 0x2e, 0x6e, 0x65, 0x74, 0x77, 0x6f, 0x72, 0x6b, 0x69, 0x6e, 0x67, 0x2e, 0x76, 0x31, + 0x61, 0x6c, 0x70, 0x68, 0x61, 0x33, 0x2e, 0x50, 0x65, 0x72, 0x63, 0x65, 0x6e, 0x74, 0x52, 0x0a, + 0x70, 0x65, 0x72, 0x63, 0x65, 0x6e, 0x74, 0x61, 0x67, 0x65, 0x42, 0x0c, 0x0a, 0x0a, 0x65, 0x72, + 0x72, 0x6f, 0x72, 0x5f, 0x74, 0x79, 0x70, 0x65, 0x4a, 0x04, 0x08, 0x01, 0x10, 0x02, 0x52, 0x07, + 0x70, 0x65, 0x72, 0x63, 0x65, 0x6e, 0x74, 0x22, 0xa6, 0x01, 0x0a, 0x10, 0x48, 0x54, 0x54, 0x50, + 0x4d, 0x69, 0x72, 0x72, 0x6f, 0x72, 0x50, 0x6f, 0x6c, 0x69, 0x63, 0x79, 0x12, 0x4e, 0x0a, 0x0b, + 0x64, 0x65, 0x73, 0x74, 0x69, 0x6e, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x18, 0x01, 0x20, 0x01, 0x28, + 0x0b, 0x32, 0x26, 0x2e, 0x69, 0x73, 0x74, 0x69, 0x6f, 0x2e, 0x6e, 0x65, 0x74, 0x77, 0x6f, 0x72, + 0x6b, 0x69, 0x6e, 0x67, 0x2e, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x33, 0x2e, 0x44, 0x65, + 0x73, 0x74, 0x69, 0x6e, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x42, 0x04, 0xe2, 0x41, 0x01, 0x02, 0x52, + 0x0b, 0x64, 0x65, 0x73, 0x74, 0x69, 0x6e, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x12, 0x42, 0x0a, 0x0a, + 0x70, 0x65, 0x72, 0x63, 0x65, 0x6e, 0x74, 0x61, 0x67, 0x65, 0x18, 0x02, 0x20, 0x01, 0x28, 0x0b, + 0x32, 0x22, 0x2e, 0x69, 0x73, 0x74, 0x69, 0x6f, 0x2e, 0x6e, 0x65, 0x74, 0x77, 0x6f, 0x72, 0x6b, + 0x69, 0x6e, 0x67, 0x2e, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x33, 0x2e, 0x50, 0x65, 0x72, + 0x63, 0x65, 0x6e, 0x74, 0x52, 0x0a, 0x70, 0x65, 0x72, 0x63, 0x65, 0x6e, 0x74, 0x61, 0x67, 0x65, + 0x22, 0x32, 0x0a, 0x0c, 0x50, 0x6f, 0x72, 0x74, 0x53, 0x65, 0x6c, 0x65, 0x63, 0x74, 0x6f, 0x72, + 0x12, 0x16, 0x0a, 0x06, 0x6e, 0x75, 0x6d, 0x62, 0x65, 0x72, 0x18, 0x01, 0x20, 0x01, 0x28, 0x0d, + 0x52, 0x06, 0x6e, 0x75, 0x6d, 0x62, 0x65, 0x72, 0x4a, 0x04, 0x08, 0x02, 0x10, 0x03, 0x52, 0x04, + 0x6e, 0x61, 0x6d, 0x65, 0x22, 0x1f, 0x0a, 0x07, 0x50, 0x65, 0x72, 0x63, 0x65, 0x6e, 0x74, 0x12, + 0x14, 0x0a, 0x05, 0x76, 0x61, 0x6c, 0x75, 0x65, 0x18, 0x01, 0x20, 0x01, 0x28, 0x01, 0x52, 0x05, + 0x76, 0x61, 0x6c, 0x75, 0x65, 0x42, 0x22, 0x5a, 0x20, 0x69, 0x73, 0x74, 0x69, 0x6f, 0x2e, 0x69, + 0x6f, 0x2f, 0x61, 0x70, 0x69, 0x2f, 0x6e, 0x65, 0x74, 0x77, 0x6f, 0x72, 0x6b, 0x69, 0x6e, 0x67, + 0x2f, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x33, 0x62, 0x06, 0x70, 0x72, 0x6f, 0x74, 0x6f, + 0x33, } var ( - file_networking_v1beta1_virtual_service_proto_rawDescOnce sync.Once - file_networking_v1beta1_virtual_service_proto_rawDescData = file_networking_v1beta1_virtual_service_proto_rawDesc + file_networking_v1alpha3_virtual_service_proto_rawDescOnce sync.Once + file_networking_v1alpha3_virtual_service_proto_rawDescData = file_networking_v1alpha3_virtual_service_proto_rawDesc ) -func file_networking_v1beta1_virtual_service_proto_rawDescGZIP() []byte { - file_networking_v1beta1_virtual_service_proto_rawDescOnce.Do(func() { - file_networking_v1beta1_virtual_service_proto_rawDescData = protoimpl.X.CompressGZIP(file_networking_v1beta1_virtual_service_proto_rawDescData) +func file_networking_v1alpha3_virtual_service_proto_rawDescGZIP() []byte { + file_networking_v1alpha3_virtual_service_proto_rawDescOnce.Do(func() { + file_networking_v1alpha3_virtual_service_proto_rawDescData = protoimpl.X.CompressGZIP(file_networking_v1alpha3_virtual_service_proto_rawDescData) }) - return file_networking_v1beta1_virtual_service_proto_rawDescData -} - -var file_networking_v1beta1_virtual_service_proto_enumTypes = make([]protoimpl.EnumInfo, 1) -var file_networking_v1beta1_virtual_service_proto_msgTypes = make([]protoimpl.MessageInfo, 33) -var file_networking_v1beta1_virtual_service_proto_goTypes = []interface{}{ - (HTTPRedirect_RedirectPortSelection)(0), // 0: istio.networking.v1beta1.HTTPRedirect.RedirectPortSelection - (*VirtualService)(nil), // 1: istio.networking.v1beta1.VirtualService - (*Destination)(nil), // 2: istio.networking.v1beta1.Destination - (*HTTPRoute)(nil), // 3: istio.networking.v1beta1.HTTPRoute - (*Delegate)(nil), // 4: istio.networking.v1beta1.Delegate - (*Headers)(nil), // 5: istio.networking.v1beta1.Headers - (*TLSRoute)(nil), // 6: istio.networking.v1beta1.TLSRoute - (*TCPRoute)(nil), // 7: istio.networking.v1beta1.TCPRoute - (*HTTPMatchRequest)(nil), // 8: istio.networking.v1beta1.HTTPMatchRequest - (*HTTPRouteDestination)(nil), // 9: istio.networking.v1beta1.HTTPRouteDestination - (*RouteDestination)(nil), // 10: istio.networking.v1beta1.RouteDestination - (*L4MatchAttributes)(nil), // 11: istio.networking.v1beta1.L4MatchAttributes - (*TLSMatchAttributes)(nil), // 12: istio.networking.v1beta1.TLSMatchAttributes - (*HTTPRedirect)(nil), // 13: istio.networking.v1beta1.HTTPRedirect - (*HTTPDirectResponse)(nil), // 14: istio.networking.v1beta1.HTTPDirectResponse - (*HTTPBody)(nil), // 15: istio.networking.v1beta1.HTTPBody - (*HTTPRewrite)(nil), // 16: istio.networking.v1beta1.HTTPRewrite - (*StringMatch)(nil), // 17: istio.networking.v1beta1.StringMatch - (*HTTPRetry)(nil), // 18: istio.networking.v1beta1.HTTPRetry - (*CorsPolicy)(nil), // 19: istio.networking.v1beta1.CorsPolicy - (*HTTPFaultInjection)(nil), // 20: istio.networking.v1beta1.HTTPFaultInjection - (*PortSelector)(nil), // 21: istio.networking.v1beta1.PortSelector - (*Percent)(nil), // 22: istio.networking.v1beta1.Percent - (*Headers_HeaderOperations)(nil), // 23: istio.networking.v1beta1.Headers.HeaderOperations - nil, // 24: istio.networking.v1beta1.Headers.HeaderOperations.SetEntry - nil, // 25: istio.networking.v1beta1.Headers.HeaderOperations.AddEntry - nil, // 26: istio.networking.v1beta1.HTTPMatchRequest.HeadersEntry - nil, // 27: istio.networking.v1beta1.HTTPMatchRequest.SourceLabelsEntry - nil, // 28: istio.networking.v1beta1.HTTPMatchRequest.QueryParamsEntry - nil, // 29: istio.networking.v1beta1.HTTPMatchRequest.WithoutHeadersEntry - nil, // 30: istio.networking.v1beta1.L4MatchAttributes.SourceLabelsEntry - nil, // 31: istio.networking.v1beta1.TLSMatchAttributes.SourceLabelsEntry - (*HTTPFaultInjection_Delay)(nil), // 32: istio.networking.v1beta1.HTTPFaultInjection.Delay - (*HTTPFaultInjection_Abort)(nil), // 33: istio.networking.v1beta1.HTTPFaultInjection.Abort - (*duration.Duration)(nil), // 34: google.protobuf.Duration - (*wrappers.UInt32Value)(nil), // 35: google.protobuf.UInt32Value - (*wrappers.BoolValue)(nil), // 36: google.protobuf.BoolValue -} -var file_networking_v1beta1_virtual_service_proto_depIdxs = []int32{ - 3, // 0: istio.networking.v1beta1.VirtualService.http:type_name -> istio.networking.v1beta1.HTTPRoute - 6, // 1: istio.networking.v1beta1.VirtualService.tls:type_name -> istio.networking.v1beta1.TLSRoute - 7, // 2: istio.networking.v1beta1.VirtualService.tcp:type_name -> istio.networking.v1beta1.TCPRoute - 21, // 3: istio.networking.v1beta1.Destination.port:type_name -> istio.networking.v1beta1.PortSelector - 8, // 4: istio.networking.v1beta1.HTTPRoute.match:type_name -> istio.networking.v1beta1.HTTPMatchRequest - 9, // 5: istio.networking.v1beta1.HTTPRoute.route:type_name -> istio.networking.v1beta1.HTTPRouteDestination - 13, // 6: istio.networking.v1beta1.HTTPRoute.redirect:type_name -> istio.networking.v1beta1.HTTPRedirect - 14, // 7: istio.networking.v1beta1.HTTPRoute.direct_response:type_name -> istio.networking.v1beta1.HTTPDirectResponse - 4, // 8: istio.networking.v1beta1.HTTPRoute.delegate:type_name -> istio.networking.v1beta1.Delegate - 16, // 9: istio.networking.v1beta1.HTTPRoute.rewrite:type_name -> istio.networking.v1beta1.HTTPRewrite - 34, // 10: istio.networking.v1beta1.HTTPRoute.timeout:type_name -> google.protobuf.Duration - 18, // 11: istio.networking.v1beta1.HTTPRoute.retries:type_name -> istio.networking.v1beta1.HTTPRetry - 20, // 12: istio.networking.v1beta1.HTTPRoute.fault:type_name -> istio.networking.v1beta1.HTTPFaultInjection - 2, // 13: istio.networking.v1beta1.HTTPRoute.mirror:type_name -> istio.networking.v1beta1.Destination - 35, // 14: istio.networking.v1beta1.HTTPRoute.mirror_percent:type_name -> google.protobuf.UInt32Value - 22, // 15: istio.networking.v1beta1.HTTPRoute.mirror_percentage:type_name -> istio.networking.v1beta1.Percent - 19, // 16: istio.networking.v1beta1.HTTPRoute.cors_policy:type_name -> istio.networking.v1beta1.CorsPolicy - 5, // 17: istio.networking.v1beta1.HTTPRoute.headers:type_name -> istio.networking.v1beta1.Headers - 23, // 18: istio.networking.v1beta1.Headers.request:type_name -> istio.networking.v1beta1.Headers.HeaderOperations - 23, // 19: istio.networking.v1beta1.Headers.response:type_name -> istio.networking.v1beta1.Headers.HeaderOperations - 12, // 20: istio.networking.v1beta1.TLSRoute.match:type_name -> istio.networking.v1beta1.TLSMatchAttributes - 10, // 21: istio.networking.v1beta1.TLSRoute.route:type_name -> istio.networking.v1beta1.RouteDestination - 11, // 22: istio.networking.v1beta1.TCPRoute.match:type_name -> istio.networking.v1beta1.L4MatchAttributes - 10, // 23: istio.networking.v1beta1.TCPRoute.route:type_name -> istio.networking.v1beta1.RouteDestination - 17, // 24: istio.networking.v1beta1.HTTPMatchRequest.uri:type_name -> istio.networking.v1beta1.StringMatch - 17, // 25: istio.networking.v1beta1.HTTPMatchRequest.scheme:type_name -> istio.networking.v1beta1.StringMatch - 17, // 26: istio.networking.v1beta1.HTTPMatchRequest.method:type_name -> istio.networking.v1beta1.StringMatch - 17, // 27: istio.networking.v1beta1.HTTPMatchRequest.authority:type_name -> istio.networking.v1beta1.StringMatch - 26, // 28: istio.networking.v1beta1.HTTPMatchRequest.headers:type_name -> istio.networking.v1beta1.HTTPMatchRequest.HeadersEntry - 27, // 29: istio.networking.v1beta1.HTTPMatchRequest.source_labels:type_name -> istio.networking.v1beta1.HTTPMatchRequest.SourceLabelsEntry - 28, // 30: istio.networking.v1beta1.HTTPMatchRequest.query_params:type_name -> istio.networking.v1beta1.HTTPMatchRequest.QueryParamsEntry - 29, // 31: istio.networking.v1beta1.HTTPMatchRequest.without_headers:type_name -> istio.networking.v1beta1.HTTPMatchRequest.WithoutHeadersEntry - 2, // 32: istio.networking.v1beta1.HTTPRouteDestination.destination:type_name -> istio.networking.v1beta1.Destination - 5, // 33: istio.networking.v1beta1.HTTPRouteDestination.headers:type_name -> istio.networking.v1beta1.Headers - 2, // 34: istio.networking.v1beta1.RouteDestination.destination:type_name -> istio.networking.v1beta1.Destination - 30, // 35: istio.networking.v1beta1.L4MatchAttributes.source_labels:type_name -> istio.networking.v1beta1.L4MatchAttributes.SourceLabelsEntry - 31, // 36: istio.networking.v1beta1.TLSMatchAttributes.source_labels:type_name -> istio.networking.v1beta1.TLSMatchAttributes.SourceLabelsEntry - 0, // 37: istio.networking.v1beta1.HTTPRedirect.derive_port:type_name -> istio.networking.v1beta1.HTTPRedirect.RedirectPortSelection - 15, // 38: istio.networking.v1beta1.HTTPDirectResponse.body:type_name -> istio.networking.v1beta1.HTTPBody - 34, // 39: istio.networking.v1beta1.HTTPRetry.per_try_timeout:type_name -> google.protobuf.Duration - 36, // 40: istio.networking.v1beta1.HTTPRetry.retry_remote_localities:type_name -> google.protobuf.BoolValue - 17, // 41: istio.networking.v1beta1.CorsPolicy.allow_origins:type_name -> istio.networking.v1beta1.StringMatch - 34, // 42: istio.networking.v1beta1.CorsPolicy.max_age:type_name -> google.protobuf.Duration - 36, // 43: istio.networking.v1beta1.CorsPolicy.allow_credentials:type_name -> google.protobuf.BoolValue - 32, // 44: istio.networking.v1beta1.HTTPFaultInjection.delay:type_name -> istio.networking.v1beta1.HTTPFaultInjection.Delay - 33, // 45: istio.networking.v1beta1.HTTPFaultInjection.abort:type_name -> istio.networking.v1beta1.HTTPFaultInjection.Abort - 24, // 46: istio.networking.v1beta1.Headers.HeaderOperations.set:type_name -> istio.networking.v1beta1.Headers.HeaderOperations.SetEntry - 25, // 47: istio.networking.v1beta1.Headers.HeaderOperations.add:type_name -> istio.networking.v1beta1.Headers.HeaderOperations.AddEntry - 17, // 48: istio.networking.v1beta1.HTTPMatchRequest.HeadersEntry.value:type_name -> istio.networking.v1beta1.StringMatch - 17, // 49: istio.networking.v1beta1.HTTPMatchRequest.QueryParamsEntry.value:type_name -> istio.networking.v1beta1.StringMatch - 17, // 50: istio.networking.v1beta1.HTTPMatchRequest.WithoutHeadersEntry.value:type_name -> istio.networking.v1beta1.StringMatch - 34, // 51: istio.networking.v1beta1.HTTPFaultInjection.Delay.fixed_delay:type_name -> google.protobuf.Duration - 34, // 52: istio.networking.v1beta1.HTTPFaultInjection.Delay.exponential_delay:type_name -> google.protobuf.Duration - 22, // 53: istio.networking.v1beta1.HTTPFaultInjection.Delay.percentage:type_name -> istio.networking.v1beta1.Percent - 22, // 54: istio.networking.v1beta1.HTTPFaultInjection.Abort.percentage:type_name -> istio.networking.v1beta1.Percent - 55, // [55:55] is the sub-list for method output_type - 55, // [55:55] is the sub-list for method input_type - 55, // [55:55] is the sub-list for extension type_name - 55, // [55:55] is the sub-list for extension extendee - 0, // [0:55] is the sub-list for field type_name -} - -func init() { file_networking_v1beta1_virtual_service_proto_init() } -func file_networking_v1beta1_virtual_service_proto_init() { - if File_networking_v1beta1_virtual_service_proto != nil { + return file_networking_v1alpha3_virtual_service_proto_rawDescData +} + +var file_networking_v1alpha3_virtual_service_proto_enumTypes = make([]protoimpl.EnumInfo, 2) +var file_networking_v1alpha3_virtual_service_proto_msgTypes = make([]protoimpl.MessageInfo, 35) +var file_networking_v1alpha3_virtual_service_proto_goTypes = []any{ + (HTTPRedirect_RedirectPortSelection)(0), // 0: istio.networking.v1alpha3.HTTPRedirect.RedirectPortSelection + (CorsPolicy_UnmatchedPreflights)(0), // 1: istio.networking.v1alpha3.CorsPolicy.UnmatchedPreflights + (*VirtualService)(nil), // 2: istio.networking.v1alpha3.VirtualService + (*Destination)(nil), // 3: istio.networking.v1alpha3.Destination + (*HTTPRoute)(nil), // 4: istio.networking.v1alpha3.HTTPRoute + (*Delegate)(nil), // 5: istio.networking.v1alpha3.Delegate + (*Headers)(nil), // 6: istio.networking.v1alpha3.Headers + (*TLSRoute)(nil), // 7: istio.networking.v1alpha3.TLSRoute + (*TCPRoute)(nil), // 8: istio.networking.v1alpha3.TCPRoute + (*HTTPMatchRequest)(nil), // 9: istio.networking.v1alpha3.HTTPMatchRequest + (*HTTPRouteDestination)(nil), // 10: istio.networking.v1alpha3.HTTPRouteDestination + (*RouteDestination)(nil), // 11: istio.networking.v1alpha3.RouteDestination + (*L4MatchAttributes)(nil), // 12: istio.networking.v1alpha3.L4MatchAttributes + (*TLSMatchAttributes)(nil), // 13: istio.networking.v1alpha3.TLSMatchAttributes + (*HTTPRedirect)(nil), // 14: istio.networking.v1alpha3.HTTPRedirect + (*HTTPDirectResponse)(nil), // 15: istio.networking.v1alpha3.HTTPDirectResponse + (*HTTPBody)(nil), // 16: istio.networking.v1alpha3.HTTPBody + (*HTTPRewrite)(nil), // 17: istio.networking.v1alpha3.HTTPRewrite + (*RegexRewrite)(nil), // 18: istio.networking.v1alpha3.RegexRewrite + (*StringMatch)(nil), // 19: istio.networking.v1alpha3.StringMatch + (*HTTPRetry)(nil), // 20: istio.networking.v1alpha3.HTTPRetry + (*CorsPolicy)(nil), // 21: istio.networking.v1alpha3.CorsPolicy + (*HTTPFaultInjection)(nil), // 22: istio.networking.v1alpha3.HTTPFaultInjection + (*HTTPMirrorPolicy)(nil), // 23: istio.networking.v1alpha3.HTTPMirrorPolicy + (*PortSelector)(nil), // 24: istio.networking.v1alpha3.PortSelector + (*Percent)(nil), // 25: istio.networking.v1alpha3.Percent + (*Headers_HeaderOperations)(nil), // 26: istio.networking.v1alpha3.Headers.HeaderOperations + nil, // 27: istio.networking.v1alpha3.Headers.HeaderOperations.SetEntry + nil, // 28: istio.networking.v1alpha3.Headers.HeaderOperations.AddEntry + nil, // 29: istio.networking.v1alpha3.HTTPMatchRequest.HeadersEntry + nil, // 30: istio.networking.v1alpha3.HTTPMatchRequest.SourceLabelsEntry + nil, // 31: istio.networking.v1alpha3.HTTPMatchRequest.QueryParamsEntry + nil, // 32: istio.networking.v1alpha3.HTTPMatchRequest.WithoutHeadersEntry + nil, // 33: istio.networking.v1alpha3.L4MatchAttributes.SourceLabelsEntry + nil, // 34: istio.networking.v1alpha3.TLSMatchAttributes.SourceLabelsEntry + (*HTTPFaultInjection_Delay)(nil), // 35: istio.networking.v1alpha3.HTTPFaultInjection.Delay + (*HTTPFaultInjection_Abort)(nil), // 36: istio.networking.v1alpha3.HTTPFaultInjection.Abort + (*duration.Duration)(nil), // 37: google.protobuf.Duration + (*wrappers.UInt32Value)(nil), // 38: google.protobuf.UInt32Value + (*wrappers.BoolValue)(nil), // 39: google.protobuf.BoolValue +} +var file_networking_v1alpha3_virtual_service_proto_depIdxs = []int32{ + 4, // 0: istio.networking.v1alpha3.VirtualService.http:type_name -> istio.networking.v1alpha3.HTTPRoute + 7, // 1: istio.networking.v1alpha3.VirtualService.tls:type_name -> istio.networking.v1alpha3.TLSRoute + 8, // 2: istio.networking.v1alpha3.VirtualService.tcp:type_name -> istio.networking.v1alpha3.TCPRoute + 24, // 3: istio.networking.v1alpha3.Destination.port:type_name -> istio.networking.v1alpha3.PortSelector + 9, // 4: istio.networking.v1alpha3.HTTPRoute.match:type_name -> istio.networking.v1alpha3.HTTPMatchRequest + 10, // 5: istio.networking.v1alpha3.HTTPRoute.route:type_name -> istio.networking.v1alpha3.HTTPRouteDestination + 14, // 6: istio.networking.v1alpha3.HTTPRoute.redirect:type_name -> istio.networking.v1alpha3.HTTPRedirect + 15, // 7: istio.networking.v1alpha3.HTTPRoute.direct_response:type_name -> istio.networking.v1alpha3.HTTPDirectResponse + 5, // 8: istio.networking.v1alpha3.HTTPRoute.delegate:type_name -> istio.networking.v1alpha3.Delegate + 17, // 9: istio.networking.v1alpha3.HTTPRoute.rewrite:type_name -> istio.networking.v1alpha3.HTTPRewrite + 37, // 10: istio.networking.v1alpha3.HTTPRoute.timeout:type_name -> google.protobuf.Duration + 20, // 11: istio.networking.v1alpha3.HTTPRoute.retries:type_name -> istio.networking.v1alpha3.HTTPRetry + 22, // 12: istio.networking.v1alpha3.HTTPRoute.fault:type_name -> istio.networking.v1alpha3.HTTPFaultInjection + 3, // 13: istio.networking.v1alpha3.HTTPRoute.mirror:type_name -> istio.networking.v1alpha3.Destination + 23, // 14: istio.networking.v1alpha3.HTTPRoute.mirrors:type_name -> istio.networking.v1alpha3.HTTPMirrorPolicy + 38, // 15: istio.networking.v1alpha3.HTTPRoute.mirror_percent:type_name -> google.protobuf.UInt32Value + 25, // 16: istio.networking.v1alpha3.HTTPRoute.mirror_percentage:type_name -> istio.networking.v1alpha3.Percent + 21, // 17: istio.networking.v1alpha3.HTTPRoute.cors_policy:type_name -> istio.networking.v1alpha3.CorsPolicy + 6, // 18: istio.networking.v1alpha3.HTTPRoute.headers:type_name -> istio.networking.v1alpha3.Headers + 26, // 19: istio.networking.v1alpha3.Headers.request:type_name -> istio.networking.v1alpha3.Headers.HeaderOperations + 26, // 20: istio.networking.v1alpha3.Headers.response:type_name -> istio.networking.v1alpha3.Headers.HeaderOperations + 13, // 21: istio.networking.v1alpha3.TLSRoute.match:type_name -> istio.networking.v1alpha3.TLSMatchAttributes + 11, // 22: istio.networking.v1alpha3.TLSRoute.route:type_name -> istio.networking.v1alpha3.RouteDestination + 12, // 23: istio.networking.v1alpha3.TCPRoute.match:type_name -> istio.networking.v1alpha3.L4MatchAttributes + 11, // 24: istio.networking.v1alpha3.TCPRoute.route:type_name -> istio.networking.v1alpha3.RouteDestination + 19, // 25: istio.networking.v1alpha3.HTTPMatchRequest.uri:type_name -> istio.networking.v1alpha3.StringMatch + 19, // 26: istio.networking.v1alpha3.HTTPMatchRequest.scheme:type_name -> istio.networking.v1alpha3.StringMatch + 19, // 27: istio.networking.v1alpha3.HTTPMatchRequest.method:type_name -> istio.networking.v1alpha3.StringMatch + 19, // 28: istio.networking.v1alpha3.HTTPMatchRequest.authority:type_name -> istio.networking.v1alpha3.StringMatch + 29, // 29: istio.networking.v1alpha3.HTTPMatchRequest.headers:type_name -> istio.networking.v1alpha3.HTTPMatchRequest.HeadersEntry + 30, // 30: istio.networking.v1alpha3.HTTPMatchRequest.source_labels:type_name -> istio.networking.v1alpha3.HTTPMatchRequest.SourceLabelsEntry + 31, // 31: istio.networking.v1alpha3.HTTPMatchRequest.query_params:type_name -> istio.networking.v1alpha3.HTTPMatchRequest.QueryParamsEntry + 32, // 32: istio.networking.v1alpha3.HTTPMatchRequest.without_headers:type_name -> istio.networking.v1alpha3.HTTPMatchRequest.WithoutHeadersEntry + 3, // 33: istio.networking.v1alpha3.HTTPRouteDestination.destination:type_name -> istio.networking.v1alpha3.Destination + 6, // 34: istio.networking.v1alpha3.HTTPRouteDestination.headers:type_name -> istio.networking.v1alpha3.Headers + 3, // 35: istio.networking.v1alpha3.RouteDestination.destination:type_name -> istio.networking.v1alpha3.Destination + 33, // 36: istio.networking.v1alpha3.L4MatchAttributes.source_labels:type_name -> istio.networking.v1alpha3.L4MatchAttributes.SourceLabelsEntry + 34, // 37: istio.networking.v1alpha3.TLSMatchAttributes.source_labels:type_name -> istio.networking.v1alpha3.TLSMatchAttributes.SourceLabelsEntry + 0, // 38: istio.networking.v1alpha3.HTTPRedirect.derive_port:type_name -> istio.networking.v1alpha3.HTTPRedirect.RedirectPortSelection + 16, // 39: istio.networking.v1alpha3.HTTPDirectResponse.body:type_name -> istio.networking.v1alpha3.HTTPBody + 18, // 40: istio.networking.v1alpha3.HTTPRewrite.uri_regex_rewrite:type_name -> istio.networking.v1alpha3.RegexRewrite + 37, // 41: istio.networking.v1alpha3.HTTPRetry.per_try_timeout:type_name -> google.protobuf.Duration + 39, // 42: istio.networking.v1alpha3.HTTPRetry.retry_remote_localities:type_name -> google.protobuf.BoolValue + 19, // 43: istio.networking.v1alpha3.CorsPolicy.allow_origins:type_name -> istio.networking.v1alpha3.StringMatch + 37, // 44: istio.networking.v1alpha3.CorsPolicy.max_age:type_name -> google.protobuf.Duration + 39, // 45: istio.networking.v1alpha3.CorsPolicy.allow_credentials:type_name -> google.protobuf.BoolValue + 1, // 46: istio.networking.v1alpha3.CorsPolicy.unmatched_preflights:type_name -> istio.networking.v1alpha3.CorsPolicy.UnmatchedPreflights + 35, // 47: istio.networking.v1alpha3.HTTPFaultInjection.delay:type_name -> istio.networking.v1alpha3.HTTPFaultInjection.Delay + 36, // 48: istio.networking.v1alpha3.HTTPFaultInjection.abort:type_name -> istio.networking.v1alpha3.HTTPFaultInjection.Abort + 3, // 49: istio.networking.v1alpha3.HTTPMirrorPolicy.destination:type_name -> istio.networking.v1alpha3.Destination + 25, // 50: istio.networking.v1alpha3.HTTPMirrorPolicy.percentage:type_name -> istio.networking.v1alpha3.Percent + 27, // 51: istio.networking.v1alpha3.Headers.HeaderOperations.set:type_name -> istio.networking.v1alpha3.Headers.HeaderOperations.SetEntry + 28, // 52: istio.networking.v1alpha3.Headers.HeaderOperations.add:type_name -> istio.networking.v1alpha3.Headers.HeaderOperations.AddEntry + 19, // 53: istio.networking.v1alpha3.HTTPMatchRequest.HeadersEntry.value:type_name -> istio.networking.v1alpha3.StringMatch + 19, // 54: istio.networking.v1alpha3.HTTPMatchRequest.QueryParamsEntry.value:type_name -> istio.networking.v1alpha3.StringMatch + 19, // 55: istio.networking.v1alpha3.HTTPMatchRequest.WithoutHeadersEntry.value:type_name -> istio.networking.v1alpha3.StringMatch + 37, // 56: istio.networking.v1alpha3.HTTPFaultInjection.Delay.fixed_delay:type_name -> google.protobuf.Duration + 37, // 57: istio.networking.v1alpha3.HTTPFaultInjection.Delay.exponential_delay:type_name -> google.protobuf.Duration + 25, // 58: istio.networking.v1alpha3.HTTPFaultInjection.Delay.percentage:type_name -> istio.networking.v1alpha3.Percent + 25, // 59: istio.networking.v1alpha3.HTTPFaultInjection.Abort.percentage:type_name -> istio.networking.v1alpha3.Percent + 60, // [60:60] is the sub-list for method output_type + 60, // [60:60] is the sub-list for method input_type + 60, // [60:60] is the sub-list for extension type_name + 60, // [60:60] is the sub-list for extension extendee + 0, // [0:60] is the sub-list for field type_name +} + +func init() { file_networking_v1alpha3_virtual_service_proto_init() } +func file_networking_v1alpha3_virtual_service_proto_init() { + if File_networking_v1alpha3_virtual_service_proto != nil { return } - if !protoimpl.UnsafeEnabled { - file_networking_v1beta1_virtual_service_proto_msgTypes[0].Exporter = func(v interface{}, i int) interface{} { - switch v := v.(*VirtualService); i { - case 0: - return &v.state - case 1: - return &v.sizeCache - case 2: - return &v.unknownFields - default: - return nil - } - } - file_networking_v1beta1_virtual_service_proto_msgTypes[1].Exporter = func(v interface{}, i int) interface{} { - switch v := v.(*Destination); i { - case 0: - return &v.state - case 1: - return &v.sizeCache - case 2: - return &v.unknownFields - default: - return nil - } - } - file_networking_v1beta1_virtual_service_proto_msgTypes[2].Exporter = func(v interface{}, i int) interface{} { - switch v := v.(*HTTPRoute); i { - case 0: - return &v.state - case 1: - return &v.sizeCache - case 2: - return &v.unknownFields - default: - return nil - } - } - file_networking_v1beta1_virtual_service_proto_msgTypes[3].Exporter = func(v interface{}, i int) interface{} { - switch v := v.(*Delegate); i { - case 0: - return &v.state - case 1: - return &v.sizeCache - case 2: - return &v.unknownFields - default: - return nil - } - } - file_networking_v1beta1_virtual_service_proto_msgTypes[4].Exporter = func(v interface{}, i int) interface{} { - switch v := v.(*Headers); i { - case 0: - return &v.state - case 1: - return &v.sizeCache - case 2: - return &v.unknownFields - default: - return nil - } - } - file_networking_v1beta1_virtual_service_proto_msgTypes[5].Exporter = func(v interface{}, i int) interface{} { - switch v := v.(*TLSRoute); i { - case 0: - return &v.state - case 1: - return &v.sizeCache - case 2: - return &v.unknownFields - default: - return nil - } - } - file_networking_v1beta1_virtual_service_proto_msgTypes[6].Exporter = func(v interface{}, i int) interface{} { - switch v := v.(*TCPRoute); i { - case 0: - return &v.state - case 1: - return &v.sizeCache - case 2: - return &v.unknownFields - default: - return nil - } - } - file_networking_v1beta1_virtual_service_proto_msgTypes[7].Exporter = func(v interface{}, i int) interface{} { - switch v := v.(*HTTPMatchRequest); i { - case 0: - return &v.state - case 1: - return &v.sizeCache - case 2: - return &v.unknownFields - default: - return nil - } - } - file_networking_v1beta1_virtual_service_proto_msgTypes[8].Exporter = func(v interface{}, i int) interface{} { - switch v := v.(*HTTPRouteDestination); i { - case 0: - return &v.state - case 1: - return &v.sizeCache - case 2: - return &v.unknownFields - default: - return nil - } - } - file_networking_v1beta1_virtual_service_proto_msgTypes[9].Exporter = func(v interface{}, i int) interface{} { - switch v := v.(*RouteDestination); i { - case 0: - return &v.state - case 1: - return &v.sizeCache - case 2: - return &v.unknownFields - default: - return nil - } - } - file_networking_v1beta1_virtual_service_proto_msgTypes[10].Exporter = func(v interface{}, i int) interface{} { - switch v := v.(*L4MatchAttributes); i { - case 0: - return &v.state - case 1: - return &v.sizeCache - case 2: - return &v.unknownFields - default: - return nil - } - } - file_networking_v1beta1_virtual_service_proto_msgTypes[11].Exporter = func(v interface{}, i int) interface{} { - switch v := v.(*TLSMatchAttributes); i { - case 0: - return &v.state - case 1: - return &v.sizeCache - case 2: - return &v.unknownFields - default: - return nil - } - } - file_networking_v1beta1_virtual_service_proto_msgTypes[12].Exporter = func(v interface{}, i int) interface{} { - switch v := v.(*HTTPRedirect); i { - case 0: - return &v.state - case 1: - return &v.sizeCache - case 2: - return &v.unknownFields - default: - return nil - } - } - file_networking_v1beta1_virtual_service_proto_msgTypes[13].Exporter = func(v interface{}, i int) interface{} { - switch v := v.(*HTTPDirectResponse); i { - case 0: - return &v.state - case 1: - return &v.sizeCache - case 2: - return &v.unknownFields - default: - return nil - } - } - file_networking_v1beta1_virtual_service_proto_msgTypes[14].Exporter = func(v interface{}, i int) interface{} { - switch v := v.(*HTTPBody); i { - case 0: - return &v.state - case 1: - return &v.sizeCache - case 2: - return &v.unknownFields - default: - return nil - } - } - file_networking_v1beta1_virtual_service_proto_msgTypes[15].Exporter = func(v interface{}, i int) interface{} { - switch v := v.(*HTTPRewrite); i { - case 0: - return &v.state - case 1: - return &v.sizeCache - case 2: - return &v.unknownFields - default: - return nil - } - } - file_networking_v1beta1_virtual_service_proto_msgTypes[16].Exporter = func(v interface{}, i int) interface{} { - switch v := v.(*StringMatch); i { - case 0: - return &v.state - case 1: - return &v.sizeCache - case 2: - return &v.unknownFields - default: - return nil - } - } - file_networking_v1beta1_virtual_service_proto_msgTypes[17].Exporter = func(v interface{}, i int) interface{} { - switch v := v.(*HTTPRetry); i { - case 0: - return &v.state - case 1: - return &v.sizeCache - case 2: - return &v.unknownFields - default: - return nil - } - } - file_networking_v1beta1_virtual_service_proto_msgTypes[18].Exporter = func(v interface{}, i int) interface{} { - switch v := v.(*CorsPolicy); i { - case 0: - return &v.state - case 1: - return &v.sizeCache - case 2: - return &v.unknownFields - default: - return nil - } - } - file_networking_v1beta1_virtual_service_proto_msgTypes[19].Exporter = func(v interface{}, i int) interface{} { - switch v := v.(*HTTPFaultInjection); i { - case 0: - return &v.state - case 1: - return &v.sizeCache - case 2: - return &v.unknownFields - default: - return nil - } - } - file_networking_v1beta1_virtual_service_proto_msgTypes[20].Exporter = func(v interface{}, i int) interface{} { - switch v := v.(*PortSelector); i { - case 0: - return &v.state - case 1: - return &v.sizeCache - case 2: - return &v.unknownFields - default: - return nil - } - } - file_networking_v1beta1_virtual_service_proto_msgTypes[21].Exporter = func(v interface{}, i int) interface{} { - switch v := v.(*Percent); i { - case 0: - return &v.state - case 1: - return &v.sizeCache - case 2: - return &v.unknownFields - default: - return nil - } - } - file_networking_v1beta1_virtual_service_proto_msgTypes[22].Exporter = func(v interface{}, i int) interface{} { - switch v := v.(*Headers_HeaderOperations); i { - case 0: - return &v.state - case 1: - return &v.sizeCache - case 2: - return &v.unknownFields - default: - return nil - } - } - file_networking_v1beta1_virtual_service_proto_msgTypes[31].Exporter = func(v interface{}, i int) interface{} { - switch v := v.(*HTTPFaultInjection_Delay); i { - case 0: - return &v.state - case 1: - return &v.sizeCache - case 2: - return &v.unknownFields - default: - return nil - } - } - file_networking_v1beta1_virtual_service_proto_msgTypes[32].Exporter = func(v interface{}, i int) interface{} { - switch v := v.(*HTTPFaultInjection_Abort); i { - case 0: - return &v.state - case 1: - return &v.sizeCache - case 2: - return &v.unknownFields - default: - return nil - } - } - } - file_networking_v1beta1_virtual_service_proto_msgTypes[12].OneofWrappers = []interface{}{ + file_networking_v1alpha3_virtual_service_proto_msgTypes[12].OneofWrappers = []any{ (*HTTPRedirect_Port)(nil), (*HTTPRedirect_DerivePort)(nil), } - file_networking_v1beta1_virtual_service_proto_msgTypes[14].OneofWrappers = []interface{}{ + file_networking_v1alpha3_virtual_service_proto_msgTypes[14].OneofWrappers = []any{ (*HTTPBody_String_)(nil), (*HTTPBody_Bytes)(nil), } - file_networking_v1beta1_virtual_service_proto_msgTypes[16].OneofWrappers = []interface{}{ + file_networking_v1alpha3_virtual_service_proto_msgTypes[17].OneofWrappers = []any{ (*StringMatch_Exact)(nil), (*StringMatch_Prefix)(nil), (*StringMatch_Regex)(nil), } - file_networking_v1beta1_virtual_service_proto_msgTypes[31].OneofWrappers = []interface{}{ + file_networking_v1alpha3_virtual_service_proto_msgTypes[33].OneofWrappers = []any{ (*HTTPFaultInjection_Delay_FixedDelay)(nil), (*HTTPFaultInjection_Delay_ExponentialDelay)(nil), } - file_networking_v1beta1_virtual_service_proto_msgTypes[32].OneofWrappers = []interface{}{ + file_networking_v1alpha3_virtual_service_proto_msgTypes[34].OneofWrappers = []any{ (*HTTPFaultInjection_Abort_HttpStatus)(nil), (*HTTPFaultInjection_Abort_GrpcStatus)(nil), (*HTTPFaultInjection_Abort_Http2Error)(nil), @@ -4852,19 +4105,19 @@ func file_networking_v1beta1_virtual_service_proto_init() { out := protoimpl.TypeBuilder{ File: protoimpl.DescBuilder{ GoPackagePath: reflect.TypeOf(x{}).PkgPath(), - RawDescriptor: file_networking_v1beta1_virtual_service_proto_rawDesc, - NumEnums: 1, - NumMessages: 33, + RawDescriptor: file_networking_v1alpha3_virtual_service_proto_rawDesc, + NumEnums: 2, + NumMessages: 35, NumExtensions: 0, NumServices: 0, }, - GoTypes: file_networking_v1beta1_virtual_service_proto_goTypes, - DependencyIndexes: file_networking_v1beta1_virtual_service_proto_depIdxs, - EnumInfos: file_networking_v1beta1_virtual_service_proto_enumTypes, - MessageInfos: file_networking_v1beta1_virtual_service_proto_msgTypes, + GoTypes: file_networking_v1alpha3_virtual_service_proto_goTypes, + DependencyIndexes: file_networking_v1alpha3_virtual_service_proto_depIdxs, + EnumInfos: file_networking_v1alpha3_virtual_service_proto_enumTypes, + MessageInfos: file_networking_v1alpha3_virtual_service_proto_msgTypes, }.Build() - File_networking_v1beta1_virtual_service_proto = out.File - file_networking_v1beta1_virtual_service_proto_rawDesc = nil - file_networking_v1beta1_virtual_service_proto_goTypes = nil - file_networking_v1beta1_virtual_service_proto_depIdxs = nil + File_networking_v1alpha3_virtual_service_proto = out.File + file_networking_v1alpha3_virtual_service_proto_rawDesc = nil + file_networking_v1alpha3_virtual_service_proto_goTypes = nil + file_networking_v1alpha3_virtual_service_proto_depIdxs = nil } diff --git a/vendor/istio.io/api/networking/v1alpha3/virtual_service.pb.html b/vendor/istio.io/api/networking/v1alpha3/virtual_service.pb.html new file mode 100644 index 000000000..c2c7dedec --- /dev/null +++ b/vendor/istio.io/api/networking/v1alpha3/virtual_service.pb.html @@ -0,0 +1,2414 @@ +--- +title: Virtual Service +description: Configuration affecting label/content routing, sni routing, etc. +location: https://istio.io/docs/reference/config/networking/virtual-service.html +layout: protoc-gen-docs +generator: protoc-gen-docs +schema: istio.networking.v1alpha3.VirtualService +aliases: [/docs/reference/config/networking/v1alpha3/virtual-service] +number_of_entries: 30 +--- +

Configuration affecting traffic routing. Here are a few terms useful to define +in the context of traffic routing.

+

Service a unit of application behavior bound to a unique name in a +service registry. Services consist of multiple network endpoints +implemented by workload instances running on pods, containers, VMs etc.

+

Service versions (a.k.a. subsets) - In a continuous deployment +scenario, for a given service, there can be distinct subsets of +instances running different variants of the application binary. These +variants are not necessarily different API versions. They could be +iterative changes to the same service, deployed in different +environments (prod, staging, dev, etc.). Common scenarios where this +occurs include A/B testing, canary rollouts, etc. The choice of a +particular version can be decided based on various criterion (headers, +url, etc.) and/or by weights assigned to each version. Each service has +a default version consisting of all its instances.

+

Source - A downstream client calling a service.

+

Host - The address used by a client when attempting to connect to a +service.

+

Access model - Applications address only the destination service +(Host) without knowledge of individual service versions (subsets). The +actual choice of the version is determined by the proxy/sidecar, enabling the +application code to decouple itself from the evolution of dependent +services.

+

A VirtualService defines a set of traffic routing rules to apply when a host is +addressed. Each routing rule defines matching criteria for traffic of a specific +protocol. If the traffic is matched, then it is sent to a named destination service +(or subset/version of it) defined in the registry.

+

The source of traffic can also be matched in a routing rule. This allows routing +to be customized for specific client contexts.

+

The following example on Kubernetes, routes all HTTP traffic by default to +pods of the reviews service with label “version: v1”. In addition, +HTTP requests with path starting with /wpcatalog/ or /consumercatalog/ will +be rewritten to /newcatalog and sent to pods with label “version: v2”.

+
apiVersion: networking.istio.io/v1
+kind: VirtualService
+metadata:
+  name: reviews-route
+spec:
+  hosts:
+  - reviews.prod.svc.cluster.local
+  http:
+  - name: "reviews-v2-routes"
+    match:
+    - uri:
+        prefix: "/wpcatalog"
+    - uri:
+        prefix: "/consumercatalog"
+    rewrite:
+      uri: "/newcatalog"
+    route:
+    - destination:
+        host: reviews.prod.svc.cluster.local
+        subset: v2
+  - name: "reviews-v1-route"
+    route:
+    - destination:
+        host: reviews.prod.svc.cluster.local
+        subset: v1
+
+

A subset/version of a route destination is identified with a reference +to a named service subset which must be declared in a corresponding +DestinationRule.

+
apiVersion: networking.istio.io/v1
+kind: DestinationRule
+metadata:
+  name: reviews-destination
+spec:
+  host: reviews.prod.svc.cluster.local
+  subsets:
+  - name: v1
+    labels:
+      version: v1
+  - name: v2
+    labels:
+      version: v2
+
+ +

VirtualService

+
+

Configuration affecting traffic routing.

+ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
FieldDescription
hosts
+
string[]
+
 +

The destination hosts to which traffic is being sent. Could +be a DNS name with wildcard prefix or an IP address. Depending on the +platform, short-names can also be used instead of a FQDN (i.e. has no +dots in the name). In such a scenario, the FQDN of the host would be +derived based on the underlying platform.

+

A single VirtualService can be used to describe all the traffic +properties of the corresponding hosts, including those for multiple +HTTP and TCP ports. Alternatively, the traffic properties of a host +can be defined using more than one VirtualService, with certain +caveats. Refer to the +Operations Guide +for details.

+

Note for Kubernetes users: When short names are used (e.g. “reviews” +instead of “reviews.default.svc.cluster.local”), Istio will interpret +the short name based on the namespace of the rule, not the service. A +rule in the “default” namespace containing a host “reviews” will be +interpreted as “reviews.default.svc.cluster.local”, irrespective of +the actual namespace associated with the reviews service. To avoid +potential misconfigurations, it is recommended to always use fully +qualified domain names over short names.

+

The hosts field applies to both HTTP and TCP services. Service inside +the mesh, i.e., those found in the service registry, must always be +referred to using their alphanumeric names. IP addresses are allowed +only for services defined via the Gateway.

+

Note: It must be empty for a delegate VirtualService.

+ +
gateways
+
string[]
+
 +

The names of gateways and sidecars that should apply these routes. +Gateways in other namespaces may be referred to by +<gateway namespace>/<gateway name>; specifying a gateway with no +namespace qualifier is the same as specifying the VirtualService’s +namespace. A single VirtualService is used for sidecars inside the mesh as +well as for one or more gateways. The selection condition imposed by this +field can be overridden using the source field in the match conditions +of protocol-specific routes. The reserved word mesh is used to imply +all the sidecars in the mesh. When this field is omitted, the default +gateway (mesh) will be used, which would apply the rule to all +sidecars in the mesh. If a list of gateway names is provided, the +rules will apply only to the gateways. To apply the rules to both +gateways and sidecars, specify mesh as one of the gateway names.

+ +
http
+
HTTPRoute[]
+
 +

An ordered list of route rules for HTTP traffic. HTTP routes will be +applied to platform service ports using HTTP/HTTP2/GRPC protocols, gateway +ports with protocol HTTP/HTTP2/GRPC/TLS-terminated-HTTPS and service +entry ports using HTTP/HTTP2/GRPC protocols. The first rule matching +an incoming request is used.

+ +
tls
+
TLSRoute[]
+
 +

An ordered list of route rule for non-terminated TLS & HTTPS +traffic. Routing is typically performed using the SNI value presented +by the ClientHello message. TLS routes will be applied to platform +service ports named ‘https-’, ’tls-’, unterminated gateway ports using +HTTPS/TLS protocols (i.e. with “passthrough” TLS mode) and service +entry ports using HTTPS/TLS protocols. The first rule matching an +incoming request is used. NOTE: Traffic ‘https-’ or ’tls-’ ports +without associated virtual service will be treated as opaque TCP +traffic.

+ +
tcp
+
TCPRoute[]
+
 +

An ordered list of route rules for opaque TCP traffic. TCP routes will +be applied to any port that is not a HTTP or TLS port. The first rule +matching an incoming request is used.

+ +
exportTo
+
string[]
+
 +

A list of namespaces to which this virtual service is exported. Exporting a +virtual service allows it to be used by sidecars and gateways defined in +other namespaces. This feature provides a mechanism for service owners +and mesh administrators to control the visibility of virtual services +across namespace boundaries.

+

If no namespaces are specified then the virtual service is exported to all +namespaces by default.

+

The value “.” is reserved and defines an export to the same namespace that +the virtual service is declared in. Similarly the value “*” is reserved and +defines an export to all namespaces.

+ +
+
+

Destination

+
+

Destination indicates the network addressable service to which the +request/connection will be sent after processing a routing rule. The +destination.host should unambiguously refer to a service in the service +registry. Istio’s service registry is composed of all the services found +in the platform’s service registry (e.g., Kubernetes services, Consul +services), as well as services declared through the +ServiceEntry resource.

+

Note for Kubernetes users: When short names are used (e.g. “reviews” +instead of “reviews.default.svc.cluster.local”), Istio will interpret +the short name based on the namespace of the rule, not the service. A +rule in the “default” namespace containing a host “reviews” will be +interpreted as “reviews.default.svc.cluster.local”, irrespective of the +actual namespace associated with the reviews service. To avoid potential +misconfigurations, it is recommended to always use fully qualified +domain names over short names.

+

The following Kubernetes example routes all traffic by default to pods +of the reviews service with label “version: v1” (i.e., subset v1), and +some to subset v2, in a Kubernetes environment.

+
apiVersion: networking.istio.io/v1
+kind: VirtualService
+metadata:
+  name: reviews-route
+  namespace: foo
+spec:
+  hosts:
+  - reviews # interpreted as reviews.foo.svc.cluster.local
+  http:
+  - match:
+    - uri:
+        prefix: "/wpcatalog"
+    - uri:
+        prefix: "/consumercatalog"
+    rewrite:
+      uri: "/newcatalog"
+    route:
+    - destination:
+        host: reviews # interpreted as reviews.foo.svc.cluster.local
+        subset: v2
+  - route:
+    - destination:
+        host: reviews # interpreted as reviews.foo.svc.cluster.local
+        subset: v1
+
+

And the associated DestinationRule

+
apiVersion: networking.istio.io/v1
+kind: DestinationRule
+metadata:
+  name: reviews-destination
+  namespace: foo
+spec:
+  host: reviews # interpreted as reviews.foo.svc.cluster.local
+  subsets:
+  - name: v1
+    labels:
+      version: v1
+  - name: v2
+    labels:
+      version: v2
+
+

The following VirtualService sets a timeout of 5s for all calls to +productpage.prod.svc.cluster.local service in Kubernetes. Notice that +there are no subsets defined in this rule. Istio will fetch all +instances of productpage.prod.svc.cluster.local service from the service +registry and populate the sidecar’s load balancing pool. Also, notice +that this rule is set in the istio-system namespace but uses the fully +qualified domain name of the productpage service, +productpage.prod.svc.cluster.local. Therefore the rule’s namespace does +not have an impact in resolving the name of the productpage service.

+
apiVersion: networking.istio.io/v1
+kind: VirtualService
+metadata:
+  name: my-productpage-rule
+  namespace: istio-system
+spec:
+  hosts:
+  - productpage.prod.svc.cluster.local # ignores rule namespace
+  http:
+  - timeout: 5s
+    route:
+    - destination:
+        host: productpage.prod.svc.cluster.local
+
+

To control routing for traffic bound to services outside the mesh, external +services must first be added to Istio’s internal service registry using the +ServiceEntry resource. VirtualServices can then be defined to control traffic +bound to these external services. For example, the following rules define a +Service for wikipedia.org and set a timeout of 5s for HTTP requests.

+
apiVersion: networking.istio.io/v1
+kind: ServiceEntry
+metadata:
+  name: external-svc-wikipedia
+spec:
+  hosts:
+  - wikipedia.org
+  location: MESH_EXTERNAL
+  ports:
+  - number: 80
+    name: example-http
+    protocol: HTTP
+  resolution: DNS
+---
+apiVersion: networking.istio.io/v1
+kind: VirtualService
+metadata:
+  name: my-wiki-rule
+spec:
+  hosts:
+  - wikipedia.org
+  http:
+  - timeout: 5s
+    route:
+    - destination:
+        host: wikipedia.org
+
+ + + + + + + + + + + + + + + + + + + + + + +
FieldDescription
host
+
string
+
Required
+
 +

The name of a service from the service registry. Service +names are looked up from the platform’s service registry (e.g., +Kubernetes services, Consul services, etc.) and from the hosts +declared by ServiceEntry. Traffic forwarded to +destinations that are not found in either of the two, will be dropped.

+

Note for Kubernetes users: When short names are used (e.g. “reviews” +instead of “reviews.default.svc.cluster.local”), Istio will interpret +the short name based on the namespace of the rule, not the service. A +rule in the “default” namespace containing a host “reviews” will be +interpreted as “reviews.default.svc.cluster.local”, irrespective of +the actual namespace associated with the reviews service. To avoid +potential misconfiguration, it is recommended to always use fully +qualified domain names over short names.

+ +
subset
+
string
+
 +

The name of a subset within the service. Applicable only to services +within the mesh. The subset must be defined in a corresponding +DestinationRule.

+ +
port
+
PortSelector
+
 +

Specifies the port on the host that is being addressed. If a service +exposes only a single port it is not required to explicitly select the +port.

+ +
+
+

HTTPRoute

+
+

Describes match conditions and actions for routing HTTP/1.1, HTTP2, and +gRPC traffic. See VirtualService for usage examples.

+ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
FieldDescription
name
+
string
+
 +

The name assigned to the route for debugging purposes. The +route’s name will be concatenated with the match’s name and will +be logged in the access logs for requests matching this +route/match.

+ +
match
+
HTTPMatchRequest[]
+
 +

Match conditions to be satisfied for the rule to be +activated. All conditions inside a single match block have AND +semantics, while the list of match blocks have OR semantics. The rule +is matched if any one of the match blocks succeed.

+ +
route
+
HTTPRouteDestination[]
+
 +

A HTTP rule can either return a direct_response, redirect or forward (default) traffic. +The forwarding target can be one of several versions of a service (see +glossary in beginning of document). Weights associated with the +service version determine the proportion of traffic it receives.

+ +
redirect
+
HTTPRedirect
+
 +

A HTTP rule can either return a direct_response, redirect or forward (default) traffic. +If traffic passthrough option is specified in the rule, +route/redirect will be ignored. The redirect primitive can be used to +send a HTTP 301 redirect to a different URI or Authority.

+ +
directResponse
+
HTTPDirectResponse
+
 +

A HTTP rule can either return a direct_response, redirect or forward (default) traffic. +Direct Response is used to specify a fixed response that should +be sent to clients.

+

It can be set only when Route and Redirect are empty.

+ +
delegate
+
Delegate
+
 +

Delegate is used to specify the particular VirtualService which +can be used to define delegate HTTPRoute.

+

It can be set only when Route and Redirect are empty, and the route +rules of the delegate VirtualService will be merged with that in the +current one.

+

NOTE:

+
    +
  1. Only one level delegation is supported.
    2. +
  2. The delegate’s HTTPMatchRequest must be a strict subset of the root’s, +otherwise there is a conflict and the HTTPRoute will not take effect.
    3. +
+ +
rewrite
+
HTTPRewrite
+
 +

Rewrite HTTP URIs and Authority headers. Rewrite cannot be used with +Redirect primitive. Rewrite will be performed before forwarding.

+ +
timeout
+
Duration
+
 +

Timeout for HTTP requests, default is disabled.

+ +
retries
+
HTTPRetry
+
 +

Retry policy for HTTP requests.

+

Note: the default cluster-wide retry policy, if not specified, is:

+
attempts: 2
+retryOn: "connect-failure,refused-stream,unavailable,cancelled,503"
+
+

This can be customized in Mesh Config defaultHttpRetryPolicy.

+ +
fault
+
HTTPFaultInjection
+
 +

Fault injection policy to apply on HTTP traffic at the client side. +Note that timeouts or retries will not be enabled when faults are +enabled on the client side.

+ +
mirror
+
Destination
+
 +

Mirror HTTP traffic to a another destination in addition to forwarding +the requests to the intended destination. Mirrored traffic is on a +best effort basis where the sidecar/gateway will not wait for the +mirrored cluster to respond before returning the response from the +original destination. Statistics will be generated for the mirrored +destination.

+ +
mirrors
+
HTTPMirrorPolicy[]
+
 +

Specifies the destinations to mirror HTTP traffic in addition +to the original destination. Mirrored traffic is on a +best effort basis where the sidecar/gateway will not wait for the +mirrored destinations to respond before returning the response from the +original destination. Statistics will be generated for the mirrored +destination.

+ +
mirrorPercentage
+
Percent
+
 +

Percentage of the traffic to be mirrored by the mirror field. +If this field is absent, all the traffic (100%) will be mirrored. +Max value is 100.

+ +
corsPolicy
+
CorsPolicy
+
 +

Cross-Origin Resource Sharing policy (CORS). Refer to +CORS +for further details about cross origin resource sharing.

+ +
headers
+
Headers
+
 +

Header manipulation rules

+ +
+
+

Delegate

+
+

Describes the delegate VirtualService. +The following routing rules forward the traffic to /productpage by a delegate VirtualService named productpage, +forward the traffic to /reviews by a delegate VirtualService named reviews.

+
apiVersion: networking.istio.io/v1
+kind: VirtualService
+metadata:
+  name: bookinfo
+spec:
+  hosts:
+  - "bookinfo.com"
+  gateways:
+  - mygateway
+  http:
+  - match:
+    - uri:
+        prefix: "/productpage"
+    delegate:
+       name: productpage
+       namespace: nsA
+  - match:
+    - uri:
+        prefix: "/reviews"
+    delegate:
+        name: reviews
+        namespace: nsB
+
+
apiVersion: networking.istio.io/v1
+kind: VirtualService
+metadata:
+  name: productpage
+  namespace: nsA
+spec:
+  http:
+  - match:
+     - uri:
+        prefix: "/productpage/v1/"
+    route:
+    - destination:
+        host: productpage-v1.nsA.svc.cluster.local
+  - route:
+    - destination:
+        host: productpage.nsA.svc.cluster.local
+
+
apiVersion: networking.istio.io/v1
+kind: VirtualService
+metadata:
+  name: reviews
+  namespace: nsB
+spec:
+  http:
+  - route:
+    - destination:
+        host: reviews.nsB.svc.cluster.local
+
+ + + + + + + + + + + + + + + + + + +
FieldDescription
name
+
string
+
 +

Name specifies the name of the delegate VirtualService.

+ +
namespace
+
string
+
 +

Namespace specifies the namespace where the delegate VirtualService resides. +By default, it is same to the root’s.

+ +
+
+

Headers

+
+

Message headers can be manipulated when Envoy forwards requests to, +or responses from, a destination service. Header manipulation rules can +be specified for a specific route destination or for all destinations. +The following VirtualService adds a test header with the value true +to requests that are routed to any reviews service destination. +It also removes the foo response header, but only from responses +coming from the v1 subset (version) of the reviews service.

+
apiVersion: networking.istio.io/v1
+kind: VirtualService
+metadata:
+  name: reviews-route
+spec:
+  hosts:
+  - reviews.prod.svc.cluster.local
+  http:
+  - headers:
+      request:
+        set:
+          test: "true"
+    route:
+    - destination:
+        host: reviews.prod.svc.cluster.local
+        subset: v2
+      weight: 25
+    - destination:
+        host: reviews.prod.svc.cluster.local
+        subset: v1
+      headers:
+        response:
+          remove:
+          - foo
+      weight: 75
+
+ + + + + + + + + + + + + + + + + + +
FieldDescription
request
+
HeaderOperations
+
 +

Header manipulation rules to apply before forwarding a request +to the destination service

+ +
response
+
HeaderOperations
+
 +

Header manipulation rules to apply before returning a response +to the caller

+ +
+
+

HeaderOperations

+
+

HeaderOperations Describes the header manipulations to apply

+ + + + + + + + + + + + + + + + + + + + + + +
FieldDescription
set
+
map<string, string>
+
 +

Overwrite the headers specified by key with the given values

+ +
add
+
map<string, string>
+
 +

Append the given values to the headers specified by keys +(will create a comma-separated list of values)

+ +
remove
+
string[]
+
 +

Remove the specified headers

+ +
+
+

TLSRoute

+
+

Describes match conditions and actions for routing unterminated TLS +traffic (TLS/HTTPS) The following routing rule forwards unterminated TLS +traffic arriving at port 443 of gateway called “mygateway” to internal +services in the mesh based on the SNI value.

+
apiVersion: networking.istio.io/v1
+kind: VirtualService
+metadata:
+  name: bookinfo-sni
+spec:
+  hosts:
+  - "*.bookinfo.com"
+  gateways:
+  - mygateway
+  tls:
+  - match:
+    - port: 443
+      sniHosts:
+      - login.bookinfo.com
+    route:
+    - destination:
+        host: login.prod.svc.cluster.local
+  - match:
+    - port: 443
+      sniHosts:
+      - reviews.bookinfo.com
+    route:
+    - destination:
+        host: reviews.prod.svc.cluster.local
+
+ + + + + + + + + + + + + + + + + + +
FieldDescription
match
+
TLSMatchAttributes[]
+
Required
+
 +

Match conditions to be satisfied for the rule to be +activated. All conditions inside a single match block have AND +semantics, while the list of match blocks have OR semantics. The rule +is matched if any one of the match blocks succeed.

+ +
route
+
RouteDestination[]
+
 +

The destination to which the connection should be forwarded to.

+ +
+
+

TCPRoute

+
+

Describes match conditions and actions for routing TCP traffic. The +following routing rule forwards traffic arriving at port 27017 for +mongo.prod.svc.cluster.local to another Mongo server on port 5555.

+
apiVersion: networking.istio.io/v1
+kind: VirtualService
+metadata:
+  name: bookinfo-mongo
+spec:
+  hosts:
+  - mongo.prod.svc.cluster.local
+  tcp:
+  - match:
+    - port: 27017
+    route:
+    - destination:
+        host: mongo.backup.svc.cluster.local
+        port:
+          number: 5555
+
+ + + + + + + + + + + + + + + + + + +
FieldDescription
match
+
L4MatchAttributes[]
+
 +

Match conditions to be satisfied for the rule to be +activated. All conditions inside a single match block have AND +semantics, while the list of match blocks have OR semantics. The rule +is matched if any one of the match blocks succeed.

+ +
route
+
RouteDestination[]
+
 +

The destination to which the connection should be forwarded to.

+ +
+
+

HTTPMatchRequest

+
+

HttpMatchRequest specifies a set of criteria to be met in order for the +rule to be applied to the HTTP request. For example, the following +restricts the rule to match only requests where the URL path +starts with /ratings/v2/ and the request contains a custom end-user header +with value jason.

+
apiVersion: networking.istio.io/v1
+kind: VirtualService
+metadata:
+  name: ratings-route
+spec:
+  hosts:
+  - ratings.prod.svc.cluster.local
+  http:
+  - match:
+    - headers:
+        end-user:
+          exact: jason
+      uri:
+        prefix: "/ratings/v2/"
+      ignoreUriCase: true
+    route:
+    - destination:
+        host: ratings.prod.svc.cluster.local
+
+

HTTPMatchRequest CANNOT be empty. +Note:

+
    +
  1. If a root VirtualService have matched any property (path, header etc.) by regex, delegate VirtualServices should not have any other matches on the same property.
    2. +
  2. If a delegate VirtualService have matched any property (path, header etc.) by regex, root VirtualServices should not have any other matches on the same property.
    3. +
+ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
FieldDescription
name
+
string
+
 +

The name assigned to a match. The match’s name will be +concatenated with the parent route’s name and will be logged in +the access logs for requests matching this route.

+ +
uri
+
StringMatch
+
 +

URI to match +values are case-sensitive and formatted as follows:

+
    +
  • +

    exact: "value" for exact string match

    +
    • +
  • +

    prefix: "value" for prefix-based match

    +
    • +
  • +

    regex: "value" for RE2 style regex-based match.

    +
    • +
+

Note: Case-insensitive matching could be enabled via the +ignoreUriCase flag.

+ +
scheme
+
StringMatch
+
 +

URI Scheme +values are case-sensitive and formatted as follows:

+
    +
  • +

    exact: "value" for exact string match

    +
    • +
  • +

    prefix: "value" for prefix-based match

    +
    • +
  • +

    regex: "value" for RE2 style regex-based match.

    +
    • +
+ +
method
+
StringMatch
+
 +

HTTP Method +values are case-sensitive and formatted as follows:

+
    +
  • +

    exact: "value" for exact string match

    +
    • +
  • +

    prefix: "value" for prefix-based match

    +
    • +
  • +

    regex: "value" for RE2 style regex-based match.

    +
    • +
+ +
authority
+
StringMatch
+
 +

HTTP Authority +values are case-sensitive and formatted as follows:

+
    +
  • +

    exact: "value" for exact string match

    +
    • +
  • +

    prefix: "value" for prefix-based match

    +
    • +
  • +

    regex: "value" for RE2 style regex-based match.

    +
    • +
+ +
headers
+
map<string, StringMatch>
+
 +

The header keys must be lowercase and use hyphen as the separator, +e.g. x-request-id.

+

Header values are case-sensitive and formatted as follows:

+
    +
  • +

    exact: "value" for exact string match

    +
    • +
  • +

    prefix: "value" for prefix-based match

    +
    • +
  • +

    regex: "value" for RE2 style regex-based match.

    +
    • +
+

If the value is empty and only the name of header is specified, presence of the header is checked. +To provide an empty value, use {}, for example:

+
 - match:
+   - headers:
+       myheader: {}
+
+

Note: The keys uri, scheme, method, and authority will be ignored.

+ +
port
+
uint32
+
 +

Specifies the ports on the host that is being addressed. Many services +only expose a single port or label ports with the protocols they support, +in these cases it is not required to explicitly select the port.

+ +
sourceLabels
+
map<string, string>
+
 +

One or more labels that constrain the applicability of a rule to source (client) workloads +with the given labels. If the VirtualService has a list of gateways specified +in the top-level gateways field, it must include the reserved gateway +mesh for this field to be applicable.

+ +
gateways
+
string[]
+
 +

Names of gateways where the rule should be applied. Gateway names +in the top-level gateways field of the VirtualService (if any) are overridden. The gateway +match is independent of sourceLabels.

+ +
queryParams
+
map<string, StringMatch>
+
 +

Query parameters for matching.

+

Ex:

+
    +
  • +

    For a query parameter like “?key=true”, the map key would be “key” and +the string match could be defined as exact: "true".

    +
    • +
  • +

    For a query parameter like “?key”, the map key would be “key” and the +string match could be defined as exact: "".

    +
    • +
  • +

    For a query parameter like “?key=abc” or “?key=abx”, the map key would be “key” and the +string match could be defined as prefix: "ab".

    +
    • +
  • +

    For a query parameter like “?key=123”, the map key would be “key” and the +string match could be defined as regex: "\d+$". Note that this +configuration will only match values like “123” but not “a123” or “123a”.

    +
    • +
+ +
ignoreUriCase
+
bool
+
 +

Flag to specify whether the URI matching should be case-insensitive.

+

Note: The case will be ignored only in the case of exact and prefix +URI matches.

+ +
withoutHeaders
+
map<string, StringMatch>
+
 +

withoutHeader has the same syntax with the header, but has opposite meaning. +If a header is matched with a matching rule among withoutHeader, the traffic becomes not matched one.

+ +
sourceNamespace
+
string
+
 +

Source namespace constraining the applicability of a rule to workloads in that namespace. +If the VirtualService has a list of gateways specified in the top-level gateways field, +it must include the reserved gateway mesh for this field to be applicable.

+ +
statPrefix
+
string
+
 +

The human readable prefix to use when emitting statistics for this route. +The statistics are generated with prefix route.<stat_prefix>. +This should be set for highly critical routes that one wishes to get “per-route” statistics on. +This prefix is only for proxy-level statistics (envoy_) and not service-level (istio_) statistics. +Refer to https://www.envoyproxy.io/docs/envoy/latest/api-v3/config/route/v3/route_components.proto#envoy-v3-api-field-config-route-v3-route-stat-prefix +for statistics that are generated when this is configured.

+ +
+
+

HTTPRouteDestination

+
+

Each routing rule is associated with one or more service versions (see +glossary in beginning of document). Weights associated with the version +determine the proportion of traffic it receives. For example, the +following rule will route 25% of traffic for the “reviews” service to +instances with the “v2” tag and the remaining traffic (i.e., 75%) to +“v1”.

+
apiVersion: networking.istio.io/v1
+kind: VirtualService
+metadata:
+  name: reviews-route
+spec:
+  hosts:
+  - reviews.prod.svc.cluster.local
+  http:
+  - route:
+    - destination:
+        host: reviews.prod.svc.cluster.local
+        subset: v2
+      weight: 25
+    - destination:
+        host: reviews.prod.svc.cluster.local
+        subset: v1
+      weight: 75
+
+

And the associated DestinationRule

+
apiVersion: networking.istio.io/v1
+kind: DestinationRule
+metadata:
+  name: reviews-destination
+spec:
+  host: reviews.prod.svc.cluster.local
+  subsets:
+  - name: v1
+    labels:
+      version: v1
+  - name: v2
+    labels:
+      version: v2
+
+

Traffic can also be split across two entirely different services without +having to define new subsets. For example, the following rule forwards 25% of +traffic to reviews.com to dev.reviews.com

+
apiVersion: networking.istio.io/v1
+kind: VirtualService
+metadata:
+  name: reviews-route-two-domains
+spec:
+  hosts:
+  - reviews.com
+  http:
+  - route:
+    - destination:
+        host: dev.reviews.com
+      weight: 25
+    - destination:
+        host: reviews.com
+      weight: 75
+
+ + + + + + + + + + + + + + + + + + + + + + +
FieldDescription
destination
+
Destination
+
Required
+
 +

Destination uniquely identifies the instances of a service +to which the request/connection should be forwarded to.

+ +
weight
+
int32
+
 +

Weight specifies the relative proportion of traffic to be forwarded to the destination. A destination will receive weight/(sum of all weights) requests. +If there is only one destination in a rule, it will receive all traffic. +Otherwise, if weight is 0, the destination will not receive any traffic.

+ +
headers
+
Headers
+
 +

Header manipulation rules

+ +
+
+

RouteDestination

+
+

L4 routing rule weighted destination.

+ + + + + + + + + + + + + + + + + + +
FieldDescription
destination
+
Destination
+
Required
+
 +

Destination uniquely identifies the instances of a service +to which the request/connection should be forwarded to.

+ +
weight
+
int32
+
 +

Weight specifies the relative proportion of traffic to be forwarded to the destination. A destination will receive weight/(sum of all weights) requests. +If there is only one destination in a rule, it will receive all traffic. +Otherwise, if weight is 0, the destination will not receive any traffic.

+ +
+
+

L4MatchAttributes

+
+

L4 connection match attributes. Note that L4 connection matching support +is incomplete.

+ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
FieldDescription
destinationSubnets
+
string[]
+
 +

IPv4 or IPv6 ip addresses of destination with optional subnet. E.g., +a.b.c.d/xx form or just a.b.c.d.

+ +
port
+
uint32
+
 +

Specifies the port on the host that is being addressed. Many services +only expose a single port or label ports with the protocols they support, +in these cases it is not required to explicitly select the port.

+ +
sourceLabels
+
map<string, string>
+
 +

One or more labels that constrain the applicability of a rule to +workloads with the given labels. If the VirtualService has a list of +gateways specified in the top-level gateways field, it should include the reserved gateway +mesh in order for this field to be applicable.

+ +
gateways
+
string[]
+
 +

Names of gateways where the rule should be applied. Gateway names +in the top-level gateways field of the VirtualService (if any) are overridden. The gateway +match is independent of sourceLabels.

+ +
sourceNamespace
+
string
+
 +

Source namespace constraining the applicability of a rule to workloads in that namespace. +If the VirtualService has a list of gateways specified in the top-level gateways field, +it must include the reserved gateway mesh for this field to be applicable.

+ +
+
+

TLSMatchAttributes

+
+

TLS connection match attributes.

+ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
FieldDescription
sniHosts
+
string[]
+
Required
+
 +

SNI (server name indicator) to match on. Wildcard prefixes +can be used in the SNI value, e.g., *.com will match foo.example.com +as well as example.com. An SNI value must be a subset (i.e., fall +within the domain) of the corresponding virtual service’s hosts.

+ +
destinationSubnets
+
string[]
+
 +

IPv4 or IPv6 ip addresses of destination with optional subnet. E.g., +a.b.c.d/xx form or just a.b.c.d.

+ +
port
+
uint32
+
 +

Specifies the port on the host that is being addressed. Many services +only expose a single port or label ports with the protocols they +support, in these cases it is not required to explicitly select the +port.

+ +
sourceLabels
+
map<string, string>
+
 +

One or more labels that constrain the applicability of a rule to +workloads with the given labels. If the VirtualService has a list of +gateways specified in the top-level gateways field, it should include the reserved gateway +mesh in order for this field to be applicable.

+ +
gateways
+
string[]
+
 +

Names of gateways where the rule should be applied. Gateway names +in the top-level gateways field of the VirtualService (if any) are overridden. The gateway +match is independent of sourceLabels.

+ +
sourceNamespace
+
string
+
 +

Source namespace constraining the applicability of a rule to workloads in that namespace. +If the VirtualService has a list of gateways specified in the top-level gateways field, +it must include the reserved gateway mesh for this field to be applicable.

+ +
+
+

HTTPRedirect

+
+

HTTPRedirect can be used to send a 301 redirect response to the caller, +where the Authority/Host and the URI in the response can be swapped with +the specified values. For example, the following rule redirects +requests for /v1/getProductRatings API on the ratings service to +/v1/bookRatings provided by the bookratings service.

+
apiVersion: networking.istio.io/v1
+kind: VirtualService
+metadata:
+  name: ratings-route
+spec:
+  hosts:
+  - ratings.prod.svc.cluster.local
+  http:
+  - match:
+    - uri:
+        exact: /v1/getProductRatings
+    redirect:
+      uri: /v1/bookRatings
+      authority: newratings.default.svc.cluster.local
+  ...
+
+ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
FieldDescription
uri
+
string
+
 +

On a redirect, overwrite the Path portion of the URL with this +value. Note that the entire path will be replaced, irrespective of the +request URI being matched as an exact path or prefix.

+ +
authority
+
string
+
 +

On a redirect, overwrite the Authority/Host portion of the URL with +this value.

+ +
port
+
uint32 (oneof)
+
 +

On a redirect, overwrite the port portion of the URL with this value.

+ +
derivePort
+
RedirectPortSelection (oneof)
+
 +

On a redirect, dynamically set the port:

+
    +
  • FROM_PROTOCOL_DEFAULT: automatically set to 80 for HTTP and 443 for HTTPS.
    • +
  • FROM_REQUEST_PORT: automatically use the port of the request.
    • +
+ +
scheme
+
string
+
 +

On a redirect, overwrite the scheme portion of the URL with this value. +For example, http or https. +If unset, the original scheme will be used. +If derivePort is set to FROM_PROTOCOL_DEFAULT, this will impact the port used as well

+ +
redirectCode
+
uint32
+
 +

On a redirect, Specifies the HTTP status code to use in the redirect +response. The default response code is MOVED_PERMANENTLY (301).

+ +
+
+

RedirectPortSelection

+
+ + + + + + + + + + + + + + + + + +
NameDescription
FROM_PROTOCOL_DEFAULT +
FROM_REQUEST_PORT +
+
+

HTTPDirectResponse

+
+

HTTPDirectResponse can be used to send a fixed response to clients. +For example, the following rule returns a fixed 503 status with a body +to requests for /v1/getProductRatings API.

+
apiVersion: networking.istio.io/v1
+kind: VirtualService
+metadata:
+  name: ratings-route
+spec:
+  hosts:
+  - ratings.prod.svc.cluster.local
+  http:
+  - match:
+    - uri:
+        exact: /v1/getProductRatings
+    directResponse:
+      status: 503
+      body:
+        string: "unknown error"
+  ...
+
+

It is also possible to specify a binary response body. +This is mostly useful for non text-based protocols such as gRPC.

+
apiVersion: networking.istio.io/v1
+kind: VirtualService
+metadata:
+  name: ratings-route
+spec:
+  hosts:
+  - ratings.prod.svc.cluster.local
+  http:
+  - match:
+    - uri:
+        exact: /v1/getProductRatings
+    directResponse:
+      status: 503
+      body:
+        bytes: "dW5rbm93biBlcnJvcg==" # "unknown error" in base64
+  ...
+
+

It is good practice to add headers in the HTTPRoute +as well as the direct_response, for example to specify +the returned Content-Type.

+
apiVersion: networking.istio.io/v1
+kind: VirtualService
+metadata:
+  name: ratings-route
+spec:
+  hosts:
+  - ratings.prod.svc.cluster.local
+  http:
+  - match:
+    - uri:
+        exact: /v1/getProductRatings
+    directResponse:
+      status: 503
+      body:
+        string: "{\"error\": \"unknown error\"}"
+    headers:
+      response:
+        set:
+          content-type: "text/plain"
+  ...
+
+ + + + + + + + + + + + + + + + + + +
FieldDescription
status
+
uint32
+
Required
+
 +

Specifies the HTTP response status to be returned.

+ +
body
+
HTTPBody
+
 +

Specifies the content of the response body. If this setting is omitted, +no body is included in the generated response.

+ +
+
+

HTTPBody

+
+ + + + + + + + + + + + + + + + + +
FieldDescription
string
+
string (oneof)
+
 +

response body as a string

+ +
bytes
+
bytes (oneof)
+
 +

response body as base64 encoded bytes.

+ +
+
+

HTTPRewrite

+
+

HTTPRewrite can be used to rewrite specific parts of a HTTP request +before forwarding the request to the destination. Rewrite primitive can +be used only with HTTPRouteDestination. The following example +demonstrates how to rewrite the URL prefix for api call (/ratings) to +ratings service before making the actual API call.

+
apiVersion: networking.istio.io/v1
+kind: VirtualService
+metadata:
+  name: ratings-route
+spec:
+  hosts:
+  - ratings.prod.svc.cluster.local
+  http:
+  - match:
+    - uri:
+        prefix: /ratings
+    rewrite:
+      uri: /v1/bookRatings
+    route:
+    - destination:
+        host: ratings.prod.svc.cluster.local
+        subset: v1
+
+ + + + + + + + + + + + + + + + + + + + + + +
FieldDescription
uri
+
string
+
 +

rewrite the path (or the prefix) portion of the URI with this +value. If the original URI was matched based on prefix, the value +provided in this field will replace the corresponding matched prefix.

+ +
authority
+
string
+
 +

rewrite the Authority/Host header with this value.

+ +
uriRegexRewrite
+
RegexRewrite
+
 +

rewrite the path portion of the URI with the specified regex.

+ +
+
+

RegexRewrite

+
+ + + + + + + + + + + + + + + + + +
FieldDescription
match
+
string
+
 +

RE2 style regex-based match.

+ +
rewrite
+
string
+
 +

The string that should replace into matching portions of original URI. +Capture groups in the pattern can be referenced in the new URI. +Examples:

+

Example 1: rewrite with capture groups +Path pattern “/service/update/v1/api” with match “^/service/([^/]+)(/.*)$” and +rewrite string of “/customprefix/\2/\1” would transform into “/customprefix/v1/api/update”.

+

Example 2: case insensitive rewrite +Path pattern “/aaa/XxX/bbb” with match “(?i)/xxx/” and a rewrite string of /yyy/ would do a +case-insensitive match and transform the path to “/aaa/yyy/bbb”.

+ +
+
+

StringMatch

+
+

Describes how to match a given string in HTTP headers. exact and prefix matching is +case-sensitive. regex matching supports case-insensitive matches.

+ + + + + + + + + + + + + + + + + + + + + + +
FieldDescription
exact
+
string (oneof)
+
 +

exact string match

+ +
prefix
+
string (oneof)
+
 +

prefix-based match

+ +
regex
+
string (oneof)
+
 +

RE2 style regex-based match.

+

Example: (?i)^aaa$ can be used to case-insensitive match a string consisting of three a’s.

+ +
+
+

HTTPRetry

+
+

Describes the retry policy to use when a HTTP request fails. For +example, the following rule sets the maximum number of retries to 3 when +calling ratings:v1 service, with a 2s timeout per retry attempt. +A retry will be attempted if there is a connect-failure, refused_stream +or when the upstream server responds with Service Unavailable(503).

+
apiVersion: networking.istio.io/v1
+kind: VirtualService
+metadata:
+  name: ratings-route
+spec:
+  hosts:
+  - ratings.prod.svc.cluster.local
+  http:
+  - route:
+    - destination:
+        host: ratings.prod.svc.cluster.local
+        subset: v1
+    retries:
+      attempts: 3
+      perTryTimeout: 2s
+      retryOn: gateway-error,connect-failure,refused-stream
+
+ + + + + + + + + + + + + + + + + + + + + + + + + + +
FieldDescription
attempts
+
int32
+
 +

Number of retries to be allowed for a given request. The interval +between retries will be determined automatically (25ms+). When request +timeout of the HTTP route +or per_try_timeout is configured, the actual number of retries attempted also depends on +the specified request timeout and per_try_timeout values. MUST be >= 0. If 0, retries will be disabled. +The maximum possible number of requests made will be 1 + attempts.

+ +
perTryTimeout
+
Duration
+
 +

Timeout per attempt for a given request, including the initial call and any retries. Format: 1h/1m/1s/1ms. MUST be >=1ms. +Default is same value as request +timeout of the HTTP route, +which means no timeout.

+ +
retryOn
+
string
+
 +

Specifies the conditions under which retry takes place. +One or more policies can be specified using a ‘,’ delimited list. +See the retry policies +and gRPC retry policies for more details.

+

In addition to the policies specified above, a list of HTTP status codes can be passed, such as retryOn: "503,reset". +Note these status codes refer to the actual responses received from the destination. +For example, if a connection is reset, Istio will translate this to 503 for it’s response. +However, the destination did not return a 503 error, so this would not match "503" (it would, however, match "reset").

+

If not specified, this defaults to connect-failure,refused-stream,unavailable,cancelled,503.

+ +
retryRemoteLocalities
+
BoolValue
+
 +

Flag to specify whether the retries should retry to other localities. +See the retry plugin configuration for more details.

+ +
+
+

CorsPolicy

+
+

Describes the Cross-Origin Resource Sharing (CORS) policy, for a given +service. Refer to CORS +for further details about cross origin resource sharing. For example, +the following rule restricts cross origin requests to those originating +from example.com domain using HTTP POST/GET, and sets the +Access-Control-Allow-Credentials header to false. In addition, it only +exposes X-Foo-bar header and sets an expiry period of 1 day.

+
apiVersion: networking.istio.io/v1
+kind: VirtualService
+metadata:
+  name: ratings-route
+spec:
+  hosts:
+  - ratings.prod.svc.cluster.local
+  http:
+  - route:
+    - destination:
+        host: ratings.prod.svc.cluster.local
+        subset: v1
+    corsPolicy:
+      allowOrigins:
+      - exact: https://example.com
+      allowMethods:
+      - POST
+      - GET
+      allowCredentials: false
+      allowHeaders:
+      - X-Foo-Bar
+      maxAge: "24h"
+
+ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
FieldDescription
allowOrigins
+
StringMatch[]
+
 +

String patterns that match allowed origins. +An origin is allowed if any of the string matchers match. +If a match is found, then the outgoing Access-Control-Allow-Origin would be set to the origin as provided by the client.

+ +
allowMethods
+
string[]
+
 +

List of HTTP methods allowed to access the resource. The content will +be serialized into the Access-Control-Allow-Methods header.

+ +
allowHeaders
+
string[]
+
 +

List of HTTP headers that can be used when requesting the +resource. Serialized to Access-Control-Allow-Headers header.

+ +
exposeHeaders
+
string[]
+
 +

A list of HTTP headers that the browsers are allowed to +access. Serialized into Access-Control-Expose-Headers header.

+ +
maxAge
+
Duration
+
 +

Specifies how long the results of a preflight request can be +cached. Translates to the Access-Control-Max-Age header.

+ +
allowCredentials
+
BoolValue
+
 +

Indicates whether the caller is allowed to send the actual request +(not the preflight) using credentials. Translates to +Access-Control-Allow-Credentials header.

+ +
unmatchedPreflights
+
UnmatchedPreflights
+
 +

Indicates whether preflight requests not matching the configured +allowed origin shouldn’t be forwarded to the upstream. +Default is forward to upstream.

+ +
+
+

UnmatchedPreflights

+
+ + + + + + + + + + + + + + + + + + + + + +
NameDescription
UNSPECIFIED +

Default to FORWARD

+ +
FORWARD +

Preflight requests not matching the configured allowed origin +will be forwarded to the upstream.

+ +
IGNORE +

Preflight requests not matching the configured allowed origin +will not be forwarded to the upstream.

+ +
+
+

HTTPFaultInjection

+
+

HTTPFaultInjection can be used to specify one or more faults to inject +while forwarding HTTP requests to the destination specified in a route. +Fault specification is part of a VirtualService rule. Faults include +aborting the Http request from downstream service, and/or delaying +proxying of requests. A fault rule MUST HAVE delay or abort or both.

+

Note: Delay and abort faults are independent of one another, even if +both are specified simultaneously.

+ + + + + + + + + + + + + + + + + + +
FieldDescription
delay
+
Delay
+
 +

Delay requests before forwarding, emulating various failures such as +network issues, overloaded upstream service, etc.

+ +
abort
+
Abort
+
 +

Abort Http request attempts and return error codes back to downstream +service, giving the impression that the upstream service is faulty.

+ +
+
+

Delay

+
+

Delay specification is used to inject latency into the request +forwarding path. The following example will introduce a 5 second delay +in 1 out of every 1000 requests to the “v1” version of the “reviews” +service from all pods with label env: prod

+
apiVersion: networking.istio.io/v1
+kind: VirtualService
+metadata:
+  name: reviews-route
+spec:
+  hosts:
+  - reviews.prod.svc.cluster.local
+  http:
+  - match:
+    - sourceLabels:
+        env: prod
+    route:
+    - destination:
+        host: reviews.prod.svc.cluster.local
+        subset: v1
+    fault:
+      delay:
+        percentage:
+          value: 0.1
+        fixedDelay: 5s
+
+

The fixedDelay field is used to indicate the amount of delay in seconds. +The optional percentage field can be used to only delay a certain +percentage of requests. If left unspecified, no request will be delayed.

+ + + + + + + + + + + + + + + + + + + + + + +
FieldDescription
fixedDelay
+
Duration (oneof)
+
 +

Add a fixed delay before forwarding the request. Format: +1h/1m/1s/1ms. MUST be >=1ms.

+ +
percentage
+
Percent
+
 +

Percentage of requests on which the delay will be injected. +If left unspecified, no request will be delayed.

+ +
percent
+
int32
+
 +

Percentage of requests on which the delay will be injected (0-100). +Use of integer percent value is deprecated. Use the double percentage +field instead.

+ +
+
+

Abort

+
+

Abort specification is used to prematurely abort a request with a +pre-specified error code. The following example will return an HTTP 400 +error code for 1 out of every 1000 requests to the “ratings” service “v1”.

+
apiVersion: networking.istio.io/v1
+kind: VirtualService
+metadata:
+  name: ratings-route
+spec:
+  hosts:
+  - ratings.prod.svc.cluster.local
+  http:
+  - route:
+    - destination:
+        host: ratings.prod.svc.cluster.local
+        subset: v1
+    fault:
+      abort:
+        percentage:
+          value: 0.1
+        httpStatus: 400
+
+

The httpStatus field is used to indicate the HTTP status code to +return to the caller. The optional percentage field can be used to only +abort a certain percentage of requests. If not specified, no request will be +aborted.

+ + + + + + + + + + + + + + + + + + + + + + +
FieldDescription
httpStatus
+
int32 (oneof)
+
 +

HTTP status code to use to abort the Http request.

+ +
grpcStatus
+
string (oneof)
+
 +

GRPC status code to use to abort the request. The supported +codes are documented in https://github.com/grpc/grpc/blob/master/doc/statuscodes.md +Note: If you want to return the status “Unavailable”, then you should +specify the code as UNAVAILABLE(all caps), but not 14.

+ +
percentage
+
Percent
+
 +

Percentage of requests to be aborted with the error code provided. +If not specified, no request will be aborted.

+ +
+
+

HTTPMirrorPolicy

+
+

HTTPMirrorPolicy can be used to specify the destinations to mirror HTTP traffic in addition +to the original destination. Mirrored traffic is on a +best effort basis where the sidecar/gateway will not wait for the +mirrored destinations to respond before returning the response from the +original destination. Statistics will be generated for the mirrored +destination.

+ + + + + + + + + + + + + + + + + + +
FieldDescription
destination
+
Destination
+
Required
+
 +

Destination specifies the target of the mirror operation.

+ +
percentage
+
Percent
+
 +

Percentage of the traffic to be mirrored by the destination field. +If this field is absent, all the traffic (100%) will be mirrored. +Max value is 100.

+ +
+
+

PortSelector

+
+

PortSelector specifies the number of a port to be used for +matching or selection for final routing.

+ + + + + + + + + + + + + + +
FieldDescription
number
+
uint32
+
 +

Valid port number

+ +
+
+

Percent

+
+

Percent specifies a percentage in the range of [0.0, 100.0].

+ + + + + + + + + + + + + + +
FieldDescription
value
+
double
+
 +
+
+

UInt32Value

+
+

Wrapper message for uint32.

+

The JSON representation for UInt32Value is JSON number.

+ + + + + + + + + + + + + + +
FieldDescription
value
+
uint32
+
 +

The uint32 value.

+ +
+
diff --git a/vendor/istio.io/api/networking/v1beta1/virtual_service.proto b/vendor/istio.io/api/networking/v1alpha3/virtual_service.proto similarity index 74% rename from vendor/istio.io/api/networking/v1beta1/virtual_service.proto rename to vendor/istio.io/api/networking/v1alpha3/virtual_service.proto index 782da185a..fc213d2bd 100644 --- a/vendor/istio.io/api/networking/v1beta1/virtual_service.proto +++ b/vendor/istio.io/api/networking/v1alpha3/virtual_service.proto @@ -1,4 +1,4 @@ -// Copyright 2020 Istio Authors +// Copyright 2017-2018 Istio Authors // // Licensed under the Apache License, Version 2.0 (the "License"); // you may not use this file except in compliance with the License. @@ -18,12 +18,11 @@ import "google/api/field_behavior.proto"; import "google/protobuf/duration.proto"; import "google/protobuf/wrappers.proto"; -// $schema: istio.networking.v1beta1.VirtualService +// $schema: istio.networking.v1alpha3.VirtualService // $title: Virtual Service // $description: Configuration affecting label/content routing, sni routing, etc. // $location: https://istio.io/docs/reference/config/networking/virtual-service.html -// $aliases: [/docs/reference/config/networking/v1beta1/virtual-service] -// $mode: none +// $aliases: [/docs/reference/config/networking/v1alpha3/virtual-service] // Configuration affecting traffic routing. Here are a few terms useful to define // in the context of traffic routing. @@ -68,10 +67,8 @@ import "google/protobuf/wrappers.proto"; // be rewritten to /newcatalog and sent to pods with label "version: v2". // // -// {{}} -// {{}} // ```yaml -// apiVersion: networking.istio.io/v1alpha3 +// apiVersion: networking.istio.io/v1 // kind: VirtualService // metadata: // name: reviews-route @@ -97,65 +94,13 @@ import "google/protobuf/wrappers.proto"; // host: reviews.prod.svc.cluster.local // subset: v1 // ``` -// {{}} -// -// {{}} -// ```yaml -// apiVersion: networking.istio.io/v1beta1 -// kind: VirtualService -// metadata: -// name: reviews-route -// spec: -// hosts: -// - reviews.prod.svc.cluster.local -// http: -// - name: "reviews-v2-routes" -// match: -// - uri: -// prefix: "/wpcatalog" -// - uri: -// prefix: "/consumercatalog" -// rewrite: -// uri: "/newcatalog" -// route: -// - destination: -// host: reviews.prod.svc.cluster.local -// subset: v2 -// - name: "reviews-v1-route" -// route: -// - destination: -// host: reviews.prod.svc.cluster.local -// subset: v1 -// ``` -// {{}} -// {{}} // // A subset/version of a route destination is identified with a reference // to a named service subset which must be declared in a corresponding // `DestinationRule`. // -// {{}} -// {{}} -// ```yaml -// apiVersion: networking.istio.io/v1alpha3 -// kind: DestinationRule -// metadata: -// name: reviews-destination -// spec: -// host: reviews.prod.svc.cluster.local -// subsets: -// - name: v1 -// labels: -// version: v1 -// - name: v2 -// labels: -// version: v2 -// ``` -// {{}} -// -// {{}} // ```yaml -// apiVersion: networking.istio.io/v1beta1 +// apiVersion: networking.istio.io/v1 // kind: DestinationRule // metadata: // name: reviews-destination @@ -169,28 +114,26 @@ import "google/protobuf/wrappers.proto"; // labels: // version: v2 // ``` -// {{}} -// {{}} // -package istio.networking.v1beta1; +package istio.networking.v1alpha3; -option go_package = "istio.io/api/networking/v1beta1"; +option go_package = "istio.io/api/networking/v1alpha3"; // Configuration affecting traffic routing. // // -// message VirtualService { // The destination hosts to which traffic is being sent. Could // be a DNS name with wildcard prefix or an IP address. Depending on the @@ -253,8 +193,8 @@ message VirtualService { repeated string gateways = 2; // An ordered list of route rules for HTTP traffic. HTTP routes will be - // applied to platform service ports named 'http-*'/'http2-*'/'grpc-*', gateway - // ports with protocol HTTP/HTTP2/GRPC/ TLS-terminated-HTTPS and service + // applied to platform service ports using HTTP/HTTP2/GRPC protocols, gateway + // ports with protocol HTTP/HTTP2/GRPC/TLS-terminated-HTTPS and service // entry ports using HTTP/HTTP2/GRPC protocols. The first rule matching // an incoming request is used. repeated HTTPRoute http = 3; @@ -301,7 +241,7 @@ message VirtualService { // *Note for Kubernetes users*: When short names are used (e.g. "reviews" // instead of "reviews.default.svc.cluster.local"), Istio will interpret // the short name based on the namespace of the rule, not the service. A -// rule in the "default" namespace containing a host "reviews will be +// rule in the "default" namespace containing a host "reviews" will be // interpreted as "reviews.default.svc.cluster.local", irrespective of the // actual namespace associated with the reviews service. _To avoid potential // misconfigurations, it is recommended to always use fully qualified @@ -311,10 +251,8 @@ message VirtualService { // of the reviews service with label "version: v1" (i.e., subset v1), and // some to subset v2, in a Kubernetes environment. // -// {{}} -// {{}} // ```yaml -// apiVersion: networking.istio.io/v1alpha3 +// apiVersion: networking.istio.io/v1 // kind: VirtualService // metadata: // name: reviews-route @@ -339,63 +277,11 @@ message VirtualService { // host: reviews # interpreted as reviews.foo.svc.cluster.local // subset: v1 // ``` -// {{}} -// -// {{}} -// ```yaml -// apiVersion: networking.istio.io/v1beta1 -// kind: VirtualService -// metadata: -// name: reviews-route -// namespace: foo -// spec: -// hosts: -// - reviews # interpreted as reviews.foo.svc.cluster.local -// http: -// - match: -// - uri: -// prefix: "/wpcatalog" -// - uri: -// prefix: "/consumercatalog" -// rewrite: -// uri: "/newcatalog" -// route: -// - destination: -// host: reviews # interpreted as reviews.foo.svc.cluster.local -// subset: v2 -// - route: -// - destination: -// host: reviews # interpreted as reviews.foo.svc.cluster.local -// subset: v1 -// ``` -// {{}} -// {{}} // // And the associated DestinationRule // -// {{}} -// {{}} -// ```yaml -// apiVersion: networking.istio.io/v1alpha3 -// kind: DestinationRule -// metadata: -// name: reviews-destination -// namespace: foo -// spec: -// host: reviews # interpreted as reviews.foo.svc.cluster.local -// subsets: -// - name: v1 -// labels: -// version: v1 -// - name: v2 -// labels: -// version: v2 -// ``` -// {{}} -// -// {{}} // ```yaml -// apiVersion: networking.istio.io/v1beta1 +// apiVersion: networking.istio.io/v1 // kind: DestinationRule // metadata: // name: reviews-destination @@ -410,8 +296,6 @@ message VirtualService { // labels: // version: v2 // ``` -// {{}} -// {{}} // // The following VirtualService sets a timeout of 5s for all calls to // productpage.prod.svc.cluster.local service in Kubernetes. Notice that @@ -423,10 +307,8 @@ message VirtualService { // productpage.prod.svc.cluster.local. Therefore the rule's namespace does // not have an impact in resolving the name of the productpage service. // -// {{}} -// {{}} // ```yaml -// apiVersion: networking.istio.io/v1alpha3 +// apiVersion: networking.istio.io/v1 // kind: VirtualService // metadata: // name: my-productpage-rule @@ -440,26 +322,6 @@ message VirtualService { // - destination: // host: productpage.prod.svc.cluster.local // ``` -// {{}} -// -// {{}} -// ```yaml -// apiVersion: networking.istio.io/v1beta1 -// kind: VirtualService -// metadata: -// name: my-productpage-rule -// namespace: istio-system -// spec: -// hosts: -// - productpage.prod.svc.cluster.local # ignores rule namespace -// http: -// - timeout: 5s -// route: -// - destination: -// host: productpage.prod.svc.cluster.local -// ``` -// {{}} -// {{}} // // To control routing for traffic bound to services outside the mesh, external // services must first be added to Istio's internal service registry using the @@ -467,10 +329,8 @@ message VirtualService { // bound to these external services. For example, the following rules define a // Service for wikipedia.org and set a timeout of 5s for HTTP requests. // -// {{}} -// {{}} // ```yaml -// apiVersion: networking.istio.io/v1alpha3 +// apiVersion: networking.istio.io/v1 // kind: ServiceEntry // metadata: // name: external-svc-wikipedia @@ -484,7 +344,7 @@ message VirtualService { // protocol: HTTP // resolution: DNS // --- -// apiVersion: networking.istio.io/v1alpha3 +// apiVersion: networking.istio.io/v1 // kind: VirtualService // metadata: // name: my-wiki-rule @@ -497,39 +357,6 @@ message VirtualService { // - destination: // host: wikipedia.org // ``` -// {{}} -// -// {{}} -// ```yaml -// apiVersion: networking.istio.io/v1beta1 -// kind: ServiceEntry -// metadata: -// name: external-svc-wikipedia -// spec: -// hosts: -// - wikipedia.org -// location: MESH_EXTERNAL -// ports: -// - number: 80 -// name: example-http -// protocol: HTTP -// resolution: DNS -// --- -// apiVersion: networking.istio.io/v1beta1 -// kind: VirtualService -// metadata: -// name: my-wiki-rule -// spec: -// hosts: -// - wikipedia.org -// http: -// - timeout: 5s -// route: -// - destination: -// host: wikipedia.org -// ``` -// {{}} -// {{}} // message Destination { // The name of a service from the service registry. Service @@ -541,7 +368,7 @@ message Destination { // *Note for Kubernetes users*: When short names are used (e.g. "reviews" // instead of "reviews.default.svc.cluster.local"), Istio will interpret // the short name based on the namespace of the rule, not the service. A - // rule in the "default" namespace containing a host "reviews will be + // rule in the "default" namespace containing a host "reviews" will be // interpreted as "reviews.default.svc.cluster.local", irrespective of // the actual namespace associated with the reviews service. To avoid // potential misconfiguration, it is recommended to always use fully @@ -618,6 +445,15 @@ message HTTPRoute { google.protobuf.Duration timeout = 6; // Retry policy for HTTP requests. + // + // Note: the default cluster-wide retry policy, if not specified, is: + // + // ```yaml + // attempts: 2 + // retryOn: "connect-failure,refused-stream,unavailable,cancelled,503" + // ``` + // + // This can be customized in [`Mesh Config` `defaultHttpRetryPolicy`](https://istio.io/latest/docs/reference/config/istio.mesh.v1alpha1/#MeshConfig). HTTPRetry retries = 7; // Fault injection policy to apply on HTTP traffic at the client side. @@ -633,10 +469,19 @@ message HTTPRoute { // destination. Destination mirror = 9; + // Specifies the destinations to mirror HTTP traffic in addition + // to the original destination. Mirrored traffic is on a + // best effort basis where the sidecar/gateway will not wait for the + // mirrored destinations to respond before returning the response from the + // original destination. Statistics will be generated for the mirrored + // destination. + repeated HTTPMirrorPolicy mirrors = 22; + // Percentage of the traffic to be mirrored by the `mirror` field. // Use of integer `mirror_percent` value is deprecated. Use the // double `mirror_percentage` field instead // $hide_from_docs + // +kubebuilder:altName=mirror_percent google.protobuf.UInt32Value mirror_percent = 18 [deprecated=true]; // Percentage of the traffic to be mirrored by the `mirror` field. @@ -656,7 +501,7 @@ message HTTPRoute { Headers headers = 16; // $hide_from_docs - // Next available field number: 22 + // Next available field number: 23 } @@ -665,7 +510,7 @@ message HTTPRoute { // forward the traffic to `/reviews` by a delegate VirtualService named `reviews`. // // ```yaml -// apiVersion: networking.istio.io/v1alpha3 +// apiVersion: networking.istio.io/v1 // kind: VirtualService // metadata: // name: bookinfo @@ -690,7 +535,7 @@ message HTTPRoute { // ``` // // ```yaml -// apiVersion: networking.istio.io/v1alpha3 +// apiVersion: networking.istio.io/v1 // kind: VirtualService // metadata: // name: productpage @@ -709,7 +554,7 @@ message HTTPRoute { // ``` // // ```yaml -// apiVersion: networking.istio.io/v1alpha3 +// apiVersion: networking.istio.io/v1 // kind: VirtualService // metadata: // name: reviews @@ -737,10 +582,8 @@ message Delegate { // It also removes the `foo` response header, but only from responses // coming from the `v1` subset (version) of the `reviews` service. // -// {{}} -// {{}} // ```yaml -// apiVersion: networking.istio.io/v1alpha3 +// apiVersion: networking.istio.io/v1 // kind: VirtualService // metadata: // name: reviews-route @@ -766,38 +609,6 @@ message Delegate { // - foo // weight: 75 // ``` -// {{}} -// -// {{}} -// ```yaml -// apiVersion: networking.istio.io/v1beta1 -// kind: VirtualService -// metadata: -// name: reviews-route -// spec: -// hosts: -// - reviews.prod.svc.cluster.local -// http: -// - headers: -// request: -// set: -// test: "true" -// route: -// - destination: -// host: reviews.prod.svc.cluster.local -// subset: v2 -// weight: 25 -// - destination: -// host: reviews.prod.svc.cluster.local -// subset: v1 -// headers: -// response: -// remove: -// - foo -// weight: 75 -// ``` -// {{}} -// {{}} message Headers { // Header manipulation rules to apply before forwarding a request // to the destination service @@ -823,39 +634,8 @@ message Headers { // traffic arriving at port 443 of gateway called "mygateway" to internal // services in the mesh based on the SNI value. // -// {{}} -// {{}} -// ```yaml -// apiVersion: networking.istio.io/v1alpha3 -// kind: VirtualService -// metadata: -// name: bookinfo-sni -// spec: -// hosts: -// - "*.bookinfo.com" -// gateways: -// - mygateway -// tls: -// - match: -// - port: 443 -// sniHosts: -// - login.bookinfo.com -// route: -// - destination: -// host: login.prod.svc.cluster.local -// - match: -// - port: 443 -// sniHosts: -// - reviews.bookinfo.com -// route: -// - destination: -// host: reviews.prod.svc.cluster.local -// ``` -// {{}} -// -// {{}} // ```yaml -// apiVersion: networking.istio.io/v1beta1 +// apiVersion: networking.istio.io/v1 // kind: VirtualService // metadata: // name: bookinfo-sni @@ -880,8 +660,6 @@ message Headers { // - destination: // host: reviews.prod.svc.cluster.local // ``` -// {{}} -// {{}} message TLSRoute { // Match conditions to be satisfied for the rule to be // activated. All conditions inside a single match block have AND @@ -897,30 +675,8 @@ message TLSRoute { // following routing rule forwards traffic arriving at port 27017 for // mongo.prod.svc.cluster.local to another Mongo server on port 5555. // -// {{}} -// {{}} -// ```yaml -// apiVersion: networking.istio.io/v1alpha3 -// kind: VirtualService -// metadata: -// name: bookinfo-mongo -// spec: -// hosts: -// - mongo.prod.svc.cluster.local -// tcp: -// - match: -// - port: 27017 -// route: -// - destination: -// host: mongo.backup.svc.cluster.local -// port: -// number: 5555 -// ``` -// {{}} -// -// {{}} // ```yaml -// apiVersion: networking.istio.io/v1beta1 +// apiVersion: networking.istio.io/v1 // kind: VirtualService // metadata: // name: bookinfo-mongo @@ -936,8 +692,6 @@ message TLSRoute { // port: // number: 5555 // ``` -// {{}} -// {{}} message TCPRoute { // Match conditions to be satisfied for the rule to be // activated. All conditions inside a single match block have AND @@ -949,16 +703,14 @@ message TCPRoute { repeated RouteDestination route = 2; } -// HttpMatchRequest specifies a set of criterion to be met in order for the +// HttpMatchRequest specifies a set of criteria to be met in order for the // rule to be applied to the HTTP request. For example, the following // restricts the rule to match only requests where the URL path // starts with /ratings/v2/ and the request contains a custom `end-user` header // with value `jason`. // -// {{}} -// {{}} // ```yaml -// apiVersion: networking.istio.io/v1alpha3 +// apiVersion: networking.istio.io/v1 // kind: VirtualService // metadata: // name: ratings-route @@ -977,34 +729,11 @@ message TCPRoute { // - destination: // host: ratings.prod.svc.cluster.local // ``` -// {{}} -// -// {{}} -// ```yaml -// apiVersion: networking.istio.io/v1beta1 -// kind: VirtualService -// metadata: -// name: ratings-route -// spec: -// hosts: -// - ratings.prod.svc.cluster.local -// http: -// - match: -// - headers: -// end-user: -// exact: jason -// uri: -// prefix: "/ratings/v2/" -// ignoreUriCase: true -// route: -// - destination: -// host: ratings.prod.svc.cluster.local -// ``` -// {{}} -// {{}} // // HTTPMatchRequest CANNOT be empty. -// **Note:** No regex string match can be set when delegate VirtualService is specified. +// **Note:** +// 1. If a root VirtualService have matched any property (path, header etc.) by regex, delegate VirtualServices should not have any other matches on the same property. +// 2. If a delegate VirtualService have matched any property (path, header etc.) by regex, root VirtualServices should not have any other matches on the same property. message HTTPMatchRequest { // The name assigned to a match. The match's name will be // concatenated with the parent route's name and will be logged in @@ -1018,10 +747,10 @@ message HTTPMatchRequest { // // - `prefix: "value"` for prefix-based match // - // - `regex: "value"` for RE2 style regex-based match (https://github.com/google/re2/wiki/Syntax). + // - `regex: "value"` for [RE2 style regex-based match](https://github.com/google/re2/wiki/Syntax). // // **Note:** Case-insensitive matching could be enabled via the - // `ignore_uri_case` flag. + // `ignoreUriCase` flag. StringMatch uri = 1; // URI Scheme @@ -1031,7 +760,7 @@ message HTTPMatchRequest { // // - `prefix: "value"` for prefix-based match // - // - `regex: "value"` for RE2 style regex-based match (https://github.com/google/re2/wiki/Syntax). + // - `regex: "value"` for [RE2 style regex-based match](https://github.com/google/re2/wiki/Syntax). // StringMatch scheme = 2; @@ -1042,7 +771,7 @@ message HTTPMatchRequest { // // - `prefix: "value"` for prefix-based match // - // - `regex: "value"` for RE2 style regex-based match (https://github.com/google/re2/wiki/Syntax). + // - `regex: "value"` for [RE2 style regex-based match](https://github.com/google/re2/wiki/Syntax). // StringMatch method = 3; @@ -1053,7 +782,7 @@ message HTTPMatchRequest { // // - `prefix: "value"` for prefix-based match // - // - `regex: "value"` for RE2 style regex-based match (https://github.com/google/re2/wiki/Syntax). + // - `regex: "value"` for [RE2 style regex-based match](https://github.com/google/re2/wiki/Syntax). // StringMatch authority = 4; @@ -1066,9 +795,16 @@ message HTTPMatchRequest { // // - `prefix: "value"` for prefix-based match // - // - `regex: "value"` for RE2 style regex-based match (https://github.com/google/re2/wiki/Syntax). + // - `regex: "value"` for [RE2 style regex-based match](https://github.com/google/re2/wiki/Syntax). + // + // If the value is empty and only the name of header is specified, presence of the header is checked. + // To provide an empty value, use `{}`, for example: // - // If the value is empty and only the name of header is specfied, presence of the header is checked. + // ``` + // - match: + // - headers: + // myheader: {} + // ``` // **Note:** The keys `uri`, `scheme`, `method`, and `authority` will be ignored. map headers = 5; @@ -1098,11 +834,12 @@ message HTTPMatchRequest { // - For a query parameter like "?key", the map key would be "key" and the // string match could be defined as `exact: ""`. // + // - For a query parameter like "?key=abc" or "?key=abx", the map key would be "key" and the + // string match could be defined as `prefix: "ab"`. + // // - For a query parameter like "?key=123", the map key would be "key" and the // string match could be defined as `regex: "\d+$"`. Note that this // configuration will only match values like "123" but not "a123" or "123a". - // - // **Note:** `prefix` matching is currently not supported. map query_params = 9; // Flag to specify whether the URI matching should be case-insensitive. @@ -1124,7 +861,7 @@ message HTTPMatchRequest { // The statistics are generated with prefix route.. // This should be set for highly critical routes that one wishes to get "per-route" statistics on. // This prefix is only for proxy-level statistics (envoy_*) and not service-level (istio_*) statistics. - // Refer to https://www.envoyproxy.io/docs/envoy/latest/api-v3/config/route/v3/route_components.proto#envoy-v3-api-field-config-route-v3-route-stat-prefix + // Refer to https://www.envoyproxy.io/docs/envoy/latest/api-v3/config/route/v3/route_components.proto#envoy-v3-api-field-config-route-v3-route-stat-prefix // for statistics that are generated when this is configured. string stat_prefix = 14; } @@ -1136,32 +873,8 @@ message HTTPMatchRequest { // instances with the "v2" tag and the remaining traffic (i.e., 75%) to // "v1". // -// {{}} -// {{}} -// ```yaml -// apiVersion: networking.istio.io/v1alpha3 -// kind: VirtualService -// metadata: -// name: reviews-route -// spec: -// hosts: -// - reviews.prod.svc.cluster.local -// http: -// - route: -// - destination: -// host: reviews.prod.svc.cluster.local -// subset: v2 -// weight: 25 -// - destination: -// host: reviews.prod.svc.cluster.local -// subset: v1 -// weight: 75 -// ``` -// {{}} -// -// {{}} // ```yaml -// apiVersion: networking.istio.io/v1beta1 +// apiVersion: networking.istio.io/v1 // kind: VirtualService // metadata: // name: reviews-route @@ -1179,33 +892,11 @@ message HTTPMatchRequest { // subset: v1 // weight: 75 // ``` -// {{}} -// {{}} // // And the associated DestinationRule // -// {{}} -// {{}} -// ```yaml -// apiVersion: networking.istio.io/v1alpha3 -// kind: DestinationRule -// metadata: -// name: reviews-destination -// spec: -// host: reviews.prod.svc.cluster.local -// subsets: -// - name: v1 -// labels: -// version: v1 -// - name: v2 -// labels: -// version: v2 -// ``` -// {{}} -// -// {{}} // ```yaml -// apiVersion: networking.istio.io/v1beta1 +// apiVersion: networking.istio.io/v1 // kind: DestinationRule // metadata: // name: reviews-destination @@ -1219,37 +910,13 @@ message HTTPMatchRequest { // labels: // version: v2 // ``` -// {{}} -// {{}} // // Traffic can also be split across two entirely different services without // having to define new subsets. For example, the following rule forwards 25% of // traffic to reviews.com to dev.reviews.com // -// {{}} -// {{}} -// ```yaml -// apiVersion: networking.istio.io/v1alpha3 -// kind: VirtualService -// metadata: -// name: reviews-route-two-domains -// spec: -// hosts: -// - reviews.com -// http: -// - route: -// - destination: -// host: dev.reviews.com -// weight: 25 -// - destination: -// host: reviews.com -// weight: 75 -// ``` -// {{}} -// -// {{}} // ```yaml -// apiVersion: networking.istio.io/v1beta1 +// apiVersion: networking.istio.io/v1 // kind: VirtualService // metadata: // name: reviews-route-two-domains @@ -1265,8 +932,6 @@ message HTTPMatchRequest { // host: reviews.com // weight: 75 // ``` -// {{}} -// {{}} // message HTTPRouteDestination { // Destination uniquely identifies the instances of a service @@ -1336,7 +1001,7 @@ message TLSMatchAttributes { // SNI (server name indicator) to match on. Wildcard prefixes // can be used in the SNI value, e.g., *.com will match foo.example.com // as well as example.com. An SNI value must be a subset (i.e., fall - // within the domain) of the corresponding virtual serivce's hosts. + // within the domain) of the corresponding virtual service's hosts. repeated string sni_hosts = 1 [(google.api.field_behavior) = REQUIRED]; // IPv4 or IPv6 ip addresses of destination with optional subnet. E.g., @@ -1375,10 +1040,8 @@ message TLSMatchAttributes { // requests for /v1/getProductRatings API on the ratings service to // /v1/bookRatings provided by the bookratings service. // -// {{}} -// {{}} // ```yaml -// apiVersion: networking.istio.io/v1alpha3 +// apiVersion: networking.istio.io/v1 // kind: VirtualService // metadata: // name: ratings-route @@ -1394,28 +1057,6 @@ message TLSMatchAttributes { // authority: newratings.default.svc.cluster.local // ... // ``` -// {{}} -// -// {{}} -// ```yaml -// apiVersion: networking.istio.io/v1beta1 -// kind: VirtualService -// metadata: -// name: ratings-route -// spec: -// hosts: -// - ratings.prod.svc.cluster.local -// http: -// - match: -// - uri: -// exact: /v1/getProductRatings -// redirect: -// uri: /v1/bookRatings -// authority: newratings.default.svc.cluster.local -// ... -// ``` -// {{}} -// {{}} // message HTTPRedirect { // On a redirect, overwrite the Path portion of the URL with this @@ -1455,31 +1096,8 @@ message HTTPRedirect { // For example, the following rule returns a fixed 503 status with a body // to requests for /v1/getProductRatings API. // -// {{}} -// {{}} -// ```yaml -// apiVersion: networking.istio.io/v1alpha3 -// kind: VirtualService -// metadata: -// name: ratings-route -// spec: -// hosts: -// - ratings.prod.svc.cluster.local -// http: -// - match: -// - uri: -// exact: /v1/getProductRatings -// directResponse: -// status: 503 -// body: -// string: "unknown error" -// ... -// ``` -// {{}} -// -// {{}} // ```yaml -// apiVersion: networking.istio.io/v1beta1 +// apiVersion: networking.istio.io/v1 // kind: VirtualService // metadata: // name: ratings-route @@ -1496,16 +1114,12 @@ message HTTPRedirect { // string: "unknown error" // ... // ``` -// {{}} -// {{}} // // It is also possible to specify a binary response body. // This is mostly useful for non text-based protocols such as gRPC. // -// {{}} -// {{}} // ```yaml -// apiVersion: networking.istio.io/v1alpha3 +// apiVersion: networking.istio.io/v1 // kind: VirtualService // metadata: // name: ratings-route @@ -1522,63 +1136,13 @@ message HTTPRedirect { // bytes: "dW5rbm93biBlcnJvcg==" # "unknown error" in base64 // ... // ``` -// {{}} -// -// {{}} -// ```yaml -// apiVersion: networking.istio.io/v1beta1 -// kind: VirtualService -// metadata: -// name: ratings-route -// spec: -// hosts: -// - ratings.prod.svc.cluster.local -// http: -// - match: -// - uri: -// exact: /v1/getProductRatings -// directResponse: -// status: 503 -// body: -// bytes: "dW5rbm93biBlcnJvcg==" # "unknown error" in base64 -// ... -// ``` -// {{}} -// {{}} // // It is good practice to add headers in the HTTPRoute // as well as the direct_response, for example to specify // the returned Content-Type. // -// {{}} -// {{}} -// ```yaml -// apiVersion: networking.istio.io/v1alpha3 -// kind: VirtualService -// metadata: -// name: ratings-route -// spec: -// hosts: -// - ratings.prod.svc.cluster.local -// http: -// - match: -// - uri: -// exact: /v1/getProductRatings -// directResponse: -// status: 503 -// body: -// string: "{\"error\": \"unknown error\"}" -// headers: -// response: -// set: -// content-type: "appliation/json" -// ... -// ``` -// {{}} -// -// {{}} // ```yaml -// apiVersion: networking.istio.io/v1beta1 +// apiVersion: networking.istio.io/v1 // kind: VirtualService // metadata: // name: ratings-route @@ -1599,8 +1163,6 @@ message HTTPRedirect { // content-type: "text/plain" // ... // ``` -// {{}} -// {{}} // message HTTPDirectResponse { // Specifies the HTTP response status to be returned. @@ -1627,10 +1189,8 @@ message HTTPBody { // demonstrates how to rewrite the URL prefix for api call (/ratings) to // ratings service before making the actual API call. // -// {{}} -// {{}} // ```yaml -// apiVersion: networking.istio.io/v1alpha3 +// apiVersion: networking.istio.io/v1 // kind: VirtualService // metadata: // name: ratings-route @@ -1648,30 +1208,6 @@ message HTTPBody { // host: ratings.prod.svc.cluster.local // subset: v1 // ``` -// {{}} -// -// {{}} -// ```yaml -// apiVersion: networking.istio.io/v1beta1 -// kind: VirtualService -// metadata: -// name: ratings-route -// spec: -// hosts: -// - ratings.prod.svc.cluster.local -// http: -// - match: -// - uri: -// prefix: /ratings -// rewrite: -// uri: /v1/bookRatings -// route: -// - destination: -// host: ratings.prod.svc.cluster.local -// subset: v1 -// ``` -// {{}} -// {{}} // message HTTPRewrite { // rewrite the path (or the prefix) portion of the URI with this @@ -1681,10 +1217,31 @@ message HTTPRewrite { // rewrite the Authority/Host header with this value. string authority = 2; + + // rewrite the path portion of the URI with the specified regex. + RegexRewrite uri_regex_rewrite = 3; } -// Describes how to match a given string in HTTP headers. Match is -// case-sensitive. +message RegexRewrite { + // [RE2 style regex-based match](https://github.com/google/re2/wiki/Syntax). + string match = 1; + + // The string that should replace into matching portions of original URI. + // Capture groups in the pattern can be referenced in the new URI. + // Examples: + // + // Example 1: rewrite with capture groups + // Path pattern "/service/update/v1/api" with match "^/service/([^/]+)(/.*)$" and + // rewrite string of "/customprefix/\2/\1" would transform into "/customprefix/v1/api/update". + // + // Example 2: case insensitive rewrite + // Path pattern "/aaa/XxX/bbb" with match "(?i)/xxx/" and a rewrite string of /yyy/ would do a + // case-insensitive match and transform the path to "/aaa/yyy/bbb". + string rewrite = 2; +} + +// Describes how to match a given string in HTTP headers. `exact` and `prefix` matching is +// case-sensitive. `regex` matching supports case-insensitive matches. message StringMatch { oneof match_type { @@ -1694,7 +1251,9 @@ message StringMatch { // prefix-based match string prefix = 2; - // RE2 style regex-based match (https://github.com/google/re2/wiki/Syntax). + // [RE2 style regex-based match](https://github.com/google/re2/wiki/Syntax). + // + // Example: `(?i)^aaa$` can be used to case-insensitive match a string consisting of three a's. string regex = 3; } } @@ -1705,31 +1264,8 @@ message StringMatch { // A retry will be attempted if there is a connect-failure, refused_stream // or when the upstream server responds with Service Unavailable(503). // -// {{}} -// {{}} // ```yaml -// apiVersion: networking.istio.io/v1alpha3 -// kind: VirtualService -// metadata: -// name: ratings-route -// spec: -// hosts: -// - ratings.prod.svc.cluster.local -// http: -// - route: -// - destination: -// host: ratings.prod.svc.cluster.local -// subset: v1 -// retries: -// attempts: 3 -// perTryTimeout: 2s -// retryOn: connect-failure,refused-stream,503 -// ``` -// {{}} -// -// {{}} -// ```yaml -// apiVersion: networking.istio.io/v1beta1 +// apiVersion: networking.istio.io/v1 // kind: VirtualService // metadata: // name: ratings-route @@ -1746,28 +1282,32 @@ message StringMatch { // perTryTimeout: 2s // retryOn: gateway-error,connect-failure,refused-stream // ``` -// {{}} -// {{}} -// message HTTPRetry { // Number of retries to be allowed for a given request. The interval - // between retries will be determined automatically (25ms+). When request - // `timeout` of the [HTTP route](https://istio.io/docs/reference/config/networking/virtual-service/#HTTPRoute) + // between retries will be determined automatically (25ms+). When request + // `timeout` of the [HTTP route](https://istio.io/docs/reference/config/networking/virtual-service/#HTTPRoute) // or `per_try_timeout` is configured, the actual number of retries attempted also depends on - // the specified request `timeout` and `per_try_timeout` values. - int32 attempts = 1 [(google.api.field_behavior) = REQUIRED]; + // the specified request `timeout` and `per_try_timeout` values. MUST be >= 0. If `0`, retries will be disabled. + // The maximum possible number of requests made will be 1 + `attempts`. + int32 attempts = 1; - // Timeout per attempt for a given request, including the initial call and any retries. Format: 1h/1m/1s/1ms. MUST BE >=1ms. - // Default is same value as request - // `timeout` of the [HTTP route](https://istio.io/docs/reference/config/networking/virtual-service/#HTTPRoute), + // Timeout per attempt for a given request, including the initial call and any retries. Format: 1h/1m/1s/1ms. MUST be >=1ms. + // Default is same value as request + // `timeout` of the [HTTP route](https://istio.io/docs/reference/config/networking/virtual-service/#HTTPRoute), // which means no timeout. google.protobuf.Duration per_try_timeout = 2; // Specifies the conditions under which retry takes place. // One or more policies can be specified using a ‘,’ delimited list. - // If `retry_on` specifies a valid HTTP status, it will be added to retriable_status_codes retry policy. // See the [retry policies](https://www.envoyproxy.io/docs/envoy/latest/configuration/http/http_filters/router_filter#x-envoy-retry-on) // and [gRPC retry policies](https://www.envoyproxy.io/docs/envoy/latest/configuration/http/http_filters/router_filter#x-envoy-retry-grpc-on) for more details. + // + // In addition to the policies specified above, a list of HTTP status codes can be passed, such as `retryOn: "503,reset"`. + // Note these status codes refer to the actual responses received from the destination. + // For example, if a connection is reset, Istio will translate this to 503 for it's response. + // However, the destination did not return a 503 error, so this would not match `"503"` (it would, however, match `"reset"`). + // + // If not specified, this defaults to `connect-failure,refused-stream,unavailable,cancelled,503`. string retry_on = 3; // Flag to specify whether the retries should retry to other localities. @@ -1783,37 +1323,8 @@ message HTTPRetry { // `Access-Control-Allow-Credentials` header to false. In addition, it only // exposes `X-Foo-bar` header and sets an expiry period of 1 day. // -// {{}} -// {{}} -// ```yaml -// apiVersion: networking.istio.io/v1alpha3 -// kind: VirtualService -// metadata: -// name: ratings-route -// spec: -// hosts: -// - ratings.prod.svc.cluster.local -// http: -// - route: -// - destination: -// host: ratings.prod.svc.cluster.local -// subset: v1 -// corsPolicy: -// allowOrigins: -// - exact: https://example.com -// allowMethods: -// - POST -// - GET -// allowCredentials: false -// allowHeaders: -// - X-Foo-Bar -// maxAge: "24h" -// ``` -// {{}} -// -// {{}} // ```yaml -// apiVersion: networking.istio.io/v1beta1 +// apiVersion: networking.istio.io/v1 // kind: VirtualService // metadata: // name: ratings-route @@ -1836,8 +1347,6 @@ message HTTPRetry { // - X-Foo-Bar // maxAge: "24h" // ``` -// {{}} -// {{}} // message CorsPolicy { // The list of origins that are allowed to perform CORS requests. The @@ -1871,6 +1380,22 @@ message CorsPolicy { // (not the preflight) using credentials. Translates to // `Access-Control-Allow-Credentials` header. google.protobuf.BoolValue allow_credentials = 6; + + // Indicates whether preflight requests not matching the configured + // allowed origin shouldn't be forwarded to the upstream. + // Default is forward to upstream. + UnmatchedPreflights unmatched_preflights = 8; + + enum UnmatchedPreflights { + // Default to FORWARD + UNSPECIFIED = 0; + // Preflight requests not matching the configured allowed origin + // will be forwarded to the upstream. + FORWARD = 1; + // Preflight requests not matching the configured allowed origin + // will not be forwarded to the upstream. + IGNORE = 2; + } } // HTTPFaultInjection can be used to specify one or more faults to inject @@ -1895,10 +1420,8 @@ message HTTPFaultInjection { // in 1 out of every 1000 requests to the "v1" version of the "reviews" // service from all pods with label env: prod // - // {{}} - // {{}} // ```yaml - // apiVersion: networking.istio.io/v1alpha3 + // apiVersion: networking.istio.io/v1 // kind: VirtualService // metadata: // name: reviews-route @@ -1919,33 +1442,6 @@ message HTTPFaultInjection { // value: 0.1 // fixedDelay: 5s // ``` - // {{}} - // - // {{}} - // ```yaml - // apiVersion: networking.istio.io/v1beta1 - // kind: VirtualService - // metadata: - // name: reviews-route - // spec: - // hosts: - // - reviews.prod.svc.cluster.local - // http: - // - match: - // - sourceLabels: - // env: prod - // route: - // - destination: - // host: reviews.prod.svc.cluster.local - // subset: v1 - // fault: - // delay: - // percentage: - // value: 0.1 - // fixedDelay: 5s - // ``` - // {{}} - // {{}} // // The _fixedDelay_ field is used to indicate the amount of delay in seconds. // The optional _percentage_ field can be used to only delay a certain @@ -1959,7 +1455,7 @@ message HTTPFaultInjection { oneof http_delay_type { // Add a fixed delay before forwarding the request. Format: // 1h/1m/1s/1ms. MUST be >=1ms. - google.protobuf.Duration fixed_delay = 2 [(google.api.field_behavior) = REQUIRED]; + google.protobuf.Duration fixed_delay = 2; // $hide_from_docs google.protobuf.Duration exponential_delay = 3 ; @@ -1974,10 +1470,8 @@ message HTTPFaultInjection { // pre-specified error code. The following example will return an HTTP 400 // error code for 1 out of every 1000 requests to the "ratings" service "v1". // - // {{}} - // {{}} // ```yaml - // apiVersion: networking.istio.io/v1alpha3 + // apiVersion: networking.istio.io/v1 // kind: VirtualService // metadata: // name: ratings-route @@ -1995,30 +1489,6 @@ message HTTPFaultInjection { // value: 0.1 // httpStatus: 400 // ``` - // {{}} - // - // {{}} - // ```yaml - // apiVersion: networking.istio.io/v1beta1 - // kind: VirtualService - // metadata: - // name: ratings-route - // spec: - // hosts: - // - ratings.prod.svc.cluster.local - // http: - // - route: - // - destination: - // host: ratings.prod.svc.cluster.local - // subset: v1 - // fault: - // abort: - // percentage: - // value: 0.1 - // httpStatus: 400 - // ``` - // {{}} - // {{}} // // The _httpStatus_ field is used to indicate the HTTP status code to // return to the caller. The optional _percentage_ field can be used to only @@ -2030,7 +1500,7 @@ message HTTPFaultInjection { oneof error_type { // HTTP status code to use to abort the Http request. - int32 http_status = 2 [(google.api.field_behavior) = REQUIRED]; + int32 http_status = 2; // GRPC status code to use to abort the request. The supported // codes are documented in https://github.com/grpc/grpc/blob/master/doc/statuscodes.md @@ -2048,6 +1518,22 @@ message HTTPFaultInjection { } } +// HTTPMirrorPolicy can be used to specify the destinations to mirror HTTP traffic in addition +// to the original destination. Mirrored traffic is on a +// best effort basis where the sidecar/gateway will not wait for the +// mirrored destinations to respond before returning the response from the +// original destination. Statistics will be generated for the mirrored +// destination. +message HTTPMirrorPolicy { + // Destination specifies the target of the mirror operation. + Destination destination = 1 [(google.api.field_behavior) = REQUIRED]; + + // Percentage of the traffic to be mirrored by the `destination` field. + // If this field is absent, all the traffic (100%) will be mirrored. + // Max value is 100. + Percent percentage = 2; +} + // PortSelector specifies the number of a port to be used for // matching or selection for final routing. message PortSelector { diff --git a/vendor/istio.io/api/networking/v1beta1/virtual_service_deepcopy.gen.go b/vendor/istio.io/api/networking/v1alpha3/virtual_service_deepcopy.gen.go similarity index 92% rename from vendor/istio.io/api/networking/v1beta1/virtual_service_deepcopy.gen.go rename to vendor/istio.io/api/networking/v1alpha3/virtual_service_deepcopy.gen.go index ed41c1a28..4314564c0 100644 --- a/vendor/istio.io/api/networking/v1beta1/virtual_service_deepcopy.gen.go +++ b/vendor/istio.io/api/networking/v1alpha3/virtual_service_deepcopy.gen.go @@ -1,8 +1,8 @@ // Code generated by protoc-gen-deepcopy. DO NOT EDIT. -package v1beta1 +package v1alpha3 import ( - proto "github.com/golang/protobuf/proto" + proto "google.golang.org/protobuf/proto" ) // DeepCopyInto supports using VirtualService within kubernetes types, where deepcopy-gen is used. @@ -362,6 +362,27 @@ func (in *HTTPRewrite) DeepCopyInterface() interface{} { return in.DeepCopy() } +// DeepCopyInto supports using RegexRewrite within kubernetes types, where deepcopy-gen is used. +func (in *RegexRewrite) DeepCopyInto(out *RegexRewrite) { + p := proto.Clone(in).(*RegexRewrite) + *out = *p +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new RegexRewrite. Required by controller-gen. +func (in *RegexRewrite) DeepCopy() *RegexRewrite { + if in == nil { + return nil + } + out := new(RegexRewrite) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInterface is an autogenerated deepcopy function, copying the receiver, creating a new RegexRewrite. Required by controller-gen. +func (in *RegexRewrite) DeepCopyInterface() interface{} { + return in.DeepCopy() +} + // DeepCopyInto supports using StringMatch within kubernetes types, where deepcopy-gen is used. func (in *StringMatch) DeepCopyInto(out *StringMatch) { p := proto.Clone(in).(*StringMatch) @@ -488,6 +509,27 @@ func (in *HTTPFaultInjection_Abort) DeepCopyInterface() interface{} { return in.DeepCopy() } +// DeepCopyInto supports using HTTPMirrorPolicy within kubernetes types, where deepcopy-gen is used. +func (in *HTTPMirrorPolicy) DeepCopyInto(out *HTTPMirrorPolicy) { + p := proto.Clone(in).(*HTTPMirrorPolicy) + *out = *p +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new HTTPMirrorPolicy. Required by controller-gen. +func (in *HTTPMirrorPolicy) DeepCopy() *HTTPMirrorPolicy { + if in == nil { + return nil + } + out := new(HTTPMirrorPolicy) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInterface is an autogenerated deepcopy function, copying the receiver, creating a new HTTPMirrorPolicy. Required by controller-gen. +func (in *HTTPMirrorPolicy) DeepCopyInterface() interface{} { + return in.DeepCopy() +} + // DeepCopyInto supports using PortSelector within kubernetes types, where deepcopy-gen is used. func (in *PortSelector) DeepCopyInto(out *PortSelector) { p := proto.Clone(in).(*PortSelector) diff --git a/vendor/istio.io/api/networking/v1beta1/virtual_service_json.gen.go b/vendor/istio.io/api/networking/v1alpha3/virtual_service_json.gen.go similarity index 92% rename from vendor/istio.io/api/networking/v1beta1/virtual_service_json.gen.go rename to vendor/istio.io/api/networking/v1alpha3/virtual_service_json.gen.go index 8aae39cbd..63189430c 100644 --- a/vendor/istio.io/api/networking/v1beta1/virtual_service_json.gen.go +++ b/vendor/istio.io/api/networking/v1alpha3/virtual_service_json.gen.go @@ -1,5 +1,5 @@ // Code generated by protoc-gen-jsonshim. DO NOT EDIT. -package v1beta1 +package v1alpha3 import ( bytes "bytes" @@ -193,6 +193,17 @@ func (this *HTTPRewrite) UnmarshalJSON(b []byte) error { return VirtualServiceUnmarshaler.Unmarshal(bytes.NewReader(b), this) } +// MarshalJSON is a custom marshaler for RegexRewrite +func (this *RegexRewrite) MarshalJSON() ([]byte, error) { + str, err := VirtualServiceMarshaler.MarshalToString(this) + return []byte(str), err +} + +// UnmarshalJSON is a custom unmarshaler for RegexRewrite +func (this *RegexRewrite) UnmarshalJSON(b []byte) error { + return VirtualServiceUnmarshaler.Unmarshal(bytes.NewReader(b), this) +} + // MarshalJSON is a custom marshaler for StringMatch func (this *StringMatch) MarshalJSON() ([]byte, error) { str, err := VirtualServiceMarshaler.MarshalToString(this) @@ -259,6 +270,17 @@ func (this *HTTPFaultInjection_Abort) UnmarshalJSON(b []byte) error { return VirtualServiceUnmarshaler.Unmarshal(bytes.NewReader(b), this) } +// MarshalJSON is a custom marshaler for HTTPMirrorPolicy +func (this *HTTPMirrorPolicy) MarshalJSON() ([]byte, error) { + str, err := VirtualServiceMarshaler.MarshalToString(this) + return []byte(str), err +} + +// UnmarshalJSON is a custom unmarshaler for HTTPMirrorPolicy +func (this *HTTPMirrorPolicy) UnmarshalJSON(b []byte) error { + return VirtualServiceUnmarshaler.Unmarshal(bytes.NewReader(b), this) +} + // MarshalJSON is a custom marshaler for PortSelector func (this *PortSelector) MarshalJSON() ([]byte, error) { str, err := VirtualServiceMarshaler.MarshalToString(this) diff --git a/vendor/istio.io/api/networking/v1beta1/workload_entry.pb.go b/vendor/istio.io/api/networking/v1alpha3/workload_entry.pb.go similarity index 56% rename from vendor/istio.io/api/networking/v1beta1/workload_entry.pb.go rename to vendor/istio.io/api/networking/v1alpha3/workload_entry.pb.go index 9fd16e4d2..e2f774199 100644 --- a/vendor/istio.io/api/networking/v1beta1/workload_entry.pb.go +++ b/vendor/istio.io/api/networking/v1alpha3/workload_entry.pb.go @@ -14,16 +14,15 @@ // Code generated by protoc-gen-go. DO NOT EDIT. // versions: -// protoc-gen-go v1.28.1 +// protoc-gen-go v1.35.2 // protoc (unknown) -// source: networking/v1beta1/workload_entry.proto +// source: networking/v1alpha3/workload_entry.proto -// $schema: istio.networking.v1beta1.WorkloadEntry +// $schema: istio.networking.v1alpha3.WorkloadEntry // $title: Workload Entry // $description: Configuration affecting VMs onboarded into the mesh. // $location: https://istio.io/docs/reference/config/networking/workload-entry.html -// $aliases: [/docs/reference/config/networking/v1beta1/workload-entry] -// $mode: none +// $aliases: [/docs/reference/config/networking/v1alpha3/workload-entry] // `WorkloadEntry` enables operators to describe the properties of a // single non-Kubernetes workload such as a VM or a bare metal server @@ -48,10 +47,8 @@ // TLS and sent to sidecars on VMs on target port 8080, that in turn // forward it to the application on localhost on the same port. // -// {{}} -// {{}} // ```yaml -// apiVersion: networking.istio.io/v1alpha3 +// apiVersion: networking.istio.io/v1 // kind: WorkloadEntry // metadata: // name: details-svc @@ -66,56 +63,11 @@ // app: details-legacy // instance-id: vm1 // ``` -// {{}} -// -// {{}} -// ```yaml -// apiVersion: networking.istio.io/v1beta1 -// kind: WorkloadEntry -// metadata: -// name: details-svc -// spec: -// # use of the service account indicates that the workload has a -// # sidecar proxy bootstrapped with this service account. Pods with -// # sidecars will automatically communicate with the workload using -// # istio mutual TLS. -// serviceAccount: details-legacy -// address: 2.2.2.2 -// labels: -// app: details-legacy -// instance-id: vm1 -// ``` -// {{}} -// {{}} // // and the associated service entry // -// {{}} -// {{}} -// ```yaml -// apiVersion: networking.istio.io/v1alpha3 -// kind: ServiceEntry -// metadata: -// name: details-svc -// spec: -// hosts: -// - details.bookinfo.com -// location: MESH_INTERNAL -// ports: -// - number: 80 -// name: http -// protocol: HTTP -// targetPort: 8080 -// resolution: STATIC -// workloadSelector: -// labels: -// app: details-legacy -// ``` -// {{}} -// -// {{}} // ```yaml -// apiVersion: networking.istio.io/v1beta1 +// apiVersion: networking.istio.io/v1 // kind: ServiceEntry // metadata: // name: details-svc @@ -133,8 +85,6 @@ // labels: // app: details-legacy // ``` -// {{}} -// {{}} // // // The following example declares the same VM workload using @@ -143,10 +93,8 @@ // sidecars should dynamically resolve the DNS name at runtime before // forwarding the request. // -// {{}} -// {{}} // ```yaml -// apiVersion: networking.istio.io/v1alpha3 +// apiVersion: networking.istio.io/v1 // kind: WorkloadEntry // metadata: // name: details-svc @@ -161,34 +109,11 @@ // app: details-legacy // instance-id: vm1 // ``` -// {{}} -// -// {{}} -// ```yaml -// apiVersion: networking.istio.io/v1beta1 -// kind: WorkloadEntry -// metadata: -// name: details-svc -// spec: -// # use of the service account indicates that the workload has a -// # sidecar proxy bootstrapped with this service account. Pods with -// # sidecars will automatically communicate with the workload using -// # istio mutual TLS. -// serviceAccount: details-legacy -// address: vm1.vpc01.corp.net -// labels: -// app: details-legacy -// instance-id: vm1 -// ``` -// {{}} -// {{}} // // and the associated service entry // -// {{}} -// {{}} // ```yaml -// apiVersion: networking.istio.io/v1alpha3 +// apiVersion: networking.istio.io/v1 // kind: ServiceEntry // metadata: // name: details-svc @@ -206,36 +131,29 @@ // labels: // app: details-legacy // ``` -// {{}} // -// {{}} +// The following example declares a VM workload without an address. +// An alternative to having istiod read from remote API servers is +// to write a `WorkloadEntry` in the local cluster that represents +// the Workload(s) in the remote network with the given labels. A +// single `WorkloadEntry` with weights represent the aggregate of all +// the actual workloads in a given remote network. +// // ```yaml -// apiVersion: networking.istio.io/v1beta1 -// kind: ServiceEntry +// apiVersion: networking.istio.io/v1 +// kind: WorkloadEntry // metadata: -// name: details-svc +// name: foo-workloads-cluster-2 // spec: -// hosts: -// - details.bookinfo.com -// location: MESH_INTERNAL -// ports: -// - number: 80 -// name: http -// protocol: HTTP -// targetPort: 8080 -// resolution: DNS -// workloadSelector: -// labels: -// app: details-legacy +// serviceAccount: foo +// network: cluster-2-network +// labels: +// app: foo // ``` -// {{}} -// {{}} -// -package v1beta1 +package v1alpha3 import ( - _ "google.golang.org/genproto/googleapis/api/annotations" protoreflect "google.golang.org/protobuf/reflect/protoreflect" protoimpl "google.golang.org/protobuf/runtime/protoimpl" reflect "reflect" @@ -253,7 +171,7 @@ const ( // // // // -// +// +kubebuilder:validation:XValidation:message="Address is required",rule="has(self.address) || has(self.network)" +// +kubebuilder:validation:XValidation:message="UDS may not include ports",rule="(has(self.address) && self.address.startsWith('unix://')) ? !has(self.ports) : true" type WorkloadEntry struct { state protoimpl.MessageState sizeCache protoimpl.SizeCache @@ -285,6 +203,10 @@ type WorkloadEntry struct { // port. Domain names can be used if and only if the resolution is set // to DNS, and must be fully-qualified without wildcards. Use the form // unix:///absolute/path/to/socket for Unix domain socket endpoints. + // If address is empty, network must be specified. + // +kubebuilder:validation:XValidation:message="UDS must be an absolute path or abstract socket",rule="self.startsWith('unix://') ? (self.substring(7,8) == '/' || self.substring(7,8) == '@') : true" + // +kubebuilder:validation:XValidation:message="UDS may not be a dir",rule="self.startsWith('unix://') ? !self.endsWith('/') : true" + // +kubebuilder:validation:MaxLength=256 Address string `protobuf:"bytes,1,opt,name=address,proto3" json:"address,omitempty"` // Set of ports associated with the endpoint. If the port map is // specified, it must be a map of servicePortName to this endpoint's @@ -300,8 +222,12 @@ type WorkloadEntry struct { // **NOTE 1:** Do not use for `unix://` addresses. // // **NOTE 2:** endpoint port map takes precedence over targetPort. + // +protoc-gen-crd:map-value-validation:XValidation:message="port must be between 1-65535",rule="0 < self && self <= 65535" + // +kubebuilder:validation:MaxProperties=128 + // +kubebuilder:validation:XValidation:message="port name must be valid",rule="self.all(key, size(key) < 63 && key.matches('^[a-zA-Z0-9](?:[-a-zA-Z0-9]*[a-zA-Z0-9])?$'))" Ports map[string]uint32 `protobuf:"bytes,2,rep,name=ports,proto3" json:"ports,omitempty" protobuf_key:"bytes,1,opt,name=key,proto3" protobuf_val:"varint,2,opt,name=value,proto3"` // One or more labels associated with the endpoint. + // +kubebuilder:validation:MaxProperties=256 Labels map[string]string `protobuf:"bytes,3,rep,name=labels,proto3" json:"labels,omitempty" protobuf_key:"bytes,1,opt,name=key,proto3" protobuf_val:"bytes,2,opt,name=value,proto3"` // Network enables Istio to group endpoints resident in the same L3 // domain/network. All endpoints in the same network are assumed to be @@ -310,7 +236,8 @@ type WorkloadEntry struct { // used to establish connectivity (usually using the // `AUTO_PASSTHROUGH` mode in a Gateway Server). This is // an advanced configuration used typically for spanning an Istio mesh - // over multiple clusters. + // over multiple clusters. Required if address is not provided. + // +kubebuilder:validation:MaxLength=2048 Network string `protobuf:"bytes,4,opt,name=network,proto3" json:"network,omitempty"` // The locality associated with the endpoint. A locality corresponds // to a failure domain (e.g., country/region/zone). Arbitrary failure @@ -329,6 +256,7 @@ type WorkloadEntry struct { // locality. Endpoint e2 could be the IP associated with a gateway // (that bridges networks n1 and n2), or the IP associated with a // standard service endpoint. + // +kubebuilder:validation:MaxLength=2048 Locality string `protobuf:"bytes,5,opt,name=locality,proto3" json:"locality,omitempty"` // The load balancing weight associated with the endpoint. Endpoints // with higher weights will receive proportionally higher traffic. @@ -337,16 +265,15 @@ type WorkloadEntry struct { // is present in the workload. The service account must be present // in the same namespace as the configuration ( WorkloadEntry or a // ServiceEntry) + // +kubebuilder:validation:MaxLength=253 ServiceAccount string `protobuf:"bytes,7,opt,name=service_account,json=serviceAccount,proto3" json:"service_account,omitempty"` } func (x *WorkloadEntry) Reset() { *x = WorkloadEntry{} - if protoimpl.UnsafeEnabled { - mi := &file_networking_v1beta1_workload_entry_proto_msgTypes[0] - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - ms.StoreMessageInfo(mi) - } + mi := &file_networking_v1alpha3_workload_entry_proto_msgTypes[0] + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + ms.StoreMessageInfo(mi) } func (x *WorkloadEntry) String() string { @@ -356,8 +283,8 @@ func (x *WorkloadEntry) String() string { func (*WorkloadEntry) ProtoMessage() {} func (x *WorkloadEntry) ProtoReflect() protoreflect.Message { - mi := &file_networking_v1beta1_workload_entry_proto_msgTypes[0] - if protoimpl.UnsafeEnabled && x != nil { + mi := &file_networking_v1alpha3_workload_entry_proto_msgTypes[0] + if x != nil { ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) if ms.LoadMessageInfo() == nil { ms.StoreMessageInfo(mi) @@ -369,7 +296,7 @@ func (x *WorkloadEntry) ProtoReflect() protoreflect.Message { // Deprecated: Use WorkloadEntry.ProtoReflect.Descriptor instead. func (*WorkloadEntry) Descriptor() ([]byte, []int) { - return file_networking_v1beta1_workload_entry_proto_rawDescGZIP(), []int{0} + return file_networking_v1alpha3_workload_entry_proto_rawDescGZIP(), []int{0} } func (x *WorkloadEntry) GetAddress() string { @@ -421,69 +348,67 @@ func (x *WorkloadEntry) GetServiceAccount() string { return "" } -var File_networking_v1beta1_workload_entry_proto protoreflect.FileDescriptor +var File_networking_v1alpha3_workload_entry_proto protoreflect.FileDescriptor -var file_networking_v1beta1_workload_entry_proto_rawDesc = []byte{ - 0x0a, 0x27, 0x6e, 0x65, 0x74, 0x77, 0x6f, 0x72, 0x6b, 0x69, 0x6e, 0x67, 0x2f, 0x76, 0x31, 0x62, - 0x65, 0x74, 0x61, 0x31, 0x2f, 0x77, 0x6f, 0x72, 0x6b, 0x6c, 0x6f, 0x61, 0x64, 0x5f, 0x65, 0x6e, - 0x74, 0x72, 0x79, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x12, 0x18, 0x69, 0x73, 0x74, 0x69, 0x6f, - 0x2e, 0x6e, 0x65, 0x74, 0x77, 0x6f, 0x72, 0x6b, 0x69, 0x6e, 0x67, 0x2e, 0x76, 0x31, 0x62, 0x65, - 0x74, 0x61, 0x31, 0x1a, 0x1f, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2f, 0x61, 0x70, 0x69, 0x2f, - 0x66, 0x69, 0x65, 0x6c, 0x64, 0x5f, 0x62, 0x65, 0x68, 0x61, 0x76, 0x69, 0x6f, 0x72, 0x2e, 0x70, - 0x72, 0x6f, 0x74, 0x6f, 0x22, 0xb2, 0x03, 0x0a, 0x0d, 0x57, 0x6f, 0x72, 0x6b, 0x6c, 0x6f, 0x61, - 0x64, 0x45, 0x6e, 0x74, 0x72, 0x79, 0x12, 0x1e, 0x0a, 0x07, 0x61, 0x64, 0x64, 0x72, 0x65, 0x73, - 0x73, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x42, 0x04, 0xe2, 0x41, 0x01, 0x02, 0x52, 0x07, 0x61, - 0x64, 0x64, 0x72, 0x65, 0x73, 0x73, 0x12, 0x48, 0x0a, 0x05, 0x70, 0x6f, 0x72, 0x74, 0x73, 0x18, - 0x02, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x32, 0x2e, 0x69, 0x73, 0x74, 0x69, 0x6f, 0x2e, 0x6e, 0x65, - 0x74, 0x77, 0x6f, 0x72, 0x6b, 0x69, 0x6e, 0x67, 0x2e, 0x76, 0x31, 0x62, 0x65, 0x74, 0x61, 0x31, - 0x2e, 0x57, 0x6f, 0x72, 0x6b, 0x6c, 0x6f, 0x61, 0x64, 0x45, 0x6e, 0x74, 0x72, 0x79, 0x2e, 0x50, - 0x6f, 0x72, 0x74, 0x73, 0x45, 0x6e, 0x74, 0x72, 0x79, 0x52, 0x05, 0x70, 0x6f, 0x72, 0x74, 0x73, - 0x12, 0x4b, 0x0a, 0x06, 0x6c, 0x61, 0x62, 0x65, 0x6c, 0x73, 0x18, 0x03, 0x20, 0x03, 0x28, 0x0b, +var file_networking_v1alpha3_workload_entry_proto_rawDesc = []byte{ + 0x0a, 0x28, 0x6e, 0x65, 0x74, 0x77, 0x6f, 0x72, 0x6b, 0x69, 0x6e, 0x67, 0x2f, 0x76, 0x31, 0x61, + 0x6c, 0x70, 0x68, 0x61, 0x33, 0x2f, 0x77, 0x6f, 0x72, 0x6b, 0x6c, 0x6f, 0x61, 0x64, 0x5f, 0x65, + 0x6e, 0x74, 0x72, 0x79, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x12, 0x19, 0x69, 0x73, 0x74, 0x69, + 0x6f, 0x2e, 0x6e, 0x65, 0x74, 0x77, 0x6f, 0x72, 0x6b, 0x69, 0x6e, 0x67, 0x2e, 0x76, 0x31, 0x61, + 0x6c, 0x70, 0x68, 0x61, 0x33, 0x22, 0xae, 0x03, 0x0a, 0x0d, 0x57, 0x6f, 0x72, 0x6b, 0x6c, 0x6f, + 0x61, 0x64, 0x45, 0x6e, 0x74, 0x72, 0x79, 0x12, 0x18, 0x0a, 0x07, 0x61, 0x64, 0x64, 0x72, 0x65, + 0x73, 0x73, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x07, 0x61, 0x64, 0x64, 0x72, 0x65, 0x73, + 0x73, 0x12, 0x49, 0x0a, 0x05, 0x70, 0x6f, 0x72, 0x74, 0x73, 0x18, 0x02, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x33, 0x2e, 0x69, 0x73, 0x74, 0x69, 0x6f, 0x2e, 0x6e, 0x65, 0x74, 0x77, 0x6f, 0x72, 0x6b, - 0x69, 0x6e, 0x67, 0x2e, 0x76, 0x31, 0x62, 0x65, 0x74, 0x61, 0x31, 0x2e, 0x57, 0x6f, 0x72, 0x6b, - 0x6c, 0x6f, 0x61, 0x64, 0x45, 0x6e, 0x74, 0x72, 0x79, 0x2e, 0x4c, 0x61, 0x62, 0x65, 0x6c, 0x73, - 0x45, 0x6e, 0x74, 0x72, 0x79, 0x52, 0x06, 0x6c, 0x61, 0x62, 0x65, 0x6c, 0x73, 0x12, 0x18, 0x0a, - 0x07, 0x6e, 0x65, 0x74, 0x77, 0x6f, 0x72, 0x6b, 0x18, 0x04, 0x20, 0x01, 0x28, 0x09, 0x52, 0x07, - 0x6e, 0x65, 0x74, 0x77, 0x6f, 0x72, 0x6b, 0x12, 0x1a, 0x0a, 0x08, 0x6c, 0x6f, 0x63, 0x61, 0x6c, - 0x69, 0x74, 0x79, 0x18, 0x05, 0x20, 0x01, 0x28, 0x09, 0x52, 0x08, 0x6c, 0x6f, 0x63, 0x61, 0x6c, - 0x69, 0x74, 0x79, 0x12, 0x16, 0x0a, 0x06, 0x77, 0x65, 0x69, 0x67, 0x68, 0x74, 0x18, 0x06, 0x20, - 0x01, 0x28, 0x0d, 0x52, 0x06, 0x77, 0x65, 0x69, 0x67, 0x68, 0x74, 0x12, 0x27, 0x0a, 0x0f, 0x73, - 0x65, 0x72, 0x76, 0x69, 0x63, 0x65, 0x5f, 0x61, 0x63, 0x63, 0x6f, 0x75, 0x6e, 0x74, 0x18, 0x07, - 0x20, 0x01, 0x28, 0x09, 0x52, 0x0e, 0x73, 0x65, 0x72, 0x76, 0x69, 0x63, 0x65, 0x41, 0x63, 0x63, - 0x6f, 0x75, 0x6e, 0x74, 0x1a, 0x38, 0x0a, 0x0a, 0x50, 0x6f, 0x72, 0x74, 0x73, 0x45, 0x6e, 0x74, - 0x72, 0x79, 0x12, 0x10, 0x0a, 0x03, 0x6b, 0x65, 0x79, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, - 0x03, 0x6b, 0x65, 0x79, 0x12, 0x14, 0x0a, 0x05, 0x76, 0x61, 0x6c, 0x75, 0x65, 0x18, 0x02, 0x20, - 0x01, 0x28, 0x0d, 0x52, 0x05, 0x76, 0x61, 0x6c, 0x75, 0x65, 0x3a, 0x02, 0x38, 0x01, 0x1a, 0x39, - 0x0a, 0x0b, 0x4c, 0x61, 0x62, 0x65, 0x6c, 0x73, 0x45, 0x6e, 0x74, 0x72, 0x79, 0x12, 0x10, 0x0a, - 0x03, 0x6b, 0x65, 0x79, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x03, 0x6b, 0x65, 0x79, 0x12, - 0x14, 0x0a, 0x05, 0x76, 0x61, 0x6c, 0x75, 0x65, 0x18, 0x02, 0x20, 0x01, 0x28, 0x09, 0x52, 0x05, - 0x76, 0x61, 0x6c, 0x75, 0x65, 0x3a, 0x02, 0x38, 0x01, 0x42, 0x21, 0x5a, 0x1f, 0x69, 0x73, 0x74, - 0x69, 0x6f, 0x2e, 0x69, 0x6f, 0x2f, 0x61, 0x70, 0x69, 0x2f, 0x6e, 0x65, 0x74, 0x77, 0x6f, 0x72, - 0x6b, 0x69, 0x6e, 0x67, 0x2f, 0x76, 0x31, 0x62, 0x65, 0x74, 0x61, 0x31, 0x62, 0x06, 0x70, 0x72, - 0x6f, 0x74, 0x6f, 0x33, + 0x69, 0x6e, 0x67, 0x2e, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x33, 0x2e, 0x57, 0x6f, 0x72, + 0x6b, 0x6c, 0x6f, 0x61, 0x64, 0x45, 0x6e, 0x74, 0x72, 0x79, 0x2e, 0x50, 0x6f, 0x72, 0x74, 0x73, + 0x45, 0x6e, 0x74, 0x72, 0x79, 0x52, 0x05, 0x70, 0x6f, 0x72, 0x74, 0x73, 0x12, 0x4c, 0x0a, 0x06, + 0x6c, 0x61, 0x62, 0x65, 0x6c, 0x73, 0x18, 0x03, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x34, 0x2e, 0x69, + 0x73, 0x74, 0x69, 0x6f, 0x2e, 0x6e, 0x65, 0x74, 0x77, 0x6f, 0x72, 0x6b, 0x69, 0x6e, 0x67, 0x2e, + 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x33, 0x2e, 0x57, 0x6f, 0x72, 0x6b, 0x6c, 0x6f, 0x61, + 0x64, 0x45, 0x6e, 0x74, 0x72, 0x79, 0x2e, 0x4c, 0x61, 0x62, 0x65, 0x6c, 0x73, 0x45, 0x6e, 0x74, + 0x72, 0x79, 0x52, 0x06, 0x6c, 0x61, 0x62, 0x65, 0x6c, 0x73, 0x12, 0x18, 0x0a, 0x07, 0x6e, 0x65, + 0x74, 0x77, 0x6f, 0x72, 0x6b, 0x18, 0x04, 0x20, 0x01, 0x28, 0x09, 0x52, 0x07, 0x6e, 0x65, 0x74, + 0x77, 0x6f, 0x72, 0x6b, 0x12, 0x1a, 0x0a, 0x08, 0x6c, 0x6f, 0x63, 0x61, 0x6c, 0x69, 0x74, 0x79, + 0x18, 0x05, 0x20, 0x01, 0x28, 0x09, 0x52, 0x08, 0x6c, 0x6f, 0x63, 0x61, 0x6c, 0x69, 0x74, 0x79, + 0x12, 0x16, 0x0a, 0x06, 0x77, 0x65, 0x69, 0x67, 0x68, 0x74, 0x18, 0x06, 0x20, 0x01, 0x28, 0x0d, + 0x52, 0x06, 0x77, 0x65, 0x69, 0x67, 0x68, 0x74, 0x12, 0x27, 0x0a, 0x0f, 0x73, 0x65, 0x72, 0x76, + 0x69, 0x63, 0x65, 0x5f, 0x61, 0x63, 0x63, 0x6f, 0x75, 0x6e, 0x74, 0x18, 0x07, 0x20, 0x01, 0x28, + 0x09, 0x52, 0x0e, 0x73, 0x65, 0x72, 0x76, 0x69, 0x63, 0x65, 0x41, 0x63, 0x63, 0x6f, 0x75, 0x6e, + 0x74, 0x1a, 0x38, 0x0a, 0x0a, 0x50, 0x6f, 0x72, 0x74, 0x73, 0x45, 0x6e, 0x74, 0x72, 0x79, 0x12, + 0x10, 0x0a, 0x03, 0x6b, 0x65, 0x79, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x03, 0x6b, 0x65, + 0x79, 0x12, 0x14, 0x0a, 0x05, 0x76, 0x61, 0x6c, 0x75, 0x65, 0x18, 0x02, 0x20, 0x01, 0x28, 0x0d, + 0x52, 0x05, 0x76, 0x61, 0x6c, 0x75, 0x65, 0x3a, 0x02, 0x38, 0x01, 0x1a, 0x39, 0x0a, 0x0b, 0x4c, + 0x61, 0x62, 0x65, 0x6c, 0x73, 0x45, 0x6e, 0x74, 0x72, 0x79, 0x12, 0x10, 0x0a, 0x03, 0x6b, 0x65, + 0x79, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x03, 0x6b, 0x65, 0x79, 0x12, 0x14, 0x0a, 0x05, + 0x76, 0x61, 0x6c, 0x75, 0x65, 0x18, 0x02, 0x20, 0x01, 0x28, 0x09, 0x52, 0x05, 0x76, 0x61, 0x6c, + 0x75, 0x65, 0x3a, 0x02, 0x38, 0x01, 0x42, 0x22, 0x5a, 0x20, 0x69, 0x73, 0x74, 0x69, 0x6f, 0x2e, + 0x69, 0x6f, 0x2f, 0x61, 0x70, 0x69, 0x2f, 0x6e, 0x65, 0x74, 0x77, 0x6f, 0x72, 0x6b, 0x69, 0x6e, + 0x67, 0x2f, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x33, 0x62, 0x06, 0x70, 0x72, 0x6f, 0x74, + 0x6f, 0x33, } var ( - file_networking_v1beta1_workload_entry_proto_rawDescOnce sync.Once - file_networking_v1beta1_workload_entry_proto_rawDescData = file_networking_v1beta1_workload_entry_proto_rawDesc + file_networking_v1alpha3_workload_entry_proto_rawDescOnce sync.Once + file_networking_v1alpha3_workload_entry_proto_rawDescData = file_networking_v1alpha3_workload_entry_proto_rawDesc ) -func file_networking_v1beta1_workload_entry_proto_rawDescGZIP() []byte { - file_networking_v1beta1_workload_entry_proto_rawDescOnce.Do(func() { - file_networking_v1beta1_workload_entry_proto_rawDescData = protoimpl.X.CompressGZIP(file_networking_v1beta1_workload_entry_proto_rawDescData) +func file_networking_v1alpha3_workload_entry_proto_rawDescGZIP() []byte { + file_networking_v1alpha3_workload_entry_proto_rawDescOnce.Do(func() { + file_networking_v1alpha3_workload_entry_proto_rawDescData = protoimpl.X.CompressGZIP(file_networking_v1alpha3_workload_entry_proto_rawDescData) }) - return file_networking_v1beta1_workload_entry_proto_rawDescData + return file_networking_v1alpha3_workload_entry_proto_rawDescData } -var file_networking_v1beta1_workload_entry_proto_msgTypes = make([]protoimpl.MessageInfo, 3) -var file_networking_v1beta1_workload_entry_proto_goTypes = []interface{}{ - (*WorkloadEntry)(nil), // 0: istio.networking.v1beta1.WorkloadEntry - nil, // 1: istio.networking.v1beta1.WorkloadEntry.PortsEntry - nil, // 2: istio.networking.v1beta1.WorkloadEntry.LabelsEntry +var file_networking_v1alpha3_workload_entry_proto_msgTypes = make([]protoimpl.MessageInfo, 3) +var file_networking_v1alpha3_workload_entry_proto_goTypes = []any{ + (*WorkloadEntry)(nil), // 0: istio.networking.v1alpha3.WorkloadEntry + nil, // 1: istio.networking.v1alpha3.WorkloadEntry.PortsEntry + nil, // 2: istio.networking.v1alpha3.WorkloadEntry.LabelsEntry } -var file_networking_v1beta1_workload_entry_proto_depIdxs = []int32{ - 1, // 0: istio.networking.v1beta1.WorkloadEntry.ports:type_name -> istio.networking.v1beta1.WorkloadEntry.PortsEntry - 2, // 1: istio.networking.v1beta1.WorkloadEntry.labels:type_name -> istio.networking.v1beta1.WorkloadEntry.LabelsEntry +var file_networking_v1alpha3_workload_entry_proto_depIdxs = []int32{ + 1, // 0: istio.networking.v1alpha3.WorkloadEntry.ports:type_name -> istio.networking.v1alpha3.WorkloadEntry.PortsEntry + 2, // 1: istio.networking.v1alpha3.WorkloadEntry.labels:type_name -> istio.networking.v1alpha3.WorkloadEntry.LabelsEntry 2, // [2:2] is the sub-list for method output_type 2, // [2:2] is the sub-list for method input_type 2, // [2:2] is the sub-list for extension type_name @@ -491,41 +416,27 @@ var file_networking_v1beta1_workload_entry_proto_depIdxs = []int32{ 0, // [0:2] is the sub-list for field type_name } -func init() { file_networking_v1beta1_workload_entry_proto_init() } -func file_networking_v1beta1_workload_entry_proto_init() { - if File_networking_v1beta1_workload_entry_proto != nil { +func init() { file_networking_v1alpha3_workload_entry_proto_init() } +func file_networking_v1alpha3_workload_entry_proto_init() { + if File_networking_v1alpha3_workload_entry_proto != nil { return } - if !protoimpl.UnsafeEnabled { - file_networking_v1beta1_workload_entry_proto_msgTypes[0].Exporter = func(v interface{}, i int) interface{} { - switch v := v.(*WorkloadEntry); i { - case 0: - return &v.state - case 1: - return &v.sizeCache - case 2: - return &v.unknownFields - default: - return nil - } - } - } type x struct{} out := protoimpl.TypeBuilder{ File: protoimpl.DescBuilder{ GoPackagePath: reflect.TypeOf(x{}).PkgPath(), - RawDescriptor: file_networking_v1beta1_workload_entry_proto_rawDesc, + RawDescriptor: file_networking_v1alpha3_workload_entry_proto_rawDesc, NumEnums: 0, NumMessages: 3, NumExtensions: 0, NumServices: 0, }, - GoTypes: file_networking_v1beta1_workload_entry_proto_goTypes, - DependencyIndexes: file_networking_v1beta1_workload_entry_proto_depIdxs, - MessageInfos: file_networking_v1beta1_workload_entry_proto_msgTypes, + GoTypes: file_networking_v1alpha3_workload_entry_proto_goTypes, + DependencyIndexes: file_networking_v1alpha3_workload_entry_proto_depIdxs, + MessageInfos: file_networking_v1alpha3_workload_entry_proto_msgTypes, }.Build() - File_networking_v1beta1_workload_entry_proto = out.File - file_networking_v1beta1_workload_entry_proto_rawDesc = nil - file_networking_v1beta1_workload_entry_proto_goTypes = nil - file_networking_v1beta1_workload_entry_proto_depIdxs = nil + File_networking_v1alpha3_workload_entry_proto = out.File + file_networking_v1alpha3_workload_entry_proto_rawDesc = nil + file_networking_v1alpha3_workload_entry_proto_goTypes = nil + file_networking_v1alpha3_workload_entry_proto_depIdxs = nil } diff --git a/vendor/istio.io/api/networking/v1alpha3/workload_entry.pb.html b/vendor/istio.io/api/networking/v1alpha3/workload_entry.pb.html new file mode 100644 index 000000000..da55192ee --- /dev/null +++ b/vendor/istio.io/api/networking/v1alpha3/workload_entry.pb.html @@ -0,0 +1,240 @@ +--- +title: Workload Entry +description: Configuration affecting VMs onboarded into the mesh. +location: https://istio.io/docs/reference/config/networking/workload-entry.html +layout: protoc-gen-docs +generator: protoc-gen-docs +schema: istio.networking.v1alpha3.WorkloadEntry +aliases: [/docs/reference/config/networking/v1alpha3/workload-entry] +number_of_entries: 1 +--- +

WorkloadEntry enables operators to describe the properties of a +single non-Kubernetes workload such as a VM or a bare metal server +as it is onboarded into the mesh. A WorkloadEntry must be +accompanied by an Istio ServiceEntry that selects the workload +through the appropriate labels and provides the service definition +for a MESH_INTERNAL service (hostnames, port properties, etc.). A +ServiceEntry object can select multiple workload entries as well +as Kubernetes pods based on the label selector specified in the +service entry.

+

When a workload connects to istiod, the status field in the +custom resource will be updated to indicate the health of the +workload along with other details, similar to how Kubernetes +updates the status of a pod.

+

The following example declares a workload entry representing a VM +for the details.bookinfo.com service. This VM has sidecar +installed and bootstrapped using the details-legacy service +account. The service is exposed on port 80 to applications in the +mesh. The HTTP traffic to this service is wrapped in Istio mutual +TLS and sent to sidecars on VMs on target port 8080, that in turn +forward it to the application on localhost on the same port.

+
apiVersion: networking.istio.io/v1
+kind: WorkloadEntry
+metadata:
+  name: details-svc
+spec:
+  # use of the service account indicates that the workload has a
+  # sidecar proxy bootstrapped with this service account. Pods with
+  # sidecars will automatically communicate with the workload using
+  # istio mutual TLS.
+  serviceAccount: details-legacy
+  address: 2.2.2.2
+  labels:
+    app: details-legacy
+    instance-id: vm1
+
+

and the associated service entry

+
apiVersion: networking.istio.io/v1
+kind: ServiceEntry
+metadata:
+  name: details-svc
+spec:
+  hosts:
+  - details.bookinfo.com
+  location: MESH_INTERNAL
+  ports:
+  - number: 80
+    name: http
+    protocol: HTTP
+    targetPort: 8080
+  resolution: STATIC
+  workloadSelector:
+    labels:
+      app: details-legacy
+
+

The following example declares the same VM workload using +its fully qualified DNS name. The service entry’s resolution +mode should be changed to DNS to indicate that the client-side +sidecars should dynamically resolve the DNS name at runtime before +forwarding the request.

+
apiVersion: networking.istio.io/v1
+kind: WorkloadEntry
+metadata:
+  name: details-svc
+spec:
+  # use of the service account indicates that the workload has a
+  # sidecar proxy bootstrapped with this service account. Pods with
+  # sidecars will automatically communicate with the workload using
+  # istio mutual TLS.
+  serviceAccount: details-legacy
+  address: vm1.vpc01.corp.net
+  labels:
+    app: details-legacy
+    instance-id: vm1
+
+

and the associated service entry

+
apiVersion: networking.istio.io/v1
+kind: ServiceEntry
+metadata:
+  name: details-svc
+spec:
+  hosts:
+  - details.bookinfo.com
+  location: MESH_INTERNAL
+  ports:
+  - number: 80
+    name: http
+    protocol: HTTP
+    targetPort: 8080
+  resolution: DNS
+  workloadSelector:
+    labels:
+      app: details-legacy
+
+

The following example declares a VM workload without an address. +An alternative to having istiod read from remote API servers is +to write a WorkloadEntry in the local cluster that represents +the Workload(s) in the remote network with the given labels. A +single WorkloadEntry with weights represent the aggregate of all +the actual workloads in a given remote network.

+
apiVersion: networking.istio.io/v1
+kind: WorkloadEntry
+metadata:
+  name: foo-workloads-cluster-2
+spec:
+  serviceAccount: foo
+  network: cluster-2-network
+  labels:
+    app: foo
+
+ +

WorkloadEntry

+
+

WorkloadEntry enables specifying the properties of a single non-Kubernetes workload such a VM or a bare metal services that can be referred to by service entries.

+ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
FieldDescription
address
+
string
+
 +

Address associated with the network endpoint without the +port. Domain names can be used if and only if the resolution is set +to DNS, and must be fully-qualified without wildcards. Use the form +unix:///absolute/path/to/socket for Unix domain socket endpoints. +If address is empty, network must be specified.

+ +
ports
+
map<string, uint32>
+
 +

Set of ports associated with the endpoint. If the port map is +specified, it must be a map of servicePortName to this endpoint’s +port, such that traffic to the service port will be forwarded to +the endpoint port that maps to the service’s portName. If +omitted, and the targetPort is specified as part of the service’s +port specification, traffic to the service port will be forwarded +to one of the endpoints on the specified targetPort. If both +the targetPort and endpoint’s port map are not specified, traffic +to a service port will be forwarded to one of the endpoints on +the same port.

+

NOTE 1: Do not use for unix:// addresses.

+

NOTE 2: endpoint port map takes precedence over targetPort.

+ +
labels
+
map<string, string>
+
 +

One or more labels associated with the endpoint.

+ +
network
+
string
+
 +

Network enables Istio to group endpoints resident in the same L3 +domain/network. All endpoints in the same network are assumed to be +directly reachable from one another. When endpoints in different +networks cannot reach each other directly, an Istio Gateway can be +used to establish connectivity (usually using the +AUTO_PASSTHROUGH mode in a Gateway Server). This is +an advanced configuration used typically for spanning an Istio mesh +over multiple clusters. Required if address is not provided.

+ +
locality
+
string
+
 +

The locality associated with the endpoint. A locality corresponds +to a failure domain (e.g., country/region/zone). Arbitrary failure +domain hierarchies can be represented by separating each +encapsulating failure domain by /. For example, the locality of an +an endpoint in US, in US-East-1 region, within availability zone +az-1, in data center rack r11 can be represented as +us/us-east-1/az-1/r11. Istio will configure the sidecar to route to +endpoints within the same locality as the sidecar. If none of the +endpoints in the locality are available, endpoints parent locality +(but within the same network ID) will be chosen. For example, if +there are two endpoints in same network (networkID “n1”), say e1 +with locality us/us-east-1/az-1/r11 and e2 with locality +us/us-east-1/az-2/r12, a sidecar from us/us-east-1/az-1/r11 locality +will prefer e1 from the same locality over e2 from a different +locality. Endpoint e2 could be the IP associated with a gateway +(that bridges networks n1 and n2), or the IP associated with a +standard service endpoint.

+ +
weight
+
uint32
+
 +

The load balancing weight associated with the endpoint. Endpoints +with higher weights will receive proportionally higher traffic.

+ +
serviceAccount
+
string
+
 +

The service account associated with the workload if a sidecar +is present in the workload. The service account must be present +in the same namespace as the configuration ( WorkloadEntry or a +ServiceEntry)

+ +
+
diff --git a/vendor/istio.io/api/networking/v1beta1/workload_entry.proto b/vendor/istio.io/api/networking/v1alpha3/workload_entry.proto similarity index 73% rename from vendor/istio.io/api/networking/v1beta1/workload_entry.proto rename to vendor/istio.io/api/networking/v1alpha3/workload_entry.proto index f3b081083..fe8df9aff 100644 --- a/vendor/istio.io/api/networking/v1beta1/workload_entry.proto +++ b/vendor/istio.io/api/networking/v1alpha3/workload_entry.proto @@ -14,14 +14,11 @@ syntax = "proto3"; -import "google/api/field_behavior.proto"; - -// $schema: istio.networking.v1beta1.WorkloadEntry +// $schema: istio.networking.v1alpha3.WorkloadEntry // $title: Workload Entry // $description: Configuration affecting VMs onboarded into the mesh. // $location: https://istio.io/docs/reference/config/networking/workload-entry.html -// $aliases: [/docs/reference/config/networking/v1beta1/workload-entry] -// $mode: none +// $aliases: [/docs/reference/config/networking/v1alpha3/workload-entry] // `WorkloadEntry` enables operators to describe the properties of a // single non-Kubernetes workload such as a VM or a bare metal server @@ -46,29 +43,8 @@ import "google/api/field_behavior.proto"; // TLS and sent to sidecars on VMs on target port 8080, that in turn // forward it to the application on localhost on the same port. // -// {{}} -// {{}} -// ```yaml -// apiVersion: networking.istio.io/v1alpha3 -// kind: WorkloadEntry -// metadata: -// name: details-svc -// spec: -// # use of the service account indicates that the workload has a -// # sidecar proxy bootstrapped with this service account. Pods with -// # sidecars will automatically communicate with the workload using -// # istio mutual TLS. -// serviceAccount: details-legacy -// address: 2.2.2.2 -// labels: -// app: details-legacy -// instance-id: vm1 -// ``` -// {{}} -// -// {{}} // ```yaml -// apiVersion: networking.istio.io/v1beta1 +// apiVersion: networking.istio.io/v1 // kind: WorkloadEntry // metadata: // name: details-svc @@ -83,37 +59,11 @@ import "google/api/field_behavior.proto"; // app: details-legacy // instance-id: vm1 // ``` -// {{}} -// {{}} // // and the associated service entry // -// {{}} -// {{}} -// ```yaml -// apiVersion: networking.istio.io/v1alpha3 -// kind: ServiceEntry -// metadata: -// name: details-svc -// spec: -// hosts: -// - details.bookinfo.com -// location: MESH_INTERNAL -// ports: -// - number: 80 -// name: http -// protocol: HTTP -// targetPort: 8080 -// resolution: STATIC -// workloadSelector: -// labels: -// app: details-legacy -// ``` -// {{}} -// -// {{}} // ```yaml -// apiVersion: networking.istio.io/v1beta1 +// apiVersion: networking.istio.io/v1 // kind: ServiceEntry // metadata: // name: details-svc @@ -131,8 +81,6 @@ import "google/api/field_behavior.proto"; // labels: // app: details-legacy // ``` -// {{}} -// {{}} // // // The following example declares the same VM workload using @@ -141,10 +89,8 @@ import "google/api/field_behavior.proto"; // sidecars should dynamically resolve the DNS name at runtime before // forwarding the request. // -// {{}} -// {{}} // ```yaml -// apiVersion: networking.istio.io/v1alpha3 +// apiVersion: networking.istio.io/v1 // kind: WorkloadEntry // metadata: // name: details-svc @@ -159,34 +105,11 @@ import "google/api/field_behavior.proto"; // app: details-legacy // instance-id: vm1 // ``` -// {{}} -// -// {{}} -// ```yaml -// apiVersion: networking.istio.io/v1beta1 -// kind: WorkloadEntry -// metadata: -// name: details-svc -// spec: -// # use of the service account indicates that the workload has a -// # sidecar proxy bootstrapped with this service account. Pods with -// # sidecars will automatically communicate with the workload using -// # istio mutual TLS. -// serviceAccount: details-legacy -// address: vm1.vpc01.corp.net -// labels: -// app: details-legacy -// instance-id: vm1 -// ``` -// {{}} -// {{}} // // and the associated service entry // -// {{}} -// {{}} // ```yaml -// apiVersion: networking.istio.io/v1alpha3 +// apiVersion: networking.istio.io/v1 // kind: ServiceEntry // metadata: // name: details-svc @@ -204,40 +127,34 @@ import "google/api/field_behavior.proto"; // labels: // app: details-legacy // ``` -// {{}} // -// {{}} +// The following example declares a VM workload without an address. +// An alternative to having istiod read from remote API servers is +// to write a `WorkloadEntry` in the local cluster that represents +// the Workload(s) in the remote network with the given labels. A +// single `WorkloadEntry` with weights represent the aggregate of all +// the actual workloads in a given remote network. +// // ```yaml -// apiVersion: networking.istio.io/v1beta1 -// kind: ServiceEntry +// apiVersion: networking.istio.io/v1 +// kind: WorkloadEntry // metadata: -// name: details-svc +// name: foo-workloads-cluster-2 // spec: -// hosts: -// - details.bookinfo.com -// location: MESH_INTERNAL -// ports: -// - number: 80 -// name: http -// protocol: HTTP -// targetPort: 8080 -// resolution: DNS -// workloadSelector: -// labels: -// app: details-legacy +// serviceAccount: foo +// network: cluster-2-network +// labels: +// app: foo // ``` -// {{}} -// {{}} -// -package istio.networking.v1beta1; +package istio.networking.v1alpha3; -option go_package = "istio.io/api/networking/v1beta1"; +option go_package = "istio.io/api/networking/v1alpha3"; // WorkloadEntry enables specifying the properties of a single non-Kubernetes workload such a VM or a bare metal services that can be referred to by service entries. // // // // -// +// +kubebuilder:validation:XValidation:message="Address is required",rule="has(self.address) || has(self.network)" +// +kubebuilder:validation:XValidation:message="UDS may not include ports",rule="(has(self.address) && self.address.startsWith('unix://')) ? !has(self.ports) : true" message WorkloadEntry { // Address associated with the network endpoint without the // port. Domain names can be used if and only if the resolution is set // to DNS, and must be fully-qualified without wildcards. Use the form // unix:///absolute/path/to/socket for Unix domain socket endpoints. - string address = 1 [(google.api.field_behavior) = REQUIRED]; + // If address is empty, network must be specified. + // +kubebuilder:validation:XValidation:message="UDS must be an absolute path or abstract socket",rule="self.startsWith('unix://') ? (self.substring(7,8) == '/' || self.substring(7,8) == '@') : true" + // +kubebuilder:validation:XValidation:message="UDS may not be a dir",rule="self.startsWith('unix://') ? !self.endsWith('/') : true" + // +kubebuilder:validation:MaxLength=256 + string address = 1; // Set of ports associated with the endpoint. If the port map is // specified, it must be a map of servicePortName to this endpoint's @@ -281,9 +202,13 @@ message WorkloadEntry { // **NOTE 1:** Do not use for `unix://` addresses. // // **NOTE 2:** endpoint port map takes precedence over targetPort. + // +protoc-gen-crd:map-value-validation:XValidation:message="port must be between 1-65535",rule="0 < self && self <= 65535" + // +kubebuilder:validation:MaxProperties=128 + // +kubebuilder:validation:XValidation:message="port name must be valid",rule="self.all(key, size(key) < 63 && key.matches('^[a-zA-Z0-9](?:[-a-zA-Z0-9]*[a-zA-Z0-9])?$'))" map ports = 2; // One or more labels associated with the endpoint. + // +kubebuilder:validation:MaxProperties=256 map labels = 3; // Network enables Istio to group endpoints resident in the same L3 @@ -293,7 +218,8 @@ message WorkloadEntry { // used to establish connectivity (usually using the // `AUTO_PASSTHROUGH` mode in a Gateway Server). This is // an advanced configuration used typically for spanning an Istio mesh - // over multiple clusters. + // over multiple clusters. Required if address is not provided. + // +kubebuilder:validation:MaxLength=2048 string network = 4; // The locality associated with the endpoint. A locality corresponds @@ -313,6 +239,7 @@ message WorkloadEntry { // locality. Endpoint e2 could be the IP associated with a gateway // (that bridges networks n1 and n2), or the IP associated with a // standard service endpoint. + // +kubebuilder:validation:MaxLength=2048 string locality = 5; // The load balancing weight associated with the endpoint. Endpoints @@ -323,5 +250,7 @@ message WorkloadEntry { // is present in the workload. The service account must be present // in the same namespace as the configuration ( WorkloadEntry or a // ServiceEntry) + // +kubebuilder:validation:MaxLength=253 string service_account = 7; }; + diff --git a/vendor/istio.io/api/networking/v1beta1/workload_entry_deepcopy.gen.go b/vendor/istio.io/api/networking/v1alpha3/workload_entry_deepcopy.gen.go similarity index 92% rename from vendor/istio.io/api/networking/v1beta1/workload_entry_deepcopy.gen.go rename to vendor/istio.io/api/networking/v1alpha3/workload_entry_deepcopy.gen.go index 7d3d000e5..280cae617 100644 --- a/vendor/istio.io/api/networking/v1beta1/workload_entry_deepcopy.gen.go +++ b/vendor/istio.io/api/networking/v1alpha3/workload_entry_deepcopy.gen.go @@ -1,8 +1,8 @@ // Code generated by protoc-gen-deepcopy. DO NOT EDIT. -package v1beta1 +package v1alpha3 import ( - proto "github.com/golang/protobuf/proto" + proto "google.golang.org/protobuf/proto" ) // DeepCopyInto supports using WorkloadEntry within kubernetes types, where deepcopy-gen is used. diff --git a/vendor/istio.io/api/networking/v1beta1/workload_entry_json.gen.go b/vendor/istio.io/api/networking/v1alpha3/workload_entry_json.gen.go similarity index 97% rename from vendor/istio.io/api/networking/v1beta1/workload_entry_json.gen.go rename to vendor/istio.io/api/networking/v1alpha3/workload_entry_json.gen.go index 5a3d64f7f..2f2c23632 100644 --- a/vendor/istio.io/api/networking/v1beta1/workload_entry_json.gen.go +++ b/vendor/istio.io/api/networking/v1alpha3/workload_entry_json.gen.go @@ -1,5 +1,5 @@ // Code generated by protoc-gen-jsonshim. DO NOT EDIT. -package v1beta1 +package v1alpha3 import ( bytes "bytes" diff --git a/vendor/istio.io/api/networking/v1alpha3/workload_group.pb.go b/vendor/istio.io/api/networking/v1alpha3/workload_group.pb.go new file mode 100644 index 000000000..f295ff278 --- /dev/null +++ b/vendor/istio.io/api/networking/v1alpha3/workload_group.pb.go @@ -0,0 +1,909 @@ +// Copyright 2020 Istio Authors +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. + +// Code generated by protoc-gen-go. DO NOT EDIT. +// versions: +// protoc-gen-go v1.35.2 +// protoc (unknown) +// source: networking/v1alpha3/workload_group.proto + +// $schema: istio.networking.v1alpha3.WorkloadGroup +// $title: Workload Group +// $description: Describes a collection of workload instances. +// $location: https://istio.io/docs/reference/config/networking/workload-group.html +// $aliases: [/docs/reference/config/networking/v1alpha3/workload-group] + +// `WorkloadGroup` describes a collection of workload instances. +// It provides a specification that the workload instances can use to bootstrap +// their proxies, including the metadata and identity. It is only intended to +// be used with non-k8s workloads like Virtual Machines, and is meant to mimic +// the existing sidecar injection and deployment specification model used for +// Kubernetes workloads to bootstrap Istio proxies. +// +// The following example declares a workload group representing a collection +// of workloads that will be registered under `reviews` in namespace +// `bookinfo`. The set of labels will be associated with each workload +// instance during the bootstrap process, and the ports 3550 and 8080 +// will be associated with the workload group and use service account `default`. +// `app.kubernetes.io/version` is just an arbitrary example of a label. +// +// ```yaml +// apiVersion: networking.istio.io/v1 +// kind: WorkloadGroup +// metadata: +// name: reviews +// namespace: bookinfo +// spec: +// metadata: +// labels: +// app.kubernetes.io/name: reviews +// app.kubernetes.io/version: "1.3.4" +// template: +// ports: +// grpc: 3550 +// http: 8080 +// serviceAccount: default +// probe: +// initialDelaySeconds: 5 +// timeoutSeconds: 3 +// periodSeconds: 4 +// successThreshold: 3 +// failureThreshold: 3 +// httpGet: +// path: /foo/bar +// host: 127.0.0.1 +// port: 3100 +// scheme: HTTPS +// httpHeaders: +// - name: Lit-Header +// value: Im-The-Best +// ``` +// + +package v1alpha3 + +import ( + _ "google.golang.org/genproto/googleapis/api/annotations" + protoreflect "google.golang.org/protobuf/reflect/protoreflect" + protoimpl "google.golang.org/protobuf/runtime/protoimpl" + reflect "reflect" + sync "sync" +) + +const ( + // Verify that this generated code is sufficiently up-to-date. + _ = protoimpl.EnforceVersion(20 - protoimpl.MinVersion) + // Verify that runtime/protoimpl is sufficiently up-to-date. + _ = protoimpl.EnforceVersion(protoimpl.MaxVersion - 20) +) + +// `WorkloadGroup` enables specifying the properties of a single workload for bootstrap and +// provides a template for `WorkloadEntry`, similar to how `Deployment` specifies properties +// of workloads via `Pod` templates. A `WorkloadGroup` can have more than one `WorkloadEntry`. +// `WorkloadGroup` has no relationship to resources which control service registry like `ServiceEntry` +// and as such doesn't configure host name for these workloads. +// +// +// +// +type WorkloadGroup struct { + state protoimpl.MessageState + sizeCache protoimpl.SizeCache + unknownFields protoimpl.UnknownFields + + // Metadata that will be used for all corresponding `WorkloadEntries`. + // User labels for a workload group should be set here in `metadata` rather than in `template`. + Metadata *WorkloadGroup_ObjectMeta `protobuf:"bytes,1,opt,name=metadata,proto3" json:"metadata,omitempty"` + // Template to be used for the generation of `WorkloadEntry` resources that belong to this `WorkloadGroup`. + // Please note that `address` and `labels` fields should not be set in the template, and an empty `serviceAccount` + // should default to `default`. The workload identities (mTLS certificates) will be bootstrapped using the + // specified service account's token. Workload entries in this group will be in the same namespace as the + // workload group, and inherit the labels and annotations from the above `metadata` field. + // +protoc-gen-crd:validation:IgnoreSubValidation:["Address is required"] + Template *WorkloadEntry `protobuf:"bytes,2,opt,name=template,proto3" json:"template,omitempty"` + // `ReadinessProbe` describes the configuration the user must provide for healthchecking on their workload. + // This configuration mirrors K8S in both syntax and logic for the most part. + Probe *ReadinessProbe `protobuf:"bytes,3,opt,name=probe,proto3" json:"probe,omitempty"` +} + +func (x *WorkloadGroup) Reset() { + *x = WorkloadGroup{} + mi := &file_networking_v1alpha3_workload_group_proto_msgTypes[0] + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + ms.StoreMessageInfo(mi) +} + +func (x *WorkloadGroup) String() string { + return protoimpl.X.MessageStringOf(x) +} + +func (*WorkloadGroup) ProtoMessage() {} + +func (x *WorkloadGroup) ProtoReflect() protoreflect.Message { + mi := &file_networking_v1alpha3_workload_group_proto_msgTypes[0] + if x != nil { + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + if ms.LoadMessageInfo() == nil { + ms.StoreMessageInfo(mi) + } + return ms + } + return mi.MessageOf(x) +} + +// Deprecated: Use WorkloadGroup.ProtoReflect.Descriptor instead. +func (*WorkloadGroup) Descriptor() ([]byte, []int) { + return file_networking_v1alpha3_workload_group_proto_rawDescGZIP(), []int{0} +} + +func (x *WorkloadGroup) GetMetadata() *WorkloadGroup_ObjectMeta { + if x != nil { + return x.Metadata + } + return nil +} + +func (x *WorkloadGroup) GetTemplate() *WorkloadEntry { + if x != nil { + return x.Template + } + return nil +} + +func (x *WorkloadGroup) GetProbe() *ReadinessProbe { + if x != nil { + return x.Probe + } + return nil +} + +type ReadinessProbe struct { + state protoimpl.MessageState + sizeCache protoimpl.SizeCache + unknownFields protoimpl.UnknownFields + + // Number of seconds after the container has started before readiness probes are initiated. + // +kubebuilder:validation:Minimum=0 + InitialDelaySeconds int32 `protobuf:"varint,2,opt,name=initial_delay_seconds,json=initialDelaySeconds,proto3" json:"initial_delay_seconds,omitempty"` + // Number of seconds after which the probe times out. + // Defaults to 1 second. Minimum value is 1 second. + // +kubebuilder:validation:Minimum=0 + TimeoutSeconds int32 `protobuf:"varint,3,opt,name=timeout_seconds,json=timeoutSeconds,proto3" json:"timeout_seconds,omitempty"` + // How often (in seconds) to perform the probe. + // Default to 10 seconds. Minimum value is 1 second. + // +kubebuilder:validation:Minimum=0 + PeriodSeconds int32 `protobuf:"varint,4,opt,name=period_seconds,json=periodSeconds,proto3" json:"period_seconds,omitempty"` + // Minimum consecutive successes for the probe to be considered successful after having failed. + // Defaults to 1 second. + // +kubebuilder:validation:Minimum=0 + SuccessThreshold int32 `protobuf:"varint,5,opt,name=success_threshold,json=successThreshold,proto3" json:"success_threshold,omitempty"` + // Minimum consecutive failures for the probe to be considered failed after having succeeded. + // Defaults to 3 seconds. + // +kubebuilder:validation:Minimum=0 + FailureThreshold int32 `protobuf:"varint,6,opt,name=failure_threshold,json=failureThreshold,proto3" json:"failure_threshold,omitempty"` + // Users can only provide one configuration for healthchecks (tcp, http, exec), + // and this is expressed as a oneof. All of the other configuration values + // hold true for any of the healthcheck methods. + // + // Types that are assignable to HealthCheckMethod: + // + // *ReadinessProbe_HttpGet + // *ReadinessProbe_TcpSocket + // *ReadinessProbe_Exec + // *ReadinessProbe_Grpc + HealthCheckMethod isReadinessProbe_HealthCheckMethod `protobuf_oneof:"health_check_method"` +} + +func (x *ReadinessProbe) Reset() { + *x = ReadinessProbe{} + mi := &file_networking_v1alpha3_workload_group_proto_msgTypes[1] + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + ms.StoreMessageInfo(mi) +} + +func (x *ReadinessProbe) String() string { + return protoimpl.X.MessageStringOf(x) +} + +func (*ReadinessProbe) ProtoMessage() {} + +func (x *ReadinessProbe) ProtoReflect() protoreflect.Message { + mi := &file_networking_v1alpha3_workload_group_proto_msgTypes[1] + if x != nil { + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + if ms.LoadMessageInfo() == nil { + ms.StoreMessageInfo(mi) + } + return ms + } + return mi.MessageOf(x) +} + +// Deprecated: Use ReadinessProbe.ProtoReflect.Descriptor instead. +func (*ReadinessProbe) Descriptor() ([]byte, []int) { + return file_networking_v1alpha3_workload_group_proto_rawDescGZIP(), []int{1} +} + +func (x *ReadinessProbe) GetInitialDelaySeconds() int32 { + if x != nil { + return x.InitialDelaySeconds + } + return 0 +} + +func (x *ReadinessProbe) GetTimeoutSeconds() int32 { + if x != nil { + return x.TimeoutSeconds + } + return 0 +} + +func (x *ReadinessProbe) GetPeriodSeconds() int32 { + if x != nil { + return x.PeriodSeconds + } + return 0 +} + +func (x *ReadinessProbe) GetSuccessThreshold() int32 { + if x != nil { + return x.SuccessThreshold + } + return 0 +} + +func (x *ReadinessProbe) GetFailureThreshold() int32 { + if x != nil { + return x.FailureThreshold + } + return 0 +} + +func (m *ReadinessProbe) GetHealthCheckMethod() isReadinessProbe_HealthCheckMethod { + if m != nil { + return m.HealthCheckMethod + } + return nil +} + +func (x *ReadinessProbe) GetHttpGet() *HTTPHealthCheckConfig { + if x, ok := x.GetHealthCheckMethod().(*ReadinessProbe_HttpGet); ok { + return x.HttpGet + } + return nil +} + +func (x *ReadinessProbe) GetTcpSocket() *TCPHealthCheckConfig { + if x, ok := x.GetHealthCheckMethod().(*ReadinessProbe_TcpSocket); ok { + return x.TcpSocket + } + return nil +} + +func (x *ReadinessProbe) GetExec() *ExecHealthCheckConfig { + if x, ok := x.GetHealthCheckMethod().(*ReadinessProbe_Exec); ok { + return x.Exec + } + return nil +} + +func (x *ReadinessProbe) GetGrpc() *GrpcHealthCheckConfig { + if x, ok := x.GetHealthCheckMethod().(*ReadinessProbe_Grpc); ok { + return x.Grpc + } + return nil +} + +type isReadinessProbe_HealthCheckMethod interface { + isReadinessProbe_HealthCheckMethod() +} + +type ReadinessProbe_HttpGet struct { + // `httpGet` is performed to a given endpoint + // and the status/able to connect determines health. + HttpGet *HTTPHealthCheckConfig `protobuf:"bytes,7,opt,name=http_get,json=httpGet,proto3,oneof"` +} + +type ReadinessProbe_TcpSocket struct { + // Health is determined by if the proxy is able to connect. + TcpSocket *TCPHealthCheckConfig `protobuf:"bytes,8,opt,name=tcp_socket,json=tcpSocket,proto3,oneof"` +} + +type ReadinessProbe_Exec struct { + // Health is determined by how the command that is executed exited. + Exec *ExecHealthCheckConfig `protobuf:"bytes,9,opt,name=exec,proto3,oneof"` +} + +type ReadinessProbe_Grpc struct { + // GRPC call is made and response/error is used to determine health. + Grpc *GrpcHealthCheckConfig `protobuf:"bytes,10,opt,name=grpc,proto3,oneof"` +} + +func (*ReadinessProbe_HttpGet) isReadinessProbe_HealthCheckMethod() {} + +func (*ReadinessProbe_TcpSocket) isReadinessProbe_HealthCheckMethod() {} + +func (*ReadinessProbe_Exec) isReadinessProbe_HealthCheckMethod() {} + +func (*ReadinessProbe_Grpc) isReadinessProbe_HealthCheckMethod() {} + +type HTTPHealthCheckConfig struct { + state protoimpl.MessageState + sizeCache protoimpl.SizeCache + unknownFields protoimpl.UnknownFields + + // Path to access on the HTTP server. + Path string `protobuf:"bytes,1,opt,name=path,proto3" json:"path,omitempty"` + // Port on which the endpoint lives. + // +kubebuilder:validation:XValidation:message="port must be between 1-65535",rule="0 < self && self <= 65535" + Port uint32 `protobuf:"varint,2,opt,name=port,proto3" json:"port,omitempty"` + // Host name to connect to, defaults to the pod IP. You probably want to set + // "Host" in httpHeaders instead. + Host string `protobuf:"bytes,3,opt,name=host,proto3" json:"host,omitempty"` + // HTTP or HTTPS, defaults to HTTP + // +kubebuilder:validation:XValidation:message="scheme must be one of [HTTP, HTTPS]",rule="self in [”, 'HTTP', 'HTTPS']" + Scheme string `protobuf:"bytes,4,opt,name=scheme,proto3" json:"scheme,omitempty"` + // Headers the proxy will pass on to make the request. + // Allows repeated headers. + HttpHeaders []*HTTPHeader `protobuf:"bytes,5,rep,name=http_headers,json=httpHeaders,proto3" json:"http_headers,omitempty"` +} + +func (x *HTTPHealthCheckConfig) Reset() { + *x = HTTPHealthCheckConfig{} + mi := &file_networking_v1alpha3_workload_group_proto_msgTypes[2] + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + ms.StoreMessageInfo(mi) +} + +func (x *HTTPHealthCheckConfig) String() string { + return protoimpl.X.MessageStringOf(x) +} + +func (*HTTPHealthCheckConfig) ProtoMessage() {} + +func (x *HTTPHealthCheckConfig) ProtoReflect() protoreflect.Message { + mi := &file_networking_v1alpha3_workload_group_proto_msgTypes[2] + if x != nil { + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + if ms.LoadMessageInfo() == nil { + ms.StoreMessageInfo(mi) + } + return ms + } + return mi.MessageOf(x) +} + +// Deprecated: Use HTTPHealthCheckConfig.ProtoReflect.Descriptor instead. +func (*HTTPHealthCheckConfig) Descriptor() ([]byte, []int) { + return file_networking_v1alpha3_workload_group_proto_rawDescGZIP(), []int{2} +} + +func (x *HTTPHealthCheckConfig) GetPath() string { + if x != nil { + return x.Path + } + return "" +} + +func (x *HTTPHealthCheckConfig) GetPort() uint32 { + if x != nil { + return x.Port + } + return 0 +} + +func (x *HTTPHealthCheckConfig) GetHost() string { + if x != nil { + return x.Host + } + return "" +} + +func (x *HTTPHealthCheckConfig) GetScheme() string { + if x != nil { + return x.Scheme + } + return "" +} + +func (x *HTTPHealthCheckConfig) GetHttpHeaders() []*HTTPHeader { + if x != nil { + return x.HttpHeaders + } + return nil +} + +type GrpcHealthCheckConfig struct { + state protoimpl.MessageState + sizeCache protoimpl.SizeCache + unknownFields protoimpl.UnknownFields + + // Port on which the endpoint lives. + // +kubebuilder:validation:XValidation:message="port must be between 1-65535",rule="0 < self && self <= 65535" + Port uint32 `protobuf:"varint,1,opt,name=port,proto3" json:"port,omitempty"` + // Service is the fully qualified name of the service to send the grpc health check request + Service string `protobuf:"bytes,2,opt,name=service,proto3" json:"service,omitempty"` +} + +func (x *GrpcHealthCheckConfig) Reset() { + *x = GrpcHealthCheckConfig{} + mi := &file_networking_v1alpha3_workload_group_proto_msgTypes[3] + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + ms.StoreMessageInfo(mi) +} + +func (x *GrpcHealthCheckConfig) String() string { + return protoimpl.X.MessageStringOf(x) +} + +func (*GrpcHealthCheckConfig) ProtoMessage() {} + +func (x *GrpcHealthCheckConfig) ProtoReflect() protoreflect.Message { + mi := &file_networking_v1alpha3_workload_group_proto_msgTypes[3] + if x != nil { + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + if ms.LoadMessageInfo() == nil { + ms.StoreMessageInfo(mi) + } + return ms + } + return mi.MessageOf(x) +} + +// Deprecated: Use GrpcHealthCheckConfig.ProtoReflect.Descriptor instead. +func (*GrpcHealthCheckConfig) Descriptor() ([]byte, []int) { + return file_networking_v1alpha3_workload_group_proto_rawDescGZIP(), []int{3} +} + +func (x *GrpcHealthCheckConfig) GetPort() uint32 { + if x != nil { + return x.Port + } + return 0 +} + +func (x *GrpcHealthCheckConfig) GetService() string { + if x != nil { + return x.Service + } + return "" +} + +type HTTPHeader struct { + state protoimpl.MessageState + sizeCache protoimpl.SizeCache + unknownFields protoimpl.UnknownFields + + // The header field name + // +kubebuilder:validation:Pattern=^[-_A-Za-z0-9]+$ + Name string `protobuf:"bytes,1,opt,name=name,proto3" json:"name,omitempty"` + // The header field value + Value string `protobuf:"bytes,2,opt,name=value,proto3" json:"value,omitempty"` +} + +func (x *HTTPHeader) Reset() { + *x = HTTPHeader{} + mi := &file_networking_v1alpha3_workload_group_proto_msgTypes[4] + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + ms.StoreMessageInfo(mi) +} + +func (x *HTTPHeader) String() string { + return protoimpl.X.MessageStringOf(x) +} + +func (*HTTPHeader) ProtoMessage() {} + +func (x *HTTPHeader) ProtoReflect() protoreflect.Message { + mi := &file_networking_v1alpha3_workload_group_proto_msgTypes[4] + if x != nil { + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + if ms.LoadMessageInfo() == nil { + ms.StoreMessageInfo(mi) + } + return ms + } + return mi.MessageOf(x) +} + +// Deprecated: Use HTTPHeader.ProtoReflect.Descriptor instead. +func (*HTTPHeader) Descriptor() ([]byte, []int) { + return file_networking_v1alpha3_workload_group_proto_rawDescGZIP(), []int{4} +} + +func (x *HTTPHeader) GetName() string { + if x != nil { + return x.Name + } + return "" +} + +func (x *HTTPHeader) GetValue() string { + if x != nil { + return x.Value + } + return "" +} + +type TCPHealthCheckConfig struct { + state protoimpl.MessageState + sizeCache protoimpl.SizeCache + unknownFields protoimpl.UnknownFields + + // Host to connect to, defaults to localhost + Host string `protobuf:"bytes,1,opt,name=host,proto3" json:"host,omitempty"` + // Port of host + // +kubebuilder:validation:XValidation:message="port must be between 1-65535",rule="0 < self && self <= 65535" + Port uint32 `protobuf:"varint,2,opt,name=port,proto3" json:"port,omitempty"` +} + +func (x *TCPHealthCheckConfig) Reset() { + *x = TCPHealthCheckConfig{} + mi := &file_networking_v1alpha3_workload_group_proto_msgTypes[5] + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + ms.StoreMessageInfo(mi) +} + +func (x *TCPHealthCheckConfig) String() string { + return protoimpl.X.MessageStringOf(x) +} + +func (*TCPHealthCheckConfig) ProtoMessage() {} + +func (x *TCPHealthCheckConfig) ProtoReflect() protoreflect.Message { + mi := &file_networking_v1alpha3_workload_group_proto_msgTypes[5] + if x != nil { + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + if ms.LoadMessageInfo() == nil { + ms.StoreMessageInfo(mi) + } + return ms + } + return mi.MessageOf(x) +} + +// Deprecated: Use TCPHealthCheckConfig.ProtoReflect.Descriptor instead. +func (*TCPHealthCheckConfig) Descriptor() ([]byte, []int) { + return file_networking_v1alpha3_workload_group_proto_rawDescGZIP(), []int{5} +} + +func (x *TCPHealthCheckConfig) GetHost() string { + if x != nil { + return x.Host + } + return "" +} + +func (x *TCPHealthCheckConfig) GetPort() uint32 { + if x != nil { + return x.Port + } + return 0 +} + +type ExecHealthCheckConfig struct { + state protoimpl.MessageState + sizeCache protoimpl.SizeCache + unknownFields protoimpl.UnknownFields + + // Command to run. Exit status of 0 is treated as live/healthy and non-zero is unhealthy. + // +protoc-gen-crd:list-value-validation:MinLength=1 + Command []string `protobuf:"bytes,1,rep,name=command,proto3" json:"command,omitempty"` +} + +func (x *ExecHealthCheckConfig) Reset() { + *x = ExecHealthCheckConfig{} + mi := &file_networking_v1alpha3_workload_group_proto_msgTypes[6] + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + ms.StoreMessageInfo(mi) +} + +func (x *ExecHealthCheckConfig) String() string { + return protoimpl.X.MessageStringOf(x) +} + +func (*ExecHealthCheckConfig) ProtoMessage() {} + +func (x *ExecHealthCheckConfig) ProtoReflect() protoreflect.Message { + mi := &file_networking_v1alpha3_workload_group_proto_msgTypes[6] + if x != nil { + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + if ms.LoadMessageInfo() == nil { + ms.StoreMessageInfo(mi) + } + return ms + } + return mi.MessageOf(x) +} + +// Deprecated: Use ExecHealthCheckConfig.ProtoReflect.Descriptor instead. +func (*ExecHealthCheckConfig) Descriptor() ([]byte, []int) { + return file_networking_v1alpha3_workload_group_proto_rawDescGZIP(), []int{6} +} + +func (x *ExecHealthCheckConfig) GetCommand() []string { + if x != nil { + return x.Command + } + return nil +} + +// `ObjectMeta` describes metadata that will be attached to a `WorkloadEntry`. +// It is a subset of the supported Kubernetes metadata. +type WorkloadGroup_ObjectMeta struct { + state protoimpl.MessageState + sizeCache protoimpl.SizeCache + unknownFields protoimpl.UnknownFields + + // Labels to attach + // +kubebuilder:validation:MaxProperties=256 + Labels map[string]string `protobuf:"bytes,1,rep,name=labels,proto3" json:"labels,omitempty" protobuf_key:"bytes,1,opt,name=key,proto3" protobuf_val:"bytes,2,opt,name=value,proto3"` + // Annotations to attach + // +kubebuilder:validation:MaxProperties=256 + Annotations map[string]string `protobuf:"bytes,2,rep,name=annotations,proto3" json:"annotations,omitempty" protobuf_key:"bytes,1,opt,name=key,proto3" protobuf_val:"bytes,2,opt,name=value,proto3"` +} + +func (x *WorkloadGroup_ObjectMeta) Reset() { + *x = WorkloadGroup_ObjectMeta{} + mi := &file_networking_v1alpha3_workload_group_proto_msgTypes[7] + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + ms.StoreMessageInfo(mi) +} + +func (x *WorkloadGroup_ObjectMeta) String() string { + return protoimpl.X.MessageStringOf(x) +} + +func (*WorkloadGroup_ObjectMeta) ProtoMessage() {} + +func (x *WorkloadGroup_ObjectMeta) ProtoReflect() protoreflect.Message { + mi := &file_networking_v1alpha3_workload_group_proto_msgTypes[7] + if x != nil { + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + if ms.LoadMessageInfo() == nil { + ms.StoreMessageInfo(mi) + } + return ms + } + return mi.MessageOf(x) +} + +// Deprecated: Use WorkloadGroup_ObjectMeta.ProtoReflect.Descriptor instead. +func (*WorkloadGroup_ObjectMeta) Descriptor() ([]byte, []int) { + return file_networking_v1alpha3_workload_group_proto_rawDescGZIP(), []int{0, 0} +} + +func (x *WorkloadGroup_ObjectMeta) GetLabels() map[string]string { + if x != nil { + return x.Labels + } + return nil +} + +func (x *WorkloadGroup_ObjectMeta) GetAnnotations() map[string]string { + if x != nil { + return x.Annotations + } + return nil +} + +var File_networking_v1alpha3_workload_group_proto protoreflect.FileDescriptor + +var file_networking_v1alpha3_workload_group_proto_rawDesc = []byte{ + 0x0a, 0x28, 0x6e, 0x65, 0x74, 0x77, 0x6f, 0x72, 0x6b, 0x69, 0x6e, 0x67, 0x2f, 0x76, 0x31, 0x61, + 0x6c, 0x70, 0x68, 0x61, 0x33, 0x2f, 0x77, 0x6f, 0x72, 0x6b, 0x6c, 0x6f, 0x61, 0x64, 0x5f, 0x67, + 0x72, 0x6f, 0x75, 0x70, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x12, 0x19, 0x69, 0x73, 0x74, 0x69, + 0x6f, 0x2e, 0x6e, 0x65, 0x74, 0x77, 0x6f, 0x72, 0x6b, 0x69, 0x6e, 0x67, 0x2e, 0x76, 0x31, 0x61, + 0x6c, 0x70, 0x68, 0x61, 0x33, 0x1a, 0x1f, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2f, 0x61, 0x70, + 0x69, 0x2f, 0x66, 0x69, 0x65, 0x6c, 0x64, 0x5f, 0x62, 0x65, 0x68, 0x61, 0x76, 0x69, 0x6f, 0x72, + 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x1a, 0x28, 0x6e, 0x65, 0x74, 0x77, 0x6f, 0x72, 0x6b, 0x69, + 0x6e, 0x67, 0x2f, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x33, 0x2f, 0x77, 0x6f, 0x72, 0x6b, + 0x6c, 0x6f, 0x61, 0x64, 0x5f, 0x65, 0x6e, 0x74, 0x72, 0x79, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, + 0x22, 0xb8, 0x04, 0x0a, 0x0d, 0x57, 0x6f, 0x72, 0x6b, 0x6c, 0x6f, 0x61, 0x64, 0x47, 0x72, 0x6f, + 0x75, 0x70, 0x12, 0x4f, 0x0a, 0x08, 0x6d, 0x65, 0x74, 0x61, 0x64, 0x61, 0x74, 0x61, 0x18, 0x01, + 0x20, 0x01, 0x28, 0x0b, 0x32, 0x33, 0x2e, 0x69, 0x73, 0x74, 0x69, 0x6f, 0x2e, 0x6e, 0x65, 0x74, + 0x77, 0x6f, 0x72, 0x6b, 0x69, 0x6e, 0x67, 0x2e, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x33, + 0x2e, 0x57, 0x6f, 0x72, 0x6b, 0x6c, 0x6f, 0x61, 0x64, 0x47, 0x72, 0x6f, 0x75, 0x70, 0x2e, 0x4f, + 0x62, 0x6a, 0x65, 0x63, 0x74, 0x4d, 0x65, 0x74, 0x61, 0x52, 0x08, 0x6d, 0x65, 0x74, 0x61, 0x64, + 0x61, 0x74, 0x61, 0x12, 0x4a, 0x0a, 0x08, 0x74, 0x65, 0x6d, 0x70, 0x6c, 0x61, 0x74, 0x65, 0x18, + 0x02, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x28, 0x2e, 0x69, 0x73, 0x74, 0x69, 0x6f, 0x2e, 0x6e, 0x65, + 0x74, 0x77, 0x6f, 0x72, 0x6b, 0x69, 0x6e, 0x67, 0x2e, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, + 0x33, 0x2e, 0x57, 0x6f, 0x72, 0x6b, 0x6c, 0x6f, 0x61, 0x64, 0x45, 0x6e, 0x74, 0x72, 0x79, 0x42, + 0x04, 0xe2, 0x41, 0x01, 0x02, 0x52, 0x08, 0x74, 0x65, 0x6d, 0x70, 0x6c, 0x61, 0x74, 0x65, 0x12, + 0x3f, 0x0a, 0x05, 0x70, 0x72, 0x6f, 0x62, 0x65, 0x18, 0x03, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x29, + 0x2e, 0x69, 0x73, 0x74, 0x69, 0x6f, 0x2e, 0x6e, 0x65, 0x74, 0x77, 0x6f, 0x72, 0x6b, 0x69, 0x6e, + 0x67, 0x2e, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x33, 0x2e, 0x52, 0x65, 0x61, 0x64, 0x69, + 0x6e, 0x65, 0x73, 0x73, 0x50, 0x72, 0x6f, 0x62, 0x65, 0x52, 0x05, 0x70, 0x72, 0x6f, 0x62, 0x65, + 0x1a, 0xc8, 0x02, 0x0a, 0x0a, 0x4f, 0x62, 0x6a, 0x65, 0x63, 0x74, 0x4d, 0x65, 0x74, 0x61, 0x12, + 0x57, 0x0a, 0x06, 0x6c, 0x61, 0x62, 0x65, 0x6c, 0x73, 0x18, 0x01, 0x20, 0x03, 0x28, 0x0b, 0x32, + 0x3f, 0x2e, 0x69, 0x73, 0x74, 0x69, 0x6f, 0x2e, 0x6e, 0x65, 0x74, 0x77, 0x6f, 0x72, 0x6b, 0x69, + 0x6e, 0x67, 0x2e, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x33, 0x2e, 0x57, 0x6f, 0x72, 0x6b, + 0x6c, 0x6f, 0x61, 0x64, 0x47, 0x72, 0x6f, 0x75, 0x70, 0x2e, 0x4f, 0x62, 0x6a, 0x65, 0x63, 0x74, + 0x4d, 0x65, 0x74, 0x61, 0x2e, 0x4c, 0x61, 0x62, 0x65, 0x6c, 0x73, 0x45, 0x6e, 0x74, 0x72, 0x79, + 0x52, 0x06, 0x6c, 0x61, 0x62, 0x65, 0x6c, 0x73, 0x12, 0x66, 0x0a, 0x0b, 0x61, 0x6e, 0x6e, 0x6f, + 0x74, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x73, 0x18, 0x02, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x44, 0x2e, + 0x69, 0x73, 0x74, 0x69, 0x6f, 0x2e, 0x6e, 0x65, 0x74, 0x77, 0x6f, 0x72, 0x6b, 0x69, 0x6e, 0x67, + 0x2e, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x33, 0x2e, 0x57, 0x6f, 0x72, 0x6b, 0x6c, 0x6f, + 0x61, 0x64, 0x47, 0x72, 0x6f, 0x75, 0x70, 0x2e, 0x4f, 0x62, 0x6a, 0x65, 0x63, 0x74, 0x4d, 0x65, + 0x74, 0x61, 0x2e, 0x41, 0x6e, 0x6e, 0x6f, 0x74, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x73, 0x45, 0x6e, + 0x74, 0x72, 0x79, 0x52, 0x0b, 0x61, 0x6e, 0x6e, 0x6f, 0x74, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x73, + 0x1a, 0x39, 0x0a, 0x0b, 0x4c, 0x61, 0x62, 0x65, 0x6c, 0x73, 0x45, 0x6e, 0x74, 0x72, 0x79, 0x12, + 0x10, 0x0a, 0x03, 0x6b, 0x65, 0x79, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x03, 0x6b, 0x65, + 0x79, 0x12, 0x14, 0x0a, 0x05, 0x76, 0x61, 0x6c, 0x75, 0x65, 0x18, 0x02, 0x20, 0x01, 0x28, 0x09, + 0x52, 0x05, 0x76, 0x61, 0x6c, 0x75, 0x65, 0x3a, 0x02, 0x38, 0x01, 0x1a, 0x3e, 0x0a, 0x10, 0x41, + 0x6e, 0x6e, 0x6f, 0x74, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x73, 0x45, 0x6e, 0x74, 0x72, 0x79, 0x12, + 0x10, 0x0a, 0x03, 0x6b, 0x65, 0x79, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x03, 0x6b, 0x65, + 0x79, 0x12, 0x14, 0x0a, 0x05, 0x76, 0x61, 0x6c, 0x75, 0x65, 0x18, 0x02, 0x20, 0x01, 0x28, 0x09, + 0x52, 0x05, 0x76, 0x61, 0x6c, 0x75, 0x65, 0x3a, 0x02, 0x38, 0x01, 0x22, 0xb6, 0x04, 0x0a, 0x0e, + 0x52, 0x65, 0x61, 0x64, 0x69, 0x6e, 0x65, 0x73, 0x73, 0x50, 0x72, 0x6f, 0x62, 0x65, 0x12, 0x32, + 0x0a, 0x15, 0x69, 0x6e, 0x69, 0x74, 0x69, 0x61, 0x6c, 0x5f, 0x64, 0x65, 0x6c, 0x61, 0x79, 0x5f, + 0x73, 0x65, 0x63, 0x6f, 0x6e, 0x64, 0x73, 0x18, 0x02, 0x20, 0x01, 0x28, 0x05, 0x52, 0x13, 0x69, + 0x6e, 0x69, 0x74, 0x69, 0x61, 0x6c, 0x44, 0x65, 0x6c, 0x61, 0x79, 0x53, 0x65, 0x63, 0x6f, 0x6e, + 0x64, 0x73, 0x12, 0x27, 0x0a, 0x0f, 0x74, 0x69, 0x6d, 0x65, 0x6f, 0x75, 0x74, 0x5f, 0x73, 0x65, + 0x63, 0x6f, 0x6e, 0x64, 0x73, 0x18, 0x03, 0x20, 0x01, 0x28, 0x05, 0x52, 0x0e, 0x74, 0x69, 0x6d, + 0x65, 0x6f, 0x75, 0x74, 0x53, 0x65, 0x63, 0x6f, 0x6e, 0x64, 0x73, 0x12, 0x25, 0x0a, 0x0e, 0x70, + 0x65, 0x72, 0x69, 0x6f, 0x64, 0x5f, 0x73, 0x65, 0x63, 0x6f, 0x6e, 0x64, 0x73, 0x18, 0x04, 0x20, + 0x01, 0x28, 0x05, 0x52, 0x0d, 0x70, 0x65, 0x72, 0x69, 0x6f, 0x64, 0x53, 0x65, 0x63, 0x6f, 0x6e, + 0x64, 0x73, 0x12, 0x2b, 0x0a, 0x11, 0x73, 0x75, 0x63, 0x63, 0x65, 0x73, 0x73, 0x5f, 0x74, 0x68, + 0x72, 0x65, 0x73, 0x68, 0x6f, 0x6c, 0x64, 0x18, 0x05, 0x20, 0x01, 0x28, 0x05, 0x52, 0x10, 0x73, + 0x75, 0x63, 0x63, 0x65, 0x73, 0x73, 0x54, 0x68, 0x72, 0x65, 0x73, 0x68, 0x6f, 0x6c, 0x64, 0x12, + 0x2b, 0x0a, 0x11, 0x66, 0x61, 0x69, 0x6c, 0x75, 0x72, 0x65, 0x5f, 0x74, 0x68, 0x72, 0x65, 0x73, + 0x68, 0x6f, 0x6c, 0x64, 0x18, 0x06, 0x20, 0x01, 0x28, 0x05, 0x52, 0x10, 0x66, 0x61, 0x69, 0x6c, + 0x75, 0x72, 0x65, 0x54, 0x68, 0x72, 0x65, 0x73, 0x68, 0x6f, 0x6c, 0x64, 0x12, 0x4d, 0x0a, 0x08, + 0x68, 0x74, 0x74, 0x70, 0x5f, 0x67, 0x65, 0x74, 0x18, 0x07, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x30, + 0x2e, 0x69, 0x73, 0x74, 0x69, 0x6f, 0x2e, 0x6e, 0x65, 0x74, 0x77, 0x6f, 0x72, 0x6b, 0x69, 0x6e, + 0x67, 0x2e, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x33, 0x2e, 0x48, 0x54, 0x54, 0x50, 0x48, + 0x65, 0x61, 0x6c, 0x74, 0x68, 0x43, 0x68, 0x65, 0x63, 0x6b, 0x43, 0x6f, 0x6e, 0x66, 0x69, 0x67, + 0x48, 0x00, 0x52, 0x07, 0x68, 0x74, 0x74, 0x70, 0x47, 0x65, 0x74, 0x12, 0x50, 0x0a, 0x0a, 0x74, + 0x63, 0x70, 0x5f, 0x73, 0x6f, 0x63, 0x6b, 0x65, 0x74, 0x18, 0x08, 0x20, 0x01, 0x28, 0x0b, 0x32, + 0x2f, 0x2e, 0x69, 0x73, 0x74, 0x69, 0x6f, 0x2e, 0x6e, 0x65, 0x74, 0x77, 0x6f, 0x72, 0x6b, 0x69, + 0x6e, 0x67, 0x2e, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x33, 0x2e, 0x54, 0x43, 0x50, 0x48, + 0x65, 0x61, 0x6c, 0x74, 0x68, 0x43, 0x68, 0x65, 0x63, 0x6b, 0x43, 0x6f, 0x6e, 0x66, 0x69, 0x67, + 0x48, 0x00, 0x52, 0x09, 0x74, 0x63, 0x70, 0x53, 0x6f, 0x63, 0x6b, 0x65, 0x74, 0x12, 0x46, 0x0a, + 0x04, 0x65, 0x78, 0x65, 0x63, 0x18, 0x09, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x30, 0x2e, 0x69, 0x73, + 0x74, 0x69, 0x6f, 0x2e, 0x6e, 0x65, 0x74, 0x77, 0x6f, 0x72, 0x6b, 0x69, 0x6e, 0x67, 0x2e, 0x76, + 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x33, 0x2e, 0x45, 0x78, 0x65, 0x63, 0x48, 0x65, 0x61, 0x6c, + 0x74, 0x68, 0x43, 0x68, 0x65, 0x63, 0x6b, 0x43, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x48, 0x00, 0x52, + 0x04, 0x65, 0x78, 0x65, 0x63, 0x12, 0x46, 0x0a, 0x04, 0x67, 0x72, 0x70, 0x63, 0x18, 0x0a, 0x20, + 0x01, 0x28, 0x0b, 0x32, 0x30, 0x2e, 0x69, 0x73, 0x74, 0x69, 0x6f, 0x2e, 0x6e, 0x65, 0x74, 0x77, + 0x6f, 0x72, 0x6b, 0x69, 0x6e, 0x67, 0x2e, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x33, 0x2e, + 0x47, 0x72, 0x70, 0x63, 0x48, 0x65, 0x61, 0x6c, 0x74, 0x68, 0x43, 0x68, 0x65, 0x63, 0x6b, 0x43, + 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x48, 0x00, 0x52, 0x04, 0x67, 0x72, 0x70, 0x63, 0x42, 0x15, 0x0a, + 0x13, 0x68, 0x65, 0x61, 0x6c, 0x74, 0x68, 0x5f, 0x63, 0x68, 0x65, 0x63, 0x6b, 0x5f, 0x6d, 0x65, + 0x74, 0x68, 0x6f, 0x64, 0x22, 0xbb, 0x01, 0x0a, 0x15, 0x48, 0x54, 0x54, 0x50, 0x48, 0x65, 0x61, + 0x6c, 0x74, 0x68, 0x43, 0x68, 0x65, 0x63, 0x6b, 0x43, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x12, 0x12, + 0x0a, 0x04, 0x70, 0x61, 0x74, 0x68, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x04, 0x70, 0x61, + 0x74, 0x68, 0x12, 0x18, 0x0a, 0x04, 0x70, 0x6f, 0x72, 0x74, 0x18, 0x02, 0x20, 0x01, 0x28, 0x0d, + 0x42, 0x04, 0xe2, 0x41, 0x01, 0x02, 0x52, 0x04, 0x70, 0x6f, 0x72, 0x74, 0x12, 0x12, 0x0a, 0x04, + 0x68, 0x6f, 0x73, 0x74, 0x18, 0x03, 0x20, 0x01, 0x28, 0x09, 0x52, 0x04, 0x68, 0x6f, 0x73, 0x74, + 0x12, 0x16, 0x0a, 0x06, 0x73, 0x63, 0x68, 0x65, 0x6d, 0x65, 0x18, 0x04, 0x20, 0x01, 0x28, 0x09, + 0x52, 0x06, 0x73, 0x63, 0x68, 0x65, 0x6d, 0x65, 0x12, 0x48, 0x0a, 0x0c, 0x68, 0x74, 0x74, 0x70, + 0x5f, 0x68, 0x65, 0x61, 0x64, 0x65, 0x72, 0x73, 0x18, 0x05, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x25, + 0x2e, 0x69, 0x73, 0x74, 0x69, 0x6f, 0x2e, 0x6e, 0x65, 0x74, 0x77, 0x6f, 0x72, 0x6b, 0x69, 0x6e, + 0x67, 0x2e, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x33, 0x2e, 0x48, 0x54, 0x54, 0x50, 0x48, + 0x65, 0x61, 0x64, 0x65, 0x72, 0x52, 0x0b, 0x68, 0x74, 0x74, 0x70, 0x48, 0x65, 0x61, 0x64, 0x65, + 0x72, 0x73, 0x22, 0x45, 0x0a, 0x15, 0x47, 0x72, 0x70, 0x63, 0x48, 0x65, 0x61, 0x6c, 0x74, 0x68, + 0x43, 0x68, 0x65, 0x63, 0x6b, 0x43, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x12, 0x12, 0x0a, 0x04, 0x70, + 0x6f, 0x72, 0x74, 0x18, 0x01, 0x20, 0x01, 0x28, 0x0d, 0x52, 0x04, 0x70, 0x6f, 0x72, 0x74, 0x12, + 0x18, 0x0a, 0x07, 0x73, 0x65, 0x72, 0x76, 0x69, 0x63, 0x65, 0x18, 0x02, 0x20, 0x01, 0x28, 0x09, + 0x52, 0x07, 0x73, 0x65, 0x72, 0x76, 0x69, 0x63, 0x65, 0x22, 0x36, 0x0a, 0x0a, 0x48, 0x54, 0x54, + 0x50, 0x48, 0x65, 0x61, 0x64, 0x65, 0x72, 0x12, 0x12, 0x0a, 0x04, 0x6e, 0x61, 0x6d, 0x65, 0x18, + 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x04, 0x6e, 0x61, 0x6d, 0x65, 0x12, 0x14, 0x0a, 0x05, 0x76, + 0x61, 0x6c, 0x75, 0x65, 0x18, 0x02, 0x20, 0x01, 0x28, 0x09, 0x52, 0x05, 0x76, 0x61, 0x6c, 0x75, + 0x65, 0x22, 0x44, 0x0a, 0x14, 0x54, 0x43, 0x50, 0x48, 0x65, 0x61, 0x6c, 0x74, 0x68, 0x43, 0x68, + 0x65, 0x63, 0x6b, 0x43, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x12, 0x12, 0x0a, 0x04, 0x68, 0x6f, 0x73, + 0x74, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x04, 0x68, 0x6f, 0x73, 0x74, 0x12, 0x18, 0x0a, + 0x04, 0x70, 0x6f, 0x72, 0x74, 0x18, 0x02, 0x20, 0x01, 0x28, 0x0d, 0x42, 0x04, 0xe2, 0x41, 0x01, + 0x02, 0x52, 0x04, 0x70, 0x6f, 0x72, 0x74, 0x22, 0x37, 0x0a, 0x15, 0x45, 0x78, 0x65, 0x63, 0x48, + 0x65, 0x61, 0x6c, 0x74, 0x68, 0x43, 0x68, 0x65, 0x63, 0x6b, 0x43, 0x6f, 0x6e, 0x66, 0x69, 0x67, + 0x12, 0x1e, 0x0a, 0x07, 0x63, 0x6f, 0x6d, 0x6d, 0x61, 0x6e, 0x64, 0x18, 0x01, 0x20, 0x03, 0x28, + 0x09, 0x42, 0x04, 0xe2, 0x41, 0x01, 0x02, 0x52, 0x07, 0x63, 0x6f, 0x6d, 0x6d, 0x61, 0x6e, 0x64, + 0x42, 0x22, 0x5a, 0x20, 0x69, 0x73, 0x74, 0x69, 0x6f, 0x2e, 0x69, 0x6f, 0x2f, 0x61, 0x70, 0x69, + 0x2f, 0x6e, 0x65, 0x74, 0x77, 0x6f, 0x72, 0x6b, 0x69, 0x6e, 0x67, 0x2f, 0x76, 0x31, 0x61, 0x6c, + 0x70, 0x68, 0x61, 0x33, 0x62, 0x06, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x33, +} + +var ( + file_networking_v1alpha3_workload_group_proto_rawDescOnce sync.Once + file_networking_v1alpha3_workload_group_proto_rawDescData = file_networking_v1alpha3_workload_group_proto_rawDesc +) + +func file_networking_v1alpha3_workload_group_proto_rawDescGZIP() []byte { + file_networking_v1alpha3_workload_group_proto_rawDescOnce.Do(func() { + file_networking_v1alpha3_workload_group_proto_rawDescData = protoimpl.X.CompressGZIP(file_networking_v1alpha3_workload_group_proto_rawDescData) + }) + return file_networking_v1alpha3_workload_group_proto_rawDescData +} + +var file_networking_v1alpha3_workload_group_proto_msgTypes = make([]protoimpl.MessageInfo, 10) +var file_networking_v1alpha3_workload_group_proto_goTypes = []any{ + (*WorkloadGroup)(nil), // 0: istio.networking.v1alpha3.WorkloadGroup + (*ReadinessProbe)(nil), // 1: istio.networking.v1alpha3.ReadinessProbe + (*HTTPHealthCheckConfig)(nil), // 2: istio.networking.v1alpha3.HTTPHealthCheckConfig + (*GrpcHealthCheckConfig)(nil), // 3: istio.networking.v1alpha3.GrpcHealthCheckConfig + (*HTTPHeader)(nil), // 4: istio.networking.v1alpha3.HTTPHeader + (*TCPHealthCheckConfig)(nil), // 5: istio.networking.v1alpha3.TCPHealthCheckConfig + (*ExecHealthCheckConfig)(nil), // 6: istio.networking.v1alpha3.ExecHealthCheckConfig + (*WorkloadGroup_ObjectMeta)(nil), // 7: istio.networking.v1alpha3.WorkloadGroup.ObjectMeta + nil, // 8: istio.networking.v1alpha3.WorkloadGroup.ObjectMeta.LabelsEntry + nil, // 9: istio.networking.v1alpha3.WorkloadGroup.ObjectMeta.AnnotationsEntry + (*WorkloadEntry)(nil), // 10: istio.networking.v1alpha3.WorkloadEntry +} +var file_networking_v1alpha3_workload_group_proto_depIdxs = []int32{ + 7, // 0: istio.networking.v1alpha3.WorkloadGroup.metadata:type_name -> istio.networking.v1alpha3.WorkloadGroup.ObjectMeta + 10, // 1: istio.networking.v1alpha3.WorkloadGroup.template:type_name -> istio.networking.v1alpha3.WorkloadEntry + 1, // 2: istio.networking.v1alpha3.WorkloadGroup.probe:type_name -> istio.networking.v1alpha3.ReadinessProbe + 2, // 3: istio.networking.v1alpha3.ReadinessProbe.http_get:type_name -> istio.networking.v1alpha3.HTTPHealthCheckConfig + 5, // 4: istio.networking.v1alpha3.ReadinessProbe.tcp_socket:type_name -> istio.networking.v1alpha3.TCPHealthCheckConfig + 6, // 5: istio.networking.v1alpha3.ReadinessProbe.exec:type_name -> istio.networking.v1alpha3.ExecHealthCheckConfig + 3, // 6: istio.networking.v1alpha3.ReadinessProbe.grpc:type_name -> istio.networking.v1alpha3.GrpcHealthCheckConfig + 4, // 7: istio.networking.v1alpha3.HTTPHealthCheckConfig.http_headers:type_name -> istio.networking.v1alpha3.HTTPHeader + 8, // 8: istio.networking.v1alpha3.WorkloadGroup.ObjectMeta.labels:type_name -> istio.networking.v1alpha3.WorkloadGroup.ObjectMeta.LabelsEntry + 9, // 9: istio.networking.v1alpha3.WorkloadGroup.ObjectMeta.annotations:type_name -> istio.networking.v1alpha3.WorkloadGroup.ObjectMeta.AnnotationsEntry + 10, // [10:10] is the sub-list for method output_type + 10, // [10:10] is the sub-list for method input_type + 10, // [10:10] is the sub-list for extension type_name + 10, // [10:10] is the sub-list for extension extendee + 0, // [0:10] is the sub-list for field type_name +} + +func init() { file_networking_v1alpha3_workload_group_proto_init() } +func file_networking_v1alpha3_workload_group_proto_init() { + if File_networking_v1alpha3_workload_group_proto != nil { + return + } + file_networking_v1alpha3_workload_entry_proto_init() + file_networking_v1alpha3_workload_group_proto_msgTypes[1].OneofWrappers = []any{ + (*ReadinessProbe_HttpGet)(nil), + (*ReadinessProbe_TcpSocket)(nil), + (*ReadinessProbe_Exec)(nil), + (*ReadinessProbe_Grpc)(nil), + } + type x struct{} + out := protoimpl.TypeBuilder{ + File: protoimpl.DescBuilder{ + GoPackagePath: reflect.TypeOf(x{}).PkgPath(), + RawDescriptor: file_networking_v1alpha3_workload_group_proto_rawDesc, + NumEnums: 0, + NumMessages: 10, + NumExtensions: 0, + NumServices: 0, + }, + GoTypes: file_networking_v1alpha3_workload_group_proto_goTypes, + DependencyIndexes: file_networking_v1alpha3_workload_group_proto_depIdxs, + MessageInfos: file_networking_v1alpha3_workload_group_proto_msgTypes, + }.Build() + File_networking_v1alpha3_workload_group_proto = out.File + file_networking_v1alpha3_workload_group_proto_rawDesc = nil + file_networking_v1alpha3_workload_group_proto_goTypes = nil + file_networking_v1alpha3_workload_group_proto_depIdxs = nil +} diff --git a/vendor/istio.io/api/networking/v1beta1/workload_group.pb.html b/vendor/istio.io/api/networking/v1alpha3/workload_group.pb.html similarity index 59% rename from vendor/istio.io/api/networking/v1beta1/workload_group.pb.html rename to vendor/istio.io/api/networking/v1alpha3/workload_group.pb.html index 4c3f2d499..8c33af9aa 100644 --- a/vendor/istio.io/api/networking/v1beta1/workload_group.pb.html +++ b/vendor/istio.io/api/networking/v1alpha3/workload_group.pb.html @@ -6,7 +6,7 @@ generator: protoc-gen-docs schema: istio.networking.v1alpha3.WorkloadGroup aliases: [/docs/reference/config/networking/v1alpha3/workload-group] -number_of_entries: 7 +number_of_entries: 8 ---

WorkloadGroup describes a collection of workload instances. It provides a specification that the workload instances can use to bootstrap @@ -20,9 +20,7 @@ instance during the bootstrap process, and the ports 3550 and 8080 will be associated with the workload group and use service account default. app.kubernetes.io/version is just an arbitrary example of a label.

-

{{}} -{{}}

-
apiVersion: networking.istio.io/v1alpha3
+
apiVersion: networking.istio.io/v1
 kind: WorkloadGroup
 metadata:
   name: reviews
@@ -52,8 +50,6 @@
      - name: Lit-Header
        value: Im-The-Best
 

-
{{}}
-{{}}

 
 
WorkloadGroup

 

@@ -67,27 +63,25 @@ 
WorkloadGroup

 
 
 Field
-Type
 Description
-Required
 
 
 
 
-metadata
-ObjectMeta
+
metadata

+
ObjectMeta

+

 
 
Metadata that will be used for all corresponding WorkloadEntries.
 User labels for a workload group should be set here in metadata rather than in template.

 
-
-
-No
 
 
 
-template
-WorkloadEntry
+
template

+
WorkloadEntry

+
Required

+

 
 
Template to be used for the generation of WorkloadEntry resources that belong to this WorkloadGroup.
 Please note that address and labels fields should not be set in the template, and an empty serviceAccount
@@ -95,21 +89,50 @@ 
WorkloadGroup

 specified service account’s token. Workload entries in this group will be in the same namespace as the
 workload group, and inherit the labels and annotations from the above metadata field.

 
-
-
-Yes
 
 
 
-probe
-ReadinessProbe
+
probe

+
ReadinessProbe

+

 
 
ReadinessProbe describes the configuration the user must provide for healthchecking on their workload.
 This configuration mirrors K8S in both syntax and logic for the most part.

 
 
+
+
+
+

+
ObjectMeta

+

+
ObjectMeta describes metadata that will be attached to a WorkloadEntry.
+It is a subset of the supported Kubernetes metadata.

+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
@@ -121,103 +144,94 @@ 
ReadinessProbe

-
-
-
-
+
-
-
-
+
-
-
-
+
-
-
-
+
-
-
-
+
-
-
-
+
-
-
-
+
-
-
-
+
+
+
+
@@ -229,207 +243,173 @@ 
HTTPHealthCheckConfig

-
-
-
-
+
-
-
-
+
-
-
-
+
-
-
-
+
-
-
-
+
-
FieldDescription
labels

+
map<string, string>

+

+
Labels to attach

+
+
annotations

+
map<string, string>

+

 
-No
+
Annotations to attach

+
 		
 

 
 
 

 FieldType
 DescriptionRequired
 

 
 
 
initialDelaySecondsint32
initialDelaySeconds

+
int32

+

 
 
Number of seconds after the container has started before readiness probes are initiated.

 
-		
-No
 
 

 
timeoutSecondsint32
timeoutSeconds

+
int32

+

 
 
Number of seconds after which the probe times out.
 Defaults to 1 second. Minimum value is 1 second.

 
-		
-No
 
 

 
periodSecondsint32
periodSeconds

+
int32

+

 
 
How often (in seconds) to perform the probe.
 Default to 10 seconds. Minimum value is 1 second.

 
-		
-No
 
 

 
successThresholdint32
successThreshold

+
int32

+

 
 
Minimum consecutive successes for the probe to be considered successful after having failed.
 Defaults to 1 second.

 
-		
-No
 
 

 
failureThresholdint32
failureThreshold

+
int32

+

 
 
Minimum consecutive failures for the probe to be considered failed after having succeeded.
 Defaults to 3 seconds.

 
-		
-No
 
 

 
httpGetHTTPHealthCheckConfig (oneof)
httpGet

+
HTTPHealthCheckConfig (oneof)

+

 
 
httpGet is performed to a given endpoint
 and the status/able to connect determines health.

 
-		
-No
 
 

 
tcpSocketTCPHealthCheckConfig (oneof)
tcpSocket

+
TCPHealthCheckConfig (oneof)

+

 
 
Health is determined by if the proxy is able to connect.

 
-		
-No
 
 

 
execExecHealthCheckConfig (oneof)
exec

+
ExecHealthCheckConfig (oneof)

+

 
 
Health is determined by how the command that is executed exited.

 
 
grpc

+
GrpcHealthCheckConfig (oneof)

+

 
-No
+
GRPC call is made and response/error is used to determine health.

+
 		
 

 
 
 

 FieldType
 DescriptionRequired
 

 
 
 
pathstring
path

+
string

+

 
 
Path to access on the HTTP server.

 
-		
-No
 
 

 
portuint32
port

+
uint32

+
Required

+

 
 
Port on which the endpoint lives.

 
-		
-Yes
 
 

 
hoststring
host

+
string

+

 
 
Host name to connect to, defaults to the pod IP. You probably want to set
 “Host” in httpHeaders instead.

 
-		
-No
 
 

 
schemestring
scheme

+
string

+

 
 
HTTP or HTTPS, defaults to HTTP

 
-		
-No
 
 

 
httpHeadersHTTPHeader[]
httpHeaders

+
HTTPHeader[]

+

 
 
Headers the proxy will pass on to make the request.
 Allows repeated headers.

 
-		
-No
 
 

 
 

 

-
HTTPHeader

+
GrpcHealthCheckConfig

 

 
-
-
-
-
-
+
+
-
-
-
-
+
+
-

 
 

 FieldType
 DescriptionRequired
 

 
 
namestring
port

+
uint32

+

 
-
The header field name

+
Port on which the endpoint lives.

 
-		
-No
 
 
valuestring
service

+
string

+

 
-
The header field value

+
Service is the fully qualified name of the service to send the grpc health check request

 
-		
-No
 
 

 
 

 

-
TCPHealthCheckConfig

+
HTTPHeader

 

 
-
-
-
-
-
+
+
-
-
-
-
+
+
-

 
 

 FieldType
 DescriptionRequired
 

 
 
hoststring
name

+
string

+

 
-
Host to connect to, defaults to localhost

+
The header field name

 
-		
-No
 
 
portuint32
value

+
string

+

 
-
Port of host

+
The header field value

 
-		
-Yes
 
 

 
 

 

-
ExecHealthCheckConfig

+
TCPHealthCheckConfig

 

 
-
-
-
-
-
+
+
+
+
+

 
 

 FieldType
 DescriptionRequired
 

 
 
commandstring[]
host

+
string

+

 
-
Command to run. Exit status of 0 is treated as live/healthy and non-zero is unhealthy.

+
Host to connect to, defaults to localhost

 
 
port

+
uint32

+
Required

+

 
-No
+
Port of host

+
 		
 

 
 

 

-
WorkloadGroup.ObjectMeta

+
ExecHealthCheckConfig

 

-
ObjectMeta describes metadata that will be attached to a WorkloadEntry.
-It is a subset of the supported Kubernetes metadata.

-
 
-
-
-
-
-
-
-
-
-
-
-
+
+
-
diff --git a/vendor/istio.io/api/networking/v1beta1/workload_group.proto b/vendor/istio.io/api/networking/v1alpha3/workload_group.proto
similarity index 81%
rename from vendor/istio.io/api/networking/v1beta1/workload_group.proto
rename to vendor/istio.io/api/networking/v1alpha3/workload_group.proto
index a7d28ae73..898533e90 100644
--- a/vendor/istio.io/api/networking/v1beta1/workload_group.proto
+++ b/vendor/istio.io/api/networking/v1alpha3/workload_group.proto
@@ -15,7 +15,7 @@
 syntax = "proto3";
 
 import "google/api/field_behavior.proto";
-import "networking/v1beta1/workload_entry.proto";
+import "networking/v1alpha3/workload_entry.proto";
 
 // $schema: istio.networking.v1alpha3.WorkloadGroup
 // $title: Workload Group
@@ -37,10 +37,8 @@ import "networking/v1beta1/workload_entry.proto";
 // will be associated with the workload group and use service account `default`.
 // `app.kubernetes.io/version` is just an arbitrary example of a label.
 //
-// {{}}
-// {{}}
 // ```yaml
-// apiVersion: networking.istio.io/v1alpha3
+// apiVersion: networking.istio.io/v1
 // kind: WorkloadGroup
 // metadata:
 //   name: reviews
@@ -70,12 +68,10 @@ import "networking/v1beta1/workload_entry.proto";
 //      - name: Lit-Header
 //        value: Im-The-Best
 // ```
-// {{}}
-// {{}}
 //
-package istio.networking.v1beta1;
+package istio.networking.v1alpha3;
 
-option go_package = "istio.io/api/networking/v1beta1";
+option go_package = "istio.io/api/networking/v1alpha3";
 
 // `WorkloadGroup` enables specifying the properties of a single workload for bootstrap and
 // provides a template for `WorkloadEntry`, similar to how `Deployment` specifies properties
@@ -85,7 +81,7 @@ option go_package = "istio.io/api/networking/v1beta1";
 //
 // 
 //
 // 
-// 
 message WorkloadGroup {
   // Metadata that will be used for all corresponding `WorkloadEntries`.
   // User labels for a workload group should be set here in `metadata` rather than in `template`.
@@ -116,15 +110,18 @@ message WorkloadGroup {
   // should default to `default`. The workload identities (mTLS certificates) will be bootstrapped using the
   // specified service account's token. Workload entries in this group will be in the same namespace as the
   // workload group, and inherit the labels and annotations from the above `metadata` field.
+  // +protoc-gen-crd:validation:IgnoreSubValidation:["Address is required"]
   WorkloadEntry template = 2 [(google.api.field_behavior) = REQUIRED];
 
   // `ObjectMeta` describes metadata that will be attached to a `WorkloadEntry`.
   // It is a subset of the supported Kubernetes metadata.
   message ObjectMeta {
       // Labels to attach
+      // +kubebuilder:validation:MaxProperties=256
       map labels = 1;
 
       // Annotations to attach
+      // +kubebuilder:validation:MaxProperties=256
       map annotations = 2;
   }
 
@@ -134,24 +131,28 @@ message WorkloadGroup {
 }
 
 message ReadinessProbe {
-
     // Number of seconds after the container has started before readiness probes are initiated.
+    // +kubebuilder:validation:Minimum=0
     int32 initial_delay_seconds = 2;
 
     // Number of seconds after which the probe times out.
     // Defaults to 1 second. Minimum value is 1 second.
+    // +kubebuilder:validation:Minimum=0
     int32 timeout_seconds = 3;
 
     // How often (in seconds) to perform the probe.
     // Default to 10 seconds. Minimum value is 1 second.
+    // +kubebuilder:validation:Minimum=0
     int32 period_seconds = 4;
 
     // Minimum consecutive successes for the probe to be considered successful after having failed.
     // Defaults to 1 second.
+    // +kubebuilder:validation:Minimum=0
     int32 success_threshold = 5;
 
     // Minimum consecutive failures for the probe to be considered failed after having succeeded.
     // Defaults to 3 seconds.
+    // +kubebuilder:validation:Minimum=0
     int32 failure_threshold = 6;
 
     // Users can only provide one configuration for healthchecks (tcp, http, exec),
@@ -165,6 +166,8 @@ message ReadinessProbe {
         TCPHealthCheckConfig tcp_socket = 8;
         // Health is determined by how the command that is executed exited.
         ExecHealthCheckConfig exec = 9;
+        // GRPC call is made and response/error is used to determine health.
+        GrpcHealthCheckConfig grpc = 10;
     }
 }
 
@@ -173,6 +176,7 @@ message HTTPHealthCheckConfig {
     string path = 1;
 
     // Port on which the endpoint lives.
+    // +kubebuilder:validation:XValidation:message="port must be between 1-65535",rule="0 < self && self <= 65535"
     uint32 port = 2 [(google.api.field_behavior) = REQUIRED];
 
     // Host name to connect to, defaults to the pod IP. You probably want to set
@@ -180,6 +184,7 @@ message HTTPHealthCheckConfig {
     string host = 3;
 
     // HTTP or HTTPS, defaults to HTTP
+    // +kubebuilder:validation:XValidation:message="scheme must be one of [HTTP, HTTPS]",rule="self in ['', 'HTTP', 'HTTPS']"
     string scheme = 4;
 
     // Headers the proxy will pass on to make the request.
@@ -187,8 +192,18 @@ message HTTPHealthCheckConfig {
     repeated HTTPHeader http_headers = 5;
 }
 
+message GrpcHealthCheckConfig {
+    // Port on which the endpoint lives.
+    // +kubebuilder:validation:XValidation:message="port must be between 1-65535",rule="0 < self && self <= 65535"
+    uint32 port = 1;
+
+    // Service is the fully qualified name of the service to send the grpc health check request
+    string service = 2;
+}
+
 message HTTPHeader {
     // The header field name
+    // +kubebuilder:validation:Pattern=^[-_A-Za-z0-9]+$
     string name = 1;
 
     // The header field value
@@ -199,10 +214,13 @@ message TCPHealthCheckConfig {
     // Host to connect to, defaults to localhost
     string host = 1;
     // Port of host
+    // +kubebuilder:validation:XValidation:message="port must be between 1-65535",rule="0 < self && self <= 65535"
     uint32 port = 2 [(google.api.field_behavior) = REQUIRED];
 }
 
 message ExecHealthCheckConfig {
     // Command to run. Exit status of 0 is treated as live/healthy and non-zero is unhealthy.
-    repeated string command = 1;
+    // +protoc-gen-crd:list-value-validation:MinLength=1
+    repeated string command = 1 [(google.api.field_behavior) = REQUIRED];
 }
+
diff --git a/vendor/istio.io/api/networking/v1beta1/workload_group_deepcopy.gen.go b/vendor/istio.io/api/networking/v1alpha3/workload_group_deepcopy.gen.go
similarity index 86%
rename from vendor/istio.io/api/networking/v1beta1/workload_group_deepcopy.gen.go
rename to vendor/istio.io/api/networking/v1alpha3/workload_group_deepcopy.gen.go
index f9b669ddc..de89e862d 100644
--- a/vendor/istio.io/api/networking/v1beta1/workload_group_deepcopy.gen.go
+++ b/vendor/istio.io/api/networking/v1alpha3/workload_group_deepcopy.gen.go
@@ -1,8 +1,8 @@
 // Code generated by protoc-gen-deepcopy. DO NOT EDIT.
-package v1beta1
+package v1alpha3
 
 import (
-	proto "github.com/golang/protobuf/proto"
+	proto "google.golang.org/protobuf/proto"
 )
 
 // DeepCopyInto supports using WorkloadGroup within kubernetes types, where deepcopy-gen is used.
@@ -89,6 +89,27 @@ func (in *HTTPHealthCheckConfig) DeepCopyInterface() interface{} {
 	return in.DeepCopy()
 }
 
+// DeepCopyInto supports using GrpcHealthCheckConfig within kubernetes types, where deepcopy-gen is used.
+func (in *GrpcHealthCheckConfig) DeepCopyInto(out *GrpcHealthCheckConfig) {
+	p := proto.Clone(in).(*GrpcHealthCheckConfig)
+	*out = *p
+}
+
+// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new GrpcHealthCheckConfig. Required by controller-gen.
+func (in *GrpcHealthCheckConfig) DeepCopy() *GrpcHealthCheckConfig {
+	if in == nil {
+		return nil
+	}
+	out := new(GrpcHealthCheckConfig)
+	in.DeepCopyInto(out)
+	return out
+}
+
+// DeepCopyInterface is an autogenerated deepcopy function, copying the receiver, creating a new GrpcHealthCheckConfig. Required by controller-gen.
+func (in *GrpcHealthCheckConfig) DeepCopyInterface() interface{} {
+	return in.DeepCopy()
+}
+
 // DeepCopyInto supports using HTTPHeader within kubernetes types, where deepcopy-gen is used.
 func (in *HTTPHeader) DeepCopyInto(out *HTTPHeader) {
 	p := proto.Clone(in).(*HTTPHeader)
diff --git a/vendor/istio.io/api/networking/v1beta1/workload_group_json.gen.go b/vendor/istio.io/api/networking/v1alpha3/workload_group_json.gen.go
similarity index 87%
rename from vendor/istio.io/api/networking/v1beta1/workload_group_json.gen.go
rename to vendor/istio.io/api/networking/v1alpha3/workload_group_json.gen.go
index 3288f270a..f4ca9c8dd 100644
--- a/vendor/istio.io/api/networking/v1beta1/workload_group_json.gen.go
+++ b/vendor/istio.io/api/networking/v1alpha3/workload_group_json.gen.go
@@ -1,5 +1,5 @@
 // Code generated by protoc-gen-jsonshim. DO NOT EDIT.
-package v1beta1
+package v1alpha3
 
 import (
 	bytes "bytes"
@@ -50,6 +50,17 @@ func (this *HTTPHealthCheckConfig) UnmarshalJSON(b []byte) error {
 	return WorkloadGroupUnmarshaler.Unmarshal(bytes.NewReader(b), this)
 }
 
+// MarshalJSON is a custom marshaler for GrpcHealthCheckConfig
+func (this *GrpcHealthCheckConfig) MarshalJSON() ([]byte, error) {
+	str, err := WorkloadGroupMarshaler.MarshalToString(this)
+	return []byte(str), err
+}
+
+// UnmarshalJSON is a custom unmarshaler for GrpcHealthCheckConfig
+func (this *GrpcHealthCheckConfig) UnmarshalJSON(b []byte) error {
+	return WorkloadGroupUnmarshaler.Unmarshal(bytes.NewReader(b), this)
+}
+
 // MarshalJSON is a custom marshaler for HTTPHeader
 func (this *HTTPHeader) MarshalJSON() ([]byte, error) {
 	str, err := WorkloadGroupMarshaler.MarshalToString(this)
diff --git a/vendor/istio.io/api/networking/v1beta1/destination_rule.gen.json b/vendor/istio.io/api/networking/v1beta1/destination_rule.gen.json
deleted file mode 100644
index d4e491e33..000000000
--- a/vendor/istio.io/api/networking/v1beta1/destination_rule.gen.json
+++ /dev/null
@@ -1,679 +0,0 @@
-{
-  "openapi": "3.0.0",
-  "info": {
-    "title": "Configuration affecting load balancing, outlier detection, etc.",
-    "version": "v1beta1"
-  },
-  "components": {
-    "schemas": {
-      "istio.networking.v1beta1.ClientTLSSettings": {
-        "description": "SSL/TLS related settings for upstream connections. See Envoy's [TLS context](https://www.envoyproxy.io/docs/envoy/latest/api-v3/extensions/transport_sockets/tls/v3/common.proto.html#common-tls-configuration) for more details. These settings are common to both HTTP and TCP upstreams.",
-        "type": "object",
-        "properties": {
-          "mode": {
-            "$ref": "#/components/schemas/istio.networking.v1beta1.ClientTLSSettings.TLSmode"
-          },
-          "clientCertificate": {
-            "description": "REQUIRED if mode is `MUTUAL`. The path to the file holding the client-side TLS certificate to use. Should be empty if mode is `ISTIO_MUTUAL`.",
-            "type": "string"
-          },
-          "privateKey": {
-            "description": "REQUIRED if mode is `MUTUAL`. The path to the file holding the client's private key. Should be empty if mode is `ISTIO_MUTUAL`.",
-            "type": "string"
-          },
-          "caCertificates": {
-            "description": "OPTIONAL: The path to the file containing certificate authority certificates to use in verifying a presented server certificate. If omitted, the proxy will not verify the server's certificate. Should be empty if mode is `ISTIO_MUTUAL`.",
-            "type": "string"
-          },
-          "credentialName": {
-            "description": "The name of the secret that holds the TLS certs for the client including the CA certificates. Secret must exist in the same namespace with the proxy using the certificates. The secret (of type `generic`)should contain the following keys and values: `key: \u003cprivateKey\u003e`, `cert: \u003cclientCert\u003e`, `cacert: \u003cCACertificate\u003e`. Here CACertificate is used to verify the server certificate. Secret of type tls for client certificates along with ca.crt key for CA certificates is also supported. Only one of client certificates and CA certificate or credentialName can be specified.",
-            "type": "string"
-          },
-          "subjectAltNames": {
-            "description": "A list of alternate names to verify the subject identity in the certificate. If specified, the proxy will verify that the server certificate's subject alt name matches one of the specified values. If specified, this list overrides the value of subject_alt_names from the ServiceEntry. If unspecified, automatic validation of upstream presented certificate for new upstream connections will be done based on the downstream HTTP host/authority header, provided `VERIFY_CERT_AT_CLIENT` and `ENABLE_AUTO_SNI` environmental variables are set to `true`.",
-            "type": "array",
-            "items": {
-              "type": "string"
-            }
-          },
-          "sni": {
-            "description": "SNI string to present to the server during TLS handshake. If unspecified, SNI will be automatically set based on downstream HTTP host/authority header for SIMPLE and MUTUAL TLS modes, provided `ENABLE_AUTO_SNI` environmental variable is set to `true`.",
-            "type": "string"
-          },
-          "insecureSkipVerify": {
-            "description": "InsecureSkipVerify specifies whether the proxy should skip verifying the CA signature and SAN for the server certificate corresponding to the host. This flag should only be set if global CA signature verifcation is enabled, `VerifyCertAtClient` environmental variable is set to `true`, but no verification is desired for a specific host. If enabled with or without `VerifyCertAtClient` enabled, verification of the CA signature and SAN will be skipped.",
-            "type": "boolean",
-            "nullable": true
-          }
-        }
-      },
-      "istio.networking.v1beta1.ClientTLSSettings.TLSmode": {
-        "description": "TLS connection mode",
-        "type": "string",
-        "enum": [
-          "DISABLE",
-          "SIMPLE",
-          "MUTUAL",
-          "ISTIO_MUTUAL"
-        ]
-      },
-      "istio.networking.v1beta1.ConnectionPoolSettings": {
-        "description": "Connection pool settings for an upstream host. The settings apply to each individual host in the upstream service. See Envoy's [circuit breaker](https://www.envoyproxy.io/docs/envoy/latest/intro/arch_overview/upstream/circuit_breaking) for more details. Connection pool settings can be applied at the TCP level as well as at HTTP level.",
-        "type": "object",
-        "properties": {
-          "tcp": {
-            "$ref": "#/components/schemas/istio.networking.v1beta1.ConnectionPoolSettings.TCPSettings"
-          },
-          "http": {
-            "$ref": "#/components/schemas/istio.networking.v1beta1.ConnectionPoolSettings.HTTPSettings"
-          }
-        }
-      },
-      "istio.networking.v1beta1.ConnectionPoolSettings.HTTPSettings": {
-        "description": "Settings applicable to HTTP1.1/HTTP2/GRPC connections.",
-        "type": "object",
-        "properties": {
-          "http1MaxPendingRequests": {
-            "description": "Maximum number of requests that will be queued while waiting for a ready connection pool connection. Default 1024. Refer to https://www.envoyproxy.io/docs/envoy/latest/intro/arch_overview/upstream/circuit_breaking under which conditions a new connection is created for HTTP2. Please note that this is applicable to both HTTP/1.1 and HTTP2.",
-            "type": "integer",
-            "format": "int32"
-          },
-          "http2MaxRequests": {
-            "description": "Maximum number of active requests to a destination. Default 1024. Please note that this is applicable to both HTTP/1.1 and HTTP2.",
-            "type": "integer",
-            "format": "int32"
-          },
-          "maxRequestsPerConnection": {
-            "description": "Maximum number of requests per connection to a backend. Setting this parameter to 1 disables keep alive. Default 0, meaning \"unlimited\", up to 2^29.",
-            "type": "integer",
-            "format": "int32"
-          },
-          "maxRetries": {
-            "description": "Maximum number of retries that can be outstanding to all hosts in a cluster at a given time. Defaults to 2^32-1.",
-            "type": "integer",
-            "format": "int32"
-          },
-          "idleTimeout": {
-            "description": "The idle timeout for upstream connection pool connections. The idle timeout is defined as the period in which there are no active requests. If not set, the default is 1 hour. When the idle timeout is reached, the connection will be closed. If the connection is an HTTP/2 connection a drain sequence will occur prior to closing the connection. Note that request based timeouts mean that HTTP/2 PINGs will not keep the connection alive. Applies to both HTTP1.1 and HTTP2 connections.",
-            "type": "string"
-          },
-          "h2UpgradePolicy": {
-            "$ref": "#/components/schemas/istio.networking.v1beta1.ConnectionPoolSettings.HTTPSettings.H2UpgradePolicy"
-          },
-          "useClientProtocol": {
-            "description": "If set to true, client protocol will be preserved while initiating connection to backend. Note that when this is set to true, h2_upgrade_policy will be ineffective i.e. the client connections will not be upgraded to http2.",
-            "type": "boolean"
-          }
-        }
-      },
-      "istio.networking.v1beta1.ConnectionPoolSettings.HTTPSettings.H2UpgradePolicy": {
-        "description": "Policy for upgrading http1.1 connections to http2.",
-        "type": "string",
-        "enum": [
-          "DEFAULT",
-          "DO_NOT_UPGRADE",
-          "UPGRADE"
-        ]
-      },
-      "istio.networking.v1beta1.ConnectionPoolSettings.TCPSettings": {
-        "description": "Settings common to both HTTP and TCP upstream connections.",
-        "type": "object",
-        "properties": {
-          "maxConnections": {
-            "description": "Maximum number of HTTP1 /TCP connections to a destination host. Default 2^32-1.",
-            "type": "integer",
-            "format": "int32"
-          },
-          "connectTimeout": {
-            "description": "TCP connection timeout. format: 1h/1m/1s/1ms. MUST BE \u003e=1ms. Default is 10s.",
-            "type": "string"
-          },
-          "tcpKeepalive": {
-            "$ref": "#/components/schemas/istio.networking.v1beta1.ConnectionPoolSettings.TCPSettings.TcpKeepalive"
-          },
-          "maxConnectionDuration": {
-            "description": "The maximum duration of a connection. The duration is defined as the period since a connection was established. If not set, there is no max duration. When max_connection_duration is reached the connection will be closed. Duration must be at least 1ms.",
-            "type": "string"
-          }
-        }
-      },
-      "istio.networking.v1beta1.ConnectionPoolSettings.TCPSettings.TcpKeepalive": {
-        "description": "TCP keepalive.",
-        "type": "object",
-        "properties": {
-          "probes": {
-            "description": "Maximum number of keepalive probes to send without response before deciding the connection is dead. Default is to use the OS level configuration (unless overridden, Linux defaults to 9.)",
-            "type": "integer"
-          },
-          "time": {
-            "description": "The time duration a connection needs to be idle before keep-alive probes start being sent. Default is to use the OS level configuration (unless overridden, Linux defaults to 7200s (ie 2 hours.)",
-            "type": "string"
-          },
-          "interval": {
-            "description": "The time duration between keep-alive probes. Default is to use the OS level configuration (unless overridden, Linux defaults to 75s.)",
-            "type": "string"
-          }
-        }
-      },
-      "istio.networking.v1beta1.DestinationRule": {
-        "description": "DestinationRule defines policies that apply to traffic intended for a service after routing has occurred.",
-        "type": "object",
-        "properties": {
-          "host": {
-            "description": "The name of a service from the service registry. Service names are looked up from the platform's service registry (e.g., Kubernetes services, Consul services, etc.) and from the hosts declared by [ServiceEntries](https://istio.io/docs/reference/config/networking/service-entry/#ServiceEntry). Rules defined for services that do not exist in the service registry will be ignored.",
-            "type": "string"
-          },
-          "trafficPolicy": {
-            "$ref": "#/components/schemas/istio.networking.v1beta1.TrafficPolicy"
-          },
-          "subsets": {
-            "description": "One or more named sets that represent individual versions of a service. Traffic policies can be overridden at subset level.",
-            "type": "array",
-            "items": {
-              "$ref": "#/components/schemas/istio.networking.v1beta1.Subset"
-            }
-          },
-          "exportTo": {
-            "description": "A list of namespaces to which this destination rule is exported. The resolution of a destination rule to apply to a service occurs in the context of a hierarchy of namespaces. Exporting a destination rule allows it to be included in the resolution hierarchy for services in other namespaces. This feature provides a mechanism for service owners and mesh administrators to control the visibility of destination rules across namespace boundaries.",
-            "type": "array",
-            "items": {
-              "type": "string"
-            }
-          },
-          "workloadSelector": {
-            "$ref": "#/components/schemas/istio.type.v1beta1.WorkloadSelector"
-          }
-        }
-      },
-      "istio.networking.v1beta1.LoadBalancerSettings": {
-        "description": "Load balancing policies to apply for a specific destination. See Envoy's load balancing [documentation](https://www.envoyproxy.io/docs/envoy/latest/intro/arch_overview/upstream/load_balancing/load_balancing) for more details.",
-        "type": "object",
-        "properties": {
-          "localityLbSetting": {
-            "$ref": "#/components/schemas/istio.networking.v1beta1.LocalityLoadBalancerSetting"
-          },
-          "warmupDurationSecs": {
-            "description": "Represents the warmup duration of Service. If set, the newly created endpoint of service remains in warmup mode starting from its creation time for the duration of this window and Istio progressively increases amount of traffic for that endpoint instead of sending proportional amount of traffic. This should be enabled for services that require warm up time to serve full production load with reasonable latency. Currently this is only supported for ROUND_ROBIN and LEAST_REQUEST load balancers.",
-            "type": "string"
-          }
-        },
-        "oneOf": [
-          {
-            "not": {
-              "anyOf": [
-                {
-                  "required": [
-                    "simple"
-                  ],
-                  "properties": {
-                    "simple": {
-                      "$ref": "#/components/schemas/istio.networking.v1beta1.LoadBalancerSettings.SimpleLB"
-                    }
-                  }
-                },
-                {
-                  "required": [
-                    "consistentHash"
-                  ],
-                  "properties": {
-                    "consistentHash": {
-                      "$ref": "#/components/schemas/istio.networking.v1beta1.LoadBalancerSettings.ConsistentHashLB"
-                    }
-                  }
-                }
-              ]
-            }
-          },
-          {
-            "required": [
-              "simple"
-            ],
-            "properties": {
-              "simple": {
-                "$ref": "#/components/schemas/istio.networking.v1beta1.LoadBalancerSettings.SimpleLB"
-              }
-            }
-          },
-          {
-            "required": [
-              "consistentHash"
-            ],
-            "properties": {
-              "consistentHash": {
-                "$ref": "#/components/schemas/istio.networking.v1beta1.LoadBalancerSettings.ConsistentHashLB"
-              }
-            }
-          }
-        ]
-      },
-      "istio.networking.v1beta1.LoadBalancerSettings.ConsistentHashLB": {
-        "description": "Consistent Hash-based load balancing can be used to provide soft session affinity based on HTTP headers, cookies or other properties. The affinity to a particular destination host may be lost when one or more hosts are added/removed from the destination service.",
-        "type": "object",
-        "properties": {
-          "minimumRingSize": {
-            "description": "Deprecated. Use RingHash instead.",
-            "type": "integer",
-            "deprecated": true
-          }
-        },
-        "allOf": [
-          {
-            "oneOf": [
-              {
-                "not": {
-                  "anyOf": [
-                    {
-                      "required": [
-                        "httpHeaderName"
-                      ],
-                      "properties": {
-                        "httpHeaderName": {
-                          "description": "Hash based on a specific HTTP header.",
-                          "type": "string"
-                        }
-                      }
-                    },
-                    {
-                      "required": [
-                        "httpCookie"
-                      ],
-                      "properties": {
-                        "httpCookie": {
-                          "$ref": "#/components/schemas/istio.networking.v1beta1.LoadBalancerSettings.ConsistentHashLB.HTTPCookie"
-                        }
-                      }
-                    },
-                    {
-                      "required": [
-                        "useSourceIp"
-                      ],
-                      "properties": {
-                        "useSourceIp": {
-                          "description": "Hash based on the source IP address. This is applicable for both TCP and HTTP connections.",
-                          "type": "boolean"
-                        }
-                      }
-                    },
-                    {
-                      "required": [
-                        "httpQueryParameterName"
-                      ],
-                      "properties": {
-                        "httpQueryParameterName": {
-                          "description": "Hash based on a specific HTTP query parameter.",
-                          "type": "string"
-                        }
-                      }
-                    }
-                  ]
-                }
-              },
-              {
-                "required": [
-                  "httpHeaderName"
-                ],
-                "properties": {
-                  "httpHeaderName": {
-                    "description": "Hash based on a specific HTTP header.",
-                    "type": "string"
-                  }
-                }
-              },
-              {
-                "required": [
-                  "httpCookie"
-                ],
-                "properties": {
-                  "httpCookie": {
-                    "$ref": "#/components/schemas/istio.networking.v1beta1.LoadBalancerSettings.ConsistentHashLB.HTTPCookie"
-                  }
-                }
-              },
-              {
-                "required": [
-                  "useSourceIp"
-                ],
-                "properties": {
-                  "useSourceIp": {
-                    "description": "Hash based on the source IP address. This is applicable for both TCP and HTTP connections.",
-                    "type": "boolean"
-                  }
-                }
-              },
-              {
-                "required": [
-                  "httpQueryParameterName"
-                ],
-                "properties": {
-                  "httpQueryParameterName": {
-                    "description": "Hash based on a specific HTTP query parameter.",
-                    "type": "string"
-                  }
-                }
-              }
-            ]
-          },
-          {
-            "oneOf": [
-              {
-                "not": {
-                  "anyOf": [
-                    {
-                      "required": [
-                        "ringHash"
-                      ],
-                      "properties": {
-                        "ringHash": {
-                          "$ref": "#/components/schemas/istio.networking.v1beta1.LoadBalancerSettings.ConsistentHashLB.RingHash"
-                        }
-                      }
-                    },
-                    {
-                      "required": [
-                        "maglev"
-                      ],
-                      "properties": {
-                        "maglev": {
-                          "$ref": "#/components/schemas/istio.networking.v1beta1.LoadBalancerSettings.ConsistentHashLB.MagLev"
-                        }
-                      }
-                    }
-                  ]
-                }
-              },
-              {
-                "required": [
-                  "ringHash"
-                ],
-                "properties": {
-                  "ringHash": {
-                    "$ref": "#/components/schemas/istio.networking.v1beta1.LoadBalancerSettings.ConsistentHashLB.RingHash"
-                  }
-                }
-              },
-              {
-                "required": [
-                  "maglev"
-                ],
-                "properties": {
-                  "maglev": {
-                    "$ref": "#/components/schemas/istio.networking.v1beta1.LoadBalancerSettings.ConsistentHashLB.MagLev"
-                  }
-                }
-              }
-            ]
-          }
-        ]
-      },
-      "istio.networking.v1beta1.LoadBalancerSettings.ConsistentHashLB.HTTPCookie": {
-        "description": "Describes a HTTP cookie that will be used as the hash key for the Consistent Hash load balancer. If the cookie is not present, it will be generated.",
-        "type": "object",
-        "properties": {
-          "name": {
-            "description": "Name of the cookie.",
-            "type": "string"
-          },
-          "path": {
-            "description": "Path to set for the cookie.",
-            "type": "string"
-          },
-          "ttl": {
-            "description": "Lifetime of the cookie.",
-            "type": "string"
-          }
-        }
-      },
-      "istio.networking.v1beta1.LoadBalancerSettings.ConsistentHashLB.MagLev": {
-        "type": "object",
-        "properties": {
-          "tableSize": {
-            "description": "The table size for Maglev hashing. This helps in controlling the disruption when the backend hosts change. Increasing the table size reduces the amount of disruption.",
-            "type": "integer"
-          }
-        }
-      },
-      "istio.networking.v1beta1.LoadBalancerSettings.ConsistentHashLB.RingHash": {
-        "type": "object",
-        "properties": {
-          "minimumRingSize": {
-            "description": "The minimum number of virtual nodes to use for the hash ring. Defaults to 1024. Larger ring sizes result in more granular load distributions. If the number of hosts in the load balancing pool is larger than the ring size, each host will be assigned a single virtual node.",
-            "type": "integer"
-          }
-        }
-      },
-      "istio.networking.v1beta1.LoadBalancerSettings.SimpleLB": {
-        "description": "Standard load balancing algorithms that require no tuning.",
-        "type": "string",
-        "enum": [
-          "UNSPECIFIED",
-          "LEAST_CONN",
-          "RANDOM",
-          "PASSTHROUGH",
-          "ROUND_ROBIN",
-          "LEAST_REQUEST"
-        ]
-      },
-      "istio.networking.v1beta1.LocalityLoadBalancerSetting": {
-        "description": "Locality-weighted load balancing allows administrators to control the distribution of traffic to endpoints based on the localities of where the traffic originates and where it will terminate. These localities are specified using arbitrary labels that designate a hierarchy of localities in {region}/{zone}/{sub-zone} form. For additional detail refer to [Locality Weight](https://www.envoyproxy.io/docs/envoy/latest/intro/arch_overview/upstream/load_balancing/locality_weight) The following example shows how to setup locality weights mesh-wide.",
-        "type": "object",
-        "properties": {
-          "distribute": {
-            "description": "Optional: only one of distribute, failover or failoverPriority can be set. Explicitly specify loadbalancing weight across different zones and geographical locations. Refer to [Locality weighted load balancing](https://www.envoyproxy.io/docs/envoy/latest/intro/arch_overview/upstream/load_balancing/locality_weight) If empty, the locality weight is set according to the endpoints number within it.",
-            "type": "array",
-            "items": {
-              "$ref": "#/components/schemas/istio.networking.v1beta1.LocalityLoadBalancerSetting.Distribute"
-            }
-          },
-          "failover": {
-            "description": "Optional: only one of distribute, failover or failoverPriority can be set. Explicitly specify the region traffic will land on when endpoints in local region becomes unhealthy. Should be used together with OutlierDetection to detect unhealthy endpoints. Note: if no OutlierDetection specified, this will not take effect.",
-            "type": "array",
-            "items": {
-              "$ref": "#/components/schemas/istio.networking.v1beta1.LocalityLoadBalancerSetting.Failover"
-            }
-          },
-          "failoverPriority": {
-            "description": "failoverPriority is an ordered list of labels used to sort endpoints to do priority based load balancing. This is to support traffic failover across different groups of endpoints. Suppose there are total N labels specified: 1. Endpoints matching all N labels with the client proxy have priority P(0) i.e. the highest priority. 2. Endpoints matching the first N-1 labels with the client proxy have priority P(1) i.e. second highest priority. 3. By extension of this logic, endpoints matching only the first label with the client proxy has priority P(N-1) i.e. second lowest priority. 4. All the other endpoints have priority P(N) i.e. lowest priority.",
-            "type": "array",
-            "items": {
-              "type": "string"
-            }
-          },
-          "enabled": {
-            "description": "enable locality load balancing, this is DestinationRule-level and will override mesh wide settings in entirety. e.g. true means that turn on locality load balancing for this DestinationRule no matter what mesh wide settings is.",
-            "type": "boolean",
-            "nullable": true
-          }
-        }
-      },
-      "istio.networking.v1beta1.LocalityLoadBalancerSetting.Distribute": {
-        "description": "Describes how traffic originating in the 'from' zone or sub-zone is distributed over a set of 'to' zones. Syntax for specifying a zone is {region}/{zone}/{sub-zone} and terminal wildcards are allowed on any segment of the specification. Examples: `*` - matches all localities",
-        "type": "object",
-        "properties": {
-          "from": {
-            "description": "Originating locality, '/' separated, e.g. 'region/zone/sub_zone'.",
-            "type": "string"
-          },
-          "to": {
-            "description": "Map of upstream localities to traffic distribution weights. The sum of all weights should be 100. Any locality not present will receive no traffic.",
-            "type": "object",
-            "additionalProperties": {
-              "type": "integer"
-            }
-          }
-        }
-      },
-      "istio.networking.v1beta1.LocalityLoadBalancerSetting.Failover": {
-        "description": "Specify the traffic failover policy across regions. Since zone and sub-zone failover is supported by default this only needs to be specified for regions when the operator needs to constrain traffic failover so that the default behavior of failing over to any endpoint globally does not apply. This is useful when failing over traffic across regions would not improve service health or may need to be restricted for other reasons like regulatory controls.",
-        "type": "object",
-        "properties": {
-          "from": {
-            "description": "Originating region.",
-            "type": "string"
-          },
-          "to": {
-            "description": "Destination region the traffic will fail over to when endpoints in the 'from' region becomes unhealthy.",
-            "type": "string"
-          }
-        }
-      },
-      "istio.networking.v1beta1.OutlierDetection": {
-        "description": "A Circuit breaker implementation that tracks the status of each individual host in the upstream service. Applicable to both HTTP and TCP services. For HTTP services, hosts that continually return 5xx errors for API calls are ejected from the pool for a pre-defined period of time. For TCP services, connection timeouts or connection failures to a given host counts as an error when measuring the consecutive errors metric. See Envoy's [outlier detection](https://www.envoyproxy.io/docs/envoy/latest/intro/arch_overview/upstream/outlier) for more details.",
-        "type": "object",
-        "properties": {
-          "consecutiveErrors": {
-            "description": "Number of errors before a host is ejected from the connection pool. Defaults to 5. When the upstream host is accessed over HTTP, a 502, 503, or 504 return code qualifies as an error. When the upstream host is accessed over an opaque TCP connection, connect timeouts and connection error/failure events qualify as an error. $hide_from_docs",
-            "type": "integer",
-            "format": "int32",
-            "deprecated": true
-          },
-          "splitExternalLocalOriginErrors": {
-            "description": "Determines whether to distinguish local origin failures from external errors. If set to true consecutive_local_origin_failure is taken into account for outlier detection calculations. This should be used when you want to derive the outlier detection status based on the errors seen locally such as failure to connect, timeout while connecting etc. rather than the status code retuned by upstream service. This is especially useful when the upstream service explicitly returns a 5xx for some requests and you want to ignore those responses from upstream service while determining the outlier detection status of a host. Defaults to false.",
-            "type": "boolean"
-          },
-          "consecutiveLocalOriginFailures": {
-            "description": "The number of consecutive locally originated failures before ejection occurs. Defaults to 5. Parameter takes effect only when split_external_local_origin_errors is set to true.",
-            "type": "integer",
-            "nullable": true
-          },
-          "consecutiveGatewayErrors": {
-            "description": "Number of gateway errors before a host is ejected from the connection pool. When the upstream host is accessed over HTTP, a 502, 503, or 504 return code qualifies as a gateway error. When the upstream host is accessed over an opaque TCP connection, connect timeouts and connection error/failure events qualify as a gateway error. This feature is disabled by default or when set to the value 0.",
-            "type": "integer",
-            "nullable": true
-          },
-          "consecutive5xxErrors": {
-            "description": "Number of 5xx errors before a host is ejected from the connection pool. When the upstream host is accessed over an opaque TCP connection, connect timeouts, connection error/failure and request failure events qualify as a 5xx error. This feature defaults to 5 but can be disabled by setting the value to 0.",
-            "type": "integer",
-            "nullable": true
-          },
-          "interval": {
-            "description": "Time interval between ejection sweep analysis. format: 1h/1m/1s/1ms. MUST BE \u003e=1ms. Default is 10s.",
-            "type": "string"
-          },
-          "baseEjectionTime": {
-            "description": "Minimum ejection duration. A host will remain ejected for a period equal to the product of minimum ejection duration and the number of times the host has been ejected. This technique allows the system to automatically increase the ejection period for unhealthy upstream servers. format: 1h/1m/1s/1ms. MUST BE \u003e=1ms. Default is 30s.",
-            "type": "string"
-          },
-          "maxEjectionPercent": {
-            "description": "Maximum % of hosts in the load balancing pool for the upstream service that can be ejected. Defaults to 10%.",
-            "type": "integer",
-            "format": "int32"
-          },
-          "minHealthPercent": {
-            "description": "Outlier detection will be enabled as long as the associated load balancing pool has at least min_health_percent hosts in healthy mode. When the percentage of healthy hosts in the load balancing pool drops below this threshold, outlier detection will be disabled and the proxy will load balance across all hosts in the pool (healthy and unhealthy). The threshold can be disabled by setting it to 0%. The default is 0% as it's not typically applicable in k8s environments with few pods per service.",
-            "type": "integer",
-            "format": "int32"
-          }
-        }
-      },
-      "istio.networking.v1beta1.PortSelector": {
-        "description": "PortSelector specifies the number of a port to be used for matching or selection for final routing.",
-        "type": "object",
-        "properties": {
-          "number": {
-            "description": "Valid port number",
-            "type": "integer"
-          }
-        }
-      },
-      "istio.networking.v1beta1.Subset": {
-        "description": "A subset of endpoints of a service. Subsets can be used for scenarios like A/B testing, or routing to a specific version of a service. Refer to [VirtualService](https://istio.io/docs/reference/config/networking/virtual-service/#VirtualService) documentation for examples of using subsets in these scenarios. In addition, traffic policies defined at the service-level can be overridden at a subset-level. The following rule uses a round robin load balancing policy for all traffic going to a subset named testversion that is composed of endpoints (e.g., pods) with labels (version:v3).",
-        "type": "object",
-        "properties": {
-          "name": {
-            "description": "Name of the subset. The service name and the subset name can be used for traffic splitting in a route rule.",
-            "type": "string"
-          },
-          "labels": {
-            "description": "Labels apply a filter over the endpoints of a service in the service registry. See route rules for examples of usage.",
-            "type": "object",
-            "additionalProperties": {
-              "type": "string"
-            }
-          },
-          "trafficPolicy": {
-            "$ref": "#/components/schemas/istio.networking.v1beta1.TrafficPolicy"
-          }
-        }
-      },
-      "istio.networking.v1beta1.TrafficPolicy": {
-        "description": "Traffic policies to apply for a specific destination, across all destination ports. See DestinationRule for examples.",
-        "type": "object",
-        "properties": {
-          "loadBalancer": {
-            "$ref": "#/components/schemas/istio.networking.v1beta1.LoadBalancerSettings"
-          },
-          "connectionPool": {
-            "$ref": "#/components/schemas/istio.networking.v1beta1.ConnectionPoolSettings"
-          },
-          "outlierDetection": {
-            "$ref": "#/components/schemas/istio.networking.v1beta1.OutlierDetection"
-          },
-          "tls": {
-            "$ref": "#/components/schemas/istio.networking.v1beta1.ClientTLSSettings"
-          },
-          "portLevelSettings": {
-            "description": "Traffic policies specific to individual ports. Note that port level settings will override the destination-level settings. Traffic settings specified at the destination-level will not be inherited when overridden by port-level settings, i.e. default values will be applied to fields omitted in port-level traffic policies.",
-            "type": "array",
-            "items": {
-              "$ref": "#/components/schemas/istio.networking.v1beta1.TrafficPolicy.PortTrafficPolicy"
-            }
-          },
-          "tunnel": {
-            "$ref": "#/components/schemas/istio.networking.v1beta1.TrafficPolicy.TunnelSettings"
-          }
-        }
-      },
-      "istio.networking.v1beta1.TrafficPolicy.PortTrafficPolicy": {
-        "description": "Traffic policies that apply to specific ports of the service",
-        "type": "object",
-        "properties": {
-          "port": {
-            "$ref": "#/components/schemas/istio.networking.v1beta1.PortSelector"
-          },
-          "loadBalancer": {
-            "$ref": "#/components/schemas/istio.networking.v1beta1.LoadBalancerSettings"
-          },
-          "connectionPool": {
-            "$ref": "#/components/schemas/istio.networking.v1beta1.ConnectionPoolSettings"
-          },
-          "outlierDetection": {
-            "$ref": "#/components/schemas/istio.networking.v1beta1.OutlierDetection"
-          },
-          "tls": {
-            "$ref": "#/components/schemas/istio.networking.v1beta1.ClientTLSSettings"
-          }
-        }
-      },
-      "istio.networking.v1beta1.TrafficPolicy.TunnelSettings": {
-        "type": "object",
-        "properties": {
-          "protocol": {
-            "description": "Specifies which protocol to use for tunneling the downstream connection. Supported protocols are: CONNECT - uses HTTP CONNECT; POST - uses HTTP POST. CONNECT is used by default if not specified. HTTP version for upstream requests is determined by the service protocol defined for the proxy.",
-            "type": "string"
-          },
-          "targetHost": {
-            "description": "Specifies a host to which the downstream connection is tunneled. Target host must be an FQDN or IP address.",
-            "type": "string"
-          },
-          "targetPort": {
-            "description": "Specifies a port to which the downstream connection is tunneled.",
-            "type": "integer"
-          }
-        }
-      },
-      "istio.type.v1beta1.WorkloadSelector": {
-        "description": "WorkloadSelector specifies the criteria used to determine if a policy can be applied to a proxy. The matching criteria includes the metadata associated with a proxy, workload instance info such as labels attached to the pod/VM, or any other info that the proxy provides to Istio during the initial handshake. If multiple conditions are specified, all conditions need to match in order for the workload instance to be selected. Currently, only label based selection mechanism is supported.",
-        "type": "object",
-        "properties": {
-          "matchLabels": {
-            "description": "One or more labels that indicate a specific set of pods/VMs on which a policy should be applied. The scope of label search is restricted to the configuration namespace in which the resource is present.",
-            "type": "object",
-            "additionalProperties": {
-              "type": "string"
-            }
-          }
-        }
-      }
-    }
-  }
-}
\ No newline at end of file
diff --git a/vendor/istio.io/api/networking/v1beta1/destination_rule_alias.gen.go b/vendor/istio.io/api/networking/v1beta1/destination_rule_alias.gen.go
new file mode 100644
index 000000000..4c8de83cd
--- /dev/null
+++ b/vendor/istio.io/api/networking/v1beta1/destination_rule_alias.gen.go
@@ -0,0 +1,472 @@
+// Code generated by protoc-gen-alias. DO NOT EDIT.
+package v1beta1
+
+import "istio.io/api/networking/v1alpha3"
+
+// DestinationRule defines policies that apply to traffic intended for a service
+// after routing has occurred.
+//
+// 
+//
+// 
+type DestinationRule = v1alpha3.DestinationRule
+
+// Traffic policies to apply for a specific destination, across all
+// destination ports. See DestinationRule for examples.
+type TrafficPolicy = v1alpha3.TrafficPolicy
+
+// Traffic policies that apply to specific ports of the service
+type TrafficPolicy_PortTrafficPolicy = v1alpha3.TrafficPolicy_PortTrafficPolicy
+type TrafficPolicy_TunnelSettings = v1alpha3.TrafficPolicy_TunnelSettings
+type TrafficPolicy_ProxyProtocol = v1alpha3.TrafficPolicy_ProxyProtocol
+type TrafficPolicy_ProxyProtocol_VERSION = v1alpha3.TrafficPolicy_ProxyProtocol_VERSION
+
+// ⁣PROXY protocol version 1. Human readable format.
+const TrafficPolicy_ProxyProtocol_V1 TrafficPolicy_ProxyProtocol_VERSION = v1alpha3.TrafficPolicy_ProxyProtocol_V1
+
+// ⁣PROXY protocol version 2. Binary format.
+const TrafficPolicy_ProxyProtocol_V2 TrafficPolicy_ProxyProtocol_VERSION = v1alpha3.TrafficPolicy_ProxyProtocol_V2
+
+// A subset of endpoints of a service. Subsets can be used for scenarios
+// like A/B testing, or routing to a specific version of a service. Refer
+// to [VirtualService](https://istio.io/docs/reference/config/networking/virtual-service/#VirtualService) documentation for examples of using
+// subsets in these scenarios. In addition, traffic policies defined at the
+// service-level can be overridden at a subset-level. The following rule
+// uses a round robin load balancing policy for all traffic going to a
+// subset named testversion that is composed of endpoints (e.g., pods) with
+// labels (version:v3).
+//
+// ```yaml
+// apiVersion: networking.istio.io/v1
+// kind: DestinationRule
+// metadata:
+//
+//	name: bookinfo-ratings
+//
+// spec:
+//
+//	host: ratings.prod.svc.cluster.local
+//	trafficPolicy:
+//	  loadBalancer:
+//	    simple: LEAST_REQUEST
+//	subsets:
+//	- name: testversion
+//	  labels:
+//	    version: v3
+//	  trafficPolicy:
+//	    loadBalancer:
+//	      simple: ROUND_ROBIN
+//
+// ```
+//
+// **Note:** Policies specified for subsets will not take effect until
+// a route rule explicitly sends traffic to this subset.
+//
+// One or more labels are typically required to identify the subset destination,
+// however, when the corresponding DestinationRule represents a host that
+// supports multiple SNI hosts (e.g., an egress gateway), a subset without labels
+// may be meaningful. In this case a traffic policy with [ClientTLSSettings](#ClientTLSSettings)
+// can be used to identify a specific SNI host corresponding to the named subset.
+type Subset = v1alpha3.Subset
+
+// Load balancing policies to apply for a specific destination. See Envoy's
+// load balancing
+// [documentation](https://www.envoyproxy.io/docs/envoy/latest/intro/arch_overview/upstream/load_balancing/load_balancing)
+// for more details.
+//
+// For example, the following rule uses a round robin load balancing policy
+// for all traffic going to the ratings service.
+//
+// ```yaml
+// apiVersion: networking.istio.io/v1
+// kind: DestinationRule
+// metadata:
+//
+//	name: bookinfo-ratings
+//
+// spec:
+//
+//	host: ratings.prod.svc.cluster.local
+//	trafficPolicy:
+//	  loadBalancer:
+//	    simple: ROUND_ROBIN
+//
+// ```
+//
+// The following example sets up sticky sessions for the ratings service
+// hashing-based load balancer for the same ratings service using the
+// the User cookie as the hash key.
+//
+// ```yaml
+// apiVersion: networking.istio.io/v1
+// kind: DestinationRule
+// metadata:
+//
+//	name: bookinfo-ratings
+//
+// spec:
+//
+//	host: ratings.prod.svc.cluster.local
+//	trafficPolicy:
+//	  loadBalancer:
+//	    consistentHash:
+//	      httpCookie:
+//	        name: user
+//	        ttl: 0s
+//
+// ```
+type LoadBalancerSettings = v1alpha3.LoadBalancerSettings
+
+// Consistent Hash-based load balancing can be used to provide soft
+// session affinity based on HTTP headers, cookies or other
+// properties. The affinity to a particular destination host may be
+// lost when one or more hosts are added/removed from the destination
+// service.
+//
+// Note: consistent hashing is less reliable at maintaining affinity than common
+// "sticky sessions" implementations, which often encode a specific destination in
+// a cookie, ensuring affinity is maintained as long as the backend remains.
+// With consistent hash, the guarantees are weaker; any host addition or removal can
+// break affinity for `1/backends` requests.
+//
+// Warning: consistent hashing depends on each proxy having a consistent view of endpoints.
+// This is not the case when locality load balancing is enabled. Locality load balancing
+// and consistent hash will only work together when all proxies are in the same locality,
+// or a high level load balancer handles locality affinity.
+type LoadBalancerSettings_ConsistentHashLB = v1alpha3.LoadBalancerSettings_ConsistentHashLB
+type LoadBalancerSettings_ConsistentHashLB_RingHash = v1alpha3.LoadBalancerSettings_ConsistentHashLB_RingHash
+type LoadBalancerSettings_ConsistentHashLB_MagLev = v1alpha3.LoadBalancerSettings_ConsistentHashLB_MagLev
+
+// Describes a HTTP cookie that will be used as the hash key for the
+// Consistent Hash load balancer.
+type LoadBalancerSettings_ConsistentHashLB_HTTPCookie = v1alpha3.LoadBalancerSettings_ConsistentHashLB_HTTPCookie
+
+// Hash based on a specific HTTP header.
+type LoadBalancerSettings_ConsistentHashLB_HttpHeaderName = v1alpha3.LoadBalancerSettings_ConsistentHashLB_HttpHeaderName
+
+// Hash based on HTTP cookie.
+type LoadBalancerSettings_ConsistentHashLB_HttpCookie = v1alpha3.LoadBalancerSettings_ConsistentHashLB_HttpCookie
+
+// Hash based on the source IP address.
+// This is applicable for both TCP and HTTP connections.
+type LoadBalancerSettings_ConsistentHashLB_UseSourceIp = v1alpha3.LoadBalancerSettings_ConsistentHashLB_UseSourceIp
+
+// Hash based on a specific HTTP query parameter.
+type LoadBalancerSettings_ConsistentHashLB_HttpQueryParameterName = v1alpha3.LoadBalancerSettings_ConsistentHashLB_HttpQueryParameterName
+
+// The ring/modulo hash load balancer implements consistent hashing to backend hosts.
+type LoadBalancerSettings_ConsistentHashLB_RingHash_ = v1alpha3.LoadBalancerSettings_ConsistentHashLB_RingHash_
+
+// The Maglev load balancer implements consistent hashing to backend hosts.
+type LoadBalancerSettings_ConsistentHashLB_Maglev = v1alpha3.LoadBalancerSettings_ConsistentHashLB_Maglev
+
+// +kubebuilder:validation:XValidation:message="only one of warmupDurationSecs or warmup can be set",rule="(has(self.warmupDurationSecs)?1:0)+(has(self.warmup)?1:0)<=1"
+// Standard load balancing algorithms that require no tuning.
+type LoadBalancerSettings_SimpleLB = v1alpha3.LoadBalancerSettings_SimpleLB
+
+// No load balancing algorithm has been specified by the user. Istio
+// will select an appropriate default.
+const LoadBalancerSettings_UNSPECIFIED LoadBalancerSettings_SimpleLB = v1alpha3.LoadBalancerSettings_UNSPECIFIED
+
+// Deprecated. Use LEAST_REQUEST instead.
+const LoadBalancerSettings_LEAST_CONN LoadBalancerSettings_SimpleLB = v1alpha3.LoadBalancerSettings_LEAST_CONN
+
+// The random load balancer selects a random healthy host. The random
+// load balancer generally performs better than round robin if no health
+// checking policy is configured.
+const LoadBalancerSettings_RANDOM LoadBalancerSettings_SimpleLB = v1alpha3.LoadBalancerSettings_RANDOM
+
+// This option will forward the connection to the original IP address
+// requested by the caller without doing any form of load
+// balancing. This option must be used with care. It is meant for
+// advanced use cases. Refer to Original Destination load balancer in
+// Envoy for further details.
+const LoadBalancerSettings_PASSTHROUGH LoadBalancerSettings_SimpleLB = v1alpha3.LoadBalancerSettings_PASSTHROUGH
+
+// A basic round robin load balancing policy. This is generally unsafe
+// for many scenarios (e.g. when endpoint weighting is used) as it can
+// overburden endpoints. In general, prefer to use LEAST_REQUEST as a
+// drop-in replacement for ROUND_ROBIN.
+const LoadBalancerSettings_ROUND_ROBIN LoadBalancerSettings_SimpleLB = v1alpha3.LoadBalancerSettings_ROUND_ROBIN
+
+// The least request load balancer spreads load across endpoints, favoring
+// endpoints with the least outstanding requests. This is generally safer
+// and outperforms ROUND_ROBIN in nearly all cases. Prefer to use
+// LEAST_REQUEST as a drop-in replacement for ROUND_ROBIN.
+const LoadBalancerSettings_LEAST_REQUEST LoadBalancerSettings_SimpleLB = v1alpha3.LoadBalancerSettings_LEAST_REQUEST
+
+type LoadBalancerSettings_Simple = v1alpha3.LoadBalancerSettings_Simple
+type LoadBalancerSettings_ConsistentHash = v1alpha3.LoadBalancerSettings_ConsistentHash
+type WarmupConfiguration = v1alpha3.WarmupConfiguration
+
+// Connection pool settings for an upstream host. The settings apply to
+// each individual host in the upstream service.  See Envoy's [circuit
+// breaker](https://www.envoyproxy.io/docs/envoy/latest/intro/arch_overview/upstream/circuit_breaking)
+// for more details. Connection pool settings can be applied at the TCP
+// level as well as at HTTP level.
+//
+// For example, the following rule sets a limit of 100 connections to redis
+// service called myredissrv with a connect timeout of 30ms
+//
+// ```yaml
+// apiVersion: networking.istio.io/v1
+// kind: DestinationRule
+// metadata:
+//
+//	name: bookinfo-redis
+//
+// spec:
+//
+//	host: myredissrv.prod.svc.cluster.local
+//	trafficPolicy:
+//	  connectionPool:
+//	    tcp:
+//	      maxConnections: 100
+//	      connectTimeout: 30ms
+//	      tcpKeepalive:
+//	        time: 7200s
+//	        interval: 75s
+//
+// ```
+type ConnectionPoolSettings = v1alpha3.ConnectionPoolSettings
+
+// Settings common to both HTTP and TCP upstream connections.
+type ConnectionPoolSettings_TCPSettings = v1alpha3.ConnectionPoolSettings_TCPSettings
+
+// TCP keepalive.
+type ConnectionPoolSettings_TCPSettings_TcpKeepalive = v1alpha3.ConnectionPoolSettings_TCPSettings_TcpKeepalive
+
+// Settings applicable to HTTP1.1/HTTP2/GRPC connections.
+type ConnectionPoolSettings_HTTPSettings = v1alpha3.ConnectionPoolSettings_HTTPSettings
+
+// Policy for upgrading http1.1 connections to http2.
+type ConnectionPoolSettings_HTTPSettings_H2UpgradePolicy = v1alpha3.ConnectionPoolSettings_HTTPSettings_H2UpgradePolicy
+
+// Use the global default.
+const ConnectionPoolSettings_HTTPSettings_DEFAULT ConnectionPoolSettings_HTTPSettings_H2UpgradePolicy = v1alpha3.ConnectionPoolSettings_HTTPSettings_DEFAULT
+
+// Do not upgrade the connection to http2.
+// This opt-out option overrides the default.
+const ConnectionPoolSettings_HTTPSettings_DO_NOT_UPGRADE ConnectionPoolSettings_HTTPSettings_H2UpgradePolicy = v1alpha3.ConnectionPoolSettings_HTTPSettings_DO_NOT_UPGRADE
+
+// Upgrade the connection to http2.
+// This opt-in option overrides the default.
+const ConnectionPoolSettings_HTTPSettings_UPGRADE ConnectionPoolSettings_HTTPSettings_H2UpgradePolicy = v1alpha3.ConnectionPoolSettings_HTTPSettings_UPGRADE
+
+// A Circuit breaker implementation that tracks the status of each
+// individual host in the upstream service.  Applicable to both HTTP and
+// TCP services.  For HTTP services, hosts that continually return 5xx
+// errors for API calls are ejected from the pool for a pre-defined period
+// of time. For TCP services, connection timeouts or connection
+// failures to a given host counts as an error when measuring the
+// consecutive errors metric. See Envoy's [outlier
+// detection](https://www.envoyproxy.io/docs/envoy/latest/intro/arch_overview/upstream/outlier)
+// for more details.
+//
+// The following rule sets a connection pool size of 100 HTTP1 connections
+// with no more than 10 req/connection to the "reviews" service. In addition,
+// it sets a limit of 1000 concurrent HTTP2 requests and configures upstream
+// hosts to be scanned every 5 mins so that any host that fails 7 consecutive
+// times with a 502, 503, or 504 error code will be ejected for 15 minutes.
+//
+// ```yaml
+// apiVersion: networking.istio.io/v1
+// kind: DestinationRule
+// metadata:
+//
+//	name: reviews-cb-policy
+//
+// spec:
+//
+//	host: reviews.prod.svc.cluster.local
+//	trafficPolicy:
+//	  connectionPool:
+//	    tcp:
+//	      maxConnections: 100
+//	    http:
+//	      http2MaxRequests: 1000
+//	      maxRequestsPerConnection: 10
+//	  outlierDetection:
+//	    consecutive5xxErrors: 7
+//	    interval: 5m
+//	    baseEjectionTime: 15m
+//
+// ```
+type OutlierDetection = v1alpha3.OutlierDetection
+
+// SSL/TLS related settings for upstream connections. See Envoy's [TLS
+// context](https://www.envoyproxy.io/docs/envoy/latest/api-v3/extensions/transport_sockets/tls/v3/common.proto.html#common-tls-configuration)
+// for more details. These settings are common to both HTTP and TCP upstreams.
+//
+// For example, the following rule configures a client to use mutual TLS
+// for connections to upstream database cluster.
+//
+// ```yaml
+// apiVersion: networking.istio.io/v1
+// kind: DestinationRule
+// metadata:
+//
+//	name: db-mtls
+//
+// spec:
+//
+//	host: mydbserver.prod.svc.cluster.local
+//	trafficPolicy:
+//	  tls:
+//	    mode: MUTUAL
+//	    clientCertificate: /etc/certs/myclientcert.pem
+//	    privateKey: /etc/certs/client_private_key.pem
+//	    caCertificates: /etc/certs/rootcacerts.pem
+//
+// ```
+//
+// The following rule configures a client to use TLS when talking to a
+// foreign service whose domain matches *.foo.com.
+//
+// ```yaml
+// apiVersion: networking.istio.io/v1
+// kind: DestinationRule
+// metadata:
+//
+//	name: tls-foo
+//
+// spec:
+//
+//	host: "*.foo.com"
+//	trafficPolicy:
+//	  tls:
+//	    mode: SIMPLE
+//
+// ```
+//
+// The following rule configures a client to use Istio mutual TLS when talking
+// to rating services.
+//
+// ```yaml
+// apiVersion: networking.istio.io/v1
+// kind: DestinationRule
+// metadata:
+//
+//	name: ratings-istio-mtls
+//
+// spec:
+//
+//	host: ratings.prod.svc.cluster.local
+//	trafficPolicy:
+//	  tls:
+//	    mode: ISTIO_MUTUAL
+//
+// ```
+type ClientTLSSettings = v1alpha3.ClientTLSSettings
+
+// TLS connection mode
+type ClientTLSSettings_TLSmode = v1alpha3.ClientTLSSettings_TLSmode
+
+// Do not setup a TLS connection to the upstream endpoint.
+const ClientTLSSettings_DISABLE ClientTLSSettings_TLSmode = v1alpha3.ClientTLSSettings_DISABLE
+
+// Originate a TLS connection to the upstream endpoint.
+const ClientTLSSettings_SIMPLE ClientTLSSettings_TLSmode = v1alpha3.ClientTLSSettings_SIMPLE
+
+// Secure connections to the upstream using mutual TLS by presenting
+// client certificates for authentication.
+const ClientTLSSettings_MUTUAL ClientTLSSettings_TLSmode = v1alpha3.ClientTLSSettings_MUTUAL
+
+// Secure connections to the upstream using mutual TLS by presenting
+// client certificates for authentication.
+// Compared to Mutual mode, this mode uses certificates generated
+// automatically by Istio for mTLS authentication. When this mode is
+// used, all other fields in `ClientTLSSettings` should be empty.
+const ClientTLSSettings_ISTIO_MUTUAL ClientTLSSettings_TLSmode = v1alpha3.ClientTLSSettings_ISTIO_MUTUAL
+
+// Locality-weighted load balancing allows administrators to control the
+// distribution of traffic to endpoints based on the localities of where the
+// traffic originates and where it will terminate. These localities are
+// specified using arbitrary labels that designate a hierarchy of localities in
+// {region}/{zone}/{sub-zone} form. For additional detail refer to
+// [Locality Weight](https://www.envoyproxy.io/docs/envoy/latest/intro/arch_overview/upstream/load_balancing/locality_weight)
+// The following example shows how to setup locality weights mesh-wide.
+//
+// Given a mesh with workloads and their service deployed to "us-west/zone1/\*"
+// and "us-west/zone2/\*". This example specifies that when traffic accessing a
+// service originates from workloads in "us-west/zone1/\*", 80% of the traffic
+// will be sent to endpoints in "us-west/zone1/\*", i.e the same zone, and the
+// remaining 20% will go to endpoints in "us-west/zone2/\*". This setup is
+// intended to favor routing traffic to endpoints in the same locality.
+// A similar setting is specified for traffic originating in "us-west/zone2/\*".
+//
+// ```yaml
+//
+//	distribute:
+//	  - from: us-west/zone1/*
+//	    to:
+//	      "us-west/zone1/*": 80
+//	      "us-west/zone2/*": 20
+//	  - from: us-west/zone2/*
+//	    to:
+//	      "us-west/zone1/*": 20
+//	      "us-west/zone2/*": 80
+//
+// ```
+//
+// If the goal of the operator is not to distribute load across zones and
+// regions but rather to restrict the regionality of failover to meet other
+// operational requirements an operator can set a 'failover' policy instead of
+// a 'distribute' policy.
+//
+// The following example sets up a locality failover policy for regions.
+// Assume a service resides in zones within us-east, us-west & eu-west
+// this example specifies that when endpoints within us-east become unhealthy
+// traffic should failover to endpoints in any zone or sub-zone within eu-west
+// and similarly us-west should failover to us-east.
+//
+// ```yaml
+//
+//	failover:
+//	  - from: us-east
+//	    to: eu-west
+//	  - from: us-west
+//	    to: us-east
+//
+// ```
+type LocalityLoadBalancerSetting = v1alpha3.LocalityLoadBalancerSetting
+
+// Describes how traffic originating in the 'from' zone or sub-zone is
+// distributed over a set of 'to' zones. Syntax for specifying a zone is
+// {region}/{zone}/{sub-zone} and terminal wildcards are allowed on any
+// segment of the specification. Examples:
+//
+// `*` - matches all localities
+//
+// `us-west/*` - all zones and sub-zones within the us-west region
+//
+// `us-west/zone-1/*` - all sub-zones within us-west/zone-1
+type LocalityLoadBalancerSetting_Distribute = v1alpha3.LocalityLoadBalancerSetting_Distribute
+
+// Specify the traffic failover policy across regions. Since zone and sub-zone
+// failover is supported by default this only needs to be specified for
+// regions when the operator needs to constrain traffic failover so that
+// the default behavior of failing over to any endpoint globally does not
+// apply. This is useful when failing over traffic across regions would not
+// improve service health or may need to be restricted for other reasons
+// like regulatory controls.
+type LocalityLoadBalancerSetting_Failover = v1alpha3.LocalityLoadBalancerSetting_Failover
diff --git a/vendor/istio.io/api/networking/v1beta1/gateway.gen.json b/vendor/istio.io/api/networking/v1beta1/gateway.gen.json
deleted file mode 100644
index 3f160cec7..000000000
--- a/vendor/istio.io/api/networking/v1beta1/gateway.gen.json
+++ /dev/null
@@ -1,168 +0,0 @@
-{
-  "openapi": "3.0.0",
-  "info": {
-    "title": "Configuration affecting edge load balancer.",
-    "version": "v1beta1"
-  },
-  "components": {
-    "schemas": {
-      "istio.networking.v1beta1.Gateway": {
-        "description": "Gateway describes a load balancer operating at the edge of the mesh receiving incoming or outgoing HTTP/TCP connections.",
-        "type": "object",
-        "properties": {
-          "servers": {
-            "description": "A list of server specifications.",
-            "type": "array",
-            "items": {
-              "$ref": "#/components/schemas/istio.networking.v1beta1.Server"
-            }
-          },
-          "selector": {
-            "description": "One or more labels that indicate a specific set of pods/VMs on which this gateway configuration should be applied. By default workloads are searched across all namespaces based on label selectors. This implies that a gateway resource in the namespace \"foo\" can select pods in the namespace \"bar\" based on labels. This behavior can be controlled via the `PILOT_SCOPE_GATEWAY_TO_NAMESPACE` environment variable in istiod. If this variable is set to true, the scope of label search is restricted to the configuration namespace in which the the resource is present. In other words, the Gateway resource must reside in the same namespace as the gateway workload instance. If selector is nil, the Gateway will be applied to all workloads.",
-            "type": "object",
-            "additionalProperties": {
-              "type": "string"
-            }
-          }
-        }
-      },
-      "istio.networking.v1beta1.Port": {
-        "description": "Port describes the properties of a specific port of a service.",
-        "type": "object",
-        "properties": {
-          "number": {
-            "description": "A valid non-negative integer port number.",
-            "type": "integer"
-          },
-          "protocol": {
-            "description": "The protocol exposed on the port. MUST BE one of HTTP|HTTPS|GRPC|HTTP2|MONGO|TCP|TLS. TLS implies the connection will be routed based on the SNI header to the destination without terminating the TLS connection.",
-            "type": "string"
-          },
-          "name": {
-            "description": "Label assigned to the port.",
-            "type": "string"
-          },
-          "targetPort": {
-            "description": "The port number on the endpoint where the traffic will be received. Applicable only when used with ServiceEntries.",
-            "type": "integer"
-          }
-        }
-      },
-      "istio.networking.v1beta1.Server": {
-        "description": "`Server` describes the properties of the proxy on a given load balancer port. For example,",
-        "type": "object",
-        "properties": {
-          "port": {
-            "$ref": "#/components/schemas/istio.networking.v1beta1.Port"
-          },
-          "bind": {
-            "description": "The ip or the Unix domain socket to which the listener should be bound to. Format: `x.x.x.x` or `unix:///path/to/uds` or `unix://@foobar` (Linux abstract namespace). When using Unix domain sockets, the port number should be 0. This can be used to restrict the reachability of this server to be gateway internal only. This is typically used when a gateway needs to communicate to another mesh service e.g. publishing metrics. In such case, the server created with the specified bind will not be available to external gateway clients.",
-            "type": "string"
-          },
-          "hosts": {
-            "description": "One or more hosts exposed by this gateway. While typically applicable to HTTP services, it can also be used for TCP services using TLS with SNI. A host is specified as a `dnsName` with an optional `namespace/` prefix. The `dnsName` should be specified using FQDN format, optionally including a wildcard character in the left-most component (e.g., `prod/*.example.com`). Set the `dnsName` to `*` to select all `VirtualService` hosts from the specified namespace (e.g.,`prod/*`).",
-            "type": "array",
-            "items": {
-              "type": "string"
-            }
-          },
-          "tls": {
-            "$ref": "#/components/schemas/istio.networking.v1beta1.ServerTLSSettings"
-          },
-          "defaultEndpoint": {
-            "description": "The loopback IP endpoint or Unix domain socket to which traffic should be forwarded to by default. Format should be `127.0.0.1:PORT` or `unix:///path/to/socket` or `unix://@foobar` (Linux abstract namespace). NOT IMPLEMENTED. $hide_from_docs",
-            "type": "string"
-          },
-          "name": {
-            "description": "An optional name of the server, when set must be unique across all servers. This will be used for variety of purposes like prefixing stats generated with this name etc.",
-            "type": "string"
-          }
-        }
-      },
-      "istio.networking.v1beta1.ServerTLSSettings": {
-        "type": "object",
-        "properties": {
-          "httpsRedirect": {
-            "description": "If set to true, the load balancer will send a 301 redirect for all http connections, asking the clients to use HTTPS.",
-            "type": "boolean"
-          },
-          "mode": {
-            "$ref": "#/components/schemas/istio.networking.v1beta1.ServerTLSSettings.TLSmode"
-          },
-          "serverCertificate": {
-            "description": "REQUIRED if mode is `SIMPLE` or `MUTUAL`. The path to the file holding the server-side TLS certificate to use.",
-            "type": "string"
-          },
-          "privateKey": {
-            "description": "REQUIRED if mode is `SIMPLE` or `MUTUAL`. The path to the file holding the server's private key.",
-            "type": "string"
-          },
-          "caCertificates": {
-            "description": "REQUIRED if mode is `MUTUAL`. The path to a file containing certificate authority certificates to use in verifying a presented client side certificate.",
-            "type": "string"
-          },
-          "credentialName": {
-            "description": "For gateways running on Kubernetes, the name of the secret that holds the TLS certs including the CA certificates. Applicable only on Kubernetes. The secret (of type `generic`) should contain the following keys and values: `key: \u003cprivateKey\u003e` and `cert: \u003cserverCert\u003e`. For mutual TLS, `cacert: \u003cCACertificate\u003e` can be provided in the same secret or a separate secret named `\u003csecret\u003e-cacert`. Secret of type tls for server certificates along with ca.crt key for CA certificates is also supported. Only one of server certificates and CA certificate or credentialName can be specified.",
-            "type": "string"
-          },
-          "subjectAltNames": {
-            "description": "A list of alternate names to verify the subject identity in the certificate presented by the client.",
-            "type": "array",
-            "items": {
-              "type": "string"
-            }
-          },
-          "verifyCertificateSpki": {
-            "description": "An optional list of base64-encoded SHA-256 hashes of the SPKIs of authorized client certificates. Note: When both verify_certificate_hash and verify_certificate_spki are specified, a hash matching either value will result in the certificate being accepted.",
-            "type": "array",
-            "items": {
-              "type": "string"
-            }
-          },
-          "verifyCertificateHash": {
-            "description": "An optional list of hex-encoded SHA-256 hashes of the authorized client certificates. Both simple and colon separated formats are acceptable. Note: When both verify_certificate_hash and verify_certificate_spki are specified, a hash matching either value will result in the certificate being accepted.",
-            "type": "array",
-            "items": {
-              "type": "string"
-            }
-          },
-          "minProtocolVersion": {
-            "$ref": "#/components/schemas/istio.networking.v1beta1.ServerTLSSettings.TLSProtocol"
-          },
-          "maxProtocolVersion": {
-            "$ref": "#/components/schemas/istio.networking.v1beta1.ServerTLSSettings.TLSProtocol"
-          },
-          "cipherSuites": {
-            "description": "Optional: If specified, only support the specified cipher list. Otherwise default to the default cipher list supported by Envoy.",
-            "type": "array",
-            "items": {
-              "type": "string"
-            }
-          }
-        }
-      },
-      "istio.networking.v1beta1.ServerTLSSettings.TLSProtocol": {
-        "description": "TLS protocol versions.",
-        "type": "string",
-        "enum": [
-          "TLS_AUTO",
-          "TLSV1_0",
-          "TLSV1_1",
-          "TLSV1_2",
-          "TLSV1_3"
-        ]
-      },
-      "istio.networking.v1beta1.ServerTLSSettings.TLSmode": {
-        "description": "TLS modes enforced by the proxy",
-        "type": "string",
-        "enum": [
-          "PASSTHROUGH",
-          "SIMPLE",
-          "MUTUAL",
-          "AUTO_PASSTHROUGH",
-          "ISTIO_MUTUAL"
-        ]
-      }
-    }
-  }
-}
\ No newline at end of file
diff --git a/vendor/istio.io/api/networking/v1beta1/gateway_alias.gen.go b/vendor/istio.io/api/networking/v1beta1/gateway_alias.gen.go
new file mode 100644
index 000000000..e855f331d
--- /dev/null
+++ b/vendor/istio.io/api/networking/v1beta1/gateway_alias.gen.go
@@ -0,0 +1,169 @@
+// Code generated by protoc-gen-alias. DO NOT EDIT.
+package v1beta1
+
+import "istio.io/api/networking/v1alpha3"
+
+// Gateway describes a load balancer operating at the edge of the mesh
+// receiving incoming or outgoing HTTP/TCP connections.
+//
+// 
+//
+// 
+type Gateway = v1alpha3.Gateway
+
+// `Server` describes the properties of the proxy on a given load balancer
+// port. For example,
+//
+// ```yaml
+// apiVersion: networking.istio.io/v1
+// kind: Gateway
+// metadata:
+//
+//	name: my-ingress
+//
+// spec:
+//
+//	selector:
+//	  app: my-ingressgateway
+//	servers:
+//	- port:
+//	    number: 80
+//	    name: http2
+//	    protocol: HTTP2
+//	  hosts:
+//	  - "*"
+//
+// ```
+//
+// # Another example
+//
+// ```yaml
+// apiVersion: networking.istio.io/v1
+// kind: Gateway
+// metadata:
+//
+//	name: my-tcp-ingress
+//
+// spec:
+//
+//	selector:
+//	  app: my-tcp-ingressgateway
+//	servers:
+//	- port:
+//	    number: 27018
+//	    name: mongo
+//	    protocol: MONGO
+//	  hosts:
+//	  - "*"
+//
+// ```
+//
+// # The following is an example of TLS configuration for port 443
+//
+// ```yaml
+// apiVersion: networking.istio.io/v1
+// kind: Gateway
+// metadata:
+//
+//	name: my-tls-ingress
+//
+// spec:
+//
+//	selector:
+//	  app: my-tls-ingressgateway
+//	servers:
+//	- port:
+//	    number: 443
+//	    name: https
+//	    protocol: HTTPS
+//	  hosts:
+//	  - "*"
+//	  tls:
+//	    mode: SIMPLE
+//	    credentialName: tls-cert
+//
+// ```
+type Server = v1alpha3.Server
+
+// Port describes the properties of a specific port of a service.
+type Port = v1alpha3.Port
+type ServerTLSSettings = v1alpha3.ServerTLSSettings
+
+// TLS modes enforced by the proxy
+type ServerTLSSettings_TLSmode = v1alpha3.ServerTLSSettings_TLSmode
+
+// The SNI string presented by the client will be used as the
+// match criterion in a VirtualService TLS route to determine
+// the destination service from the service registry.
+const ServerTLSSettings_PASSTHROUGH ServerTLSSettings_TLSmode = v1alpha3.ServerTLSSettings_PASSTHROUGH
+
+// Secure connections with standard TLS semantics. In this mode
+// client certificate is not requested during handshake.
+const ServerTLSSettings_SIMPLE ServerTLSSettings_TLSmode = v1alpha3.ServerTLSSettings_SIMPLE
+
+// Secure connections to the downstream using mutual TLS by
+// presenting server certificates for authentication.
+// A client certificate will also be requested during the handshake and
+// at least one valid certificate is required to be sent by the client.
+const ServerTLSSettings_MUTUAL ServerTLSSettings_TLSmode = v1alpha3.ServerTLSSettings_MUTUAL
+
+// Similar to the passthrough mode, except servers with this TLS
+// mode do not require an associated VirtualService to map from
+// the SNI value to service in the registry. The destination
+// details such as the service/subset/port are encoded in the
+// SNI value. The proxy will forward to the upstream (Envoy)
+// cluster (a group of endpoints) specified by the SNI
+// value. This server is typically used to provide connectivity
+// between services in disparate L3 networks that otherwise do
+// not have direct connectivity between their respective
+// endpoints. Use of this mode assumes that both the source and
+// the destination are using Istio mTLS to secure traffic.
+const ServerTLSSettings_AUTO_PASSTHROUGH ServerTLSSettings_TLSmode = v1alpha3.ServerTLSSettings_AUTO_PASSTHROUGH
+
+// Secure connections from the downstream using mutual TLS by
+// presenting server certificates for authentication.  Compared
+// to Mutual mode, this mode uses certificates, representing
+// gateway workload identity, generated automatically by Istio
+// for mTLS authentication. When this mode is used, all other
+// fields in `TLSOptions` should be empty.
+const ServerTLSSettings_ISTIO_MUTUAL ServerTLSSettings_TLSmode = v1alpha3.ServerTLSSettings_ISTIO_MUTUAL
+
+// Similar to MUTUAL mode, except that the client certificate
+// is optional. Unlike SIMPLE mode, A client certificate will
+// still be explicitly requested during handshake, but the client
+// is not required to send a certificate. If a client certificate
+// is presented, it will be validated. ca_certificates should
+// be specified for validating client certificates.
+const ServerTLSSettings_OPTIONAL_MUTUAL ServerTLSSettings_TLSmode = v1alpha3.ServerTLSSettings_OPTIONAL_MUTUAL
+
+// TLS protocol versions.
+type ServerTLSSettings_TLSProtocol = v1alpha3.ServerTLSSettings_TLSProtocol
+
+// Automatically choose the optimal TLS version.
+const ServerTLSSettings_TLS_AUTO ServerTLSSettings_TLSProtocol = v1alpha3.ServerTLSSettings_TLS_AUTO
+
+// TLS version 1.0
+const ServerTLSSettings_TLSV1_0 ServerTLSSettings_TLSProtocol = v1alpha3.ServerTLSSettings_TLSV1_0
+
+// TLS version 1.1
+const ServerTLSSettings_TLSV1_1 ServerTLSSettings_TLSProtocol = v1alpha3.ServerTLSSettings_TLSV1_1
+
+// TLS version 1.2
+const ServerTLSSettings_TLSV1_2 ServerTLSSettings_TLSProtocol = v1alpha3.ServerTLSSettings_TLSV1_2
+
+// TLS version 1.3
+const ServerTLSSettings_TLSV1_3 ServerTLSSettings_TLSProtocol = v1alpha3.ServerTLSSettings_TLSV1_3
diff --git a/vendor/istio.io/api/networking/v1beta1/proxy_config.gen.json b/vendor/istio.io/api/networking/v1beta1/proxy_config.gen.json
deleted file mode 100644
index d051b7125..000000000
--- a/vendor/istio.io/api/networking/v1beta1/proxy_config.gen.json
+++ /dev/null
@@ -1,58 +0,0 @@
-{
-  "openapi": "3.0.0",
-  "info": {
-    "title": "Provides configuration for individual workloads.",
-    "version": "v1beta1"
-  },
-  "components": {
-    "schemas": {
-      "istio.networking.v1beta1.ProxyConfig": {
-        "description": "`ProxyConfig` exposes proxy level configuration options.",
-        "type": "object",
-        "properties": {
-          "selector": {
-            "$ref": "#/components/schemas/istio.type.v1beta1.WorkloadSelector"
-          },
-          "concurrency": {
-            "description": "The number of worker threads to run. If unset, defaults to 2. If set to 0, this will be configured to use all cores on the machine using CPU requests and limits to choose a value, with limits taking precedence over requests.",
-            "type": "integer",
-            "nullable": true
-          },
-          "environmentVariables": {
-            "description": "Additional environment variables for the proxy. Names starting with `ISTIO_META_` will be included in the generated bootstrap configuration and sent to the XDS server.",
-            "type": "object",
-            "additionalProperties": {
-              "type": "string"
-            }
-          },
-          "image": {
-            "$ref": "#/components/schemas/istio.networking.v1beta1.ProxyImage"
-          }
-        }
-      },
-      "istio.networking.v1beta1.ProxyImage": {
-        "description": "The following values are used to construct proxy image url. format: `${hub}/${image_name}/${tag}-${image_type}`, example: `docker.io/istio/proxyv2:1.11.1` or `docker.io/istio/proxyv2:1.11.1-distroless`. This information was previously part of the Values API.",
-        "type": "object",
-        "properties": {
-          "imageType": {
-            "description": "The image type of the image. Istio publishes default, debug, and distroless images. Other values are allowed if those image types (example: centos) are published to the specified hub. supported values: default, debug, distroless.",
-            "type": "string"
-          }
-        }
-      },
-      "istio.type.v1beta1.WorkloadSelector": {
-        "description": "WorkloadSelector specifies the criteria used to determine if a policy can be applied to a proxy. The matching criteria includes the metadata associated with a proxy, workload instance info such as labels attached to the pod/VM, or any other info that the proxy provides to Istio during the initial handshake. If multiple conditions are specified, all conditions need to match in order for the workload instance to be selected. Currently, only label based selection mechanism is supported.",
-        "type": "object",
-        "properties": {
-          "matchLabels": {
-            "description": "One or more labels that indicate a specific set of pods/VMs on which a policy should be applied. The scope of label search is restricted to the configuration namespace in which the resource is present.",
-            "type": "object",
-            "additionalProperties": {
-              "type": "string"
-            }
-          }
-        }
-      }
-    }
-  }
-}
\ No newline at end of file
diff --git a/vendor/istio.io/api/networking/v1beta1/proxy_config.pb.go b/vendor/istio.io/api/networking/v1beta1/proxy_config.pb.go
index 97b927bd7..7e9467a53 100644
--- a/vendor/istio.io/api/networking/v1beta1/proxy_config.pb.go
+++ b/vendor/istio.io/api/networking/v1beta1/proxy_config.pb.go
@@ -14,7 +14,7 @@
 
 // Code generated by protoc-gen-go. DO NOT EDIT.
 // versions:
-// 	protoc-gen-go v1.28.1
+// 	protoc-gen-go v1.35.2
 // 	protoc        (unknown)
 // source: networking/v1beta1/proxy_config.proto
 
@@ -82,7 +82,7 @@
 // ```
 //
 // If a `ProxyConfig` CR is defined that matches a workload it will merge with its `proxy.istio.io/config` annotation if present,
-// with the CR taking precedence over the annotation for overlapping fields. Similarly, if a mesh wide `ProxyConfig` CR is defined and
+// with the CR taking precedence over the annotation for overlapping fields. Similarly, if a mesh-wide `ProxyConfig` CR is defined and
 // `meshConfig.DefaultConfig` is set, the two resources will be merged with the CR taking precedence for overlapping fields.
 //
 
@@ -108,12 +108,13 @@ const (
 //
 // 
@@ -133,11 +134,13 @@ type ProxyConfig struct {
 	// If not set, the `ProxyConfig` resource will be applied to all workloads in the namespace where this resource is defined.
 	Selector *v1beta1.WorkloadSelector `protobuf:"bytes,1,opt,name=selector,proto3" json:"selector,omitempty"`
 	// The number of worker threads to run.
-	// If unset, defaults to 2. If set to 0, this will be configured to use all cores on the machine using
-	// CPU requests and limits to choose a value, with limits taking precedence over requests.
+	// If unset, this will be automatically determined based on CPU limits.
+	// If set to 0, all cores on the machine will be used.
+	// +kubebuilder:validation:Minimum=0
 	Concurrency *wrappers.Int32Value `protobuf:"bytes,2,opt,name=concurrency,proto3" json:"concurrency,omitempty"`
 	// Additional environment variables for the proxy.
 	// Names starting with `ISTIO_META_` will be included in the generated bootstrap configuration and sent to the XDS server.
+	// +protoc-gen-crd:map-value-validation:MaxLength=2048
 	EnvironmentVariables map[string]string `protobuf:"bytes,3,rep,name=environment_variables,json=environmentVariables,proto3" json:"environment_variables,omitempty" protobuf_key:"bytes,1,opt,name=key,proto3" protobuf_val:"bytes,2,opt,name=value,proto3"`
 	// Specifies the details of the proxy image.
 	Image *ProxyImage `protobuf:"bytes,4,opt,name=image,proto3" json:"image,omitempty"`
@@ -145,11 +148,9 @@ type ProxyConfig struct {
 
 func (x *ProxyConfig) Reset() {
 	*x = ProxyConfig{}
-	if protoimpl.UnsafeEnabled {
-		mi := &file_networking_v1beta1_proxy_config_proto_msgTypes[0]
-		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
-		ms.StoreMessageInfo(mi)
-	}
+	mi := &file_networking_v1beta1_proxy_config_proto_msgTypes[0]
+	ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+	ms.StoreMessageInfo(mi)
 }
 
 func (x *ProxyConfig) String() string {
@@ -160,7 +161,7 @@ func (*ProxyConfig) ProtoMessage() {}
 
 func (x *ProxyConfig) ProtoReflect() protoreflect.Message {
 	mi := &file_networking_v1beta1_proxy_config_proto_msgTypes[0]
-	if protoimpl.UnsafeEnabled && x != nil {
+	if x != nil {
 		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
 		if ms.LoadMessageInfo() == nil {
 			ms.StoreMessageInfo(mi)
@@ -221,11 +222,9 @@ type ProxyImage struct {
 
 func (x *ProxyImage) Reset() {
 	*x = ProxyImage{}
-	if protoimpl.UnsafeEnabled {
-		mi := &file_networking_v1beta1_proxy_config_proto_msgTypes[1]
-		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
-		ms.StoreMessageInfo(mi)
-	}
+	mi := &file_networking_v1beta1_proxy_config_proto_msgTypes[1]
+	ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+	ms.StoreMessageInfo(mi)
 }
 
 func (x *ProxyImage) String() string {
@@ -236,7 +235,7 @@ func (*ProxyImage) ProtoMessage() {}
 
 func (x *ProxyImage) ProtoReflect() protoreflect.Message {
 	mi := &file_networking_v1beta1_proxy_config_proto_msgTypes[1]
-	if protoimpl.UnsafeEnabled && x != nil {
+	if x != nil {
 		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
 		if ms.LoadMessageInfo() == nil {
 			ms.StoreMessageInfo(mi)
@@ -315,7 +314,7 @@ func file_networking_v1beta1_proxy_config_proto_rawDescGZIP() []byte {
 }
 
 var file_networking_v1beta1_proxy_config_proto_msgTypes = make([]protoimpl.MessageInfo, 3)
-var file_networking_v1beta1_proxy_config_proto_goTypes = []interface{}{
+var file_networking_v1beta1_proxy_config_proto_goTypes = []any{
 	(*ProxyConfig)(nil),              // 0: istio.networking.v1beta1.ProxyConfig
 	(*ProxyImage)(nil),               // 1: istio.networking.v1beta1.ProxyImage
 	nil,                              // 2: istio.networking.v1beta1.ProxyConfig.EnvironmentVariablesEntry
@@ -339,32 +338,6 @@ func file_networking_v1beta1_proxy_config_proto_init() {
 	if File_networking_v1beta1_proxy_config_proto != nil {
 		return
 	}
-	if !protoimpl.UnsafeEnabled {
-		file_networking_v1beta1_proxy_config_proto_msgTypes[0].Exporter = func(v interface{}, i int) interface{} {
-			switch v := v.(*ProxyConfig); i {
-			case 0:
-				return &v.state
-			case 1:
-				return &v.sizeCache
-			case 2:
-				return &v.unknownFields
-			default:
-				return nil
-			}
-		}
-		file_networking_v1beta1_proxy_config_proto_msgTypes[1].Exporter = func(v interface{}, i int) interface{} {
-			switch v := v.(*ProxyImage); i {
-			case 0:
-				return &v.state
-			case 1:
-				return &v.sizeCache
-			case 2:
-				return &v.unknownFields
-			default:
-				return nil
-			}
-		}
-	}
 	type x struct{}
 	out := protoimpl.TypeBuilder{
 		File: protoimpl.DescBuilder{
diff --git a/vendor/istio.io/api/networking/v1beta1/proxy_config.pb.html b/vendor/istio.io/api/networking/v1beta1/proxy_config.pb.html
index a5714b22b..071b10feb 100644
--- a/vendor/istio.io/api/networking/v1beta1/proxy_config.pb.html
+++ b/vendor/istio.io/api/networking/v1beta1/proxy_config.pb.html
@@ -52,7 +52,7 @@
     imageType: debug
 
 
If a ProxyConfig CR is defined that matches a workload it will merge with its proxy.istio.io/config annotation if present,
-with the CR taking precedence over the annotation for overlapping fields. Similarly, if a mesh wide ProxyConfig CR is defined and
+with the CR taking precedence over the annotation for overlapping fields. Similarly, if a mesh-wide ProxyConfig CR is defined and
 meshConfig.DefaultConfig is set, the two resources will be merged with the CR taking precedence for overlapping fields.

 
 
ProxyConfig

@@ -63,58 +63,48 @@ 
ProxyConfig

 
-
-
-
-
+
-
-
-
+
-
-
-
+
-
-
-
+
-
@@ -131,24 +121,20 @@ 
ProxyImage

-
-
-
-
+
-
diff --git a/vendor/istio.io/api/networking/v1beta1/proxy_config.proto b/vendor/istio.io/api/networking/v1beta1/proxy_config.proto
index 8be1051ed..221922148 100644
--- a/vendor/istio.io/api/networking/v1beta1/proxy_config.proto
+++ b/vendor/istio.io/api/networking/v1beta1/proxy_config.proto
@@ -81,7 +81,7 @@ import "type/v1beta1/selector.proto";
 // ```
 //
 // If a `ProxyConfig` CR is defined that matches a workload it will merge with its `proxy.istio.io/config` annotation if present,
-// with the CR taking precedence over the annotation for overlapping fields. Similarly, if a mesh wide `ProxyConfig` CR is defined and
+// with the CR taking precedence over the annotation for overlapping fields. Similarly, if a mesh-wide `ProxyConfig` CR is defined and
 // `meshConfig.DefaultConfig` is set, the two resources will be merged with the CR taking precedence for overlapping fields.
 //
 package istio.networking.v1beta1;
@@ -92,12 +92,13 @@ option go_package= "istio.io/api/networking/v1beta1";
 //
 // 
@@ -114,13 +115,15 @@ message ProxyConfig {
   istio.type.v1beta1.WorkloadSelector selector = 1;
 
   // The number of worker threads to run.
-  // If unset, defaults to 2. If set to 0, this will be configured to use all cores on the machine using
-  // CPU requests and limits to choose a value, with limits taking precedence over requests.
+  // If unset, this will be automatically determined based on CPU limits.
+  // If set to 0, all cores on the machine will be used.
+  // +kubebuilder:validation:Minimum=0
   google.protobuf.Int32Value concurrency = 2;
 
   // Additional environment variables for the proxy.
   // Names starting with `ISTIO_META_` will be included in the generated bootstrap configuration and sent to the XDS server.
-  map environment_variables = 3;
+  // +protoc-gen-crd:map-value-validation:MaxLength=2048
+  map environment_variables = 3;
 
   // Specifies the details of the proxy image.
   ProxyImage image = 4;
@@ -136,4 +139,4 @@ message ProxyImage {
   // Other values are allowed if those image types (example: centos) are published to the specified hub.
   // supported values: default, debug, distroless.
   string image_type = 1;
-}
+}
\ No newline at end of file
diff --git a/vendor/istio.io/api/networking/v1beta1/proxy_config_deepcopy.gen.go b/vendor/istio.io/api/networking/v1beta1/proxy_config_deepcopy.gen.go
index 7ed271c93..50c92bd22 100644
--- a/vendor/istio.io/api/networking/v1beta1/proxy_config_deepcopy.gen.go
+++ b/vendor/istio.io/api/networking/v1beta1/proxy_config_deepcopy.gen.go
@@ -2,7 +2,7 @@
 package v1beta1
 
 import (
-	proto "github.com/golang/protobuf/proto"
+	proto "google.golang.org/protobuf/proto"
 )
 
 // DeepCopyInto supports using ProxyConfig within kubernetes types, where deepcopy-gen is used.
diff --git a/vendor/istio.io/api/networking/v1beta1/service_entry.gen.json b/vendor/istio.io/api/networking/v1beta1/service_entry.gen.json
deleted file mode 100644
index ba9e846d6..000000000
--- a/vendor/istio.io/api/networking/v1beta1/service_entry.gen.json
+++ /dev/null
@@ -1,161 +0,0 @@
-{
-  "openapi": "3.0.0",
-  "info": {
-    "title": "Configuration affecting service registry.",
-    "version": "v1beta1"
-  },
-  "components": {
-    "schemas": {
-      "istio.networking.v1beta1.Port": {
-        "description": "Port describes the properties of a specific port of a service.",
-        "type": "object",
-        "properties": {
-          "number": {
-            "description": "A valid non-negative integer port number.",
-            "type": "integer"
-          },
-          "protocol": {
-            "description": "The protocol exposed on the port. MUST BE one of HTTP|HTTPS|GRPC|HTTP2|MONGO|TCP|TLS. TLS implies the connection will be routed based on the SNI header to the destination without terminating the TLS connection.",
-            "type": "string"
-          },
-          "name": {
-            "description": "Label assigned to the port.",
-            "type": "string"
-          },
-          "targetPort": {
-            "description": "The port number on the endpoint where the traffic will be received. Applicable only when used with ServiceEntries.",
-            "type": "integer"
-          }
-        }
-      },
-      "istio.networking.v1beta1.ServiceEntry": {
-        "description": "ServiceEntry enables adding additional entries into Istio's internal service registry.",
-        "type": "object",
-        "properties": {
-          "hosts": {
-            "description": "The hosts associated with the ServiceEntry. Could be a DNS name with wildcard prefix.",
-            "type": "array",
-            "items": {
-              "type": "string"
-            }
-          },
-          "addresses": {
-            "description": "The virtual IP addresses associated with the service. Could be CIDR prefix. For HTTP traffic, generated route configurations will include http route domains for both the `addresses` and `hosts` field values and the destination will be identified based on the HTTP Host/Authority header. If one or more IP addresses are specified, the incoming traffic will be identified as belonging to this service if the destination IP matches the IP/CIDRs specified in the addresses field. If the Addresses field is empty, traffic will be identified solely based on the destination port. In such scenarios, the port on which the service is being accessed must not be shared by any other service in the mesh. In other words, the sidecar will behave as a simple TCP proxy, forwarding incoming traffic on a specified port to the specified destination endpoint IP/host. Unix domain socket addresses are not supported in this field.",
-            "type": "array",
-            "items": {
-              "type": "string"
-            }
-          },
-          "ports": {
-            "description": "The ports associated with the external service. If the Endpoints are Unix domain socket addresses, there must be exactly one port.",
-            "type": "array",
-            "items": {
-              "$ref": "#/components/schemas/istio.networking.v1beta1.Port"
-            }
-          },
-          "location": {
-            "$ref": "#/components/schemas/istio.networking.v1beta1.ServiceEntry.Location"
-          },
-          "resolution": {
-            "$ref": "#/components/schemas/istio.networking.v1beta1.ServiceEntry.Resolution"
-          },
-          "endpoints": {
-            "description": "One or more endpoints associated with the service. Only one of `endpoints` or `workloadSelector` can be specified.",
-            "type": "array",
-            "items": {
-              "$ref": "#/components/schemas/istio.networking.v1beta1.WorkloadEntry"
-            }
-          },
-          "workloadSelector": {
-            "$ref": "#/components/schemas/istio.networking.v1beta1.WorkloadSelector"
-          },
-          "exportTo": {
-            "description": "A list of namespaces to which this service is exported. Exporting a service allows it to be used by sidecars, gateways and virtual services defined in other namespaces. This feature provides a mechanism for service owners and mesh administrators to control the visibility of services across namespace boundaries.",
-            "type": "array",
-            "items": {
-              "type": "string"
-            }
-          },
-          "subjectAltNames": {
-            "description": "If specified, the proxy will verify that the server certificate's subject alternate name matches one of the specified values.",
-            "type": "array",
-            "items": {
-              "type": "string"
-            }
-          }
-        }
-      },
-      "istio.networking.v1beta1.ServiceEntry.Location": {
-        "description": "Location specifies whether the service is part of Istio mesh or outside the mesh. Location determines the behavior of several features, such as service-to-service mTLS authentication, policy enforcement, etc. When communicating with services outside the mesh, Istio's mTLS authentication is disabled, and policy enforcement is performed on the client-side as opposed to server-side.",
-        "type": "string",
-        "enum": [
-          "MESH_EXTERNAL",
-          "MESH_INTERNAL"
-        ]
-      },
-      "istio.networking.v1beta1.ServiceEntry.Resolution": {
-        "description": "Resolution determines how the proxy will resolve the IP addresses of the network endpoints associated with the service, so that it can route to one of them. The resolution mode specified here has no impact on how the application resolves the IP address associated with the service. The application may still have to use DNS to resolve the service to an IP so that the outbound traffic can be captured by the Proxy. Alternatively, for HTTP services, the application could directly communicate with the proxy (e.g., by setting HTTP_PROXY) to talk to these services.",
-        "type": "string",
-        "enum": [
-          "NONE",
-          "STATIC",
-          "DNS",
-          "DNS_ROUND_ROBIN"
-        ]
-      },
-      "istio.networking.v1beta1.WorkloadEntry": {
-        "description": "WorkloadEntry enables specifying the properties of a single non-Kubernetes workload such a VM or a bare metal services that can be referred to by service entries.",
-        "type": "object",
-        "properties": {
-          "address": {
-            "description": "Address associated with the network endpoint without the port. Domain names can be used if and only if the resolution is set to DNS, and must be fully-qualified without wildcards. Use the form unix:///absolute/path/to/socket for Unix domain socket endpoints.",
-            "type": "string"
-          },
-          "ports": {
-            "description": "Set of ports associated with the endpoint. If the port map is specified, it must be a map of servicePortName to this endpoint's port, such that traffic to the service port will be forwarded to the endpoint port that maps to the service's portName. If omitted, and the targetPort is specified as part of the service's port specification, traffic to the service port will be forwarded to one of the endpoints on the specified `targetPort`. If both the targetPort and endpoint's port map are not specified, traffic to a service port will be forwarded to one of the endpoints on the same port.",
-            "type": "object",
-            "additionalProperties": {
-              "type": "integer"
-            }
-          },
-          "labels": {
-            "description": "One or more labels associated with the endpoint.",
-            "type": "object",
-            "additionalProperties": {
-              "type": "string"
-            }
-          },
-          "network": {
-            "description": "Network enables Istio to group endpoints resident in the same L3 domain/network. All endpoints in the same network are assumed to be directly reachable from one another. When endpoints in different networks cannot reach each other directly, an Istio Gateway can be used to establish connectivity (usually using the `AUTO_PASSTHROUGH` mode in a Gateway Server). This is an advanced configuration used typically for spanning an Istio mesh over multiple clusters.",
-            "type": "string"
-          },
-          "locality": {
-            "description": "The locality associated with the endpoint. A locality corresponds to a failure domain (e.g., country/region/zone). Arbitrary failure domain hierarchies can be represented by separating each encapsulating failure domain by /. For example, the locality of an an endpoint in US, in US-East-1 region, within availability zone az-1, in data center rack r11 can be represented as us/us-east-1/az-1/r11. Istio will configure the sidecar to route to endpoints within the same locality as the sidecar. If none of the endpoints in the locality are available, endpoints parent locality (but within the same network ID) will be chosen. For example, if there are two endpoints in same network (networkID \"n1\"), say e1 with locality us/us-east-1/az-1/r11 and e2 with locality us/us-east-1/az-2/r12, a sidecar from us/us-east-1/az-1/r11 locality will prefer e1 from the same locality over e2 from a different locality. Endpoint e2 could be the IP associated with a gateway (that bridges networks n1 and n2), or the IP associated with a standard service endpoint.",
-            "type": "string"
-          },
-          "weight": {
-            "description": "The load balancing weight associated with the endpoint. Endpoints with higher weights will receive proportionally higher traffic.",
-            "type": "integer"
-          },
-          "serviceAccount": {
-            "description": "The service account associated with the workload if a sidecar is present in the workload. The service account must be present in the same namespace as the configuration ( WorkloadEntry or a ServiceEntry)",
-            "type": "string"
-          }
-        }
-      },
-      "istio.networking.v1beta1.WorkloadSelector": {
-        "description": "`WorkloadSelector` specifies the criteria used to determine if the `Gateway`, `Sidecar`, `EnvoyFilter`, `ServiceEntry`, or `DestinationRule` configuration can be applied to a proxy. The matching criteria includes the metadata associated with a proxy, workload instance info such as labels attached to the pod/VM, or any other info that the proxy provides to Istio during the initial handshake. If multiple conditions are specified, all conditions need to match in order for the workload instance to be selected. Currently, only label based selection mechanism is supported.",
-        "type": "object",
-        "properties": {
-          "labels": {
-            "description": "One or more labels that indicate a specific set of pods/VMs on which the configuration should be applied. The scope of label search is restricted to the configuration namespace in which the the resource is present.",
-            "type": "object",
-            "additionalProperties": {
-              "type": "string"
-            }
-          }
-        }
-      }
-    }
-  }
-}
\ No newline at end of file
diff --git a/vendor/istio.io/api/networking/v1beta1/service_entry_alias.gen.go b/vendor/istio.io/api/networking/v1beta1/service_entry_alias.gen.go
new file mode 100644
index 000000000..6cc45bfef
--- /dev/null
+++ b/vendor/istio.io/api/networking/v1beta1/service_entry_alias.gen.go
@@ -0,0 +1,108 @@
+// Code generated by protoc-gen-alias. DO NOT EDIT.
+package v1beta1
+
+import "istio.io/api/networking/v1alpha3"
+
+// ServiceEntry enables adding additional entries into Istio's internal
+// service registry.
+//
+// 
+//
+// 
+// +kubebuilder:validation:XValidation:message="only one of WorkloadSelector or Endpoints can be set",rule="(has(self.workloadSelector)?1:0)+(has(self.endpoints)?1:0)<=1"
+// +kubebuilder:validation:XValidation:message="CIDR addresses are allowed only for NONE/STATIC resolution types",rule="!(has(self.addresses) && self.addresses.exists(k, k.contains('/')) && (has(self.resolution) && self.resolution != 'STATIC' && self.resolution != 'NONE'))"
+// +kubebuilder:validation:XValidation:message="NONE mode cannot set endpoints",rule="(!has(self.resolution) || self.resolution == 'NONE') ? !has(self.endpoints) : true"
+// +kubebuilder:validation:XValidation:message="DNS_ROUND_ROBIN mode cannot have multiple endpoints",rule="(has(self.resolution) && self.resolution == 'DNS_ROUND_ROBIN') ? (!has(self.endpoints) || size(self.endpoints) == 1) : true"
+type ServiceEntry = v1alpha3.ServiceEntry
+
+// Location specifies whether the service is part of Istio mesh or
+// outside the mesh.  Location determines the behavior of several
+// features, such as service-to-service mTLS authentication, policy
+// enforcement, etc.
+type ServiceEntry_Location = v1alpha3.ServiceEntry_Location
+
+// Signifies that the service is external to the mesh. Typically used
+// to indicate external services consumed through APIs.
+const ServiceEntry_MESH_EXTERNAL ServiceEntry_Location = v1alpha3.ServiceEntry_MESH_EXTERNAL
+
+// Signifies that the service is part of the mesh. Typically used to
+// indicate services added explicitly as part of expanding the service
+// mesh to include unmanaged infrastructure (e.g., VMs added to a
+// Kubernetes based service mesh).
+const ServiceEntry_MESH_INTERNAL ServiceEntry_Location = v1alpha3.ServiceEntry_MESH_INTERNAL
+
+// Resolution determines how the proxy will resolve the IP addresses of
+// the network endpoints associated with the service, so that it can
+// route to one of them. The resolution mode specified here has no impact
+// on how the application resolves the IP address associated with the
+// service. The application may still have to use DNS to resolve the
+// service to an IP so that the outbound traffic can be captured by the
+// Proxy. Alternatively, for HTTP services, the application could
+// directly communicate with the proxy (e.g., by setting HTTP_PROXY) to
+// talk to these services.
+type ServiceEntry_Resolution = v1alpha3.ServiceEntry_Resolution
+
+// Assume that incoming connections have already been resolved (to a
+// specific destination IP address). Such connections are typically
+// routed via the proxy using mechanisms such as IP table REDIRECT/
+// eBPF. After performing any routing related transformations, the
+// proxy will forward the connection to the IP address to which the
+// connection was bound.
+const ServiceEntry_NONE ServiceEntry_Resolution = v1alpha3.ServiceEntry_NONE
+
+// Use the static IP addresses specified in endpoints (see below) as the
+// backing instances associated with the service.
+const ServiceEntry_STATIC ServiceEntry_Resolution = v1alpha3.ServiceEntry_STATIC
+
+// Attempt to resolve the IP address by querying the ambient DNS,
+// asynchronously. If no endpoints are specified, the proxy
+// will resolve the DNS address specified in the hosts field, if
+// wildcards are not used. If endpoints are specified, the DNS
+// addresses specified in the endpoints will be resolved to determine
+// the destination IP address.  DNS resolution cannot be used with Unix
+// domain socket endpoints.
+const ServiceEntry_DNS ServiceEntry_Resolution = v1alpha3.ServiceEntry_DNS
+
+// Attempt to resolve the IP address by querying the ambient DNS,
+// asynchronously. Unlike `DNS`, `DNS_ROUND_ROBIN` only uses the
+// first IP address returned when a new connection needs to be initiated
+// without relying on complete results of DNS resolution, and connections
+// made to hosts will be retained even if DNS records change frequently
+// eliminating draining connection pools and connection cycling.
+// This is best suited for large web scale services that
+// must be accessed via DNS. The proxy will resolve the DNS address
+// specified in the hosts field, if wildcards are not used. DNS resolution
+// cannot be used with Unix domain socket endpoints.
+const ServiceEntry_DNS_ROUND_ROBIN ServiceEntry_Resolution = v1alpha3.ServiceEntry_DNS_ROUND_ROBIN
+
+// ServicePort describes the properties of a specific port of a service.
+type ServicePort = v1alpha3.ServicePort
+type ServiceEntryStatus = v1alpha3.ServiceEntryStatus
+
+// A minor abstraction to allow for adding hostnames if relevant.
+type ServiceEntryAddress = v1alpha3.ServiceEntryAddress
diff --git a/vendor/istio.io/api/networking/v1beta1/service_entry_deepcopy.gen.go b/vendor/istio.io/api/networking/v1beta1/service_entry_deepcopy.gen.go
deleted file mode 100644
index acddd51c7..000000000
--- a/vendor/istio.io/api/networking/v1beta1/service_entry_deepcopy.gen.go
+++ /dev/null
@@ -1,27 +0,0 @@
-// Code generated by protoc-gen-deepcopy. DO NOT EDIT.
-package v1beta1
-
-import (
-	proto "github.com/golang/protobuf/proto"
-)
-
-// DeepCopyInto supports using ServiceEntry within kubernetes types, where deepcopy-gen is used.
-func (in *ServiceEntry) DeepCopyInto(out *ServiceEntry) {
-	p := proto.Clone(in).(*ServiceEntry)
-	*out = *p
-}
-
-// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ServiceEntry. Required by controller-gen.
-func (in *ServiceEntry) DeepCopy() *ServiceEntry {
-	if in == nil {
-		return nil
-	}
-	out := new(ServiceEntry)
-	in.DeepCopyInto(out)
-	return out
-}
-
-// DeepCopyInterface is an autogenerated deepcopy function, copying the receiver, creating a new ServiceEntry. Required by controller-gen.
-func (in *ServiceEntry) DeepCopyInterface() interface{} {
-	return in.DeepCopy()
-}
diff --git a/vendor/istio.io/api/networking/v1beta1/service_entry_json.gen.go b/vendor/istio.io/api/networking/v1beta1/service_entry_json.gen.go
deleted file mode 100644
index 7eea2c8d9..000000000
--- a/vendor/istio.io/api/networking/v1beta1/service_entry_json.gen.go
+++ /dev/null
@@ -1,23 +0,0 @@
-// Code generated by protoc-gen-jsonshim. DO NOT EDIT.
-package v1beta1
-
-import (
-	bytes "bytes"
-	jsonpb "github.com/golang/protobuf/jsonpb"
-)
-
-// MarshalJSON is a custom marshaler for ServiceEntry
-func (this *ServiceEntry) MarshalJSON() ([]byte, error) {
-	str, err := ServiceEntryMarshaler.MarshalToString(this)
-	return []byte(str), err
-}
-
-// UnmarshalJSON is a custom unmarshaler for ServiceEntry
-func (this *ServiceEntry) UnmarshalJSON(b []byte) error {
-	return ServiceEntryUnmarshaler.Unmarshal(bytes.NewReader(b), this)
-}
-
-var (
-	ServiceEntryMarshaler   = &jsonpb.Marshaler{}
-	ServiceEntryUnmarshaler = &jsonpb.Unmarshaler{AllowUnknownFields: true}
-)
diff --git a/vendor/istio.io/api/networking/v1beta1/sidecar.gen.json b/vendor/istio.io/api/networking/v1beta1/sidecar.gen.json
deleted file mode 100644
index 797f65ad9..000000000
--- a/vendor/istio.io/api/networking/v1beta1/sidecar.gen.json
+++ /dev/null
@@ -1,257 +0,0 @@
-{
-  "openapi": "3.0.0",
-  "info": {
-    "title": "Configuration affecting network reachability of a sidecar.",
-    "version": "v1beta1"
-  },
-  "components": {
-    "schemas": {
-      "istio.networking.v1beta1.CaptureMode": {
-        "description": "`CaptureMode` describes how traffic to a listener is expected to be captured. Applicable only when the listener is bound to an IP.",
-        "type": "string",
-        "enum": [
-          "DEFAULT",
-          "IPTABLES",
-          "NONE"
-        ]
-      },
-      "istio.networking.v1beta1.Destination": {
-        "description": "Destination indicates the network addressable service to which the request/connection will be sent after processing a routing rule. The destination.host should unambiguously refer to a service in the service registry. Istio's service registry is composed of all the services found in the platform's service registry (e.g., Kubernetes services, Consul services), as well as services declared through the [ServiceEntry](https://istio.io/docs/reference/config/networking/service-entry/#ServiceEntry) resource.",
-        "type": "object",
-        "properties": {
-          "host": {
-            "description": "The name of a service from the service registry. Service names are looked up from the platform's service registry (e.g., Kubernetes services, Consul services, etc.) and from the hosts declared by [ServiceEntry](https://istio.io/docs/reference/config/networking/service-entry/#ServiceEntry). Traffic forwarded to destinations that are not found in either of the two, will be dropped.",
-            "type": "string"
-          },
-          "subset": {
-            "description": "The name of a subset within the service. Applicable only to services within the mesh. The subset must be defined in a corresponding DestinationRule.",
-            "type": "string"
-          },
-          "port": {
-            "$ref": "#/components/schemas/istio.networking.v1beta1.PortSelector"
-          }
-        }
-      },
-      "istio.networking.v1beta1.IstioEgressListener": {
-        "description": "`IstioEgressListener` specifies the properties of an outbound traffic listener on the sidecar proxy attached to a workload instance.",
-        "type": "object",
-        "properties": {
-          "port": {
-            "$ref": "#/components/schemas/istio.networking.v1beta1.Port"
-          },
-          "bind": {
-            "description": "The IP(IPv4 or IPv6) or the Unix domain socket to which the listener should be bound to. Port MUST be specified if bind is not empty. Format: IPv4 or IPv6 address formats or `unix:///path/to/uds` or `unix://@foobar` (Linux abstract namespace). If omitted, Istio will automatically configure the defaults based on imported services, the workload instances to which this configuration is applied to and the captureMode. If captureMode is `NONE`, bind will default to 127.0.0.1.",
-            "type": "string"
-          },
-          "captureMode": {
-            "$ref": "#/components/schemas/istio.networking.v1beta1.CaptureMode"
-          },
-          "hosts": {
-            "description": "One or more service hosts exposed by the listener in `namespace/dnsName` format. Services in the specified namespace matching `dnsName` will be exposed. The corresponding service can be a service in the service registry (e.g., a Kubernetes or cloud foundry service) or a service specified using a `ServiceEntry` or `VirtualService` configuration. Any associated `DestinationRule` in the same namespace will also be used.",
-            "type": "array",
-            "items": {
-              "type": "string"
-            }
-          }
-        }
-      },
-      "istio.networking.v1beta1.IstioIngressListener": {
-        "description": "`IstioIngressListener` specifies the properties of an inbound traffic listener on the sidecar proxy attached to a workload instance.",
-        "type": "object",
-        "properties": {
-          "port": {
-            "$ref": "#/components/schemas/istio.networking.v1beta1.Port"
-          },
-          "bind": {
-            "description": "The IP(IPv4 or IPv6) to which the listener should be bound. Unix domain socket addresses are not allowed in the bind field for ingress listeners. If omitted, Istio will automatically configure the defaults based on imported services and the workload instances to which this configuration is applied to.",
-            "type": "string"
-          },
-          "captureMode": {
-            "$ref": "#/components/schemas/istio.networking.v1beta1.CaptureMode"
-          },
-          "defaultEndpoint": {
-            "description": "The IP endpoint or Unix domain socket to which traffic should be forwarded to. This configuration can be used to redirect traffic arriving at the bind `IP:Port` on the sidecar to a `localhost:port` or Unix domain socket where the application workload instance is listening for connections. Arbitrary IPs are not supported. Format should be one of `127.0.0.1:PORT`, `[::1]:PORT` (forward to localhost), `0.0.0.0:PORT`, `[::]:PORT` (forward to the instance IP), or `unix:///path/to/socket` (forward to Unix domain socket).",
-            "type": "string"
-          },
-          "tls": {
-            "$ref": "#/components/schemas/istio.networking.v1beta1.ServerTLSSettings"
-          }
-        }
-      },
-      "istio.networking.v1beta1.OutboundTrafficPolicy": {
-        "description": "`OutboundTrafficPolicy` sets the default behavior of the sidecar for handling outbound traffic from the application. If your application uses one or more external services that are not known apriori, setting the policy to `ALLOW_ANY` will cause the sidecars to route any unknown traffic originating from the application to its requested destination. Users are strongly encouraged to use `ServiceEntry` configurations to explicitly declare any external dependencies, instead of using `ALLOW_ANY`, so that traffic to these services can be monitored.",
-        "type": "object",
-        "properties": {
-          "mode": {
-            "$ref": "#/components/schemas/istio.networking.v1beta1.OutboundTrafficPolicy.Mode"
-          },
-          "egressProxy": {
-            "$ref": "#/components/schemas/istio.networking.v1beta1.Destination"
-          }
-        }
-      },
-      "istio.networking.v1beta1.OutboundTrafficPolicy.Mode": {
-        "type": "string",
-        "enum": [
-          "REGISTRY_ONLY",
-          "ALLOW_ANY"
-        ]
-      },
-      "istio.networking.v1beta1.Port": {
-        "description": "Port describes the properties of a specific port of a service.",
-        "type": "object",
-        "properties": {
-          "number": {
-            "description": "A valid non-negative integer port number.",
-            "type": "integer"
-          },
-          "protocol": {
-            "description": "The protocol exposed on the port. MUST BE one of HTTP|HTTPS|GRPC|HTTP2|MONGO|TCP|TLS. TLS implies the connection will be routed based on the SNI header to the destination without terminating the TLS connection.",
-            "type": "string"
-          },
-          "name": {
-            "description": "Label assigned to the port.",
-            "type": "string"
-          },
-          "targetPort": {
-            "description": "The port number on the endpoint where the traffic will be received. Applicable only when used with ServiceEntries.",
-            "type": "integer"
-          }
-        }
-      },
-      "istio.networking.v1beta1.PortSelector": {
-        "description": "PortSelector specifies the number of a port to be used for matching or selection for final routing.",
-        "type": "object",
-        "properties": {
-          "number": {
-            "description": "Valid port number",
-            "type": "integer"
-          }
-        }
-      },
-      "istio.networking.v1beta1.ServerTLSSettings": {
-        "type": "object",
-        "properties": {
-          "httpsRedirect": {
-            "description": "If set to true, the load balancer will send a 301 redirect for all http connections, asking the clients to use HTTPS.",
-            "type": "boolean"
-          },
-          "mode": {
-            "$ref": "#/components/schemas/istio.networking.v1beta1.ServerTLSSettings.TLSmode"
-          },
-          "serverCertificate": {
-            "description": "REQUIRED if mode is `SIMPLE` or `MUTUAL`. The path to the file holding the server-side TLS certificate to use.",
-            "type": "string"
-          },
-          "privateKey": {
-            "description": "REQUIRED if mode is `SIMPLE` or `MUTUAL`. The path to the file holding the server's private key.",
-            "type": "string"
-          },
-          "caCertificates": {
-            "description": "REQUIRED if mode is `MUTUAL`. The path to a file containing certificate authority certificates to use in verifying a presented client side certificate.",
-            "type": "string"
-          },
-          "credentialName": {
-            "description": "For gateways running on Kubernetes, the name of the secret that holds the TLS certs including the CA certificates. Applicable only on Kubernetes. The secret (of type `generic`) should contain the following keys and values: `key: \u003cprivateKey\u003e` and `cert: \u003cserverCert\u003e`. For mutual TLS, `cacert: \u003cCACertificate\u003e` can be provided in the same secret or a separate secret named `\u003csecret\u003e-cacert`. Secret of type tls for server certificates along with ca.crt key for CA certificates is also supported. Only one of server certificates and CA certificate or credentialName can be specified.",
-            "type": "string"
-          },
-          "subjectAltNames": {
-            "description": "A list of alternate names to verify the subject identity in the certificate presented by the client.",
-            "type": "array",
-            "items": {
-              "type": "string"
-            }
-          },
-          "verifyCertificateSpki": {
-            "description": "An optional list of base64-encoded SHA-256 hashes of the SPKIs of authorized client certificates. Note: When both verify_certificate_hash and verify_certificate_spki are specified, a hash matching either value will result in the certificate being accepted.",
-            "type": "array",
-            "items": {
-              "type": "string"
-            }
-          },
-          "verifyCertificateHash": {
-            "description": "An optional list of hex-encoded SHA-256 hashes of the authorized client certificates. Both simple and colon separated formats are acceptable. Note: When both verify_certificate_hash and verify_certificate_spki are specified, a hash matching either value will result in the certificate being accepted.",
-            "type": "array",
-            "items": {
-              "type": "string"
-            }
-          },
-          "minProtocolVersion": {
-            "$ref": "#/components/schemas/istio.networking.v1beta1.ServerTLSSettings.TLSProtocol"
-          },
-          "maxProtocolVersion": {
-            "$ref": "#/components/schemas/istio.networking.v1beta1.ServerTLSSettings.TLSProtocol"
-          },
-          "cipherSuites": {
-            "description": "Optional: If specified, only support the specified cipher list. Otherwise default to the default cipher list supported by Envoy.",
-            "type": "array",
-            "items": {
-              "type": "string"
-            }
-          }
-        }
-      },
-      "istio.networking.v1beta1.ServerTLSSettings.TLSProtocol": {
-        "description": "TLS protocol versions.",
-        "type": "string",
-        "enum": [
-          "TLS_AUTO",
-          "TLSV1_0",
-          "TLSV1_1",
-          "TLSV1_2",
-          "TLSV1_3"
-        ]
-      },
-      "istio.networking.v1beta1.ServerTLSSettings.TLSmode": {
-        "description": "TLS modes enforced by the proxy",
-        "type": "string",
-        "enum": [
-          "PASSTHROUGH",
-          "SIMPLE",
-          "MUTUAL",
-          "AUTO_PASSTHROUGH",
-          "ISTIO_MUTUAL"
-        ]
-      },
-      "istio.networking.v1beta1.Sidecar": {
-        "description": "`Sidecar` describes the configuration of the sidecar proxy that mediates inbound and outbound communication of the workload instance to which it is attached.",
-        "type": "object",
-        "properties": {
-          "workloadSelector": {
-            "$ref": "#/components/schemas/istio.networking.v1beta1.WorkloadSelector"
-          },
-          "ingress": {
-            "description": "Ingress specifies the configuration of the sidecar for processing inbound traffic to the attached workload instance. If omitted, Istio will automatically configure the sidecar based on the information about the workload obtained from the orchestration platform (e.g., exposed ports, services, etc.). If specified, inbound ports are configured if and only if the workload instance is associated with a service.",
-            "type": "array",
-            "items": {
-              "$ref": "#/components/schemas/istio.networking.v1beta1.IstioIngressListener"
-            }
-          },
-          "egress": {
-            "description": "Egress specifies the configuration of the sidecar for processing outbound traffic from the attached workload instance to other services in the mesh. If not specified, inherits the system detected defaults from the namespace-wide or the global default Sidecar.",
-            "type": "array",
-            "items": {
-              "$ref": "#/components/schemas/istio.networking.v1beta1.IstioEgressListener"
-            }
-          },
-          "outboundTrafficPolicy": {
-            "$ref": "#/components/schemas/istio.networking.v1beta1.OutboundTrafficPolicy"
-          }
-        }
-      },
-      "istio.networking.v1beta1.WorkloadSelector": {
-        "description": "`WorkloadSelector` specifies the criteria used to determine if the `Gateway`, `Sidecar`, `EnvoyFilter`, `ServiceEntry`, or `DestinationRule` configuration can be applied to a proxy. The matching criteria includes the metadata associated with a proxy, workload instance info such as labels attached to the pod/VM, or any other info that the proxy provides to Istio during the initial handshake. If multiple conditions are specified, all conditions need to match in order for the workload instance to be selected. Currently, only label based selection mechanism is supported.",
-        "type": "object",
-        "properties": {
-          "labels": {
-            "description": "One or more labels that indicate a specific set of pods/VMs on which the configuration should be applied. The scope of label search is restricted to the configuration namespace in which the the resource is present.",
-            "type": "object",
-            "additionalProperties": {
-              "type": "string"
-            }
-          }
-        }
-      }
-    }
-  }
-}
\ No newline at end of file
diff --git a/vendor/istio.io/api/networking/v1beta1/sidecar.pb.go b/vendor/istio.io/api/networking/v1beta1/sidecar.pb.go
deleted file mode 100644
index 3d582f673..000000000
--- a/vendor/istio.io/api/networking/v1beta1/sidecar.pb.go
+++ /dev/null
@@ -1,1243 +0,0 @@
-// Copyright 2020 Istio Authors
-//
-//   Licensed under the Apache License, Version 2.0 (the "License");
-//   you may not use this file except in compliance with the License.
-//   You may obtain a copy of the License at
-//
-//       http://www.apache.org/licenses/LICENSE-2.0
-//
-//   Unless required by applicable law or agreed to in writing, software
-//   distributed under the License is distributed on an "AS IS" BASIS,
-//   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-//   See the License for the specific language governing permissions and
-//   limitations under the License.
-
-// Code generated by protoc-gen-go. DO NOT EDIT.
-// versions:
-// 	protoc-gen-go v1.28.1
-// 	protoc        (unknown)
-// source: networking/v1beta1/sidecar.proto
-
-// $schema: istio.networking.v1beta1.Sidecar
-// $title: Sidecar
-// $description: Configuration affecting network reachability of a sidecar.
-// $location: https://istio.io/docs/reference/config/networking/sidecar.html
-// $aliases: [/docs/reference/config/networking/v1beta1/sidecar]
-// $mode: none
-
-// `Sidecar` describes the configuration of the sidecar proxy that mediates
-// inbound and outbound communication to the workload instance it is attached to. By
-// default, Istio will program all sidecar proxies in the mesh with the
-// necessary configuration required to reach every workload instance in the mesh, as
-// well as accept traffic on all the ports associated with the
-// workload. The `Sidecar` configuration provides a way to fine tune the set of
-// ports, protocols that the proxy will accept when forwarding traffic to
-// and from the workload. In addition, it is possible to restrict the set
-// of services that the proxy can reach when forwarding outbound traffic
-// from workload instances.
-//
-// Services and configuration in a mesh are organized into one or more
-// namespaces (e.g., a Kubernetes namespace or a CF org/space). A `Sidecar`
-// configuration in a namespace will apply to one or more workload instances in the same
-// namespace, selected using the `workloadSelector` field. In the absence of a
-// `workloadSelector`, it will apply to all workload instances in the same
-// namespace. When determining the `Sidecar` configuration to be applied to a
-// workload instance, preference will be given to the resource with a
-// `workloadSelector` that selects this workload instance, over a `Sidecar` configuration
-// without any `workloadSelector`.
-//
-// **NOTE 1**: *_Each namespace can have only one `Sidecar`
-// configuration without any `workloadSelector`_ that specifies the
-// default for all pods in that namespace*. It is recommended to use
-// the name `default` for the namespace-wide sidecar. The behavior of
-// the system is undefined if more than one selector-less `Sidecar`
-// configurations exist in a given namespace. The behavior of the
-// system is undefined if two or more `Sidecar` configurations with a
-// `workloadSelector` select the same workload instance.
-//
-// **NOTE 2**: *_A `Sidecar` configuration in the `MeshConfig`
-// [root namespace](https://istio.io/docs/reference/config/istio.mesh.v1alpha1/#MeshConfig)
-// will be applied by default to all namespaces without a `Sidecar`
-// configuration_*. This global default `Sidecar` configuration should not have
-// any `workloadSelector`.
-//
-// The example below declares a global default `Sidecar` configuration
-// in the root namespace called `istio-config`, that configures
-// sidecars in all namespaces to allow egress traffic only to other
-// workloads in the same namespace as well as to services in the
-// `istio-system` namespace.
-//
-// {{}}
-// {{}}
-// ```yaml
-// apiVersion: networking.istio.io/v1alpha3
-// kind: Sidecar
-// metadata:
-//   name: default
-//   namespace: istio-config
-// spec:
-//   egress:
-//   - hosts:
-//     - "./*"
-//     - "istio-system/*"
-// ```
-// {{}}
-//
-// {{}}
-// ```yaml
-// apiVersion: networking.istio.io/v1beta1
-// kind: Sidecar
-// metadata:
-//   name: default
-//   namespace: istio-config
-// spec:
-//   egress:
-//   - hosts:
-//     - "./*"
-//     - "istio-system/*"
-// ```
-// {{}}
-// {{}}
-//
-// The example below declares a `Sidecar` configuration in the
-// `prod-us1` namespace that overrides the global default defined
-// above, and configures the sidecars in the namespace to allow egress
-// traffic to public services in the `prod-us1`, `prod-apis`, and the
-// `istio-system` namespaces.
-//
-// {{}}
-// {{}}
-// ```yaml
-// apiVersion: networking.istio.io/v1alpha3
-// kind: Sidecar
-// metadata:
-//   name: default
-//   namespace: prod-us1
-// spec:
-//   egress:
-//   - hosts:
-//     - "prod-us1/*"
-//     - "prod-apis/*"
-//     - "istio-system/*"
-// ```
-// {{}}
-//
-// {{}}
-// ```yaml
-// apiVersion: networking.istio.io/v1beta1
-// kind: Sidecar
-// metadata:
-//   name: default
-//   namespace: prod-us1
-// spec:
-//   egress:
-//   - hosts:
-//     - "prod-us1/*"
-//     - "prod-apis/*"
-//     - "istio-system/*"
-// ```
-// {{}}
-// {{}}
-//
-// The following example declares a `Sidecar` configuration in the
-// `prod-us1` namespace for all pods with labels `app: ratings`
-// belonging to the `ratings.prod-us1` service.  The workload accepts
-// inbound HTTP traffic on port 9080. The traffic is then forwarded to
-// the attached workload instance listening on a Unix domain
-// socket. In the egress direction, in addition to the `istio-system`
-// namespace, the sidecar proxies only HTTP traffic bound for port
-// 9080 for services in the `prod-us1` namespace.
-//
-// {{}}
-// {{}}
-// ```yaml
-// apiVersion: networking.istio.io/v1alpha3
-// kind: Sidecar
-// metadata:
-//   name: ratings
-//   namespace: prod-us1
-// spec:
-//   workloadSelector:
-//     labels:
-//       app: ratings
-//   ingress:
-//   - port:
-//       number: 9080
-//       protocol: HTTP
-//       name: somename
-//     defaultEndpoint: unix:///var/run/someuds.sock
-//   egress:
-//   - port:
-//       number: 9080
-//       protocol: HTTP
-//       name: egresshttp
-//     hosts:
-//     - "prod-us1/*"
-//   - hosts:
-//     - "istio-system/*"
-// ```
-// {{}}
-//
-// {{}}
-// ```yaml
-// apiVersion: networking.istio.io/v1beta1
-// kind: Sidecar
-// metadata:
-//   name: ratings
-//   namespace: prod-us1
-// spec:
-//   workloadSelector:
-//     labels:
-//       app: ratings
-//   ingress:
-//   - port:
-//       number: 9080
-//       protocol: HTTP
-//       name: somename
-//     defaultEndpoint: unix:///var/run/someuds.sock
-//   egress:
-//   - port:
-//       number: 9080
-//       protocol: HTTP
-//       name: egresshttp
-//     hosts:
-//     - "prod-us1/*"
-//   - hosts:
-//     - "istio-system/*"
-// ```
-// {{}}
-// {{}}
-//
-// If the workload is deployed without IPTables-based traffic capture,
-// the `Sidecar` configuration is the only way to configure the ports
-// on the proxy attached to the workload instance. The following
-// example declares a `Sidecar` configuration in the `prod-us1`
-// namespace for all pods with labels `app: productpage` belonging to
-// the `productpage.prod-us1` service. Assuming that these pods are
-// deployed without IPtable rules (i.e. the `istio-init` container)
-// and the proxy metadata `ISTIO_META_INTERCEPTION_MODE` is set to
-// `NONE`, the specification, below, allows such pods to receive HTTP
-// traffic on port 9080 (wrapped inside Istio mutual TLS) and forward
-// it to the application listening on `127.0.0.1:8080`. It also allows
-// the application to communicate with a backing MySQL database on
-// `127.0.0.1:3306`, that then gets proxied to the externally hosted
-// MySQL service at `mysql.foo.com:3306`.
-//
-// {{}}
-// {{}}
-// ```yaml
-// apiVersion: networking.istio.io/v1alpha3
-// kind: Sidecar
-// metadata:
-//   name: no-ip-tables
-//   namespace: prod-us1
-// spec:
-//   workloadSelector:
-//     labels:
-//       app: productpage
-//   ingress:
-//   - port:
-//       number: 9080 # binds to proxy_instance_ip:9080 (0.0.0.0:9080, if no unicast IP is available for the instance)
-//       protocol: HTTP
-//       name: somename
-//     defaultEndpoint: 127.0.0.1:8080
-//     captureMode: NONE # not needed if metadata is set for entire proxy
-//   egress:
-//   - port:
-//       number: 3306
-//       protocol: MYSQL
-//       name: egressmysql
-//     captureMode: NONE # not needed if metadata is set for entire proxy
-//     bind: 127.0.0.1
-//     hosts:
-//     - "*/mysql.foo.com"
-// ```
-// {{}}
-//
-// {{}}
-// ```yaml
-// apiVersion: networking.istio.io/v1beta1
-// kind: Sidecar
-// metadata:
-//   name: no-ip-tables
-//   namespace: prod-us1
-// spec:
-//   workloadSelector:
-//     labels:
-//       app: productpage
-//   ingress:
-//   - port:
-//       number: 9080 # binds to proxy_instance_ip:9080 (0.0.0.0:9080, if no unicast IP is available for the instance)
-//       protocol: HTTP
-//       name: somename
-//     defaultEndpoint: 127.0.0.1:8080
-//     captureMode: NONE # not needed if metadata is set for entire proxy
-//   egress:
-//   - port:
-//       number: 3306
-//       protocol: MYSQL
-//       name: egressmysql
-//     captureMode: NONE # not needed if metadata is set for entire proxy
-//     bind: 127.0.0.1
-//     hosts:
-//     - "*/mysql.foo.com"
-// ```
-// {{}}
-// {{}}
-//
-// And the associated service entry for routing to `mysql.foo.com:3306`
-//
-// {{}}
-// {{}}
-// ```yaml
-// apiVersion: networking.istio.io/v1alpha3
-// kind: ServiceEntry
-// metadata:
-//   name: external-svc-mysql
-//   namespace: ns1
-// spec:
-//   hosts:
-//   - mysql.foo.com
-//   ports:
-//   - number: 3306
-//     name: mysql
-//     protocol: MYSQL
-//   location: MESH_EXTERNAL
-//   resolution: DNS
-// ```
-// {{}}
-//
-// {{}}
-// ```yaml
-// apiVersion: networking.istio.io/v1beta1
-// kind: ServiceEntry
-// metadata:
-//   name: external-svc-mysql
-//   namespace: ns1
-// spec:
-//   hosts:
-//   - mysql.foo.com
-//   ports:
-//   - number: 3306
-//     name: mysql
-//     protocol: MYSQL
-//   location: MESH_EXTERNAL
-//   resolution: DNS
-// ```
-// {{}}
-// {{}}
-//
-// It is also possible to mix and match traffic capture modes in a single
-// proxy. For example, consider a setup where internal services are on the
-// `192.168.0.0/16` subnet. So, IP tables are setup on the VM to capture all
-// outbound traffic on `192.168.0.0/16` subnet. Assume that the VM has an
-// additional network interface on `172.16.0.0/16` subnet for inbound
-// traffic. The following `Sidecar` configuration allows the VM to expose a
-// listener on `172.16.1.32:80` (the VM's IP) for traffic arriving from the
-// `172.16.0.0/16` subnet.
-//
-// **NOTE**: The `ISTIO_META_INTERCEPTION_MODE` metadata on the
-// proxy in the VM should contain `REDIRECT` or `TPROXY` as its value,
-// implying that IP tables based traffic capture is active.
-//
-// {{}}
-// {{}}
-// ```yaml
-// apiVersion: networking.istio.io/v1alpha3
-// kind: Sidecar
-// metadata:
-//   name: partial-ip-tables
-//   namespace: prod-us1
-// spec:
-//   workloadSelector:
-//     labels:
-//       app: productpage
-//   ingress:
-//   - bind: 172.16.1.32
-//     port:
-//       number: 80 # binds to 172.16.1.32:80
-//       protocol: HTTP
-//       name: somename
-//     defaultEndpoint: 127.0.0.1:8080
-//     captureMode: NONE
-//   egress:
-//     # use the system detected defaults
-//     # sets up configuration to handle outbound traffic to services
-//     # in 192.168.0.0/16 subnet, based on information provided by the
-//     # service registry
-//   - captureMode: IPTABLES
-//     hosts:
-//     - "*/*"
-// ```
-// {{}}
-//
-// {{}}
-// ```yaml
-// apiVersion: networking.istio.io/v1beta1
-// kind: Sidecar
-// metadata:
-//   name: partial-ip-tables
-//   namespace: prod-us1
-// spec:
-//   workloadSelector:
-//     labels:
-//       app: productpage
-//   ingress:
-//   - bind: 172.16.1.32
-//     port:
-//       number: 80 # binds to 172.16.1.32:80
-//       protocol: HTTP
-//       name: somename
-//     defaultEndpoint: 127.0.0.1:8080
-//     captureMode: NONE
-//   egress:
-//     # use the system detected defaults
-//     # sets up configuration to handle outbound traffic to services
-//     # in 192.168.0.0/16 subnet, based on information provided by the
-//     # service registry
-//   - captureMode: IPTABLES
-//     hosts:
-//     - "*/*"
-// ```
-// {{}}
-// {{}}
-//
-
-package v1beta1
-
-import (
-	_ "google.golang.org/genproto/googleapis/api/annotations"
-	protoreflect "google.golang.org/protobuf/reflect/protoreflect"
-	protoimpl "google.golang.org/protobuf/runtime/protoimpl"
-	reflect "reflect"
-	sync "sync"
-)
-
-const (
-	// Verify that this generated code is sufficiently up-to-date.
-	_ = protoimpl.EnforceVersion(20 - protoimpl.MinVersion)
-	// Verify that runtime/protoimpl is sufficiently up-to-date.
-	_ = protoimpl.EnforceVersion(protoimpl.MaxVersion - 20)
-)
-
-// `CaptureMode` describes how traffic to a listener is expected to be
-// captured. Applicable only when the listener is bound to an IP.
-type CaptureMode int32
-
-const (
-	// The default capture mode defined by the environment.
-	CaptureMode_DEFAULT CaptureMode = 0
-	// Capture traffic using IPtables redirection.
-	CaptureMode_IPTABLES CaptureMode = 1
-	// No traffic capture. When used in an egress listener, the application is
-	// expected to explicitly communicate with the listener port or Unix
-	// domain socket. When used in an ingress listener, care needs to be taken
-	// to ensure that the listener port is not in use by other processes on
-	// the host.
-	CaptureMode_NONE CaptureMode = 2
-)
-
-// Enum value maps for CaptureMode.
-var (
-	CaptureMode_name = map[int32]string{
-		0: "DEFAULT",
-		1: "IPTABLES",
-		2: "NONE",
-	}
-	CaptureMode_value = map[string]int32{
-		"DEFAULT":  0,
-		"IPTABLES": 1,
-		"NONE":     2,
-	}
-)
-
-func (x CaptureMode) Enum() *CaptureMode {
-	p := new(CaptureMode)
-	*p = x
-	return p
-}
-
-func (x CaptureMode) String() string {
-	return protoimpl.X.EnumStringOf(x.Descriptor(), protoreflect.EnumNumber(x))
-}
-
-func (CaptureMode) Descriptor() protoreflect.EnumDescriptor {
-	return file_networking_v1beta1_sidecar_proto_enumTypes[0].Descriptor()
-}
-
-func (CaptureMode) Type() protoreflect.EnumType {
-	return &file_networking_v1beta1_sidecar_proto_enumTypes[0]
-}
-
-func (x CaptureMode) Number() protoreflect.EnumNumber {
-	return protoreflect.EnumNumber(x)
-}
-
-// Deprecated: Use CaptureMode.Descriptor instead.
-func (CaptureMode) EnumDescriptor() ([]byte, []int) {
-	return file_networking_v1beta1_sidecar_proto_rawDescGZIP(), []int{0}
-}
-
-type OutboundTrafficPolicy_Mode int32
-
-const (
-	// Outbound traffic will be restricted to services defined in the
-	// service registry as well as those defined through `ServiceEntry` configurations.
-	OutboundTrafficPolicy_REGISTRY_ONLY OutboundTrafficPolicy_Mode = 0
-	// Outbound traffic to unknown destinations will be allowed, in case
-	// there are no services or `ServiceEntry` configurations for the destination port.
-	OutboundTrafficPolicy_ALLOW_ANY OutboundTrafficPolicy_Mode = 1
-)
-
-// Enum value maps for OutboundTrafficPolicy_Mode.
-var (
-	OutboundTrafficPolicy_Mode_name = map[int32]string{
-		0: "REGISTRY_ONLY",
-		1: "ALLOW_ANY",
-	}
-	OutboundTrafficPolicy_Mode_value = map[string]int32{
-		"REGISTRY_ONLY": 0,
-		"ALLOW_ANY":     1,
-	}
-)
-
-func (x OutboundTrafficPolicy_Mode) Enum() *OutboundTrafficPolicy_Mode {
-	p := new(OutboundTrafficPolicy_Mode)
-	*p = x
-	return p
-}
-
-func (x OutboundTrafficPolicy_Mode) String() string {
-	return protoimpl.X.EnumStringOf(x.Descriptor(), protoreflect.EnumNumber(x))
-}
-
-func (OutboundTrafficPolicy_Mode) Descriptor() protoreflect.EnumDescriptor {
-	return file_networking_v1beta1_sidecar_proto_enumTypes[1].Descriptor()
-}
-
-func (OutboundTrafficPolicy_Mode) Type() protoreflect.EnumType {
-	return &file_networking_v1beta1_sidecar_proto_enumTypes[1]
-}
-
-func (x OutboundTrafficPolicy_Mode) Number() protoreflect.EnumNumber {
-	return protoreflect.EnumNumber(x)
-}
-
-// Deprecated: Use OutboundTrafficPolicy_Mode.Descriptor instead.
-func (OutboundTrafficPolicy_Mode) EnumDescriptor() ([]byte, []int) {
-	return file_networking_v1beta1_sidecar_proto_rawDescGZIP(), []int{4, 0}
-}
-
-// `Sidecar` describes the configuration of the sidecar proxy that mediates
-// inbound and outbound communication of the workload instance to which it is
-// attached.
-//
-// 
-//
-// 
-// 
-type Sidecar struct {
-	state         protoimpl.MessageState
-	sizeCache     protoimpl.SizeCache
-	unknownFields protoimpl.UnknownFields
-
-	// Criteria used to select the specific set of pods/VMs on which this
-	// `Sidecar` configuration should be applied. If omitted, the `Sidecar`
-	// configuration will be applied to all workload instances in the same namespace.
-	WorkloadSelector *WorkloadSelector `protobuf:"bytes,1,opt,name=workload_selector,json=workloadSelector,proto3" json:"workload_selector,omitempty"`
-	// Ingress specifies the configuration of the sidecar for processing
-	// inbound traffic to the attached workload instance. If omitted, Istio will
-	// automatically configure the sidecar based on the information about the workload
-	// obtained from the orchestration platform (e.g., exposed ports, services,
-	// etc.). If specified, inbound ports are configured if and only if the
-	// workload instance is associated with a service.
-	Ingress []*IstioIngressListener `protobuf:"bytes,2,rep,name=ingress,proto3" json:"ingress,omitempty"`
-	// Egress specifies the configuration of the sidecar for processing
-	// outbound traffic from the attached workload instance to other
-	// services in the mesh. If not specified, inherits the system
-	// detected defaults from the namespace-wide or the global default Sidecar.
-	Egress []*IstioEgressListener `protobuf:"bytes,3,rep,name=egress,proto3" json:"egress,omitempty"`
-	// Configuration for the outbound traffic policy.  If your
-	// application uses one or more external services that are not known
-	// apriori, setting the policy to `ALLOW_ANY` will cause the
-	// sidecars to route any unknown traffic originating from the
-	// application to its requested destination. If not specified,
-	// inherits the system detected defaults from the namespace-wide or
-	// the global default Sidecar.
-	OutboundTrafficPolicy *OutboundTrafficPolicy `protobuf:"bytes,4,opt,name=outbound_traffic_policy,json=outboundTrafficPolicy,proto3" json:"outbound_traffic_policy,omitempty"`
-}
-
-func (x *Sidecar) Reset() {
-	*x = Sidecar{}
-	if protoimpl.UnsafeEnabled {
-		mi := &file_networking_v1beta1_sidecar_proto_msgTypes[0]
-		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
-		ms.StoreMessageInfo(mi)
-	}
-}
-
-func (x *Sidecar) String() string {
-	return protoimpl.X.MessageStringOf(x)
-}
-
-func (*Sidecar) ProtoMessage() {}
-
-func (x *Sidecar) ProtoReflect() protoreflect.Message {
-	mi := &file_networking_v1beta1_sidecar_proto_msgTypes[0]
-	if protoimpl.UnsafeEnabled && x != nil {
-		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
-		if ms.LoadMessageInfo() == nil {
-			ms.StoreMessageInfo(mi)
-		}
-		return ms
-	}
-	return mi.MessageOf(x)
-}
-
-// Deprecated: Use Sidecar.ProtoReflect.Descriptor instead.
-func (*Sidecar) Descriptor() ([]byte, []int) {
-	return file_networking_v1beta1_sidecar_proto_rawDescGZIP(), []int{0}
-}
-
-func (x *Sidecar) GetWorkloadSelector() *WorkloadSelector {
-	if x != nil {
-		return x.WorkloadSelector
-	}
-	return nil
-}
-
-func (x *Sidecar) GetIngress() []*IstioIngressListener {
-	if x != nil {
-		return x.Ingress
-	}
-	return nil
-}
-
-func (x *Sidecar) GetEgress() []*IstioEgressListener {
-	if x != nil {
-		return x.Egress
-	}
-	return nil
-}
-
-func (x *Sidecar) GetOutboundTrafficPolicy() *OutboundTrafficPolicy {
-	if x != nil {
-		return x.OutboundTrafficPolicy
-	}
-	return nil
-}
-
-// `IstioIngressListener` specifies the properties of an inbound
-// traffic listener on the sidecar proxy attached to a workload instance.
-type IstioIngressListener struct {
-	state         protoimpl.MessageState
-	sizeCache     protoimpl.SizeCache
-	unknownFields protoimpl.UnknownFields
-
-	// The port associated with the listener.
-	Port *Port `protobuf:"bytes,1,opt,name=port,proto3" json:"port,omitempty"`
-	// The IP(IPv4 or IPv6) to which the listener should be bound.
-	// Unix domain socket addresses are not allowed in
-	// the bind field for ingress listeners. If omitted, Istio will
-	// automatically configure the defaults based on imported services
-	// and the workload instances to which this configuration is applied
-	// to.
-	Bind string `protobuf:"bytes,2,opt,name=bind,proto3" json:"bind,omitempty"`
-	// The captureMode option dictates how traffic to the listener is
-	// expected to be captured (or not).
-	CaptureMode CaptureMode `protobuf:"varint,3,opt,name=capture_mode,json=captureMode,proto3,enum=istio.networking.v1beta1.CaptureMode" json:"capture_mode,omitempty"`
-	// The IP endpoint or Unix domain socket to which
-	// traffic should be forwarded to. This configuration can be used to
-	// redirect traffic arriving at the bind `IP:Port` on the sidecar to a `localhost:port`
-	// or Unix domain socket where the application workload instance is listening for
-	// connections. Arbitrary IPs are not supported. Format should be one of
-	// `127.0.0.1:PORT`, `[::1]:PORT` (forward to localhost),
-	// `0.0.0.0:PORT`, `[::]:PORT` (forward to the instance IP),
-	// or `unix:///path/to/socket` (forward to Unix domain socket).
-	DefaultEndpoint string `protobuf:"bytes,4,opt,name=default_endpoint,json=defaultEndpoint,proto3" json:"default_endpoint,omitempty"`
-	// Set of TLS related options that will enable TLS termination on the
-	// sidecar for requests originating from outside the mesh.
-	// Currently supports only SIMPLE and MUTUAL TLS modes.
-	Tls *ServerTLSSettings `protobuf:"bytes,7,opt,name=tls,proto3" json:"tls,omitempty"`
-}
-
-func (x *IstioIngressListener) Reset() {
-	*x = IstioIngressListener{}
-	if protoimpl.UnsafeEnabled {
-		mi := &file_networking_v1beta1_sidecar_proto_msgTypes[1]
-		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
-		ms.StoreMessageInfo(mi)
-	}
-}
-
-func (x *IstioIngressListener) String() string {
-	return protoimpl.X.MessageStringOf(x)
-}
-
-func (*IstioIngressListener) ProtoMessage() {}
-
-func (x *IstioIngressListener) ProtoReflect() protoreflect.Message {
-	mi := &file_networking_v1beta1_sidecar_proto_msgTypes[1]
-	if protoimpl.UnsafeEnabled && x != nil {
-		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
-		if ms.LoadMessageInfo() == nil {
-			ms.StoreMessageInfo(mi)
-		}
-		return ms
-	}
-	return mi.MessageOf(x)
-}
-
-// Deprecated: Use IstioIngressListener.ProtoReflect.Descriptor instead.
-func (*IstioIngressListener) Descriptor() ([]byte, []int) {
-	return file_networking_v1beta1_sidecar_proto_rawDescGZIP(), []int{1}
-}
-
-func (x *IstioIngressListener) GetPort() *Port {
-	if x != nil {
-		return x.Port
-	}
-	return nil
-}
-
-func (x *IstioIngressListener) GetBind() string {
-	if x != nil {
-		return x.Bind
-	}
-	return ""
-}
-
-func (x *IstioIngressListener) GetCaptureMode() CaptureMode {
-	if x != nil {
-		return x.CaptureMode
-	}
-	return CaptureMode_DEFAULT
-}
-
-func (x *IstioIngressListener) GetDefaultEndpoint() string {
-	if x != nil {
-		return x.DefaultEndpoint
-	}
-	return ""
-}
-
-func (x *IstioIngressListener) GetTls() *ServerTLSSettings {
-	if x != nil {
-		return x.Tls
-	}
-	return nil
-}
-
-// `IstioEgressListener` specifies the properties of an outbound traffic
-// listener on the sidecar proxy attached to a workload instance.
-type IstioEgressListener struct {
-	state         protoimpl.MessageState
-	sizeCache     protoimpl.SizeCache
-	unknownFields protoimpl.UnknownFields
-
-	// The port associated with the listener. If using Unix domain socket,
-	// use 0 as the port number, with a valid protocol. The port if
-	// specified, will be used as the default destination port associated
-	// with the imported hosts. If the port is omitted, Istio will infer the
-	// listener ports based on the imported hosts. Note that when multiple
-	// egress listeners are specified, where one or more listeners have
-	// specific ports while others have no port, the hosts exposed on a
-	// listener port will be based on the listener with the most specific
-	// port.
-	Port *Port `protobuf:"bytes,1,opt,name=port,proto3" json:"port,omitempty"`
-	// The IP(IPv4 or IPv6) or the Unix domain socket to which the listener should be bound
-	// to. Port MUST be specified if bind is not empty. Format: IPv4 or IPv6 address formats or
-	// `unix:///path/to/uds` or `unix://@foobar` (Linux abstract namespace). If
-	// omitted, Istio will automatically configure the defaults based on imported
-	// services, the workload instances to which this configuration is applied to and
-	// the captureMode. If captureMode is `NONE`, bind will default to
-	// 127.0.0.1.
-	Bind string `protobuf:"bytes,2,opt,name=bind,proto3" json:"bind,omitempty"`
-	// When the bind address is an IP, the captureMode option dictates
-	// how traffic to the listener is expected to be captured (or not).
-	// captureMode must be DEFAULT or `NONE` for Unix domain socket binds.
-	CaptureMode CaptureMode `protobuf:"varint,3,opt,name=capture_mode,json=captureMode,proto3,enum=istio.networking.v1beta1.CaptureMode" json:"capture_mode,omitempty"`
-	// One or more service hosts exposed by the listener
-	// in `namespace/dnsName` format. Services in the specified namespace
-	// matching `dnsName` will be exposed.
-	// The corresponding service can be a service in the service registry
-	// (e.g., a Kubernetes or cloud foundry service) or a service specified
-	// using a `ServiceEntry` or `VirtualService` configuration. Any
-	// associated `DestinationRule` in the same namespace will also be used.
-	//
-	// The `dnsName` should be specified using FQDN format, optionally including
-	// a wildcard character in the left-most component (e.g., `prod/*.example.com`).
-	// Set the `dnsName` to `*` to select all services from the specified namespace
-	// (e.g., `prod/*`).
-	//
-	// The `namespace` can be set to `*`, `.`, or `~`, representing any, the current,
-	// or no namespace, respectively. For example, `*/foo.example.com` selects the
-	// service from any available namespace while `./foo.example.com` only selects
-	// the service from the namespace of the sidecar. If a host is set to `*/*`,
-	// Istio will configure the sidecar to be able to reach every service in the
-	// mesh that is exported to the sidecar's namespace. The value `~/*` can be used
-	// to completely trim the configuration for sidecars that simply receive traffic
-	// and respond, but make no outbound connections of their own.
-	//
-	// NOTE: Only services and configuration artifacts exported to the sidecar's
-	// namespace (e.g., `exportTo` value of `*`) can be referenced.
-	// Private configurations (e.g., `exportTo` set to `.`) will
-	// not be available. Refer to the `exportTo` setting in `VirtualService`,
-	// `DestinationRule`, and `ServiceEntry` configurations for details.
-	Hosts []string `protobuf:"bytes,4,rep,name=hosts,proto3" json:"hosts,omitempty"`
-}
-
-func (x *IstioEgressListener) Reset() {
-	*x = IstioEgressListener{}
-	if protoimpl.UnsafeEnabled {
-		mi := &file_networking_v1beta1_sidecar_proto_msgTypes[2]
-		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
-		ms.StoreMessageInfo(mi)
-	}
-}
-
-func (x *IstioEgressListener) String() string {
-	return protoimpl.X.MessageStringOf(x)
-}
-
-func (*IstioEgressListener) ProtoMessage() {}
-
-func (x *IstioEgressListener) ProtoReflect() protoreflect.Message {
-	mi := &file_networking_v1beta1_sidecar_proto_msgTypes[2]
-	if protoimpl.UnsafeEnabled && x != nil {
-		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
-		if ms.LoadMessageInfo() == nil {
-			ms.StoreMessageInfo(mi)
-		}
-		return ms
-	}
-	return mi.MessageOf(x)
-}
-
-// Deprecated: Use IstioEgressListener.ProtoReflect.Descriptor instead.
-func (*IstioEgressListener) Descriptor() ([]byte, []int) {
-	return file_networking_v1beta1_sidecar_proto_rawDescGZIP(), []int{2}
-}
-
-func (x *IstioEgressListener) GetPort() *Port {
-	if x != nil {
-		return x.Port
-	}
-	return nil
-}
-
-func (x *IstioEgressListener) GetBind() string {
-	if x != nil {
-		return x.Bind
-	}
-	return ""
-}
-
-func (x *IstioEgressListener) GetCaptureMode() CaptureMode {
-	if x != nil {
-		return x.CaptureMode
-	}
-	return CaptureMode_DEFAULT
-}
-
-func (x *IstioEgressListener) GetHosts() []string {
-	if x != nil {
-		return x.Hosts
-	}
-	return nil
-}
-
-// `WorkloadSelector` specifies the criteria used to determine if the
-// `Gateway`, `Sidecar`, `EnvoyFilter`, `ServiceEntry`, or `DestinationRule`
-// configuration can be applied to a proxy. The matching criteria
-// includes the metadata associated with a proxy, workload instance
-// info such as labels attached to the pod/VM, or any other info that
-// the proxy provides to Istio during the initial handshake. If
-// multiple conditions are specified, all conditions need to match in
-// order for the workload instance to be selected. Currently, only
-// label based selection mechanism is supported.
-type WorkloadSelector struct {
-	state         protoimpl.MessageState
-	sizeCache     protoimpl.SizeCache
-	unknownFields protoimpl.UnknownFields
-
-	// One or more labels that indicate a specific set of pods/VMs
-	// on which the configuration should be applied. The scope of
-	// label search is restricted to the configuration namespace in which the
-	// the resource is present.
-	Labels map[string]string `protobuf:"bytes,1,rep,name=labels,proto3" json:"labels,omitempty" protobuf_key:"bytes,1,opt,name=key,proto3" protobuf_val:"bytes,2,opt,name=value,proto3"`
-}
-
-func (x *WorkloadSelector) Reset() {
-	*x = WorkloadSelector{}
-	if protoimpl.UnsafeEnabled {
-		mi := &file_networking_v1beta1_sidecar_proto_msgTypes[3]
-		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
-		ms.StoreMessageInfo(mi)
-	}
-}
-
-func (x *WorkloadSelector) String() string {
-	return protoimpl.X.MessageStringOf(x)
-}
-
-func (*WorkloadSelector) ProtoMessage() {}
-
-func (x *WorkloadSelector) ProtoReflect() protoreflect.Message {
-	mi := &file_networking_v1beta1_sidecar_proto_msgTypes[3]
-	if protoimpl.UnsafeEnabled && x != nil {
-		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
-		if ms.LoadMessageInfo() == nil {
-			ms.StoreMessageInfo(mi)
-		}
-		return ms
-	}
-	return mi.MessageOf(x)
-}
-
-// Deprecated: Use WorkloadSelector.ProtoReflect.Descriptor instead.
-func (*WorkloadSelector) Descriptor() ([]byte, []int) {
-	return file_networking_v1beta1_sidecar_proto_rawDescGZIP(), []int{3}
-}
-
-func (x *WorkloadSelector) GetLabels() map[string]string {
-	if x != nil {
-		return x.Labels
-	}
-	return nil
-}
-
-// `OutboundTrafficPolicy` sets the default behavior of the sidecar for
-// handling outbound traffic from the application.
-// If your application uses one or more external
-// services that are not known apriori, setting the policy to `ALLOW_ANY`
-// will cause the sidecars to route any unknown traffic originating from
-// the application to its requested destination.  Users are strongly
-// encouraged to use `ServiceEntry` configurations to explicitly declare any external
-// dependencies, instead of using `ALLOW_ANY`, so that traffic to these
-// services can be monitored.
-type OutboundTrafficPolicy struct {
-	state         protoimpl.MessageState
-	sizeCache     protoimpl.SizeCache
-	unknownFields protoimpl.UnknownFields
-
-	Mode OutboundTrafficPolicy_Mode `protobuf:"varint,1,opt,name=mode,proto3,enum=istio.networking.v1beta1.OutboundTrafficPolicy_Mode" json:"mode,omitempty"`
-	// Specifies the details of the egress proxy to which unknown
-	// traffic should be forwarded to from the sidecar. Valid only if
-	// the mode is set to ALLOW_ANY. If not specified when the mode is
-	// ALLOW_ANY, the sidecar will send the unknown traffic directly to
-	// the IP requested by the application.
-	//
-	// ** NOTE 1**: The specified egress host must be imported in the
-	// egress section for the traffic forwarding to work.
-	//
-	// ** NOTE 2**: An Envoy based egress gateway is unlikely to be able
-	// to handle plain text TCP connections forwarded from the sidecar.
-	// Envoy's dynamic forward proxy can handle only HTTP and TLS
-	// connections.
-	// $hide_from_docs
-	EgressProxy *Destination `protobuf:"bytes,2,opt,name=egress_proxy,json=egressProxy,proto3" json:"egress_proxy,omitempty"`
-}
-
-func (x *OutboundTrafficPolicy) Reset() {
-	*x = OutboundTrafficPolicy{}
-	if protoimpl.UnsafeEnabled {
-		mi := &file_networking_v1beta1_sidecar_proto_msgTypes[4]
-		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
-		ms.StoreMessageInfo(mi)
-	}
-}
-
-func (x *OutboundTrafficPolicy) String() string {
-	return protoimpl.X.MessageStringOf(x)
-}
-
-func (*OutboundTrafficPolicy) ProtoMessage() {}
-
-func (x *OutboundTrafficPolicy) ProtoReflect() protoreflect.Message {
-	mi := &file_networking_v1beta1_sidecar_proto_msgTypes[4]
-	if protoimpl.UnsafeEnabled && x != nil {
-		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
-		if ms.LoadMessageInfo() == nil {
-			ms.StoreMessageInfo(mi)
-		}
-		return ms
-	}
-	return mi.MessageOf(x)
-}
-
-// Deprecated: Use OutboundTrafficPolicy.ProtoReflect.Descriptor instead.
-func (*OutboundTrafficPolicy) Descriptor() ([]byte, []int) {
-	return file_networking_v1beta1_sidecar_proto_rawDescGZIP(), []int{4}
-}
-
-func (x *OutboundTrafficPolicy) GetMode() OutboundTrafficPolicy_Mode {
-	if x != nil {
-		return x.Mode
-	}
-	return OutboundTrafficPolicy_REGISTRY_ONLY
-}
-
-func (x *OutboundTrafficPolicy) GetEgressProxy() *Destination {
-	if x != nil {
-		return x.EgressProxy
-	}
-	return nil
-}
-
-var File_networking_v1beta1_sidecar_proto protoreflect.FileDescriptor
-
-var file_networking_v1beta1_sidecar_proto_rawDesc = []byte{
-	0x0a, 0x20, 0x6e, 0x65, 0x74, 0x77, 0x6f, 0x72, 0x6b, 0x69, 0x6e, 0x67, 0x2f, 0x76, 0x31, 0x62,
-	0x65, 0x74, 0x61, 0x31, 0x2f, 0x73, 0x69, 0x64, 0x65, 0x63, 0x61, 0x72, 0x2e, 0x70, 0x72, 0x6f,
-	0x74, 0x6f, 0x12, 0x18, 0x69, 0x73, 0x74, 0x69, 0x6f, 0x2e, 0x6e, 0x65, 0x74, 0x77, 0x6f, 0x72,
-	0x6b, 0x69, 0x6e, 0x67, 0x2e, 0x76, 0x31, 0x62, 0x65, 0x74, 0x61, 0x31, 0x1a, 0x1f, 0x67, 0x6f,
-	0x6f, 0x67, 0x6c, 0x65, 0x2f, 0x61, 0x70, 0x69, 0x2f, 0x66, 0x69, 0x65, 0x6c, 0x64, 0x5f, 0x62,
-	0x65, 0x68, 0x61, 0x76, 0x69, 0x6f, 0x72, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x1a, 0x20, 0x6e,
-	0x65, 0x74, 0x77, 0x6f, 0x72, 0x6b, 0x69, 0x6e, 0x67, 0x2f, 0x76, 0x31, 0x62, 0x65, 0x74, 0x61,
-	0x31, 0x2f, 0x67, 0x61, 0x74, 0x65, 0x77, 0x61, 0x79, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x1a,
-	0x28, 0x6e, 0x65, 0x74, 0x77, 0x6f, 0x72, 0x6b, 0x69, 0x6e, 0x67, 0x2f, 0x76, 0x31, 0x62, 0x65,
-	0x74, 0x61, 0x31, 0x2f, 0x76, 0x69, 0x72, 0x74, 0x75, 0x61, 0x6c, 0x5f, 0x73, 0x65, 0x72, 0x76,
-	0x69, 0x63, 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x22, 0xf3, 0x02, 0x0a, 0x07, 0x53, 0x69,
-	0x64, 0x65, 0x63, 0x61, 0x72, 0x12, 0x57, 0x0a, 0x11, 0x77, 0x6f, 0x72, 0x6b, 0x6c, 0x6f, 0x61,
-	0x64, 0x5f, 0x73, 0x65, 0x6c, 0x65, 0x63, 0x74, 0x6f, 0x72, 0x18, 0x01, 0x20, 0x01, 0x28, 0x0b,
-	0x32, 0x2a, 0x2e, 0x69, 0x73, 0x74, 0x69, 0x6f, 0x2e, 0x6e, 0x65, 0x74, 0x77, 0x6f, 0x72, 0x6b,
-	0x69, 0x6e, 0x67, 0x2e, 0x76, 0x31, 0x62, 0x65, 0x74, 0x61, 0x31, 0x2e, 0x57, 0x6f, 0x72, 0x6b,
-	0x6c, 0x6f, 0x61, 0x64, 0x53, 0x65, 0x6c, 0x65, 0x63, 0x74, 0x6f, 0x72, 0x52, 0x10, 0x77, 0x6f,
-	0x72, 0x6b, 0x6c, 0x6f, 0x61, 0x64, 0x53, 0x65, 0x6c, 0x65, 0x63, 0x74, 0x6f, 0x72, 0x12, 0x48,
-	0x0a, 0x07, 0x69, 0x6e, 0x67, 0x72, 0x65, 0x73, 0x73, 0x18, 0x02, 0x20, 0x03, 0x28, 0x0b, 0x32,
-	0x2e, 0x2e, 0x69, 0x73, 0x74, 0x69, 0x6f, 0x2e, 0x6e, 0x65, 0x74, 0x77, 0x6f, 0x72, 0x6b, 0x69,
-	0x6e, 0x67, 0x2e, 0x76, 0x31, 0x62, 0x65, 0x74, 0x61, 0x31, 0x2e, 0x49, 0x73, 0x74, 0x69, 0x6f,
-	0x49, 0x6e, 0x67, 0x72, 0x65, 0x73, 0x73, 0x4c, 0x69, 0x73, 0x74, 0x65, 0x6e, 0x65, 0x72, 0x52,
-	0x07, 0x69, 0x6e, 0x67, 0x72, 0x65, 0x73, 0x73, 0x12, 0x45, 0x0a, 0x06, 0x65, 0x67, 0x72, 0x65,
-	0x73, 0x73, 0x18, 0x03, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x2d, 0x2e, 0x69, 0x73, 0x74, 0x69, 0x6f,
-	0x2e, 0x6e, 0x65, 0x74, 0x77, 0x6f, 0x72, 0x6b, 0x69, 0x6e, 0x67, 0x2e, 0x76, 0x31, 0x62, 0x65,
-	0x74, 0x61, 0x31, 0x2e, 0x49, 0x73, 0x74, 0x69, 0x6f, 0x45, 0x67, 0x72, 0x65, 0x73, 0x73, 0x4c,
-	0x69, 0x73, 0x74, 0x65, 0x6e, 0x65, 0x72, 0x52, 0x06, 0x65, 0x67, 0x72, 0x65, 0x73, 0x73, 0x12,
-	0x67, 0x0a, 0x17, 0x6f, 0x75, 0x74, 0x62, 0x6f, 0x75, 0x6e, 0x64, 0x5f, 0x74, 0x72, 0x61, 0x66,
-	0x66, 0x69, 0x63, 0x5f, 0x70, 0x6f, 0x6c, 0x69, 0x63, 0x79, 0x18, 0x04, 0x20, 0x01, 0x28, 0x0b,
-	0x32, 0x2f, 0x2e, 0x69, 0x73, 0x74, 0x69, 0x6f, 0x2e, 0x6e, 0x65, 0x74, 0x77, 0x6f, 0x72, 0x6b,
-	0x69, 0x6e, 0x67, 0x2e, 0x76, 0x31, 0x62, 0x65, 0x74, 0x61, 0x31, 0x2e, 0x4f, 0x75, 0x74, 0x62,
-	0x6f, 0x75, 0x6e, 0x64, 0x54, 0x72, 0x61, 0x66, 0x66, 0x69, 0x63, 0x50, 0x6f, 0x6c, 0x69, 0x63,
-	0x79, 0x52, 0x15, 0x6f, 0x75, 0x74, 0x62, 0x6f, 0x75, 0x6e, 0x64, 0x54, 0x72, 0x61, 0x66, 0x66,
-	0x69, 0x63, 0x50, 0x6f, 0x6c, 0x69, 0x63, 0x79, 0x4a, 0x04, 0x08, 0x05, 0x10, 0x06, 0x4a, 0x04,
-	0x08, 0x06, 0x10, 0x07, 0x52, 0x09, 0x6c, 0x6f, 0x63, 0x61, 0x6c, 0x68, 0x6f, 0x73, 0x74, 0x22,
-	0xc0, 0x02, 0x0a, 0x14, 0x49, 0x73, 0x74, 0x69, 0x6f, 0x49, 0x6e, 0x67, 0x72, 0x65, 0x73, 0x73,
-	0x4c, 0x69, 0x73, 0x74, 0x65, 0x6e, 0x65, 0x72, 0x12, 0x38, 0x0a, 0x04, 0x70, 0x6f, 0x72, 0x74,
-	0x18, 0x01, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x1e, 0x2e, 0x69, 0x73, 0x74, 0x69, 0x6f, 0x2e, 0x6e,
-	0x65, 0x74, 0x77, 0x6f, 0x72, 0x6b, 0x69, 0x6e, 0x67, 0x2e, 0x76, 0x31, 0x62, 0x65, 0x74, 0x61,
-	0x31, 0x2e, 0x50, 0x6f, 0x72, 0x74, 0x42, 0x04, 0xe2, 0x41, 0x01, 0x02, 0x52, 0x04, 0x70, 0x6f,
-	0x72, 0x74, 0x12, 0x12, 0x0a, 0x04, 0x62, 0x69, 0x6e, 0x64, 0x18, 0x02, 0x20, 0x01, 0x28, 0x09,
-	0x52, 0x04, 0x62, 0x69, 0x6e, 0x64, 0x12, 0x48, 0x0a, 0x0c, 0x63, 0x61, 0x70, 0x74, 0x75, 0x72,
-	0x65, 0x5f, 0x6d, 0x6f, 0x64, 0x65, 0x18, 0x03, 0x20, 0x01, 0x28, 0x0e, 0x32, 0x25, 0x2e, 0x69,
-	0x73, 0x74, 0x69, 0x6f, 0x2e, 0x6e, 0x65, 0x74, 0x77, 0x6f, 0x72, 0x6b, 0x69, 0x6e, 0x67, 0x2e,
-	0x76, 0x31, 0x62, 0x65, 0x74, 0x61, 0x31, 0x2e, 0x43, 0x61, 0x70, 0x74, 0x75, 0x72, 0x65, 0x4d,
-	0x6f, 0x64, 0x65, 0x52, 0x0b, 0x63, 0x61, 0x70, 0x74, 0x75, 0x72, 0x65, 0x4d, 0x6f, 0x64, 0x65,
-	0x12, 0x2f, 0x0a, 0x10, 0x64, 0x65, 0x66, 0x61, 0x75, 0x6c, 0x74, 0x5f, 0x65, 0x6e, 0x64, 0x70,
-	0x6f, 0x69, 0x6e, 0x74, 0x18, 0x04, 0x20, 0x01, 0x28, 0x09, 0x42, 0x04, 0xe2, 0x41, 0x01, 0x02,
-	0x52, 0x0f, 0x64, 0x65, 0x66, 0x61, 0x75, 0x6c, 0x74, 0x45, 0x6e, 0x64, 0x70, 0x6f, 0x69, 0x6e,
-	0x74, 0x12, 0x3d, 0x0a, 0x03, 0x74, 0x6c, 0x73, 0x18, 0x07, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x2b,
-	0x2e, 0x69, 0x73, 0x74, 0x69, 0x6f, 0x2e, 0x6e, 0x65, 0x74, 0x77, 0x6f, 0x72, 0x6b, 0x69, 0x6e,
-	0x67, 0x2e, 0x76, 0x31, 0x62, 0x65, 0x74, 0x61, 0x31, 0x2e, 0x53, 0x65, 0x72, 0x76, 0x65, 0x72,
-	0x54, 0x4c, 0x53, 0x53, 0x65, 0x74, 0x74, 0x69, 0x6e, 0x67, 0x73, 0x52, 0x03, 0x74, 0x6c, 0x73,
-	0x4a, 0x04, 0x08, 0x05, 0x10, 0x06, 0x4a, 0x04, 0x08, 0x06, 0x10, 0x07, 0x52, 0x14, 0x6c, 0x6f,
-	0x63, 0x61, 0x6c, 0x68, 0x6f, 0x73, 0x74, 0x5f, 0x63, 0x6c, 0x69, 0x65, 0x6e, 0x74, 0x5f, 0x74,
-	0x6c, 0x73, 0x22, 0xe5, 0x01, 0x0a, 0x13, 0x49, 0x73, 0x74, 0x69, 0x6f, 0x45, 0x67, 0x72, 0x65,
-	0x73, 0x73, 0x4c, 0x69, 0x73, 0x74, 0x65, 0x6e, 0x65, 0x72, 0x12, 0x32, 0x0a, 0x04, 0x70, 0x6f,
-	0x72, 0x74, 0x18, 0x01, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x1e, 0x2e, 0x69, 0x73, 0x74, 0x69, 0x6f,
-	0x2e, 0x6e, 0x65, 0x74, 0x77, 0x6f, 0x72, 0x6b, 0x69, 0x6e, 0x67, 0x2e, 0x76, 0x31, 0x62, 0x65,
-	0x74, 0x61, 0x31, 0x2e, 0x50, 0x6f, 0x72, 0x74, 0x52, 0x04, 0x70, 0x6f, 0x72, 0x74, 0x12, 0x12,
-	0x0a, 0x04, 0x62, 0x69, 0x6e, 0x64, 0x18, 0x02, 0x20, 0x01, 0x28, 0x09, 0x52, 0x04, 0x62, 0x69,
-	0x6e, 0x64, 0x12, 0x48, 0x0a, 0x0c, 0x63, 0x61, 0x70, 0x74, 0x75, 0x72, 0x65, 0x5f, 0x6d, 0x6f,
-	0x64, 0x65, 0x18, 0x03, 0x20, 0x01, 0x28, 0x0e, 0x32, 0x25, 0x2e, 0x69, 0x73, 0x74, 0x69, 0x6f,
-	0x2e, 0x6e, 0x65, 0x74, 0x77, 0x6f, 0x72, 0x6b, 0x69, 0x6e, 0x67, 0x2e, 0x76, 0x31, 0x62, 0x65,
-	0x74, 0x61, 0x31, 0x2e, 0x43, 0x61, 0x70, 0x74, 0x75, 0x72, 0x65, 0x4d, 0x6f, 0x64, 0x65, 0x52,
-	0x0b, 0x63, 0x61, 0x70, 0x74, 0x75, 0x72, 0x65, 0x4d, 0x6f, 0x64, 0x65, 0x12, 0x1a, 0x0a, 0x05,
-	0x68, 0x6f, 0x73, 0x74, 0x73, 0x18, 0x04, 0x20, 0x03, 0x28, 0x09, 0x42, 0x04, 0xe2, 0x41, 0x01,
-	0x02, 0x52, 0x05, 0x68, 0x6f, 0x73, 0x74, 0x73, 0x4a, 0x04, 0x08, 0x05, 0x10, 0x06, 0x4a, 0x04,
-	0x08, 0x06, 0x10, 0x07, 0x52, 0x14, 0x6c, 0x6f, 0x63, 0x61, 0x6c, 0x68, 0x6f, 0x73, 0x74, 0x5f,
-	0x73, 0x65, 0x72, 0x76, 0x65, 0x72, 0x5f, 0x74, 0x6c, 0x73, 0x22, 0xa3, 0x01, 0x0a, 0x10, 0x57,
-	0x6f, 0x72, 0x6b, 0x6c, 0x6f, 0x61, 0x64, 0x53, 0x65, 0x6c, 0x65, 0x63, 0x74, 0x6f, 0x72, 0x12,
-	0x54, 0x0a, 0x06, 0x6c, 0x61, 0x62, 0x65, 0x6c, 0x73, 0x18, 0x01, 0x20, 0x03, 0x28, 0x0b, 0x32,
-	0x36, 0x2e, 0x69, 0x73, 0x74, 0x69, 0x6f, 0x2e, 0x6e, 0x65, 0x74, 0x77, 0x6f, 0x72, 0x6b, 0x69,
-	0x6e, 0x67, 0x2e, 0x76, 0x31, 0x62, 0x65, 0x74, 0x61, 0x31, 0x2e, 0x57, 0x6f, 0x72, 0x6b, 0x6c,
-	0x6f, 0x61, 0x64, 0x53, 0x65, 0x6c, 0x65, 0x63, 0x74, 0x6f, 0x72, 0x2e, 0x4c, 0x61, 0x62, 0x65,
-	0x6c, 0x73, 0x45, 0x6e, 0x74, 0x72, 0x79, 0x42, 0x04, 0xe2, 0x41, 0x01, 0x02, 0x52, 0x06, 0x6c,
-	0x61, 0x62, 0x65, 0x6c, 0x73, 0x1a, 0x39, 0x0a, 0x0b, 0x4c, 0x61, 0x62, 0x65, 0x6c, 0x73, 0x45,
-	0x6e, 0x74, 0x72, 0x79, 0x12, 0x10, 0x0a, 0x03, 0x6b, 0x65, 0x79, 0x18, 0x01, 0x20, 0x01, 0x28,
-	0x09, 0x52, 0x03, 0x6b, 0x65, 0x79, 0x12, 0x14, 0x0a, 0x05, 0x76, 0x61, 0x6c, 0x75, 0x65, 0x18,
-	0x02, 0x20, 0x01, 0x28, 0x09, 0x52, 0x05, 0x76, 0x61, 0x6c, 0x75, 0x65, 0x3a, 0x02, 0x38, 0x01,
-	0x22, 0xd5, 0x01, 0x0a, 0x15, 0x4f, 0x75, 0x74, 0x62, 0x6f, 0x75, 0x6e, 0x64, 0x54, 0x72, 0x61,
-	0x66, 0x66, 0x69, 0x63, 0x50, 0x6f, 0x6c, 0x69, 0x63, 0x79, 0x12, 0x48, 0x0a, 0x04, 0x6d, 0x6f,
-	0x64, 0x65, 0x18, 0x01, 0x20, 0x01, 0x28, 0x0e, 0x32, 0x34, 0x2e, 0x69, 0x73, 0x74, 0x69, 0x6f,
-	0x2e, 0x6e, 0x65, 0x74, 0x77, 0x6f, 0x72, 0x6b, 0x69, 0x6e, 0x67, 0x2e, 0x76, 0x31, 0x62, 0x65,
-	0x74, 0x61, 0x31, 0x2e, 0x4f, 0x75, 0x74, 0x62, 0x6f, 0x75, 0x6e, 0x64, 0x54, 0x72, 0x61, 0x66,
-	0x66, 0x69, 0x63, 0x50, 0x6f, 0x6c, 0x69, 0x63, 0x79, 0x2e, 0x4d, 0x6f, 0x64, 0x65, 0x52, 0x04,
-	0x6d, 0x6f, 0x64, 0x65, 0x12, 0x48, 0x0a, 0x0c, 0x65, 0x67, 0x72, 0x65, 0x73, 0x73, 0x5f, 0x70,
-	0x72, 0x6f, 0x78, 0x79, 0x18, 0x02, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x25, 0x2e, 0x69, 0x73, 0x74,
-	0x69, 0x6f, 0x2e, 0x6e, 0x65, 0x74, 0x77, 0x6f, 0x72, 0x6b, 0x69, 0x6e, 0x67, 0x2e, 0x76, 0x31,
-	0x62, 0x65, 0x74, 0x61, 0x31, 0x2e, 0x44, 0x65, 0x73, 0x74, 0x69, 0x6e, 0x61, 0x74, 0x69, 0x6f,
-	0x6e, 0x52, 0x0b, 0x65, 0x67, 0x72, 0x65, 0x73, 0x73, 0x50, 0x72, 0x6f, 0x78, 0x79, 0x22, 0x28,
-	0x0a, 0x04, 0x4d, 0x6f, 0x64, 0x65, 0x12, 0x11, 0x0a, 0x0d, 0x52, 0x45, 0x47, 0x49, 0x53, 0x54,
-	0x52, 0x59, 0x5f, 0x4f, 0x4e, 0x4c, 0x59, 0x10, 0x00, 0x12, 0x0d, 0x0a, 0x09, 0x41, 0x4c, 0x4c,
-	0x4f, 0x57, 0x5f, 0x41, 0x4e, 0x59, 0x10, 0x01, 0x2a, 0x32, 0x0a, 0x0b, 0x43, 0x61, 0x70, 0x74,
-	0x75, 0x72, 0x65, 0x4d, 0x6f, 0x64, 0x65, 0x12, 0x0b, 0x0a, 0x07, 0x44, 0x45, 0x46, 0x41, 0x55,
-	0x4c, 0x54, 0x10, 0x00, 0x12, 0x0c, 0x0a, 0x08, 0x49, 0x50, 0x54, 0x41, 0x42, 0x4c, 0x45, 0x53,
-	0x10, 0x01, 0x12, 0x08, 0x0a, 0x04, 0x4e, 0x4f, 0x4e, 0x45, 0x10, 0x02, 0x42, 0x21, 0x5a, 0x1f,
-	0x69, 0x73, 0x74, 0x69, 0x6f, 0x2e, 0x69, 0x6f, 0x2f, 0x61, 0x70, 0x69, 0x2f, 0x6e, 0x65, 0x74,
-	0x77, 0x6f, 0x72, 0x6b, 0x69, 0x6e, 0x67, 0x2f, 0x76, 0x31, 0x62, 0x65, 0x74, 0x61, 0x31, 0x62,
-	0x06, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x33,
-}
-
-var (
-	file_networking_v1beta1_sidecar_proto_rawDescOnce sync.Once
-	file_networking_v1beta1_sidecar_proto_rawDescData = file_networking_v1beta1_sidecar_proto_rawDesc
-)
-
-func file_networking_v1beta1_sidecar_proto_rawDescGZIP() []byte {
-	file_networking_v1beta1_sidecar_proto_rawDescOnce.Do(func() {
-		file_networking_v1beta1_sidecar_proto_rawDescData = protoimpl.X.CompressGZIP(file_networking_v1beta1_sidecar_proto_rawDescData)
-	})
-	return file_networking_v1beta1_sidecar_proto_rawDescData
-}
-
-var file_networking_v1beta1_sidecar_proto_enumTypes = make([]protoimpl.EnumInfo, 2)
-var file_networking_v1beta1_sidecar_proto_msgTypes = make([]protoimpl.MessageInfo, 6)
-var file_networking_v1beta1_sidecar_proto_goTypes = []interface{}{
-	(CaptureMode)(0),                // 0: istio.networking.v1beta1.CaptureMode
-	(OutboundTrafficPolicy_Mode)(0), // 1: istio.networking.v1beta1.OutboundTrafficPolicy.Mode
-	(*Sidecar)(nil),                 // 2: istio.networking.v1beta1.Sidecar
-	(*IstioIngressListener)(nil),    // 3: istio.networking.v1beta1.IstioIngressListener
-	(*IstioEgressListener)(nil),     // 4: istio.networking.v1beta1.IstioEgressListener
-	(*WorkloadSelector)(nil),        // 5: istio.networking.v1beta1.WorkloadSelector
-	(*OutboundTrafficPolicy)(nil),   // 6: istio.networking.v1beta1.OutboundTrafficPolicy
-	nil,                             // 7: istio.networking.v1beta1.WorkloadSelector.LabelsEntry
-	(*Port)(nil),                    // 8: istio.networking.v1beta1.Port
-	(*ServerTLSSettings)(nil),       // 9: istio.networking.v1beta1.ServerTLSSettings
-	(*Destination)(nil),             // 10: istio.networking.v1beta1.Destination
-}
-var file_networking_v1beta1_sidecar_proto_depIdxs = []int32{
-	5,  // 0: istio.networking.v1beta1.Sidecar.workload_selector:type_name -> istio.networking.v1beta1.WorkloadSelector
-	3,  // 1: istio.networking.v1beta1.Sidecar.ingress:type_name -> istio.networking.v1beta1.IstioIngressListener
-	4,  // 2: istio.networking.v1beta1.Sidecar.egress:type_name -> istio.networking.v1beta1.IstioEgressListener
-	6,  // 3: istio.networking.v1beta1.Sidecar.outbound_traffic_policy:type_name -> istio.networking.v1beta1.OutboundTrafficPolicy
-	8,  // 4: istio.networking.v1beta1.IstioIngressListener.port:type_name -> istio.networking.v1beta1.Port
-	0,  // 5: istio.networking.v1beta1.IstioIngressListener.capture_mode:type_name -> istio.networking.v1beta1.CaptureMode
-	9,  // 6: istio.networking.v1beta1.IstioIngressListener.tls:type_name -> istio.networking.v1beta1.ServerTLSSettings
-	8,  // 7: istio.networking.v1beta1.IstioEgressListener.port:type_name -> istio.networking.v1beta1.Port
-	0,  // 8: istio.networking.v1beta1.IstioEgressListener.capture_mode:type_name -> istio.networking.v1beta1.CaptureMode
-	7,  // 9: istio.networking.v1beta1.WorkloadSelector.labels:type_name -> istio.networking.v1beta1.WorkloadSelector.LabelsEntry
-	1,  // 10: istio.networking.v1beta1.OutboundTrafficPolicy.mode:type_name -> istio.networking.v1beta1.OutboundTrafficPolicy.Mode
-	10, // 11: istio.networking.v1beta1.OutboundTrafficPolicy.egress_proxy:type_name -> istio.networking.v1beta1.Destination
-	12, // [12:12] is the sub-list for method output_type
-	12, // [12:12] is the sub-list for method input_type
-	12, // [12:12] is the sub-list for extension type_name
-	12, // [12:12] is the sub-list for extension extendee
-	0,  // [0:12] is the sub-list for field type_name
-}
-
-func init() { file_networking_v1beta1_sidecar_proto_init() }
-func file_networking_v1beta1_sidecar_proto_init() {
-	if File_networking_v1beta1_sidecar_proto != nil {
-		return
-	}
-	file_networking_v1beta1_gateway_proto_init()
-	file_networking_v1beta1_virtual_service_proto_init()
-	if !protoimpl.UnsafeEnabled {
-		file_networking_v1beta1_sidecar_proto_msgTypes[0].Exporter = func(v interface{}, i int) interface{} {
-			switch v := v.(*Sidecar); i {
-			case 0:
-				return &v.state
-			case 1:
-				return &v.sizeCache
-			case 2:
-				return &v.unknownFields
-			default:
-				return nil
-			}
-		}
-		file_networking_v1beta1_sidecar_proto_msgTypes[1].Exporter = func(v interface{}, i int) interface{} {
-			switch v := v.(*IstioIngressListener); i {
-			case 0:
-				return &v.state
-			case 1:
-				return &v.sizeCache
-			case 2:
-				return &v.unknownFields
-			default:
-				return nil
-			}
-		}
-		file_networking_v1beta1_sidecar_proto_msgTypes[2].Exporter = func(v interface{}, i int) interface{} {
-			switch v := v.(*IstioEgressListener); i {
-			case 0:
-				return &v.state
-			case 1:
-				return &v.sizeCache
-			case 2:
-				return &v.unknownFields
-			default:
-				return nil
-			}
-		}
-		file_networking_v1beta1_sidecar_proto_msgTypes[3].Exporter = func(v interface{}, i int) interface{} {
-			switch v := v.(*WorkloadSelector); i {
-			case 0:
-				return &v.state
-			case 1:
-				return &v.sizeCache
-			case 2:
-				return &v.unknownFields
-			default:
-				return nil
-			}
-		}
-		file_networking_v1beta1_sidecar_proto_msgTypes[4].Exporter = func(v interface{}, i int) interface{} {
-			switch v := v.(*OutboundTrafficPolicy); i {
-			case 0:
-				return &v.state
-			case 1:
-				return &v.sizeCache
-			case 2:
-				return &v.unknownFields
-			default:
-				return nil
-			}
-		}
-	}
-	type x struct{}
-	out := protoimpl.TypeBuilder{
-		File: protoimpl.DescBuilder{
-			GoPackagePath: reflect.TypeOf(x{}).PkgPath(),
-			RawDescriptor: file_networking_v1beta1_sidecar_proto_rawDesc,
-			NumEnums:      2,
-			NumMessages:   6,
-			NumExtensions: 0,
-			NumServices:   0,
-		},
-		GoTypes:           file_networking_v1beta1_sidecar_proto_goTypes,
-		DependencyIndexes: file_networking_v1beta1_sidecar_proto_depIdxs,
-		EnumInfos:         file_networking_v1beta1_sidecar_proto_enumTypes,
-		MessageInfos:      file_networking_v1beta1_sidecar_proto_msgTypes,
-	}.Build()
-	File_networking_v1beta1_sidecar_proto = out.File
-	file_networking_v1beta1_sidecar_proto_rawDesc = nil
-	file_networking_v1beta1_sidecar_proto_goTypes = nil
-	file_networking_v1beta1_sidecar_proto_depIdxs = nil
-}
diff --git a/vendor/istio.io/api/networking/v1beta1/sidecar_alias.gen.go b/vendor/istio.io/api/networking/v1beta1/sidecar_alias.gen.go
new file mode 100644
index 000000000..5d257fcf6
--- /dev/null
+++ b/vendor/istio.io/api/networking/v1beta1/sidecar_alias.gen.go
@@ -0,0 +1,85 @@
+// Code generated by protoc-gen-alias. DO NOT EDIT.
+package v1beta1
+
+import "istio.io/api/networking/v1alpha3"
+
+// `Sidecar` describes the configuration of the sidecar proxy that mediates
+// inbound and outbound communication of the workload instance to which it is
+// attached.
+//
+// 
+//
+// 
+type Sidecar = v1alpha3.Sidecar
+
+// `IstioIngressListener` specifies the properties of an inbound
+// traffic listener on the sidecar proxy attached to a workload instance.
+type IstioIngressListener = v1alpha3.IstioIngressListener
+
+// `IstioEgressListener` specifies the properties of an outbound traffic
+// listener on the sidecar proxy attached to a workload instance.
+type IstioEgressListener = v1alpha3.IstioEgressListener
+
+// `WorkloadSelector` specifies the criteria used to determine if the
+// `Gateway`, `Sidecar`, `EnvoyFilter`, `ServiceEntry`, or `DestinationRule`
+// configuration can be applied to a proxy. The matching criteria
+// includes the metadata associated with a proxy, workload instance
+// info such as labels attached to the pod/VM, or any other info that
+// the proxy provides to Istio during the initial handshake. If
+// multiple conditions are specified, all conditions need to match in
+// order for the workload instance to be selected. Currently, only
+// label based selection mechanism is supported.
+type WorkloadSelector = v1alpha3.WorkloadSelector
+
+// `OutboundTrafficPolicy` sets the default behavior of the sidecar for
+// handling unknown outbound traffic from the application.
+type OutboundTrafficPolicy = v1alpha3.OutboundTrafficPolicy
+type OutboundTrafficPolicy_Mode = v1alpha3.OutboundTrafficPolicy_Mode
+
+// In `REGISTRY_ONLY` mode, unknown outbound traffic will be dropped.
+// Traffic destinations must be explicitly declared into the service registry through `ServiceEntry` configurations.
+//
+// Note: Istio [does not offer an outbound traffic security policy](https://istio.io/latest/docs/ops/best-practices/security/#understand-traffic-capture-limitations).
+// This option does not act as one, or as any form of an outbound firewall.
+// Instead, this option exists primarily to offer users a way to detect missing `ServiceEntry` configurations by explicitly failing.
+const OutboundTrafficPolicy_REGISTRY_ONLY OutboundTrafficPolicy_Mode = v1alpha3.OutboundTrafficPolicy_REGISTRY_ONLY
+
+// In `ALLOW_ANY` mode, any traffic to unknown destinations will be allowed.
+// Unknown destination traffic will have limited functionality, however, such as reduced observability.
+// This mode allows users that do not have all possible egress destinations registered through `ServiceEntry` configurations to still connect
+// to arbitrary destinations.
+const OutboundTrafficPolicy_ALLOW_ANY OutboundTrafficPolicy_Mode = v1alpha3.OutboundTrafficPolicy_ALLOW_ANY
+
+// Port describes the properties of a specific port of a service.
+type SidecarPort = v1alpha3.SidecarPort
+
+// `CaptureMode` describes how traffic to a listener is expected to be
+// captured. Applicable only when the listener is bound to an IP.
+type CaptureMode = v1alpha3.CaptureMode
+
+// The default capture mode defined by the environment.
+const CaptureMode_DEFAULT CaptureMode = v1alpha3.CaptureMode_DEFAULT
+
+// Capture traffic using IPtables redirection.
+const CaptureMode_IPTABLES CaptureMode = v1alpha3.CaptureMode_IPTABLES
+
+// No traffic capture. When used in an egress listener, the application is
+// expected to explicitly communicate with the listener port or Unix
+// domain socket. When used in an ingress listener, care needs to be taken
+// to ensure that the listener port is not in use by other processes on
+// the host.
+const CaptureMode_NONE CaptureMode = v1alpha3.CaptureMode_NONE
diff --git a/vendor/istio.io/api/networking/v1beta1/virtual_service.gen.json b/vendor/istio.io/api/networking/v1beta1/virtual_service.gen.json
deleted file mode 100644
index 439a6aa0a..000000000
--- a/vendor/istio.io/api/networking/v1beta1/virtual_service.gen.json
+++ /dev/null
@@ -1,914 +0,0 @@
-{
-  "openapi": "3.0.0",
-  "info": {
-    "title": "Configuration affecting label/content routing, sni routing, etc.",
-    "version": "v1beta1"
-  },
-  "components": {
-    "schemas": {
-      "istio.networking.v1beta1.CorsPolicy": {
-        "description": "Describes the Cross-Origin Resource Sharing (CORS) policy, for a given service. Refer to [CORS](https://developer.mozilla.org/en-US/docs/Web/HTTP/Access_control_CORS) for further details about cross origin resource sharing. For example, the following rule restricts cross origin requests to those originating from example.com domain using HTTP POST/GET, and sets the `Access-Control-Allow-Credentials` header to false. In addition, it only exposes `X-Foo-bar` header and sets an expiry period of 1 day.",
-        "type": "object",
-        "properties": {
-          "allowOrigin": {
-            "description": "The list of origins that are allowed to perform CORS requests. The content will be serialized into the Access-Control-Allow-Origin header. Wildcard * will allow all origins. $hide_from_docs",
-            "type": "array",
-            "items": {
-              "type": "string"
-            },
-            "deprecated": true
-          },
-          "allowOrigins": {
-            "description": "String patterns that match allowed origins. An origin is allowed if any of the string matchers match. If a match is found, then the outgoing Access-Control-Allow-Origin would be set to the origin as provided by the client.",
-            "type": "array",
-            "items": {
-              "$ref": "#/components/schemas/istio.networking.v1beta1.StringMatch"
-            }
-          },
-          "allowMethods": {
-            "description": "List of HTTP methods allowed to access the resource. The content will be serialized into the Access-Control-Allow-Methods header.",
-            "type": "array",
-            "items": {
-              "type": "string"
-            }
-          },
-          "allowHeaders": {
-            "description": "List of HTTP headers that can be used when requesting the resource. Serialized to Access-Control-Allow-Headers header.",
-            "type": "array",
-            "items": {
-              "type": "string"
-            }
-          },
-          "exposeHeaders": {
-            "description": "A list of HTTP headers that the browsers are allowed to access. Serialized into Access-Control-Expose-Headers header.",
-            "type": "array",
-            "items": {
-              "type": "string"
-            }
-          },
-          "maxAge": {
-            "description": "Specifies how long the results of a preflight request can be cached. Translates to the `Access-Control-Max-Age` header.",
-            "type": "string"
-          },
-          "allowCredentials": {
-            "description": "Indicates whether the caller is allowed to send the actual request (not the preflight) using credentials. Translates to `Access-Control-Allow-Credentials` header.",
-            "type": "boolean",
-            "nullable": true
-          }
-        }
-      },
-      "istio.networking.v1beta1.Delegate": {
-        "description": "Describes the delegate VirtualService. The following routing rules forward the traffic to `/productpage` by a delegate VirtualService named `productpage`, forward the traffic to `/reviews` by a delegate VirtualService named `reviews`.",
-        "type": "object",
-        "properties": {
-          "name": {
-            "description": "Name specifies the name of the delegate VirtualService.",
-            "type": "string"
-          },
-          "namespace": {
-            "description": "Namespace specifies the namespace where the delegate VirtualService resides. By default, it is same to the root's.",
-            "type": "string"
-          }
-        }
-      },
-      "istio.networking.v1beta1.Destination": {
-        "description": "Destination indicates the network addressable service to which the request/connection will be sent after processing a routing rule. The destination.host should unambiguously refer to a service in the service registry. Istio's service registry is composed of all the services found in the platform's service registry (e.g., Kubernetes services, Consul services), as well as services declared through the [ServiceEntry](https://istio.io/docs/reference/config/networking/service-entry/#ServiceEntry) resource.",
-        "type": "object",
-        "properties": {
-          "host": {
-            "description": "The name of a service from the service registry. Service names are looked up from the platform's service registry (e.g., Kubernetes services, Consul services, etc.) and from the hosts declared by [ServiceEntry](https://istio.io/docs/reference/config/networking/service-entry/#ServiceEntry). Traffic forwarded to destinations that are not found in either of the two, will be dropped.",
-            "type": "string"
-          },
-          "subset": {
-            "description": "The name of a subset within the service. Applicable only to services within the mesh. The subset must be defined in a corresponding DestinationRule.",
-            "type": "string"
-          },
-          "port": {
-            "$ref": "#/components/schemas/istio.networking.v1beta1.PortSelector"
-          }
-        }
-      },
-      "istio.networking.v1beta1.HTTPBody": {
-        "type": "object",
-        "oneOf": [
-          {
-            "not": {
-              "anyOf": [
-                {
-                  "required": [
-                    "string"
-                  ],
-                  "properties": {
-                    "string": {
-                      "description": "response body as a string",
-                      "type": "string"
-                    }
-                  }
-                },
-                {
-                  "required": [
-                    "bytes"
-                  ],
-                  "properties": {
-                    "bytes": {
-                      "description": "response body as base64 encoded bytes.",
-                      "type": "string",
-                      "format": "binary"
-                    }
-                  }
-                }
-              ]
-            }
-          },
-          {
-            "required": [
-              "string"
-            ],
-            "properties": {
-              "string": {
-                "description": "response body as a string",
-                "type": "string"
-              }
-            }
-          },
-          {
-            "required": [
-              "bytes"
-            ],
-            "properties": {
-              "bytes": {
-                "description": "response body as base64 encoded bytes.",
-                "type": "string",
-                "format": "binary"
-              }
-            }
-          }
-        ]
-      },
-      "istio.networking.v1beta1.HTTPDirectResponse": {
-        "description": "HTTPDirectResponse can be used to send a fixed response to clients. For example, the following rule returns a fixed 503 status with a body to requests for /v1/getProductRatings API.",
-        "type": "object",
-        "properties": {
-          "status": {
-            "description": "Specifies the HTTP response status to be returned.",
-            "type": "integer"
-          },
-          "body": {
-            "$ref": "#/components/schemas/istio.networking.v1beta1.HTTPBody"
-          }
-        }
-      },
-      "istio.networking.v1beta1.HTTPFaultInjection": {
-        "description": "HTTPFaultInjection can be used to specify one or more faults to inject while forwarding HTTP requests to the destination specified in a route. Fault specification is part of a VirtualService rule. Faults include aborting the Http request from downstream service, and/or delaying proxying of requests. A fault rule MUST HAVE delay or abort or both.",
-        "type": "object",
-        "properties": {
-          "delay": {
-            "$ref": "#/components/schemas/istio.networking.v1beta1.HTTPFaultInjection.Delay"
-          },
-          "abort": {
-            "$ref": "#/components/schemas/istio.networking.v1beta1.HTTPFaultInjection.Abort"
-          }
-        }
-      },
-      "istio.networking.v1beta1.HTTPFaultInjection.Abort": {
-        "description": "Abort specification is used to prematurely abort a request with a pre-specified error code. The following example will return an HTTP 400 error code for 1 out of every 1000 requests to the \"ratings\" service \"v1\".",
-        "type": "object",
-        "properties": {
-          "percentage": {
-            "$ref": "#/components/schemas/istio.networking.v1beta1.Percent"
-          }
-        },
-        "oneOf": [
-          {
-            "not": {
-              "anyOf": [
-                {
-                  "required": [
-                    "httpStatus"
-                  ],
-                  "properties": {
-                    "httpStatus": {
-                      "description": "HTTP status code to use to abort the Http request.",
-                      "type": "integer",
-                      "format": "int32"
-                    }
-                  }
-                },
-                {
-                  "required": [
-                    "grpcStatus"
-                  ],
-                  "properties": {
-                    "grpcStatus": {
-                      "description": "GRPC status code to use to abort the request. The supported codes are documented in https://github.com/grpc/grpc/blob/master/doc/statuscodes.md Note: If you want to return the status \"Unavailable\", then you should specify the code as `UNAVAILABLE`(all caps), but not `14`.",
-                      "type": "string"
-                    }
-                  }
-                },
-                {
-                  "required": [
-                    "http2Error"
-                  ],
-                  "properties": {
-                    "http2Error": {
-                      "type": "string"
-                    }
-                  }
-                }
-              ]
-            }
-          },
-          {
-            "required": [
-              "httpStatus"
-            ],
-            "properties": {
-              "httpStatus": {
-                "description": "HTTP status code to use to abort the Http request.",
-                "type": "integer",
-                "format": "int32"
-              }
-            }
-          },
-          {
-            "required": [
-              "grpcStatus"
-            ],
-            "properties": {
-              "grpcStatus": {
-                "description": "GRPC status code to use to abort the request. The supported codes are documented in https://github.com/grpc/grpc/blob/master/doc/statuscodes.md Note: If you want to return the status \"Unavailable\", then you should specify the code as `UNAVAILABLE`(all caps), but not `14`.",
-                "type": "string"
-              }
-            }
-          },
-          {
-            "required": [
-              "http2Error"
-            ],
-            "properties": {
-              "http2Error": {
-                "type": "string"
-              }
-            }
-          }
-        ]
-      },
-      "istio.networking.v1beta1.HTTPFaultInjection.Delay": {
-        "description": "Delay specification is used to inject latency into the request forwarding path. The following example will introduce a 5 second delay in 1 out of every 1000 requests to the \"v1\" version of the \"reviews\" service from all pods with label env: prod",
-        "type": "object",
-        "properties": {
-          "percent": {
-            "description": "Percentage of requests on which the delay will be injected (0-100). Use of integer `percent` value is deprecated. Use the double `percentage` field instead.",
-            "type": "integer",
-            "format": "int32",
-            "deprecated": true
-          },
-          "percentage": {
-            "$ref": "#/components/schemas/istio.networking.v1beta1.Percent"
-          }
-        },
-        "oneOf": [
-          {
-            "not": {
-              "anyOf": [
-                {
-                  "required": [
-                    "fixedDelay"
-                  ],
-                  "properties": {
-                    "fixedDelay": {
-                      "description": "Add a fixed delay before forwarding the request. Format: 1h/1m/1s/1ms. MUST be \u003e=1ms.",
-                      "type": "string"
-                    }
-                  }
-                },
-                {
-                  "required": [
-                    "exponentialDelay"
-                  ],
-                  "properties": {
-                    "exponentialDelay": {
-                      "type": "string"
-                    }
-                  }
-                }
-              ]
-            }
-          },
-          {
-            "required": [
-              "fixedDelay"
-            ],
-            "properties": {
-              "fixedDelay": {
-                "description": "Add a fixed delay before forwarding the request. Format: 1h/1m/1s/1ms. MUST be \u003e=1ms.",
-                "type": "string"
-              }
-            }
-          },
-          {
-            "required": [
-              "exponentialDelay"
-            ],
-            "properties": {
-              "exponentialDelay": {
-                "type": "string"
-              }
-            }
-          }
-        ]
-      },
-      "istio.networking.v1beta1.HTTPMatchRequest": {
-        "description": "HttpMatchRequest specifies a set of criterion to be met in order for the rule to be applied to the HTTP request. For example, the following restricts the rule to match only requests where the URL path starts with /ratings/v2/ and the request contains a custom `end-user` header with value `jason`.",
-        "type": "object",
-        "properties": {
-          "name": {
-            "description": "The name assigned to a match. The match's name will be concatenated with the parent route's name and will be logged in the access logs for requests matching this route.",
-            "type": "string"
-          },
-          "uri": {
-            "$ref": "#/components/schemas/istio.networking.v1beta1.StringMatch"
-          },
-          "scheme": {
-            "$ref": "#/components/schemas/istio.networking.v1beta1.StringMatch"
-          },
-          "method": {
-            "$ref": "#/components/schemas/istio.networking.v1beta1.StringMatch"
-          },
-          "authority": {
-            "$ref": "#/components/schemas/istio.networking.v1beta1.StringMatch"
-          },
-          "headers": {
-            "description": "The header keys must be lowercase and use hyphen as the separator, e.g. _x-request-id_.",
-            "type": "object",
-            "additionalProperties": {
-              "$ref": "#/components/schemas/istio.networking.v1beta1.StringMatch"
-            }
-          },
-          "port": {
-            "description": "Specifies the ports on the host that is being addressed. Many services only expose a single port or label ports with the protocols they support, in these cases it is not required to explicitly select the port.",
-            "type": "integer"
-          },
-          "sourceLabels": {
-            "description": "One or more labels that constrain the applicability of a rule to source (client) workloads with the given labels. If the VirtualService has a list of gateways specified in the top-level `gateways` field, it must include the reserved gateway `mesh` for this field to be applicable.",
-            "type": "object",
-            "additionalProperties": {
-              "type": "string"
-            }
-          },
-          "gateways": {
-            "description": "Names of gateways where the rule should be applied. Gateway names in the top-level `gateways` field of the VirtualService (if any) are overridden. The gateway match is independent of sourceLabels.",
-            "type": "array",
-            "items": {
-              "type": "string"
-            }
-          },
-          "queryParams": {
-            "description": "Query parameters for matching.",
-            "type": "object",
-            "additionalProperties": {
-              "$ref": "#/components/schemas/istio.networking.v1beta1.StringMatch"
-            }
-          },
-          "ignoreUriCase": {
-            "description": "Flag to specify whether the URI matching should be case-insensitive.",
-            "type": "boolean"
-          },
-          "withoutHeaders": {
-            "description": "withoutHeader has the same syntax with the header, but has opposite meaning. If a header is matched with a matching rule among withoutHeader, the traffic becomes not matched one.",
-            "type": "object",
-            "additionalProperties": {
-              "$ref": "#/components/schemas/istio.networking.v1beta1.StringMatch"
-            }
-          },
-          "sourceNamespace": {
-            "description": "Source namespace constraining the applicability of a rule to workloads in that namespace. If the VirtualService has a list of gateways specified in the top-level `gateways` field, it must include the reserved gateway `mesh` for this field to be applicable.",
-            "type": "string"
-          },
-          "statPrefix": {
-            "description": "The human readable prefix to use when emitting statistics for this route. The statistics are generated with prefix route.\u003cstat_prefix\u003e. This should be set for highly critical routes that one wishes to get \"per-route\" statistics on. This prefix is only for proxy-level statistics (envoy_*) and not service-level (istio_*) statistics. Refer to https://www.envoyproxy.io/docs/envoy/latest/api-v3/config/route/v3/route_components.proto#envoy-v3-api-field-config-route-v3-route-stat-prefix for statistics that are generated when this is configured.",
-            "type": "string"
-          }
-        }
-      },
-      "istio.networking.v1beta1.HTTPRedirect": {
-        "description": "HTTPRedirect can be used to send a 301 redirect response to the caller, where the Authority/Host and the URI in the response can be swapped with the specified values. For example, the following rule redirects requests for /v1/getProductRatings API on the ratings service to /v1/bookRatings provided by the bookratings service.",
-        "type": "object",
-        "properties": {
-          "uri": {
-            "description": "On a redirect, overwrite the Path portion of the URL with this value. Note that the entire path will be replaced, irrespective of the request URI being matched as an exact path or prefix.",
-            "type": "string"
-          },
-          "authority": {
-            "description": "On a redirect, overwrite the Authority/Host portion of the URL with this value.",
-            "type": "string"
-          },
-          "scheme": {
-            "description": "On a redirect, overwrite the scheme portion of the URL with this value. For example, `http` or `https`. If unset, the original scheme will be used. If `derivePort` is set to `FROM_PROTOCOL_DEFAULT`, this will impact the port used as well",
-            "type": "string"
-          },
-          "redirectCode": {
-            "description": "On a redirect, Specifies the HTTP status code to use in the redirect response. The default response code is MOVED_PERMANENTLY (301).",
-            "type": "integer"
-          }
-        },
-        "oneOf": [
-          {
-            "not": {
-              "anyOf": [
-                {
-                  "required": [
-                    "port"
-                  ],
-                  "properties": {
-                    "port": {
-                      "description": "On a redirect, overwrite the port portion of the URL with this value.",
-                      "type": "integer"
-                    }
-                  }
-                },
-                {
-                  "required": [
-                    "derivePort"
-                  ],
-                  "properties": {
-                    "derivePort": {
-                      "$ref": "#/components/schemas/istio.networking.v1beta1.HTTPRedirect.RedirectPortSelection"
-                    }
-                  }
-                }
-              ]
-            }
-          },
-          {
-            "required": [
-              "port"
-            ],
-            "properties": {
-              "port": {
-                "description": "On a redirect, overwrite the port portion of the URL with this value.",
-                "type": "integer"
-              }
-            }
-          },
-          {
-            "required": [
-              "derivePort"
-            ],
-            "properties": {
-              "derivePort": {
-                "$ref": "#/components/schemas/istio.networking.v1beta1.HTTPRedirect.RedirectPortSelection"
-              }
-            }
-          }
-        ]
-      },
-      "istio.networking.v1beta1.HTTPRedirect.RedirectPortSelection": {
-        "type": "string",
-        "enum": [
-          "FROM_PROTOCOL_DEFAULT",
-          "FROM_REQUEST_PORT"
-        ]
-      },
-      "istio.networking.v1beta1.HTTPRetry": {
-        "description": "Describes the retry policy to use when a HTTP request fails. For example, the following rule sets the maximum number of retries to 3 when calling ratings:v1 service, with a 2s timeout per retry attempt. A retry will be attempted if there is a connect-failure, refused_stream or when the upstream server responds with Service Unavailable(503).",
-        "type": "object",
-        "properties": {
-          "attempts": {
-            "description": "Number of retries to be allowed for a given request. The interval between retries will be determined automatically (25ms+). When request `timeout` of the [HTTP route](https://istio.io/docs/reference/config/networking/virtual-service/#HTTPRoute) or `per_try_timeout` is configured, the actual number of retries attempted also depends on the specified request `timeout` and `per_try_timeout` values.",
-            "type": "integer",
-            "format": "int32"
-          },
-          "perTryTimeout": {
-            "description": "Timeout per attempt for a given request, including the initial call and any retries. Format: 1h/1m/1s/1ms. MUST BE \u003e=1ms. Default is same value as request `timeout` of the [HTTP route](https://istio.io/docs/reference/config/networking/virtual-service/#HTTPRoute), which means no timeout.",
-            "type": "string"
-          },
-          "retryOn": {
-            "description": "Specifies the conditions under which retry takes place. One or more policies can be specified using a ‘,’ delimited list. If `retry_on` specifies a valid HTTP status, it will be added to retriable_status_codes retry policy. See the [retry policies](https://www.envoyproxy.io/docs/envoy/latest/configuration/http/http_filters/router_filter#x-envoy-retry-on) and [gRPC retry policies](https://www.envoyproxy.io/docs/envoy/latest/configuration/http/http_filters/router_filter#x-envoy-retry-grpc-on) for more details.",
-            "type": "string"
-          },
-          "retryRemoteLocalities": {
-            "description": "Flag to specify whether the retries should retry to other localities. See the [retry plugin configuration](https://www.envoyproxy.io/docs/envoy/latest/intro/arch_overview/http/http_connection_management#retry-plugin-configuration) for more details.",
-            "type": "boolean",
-            "nullable": true
-          }
-        }
-      },
-      "istio.networking.v1beta1.HTTPRewrite": {
-        "description": "HTTPRewrite can be used to rewrite specific parts of a HTTP request before forwarding the request to the destination. Rewrite primitive can be used only with HTTPRouteDestination. The following example demonstrates how to rewrite the URL prefix for api call (/ratings) to ratings service before making the actual API call.",
-        "type": "object",
-        "properties": {
-          "uri": {
-            "description": "rewrite the path (or the prefix) portion of the URI with this value. If the original URI was matched based on prefix, the value provided in this field will replace the corresponding matched prefix.",
-            "type": "string"
-          },
-          "authority": {
-            "description": "rewrite the Authority/Host header with this value.",
-            "type": "string"
-          }
-        }
-      },
-      "istio.networking.v1beta1.HTTPRoute": {
-        "description": "Describes match conditions and actions for routing HTTP/1.1, HTTP2, and gRPC traffic. See VirtualService for usage examples.",
-        "type": "object",
-        "properties": {
-          "name": {
-            "description": "The name assigned to the route for debugging purposes. The route's name will be concatenated with the match's name and will be logged in the access logs for requests matching this route/match.",
-            "type": "string"
-          },
-          "match": {
-            "description": "Match conditions to be satisfied for the rule to be activated. All conditions inside a single match block have AND semantics, while the list of match blocks have OR semantics. The rule is matched if any one of the match blocks succeed.",
-            "type": "array",
-            "items": {
-              "$ref": "#/components/schemas/istio.networking.v1beta1.HTTPMatchRequest"
-            }
-          },
-          "route": {
-            "description": "A HTTP rule can either return a direct_response, redirect or forward (default) traffic. The forwarding target can be one of several versions of a service (see glossary in beginning of document). Weights associated with the service version determine the proportion of traffic it receives.",
-            "type": "array",
-            "items": {
-              "$ref": "#/components/schemas/istio.networking.v1beta1.HTTPRouteDestination"
-            }
-          },
-          "redirect": {
-            "$ref": "#/components/schemas/istio.networking.v1beta1.HTTPRedirect"
-          },
-          "directResponse": {
-            "$ref": "#/components/schemas/istio.networking.v1beta1.HTTPDirectResponse"
-          },
-          "delegate": {
-            "$ref": "#/components/schemas/istio.networking.v1beta1.Delegate"
-          },
-          "rewrite": {
-            "$ref": "#/components/schemas/istio.networking.v1beta1.HTTPRewrite"
-          },
-          "timeout": {
-            "description": "Timeout for HTTP requests, default is disabled.",
-            "type": "string"
-          },
-          "retries": {
-            "$ref": "#/components/schemas/istio.networking.v1beta1.HTTPRetry"
-          },
-          "fault": {
-            "$ref": "#/components/schemas/istio.networking.v1beta1.HTTPFaultInjection"
-          },
-          "mirror": {
-            "$ref": "#/components/schemas/istio.networking.v1beta1.Destination"
-          },
-          "mirrorPercent": {
-            "description": "Percentage of the traffic to be mirrored by the `mirror` field. Use of integer `mirror_percent` value is deprecated. Use the double `mirror_percentage` field instead $hide_from_docs",
-            "type": "integer",
-            "deprecated": true,
-            "nullable": true
-          },
-          "mirrorPercentage": {
-            "$ref": "#/components/schemas/istio.networking.v1beta1.Percent"
-          },
-          "corsPolicy": {
-            "$ref": "#/components/schemas/istio.networking.v1beta1.CorsPolicy"
-          },
-          "headers": {
-            "$ref": "#/components/schemas/istio.networking.v1beta1.Headers"
-          }
-        }
-      },
-      "istio.networking.v1beta1.HTTPRouteDestination": {
-        "description": "Each routing rule is associated with one or more service versions (see glossary in beginning of document). Weights associated with the version determine the proportion of traffic it receives. For example, the following rule will route 25% of traffic for the \"reviews\" service to instances with the \"v2\" tag and the remaining traffic (i.e., 75%) to \"v1\".",
-        "type": "object",
-        "properties": {
-          "destination": {
-            "$ref": "#/components/schemas/istio.networking.v1beta1.Destination"
-          },
-          "weight": {
-            "description": "Weight specifies the relative proportion of traffic to be forwarded to the destination. A destination will receive `weight/(sum of all weights)` requests. If there is only one destination in a rule, it will receive all traffic. Otherwise, if weight is `0`, the destination will not receive any traffic.",
-            "type": "integer",
-            "format": "int32"
-          },
-          "headers": {
-            "$ref": "#/components/schemas/istio.networking.v1beta1.Headers"
-          }
-        }
-      },
-      "istio.networking.v1beta1.Headers": {
-        "description": "Message headers can be manipulated when Envoy forwards requests to, or responses from, a destination service. Header manipulation rules can be specified for a specific route destination or for all destinations. The following VirtualService adds a `test` header with the value `true` to requests that are routed to any `reviews` service destination. It also removes the `foo` response header, but only from responses coming from the `v1` subset (version) of the `reviews` service.",
-        "type": "object",
-        "properties": {
-          "request": {
-            "$ref": "#/components/schemas/istio.networking.v1beta1.Headers.HeaderOperations"
-          },
-          "response": {
-            "$ref": "#/components/schemas/istio.networking.v1beta1.Headers.HeaderOperations"
-          }
-        }
-      },
-      "istio.networking.v1beta1.Headers.HeaderOperations": {
-        "description": "HeaderOperations Describes the header manipulations to apply",
-        "type": "object",
-        "properties": {
-          "set": {
-            "description": "Overwrite the headers specified by key with the given values",
-            "type": "object",
-            "additionalProperties": {
-              "type": "string"
-            }
-          },
-          "add": {
-            "description": "Append the given values to the headers specified by keys (will create a comma-separated list of values)",
-            "type": "object",
-            "additionalProperties": {
-              "type": "string"
-            }
-          },
-          "remove": {
-            "description": "Remove the specified headers",
-            "type": "array",
-            "items": {
-              "type": "string"
-            }
-          }
-        }
-      },
-      "istio.networking.v1beta1.L4MatchAttributes": {
-        "description": "L4 connection match attributes. Note that L4 connection matching support is incomplete.",
-        "type": "object",
-        "properties": {
-          "destinationSubnets": {
-            "description": "IPv4 or IPv6 ip addresses of destination with optional subnet. E.g., a.b.c.d/xx form or just a.b.c.d.",
-            "type": "array",
-            "items": {
-              "type": "string"
-            }
-          },
-          "port": {
-            "description": "Specifies the port on the host that is being addressed. Many services only expose a single port or label ports with the protocols they support, in these cases it is not required to explicitly select the port.",
-            "type": "integer"
-          },
-          "sourceSubnet": {
-            "description": "IPv4 or IPv6 ip address of source with optional subnet. E.g., a.b.c.d/xx form or just a.b.c.d $hide_from_docs",
-            "type": "string"
-          },
-          "sourceLabels": {
-            "description": "One or more labels that constrain the applicability of a rule to workloads with the given labels. If the VirtualService has a list of gateways specified in the top-level `gateways` field, it should include the reserved gateway `mesh` in order for this field to be applicable.",
-            "type": "object",
-            "additionalProperties": {
-              "type": "string"
-            }
-          },
-          "gateways": {
-            "description": "Names of gateways where the rule should be applied. Gateway names in the top-level `gateways` field of the VirtualService (if any) are overridden. The gateway match is independent of sourceLabels.",
-            "type": "array",
-            "items": {
-              "type": "string"
-            }
-          },
-          "sourceNamespace": {
-            "description": "Source namespace constraining the applicability of a rule to workloads in that namespace. If the VirtualService has a list of gateways specified in the top-level `gateways` field, it must include the reserved gateway `mesh` for this field to be applicable.",
-            "type": "string"
-          }
-        }
-      },
-      "istio.networking.v1beta1.Percent": {
-        "description": "Percent specifies a percentage in the range of [0.0, 100.0].",
-        "type": "object",
-        "properties": {
-          "value": {
-            "type": "number",
-            "format": "double"
-          }
-        }
-      },
-      "istio.networking.v1beta1.PortSelector": {
-        "description": "PortSelector specifies the number of a port to be used for matching or selection for final routing.",
-        "type": "object",
-        "properties": {
-          "number": {
-            "description": "Valid port number",
-            "type": "integer"
-          }
-        }
-      },
-      "istio.networking.v1beta1.RouteDestination": {
-        "description": "L4 routing rule weighted destination.",
-        "type": "object",
-        "properties": {
-          "destination": {
-            "$ref": "#/components/schemas/istio.networking.v1beta1.Destination"
-          },
-          "weight": {
-            "description": "Weight specifies the relative proportion of traffic to be forwarded to the destination. A destination will receive `weight/(sum of all weights)` requests. If there is only one destination in a rule, it will receive all traffic. Otherwise, if weight is `0`, the destination will not receive any traffic.",
-            "type": "integer",
-            "format": "int32"
-          }
-        }
-      },
-      "istio.networking.v1beta1.StringMatch": {
-        "description": "Describes how to match a given string in HTTP headers. Match is case-sensitive.",
-        "type": "object",
-        "oneOf": [
-          {
-            "not": {
-              "anyOf": [
-                {
-                  "required": [
-                    "exact"
-                  ],
-                  "properties": {
-                    "exact": {
-                      "description": "exact string match",
-                      "type": "string"
-                    }
-                  }
-                },
-                {
-                  "required": [
-                    "prefix"
-                  ],
-                  "properties": {
-                    "prefix": {
-                      "description": "prefix-based match",
-                      "type": "string"
-                    }
-                  }
-                },
-                {
-                  "required": [
-                    "regex"
-                  ],
-                  "properties": {
-                    "regex": {
-                      "description": "RE2 style regex-based match (https://github.com/google/re2/wiki/Syntax).",
-                      "type": "string"
-                    }
-                  }
-                }
-              ]
-            }
-          },
-          {
-            "required": [
-              "exact"
-            ],
-            "properties": {
-              "exact": {
-                "description": "exact string match",
-                "type": "string"
-              }
-            }
-          },
-          {
-            "required": [
-              "prefix"
-            ],
-            "properties": {
-              "prefix": {
-                "description": "prefix-based match",
-                "type": "string"
-              }
-            }
-          },
-          {
-            "required": [
-              "regex"
-            ],
-            "properties": {
-              "regex": {
-                "description": "RE2 style regex-based match (https://github.com/google/re2/wiki/Syntax).",
-                "type": "string"
-              }
-            }
-          }
-        ]
-      },
-      "istio.networking.v1beta1.TCPRoute": {
-        "description": "Describes match conditions and actions for routing TCP traffic. The following routing rule forwards traffic arriving at port 27017 for mongo.prod.svc.cluster.local to another Mongo server on port 5555.",
-        "type": "object",
-        "properties": {
-          "match": {
-            "description": "Match conditions to be satisfied for the rule to be activated. All conditions inside a single match block have AND semantics, while the list of match blocks have OR semantics. The rule is matched if any one of the match blocks succeed.",
-            "type": "array",
-            "items": {
-              "$ref": "#/components/schemas/istio.networking.v1beta1.L4MatchAttributes"
-            }
-          },
-          "route": {
-            "description": "The destination to which the connection should be forwarded to.",
-            "type": "array",
-            "items": {
-              "$ref": "#/components/schemas/istio.networking.v1beta1.RouteDestination"
-            }
-          }
-        }
-      },
-      "istio.networking.v1beta1.TLSMatchAttributes": {
-        "description": "TLS connection match attributes.",
-        "type": "object",
-        "properties": {
-          "sniHosts": {
-            "description": "SNI (server name indicator) to match on. Wildcard prefixes can be used in the SNI value, e.g., *.com will match foo.example.com as well as example.com. An SNI value must be a subset (i.e., fall within the domain) of the corresponding virtual serivce's hosts.",
-            "type": "array",
-            "items": {
-              "type": "string"
-            }
-          },
-          "destinationSubnets": {
-            "description": "IPv4 or IPv6 ip addresses of destination with optional subnet. E.g., a.b.c.d/xx form or just a.b.c.d.",
-            "type": "array",
-            "items": {
-              "type": "string"
-            }
-          },
-          "port": {
-            "description": "Specifies the port on the host that is being addressed. Many services only expose a single port or label ports with the protocols they support, in these cases it is not required to explicitly select the port.",
-            "type": "integer"
-          },
-          "sourceLabels": {
-            "description": "One or more labels that constrain the applicability of a rule to workloads with the given labels. If the VirtualService has a list of gateways specified in the top-level `gateways` field, it should include the reserved gateway `mesh` in order for this field to be applicable.",
-            "type": "object",
-            "additionalProperties": {
-              "type": "string"
-            }
-          },
-          "gateways": {
-            "description": "Names of gateways where the rule should be applied. Gateway names in the top-level `gateways` field of the VirtualService (if any) are overridden. The gateway match is independent of sourceLabels.",
-            "type": "array",
-            "items": {
-              "type": "string"
-            }
-          },
-          "sourceNamespace": {
-            "description": "Source namespace constraining the applicability of a rule to workloads in that namespace. If the VirtualService has a list of gateways specified in the top-level `gateways` field, it must include the reserved gateway `mesh` for this field to be applicable.",
-            "type": "string"
-          }
-        }
-      },
-      "istio.networking.v1beta1.TLSRoute": {
-        "description": "Describes match conditions and actions for routing unterminated TLS traffic (TLS/HTTPS) The following routing rule forwards unterminated TLS traffic arriving at port 443 of gateway called \"mygateway\" to internal services in the mesh based on the SNI value.",
-        "type": "object",
-        "properties": {
-          "match": {
-            "description": "Match conditions to be satisfied for the rule to be activated. All conditions inside a single match block have AND semantics, while the list of match blocks have OR semantics. The rule is matched if any one of the match blocks succeed.",
-            "type": "array",
-            "items": {
-              "$ref": "#/components/schemas/istio.networking.v1beta1.TLSMatchAttributes"
-            }
-          },
-          "route": {
-            "description": "The destination to which the connection should be forwarded to.",
-            "type": "array",
-            "items": {
-              "$ref": "#/components/schemas/istio.networking.v1beta1.RouteDestination"
-            }
-          }
-        }
-      },
-      "istio.networking.v1beta1.VirtualService": {
-        "description": "Configuration affecting traffic routing.",
-        "type": "object",
-        "properties": {
-          "hosts": {
-            "description": "The destination hosts to which traffic is being sent. Could be a DNS name with wildcard prefix or an IP address. Depending on the platform, short-names can also be used instead of a FQDN (i.e. has no dots in the name). In such a scenario, the FQDN of the host would be derived based on the underlying platform.",
-            "type": "array",
-            "items": {
-              "type": "string"
-            }
-          },
-          "gateways": {
-            "description": "The names of gateways and sidecars that should apply these routes. Gateways in other namespaces may be referred to by `\u003cgateway namespace\u003e/\u003cgateway name\u003e`; specifying a gateway with no namespace qualifier is the same as specifying the VirtualService's namespace. A single VirtualService is used for sidecars inside the mesh as well as for one or more gateways. The selection condition imposed by this field can be overridden using the source field in the match conditions of protocol-specific routes. The reserved word `mesh` is used to imply all the sidecars in the mesh. When this field is omitted, the default gateway (`mesh`) will be used, which would apply the rule to all sidecars in the mesh. If a list of gateway names is provided, the rules will apply only to the gateways. To apply the rules to both gateways and sidecars, specify `mesh` as one of the gateway names.",
-            "type": "array",
-            "items": {
-              "type": "string"
-            }
-          },
-          "http": {
-            "description": "An ordered list of route rules for HTTP traffic. HTTP routes will be applied to platform service ports named 'http-*'/'http2-*'/'grpc-*', gateway ports with protocol HTTP/HTTP2/GRPC/ TLS-terminated-HTTPS and service entry ports using HTTP/HTTP2/GRPC protocols. The first rule matching an incoming request is used.",
-            "type": "array",
-            "items": {
-              "$ref": "#/components/schemas/istio.networking.v1beta1.HTTPRoute"
-            }
-          },
-          "tls": {
-            "description": "An ordered list of route rule for non-terminated TLS \u0026 HTTPS traffic. Routing is typically performed using the SNI value presented by the ClientHello message. TLS routes will be applied to platform service ports named 'https-*', 'tls-*', unterminated gateway ports using HTTPS/TLS protocols (i.e. with \"passthrough\" TLS mode) and service entry ports using HTTPS/TLS protocols. The first rule matching an incoming request is used. NOTE: Traffic 'https-*' or 'tls-*' ports without associated virtual service will be treated as opaque TCP traffic.",
-            "type": "array",
-            "items": {
-              "$ref": "#/components/schemas/istio.networking.v1beta1.TLSRoute"
-            }
-          },
-          "tcp": {
-            "description": "An ordered list of route rules for opaque TCP traffic. TCP routes will be applied to any port that is not a HTTP or TLS port. The first rule matching an incoming request is used.",
-            "type": "array",
-            "items": {
-              "$ref": "#/components/schemas/istio.networking.v1beta1.TCPRoute"
-            }
-          },
-          "exportTo": {
-            "description": "A list of namespaces to which this virtual service is exported. Exporting a virtual service allows it to be used by sidecars and gateways defined in other namespaces. This feature provides a mechanism for service owners and mesh administrators to control the visibility of virtual services across namespace boundaries.",
-            "type": "array",
-            "items": {
-              "type": "string"
-            }
-          }
-        }
-      }
-    }
-  }
-}
\ No newline at end of file
diff --git a/vendor/istio.io/api/networking/v1beta1/virtual_service_alias.gen.go b/vendor/istio.io/api/networking/v1beta1/virtual_service_alias.gen.go
new file mode 100644
index 000000000..aae704e82
--- /dev/null
+++ b/vendor/istio.io/api/networking/v1beta1/virtual_service_alias.gen.go
@@ -0,0 +1,869 @@
+// Code generated by protoc-gen-alias. DO NOT EDIT.
+package v1beta1
+
+import "istio.io/api/networking/v1alpha3"
+
+// Configuration affecting traffic routing.
+//
+// 
+//
+// 
+type VirtualService = v1alpha3.VirtualService
+
+// Destination indicates the network addressable service to which the
+// request/connection will be sent after processing a routing rule. The
+// destination.host should unambiguously refer to a service in the service
+// registry. Istio's service registry is composed of all the services found
+// in the platform's service registry (e.g., Kubernetes services, Consul
+// services), as well as services declared through the
+// [ServiceEntry](https://istio.io/docs/reference/config/networking/service-entry/#ServiceEntry) resource.
+//
+// *Note for Kubernetes users*: When short names are used (e.g. "reviews"
+// instead of "reviews.default.svc.cluster.local"), Istio will interpret
+// the short name based on the namespace of the rule, not the service. A
+// rule in the "default" namespace containing a host "reviews" will be
+// interpreted as "reviews.default.svc.cluster.local", irrespective of the
+// actual namespace associated with the reviews service. _To avoid potential
+// misconfigurations, it is recommended to always use fully qualified
+// domain names over short names._
+//
+// The following Kubernetes example routes all traffic by default to pods
+// of the reviews service with label "version: v1" (i.e., subset v1), and
+// some to subset v2, in a Kubernetes environment.
+//
+// ```yaml
+// apiVersion: networking.istio.io/v1
+// kind: VirtualService
+// metadata:
+//
+//	name: reviews-route
+//	namespace: foo
+//
+// spec:
+//
+//	hosts:
+//	- reviews # interpreted as reviews.foo.svc.cluster.local
+//	http:
+//	- match:
+//	  - uri:
+//	      prefix: "/wpcatalog"
+//	  - uri:
+//	      prefix: "/consumercatalog"
+//	  rewrite:
+//	    uri: "/newcatalog"
+//	  route:
+//	  - destination:
+//	      host: reviews # interpreted as reviews.foo.svc.cluster.local
+//	      subset: v2
+//	- route:
+//	  - destination:
+//	      host: reviews # interpreted as reviews.foo.svc.cluster.local
+//	      subset: v1
+//
+// ```
+//
+// # And the associated DestinationRule
+//
+// ```yaml
+// apiVersion: networking.istio.io/v1
+// kind: DestinationRule
+// metadata:
+//
+//	name: reviews-destination
+//	namespace: foo
+//
+// spec:
+//
+//	host: reviews # interpreted as reviews.foo.svc.cluster.local
+//	subsets:
+//	- name: v1
+//	  labels:
+//	    version: v1
+//	- name: v2
+//	  labels:
+//	    version: v2
+//
+// ```
+//
+// The following VirtualService sets a timeout of 5s for all calls to
+// productpage.prod.svc.cluster.local service in Kubernetes. Notice that
+// there are no subsets defined in this rule. Istio will fetch all
+// instances of productpage.prod.svc.cluster.local service from the service
+// registry and populate the sidecar's load balancing pool. Also, notice
+// that this rule is set in the istio-system namespace but uses the fully
+// qualified domain name of the productpage service,
+// productpage.prod.svc.cluster.local. Therefore the rule's namespace does
+// not have an impact in resolving the name of the productpage service.
+//
+// ```yaml
+// apiVersion: networking.istio.io/v1
+// kind: VirtualService
+// metadata:
+//
+//	name: my-productpage-rule
+//	namespace: istio-system
+//
+// spec:
+//
+//	hosts:
+//	- productpage.prod.svc.cluster.local # ignores rule namespace
+//	http:
+//	- timeout: 5s
+//	  route:
+//	  - destination:
+//	      host: productpage.prod.svc.cluster.local
+//
+// ```
+//
+// To control routing for traffic bound to services outside the mesh, external
+// services must first be added to Istio's internal service registry using the
+// ServiceEntry resource. VirtualServices can then be defined to control traffic
+// bound to these external services. For example, the following rules define a
+// Service for wikipedia.org and set a timeout of 5s for HTTP requests.
+//
+// ```yaml
+// apiVersion: networking.istio.io/v1
+// kind: ServiceEntry
+// metadata:
+//
+//	name: external-svc-wikipedia
+//
+// spec:
+//
+//	hosts:
+//	- wikipedia.org
+//	location: MESH_EXTERNAL
+//	ports:
+//	- number: 80
+//	  name: example-http
+//	  protocol: HTTP
+//	resolution: DNS
+//
+// ---
+// apiVersion: networking.istio.io/v1
+// kind: VirtualService
+// metadata:
+//
+//	name: my-wiki-rule
+//
+// spec:
+//
+//	hosts:
+//	- wikipedia.org
+//	http:
+//	- timeout: 5s
+//	  route:
+//	  - destination:
+//	      host: wikipedia.org
+//
+// ```
+type Destination = v1alpha3.Destination
+
+// Describes match conditions and actions for routing HTTP/1.1, HTTP2, and
+// gRPC traffic. See VirtualService for usage examples.
+type HTTPRoute = v1alpha3.HTTPRoute
+
+// Describes the delegate VirtualService.
+// The following routing rules forward the traffic to `/productpage` by a delegate VirtualService named `productpage`,
+// forward the traffic to `/reviews` by a delegate VirtualService named `reviews`.
+//
+// ```yaml
+// apiVersion: networking.istio.io/v1
+// kind: VirtualService
+// metadata:
+//
+//	name: bookinfo
+//
+// spec:
+//
+//	hosts:
+//	- "bookinfo.com"
+//	gateways:
+//	- mygateway
+//	http:
+//	- match:
+//	  - uri:
+//	      prefix: "/productpage"
+//	  delegate:
+//	     name: productpage
+//	     namespace: nsA
+//	- match:
+//	  - uri:
+//	      prefix: "/reviews"
+//	  delegate:
+//	      name: reviews
+//	      namespace: nsB
+//
+// ```
+//
+// ```yaml
+// apiVersion: networking.istio.io/v1
+// kind: VirtualService
+// metadata:
+//
+//	name: productpage
+//	namespace: nsA
+//
+// spec:
+//
+//	http:
+//	- match:
+//	   - uri:
+//	      prefix: "/productpage/v1/"
+//	  route:
+//	  - destination:
+//	      host: productpage-v1.nsA.svc.cluster.local
+//	- route:
+//	  - destination:
+//	      host: productpage.nsA.svc.cluster.local
+//
+// ```
+//
+// ```yaml
+// apiVersion: networking.istio.io/v1
+// kind: VirtualService
+// metadata:
+//
+//	name: reviews
+//	namespace: nsB
+//
+// spec:
+//
+//	http:
+//	- route:
+//	  - destination:
+//	      host: reviews.nsB.svc.cluster.local
+//
+// ```
+type Delegate = v1alpha3.Delegate
+
+// Message headers can be manipulated when Envoy forwards requests to,
+// or responses from, a destination service. Header manipulation rules can
+// be specified for a specific route destination or for all destinations.
+// The following VirtualService adds a `test` header with the value `true`
+// to requests that are routed to any `reviews` service destination.
+// It also removes the `foo` response header, but only from responses
+// coming from the `v1` subset (version) of the `reviews` service.
+//
+// ```yaml
+// apiVersion: networking.istio.io/v1
+// kind: VirtualService
+// metadata:
+//
+//	name: reviews-route
+//
+// spec:
+//
+//	hosts:
+//	- reviews.prod.svc.cluster.local
+//	http:
+//	- headers:
+//	    request:
+//	      set:
+//	        test: "true"
+//	  route:
+//	  - destination:
+//	      host: reviews.prod.svc.cluster.local
+//	      subset: v2
+//	    weight: 25
+//	  - destination:
+//	      host: reviews.prod.svc.cluster.local
+//	      subset: v1
+//	    headers:
+//	      response:
+//	        remove:
+//	        - foo
+//	    weight: 75
+//
+// ```
+type Headers = v1alpha3.Headers
+
+// HeaderOperations Describes the header manipulations to apply
+type Headers_HeaderOperations = v1alpha3.Headers_HeaderOperations
+
+// Describes match conditions and actions for routing unterminated TLS
+// traffic (TLS/HTTPS) The following routing rule forwards unterminated TLS
+// traffic arriving at port 443 of gateway called "mygateway" to internal
+// services in the mesh based on the SNI value.
+//
+// ```yaml
+// apiVersion: networking.istio.io/v1
+// kind: VirtualService
+// metadata:
+//
+//	name: bookinfo-sni
+//
+// spec:
+//
+//	hosts:
+//	- "*.bookinfo.com"
+//	gateways:
+//	- mygateway
+//	tls:
+//	- match:
+//	  - port: 443
+//	    sniHosts:
+//	    - login.bookinfo.com
+//	  route:
+//	  - destination:
+//	      host: login.prod.svc.cluster.local
+//	- match:
+//	  - port: 443
+//	    sniHosts:
+//	    - reviews.bookinfo.com
+//	  route:
+//	  - destination:
+//	      host: reviews.prod.svc.cluster.local
+//
+// ```
+type TLSRoute = v1alpha3.TLSRoute
+
+// Describes match conditions and actions for routing TCP traffic. The
+// following routing rule forwards traffic arriving at port 27017 for
+// mongo.prod.svc.cluster.local to another Mongo server on port 5555.
+//
+// ```yaml
+// apiVersion: networking.istio.io/v1
+// kind: VirtualService
+// metadata:
+//
+//	name: bookinfo-mongo
+//
+// spec:
+//
+//	hosts:
+//	- mongo.prod.svc.cluster.local
+//	tcp:
+//	- match:
+//	  - port: 27017
+//	  route:
+//	  - destination:
+//	      host: mongo.backup.svc.cluster.local
+//	      port:
+//	        number: 5555
+//
+// ```
+type TCPRoute = v1alpha3.TCPRoute
+
+// HttpMatchRequest specifies a set of criteria to be met in order for the
+// rule to be applied to the HTTP request. For example, the following
+// restricts the rule to match only requests where the URL path
+// starts with /ratings/v2/ and the request contains a custom `end-user` header
+// with value `jason`.
+//
+// ```yaml
+// apiVersion: networking.istio.io/v1
+// kind: VirtualService
+// metadata:
+//
+//	name: ratings-route
+//
+// spec:
+//
+//	hosts:
+//	- ratings.prod.svc.cluster.local
+//	http:
+//	- match:
+//	  - headers:
+//	      end-user:
+//	        exact: jason
+//	    uri:
+//	      prefix: "/ratings/v2/"
+//	    ignoreUriCase: true
+//	  route:
+//	  - destination:
+//	      host: ratings.prod.svc.cluster.local
+//
+// ```
+//
+// HTTPMatchRequest CANNOT be empty.
+// **Note:**
+// 1. If a root VirtualService have matched any property (path, header etc.) by regex, delegate VirtualServices should not have any other matches on the same property.
+// 2. If a delegate VirtualService have matched any property (path, header etc.) by regex, root VirtualServices should not have any other matches on the same property.
+type HTTPMatchRequest = v1alpha3.HTTPMatchRequest
+
+// Each routing rule is associated with one or more service versions (see
+// glossary in beginning of document). Weights associated with the version
+// determine the proportion of traffic it receives. For example, the
+// following rule will route 25% of traffic for the "reviews" service to
+// instances with the "v2" tag and the remaining traffic (i.e., 75%) to
+// "v1".
+//
+// ```yaml
+// apiVersion: networking.istio.io/v1
+// kind: VirtualService
+// metadata:
+//
+//	name: reviews-route
+//
+// spec:
+//
+//	hosts:
+//	- reviews.prod.svc.cluster.local
+//	http:
+//	- route:
+//	  - destination:
+//	      host: reviews.prod.svc.cluster.local
+//	      subset: v2
+//	    weight: 25
+//	  - destination:
+//	      host: reviews.prod.svc.cluster.local
+//	      subset: v1
+//	    weight: 75
+//
+// ```
+//
+// # And the associated DestinationRule
+//
+// ```yaml
+// apiVersion: networking.istio.io/v1
+// kind: DestinationRule
+// metadata:
+//
+//	name: reviews-destination
+//
+// spec:
+//
+//	host: reviews.prod.svc.cluster.local
+//	subsets:
+//	- name: v1
+//	  labels:
+//	    version: v1
+//	- name: v2
+//	  labels:
+//	    version: v2
+//
+// ```
+//
+// Traffic can also be split across two entirely different services without
+// having to define new subsets. For example, the following rule forwards 25% of
+// traffic to reviews.com to dev.reviews.com
+//
+// ```yaml
+// apiVersion: networking.istio.io/v1
+// kind: VirtualService
+// metadata:
+//
+//	name: reviews-route-two-domains
+//
+// spec:
+//
+//	hosts:
+//	- reviews.com
+//	http:
+//	- route:
+//	  - destination:
+//	      host: dev.reviews.com
+//	    weight: 25
+//	  - destination:
+//	      host: reviews.com
+//	    weight: 75
+//
+// ```
+type HTTPRouteDestination = v1alpha3.HTTPRouteDestination
+
+// L4 routing rule weighted destination.
+type RouteDestination = v1alpha3.RouteDestination
+
+// L4 connection match attributes. Note that L4 connection matching support
+// is incomplete.
+type L4MatchAttributes = v1alpha3.L4MatchAttributes
+
+// TLS connection match attributes.
+type TLSMatchAttributes = v1alpha3.TLSMatchAttributes
+
+// HTTPRedirect can be used to send a 301 redirect response to the caller,
+// where the Authority/Host and the URI in the response can be swapped with
+// the specified values. For example, the following rule redirects
+// requests for /v1/getProductRatings API on the ratings service to
+// /v1/bookRatings provided by the bookratings service.
+//
+// ```yaml
+// apiVersion: networking.istio.io/v1
+// kind: VirtualService
+// metadata:
+//
+//	name: ratings-route
+//
+// spec:
+//
+//	hosts:
+//	- ratings.prod.svc.cluster.local
+//	http:
+//	- match:
+//	  - uri:
+//	      exact: /v1/getProductRatings
+//	  redirect:
+//	    uri: /v1/bookRatings
+//	    authority: newratings.default.svc.cluster.local
+//	...
+//
+// ```
+type HTTPRedirect = v1alpha3.HTTPRedirect
+type HTTPRedirect_RedirectPortSelection = v1alpha3.HTTPRedirect_RedirectPortSelection
+
+const HTTPRedirect_FROM_PROTOCOL_DEFAULT HTTPRedirect_RedirectPortSelection = v1alpha3.HTTPRedirect_FROM_PROTOCOL_DEFAULT
+const HTTPRedirect_FROM_REQUEST_PORT HTTPRedirect_RedirectPortSelection = v1alpha3.HTTPRedirect_FROM_REQUEST_PORT
+
+// On a redirect, overwrite the port portion of the URL with this value.
+type HTTPRedirect_Port = v1alpha3.HTTPRedirect_Port
+
+// On a redirect, dynamically set the port:
+// * FROM_PROTOCOL_DEFAULT: automatically set to 80 for HTTP and 443 for HTTPS.
+// * FROM_REQUEST_PORT: automatically use the port of the request.
+type HTTPRedirect_DerivePort = v1alpha3.HTTPRedirect_DerivePort
+
+// HTTPDirectResponse can be used to send a fixed response to clients.
+// For example, the following rule returns a fixed 503 status with a body
+// to requests for /v1/getProductRatings API.
+//
+// ```yaml
+// apiVersion: networking.istio.io/v1
+// kind: VirtualService
+// metadata:
+//
+//	name: ratings-route
+//
+// spec:
+//
+//	hosts:
+//	- ratings.prod.svc.cluster.local
+//	http:
+//	- match:
+//	  - uri:
+//	      exact: /v1/getProductRatings
+//	  directResponse:
+//	    status: 503
+//	    body:
+//	      string: "unknown error"
+//	...
+//
+// ```
+//
+// It is also possible to specify a binary response body.
+// This is mostly useful for non text-based protocols such as gRPC.
+//
+// ```yaml
+// apiVersion: networking.istio.io/v1
+// kind: VirtualService
+// metadata:
+//
+//	name: ratings-route
+//
+// spec:
+//
+//	hosts:
+//	- ratings.prod.svc.cluster.local
+//	http:
+//	- match:
+//	  - uri:
+//	      exact: /v1/getProductRatings
+//	  directResponse:
+//	    status: 503
+//	    body:
+//	      bytes: "dW5rbm93biBlcnJvcg==" # "unknown error" in base64
+//	...
+//
+// ```
+//
+// It is good practice to add headers in the HTTPRoute
+// as well as the direct_response, for example to specify
+// the returned Content-Type.
+//
+// ```yaml
+// apiVersion: networking.istio.io/v1
+// kind: VirtualService
+// metadata:
+//
+//	name: ratings-route
+//
+// spec:
+//
+//	hosts:
+//	- ratings.prod.svc.cluster.local
+//	http:
+//	- match:
+//	  - uri:
+//	      exact: /v1/getProductRatings
+//	  directResponse:
+//	    status: 503
+//	    body:
+//	      string: "{\"error\": \"unknown error\"}"
+//	  headers:
+//	    response:
+//	      set:
+//	        content-type: "text/plain"
+//	...
+//
+// ```
+type HTTPDirectResponse = v1alpha3.HTTPDirectResponse
+type HTTPBody = v1alpha3.HTTPBody
+
+// response body as a string
+type HTTPBody_String_ = v1alpha3.HTTPBody_String_
+
+// response body as base64 encoded bytes.
+type HTTPBody_Bytes = v1alpha3.HTTPBody_Bytes
+
+// HTTPRewrite can be used to rewrite specific parts of a HTTP request
+// before forwarding the request to the destination. Rewrite primitive can
+// be used only with HTTPRouteDestination. The following example
+// demonstrates how to rewrite the URL prefix for api call (/ratings) to
+// ratings service before making the actual API call.
+//
+// ```yaml
+// apiVersion: networking.istio.io/v1
+// kind: VirtualService
+// metadata:
+//
+//	name: ratings-route
+//
+// spec:
+//
+//	hosts:
+//	- ratings.prod.svc.cluster.local
+//	http:
+//	- match:
+//	  - uri:
+//	      prefix: /ratings
+//	  rewrite:
+//	    uri: /v1/bookRatings
+//	  route:
+//	  - destination:
+//	      host: ratings.prod.svc.cluster.local
+//	      subset: v1
+//
+// ```
+type HTTPRewrite = v1alpha3.HTTPRewrite
+type RegexRewrite = v1alpha3.RegexRewrite
+
+// Describes how to match a given string in HTTP headers. `exact` and `prefix` matching is
+// case-sensitive. `regex` matching supports case-insensitive matches.
+type StringMatch = v1alpha3.StringMatch
+
+// exact string match
+type StringMatch_Exact = v1alpha3.StringMatch_Exact
+
+// prefix-based match
+type StringMatch_Prefix = v1alpha3.StringMatch_Prefix
+
+// [RE2 style regex-based match](https://github.com/google/re2/wiki/Syntax).
+//
+// Example: `(?i)^aaa$` can be used to case-insensitive match a string consisting of three a's.
+type StringMatch_Regex = v1alpha3.StringMatch_Regex
+
+// Describes the retry policy to use when a HTTP request fails. For
+// example, the following rule sets the maximum number of retries to 3 when
+// calling ratings:v1 service, with a 2s timeout per retry attempt.
+// A retry will be attempted if there is a connect-failure, refused_stream
+// or when the upstream server responds with Service Unavailable(503).
+//
+// ```yaml
+// apiVersion: networking.istio.io/v1
+// kind: VirtualService
+// metadata:
+//
+//	name: ratings-route
+//
+// spec:
+//
+//	hosts:
+//	- ratings.prod.svc.cluster.local
+//	http:
+//	- route:
+//	  - destination:
+//	      host: ratings.prod.svc.cluster.local
+//	      subset: v1
+//	  retries:
+//	    attempts: 3
+//	    perTryTimeout: 2s
+//	    retryOn: gateway-error,connect-failure,refused-stream
+//
+// ```
+type HTTPRetry = v1alpha3.HTTPRetry
+
+// Describes the Cross-Origin Resource Sharing (CORS) policy, for a given
+// service. Refer to [CORS](https://developer.mozilla.org/en-US/docs/Web/HTTP/Access_control_CORS)
+// for further details about cross origin resource sharing. For example,
+// the following rule restricts cross origin requests to those originating
+// from example.com domain using HTTP POST/GET, and sets the
+// `Access-Control-Allow-Credentials` header to false. In addition, it only
+// exposes `X-Foo-bar` header and sets an expiry period of 1 day.
+//
+// ```yaml
+// apiVersion: networking.istio.io/v1
+// kind: VirtualService
+// metadata:
+//
+//	name: ratings-route
+//
+// spec:
+//
+//	hosts:
+//	- ratings.prod.svc.cluster.local
+//	http:
+//	- route:
+//	  - destination:
+//	      host: ratings.prod.svc.cluster.local
+//	      subset: v1
+//	  corsPolicy:
+//	    allowOrigins:
+//	    - exact: https://example.com
+//	    allowMethods:
+//	    - POST
+//	    - GET
+//	    allowCredentials: false
+//	    allowHeaders:
+//	    - X-Foo-Bar
+//	    maxAge: "24h"
+//
+// ```
+type CorsPolicy = v1alpha3.CorsPolicy
+type CorsPolicy_UnmatchedPreflights = v1alpha3.CorsPolicy_UnmatchedPreflights
+
+// Default to FORWARD
+const CorsPolicy_UNSPECIFIED CorsPolicy_UnmatchedPreflights = v1alpha3.CorsPolicy_UNSPECIFIED
+
+// Preflight requests not matching the configured allowed origin
+// will be forwarded to the upstream.
+const CorsPolicy_FORWARD CorsPolicy_UnmatchedPreflights = v1alpha3.CorsPolicy_FORWARD
+
+// Preflight requests not matching the configured allowed origin
+// will not be forwarded to the upstream.
+const CorsPolicy_IGNORE CorsPolicy_UnmatchedPreflights = v1alpha3.CorsPolicy_IGNORE
+
+// HTTPFaultInjection can be used to specify one or more faults to inject
+// while forwarding HTTP requests to the destination specified in a route.
+// Fault specification is part of a VirtualService rule. Faults include
+// aborting the Http request from downstream service, and/or delaying
+// proxying of requests. A fault rule MUST HAVE delay or abort or both.
+//
+// *Note:* Delay and abort faults are independent of one another, even if
+// both are specified simultaneously.
+type HTTPFaultInjection = v1alpha3.HTTPFaultInjection
+
+// Delay specification is used to inject latency into the request
+// forwarding path. The following example will introduce a 5 second delay
+// in 1 out of every 1000 requests to the "v1" version of the "reviews"
+// service from all pods with label env: prod
+//
+// ```yaml
+// apiVersion: networking.istio.io/v1
+// kind: VirtualService
+// metadata:
+//
+//	name: reviews-route
+//
+// spec:
+//
+//	hosts:
+//	- reviews.prod.svc.cluster.local
+//	http:
+//	- match:
+//	  - sourceLabels:
+//	      env: prod
+//	  route:
+//	  - destination:
+//	      host: reviews.prod.svc.cluster.local
+//	      subset: v1
+//	  fault:
+//	    delay:
+//	      percentage:
+//	        value: 0.1
+//	      fixedDelay: 5s
+//
+// ```
+//
+// The _fixedDelay_ field is used to indicate the amount of delay in seconds.
+// The optional _percentage_ field can be used to only delay a certain
+// percentage of requests. If left unspecified, no request will be delayed.
+type HTTPFaultInjection_Delay = v1alpha3.HTTPFaultInjection_Delay
+
+// Add a fixed delay before forwarding the request. Format:
+// 1h/1m/1s/1ms. MUST be >=1ms.
+type HTTPFaultInjection_Delay_FixedDelay = v1alpha3.HTTPFaultInjection_Delay_FixedDelay
+
+// $hide_from_docs
+type HTTPFaultInjection_Delay_ExponentialDelay = v1alpha3.HTTPFaultInjection_Delay_ExponentialDelay
+
+// Abort specification is used to prematurely abort a request with a
+// pre-specified error code. The following example will return an HTTP 400
+// error code for 1 out of every 1000 requests to the "ratings" service "v1".
+//
+// ```yaml
+// apiVersion: networking.istio.io/v1
+// kind: VirtualService
+// metadata:
+//
+//	name: ratings-route
+//
+// spec:
+//
+//	hosts:
+//	- ratings.prod.svc.cluster.local
+//	http:
+//	- route:
+//	  - destination:
+//	      host: ratings.prod.svc.cluster.local
+//	      subset: v1
+//	  fault:
+//	    abort:
+//	      percentage:
+//	        value: 0.1
+//	      httpStatus: 400
+//
+// ```
+//
+// The _httpStatus_ field is used to indicate the HTTP status code to
+// return to the caller. The optional _percentage_ field can be used to only
+// abort a certain percentage of requests. If not specified, no request will be
+// aborted.
+type HTTPFaultInjection_Abort = v1alpha3.HTTPFaultInjection_Abort
+
+// HTTP status code to use to abort the Http request.
+type HTTPFaultInjection_Abort_HttpStatus = v1alpha3.HTTPFaultInjection_Abort_HttpStatus
+
+// GRPC status code to use to abort the request. The supported
+// codes are documented in https://github.com/grpc/grpc/blob/master/doc/statuscodes.md
+// Note: If you want to return the status "Unavailable", then you should
+// specify the code as `UNAVAILABLE`(all caps), but not `14`.
+type HTTPFaultInjection_Abort_GrpcStatus = v1alpha3.HTTPFaultInjection_Abort_GrpcStatus
+
+// $hide_from_docs
+type HTTPFaultInjection_Abort_Http2Error = v1alpha3.HTTPFaultInjection_Abort_Http2Error
+
+// HTTPMirrorPolicy can be used to specify the destinations to mirror HTTP traffic in addition
+// to the original destination. Mirrored traffic is on a
+// best effort basis where the sidecar/gateway will not wait for the
+// mirrored destinations to respond before returning the response from the
+// original destination. Statistics will be generated for the mirrored
+// destination.
+type HTTPMirrorPolicy = v1alpha3.HTTPMirrorPolicy
+
+// PortSelector specifies the number of a port to be used for
+// matching or selection for final routing.
+type PortSelector = v1alpha3.PortSelector
+
+// Percent specifies a percentage in the range of [0.0, 100.0].
+type Percent = v1alpha3.Percent
diff --git a/vendor/istio.io/api/networking/v1beta1/workload_entry.gen.json b/vendor/istio.io/api/networking/v1beta1/workload_entry.gen.json
deleted file mode 100644
index 764418e9b..000000000
--- a/vendor/istio.io/api/networking/v1beta1/workload_entry.gen.json
+++ /dev/null
@@ -1,51 +0,0 @@
-{
-  "openapi": "3.0.0",
-  "info": {
-    "title": "Configuration affecting VMs onboarded into the mesh.",
-    "version": "v1beta1"
-  },
-  "components": {
-    "schemas": {
-      "istio.networking.v1beta1.WorkloadEntry": {
-        "description": "WorkloadEntry enables specifying the properties of a single non-Kubernetes workload such a VM or a bare metal services that can be referred to by service entries.",
-        "type": "object",
-        "properties": {
-          "address": {
-            "description": "Address associated with the network endpoint without the port. Domain names can be used if and only if the resolution is set to DNS, and must be fully-qualified without wildcards. Use the form unix:///absolute/path/to/socket for Unix domain socket endpoints.",
-            "type": "string"
-          },
-          "ports": {
-            "description": "Set of ports associated with the endpoint. If the port map is specified, it must be a map of servicePortName to this endpoint's port, such that traffic to the service port will be forwarded to the endpoint port that maps to the service's portName. If omitted, and the targetPort is specified as part of the service's port specification, traffic to the service port will be forwarded to one of the endpoints on the specified `targetPort`. If both the targetPort and endpoint's port map are not specified, traffic to a service port will be forwarded to one of the endpoints on the same port.",
-            "type": "object",
-            "additionalProperties": {
-              "type": "integer"
-            }
-          },
-          "labels": {
-            "description": "One or more labels associated with the endpoint.",
-            "type": "object",
-            "additionalProperties": {
-              "type": "string"
-            }
-          },
-          "network": {
-            "description": "Network enables Istio to group endpoints resident in the same L3 domain/network. All endpoints in the same network are assumed to be directly reachable from one another. When endpoints in different networks cannot reach each other directly, an Istio Gateway can be used to establish connectivity (usually using the `AUTO_PASSTHROUGH` mode in a Gateway Server). This is an advanced configuration used typically for spanning an Istio mesh over multiple clusters.",
-            "type": "string"
-          },
-          "locality": {
-            "description": "The locality associated with the endpoint. A locality corresponds to a failure domain (e.g., country/region/zone). Arbitrary failure domain hierarchies can be represented by separating each encapsulating failure domain by /. For example, the locality of an an endpoint in US, in US-East-1 region, within availability zone az-1, in data center rack r11 can be represented as us/us-east-1/az-1/r11. Istio will configure the sidecar to route to endpoints within the same locality as the sidecar. If none of the endpoints in the locality are available, endpoints parent locality (but within the same network ID) will be chosen. For example, if there are two endpoints in same network (networkID \"n1\"), say e1 with locality us/us-east-1/az-1/r11 and e2 with locality us/us-east-1/az-2/r12, a sidecar from us/us-east-1/az-1/r11 locality will prefer e1 from the same locality over e2 from a different locality. Endpoint e2 could be the IP associated with a gateway (that bridges networks n1 and n2), or the IP associated with a standard service endpoint.",
-            "type": "string"
-          },
-          "weight": {
-            "description": "The load balancing weight associated with the endpoint. Endpoints with higher weights will receive proportionally higher traffic.",
-            "type": "integer"
-          },
-          "serviceAccount": {
-            "description": "The service account associated with the workload if a sidecar is present in the workload. The service account must be present in the same namespace as the configuration ( WorkloadEntry or a ServiceEntry)",
-            "type": "string"
-          }
-        }
-      }
-    }
-  }
-}
\ No newline at end of file
diff --git a/vendor/istio.io/api/networking/v1beta1/workload_entry_alias.gen.go b/vendor/istio.io/api/networking/v1beta1/workload_entry_alias.gen.go
new file mode 100644
index 000000000..c53cb4855
--- /dev/null
+++ b/vendor/istio.io/api/networking/v1beta1/workload_entry_alias.gen.go
@@ -0,0 +1,33 @@
+// Code generated by protoc-gen-alias. DO NOT EDIT.
+package v1beta1
+
+import "istio.io/api/networking/v1alpha3"
+
+// WorkloadEntry enables specifying the properties of a single non-Kubernetes workload such a VM or a bare metal services that can be referred to by service entries.
+//
+// 
+//
+// 
+// +kubebuilder:validation:XValidation:message="Address is required",rule="has(self.address) || has(self.network)"
+// +kubebuilder:validation:XValidation:message="UDS may not include ports",rule="(has(self.address) && self.address.startsWith('unix://')) ? !has(self.ports) : true"
+type WorkloadEntry = v1alpha3.WorkloadEntry
diff --git a/vendor/istio.io/api/networking/v1beta1/workload_group.gen.json b/vendor/istio.io/api/networking/v1beta1/workload_group.gen.json
deleted file mode 100644
index eaa85ccbb..000000000
--- a/vendor/istio.io/api/networking/v1beta1/workload_group.gen.json
+++ /dev/null
@@ -1,250 +0,0 @@
-{
-  "openapi": "3.0.0",
-  "info": {
-    "title": "Describes a collection of workload instances.",
-    "version": "v1beta1"
-  },
-  "components": {
-    "schemas": {
-      "istio.networking.v1beta1.ExecHealthCheckConfig": {
-        "type": "object",
-        "properties": {
-          "command": {
-            "description": "Command to run. Exit status of 0 is treated as live/healthy and non-zero is unhealthy.",
-            "type": "array",
-            "items": {
-              "type": "string"
-            }
-          }
-        }
-      },
-      "istio.networking.v1beta1.HTTPHeader": {
-        "type": "object",
-        "properties": {
-          "name": {
-            "description": "The header field name",
-            "type": "string"
-          },
-          "value": {
-            "description": "The header field value",
-            "type": "string"
-          }
-        }
-      },
-      "istio.networking.v1beta1.HTTPHealthCheckConfig": {
-        "type": "object",
-        "properties": {
-          "path": {
-            "description": "Path to access on the HTTP server.",
-            "type": "string"
-          },
-          "port": {
-            "description": "Port on which the endpoint lives.",
-            "type": "integer"
-          },
-          "host": {
-            "description": "Host name to connect to, defaults to the pod IP. You probably want to set \"Host\" in httpHeaders instead.",
-            "type": "string"
-          },
-          "scheme": {
-            "description": "HTTP or HTTPS, defaults to HTTP",
-            "type": "string"
-          },
-          "httpHeaders": {
-            "description": "Headers the proxy will pass on to make the request. Allows repeated headers.",
-            "type": "array",
-            "items": {
-              "$ref": "#/components/schemas/istio.networking.v1beta1.HTTPHeader"
-            }
-          }
-        }
-      },
-      "istio.networking.v1beta1.ReadinessProbe": {
-        "type": "object",
-        "properties": {
-          "initialDelaySeconds": {
-            "description": "Number of seconds after the container has started before readiness probes are initiated.",
-            "type": "integer",
-            "format": "int32"
-          },
-          "timeoutSeconds": {
-            "description": "Number of seconds after which the probe times out. Defaults to 1 second. Minimum value is 1 second.",
-            "type": "integer",
-            "format": "int32"
-          },
-          "periodSeconds": {
-            "description": "How often (in seconds) to perform the probe. Default to 10 seconds. Minimum value is 1 second.",
-            "type": "integer",
-            "format": "int32"
-          },
-          "successThreshold": {
-            "description": "Minimum consecutive successes for the probe to be considered successful after having failed. Defaults to 1 second.",
-            "type": "integer",
-            "format": "int32"
-          },
-          "failureThreshold": {
-            "description": "Minimum consecutive failures for the probe to be considered failed after having succeeded. Defaults to 3 seconds.",
-            "type": "integer",
-            "format": "int32"
-          }
-        },
-        "oneOf": [
-          {
-            "not": {
-              "anyOf": [
-                {
-                  "required": [
-                    "httpGet"
-                  ],
-                  "properties": {
-                    "httpGet": {
-                      "$ref": "#/components/schemas/istio.networking.v1beta1.HTTPHealthCheckConfig"
-                    }
-                  }
-                },
-                {
-                  "required": [
-                    "tcpSocket"
-                  ],
-                  "properties": {
-                    "tcpSocket": {
-                      "$ref": "#/components/schemas/istio.networking.v1beta1.TCPHealthCheckConfig"
-                    }
-                  }
-                },
-                {
-                  "required": [
-                    "exec"
-                  ],
-                  "properties": {
-                    "exec": {
-                      "$ref": "#/components/schemas/istio.networking.v1beta1.ExecHealthCheckConfig"
-                    }
-                  }
-                }
-              ]
-            }
-          },
-          {
-            "required": [
-              "httpGet"
-            ],
-            "properties": {
-              "httpGet": {
-                "$ref": "#/components/schemas/istio.networking.v1beta1.HTTPHealthCheckConfig"
-              }
-            }
-          },
-          {
-            "required": [
-              "tcpSocket"
-            ],
-            "properties": {
-              "tcpSocket": {
-                "$ref": "#/components/schemas/istio.networking.v1beta1.TCPHealthCheckConfig"
-              }
-            }
-          },
-          {
-            "required": [
-              "exec"
-            ],
-            "properties": {
-              "exec": {
-                "$ref": "#/components/schemas/istio.networking.v1beta1.ExecHealthCheckConfig"
-              }
-            }
-          }
-        ]
-      },
-      "istio.networking.v1beta1.TCPHealthCheckConfig": {
-        "type": "object",
-        "properties": {
-          "host": {
-            "description": "Host to connect to, defaults to localhost",
-            "type": "string"
-          },
-          "port": {
-            "description": "Port of host",
-            "type": "integer"
-          }
-        }
-      },
-      "istio.networking.v1beta1.WorkloadEntry": {
-        "description": "WorkloadEntry enables specifying the properties of a single non-Kubernetes workload such a VM or a bare metal services that can be referred to by service entries.",
-        "type": "object",
-        "properties": {
-          "address": {
-            "description": "Address associated with the network endpoint without the port. Domain names can be used if and only if the resolution is set to DNS, and must be fully-qualified without wildcards. Use the form unix:///absolute/path/to/socket for Unix domain socket endpoints.",
-            "type": "string"
-          },
-          "ports": {
-            "description": "Set of ports associated with the endpoint. If the port map is specified, it must be a map of servicePortName to this endpoint's port, such that traffic to the service port will be forwarded to the endpoint port that maps to the service's portName. If omitted, and the targetPort is specified as part of the service's port specification, traffic to the service port will be forwarded to one of the endpoints on the specified `targetPort`. If both the targetPort and endpoint's port map are not specified, traffic to a service port will be forwarded to one of the endpoints on the same port.",
-            "type": "object",
-            "additionalProperties": {
-              "type": "integer"
-            }
-          },
-          "labels": {
-            "description": "One or more labels associated with the endpoint.",
-            "type": "object",
-            "additionalProperties": {
-              "type": "string"
-            }
-          },
-          "network": {
-            "description": "Network enables Istio to group endpoints resident in the same L3 domain/network. All endpoints in the same network are assumed to be directly reachable from one another. When endpoints in different networks cannot reach each other directly, an Istio Gateway can be used to establish connectivity (usually using the `AUTO_PASSTHROUGH` mode in a Gateway Server). This is an advanced configuration used typically for spanning an Istio mesh over multiple clusters.",
-            "type": "string"
-          },
-          "locality": {
-            "description": "The locality associated with the endpoint. A locality corresponds to a failure domain (e.g., country/region/zone). Arbitrary failure domain hierarchies can be represented by separating each encapsulating failure domain by /. For example, the locality of an an endpoint in US, in US-East-1 region, within availability zone az-1, in data center rack r11 can be represented as us/us-east-1/az-1/r11. Istio will configure the sidecar to route to endpoints within the same locality as the sidecar. If none of the endpoints in the locality are available, endpoints parent locality (but within the same network ID) will be chosen. For example, if there are two endpoints in same network (networkID \"n1\"), say e1 with locality us/us-east-1/az-1/r11 and e2 with locality us/us-east-1/az-2/r12, a sidecar from us/us-east-1/az-1/r11 locality will prefer e1 from the same locality over e2 from a different locality. Endpoint e2 could be the IP associated with a gateway (that bridges networks n1 and n2), or the IP associated with a standard service endpoint.",
-            "type": "string"
-          },
-          "weight": {
-            "description": "The load balancing weight associated with the endpoint. Endpoints with higher weights will receive proportionally higher traffic.",
-            "type": "integer"
-          },
-          "serviceAccount": {
-            "description": "The service account associated with the workload if a sidecar is present in the workload. The service account must be present in the same namespace as the configuration ( WorkloadEntry or a ServiceEntry)",
-            "type": "string"
-          }
-        }
-      },
-      "istio.networking.v1beta1.WorkloadGroup": {
-        "description": "`WorkloadGroup` enables specifying the properties of a single workload for bootstrap and provides a template for `WorkloadEntry`, similar to how `Deployment` specifies properties of workloads via `Pod` templates. A `WorkloadGroup` can have more than one `WorkloadEntry`. `WorkloadGroup` has no relationship to resources which control service registry like `ServiceEntry` and as such doesn't configure host name for these workloads.",
-        "type": "object",
-        "properties": {
-          "metadata": {
-            "$ref": "#/components/schemas/istio.networking.v1beta1.WorkloadGroup.ObjectMeta"
-          },
-          "template": {
-            "$ref": "#/components/schemas/istio.networking.v1beta1.WorkloadEntry"
-          },
-          "probe": {
-            "$ref": "#/components/schemas/istio.networking.v1beta1.ReadinessProbe"
-          }
-        }
-      },
-      "istio.networking.v1beta1.WorkloadGroup.ObjectMeta": {
-        "description": "`ObjectMeta` describes metadata that will be attached to a `WorkloadEntry`. It is a subset of the supported Kubernetes metadata.",
-        "type": "object",
-        "properties": {
-          "labels": {
-            "description": "Labels to attach",
-            "type": "object",
-            "additionalProperties": {
-              "type": "string"
-            }
-          },
-          "annotations": {
-            "description": "Annotations to attach",
-            "type": "object",
-            "additionalProperties": {
-              "type": "string"
-            }
-          }
-        }
-      }
-    }
-  }
-}
\ No newline at end of file
diff --git a/vendor/istio.io/api/networking/v1beta1/workload_group.pb.go b/vendor/istio.io/api/networking/v1beta1/workload_group.pb.go
deleted file mode 100644
index ed01e568a..000000000
--- a/vendor/istio.io/api/networking/v1beta1/workload_group.pb.go
+++ /dev/null
@@ -1,918 +0,0 @@
-// Copyright 2020 Istio Authors
-//
-//   Licensed under the Apache License, Version 2.0 (the "License");
-//   you may not use this file except in compliance with the License.
-//   You may obtain a copy of the License at
-//
-//       http://www.apache.org/licenses/LICENSE-2.0
-//
-//   Unless required by applicable law or agreed to in writing, software
-//   distributed under the License is distributed on an "AS IS" BASIS,
-//   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-//   See the License for the specific language governing permissions and
-//   limitations under the License.
-
-// Code generated by protoc-gen-go. DO NOT EDIT.
-// versions:
-// 	protoc-gen-go v1.28.1
-// 	protoc        (unknown)
-// source: networking/v1beta1/workload_group.proto
-
-// $schema: istio.networking.v1alpha3.WorkloadGroup
-// $title: Workload Group
-// $description: Describes a collection of workload instances.
-// $location: https://istio.io/docs/reference/config/networking/workload-group.html
-// $aliases: [/docs/reference/config/networking/v1alpha3/workload-group]
-
-// `WorkloadGroup` describes a collection of workload instances.
-// It provides a specification that the workload instances can use to bootstrap
-// their proxies, including the metadata and identity. It is only intended to
-// be used with non-k8s workloads like Virtual Machines, and is meant to mimic
-// the existing sidecar injection and deployment specification model used for
-// Kubernetes workloads to bootstrap Istio proxies.
-//
-// The following example declares a workload group representing a collection
-// of workloads that will be registered under `reviews` in namespace
-// `bookinfo`. The set of labels will be associated with each workload
-// instance during the bootstrap process, and the ports 3550 and 8080
-// will be associated with the workload group and use service account `default`.
-// `app.kubernetes.io/version` is just an arbitrary example of a label.
-//
-// {{}}
-// {{}}
-// ```yaml
-// apiVersion: networking.istio.io/v1alpha3
-// kind: WorkloadGroup
-// metadata:
-//   name: reviews
-//   namespace: bookinfo
-// spec:
-//   metadata:
-//     labels:
-//       app.kubernetes.io/name: reviews
-//       app.kubernetes.io/version: "1.3.4"
-//   template:
-//     ports:
-//       grpc: 3550
-//       http: 8080
-//     serviceAccount: default
-//   probe:
-//     initialDelaySeconds: 5
-//     timeoutSeconds: 3
-//     periodSeconds: 4
-//     successThreshold: 3
-//     failureThreshold: 3
-//     httpGet:
-//      path: /foo/bar
-//      host: 127.0.0.1
-//      port: 3100
-//      scheme: HTTPS
-//      httpHeaders:
-//      - name: Lit-Header
-//        value: Im-The-Best
-// ```
-// {{}}
-// {{}}
-//
-
-package v1beta1
-
-import (
-	_ "google.golang.org/genproto/googleapis/api/annotations"
-	protoreflect "google.golang.org/protobuf/reflect/protoreflect"
-	protoimpl "google.golang.org/protobuf/runtime/protoimpl"
-	reflect "reflect"
-	sync "sync"
-)
-
-const (
-	// Verify that this generated code is sufficiently up-to-date.
-	_ = protoimpl.EnforceVersion(20 - protoimpl.MinVersion)
-	// Verify that runtime/protoimpl is sufficiently up-to-date.
-	_ = protoimpl.EnforceVersion(protoimpl.MaxVersion - 20)
-)
-
-// `WorkloadGroup` enables specifying the properties of a single workload for bootstrap and
-// provides a template for `WorkloadEntry`, similar to how `Deployment` specifies properties
-// of workloads via `Pod` templates. A `WorkloadGroup` can have more than one `WorkloadEntry`.
-// `WorkloadGroup` has no relationship to resources which control service registry like `ServiceEntry`
-// and as such doesn't configure host name for these workloads.
-//
-// 
-//
-// 
-// 
-type WorkloadGroup struct {
-	state         protoimpl.MessageState
-	sizeCache     protoimpl.SizeCache
-	unknownFields protoimpl.UnknownFields
-
-	// Metadata that will be used for all corresponding `WorkloadEntries`.
-	// User labels for a workload group should be set here in `metadata` rather than in `template`.
-	Metadata *WorkloadGroup_ObjectMeta `protobuf:"bytes,1,opt,name=metadata,proto3" json:"metadata,omitempty"`
-	// Template to be used for the generation of `WorkloadEntry` resources that belong to this `WorkloadGroup`.
-	// Please note that `address` and `labels` fields should not be set in the template, and an empty `serviceAccount`
-	// should default to `default`. The workload identities (mTLS certificates) will be bootstrapped using the
-	// specified service account's token. Workload entries in this group will be in the same namespace as the
-	// workload group, and inherit the labels and annotations from the above `metadata` field.
-	Template *WorkloadEntry `protobuf:"bytes,2,opt,name=template,proto3" json:"template,omitempty"`
-	// `ReadinessProbe` describes the configuration the user must provide for healthchecking on their workload.
-	// This configuration mirrors K8S in both syntax and logic for the most part.
-	Probe *ReadinessProbe `protobuf:"bytes,3,opt,name=probe,proto3" json:"probe,omitempty"`
-}
-
-func (x *WorkloadGroup) Reset() {
-	*x = WorkloadGroup{}
-	if protoimpl.UnsafeEnabled {
-		mi := &file_networking_v1beta1_workload_group_proto_msgTypes[0]
-		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
-		ms.StoreMessageInfo(mi)
-	}
-}
-
-func (x *WorkloadGroup) String() string {
-	return protoimpl.X.MessageStringOf(x)
-}
-
-func (*WorkloadGroup) ProtoMessage() {}
-
-func (x *WorkloadGroup) ProtoReflect() protoreflect.Message {
-	mi := &file_networking_v1beta1_workload_group_proto_msgTypes[0]
-	if protoimpl.UnsafeEnabled && x != nil {
-		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
-		if ms.LoadMessageInfo() == nil {
-			ms.StoreMessageInfo(mi)
-		}
-		return ms
-	}
-	return mi.MessageOf(x)
-}
-
-// Deprecated: Use WorkloadGroup.ProtoReflect.Descriptor instead.
-func (*WorkloadGroup) Descriptor() ([]byte, []int) {
-	return file_networking_v1beta1_workload_group_proto_rawDescGZIP(), []int{0}
-}
-
-func (x *WorkloadGroup) GetMetadata() *WorkloadGroup_ObjectMeta {
-	if x != nil {
-		return x.Metadata
-	}
-	return nil
-}
-
-func (x *WorkloadGroup) GetTemplate() *WorkloadEntry {
-	if x != nil {
-		return x.Template
-	}
-	return nil
-}
-
-func (x *WorkloadGroup) GetProbe() *ReadinessProbe {
-	if x != nil {
-		return x.Probe
-	}
-	return nil
-}
-
-type ReadinessProbe struct {
-	state         protoimpl.MessageState
-	sizeCache     protoimpl.SizeCache
-	unknownFields protoimpl.UnknownFields
-
-	// Number of seconds after the container has started before readiness probes are initiated.
-	InitialDelaySeconds int32 `protobuf:"varint,2,opt,name=initial_delay_seconds,json=initialDelaySeconds,proto3" json:"initial_delay_seconds,omitempty"`
-	// Number of seconds after which the probe times out.
-	// Defaults to 1 second. Minimum value is 1 second.
-	TimeoutSeconds int32 `protobuf:"varint,3,opt,name=timeout_seconds,json=timeoutSeconds,proto3" json:"timeout_seconds,omitempty"`
-	// How often (in seconds) to perform the probe.
-	// Default to 10 seconds. Minimum value is 1 second.
-	PeriodSeconds int32 `protobuf:"varint,4,opt,name=period_seconds,json=periodSeconds,proto3" json:"period_seconds,omitempty"`
-	// Minimum consecutive successes for the probe to be considered successful after having failed.
-	// Defaults to 1 second.
-	SuccessThreshold int32 `protobuf:"varint,5,opt,name=success_threshold,json=successThreshold,proto3" json:"success_threshold,omitempty"`
-	// Minimum consecutive failures for the probe to be considered failed after having succeeded.
-	// Defaults to 3 seconds.
-	FailureThreshold int32 `protobuf:"varint,6,opt,name=failure_threshold,json=failureThreshold,proto3" json:"failure_threshold,omitempty"`
-	// Users can only provide one configuration for healthchecks (tcp, http, exec),
-	// and this is expressed as a oneof. All of the other configuration values
-	// hold true for any of the healthcheck methods.
-	//
-	// Types that are assignable to HealthCheckMethod:
-	//
-	//	*ReadinessProbe_HttpGet
-	//	*ReadinessProbe_TcpSocket
-	//	*ReadinessProbe_Exec
-	HealthCheckMethod isReadinessProbe_HealthCheckMethod `protobuf_oneof:"health_check_method"`
-}
-
-func (x *ReadinessProbe) Reset() {
-	*x = ReadinessProbe{}
-	if protoimpl.UnsafeEnabled {
-		mi := &file_networking_v1beta1_workload_group_proto_msgTypes[1]
-		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
-		ms.StoreMessageInfo(mi)
-	}
-}
-
-func (x *ReadinessProbe) String() string {
-	return protoimpl.X.MessageStringOf(x)
-}
-
-func (*ReadinessProbe) ProtoMessage() {}
-
-func (x *ReadinessProbe) ProtoReflect() protoreflect.Message {
-	mi := &file_networking_v1beta1_workload_group_proto_msgTypes[1]
-	if protoimpl.UnsafeEnabled && x != nil {
-		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
-		if ms.LoadMessageInfo() == nil {
-			ms.StoreMessageInfo(mi)
-		}
-		return ms
-	}
-	return mi.MessageOf(x)
-}
-
-// Deprecated: Use ReadinessProbe.ProtoReflect.Descriptor instead.
-func (*ReadinessProbe) Descriptor() ([]byte, []int) {
-	return file_networking_v1beta1_workload_group_proto_rawDescGZIP(), []int{1}
-}
-
-func (x *ReadinessProbe) GetInitialDelaySeconds() int32 {
-	if x != nil {
-		return x.InitialDelaySeconds
-	}
-	return 0
-}
-
-func (x *ReadinessProbe) GetTimeoutSeconds() int32 {
-	if x != nil {
-		return x.TimeoutSeconds
-	}
-	return 0
-}
-
-func (x *ReadinessProbe) GetPeriodSeconds() int32 {
-	if x != nil {
-		return x.PeriodSeconds
-	}
-	return 0
-}
-
-func (x *ReadinessProbe) GetSuccessThreshold() int32 {
-	if x != nil {
-		return x.SuccessThreshold
-	}
-	return 0
-}
-
-func (x *ReadinessProbe) GetFailureThreshold() int32 {
-	if x != nil {
-		return x.FailureThreshold
-	}
-	return 0
-}
-
-func (m *ReadinessProbe) GetHealthCheckMethod() isReadinessProbe_HealthCheckMethod {
-	if m != nil {
-		return m.HealthCheckMethod
-	}
-	return nil
-}
-
-func (x *ReadinessProbe) GetHttpGet() *HTTPHealthCheckConfig {
-	if x, ok := x.GetHealthCheckMethod().(*ReadinessProbe_HttpGet); ok {
-		return x.HttpGet
-	}
-	return nil
-}
-
-func (x *ReadinessProbe) GetTcpSocket() *TCPHealthCheckConfig {
-	if x, ok := x.GetHealthCheckMethod().(*ReadinessProbe_TcpSocket); ok {
-		return x.TcpSocket
-	}
-	return nil
-}
-
-func (x *ReadinessProbe) GetExec() *ExecHealthCheckConfig {
-	if x, ok := x.GetHealthCheckMethod().(*ReadinessProbe_Exec); ok {
-		return x.Exec
-	}
-	return nil
-}
-
-type isReadinessProbe_HealthCheckMethod interface {
-	isReadinessProbe_HealthCheckMethod()
-}
-
-type ReadinessProbe_HttpGet struct {
-	// `httpGet` is performed to a given endpoint
-	// and the status/able to connect determines health.
-	HttpGet *HTTPHealthCheckConfig `protobuf:"bytes,7,opt,name=http_get,json=httpGet,proto3,oneof"`
-}
-
-type ReadinessProbe_TcpSocket struct {
-	// Health is determined by if the proxy is able to connect.
-	TcpSocket *TCPHealthCheckConfig `protobuf:"bytes,8,opt,name=tcp_socket,json=tcpSocket,proto3,oneof"`
-}
-
-type ReadinessProbe_Exec struct {
-	// Health is determined by how the command that is executed exited.
-	Exec *ExecHealthCheckConfig `protobuf:"bytes,9,opt,name=exec,proto3,oneof"`
-}
-
-func (*ReadinessProbe_HttpGet) isReadinessProbe_HealthCheckMethod() {}
-
-func (*ReadinessProbe_TcpSocket) isReadinessProbe_HealthCheckMethod() {}
-
-func (*ReadinessProbe_Exec) isReadinessProbe_HealthCheckMethod() {}
-
-type HTTPHealthCheckConfig struct {
-	state         protoimpl.MessageState
-	sizeCache     protoimpl.SizeCache
-	unknownFields protoimpl.UnknownFields
-
-	// Path to access on the HTTP server.
-	Path string `protobuf:"bytes,1,opt,name=path,proto3" json:"path,omitempty"`
-	// Port on which the endpoint lives.
-	Port uint32 `protobuf:"varint,2,opt,name=port,proto3" json:"port,omitempty"`
-	// Host name to connect to, defaults to the pod IP. You probably want to set
-	// "Host" in httpHeaders instead.
-	Host string `protobuf:"bytes,3,opt,name=host,proto3" json:"host,omitempty"`
-	// HTTP or HTTPS, defaults to HTTP
-	Scheme string `protobuf:"bytes,4,opt,name=scheme,proto3" json:"scheme,omitempty"`
-	// Headers the proxy will pass on to make the request.
-	// Allows repeated headers.
-	HttpHeaders []*HTTPHeader `protobuf:"bytes,5,rep,name=http_headers,json=httpHeaders,proto3" json:"http_headers,omitempty"`
-}
-
-func (x *HTTPHealthCheckConfig) Reset() {
-	*x = HTTPHealthCheckConfig{}
-	if protoimpl.UnsafeEnabled {
-		mi := &file_networking_v1beta1_workload_group_proto_msgTypes[2]
-		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
-		ms.StoreMessageInfo(mi)
-	}
-}
-
-func (x *HTTPHealthCheckConfig) String() string {
-	return protoimpl.X.MessageStringOf(x)
-}
-
-func (*HTTPHealthCheckConfig) ProtoMessage() {}
-
-func (x *HTTPHealthCheckConfig) ProtoReflect() protoreflect.Message {
-	mi := &file_networking_v1beta1_workload_group_proto_msgTypes[2]
-	if protoimpl.UnsafeEnabled && x != nil {
-		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
-		if ms.LoadMessageInfo() == nil {
-			ms.StoreMessageInfo(mi)
-		}
-		return ms
-	}
-	return mi.MessageOf(x)
-}
-
-// Deprecated: Use HTTPHealthCheckConfig.ProtoReflect.Descriptor instead.
-func (*HTTPHealthCheckConfig) Descriptor() ([]byte, []int) {
-	return file_networking_v1beta1_workload_group_proto_rawDescGZIP(), []int{2}
-}
-
-func (x *HTTPHealthCheckConfig) GetPath() string {
-	if x != nil {
-		return x.Path
-	}
-	return ""
-}
-
-func (x *HTTPHealthCheckConfig) GetPort() uint32 {
-	if x != nil {
-		return x.Port
-	}
-	return 0
-}
-
-func (x *HTTPHealthCheckConfig) GetHost() string {
-	if x != nil {
-		return x.Host
-	}
-	return ""
-}
-
-func (x *HTTPHealthCheckConfig) GetScheme() string {
-	if x != nil {
-		return x.Scheme
-	}
-	return ""
-}
-
-func (x *HTTPHealthCheckConfig) GetHttpHeaders() []*HTTPHeader {
-	if x != nil {
-		return x.HttpHeaders
-	}
-	return nil
-}
-
-type HTTPHeader struct {
-	state         protoimpl.MessageState
-	sizeCache     protoimpl.SizeCache
-	unknownFields protoimpl.UnknownFields
-
-	// The header field name
-	Name string `protobuf:"bytes,1,opt,name=name,proto3" json:"name,omitempty"`
-	// The header field value
-	Value string `protobuf:"bytes,2,opt,name=value,proto3" json:"value,omitempty"`
-}
-
-func (x *HTTPHeader) Reset() {
-	*x = HTTPHeader{}
-	if protoimpl.UnsafeEnabled {
-		mi := &file_networking_v1beta1_workload_group_proto_msgTypes[3]
-		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
-		ms.StoreMessageInfo(mi)
-	}
-}
-
-func (x *HTTPHeader) String() string {
-	return protoimpl.X.MessageStringOf(x)
-}
-
-func (*HTTPHeader) ProtoMessage() {}
-
-func (x *HTTPHeader) ProtoReflect() protoreflect.Message {
-	mi := &file_networking_v1beta1_workload_group_proto_msgTypes[3]
-	if protoimpl.UnsafeEnabled && x != nil {
-		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
-		if ms.LoadMessageInfo() == nil {
-			ms.StoreMessageInfo(mi)
-		}
-		return ms
-	}
-	return mi.MessageOf(x)
-}
-
-// Deprecated: Use HTTPHeader.ProtoReflect.Descriptor instead.
-func (*HTTPHeader) Descriptor() ([]byte, []int) {
-	return file_networking_v1beta1_workload_group_proto_rawDescGZIP(), []int{3}
-}
-
-func (x *HTTPHeader) GetName() string {
-	if x != nil {
-		return x.Name
-	}
-	return ""
-}
-
-func (x *HTTPHeader) GetValue() string {
-	if x != nil {
-		return x.Value
-	}
-	return ""
-}
-
-type TCPHealthCheckConfig struct {
-	state         protoimpl.MessageState
-	sizeCache     protoimpl.SizeCache
-	unknownFields protoimpl.UnknownFields
-
-	// Host to connect to, defaults to localhost
-	Host string `protobuf:"bytes,1,opt,name=host,proto3" json:"host,omitempty"`
-	// Port of host
-	Port uint32 `protobuf:"varint,2,opt,name=port,proto3" json:"port,omitempty"`
-}
-
-func (x *TCPHealthCheckConfig) Reset() {
-	*x = TCPHealthCheckConfig{}
-	if protoimpl.UnsafeEnabled {
-		mi := &file_networking_v1beta1_workload_group_proto_msgTypes[4]
-		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
-		ms.StoreMessageInfo(mi)
-	}
-}
-
-func (x *TCPHealthCheckConfig) String() string {
-	return protoimpl.X.MessageStringOf(x)
-}
-
-func (*TCPHealthCheckConfig) ProtoMessage() {}
-
-func (x *TCPHealthCheckConfig) ProtoReflect() protoreflect.Message {
-	mi := &file_networking_v1beta1_workload_group_proto_msgTypes[4]
-	if protoimpl.UnsafeEnabled && x != nil {
-		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
-		if ms.LoadMessageInfo() == nil {
-			ms.StoreMessageInfo(mi)
-		}
-		return ms
-	}
-	return mi.MessageOf(x)
-}
-
-// Deprecated: Use TCPHealthCheckConfig.ProtoReflect.Descriptor instead.
-func (*TCPHealthCheckConfig) Descriptor() ([]byte, []int) {
-	return file_networking_v1beta1_workload_group_proto_rawDescGZIP(), []int{4}
-}
-
-func (x *TCPHealthCheckConfig) GetHost() string {
-	if x != nil {
-		return x.Host
-	}
-	return ""
-}
-
-func (x *TCPHealthCheckConfig) GetPort() uint32 {
-	if x != nil {
-		return x.Port
-	}
-	return 0
-}
-
-type ExecHealthCheckConfig struct {
-	state         protoimpl.MessageState
-	sizeCache     protoimpl.SizeCache
-	unknownFields protoimpl.UnknownFields
-
-	// Command to run. Exit status of 0 is treated as live/healthy and non-zero is unhealthy.
-	Command []string `protobuf:"bytes,1,rep,name=command,proto3" json:"command,omitempty"`
-}
-
-func (x *ExecHealthCheckConfig) Reset() {
-	*x = ExecHealthCheckConfig{}
-	if protoimpl.UnsafeEnabled {
-		mi := &file_networking_v1beta1_workload_group_proto_msgTypes[5]
-		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
-		ms.StoreMessageInfo(mi)
-	}
-}
-
-func (x *ExecHealthCheckConfig) String() string {
-	return protoimpl.X.MessageStringOf(x)
-}
-
-func (*ExecHealthCheckConfig) ProtoMessage() {}
-
-func (x *ExecHealthCheckConfig) ProtoReflect() protoreflect.Message {
-	mi := &file_networking_v1beta1_workload_group_proto_msgTypes[5]
-	if protoimpl.UnsafeEnabled && x != nil {
-		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
-		if ms.LoadMessageInfo() == nil {
-			ms.StoreMessageInfo(mi)
-		}
-		return ms
-	}
-	return mi.MessageOf(x)
-}
-
-// Deprecated: Use ExecHealthCheckConfig.ProtoReflect.Descriptor instead.
-func (*ExecHealthCheckConfig) Descriptor() ([]byte, []int) {
-	return file_networking_v1beta1_workload_group_proto_rawDescGZIP(), []int{5}
-}
-
-func (x *ExecHealthCheckConfig) GetCommand() []string {
-	if x != nil {
-		return x.Command
-	}
-	return nil
-}
-
-// `ObjectMeta` describes metadata that will be attached to a `WorkloadEntry`.
-// It is a subset of the supported Kubernetes metadata.
-type WorkloadGroup_ObjectMeta struct {
-	state         protoimpl.MessageState
-	sizeCache     protoimpl.SizeCache
-	unknownFields protoimpl.UnknownFields
-
-	// Labels to attach
-	Labels map[string]string `protobuf:"bytes,1,rep,name=labels,proto3" json:"labels,omitempty" protobuf_key:"bytes,1,opt,name=key,proto3" protobuf_val:"bytes,2,opt,name=value,proto3"`
-	// Annotations to attach
-	Annotations map[string]string `protobuf:"bytes,2,rep,name=annotations,proto3" json:"annotations,omitempty" protobuf_key:"bytes,1,opt,name=key,proto3" protobuf_val:"bytes,2,opt,name=value,proto3"`
-}
-
-func (x *WorkloadGroup_ObjectMeta) Reset() {
-	*x = WorkloadGroup_ObjectMeta{}
-	if protoimpl.UnsafeEnabled {
-		mi := &file_networking_v1beta1_workload_group_proto_msgTypes[6]
-		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
-		ms.StoreMessageInfo(mi)
-	}
-}
-
-func (x *WorkloadGroup_ObjectMeta) String() string {
-	return protoimpl.X.MessageStringOf(x)
-}
-
-func (*WorkloadGroup_ObjectMeta) ProtoMessage() {}
-
-func (x *WorkloadGroup_ObjectMeta) ProtoReflect() protoreflect.Message {
-	mi := &file_networking_v1beta1_workload_group_proto_msgTypes[6]
-	if protoimpl.UnsafeEnabled && x != nil {
-		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
-		if ms.LoadMessageInfo() == nil {
-			ms.StoreMessageInfo(mi)
-		}
-		return ms
-	}
-	return mi.MessageOf(x)
-}
-
-// Deprecated: Use WorkloadGroup_ObjectMeta.ProtoReflect.Descriptor instead.
-func (*WorkloadGroup_ObjectMeta) Descriptor() ([]byte, []int) {
-	return file_networking_v1beta1_workload_group_proto_rawDescGZIP(), []int{0, 0}
-}
-
-func (x *WorkloadGroup_ObjectMeta) GetLabels() map[string]string {
-	if x != nil {
-		return x.Labels
-	}
-	return nil
-}
-
-func (x *WorkloadGroup_ObjectMeta) GetAnnotations() map[string]string {
-	if x != nil {
-		return x.Annotations
-	}
-	return nil
-}
-
-var File_networking_v1beta1_workload_group_proto protoreflect.FileDescriptor
-
-var file_networking_v1beta1_workload_group_proto_rawDesc = []byte{
-	0x0a, 0x27, 0x6e, 0x65, 0x74, 0x77, 0x6f, 0x72, 0x6b, 0x69, 0x6e, 0x67, 0x2f, 0x76, 0x31, 0x62,
-	0x65, 0x74, 0x61, 0x31, 0x2f, 0x77, 0x6f, 0x72, 0x6b, 0x6c, 0x6f, 0x61, 0x64, 0x5f, 0x67, 0x72,
-	0x6f, 0x75, 0x70, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x12, 0x18, 0x69, 0x73, 0x74, 0x69, 0x6f,
-	0x2e, 0x6e, 0x65, 0x74, 0x77, 0x6f, 0x72, 0x6b, 0x69, 0x6e, 0x67, 0x2e, 0x76, 0x31, 0x62, 0x65,
-	0x74, 0x61, 0x31, 0x1a, 0x1f, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2f, 0x61, 0x70, 0x69, 0x2f,
-	0x66, 0x69, 0x65, 0x6c, 0x64, 0x5f, 0x62, 0x65, 0x68, 0x61, 0x76, 0x69, 0x6f, 0x72, 0x2e, 0x70,
-	0x72, 0x6f, 0x74, 0x6f, 0x1a, 0x27, 0x6e, 0x65, 0x74, 0x77, 0x6f, 0x72, 0x6b, 0x69, 0x6e, 0x67,
-	0x2f, 0x76, 0x31, 0x62, 0x65, 0x74, 0x61, 0x31, 0x2f, 0x77, 0x6f, 0x72, 0x6b, 0x6c, 0x6f, 0x61,
-	0x64, 0x5f, 0x65, 0x6e, 0x74, 0x72, 0x79, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x22, 0xb3, 0x04,
-	0x0a, 0x0d, 0x57, 0x6f, 0x72, 0x6b, 0x6c, 0x6f, 0x61, 0x64, 0x47, 0x72, 0x6f, 0x75, 0x70, 0x12,
-	0x4e, 0x0a, 0x08, 0x6d, 0x65, 0x74, 0x61, 0x64, 0x61, 0x74, 0x61, 0x18, 0x01, 0x20, 0x01, 0x28,
-	0x0b, 0x32, 0x32, 0x2e, 0x69, 0x73, 0x74, 0x69, 0x6f, 0x2e, 0x6e, 0x65, 0x74, 0x77, 0x6f, 0x72,
-	0x6b, 0x69, 0x6e, 0x67, 0x2e, 0x76, 0x31, 0x62, 0x65, 0x74, 0x61, 0x31, 0x2e, 0x57, 0x6f, 0x72,
-	0x6b, 0x6c, 0x6f, 0x61, 0x64, 0x47, 0x72, 0x6f, 0x75, 0x70, 0x2e, 0x4f, 0x62, 0x6a, 0x65, 0x63,
-	0x74, 0x4d, 0x65, 0x74, 0x61, 0x52, 0x08, 0x6d, 0x65, 0x74, 0x61, 0x64, 0x61, 0x74, 0x61, 0x12,
-	0x49, 0x0a, 0x08, 0x74, 0x65, 0x6d, 0x70, 0x6c, 0x61, 0x74, 0x65, 0x18, 0x02, 0x20, 0x01, 0x28,
-	0x0b, 0x32, 0x27, 0x2e, 0x69, 0x73, 0x74, 0x69, 0x6f, 0x2e, 0x6e, 0x65, 0x74, 0x77, 0x6f, 0x72,
-	0x6b, 0x69, 0x6e, 0x67, 0x2e, 0x76, 0x31, 0x62, 0x65, 0x74, 0x61, 0x31, 0x2e, 0x57, 0x6f, 0x72,
-	0x6b, 0x6c, 0x6f, 0x61, 0x64, 0x45, 0x6e, 0x74, 0x72, 0x79, 0x42, 0x04, 0xe2, 0x41, 0x01, 0x02,
-	0x52, 0x08, 0x74, 0x65, 0x6d, 0x70, 0x6c, 0x61, 0x74, 0x65, 0x12, 0x3e, 0x0a, 0x05, 0x70, 0x72,
-	0x6f, 0x62, 0x65, 0x18, 0x03, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x28, 0x2e, 0x69, 0x73, 0x74, 0x69,
-	0x6f, 0x2e, 0x6e, 0x65, 0x74, 0x77, 0x6f, 0x72, 0x6b, 0x69, 0x6e, 0x67, 0x2e, 0x76, 0x31, 0x62,
-	0x65, 0x74, 0x61, 0x31, 0x2e, 0x52, 0x65, 0x61, 0x64, 0x69, 0x6e, 0x65, 0x73, 0x73, 0x50, 0x72,
-	0x6f, 0x62, 0x65, 0x52, 0x05, 0x70, 0x72, 0x6f, 0x62, 0x65, 0x1a, 0xc6, 0x02, 0x0a, 0x0a, 0x4f,
-	0x62, 0x6a, 0x65, 0x63, 0x74, 0x4d, 0x65, 0x74, 0x61, 0x12, 0x56, 0x0a, 0x06, 0x6c, 0x61, 0x62,
-	0x65, 0x6c, 0x73, 0x18, 0x01, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x3e, 0x2e, 0x69, 0x73, 0x74, 0x69,
-	0x6f, 0x2e, 0x6e, 0x65, 0x74, 0x77, 0x6f, 0x72, 0x6b, 0x69, 0x6e, 0x67, 0x2e, 0x76, 0x31, 0x62,
-	0x65, 0x74, 0x61, 0x31, 0x2e, 0x57, 0x6f, 0x72, 0x6b, 0x6c, 0x6f, 0x61, 0x64, 0x47, 0x72, 0x6f,
-	0x75, 0x70, 0x2e, 0x4f, 0x62, 0x6a, 0x65, 0x63, 0x74, 0x4d, 0x65, 0x74, 0x61, 0x2e, 0x4c, 0x61,
-	0x62, 0x65, 0x6c, 0x73, 0x45, 0x6e, 0x74, 0x72, 0x79, 0x52, 0x06, 0x6c, 0x61, 0x62, 0x65, 0x6c,
-	0x73, 0x12, 0x65, 0x0a, 0x0b, 0x61, 0x6e, 0x6e, 0x6f, 0x74, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x73,
-	0x18, 0x02, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x43, 0x2e, 0x69, 0x73, 0x74, 0x69, 0x6f, 0x2e, 0x6e,
-	0x65, 0x74, 0x77, 0x6f, 0x72, 0x6b, 0x69, 0x6e, 0x67, 0x2e, 0x76, 0x31, 0x62, 0x65, 0x74, 0x61,
-	0x31, 0x2e, 0x57, 0x6f, 0x72, 0x6b, 0x6c, 0x6f, 0x61, 0x64, 0x47, 0x72, 0x6f, 0x75, 0x70, 0x2e,
-	0x4f, 0x62, 0x6a, 0x65, 0x63, 0x74, 0x4d, 0x65, 0x74, 0x61, 0x2e, 0x41, 0x6e, 0x6e, 0x6f, 0x74,
-	0x61, 0x74, 0x69, 0x6f, 0x6e, 0x73, 0x45, 0x6e, 0x74, 0x72, 0x79, 0x52, 0x0b, 0x61, 0x6e, 0x6e,
-	0x6f, 0x74, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x73, 0x1a, 0x39, 0x0a, 0x0b, 0x4c, 0x61, 0x62, 0x65,
-	0x6c, 0x73, 0x45, 0x6e, 0x74, 0x72, 0x79, 0x12, 0x10, 0x0a, 0x03, 0x6b, 0x65, 0x79, 0x18, 0x01,
-	0x20, 0x01, 0x28, 0x09, 0x52, 0x03, 0x6b, 0x65, 0x79, 0x12, 0x14, 0x0a, 0x05, 0x76, 0x61, 0x6c,
-	0x75, 0x65, 0x18, 0x02, 0x20, 0x01, 0x28, 0x09, 0x52, 0x05, 0x76, 0x61, 0x6c, 0x75, 0x65, 0x3a,
-	0x02, 0x38, 0x01, 0x1a, 0x3e, 0x0a, 0x10, 0x41, 0x6e, 0x6e, 0x6f, 0x74, 0x61, 0x74, 0x69, 0x6f,
-	0x6e, 0x73, 0x45, 0x6e, 0x74, 0x72, 0x79, 0x12, 0x10, 0x0a, 0x03, 0x6b, 0x65, 0x79, 0x18, 0x01,
-	0x20, 0x01, 0x28, 0x09, 0x52, 0x03, 0x6b, 0x65, 0x79, 0x12, 0x14, 0x0a, 0x05, 0x76, 0x61, 0x6c,
-	0x75, 0x65, 0x18, 0x02, 0x20, 0x01, 0x28, 0x09, 0x52, 0x05, 0x76, 0x61, 0x6c, 0x75, 0x65, 0x3a,
-	0x02, 0x38, 0x01, 0x22, 0xeb, 0x03, 0x0a, 0x0e, 0x52, 0x65, 0x61, 0x64, 0x69, 0x6e, 0x65, 0x73,
-	0x73, 0x50, 0x72, 0x6f, 0x62, 0x65, 0x12, 0x32, 0x0a, 0x15, 0x69, 0x6e, 0x69, 0x74, 0x69, 0x61,
-	0x6c, 0x5f, 0x64, 0x65, 0x6c, 0x61, 0x79, 0x5f, 0x73, 0x65, 0x63, 0x6f, 0x6e, 0x64, 0x73, 0x18,
-	0x02, 0x20, 0x01, 0x28, 0x05, 0x52, 0x13, 0x69, 0x6e, 0x69, 0x74, 0x69, 0x61, 0x6c, 0x44, 0x65,
-	0x6c, 0x61, 0x79, 0x53, 0x65, 0x63, 0x6f, 0x6e, 0x64, 0x73, 0x12, 0x27, 0x0a, 0x0f, 0x74, 0x69,
-	0x6d, 0x65, 0x6f, 0x75, 0x74, 0x5f, 0x73, 0x65, 0x63, 0x6f, 0x6e, 0x64, 0x73, 0x18, 0x03, 0x20,
-	0x01, 0x28, 0x05, 0x52, 0x0e, 0x74, 0x69, 0x6d, 0x65, 0x6f, 0x75, 0x74, 0x53, 0x65, 0x63, 0x6f,
-	0x6e, 0x64, 0x73, 0x12, 0x25, 0x0a, 0x0e, 0x70, 0x65, 0x72, 0x69, 0x6f, 0x64, 0x5f, 0x73, 0x65,
-	0x63, 0x6f, 0x6e, 0x64, 0x73, 0x18, 0x04, 0x20, 0x01, 0x28, 0x05, 0x52, 0x0d, 0x70, 0x65, 0x72,
-	0x69, 0x6f, 0x64, 0x53, 0x65, 0x63, 0x6f, 0x6e, 0x64, 0x73, 0x12, 0x2b, 0x0a, 0x11, 0x73, 0x75,
-	0x63, 0x63, 0x65, 0x73, 0x73, 0x5f, 0x74, 0x68, 0x72, 0x65, 0x73, 0x68, 0x6f, 0x6c, 0x64, 0x18,
-	0x05, 0x20, 0x01, 0x28, 0x05, 0x52, 0x10, 0x73, 0x75, 0x63, 0x63, 0x65, 0x73, 0x73, 0x54, 0x68,
-	0x72, 0x65, 0x73, 0x68, 0x6f, 0x6c, 0x64, 0x12, 0x2b, 0x0a, 0x11, 0x66, 0x61, 0x69, 0x6c, 0x75,
-	0x72, 0x65, 0x5f, 0x74, 0x68, 0x72, 0x65, 0x73, 0x68, 0x6f, 0x6c, 0x64, 0x18, 0x06, 0x20, 0x01,
-	0x28, 0x05, 0x52, 0x10, 0x66, 0x61, 0x69, 0x6c, 0x75, 0x72, 0x65, 0x54, 0x68, 0x72, 0x65, 0x73,
-	0x68, 0x6f, 0x6c, 0x64, 0x12, 0x4c, 0x0a, 0x08, 0x68, 0x74, 0x74, 0x70, 0x5f, 0x67, 0x65, 0x74,
-	0x18, 0x07, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x2f, 0x2e, 0x69, 0x73, 0x74, 0x69, 0x6f, 0x2e, 0x6e,
-	0x65, 0x74, 0x77, 0x6f, 0x72, 0x6b, 0x69, 0x6e, 0x67, 0x2e, 0x76, 0x31, 0x62, 0x65, 0x74, 0x61,
-	0x31, 0x2e, 0x48, 0x54, 0x54, 0x50, 0x48, 0x65, 0x61, 0x6c, 0x74, 0x68, 0x43, 0x68, 0x65, 0x63,
-	0x6b, 0x43, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x48, 0x00, 0x52, 0x07, 0x68, 0x74, 0x74, 0x70, 0x47,
-	0x65, 0x74, 0x12, 0x4f, 0x0a, 0x0a, 0x74, 0x63, 0x70, 0x5f, 0x73, 0x6f, 0x63, 0x6b, 0x65, 0x74,
-	0x18, 0x08, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x2e, 0x2e, 0x69, 0x73, 0x74, 0x69, 0x6f, 0x2e, 0x6e,
-	0x65, 0x74, 0x77, 0x6f, 0x72, 0x6b, 0x69, 0x6e, 0x67, 0x2e, 0x76, 0x31, 0x62, 0x65, 0x74, 0x61,
-	0x31, 0x2e, 0x54, 0x43, 0x50, 0x48, 0x65, 0x61, 0x6c, 0x74, 0x68, 0x43, 0x68, 0x65, 0x63, 0x6b,
-	0x43, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x48, 0x00, 0x52, 0x09, 0x74, 0x63, 0x70, 0x53, 0x6f, 0x63,
-	0x6b, 0x65, 0x74, 0x12, 0x45, 0x0a, 0x04, 0x65, 0x78, 0x65, 0x63, 0x18, 0x09, 0x20, 0x01, 0x28,
-	0x0b, 0x32, 0x2f, 0x2e, 0x69, 0x73, 0x74, 0x69, 0x6f, 0x2e, 0x6e, 0x65, 0x74, 0x77, 0x6f, 0x72,
-	0x6b, 0x69, 0x6e, 0x67, 0x2e, 0x76, 0x31, 0x62, 0x65, 0x74, 0x61, 0x31, 0x2e, 0x45, 0x78, 0x65,
-	0x63, 0x48, 0x65, 0x61, 0x6c, 0x74, 0x68, 0x43, 0x68, 0x65, 0x63, 0x6b, 0x43, 0x6f, 0x6e, 0x66,
-	0x69, 0x67, 0x48, 0x00, 0x52, 0x04, 0x65, 0x78, 0x65, 0x63, 0x42, 0x15, 0x0a, 0x13, 0x68, 0x65,
-	0x61, 0x6c, 0x74, 0x68, 0x5f, 0x63, 0x68, 0x65, 0x63, 0x6b, 0x5f, 0x6d, 0x65, 0x74, 0x68, 0x6f,
-	0x64, 0x22, 0xba, 0x01, 0x0a, 0x15, 0x48, 0x54, 0x54, 0x50, 0x48, 0x65, 0x61, 0x6c, 0x74, 0x68,
-	0x43, 0x68, 0x65, 0x63, 0x6b, 0x43, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x12, 0x12, 0x0a, 0x04, 0x70,
-	0x61, 0x74, 0x68, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x04, 0x70, 0x61, 0x74, 0x68, 0x12,
-	0x18, 0x0a, 0x04, 0x70, 0x6f, 0x72, 0x74, 0x18, 0x02, 0x20, 0x01, 0x28, 0x0d, 0x42, 0x04, 0xe2,
-	0x41, 0x01, 0x02, 0x52, 0x04, 0x70, 0x6f, 0x72, 0x74, 0x12, 0x12, 0x0a, 0x04, 0x68, 0x6f, 0x73,
-	0x74, 0x18, 0x03, 0x20, 0x01, 0x28, 0x09, 0x52, 0x04, 0x68, 0x6f, 0x73, 0x74, 0x12, 0x16, 0x0a,
-	0x06, 0x73, 0x63, 0x68, 0x65, 0x6d, 0x65, 0x18, 0x04, 0x20, 0x01, 0x28, 0x09, 0x52, 0x06, 0x73,
-	0x63, 0x68, 0x65, 0x6d, 0x65, 0x12, 0x47, 0x0a, 0x0c, 0x68, 0x74, 0x74, 0x70, 0x5f, 0x68, 0x65,
-	0x61, 0x64, 0x65, 0x72, 0x73, 0x18, 0x05, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x24, 0x2e, 0x69, 0x73,
-	0x74, 0x69, 0x6f, 0x2e, 0x6e, 0x65, 0x74, 0x77, 0x6f, 0x72, 0x6b, 0x69, 0x6e, 0x67, 0x2e, 0x76,
-	0x31, 0x62, 0x65, 0x74, 0x61, 0x31, 0x2e, 0x48, 0x54, 0x54, 0x50, 0x48, 0x65, 0x61, 0x64, 0x65,
-	0x72, 0x52, 0x0b, 0x68, 0x74, 0x74, 0x70, 0x48, 0x65, 0x61, 0x64, 0x65, 0x72, 0x73, 0x22, 0x36,
-	0x0a, 0x0a, 0x48, 0x54, 0x54, 0x50, 0x48, 0x65, 0x61, 0x64, 0x65, 0x72, 0x12, 0x12, 0x0a, 0x04,
-	0x6e, 0x61, 0x6d, 0x65, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x04, 0x6e, 0x61, 0x6d, 0x65,
-	0x12, 0x14, 0x0a, 0x05, 0x76, 0x61, 0x6c, 0x75, 0x65, 0x18, 0x02, 0x20, 0x01, 0x28, 0x09, 0x52,
-	0x05, 0x76, 0x61, 0x6c, 0x75, 0x65, 0x22, 0x44, 0x0a, 0x14, 0x54, 0x43, 0x50, 0x48, 0x65, 0x61,
-	0x6c, 0x74, 0x68, 0x43, 0x68, 0x65, 0x63, 0x6b, 0x43, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x12, 0x12,
-	0x0a, 0x04, 0x68, 0x6f, 0x73, 0x74, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x04, 0x68, 0x6f,
-	0x73, 0x74, 0x12, 0x18, 0x0a, 0x04, 0x70, 0x6f, 0x72, 0x74, 0x18, 0x02, 0x20, 0x01, 0x28, 0x0d,
-	0x42, 0x04, 0xe2, 0x41, 0x01, 0x02, 0x52, 0x04, 0x70, 0x6f, 0x72, 0x74, 0x22, 0x31, 0x0a, 0x15,
-	0x45, 0x78, 0x65, 0x63, 0x48, 0x65, 0x61, 0x6c, 0x74, 0x68, 0x43, 0x68, 0x65, 0x63, 0x6b, 0x43,
-	0x6f, 0x6e, 0x66, 0x69, 0x67, 0x12, 0x18, 0x0a, 0x07, 0x63, 0x6f, 0x6d, 0x6d, 0x61, 0x6e, 0x64,
-	0x18, 0x01, 0x20, 0x03, 0x28, 0x09, 0x52, 0x07, 0x63, 0x6f, 0x6d, 0x6d, 0x61, 0x6e, 0x64, 0x42,
-	0x21, 0x5a, 0x1f, 0x69, 0x73, 0x74, 0x69, 0x6f, 0x2e, 0x69, 0x6f, 0x2f, 0x61, 0x70, 0x69, 0x2f,
-	0x6e, 0x65, 0x74, 0x77, 0x6f, 0x72, 0x6b, 0x69, 0x6e, 0x67, 0x2f, 0x76, 0x31, 0x62, 0x65, 0x74,
-	0x61, 0x31, 0x62, 0x06, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x33,
-}
-
-var (
-	file_networking_v1beta1_workload_group_proto_rawDescOnce sync.Once
-	file_networking_v1beta1_workload_group_proto_rawDescData = file_networking_v1beta1_workload_group_proto_rawDesc
-)
-
-func file_networking_v1beta1_workload_group_proto_rawDescGZIP() []byte {
-	file_networking_v1beta1_workload_group_proto_rawDescOnce.Do(func() {
-		file_networking_v1beta1_workload_group_proto_rawDescData = protoimpl.X.CompressGZIP(file_networking_v1beta1_workload_group_proto_rawDescData)
-	})
-	return file_networking_v1beta1_workload_group_proto_rawDescData
-}
-
-var file_networking_v1beta1_workload_group_proto_msgTypes = make([]protoimpl.MessageInfo, 9)
-var file_networking_v1beta1_workload_group_proto_goTypes = []interface{}{
-	(*WorkloadGroup)(nil),            // 0: istio.networking.v1beta1.WorkloadGroup
-	(*ReadinessProbe)(nil),           // 1: istio.networking.v1beta1.ReadinessProbe
-	(*HTTPHealthCheckConfig)(nil),    // 2: istio.networking.v1beta1.HTTPHealthCheckConfig
-	(*HTTPHeader)(nil),               // 3: istio.networking.v1beta1.HTTPHeader
-	(*TCPHealthCheckConfig)(nil),     // 4: istio.networking.v1beta1.TCPHealthCheckConfig
-	(*ExecHealthCheckConfig)(nil),    // 5: istio.networking.v1beta1.ExecHealthCheckConfig
-	(*WorkloadGroup_ObjectMeta)(nil), // 6: istio.networking.v1beta1.WorkloadGroup.ObjectMeta
-	nil,                              // 7: istio.networking.v1beta1.WorkloadGroup.ObjectMeta.LabelsEntry
-	nil,                              // 8: istio.networking.v1beta1.WorkloadGroup.ObjectMeta.AnnotationsEntry
-	(*WorkloadEntry)(nil),            // 9: istio.networking.v1beta1.WorkloadEntry
-}
-var file_networking_v1beta1_workload_group_proto_depIdxs = []int32{
-	6, // 0: istio.networking.v1beta1.WorkloadGroup.metadata:type_name -> istio.networking.v1beta1.WorkloadGroup.ObjectMeta
-	9, // 1: istio.networking.v1beta1.WorkloadGroup.template:type_name -> istio.networking.v1beta1.WorkloadEntry
-	1, // 2: istio.networking.v1beta1.WorkloadGroup.probe:type_name -> istio.networking.v1beta1.ReadinessProbe
-	2, // 3: istio.networking.v1beta1.ReadinessProbe.http_get:type_name -> istio.networking.v1beta1.HTTPHealthCheckConfig
-	4, // 4: istio.networking.v1beta1.ReadinessProbe.tcp_socket:type_name -> istio.networking.v1beta1.TCPHealthCheckConfig
-	5, // 5: istio.networking.v1beta1.ReadinessProbe.exec:type_name -> istio.networking.v1beta1.ExecHealthCheckConfig
-	3, // 6: istio.networking.v1beta1.HTTPHealthCheckConfig.http_headers:type_name -> istio.networking.v1beta1.HTTPHeader
-	7, // 7: istio.networking.v1beta1.WorkloadGroup.ObjectMeta.labels:type_name -> istio.networking.v1beta1.WorkloadGroup.ObjectMeta.LabelsEntry
-	8, // 8: istio.networking.v1beta1.WorkloadGroup.ObjectMeta.annotations:type_name -> istio.networking.v1beta1.WorkloadGroup.ObjectMeta.AnnotationsEntry
-	9, // [9:9] is the sub-list for method output_type
-	9, // [9:9] is the sub-list for method input_type
-	9, // [9:9] is the sub-list for extension type_name
-	9, // [9:9] is the sub-list for extension extendee
-	0, // [0:9] is the sub-list for field type_name
-}
-
-func init() { file_networking_v1beta1_workload_group_proto_init() }
-func file_networking_v1beta1_workload_group_proto_init() {
-	if File_networking_v1beta1_workload_group_proto != nil {
-		return
-	}
-	file_networking_v1beta1_workload_entry_proto_init()
-	if !protoimpl.UnsafeEnabled {
-		file_networking_v1beta1_workload_group_proto_msgTypes[0].Exporter = func(v interface{}, i int) interface{} {
-			switch v := v.(*WorkloadGroup); i {
-			case 0:
-				return &v.state
-			case 1:
-				return &v.sizeCache
-			case 2:
-				return &v.unknownFields
-			default:
-				return nil
-			}
-		}
-		file_networking_v1beta1_workload_group_proto_msgTypes[1].Exporter = func(v interface{}, i int) interface{} {
-			switch v := v.(*ReadinessProbe); i {
-			case 0:
-				return &v.state
-			case 1:
-				return &v.sizeCache
-			case 2:
-				return &v.unknownFields
-			default:
-				return nil
-			}
-		}
-		file_networking_v1beta1_workload_group_proto_msgTypes[2].Exporter = func(v interface{}, i int) interface{} {
-			switch v := v.(*HTTPHealthCheckConfig); i {
-			case 0:
-				return &v.state
-			case 1:
-				return &v.sizeCache
-			case 2:
-				return &v.unknownFields
-			default:
-				return nil
-			}
-		}
-		file_networking_v1beta1_workload_group_proto_msgTypes[3].Exporter = func(v interface{}, i int) interface{} {
-			switch v := v.(*HTTPHeader); i {
-			case 0:
-				return &v.state
-			case 1:
-				return &v.sizeCache
-			case 2:
-				return &v.unknownFields
-			default:
-				return nil
-			}
-		}
-		file_networking_v1beta1_workload_group_proto_msgTypes[4].Exporter = func(v interface{}, i int) interface{} {
-			switch v := v.(*TCPHealthCheckConfig); i {
-			case 0:
-				return &v.state
-			case 1:
-				return &v.sizeCache
-			case 2:
-				return &v.unknownFields
-			default:
-				return nil
-			}
-		}
-		file_networking_v1beta1_workload_group_proto_msgTypes[5].Exporter = func(v interface{}, i int) interface{} {
-			switch v := v.(*ExecHealthCheckConfig); i {
-			case 0:
-				return &v.state
-			case 1:
-				return &v.sizeCache
-			case 2:
-				return &v.unknownFields
-			default:
-				return nil
-			}
-		}
-		file_networking_v1beta1_workload_group_proto_msgTypes[6].Exporter = func(v interface{}, i int) interface{} {
-			switch v := v.(*WorkloadGroup_ObjectMeta); i {
-			case 0:
-				return &v.state
-			case 1:
-				return &v.sizeCache
-			case 2:
-				return &v.unknownFields
-			default:
-				return nil
-			}
-		}
-	}
-	file_networking_v1beta1_workload_group_proto_msgTypes[1].OneofWrappers = []interface{}{
-		(*ReadinessProbe_HttpGet)(nil),
-		(*ReadinessProbe_TcpSocket)(nil),
-		(*ReadinessProbe_Exec)(nil),
-	}
-	type x struct{}
-	out := protoimpl.TypeBuilder{
-		File: protoimpl.DescBuilder{
-			GoPackagePath: reflect.TypeOf(x{}).PkgPath(),
-			RawDescriptor: file_networking_v1beta1_workload_group_proto_rawDesc,
-			NumEnums:      0,
-			NumMessages:   9,
-			NumExtensions: 0,
-			NumServices:   0,
-		},
-		GoTypes:           file_networking_v1beta1_workload_group_proto_goTypes,
-		DependencyIndexes: file_networking_v1beta1_workload_group_proto_depIdxs,
-		MessageInfos:      file_networking_v1beta1_workload_group_proto_msgTypes,
-	}.Build()
-	File_networking_v1beta1_workload_group_proto = out.File
-	file_networking_v1beta1_workload_group_proto_rawDesc = nil
-	file_networking_v1beta1_workload_group_proto_goTypes = nil
-	file_networking_v1beta1_workload_group_proto_depIdxs = nil
-}
diff --git a/vendor/istio.io/api/networking/v1beta1/workload_group_alias.gen.go b/vendor/istio.io/api/networking/v1beta1/workload_group_alias.gen.go
new file mode 100644
index 000000000..336e92f5b
--- /dev/null
+++ b/vendor/istio.io/api/networking/v1beta1/workload_group_alias.gen.go
@@ -0,0 +1,56 @@
+// Code generated by protoc-gen-alias. DO NOT EDIT.
+package v1beta1
+
+import "istio.io/api/networking/v1alpha3"
+
+// `WorkloadGroup` enables specifying the properties of a single workload for bootstrap and
+// provides a template for `WorkloadEntry`, similar to how `Deployment` specifies properties
+// of workloads via `Pod` templates. A `WorkloadGroup` can have more than one `WorkloadEntry`.
+// `WorkloadGroup` has no relationship to resources which control service registry like `ServiceEntry`
+// and as such doesn't configure host name for these workloads.
+//
+// 
+//
+// 
+type WorkloadGroup = v1alpha3.WorkloadGroup
+
+// `ObjectMeta` describes metadata that will be attached to a `WorkloadEntry`.
+// It is a subset of the supported Kubernetes metadata.
+type WorkloadGroup_ObjectMeta = v1alpha3.WorkloadGroup_ObjectMeta
+type ReadinessProbe = v1alpha3.ReadinessProbe
+
+// `httpGet` is performed to a given endpoint
+// and the status/able to connect determines health.
+type ReadinessProbe_HttpGet = v1alpha3.ReadinessProbe_HttpGet
+
+// Health is determined by if the proxy is able to connect.
+type ReadinessProbe_TcpSocket = v1alpha3.ReadinessProbe_TcpSocket
+
+// Health is determined by how the command that is executed exited.
+type ReadinessProbe_Exec = v1alpha3.ReadinessProbe_Exec
+
+// GRPC call is made and response/error is used to determine health.
+type ReadinessProbe_Grpc = v1alpha3.ReadinessProbe_Grpc
+type HTTPHealthCheckConfig = v1alpha3.HTTPHealthCheckConfig
+type GrpcHealthCheckConfig = v1alpha3.GrpcHealthCheckConfig
+type HTTPHeader = v1alpha3.HTTPHeader
+type TCPHealthCheckConfig = v1alpha3.TCPHealthCheckConfig
+type ExecHealthCheckConfig = v1alpha3.ExecHealthCheckConfig
diff --git a/vendor/istio.io/api/type/v1beta1/selector.gen.json b/vendor/istio.io/api/type/v1beta1/selector.gen.json
deleted file mode 100644
index 28a4c060a..000000000
--- a/vendor/istio.io/api/type/v1beta1/selector.gen.json
+++ /dev/null
@@ -1,44 +0,0 @@
-{
-  "openapi": "3.0.0",
-  "info": {
-    "title": "Definition of a workload selector.",
-    "version": "v1beta1"
-  },
-  "components": {
-    "schemas": {
-      "istio.type.v1beta1.PortSelector": {
-        "description": "PortSelector is the criteria for specifying if a policy can be applied to a listener having a specific port.",
-        "type": "object",
-        "properties": {
-          "number": {
-            "description": "Port number",
-            "type": "integer"
-          }
-        }
-      },
-      "istio.type.v1beta1.WorkloadMode": {
-        "description": "WorkloadMode allows selection of the role of the underlying workload in network traffic. A workload is considered as acting as a SERVER if it is the destination of the traffic (that is, traffic direction, from the perspective of the workload is *inbound*). If the workload is the source of the network traffic, it is considered to be in CLIENT mode (traffic is *outbound* from the workload).",
-        "type": "string",
-        "enum": [
-          "UNDEFINED",
-          "CLIENT",
-          "SERVER",
-          "CLIENT_AND_SERVER"
-        ]
-      },
-      "istio.type.v1beta1.WorkloadSelector": {
-        "description": "WorkloadSelector specifies the criteria used to determine if a policy can be applied to a proxy. The matching criteria includes the metadata associated with a proxy, workload instance info such as labels attached to the pod/VM, or any other info that the proxy provides to Istio during the initial handshake. If multiple conditions are specified, all conditions need to match in order for the workload instance to be selected. Currently, only label based selection mechanism is supported.",
-        "type": "object",
-        "properties": {
-          "matchLabels": {
-            "description": "One or more labels that indicate a specific set of pods/VMs on which a policy should be applied. The scope of label search is restricted to the configuration namespace in which the resource is present.",
-            "type": "object",
-            "additionalProperties": {
-              "type": "string"
-            }
-          }
-        }
-      }
-    }
-  }
-}
\ No newline at end of file
diff --git a/vendor/istio.io/api/type/v1beta1/selector.pb.go b/vendor/istio.io/api/type/v1beta1/selector.pb.go
index 61925ef54..fb46912a8 100644
--- a/vendor/istio.io/api/type/v1beta1/selector.pb.go
+++ b/vendor/istio.io/api/type/v1beta1/selector.pb.go
@@ -14,7 +14,7 @@
 
 // Code generated by protoc-gen-go. DO NOT EDIT.
 // versions:
-// 	protoc-gen-go v1.28.1
+// 	protoc-gen-go v1.35.2
 // 	protoc        (unknown)
 // source: type/v1beta1/selector.proto
 
@@ -119,16 +119,19 @@ type WorkloadSelector struct {
 	// One or more labels that indicate a specific set of pods/VMs
 	// on which a policy should be applied. The scope of label search is restricted to
 	// the configuration namespace in which the resource is present.
+	// +kubebuilder:validation:XValidation:message="wildcard not allowed in label key match",rule="self.all(key, !key.contains('*'))"
+	// +kubebuilder:validation:XValidation:message="key must not be empty",rule="self.all(key, key.size() != 0)"
+	// +protoc-gen-crd:map-value-validation:XValidation:message="wildcard not allowed in label value match",rule="!self.contains('*')"
+	// +protoc-gen-crd:map-value-validation:MaxLength=63
+	// +kubebuilder:validation:MaxProperties=4096
 	MatchLabels map[string]string `protobuf:"bytes,1,rep,name=match_labels,json=matchLabels,proto3" json:"match_labels,omitempty" protobuf_key:"bytes,1,opt,name=key,proto3" protobuf_val:"bytes,2,opt,name=value,proto3"`
 }
 
 func (x *WorkloadSelector) Reset() {
 	*x = WorkloadSelector{}
-	if protoimpl.UnsafeEnabled {
-		mi := &file_type_v1beta1_selector_proto_msgTypes[0]
-		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
-		ms.StoreMessageInfo(mi)
-	}
+	mi := &file_type_v1beta1_selector_proto_msgTypes[0]
+	ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+	ms.StoreMessageInfo(mi)
 }
 
 func (x *WorkloadSelector) String() string {
@@ -139,7 +142,7 @@ func (*WorkloadSelector) ProtoMessage() {}
 
 func (x *WorkloadSelector) ProtoReflect() protoreflect.Message {
 	mi := &file_type_v1beta1_selector_proto_msgTypes[0]
-	if protoimpl.UnsafeEnabled && x != nil {
+	if x != nil {
 		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
 		if ms.LoadMessageInfo() == nil {
 			ms.StoreMessageInfo(mi)
@@ -169,16 +172,16 @@ type PortSelector struct {
 	unknownFields protoimpl.UnknownFields
 
 	// Port number
+	// +kubebuilder:validation:Minimum=1
+	// +kubebuilder:validation:Maximum=65535
 	Number uint32 `protobuf:"varint,1,opt,name=number,proto3" json:"number,omitempty"`
 }
 
 func (x *PortSelector) Reset() {
 	*x = PortSelector{}
-	if protoimpl.UnsafeEnabled {
-		mi := &file_type_v1beta1_selector_proto_msgTypes[1]
-		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
-		ms.StoreMessageInfo(mi)
-	}
+	mi := &file_type_v1beta1_selector_proto_msgTypes[1]
+	ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+	ms.StoreMessageInfo(mi)
 }
 
 func (x *PortSelector) String() string {
@@ -189,7 +192,7 @@ func (*PortSelector) ProtoMessage() {}
 
 func (x *PortSelector) ProtoReflect() protoreflect.Message {
 	mi := &file_type_v1beta1_selector_proto_msgTypes[1]
-	if protoimpl.UnsafeEnabled && x != nil {
+	if x != nil {
 		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
 		if ms.LoadMessageInfo() == nil {
 			ms.StoreMessageInfo(mi)
@@ -211,6 +214,125 @@ func (x *PortSelector) GetNumber() uint32 {
 	return 0
 }
 
+// PolicyTargetReference format as defined by [GEP-2648](https://gateway-api.sigs.k8s.io/geps/gep-2648/#direct-policy-design-rules).
+//
+// PolicyTargetReference specifies the targeted resource which the policy
+// should be applied to. It must only target a single resource at a time, but it
+// can be used to target larger resources such as Gateways that may apply to
+// multiple child resources. The PolicyTargetReference will be used instead of
+// a WorkloadSelector in the RequestAuthentication, AuthorizationPolicy,
+// Telemetry, and WasmPlugin CRDs to target a Kubernetes Gateway.
+//
+// The following is an example of an AuthorizationPolicy bound to a waypoint proxy using
+// a PolicyTargetReference. The example sets `action` to `DENY` to create a deny policy.
+// It denies all the requests with `POST` method on port `8080` directed through the
+// `waypoint` Gateway in the `foo` namespace.
+//
+// ```yaml
+// apiVersion: security.istio.io/v1
+// kind: AuthorizationPolicy
+// metadata:
+//
+//	name: httpbin
+//	namespace: foo
+//
+// spec:
+//
+//	targetRefs:
+//	- name: waypoint
+//	  kind: Gateway
+//	  group: gateway.networking.k8s.io
+//	action: DENY
+//	rules:
+//	- to:
+//	  - operation:
+//	      methods: ["POST"]
+//	      ports: ["8080"]
+//
+// ```
+// +kubebuilder:validation:XValidation:message="Support kinds are core/Service, networking.istio.io/ServiceEntry, gateway.networking.k8s.io/Gateway",rule="[self.group, self.kind] in [['core','Service'], [”,'Service'], ['gateway.networking.k8s.io','Gateway'], ['networking.istio.io','ServiceEntry']]"
+type PolicyTargetReference struct {
+	state         protoimpl.MessageState
+	sizeCache     protoimpl.SizeCache
+	unknownFields protoimpl.UnknownFields
+
+	// group is the group of the target resource.
+	// +kubebuilder:validation:MaxLength=253
+	// +kubebuilder:validation:Pattern=`^$|^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$`
+	Group string `protobuf:"bytes,1,opt,name=group,proto3" json:"group,omitempty"`
+	// kind is kind of the target resource.
+	// +kubebuilder:validation:MinLength=1
+	// +kubebuilder:validation:MaxLength=63
+	// +kubebuilder:validation:Pattern=`^[a-zA-Z]([-a-zA-Z0-9]*[a-zA-Z0-9])?$`
+	Kind string `protobuf:"bytes,2,opt,name=kind,proto3" json:"kind,omitempty"`
+	// name is the name of the target resource.
+	// +kubebuilder:validation:MinLength=1
+	// +kubebuilder:validation:MaxLength=253
+	Name string `protobuf:"bytes,3,opt,name=name,proto3" json:"name,omitempty"`
+	// namespace is the namespace of the referent. When unspecified, the local
+	// namespace is inferred.
+	// +kubebuilder:validation:XValidation:message="cross namespace referencing is not currently supported",rule="self.size() == 0"
+	Namespace string `protobuf:"bytes,4,opt,name=namespace,proto3" json:"namespace,omitempty"`
+}
+
+func (x *PolicyTargetReference) Reset() {
+	*x = PolicyTargetReference{}
+	mi := &file_type_v1beta1_selector_proto_msgTypes[2]
+	ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+	ms.StoreMessageInfo(mi)
+}
+
+func (x *PolicyTargetReference) String() string {
+	return protoimpl.X.MessageStringOf(x)
+}
+
+func (*PolicyTargetReference) ProtoMessage() {}
+
+func (x *PolicyTargetReference) ProtoReflect() protoreflect.Message {
+	mi := &file_type_v1beta1_selector_proto_msgTypes[2]
+	if x != nil {
+		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+		if ms.LoadMessageInfo() == nil {
+			ms.StoreMessageInfo(mi)
+		}
+		return ms
+	}
+	return mi.MessageOf(x)
+}
+
+// Deprecated: Use PolicyTargetReference.ProtoReflect.Descriptor instead.
+func (*PolicyTargetReference) Descriptor() ([]byte, []int) {
+	return file_type_v1beta1_selector_proto_rawDescGZIP(), []int{2}
+}
+
+func (x *PolicyTargetReference) GetGroup() string {
+	if x != nil {
+		return x.Group
+	}
+	return ""
+}
+
+func (x *PolicyTargetReference) GetKind() string {
+	if x != nil {
+		return x.Kind
+	}
+	return ""
+}
+
+func (x *PolicyTargetReference) GetName() string {
+	if x != nil {
+		return x.Name
+	}
+	return ""
+}
+
+func (x *PolicyTargetReference) GetNamespace() string {
+	if x != nil {
+		return x.Namespace
+	}
+	return ""
+}
+
 var File_type_v1beta1_selector_proto protoreflect.FileDescriptor
 
 var file_type_v1beta1_selector_proto_rawDesc = []byte{
@@ -219,28 +341,36 @@ var file_type_v1beta1_selector_proto_rawDesc = []byte{
 	0x73, 0x74, 0x69, 0x6f, 0x2e, 0x74, 0x79, 0x70, 0x65, 0x2e, 0x76, 0x31, 0x62, 0x65, 0x74, 0x61,
 	0x31, 0x1a, 0x1f, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2f, 0x61, 0x70, 0x69, 0x2f, 0x66, 0x69,
 	0x65, 0x6c, 0x64, 0x5f, 0x62, 0x65, 0x68, 0x61, 0x76, 0x69, 0x6f, 0x72, 0x2e, 0x70, 0x72, 0x6f,
-	0x74, 0x6f, 0x22, 0xb2, 0x01, 0x0a, 0x10, 0x57, 0x6f, 0x72, 0x6b, 0x6c, 0x6f, 0x61, 0x64, 0x53,
-	0x65, 0x6c, 0x65, 0x63, 0x74, 0x6f, 0x72, 0x12, 0x5e, 0x0a, 0x0c, 0x6d, 0x61, 0x74, 0x63, 0x68,
+	0x74, 0x6f, 0x22, 0xac, 0x01, 0x0a, 0x10, 0x57, 0x6f, 0x72, 0x6b, 0x6c, 0x6f, 0x61, 0x64, 0x53,
+	0x65, 0x6c, 0x65, 0x63, 0x74, 0x6f, 0x72, 0x12, 0x58, 0x0a, 0x0c, 0x6d, 0x61, 0x74, 0x63, 0x68,
 	0x5f, 0x6c, 0x61, 0x62, 0x65, 0x6c, 0x73, 0x18, 0x01, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x35, 0x2e,
 	0x69, 0x73, 0x74, 0x69, 0x6f, 0x2e, 0x74, 0x79, 0x70, 0x65, 0x2e, 0x76, 0x31, 0x62, 0x65, 0x74,
 	0x61, 0x31, 0x2e, 0x57, 0x6f, 0x72, 0x6b, 0x6c, 0x6f, 0x61, 0x64, 0x53, 0x65, 0x6c, 0x65, 0x63,
 	0x74, 0x6f, 0x72, 0x2e, 0x4d, 0x61, 0x74, 0x63, 0x68, 0x4c, 0x61, 0x62, 0x65, 0x6c, 0x73, 0x45,
-	0x6e, 0x74, 0x72, 0x79, 0x42, 0x04, 0xe2, 0x41, 0x01, 0x02, 0x52, 0x0b, 0x6d, 0x61, 0x74, 0x63,
-	0x68, 0x4c, 0x61, 0x62, 0x65, 0x6c, 0x73, 0x1a, 0x3e, 0x0a, 0x10, 0x4d, 0x61, 0x74, 0x63, 0x68,
-	0x4c, 0x61, 0x62, 0x65, 0x6c, 0x73, 0x45, 0x6e, 0x74, 0x72, 0x79, 0x12, 0x10, 0x0a, 0x03, 0x6b,
-	0x65, 0x79, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x03, 0x6b, 0x65, 0x79, 0x12, 0x14, 0x0a,
-	0x05, 0x76, 0x61, 0x6c, 0x75, 0x65, 0x18, 0x02, 0x20, 0x01, 0x28, 0x09, 0x52, 0x05, 0x76, 0x61,
-	0x6c, 0x75, 0x65, 0x3a, 0x02, 0x38, 0x01, 0x22, 0x26, 0x0a, 0x0c, 0x50, 0x6f, 0x72, 0x74, 0x53,
-	0x65, 0x6c, 0x65, 0x63, 0x74, 0x6f, 0x72, 0x12, 0x16, 0x0a, 0x06, 0x6e, 0x75, 0x6d, 0x62, 0x65,
-	0x72, 0x18, 0x01, 0x20, 0x01, 0x28, 0x0d, 0x52, 0x06, 0x6e, 0x75, 0x6d, 0x62, 0x65, 0x72, 0x2a,
-	0x4c, 0x0a, 0x0c, 0x57, 0x6f, 0x72, 0x6b, 0x6c, 0x6f, 0x61, 0x64, 0x4d, 0x6f, 0x64, 0x65, 0x12,
-	0x0d, 0x0a, 0x09, 0x55, 0x4e, 0x44, 0x45, 0x46, 0x49, 0x4e, 0x45, 0x44, 0x10, 0x00, 0x12, 0x0a,
-	0x0a, 0x06, 0x43, 0x4c, 0x49, 0x45, 0x4e, 0x54, 0x10, 0x01, 0x12, 0x0a, 0x0a, 0x06, 0x53, 0x45,
-	0x52, 0x56, 0x45, 0x52, 0x10, 0x02, 0x12, 0x15, 0x0a, 0x11, 0x43, 0x4c, 0x49, 0x45, 0x4e, 0x54,
-	0x5f, 0x41, 0x4e, 0x44, 0x5f, 0x53, 0x45, 0x52, 0x56, 0x45, 0x52, 0x10, 0x03, 0x42, 0x1b, 0x5a,
-	0x19, 0x69, 0x73, 0x74, 0x69, 0x6f, 0x2e, 0x69, 0x6f, 0x2f, 0x61, 0x70, 0x69, 0x2f, 0x74, 0x79,
-	0x70, 0x65, 0x2f, 0x76, 0x31, 0x62, 0x65, 0x74, 0x61, 0x31, 0x62, 0x06, 0x70, 0x72, 0x6f, 0x74,
-	0x6f, 0x33,
+	0x6e, 0x74, 0x72, 0x79, 0x52, 0x0b, 0x6d, 0x61, 0x74, 0x63, 0x68, 0x4c, 0x61, 0x62, 0x65, 0x6c,
+	0x73, 0x1a, 0x3e, 0x0a, 0x10, 0x4d, 0x61, 0x74, 0x63, 0x68, 0x4c, 0x61, 0x62, 0x65, 0x6c, 0x73,
+	0x45, 0x6e, 0x74, 0x72, 0x79, 0x12, 0x10, 0x0a, 0x03, 0x6b, 0x65, 0x79, 0x18, 0x01, 0x20, 0x01,
+	0x28, 0x09, 0x52, 0x03, 0x6b, 0x65, 0x79, 0x12, 0x14, 0x0a, 0x05, 0x76, 0x61, 0x6c, 0x75, 0x65,
+	0x18, 0x02, 0x20, 0x01, 0x28, 0x09, 0x52, 0x05, 0x76, 0x61, 0x6c, 0x75, 0x65, 0x3a, 0x02, 0x38,
+	0x01, 0x22, 0x2c, 0x0a, 0x0c, 0x50, 0x6f, 0x72, 0x74, 0x53, 0x65, 0x6c, 0x65, 0x63, 0x74, 0x6f,
+	0x72, 0x12, 0x1c, 0x0a, 0x06, 0x6e, 0x75, 0x6d, 0x62, 0x65, 0x72, 0x18, 0x01, 0x20, 0x01, 0x28,
+	0x0d, 0x42, 0x04, 0xe2, 0x41, 0x01, 0x02, 0x52, 0x06, 0x6e, 0x75, 0x6d, 0x62, 0x65, 0x72, 0x22,
+	0x7f, 0x0a, 0x15, 0x50, 0x6f, 0x6c, 0x69, 0x63, 0x79, 0x54, 0x61, 0x72, 0x67, 0x65, 0x74, 0x52,
+	0x65, 0x66, 0x65, 0x72, 0x65, 0x6e, 0x63, 0x65, 0x12, 0x14, 0x0a, 0x05, 0x67, 0x72, 0x6f, 0x75,
+	0x70, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x05, 0x67, 0x72, 0x6f, 0x75, 0x70, 0x12, 0x18,
+	0x0a, 0x04, 0x6b, 0x69, 0x6e, 0x64, 0x18, 0x02, 0x20, 0x01, 0x28, 0x09, 0x42, 0x04, 0xe2, 0x41,
+	0x01, 0x02, 0x52, 0x04, 0x6b, 0x69, 0x6e, 0x64, 0x12, 0x18, 0x0a, 0x04, 0x6e, 0x61, 0x6d, 0x65,
+	0x18, 0x03, 0x20, 0x01, 0x28, 0x09, 0x42, 0x04, 0xe2, 0x41, 0x01, 0x02, 0x52, 0x04, 0x6e, 0x61,
+	0x6d, 0x65, 0x12, 0x1c, 0x0a, 0x09, 0x6e, 0x61, 0x6d, 0x65, 0x73, 0x70, 0x61, 0x63, 0x65, 0x18,
+	0x04, 0x20, 0x01, 0x28, 0x09, 0x52, 0x09, 0x6e, 0x61, 0x6d, 0x65, 0x73, 0x70, 0x61, 0x63, 0x65,
+	0x2a, 0x4c, 0x0a, 0x0c, 0x57, 0x6f, 0x72, 0x6b, 0x6c, 0x6f, 0x61, 0x64, 0x4d, 0x6f, 0x64, 0x65,
+	0x12, 0x0d, 0x0a, 0x09, 0x55, 0x4e, 0x44, 0x45, 0x46, 0x49, 0x4e, 0x45, 0x44, 0x10, 0x00, 0x12,
+	0x0a, 0x0a, 0x06, 0x43, 0x4c, 0x49, 0x45, 0x4e, 0x54, 0x10, 0x01, 0x12, 0x0a, 0x0a, 0x06, 0x53,
+	0x45, 0x52, 0x56, 0x45, 0x52, 0x10, 0x02, 0x12, 0x15, 0x0a, 0x11, 0x43, 0x4c, 0x49, 0x45, 0x4e,
+	0x54, 0x5f, 0x41, 0x4e, 0x44, 0x5f, 0x53, 0x45, 0x52, 0x56, 0x45, 0x52, 0x10, 0x03, 0x42, 0x1b,
+	0x5a, 0x19, 0x69, 0x73, 0x74, 0x69, 0x6f, 0x2e, 0x69, 0x6f, 0x2f, 0x61, 0x70, 0x69, 0x2f, 0x74,
+	0x79, 0x70, 0x65, 0x2f, 0x76, 0x31, 0x62, 0x65, 0x74, 0x61, 0x31, 0x62, 0x06, 0x70, 0x72, 0x6f,
+	0x74, 0x6f, 0x33,
 }
 
 var (
@@ -256,15 +386,16 @@ func file_type_v1beta1_selector_proto_rawDescGZIP() []byte {
 }
 
 var file_type_v1beta1_selector_proto_enumTypes = make([]protoimpl.EnumInfo, 1)
-var file_type_v1beta1_selector_proto_msgTypes = make([]protoimpl.MessageInfo, 3)
-var file_type_v1beta1_selector_proto_goTypes = []interface{}{
-	(WorkloadMode)(0),        // 0: istio.type.v1beta1.WorkloadMode
-	(*WorkloadSelector)(nil), // 1: istio.type.v1beta1.WorkloadSelector
-	(*PortSelector)(nil),     // 2: istio.type.v1beta1.PortSelector
-	nil,                      // 3: istio.type.v1beta1.WorkloadSelector.MatchLabelsEntry
+var file_type_v1beta1_selector_proto_msgTypes = make([]protoimpl.MessageInfo, 4)
+var file_type_v1beta1_selector_proto_goTypes = []any{
+	(WorkloadMode)(0),             // 0: istio.type.v1beta1.WorkloadMode
+	(*WorkloadSelector)(nil),      // 1: istio.type.v1beta1.WorkloadSelector
+	(*PortSelector)(nil),          // 2: istio.type.v1beta1.PortSelector
+	(*PolicyTargetReference)(nil), // 3: istio.type.v1beta1.PolicyTargetReference
+	nil,                           // 4: istio.type.v1beta1.WorkloadSelector.MatchLabelsEntry
 }
 var file_type_v1beta1_selector_proto_depIdxs = []int32{
-	3, // 0: istio.type.v1beta1.WorkloadSelector.match_labels:type_name -> istio.type.v1beta1.WorkloadSelector.MatchLabelsEntry
+	4, // 0: istio.type.v1beta1.WorkloadSelector.match_labels:type_name -> istio.type.v1beta1.WorkloadSelector.MatchLabelsEntry
 	1, // [1:1] is the sub-list for method output_type
 	1, // [1:1] is the sub-list for method input_type
 	1, // [1:1] is the sub-list for extension type_name
@@ -277,39 +408,13 @@ func file_type_v1beta1_selector_proto_init() {
 	if File_type_v1beta1_selector_proto != nil {
 		return
 	}
-	if !protoimpl.UnsafeEnabled {
-		file_type_v1beta1_selector_proto_msgTypes[0].Exporter = func(v interface{}, i int) interface{} {
-			switch v := v.(*WorkloadSelector); i {
-			case 0:
-				return &v.state
-			case 1:
-				return &v.sizeCache
-			case 2:
-				return &v.unknownFields
-			default:
-				return nil
-			}
-		}
-		file_type_v1beta1_selector_proto_msgTypes[1].Exporter = func(v interface{}, i int) interface{} {
-			switch v := v.(*PortSelector); i {
-			case 0:
-				return &v.state
-			case 1:
-				return &v.sizeCache
-			case 2:
-				return &v.unknownFields
-			default:
-				return nil
-			}
-		}
-	}
 	type x struct{}
 	out := protoimpl.TypeBuilder{
 		File: protoimpl.DescBuilder{
 			GoPackagePath: reflect.TypeOf(x{}).PkgPath(),
 			RawDescriptor: file_type_v1beta1_selector_proto_rawDesc,
 			NumEnums:      1,
-			NumMessages:   3,
+			NumMessages:   4,
 			NumExtensions: 0,
 			NumServices:   0,
 		},
diff --git a/vendor/istio.io/api/type/v1beta1/selector.pb.html b/vendor/istio.io/api/type/v1beta1/selector.pb.html
index 0fccbb7fd..eeabe97d6 100644
--- a/vendor/istio.io/api/type/v1beta1/selector.pb.html
+++ b/vendor/istio.io/api/type/v1beta1/selector.pb.html
@@ -4,7 +4,7 @@
 location: https://istio.io/docs/reference/config/type/workload-selector.html
 layout: protoc-gen-docs
 generator: protoc-gen-docs
-number_of_entries: 3
+number_of_entries: 4
 ---
 
WorkloadSelector

 

@@ -19,23 +19,19 @@ 
WorkloadSelector

 

-
-
-
-
+
-
@@ -50,21 +46,99 @@ 
PortSelector

-
-
-
-
+
+
+
+

 
 

 FieldType
 DescriptionRequired
 

 
 
labelsmap<string, string>
-
Labels to attach

-
-		
-No
-
annotationsmap<string, string>
command

+
string[]

+
Required

+

 
-
Annotations to attach

+
Command to run. Exit status of 0 is treated as live/healthy and non-zero is unhealthy.

 
-		
-No
 
 

 
 

 FieldType
 DescriptionRequired
 

 
 
 
selectorWorkloadSelector
selector

+
WorkloadSelector

+

 
-
Optional. Selectors specify the set of pods/VMs on which this ProxyConfig resource should be applied.
+
Selectors specify the set of pods/VMs on which this ProxyConfig resource should be applied.
 If not set, the ProxyConfig resource will be applied to all workloads in the namespace where this resource is defined.

 
-		
-No
 
 

 
concurrencyInt32Value
concurrency

+
Int32Value

+

 
 
The number of worker threads to run.
-If unset, defaults to 2. If set to 0, this will be configured to use all cores on the machine using
-CPU requests and limits to choose a value, with limits taking precedence over requests.

+If unset, this will be automatically determined based on CPU limits.
+If set to 0, all cores on the machine will be used.

 
-		
-No
 
 

 
environmentVariablesmap<string, string>
environmentVariables

+
map<string, string>

+

 
 
Additional environment variables for the proxy.
 Names starting with ISTIO_META_ will be included in the generated bootstrap configuration and sent to the XDS server.

 
-		
-No
 
 

 
imageProxyImage
image

+
ProxyImage

+

 
 
Specifies the details of the proxy image.

 
-		
-No
 
 

 
 
 

 FieldType
 DescriptionRequired
 

 
 
 
imageTypestring
imageType

+
string

+

 
 
The image type of the image.
 Istio publishes default, debug, and distroless images.
 Other values are allowed if those image types (example: centos) are published to the specified hub.
 supported values: default, debug, distroless.

 
-		
-No
 
 

 
 

 FieldType
 DescriptionRequired
 

 
 
 
matchLabelsmap<string, string>
matchLabels

+
map<string, string>

+

 
 
One or more labels that indicate a specific set of pods/VMs
 on which a policy should be applied. The scope of label search is restricted to
 the configuration namespace in which the resource is present.

 
-		
-Yes
 
 

 
 
 

 FieldType
 DescriptionRequired
 

 
 
 
numberuint32
number

+
uint32

+
Required

+

 
 
Port number

 
 

+

+
PolicyTargetReference

+

+
PolicyTargetReference format as defined by GEP-2648.

+
PolicyTargetReference specifies the targeted resource which the policy
+should be applied to. It must only target a single resource at a time, but it
+can be used to target larger resources such as Gateways that may apply to
+multiple child resources. The PolicyTargetReference will be used instead of
+a WorkloadSelector in the RequestAuthentication, AuthorizationPolicy,
+Telemetry, and WasmPlugin CRDs to target a Kubernetes Gateway.

+
The following is an example of an AuthorizationPolicy bound to a waypoint proxy using
+a PolicyTargetReference. The example sets action to DENY to create a deny policy.
+It denies all the requests with POST method on port 8080 directed through the
+waypoint Gateway in the foo namespace.

+
apiVersion: security.istio.io/v1
+kind: AuthorizationPolicy
+metadata:
+  name: httpbin
+  namespace: foo
+spec:
+  targetRefs:
+  - name: waypoint
+    kind: Gateway
+    group: gateway.networking.k8s.io
+  action: DENY
+  rules:
+  - to:
+    - operation:
+        methods: ["POST"]
+        ports: ["8080"]
+

+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
@@ -88,14 +162,14 @@ 
WorkloadMode

-
+
-
+
-
+
-
+
FieldDescription
group

+
string

+

+
group is the group of the target resource.

+
+
kind

+
string

+
Required

+

+
kind is kind of the target resource.

+
+
name

+
string

+
Required

+

 
-No
+
name is the name of the target resource.

+
+
namespace

+
string

+

+
namespace is the namespace of the referent. When unspecified, the local
+namespace is inferred.

+
 		
 

 
 
 
 
UNDEFINEDUNDEFINED
 
 
Default value, which will be interpreted by its own usage.

 
 		
 

 
CLIENTCLIENT
 
 
Selects for scenarios when the workload is the
 source of the network traffic. In addition,
@@ -104,7 +178,7 @@ 
WorkloadMode

 		
 

 
SERVERSERVER
 
 
Selects for scenarios when the workload is the
 destination of the network traffic.

@@ -112,7 +186,7 @@ 
WorkloadMode

 		
 

 
CLIENT_AND_SERVERCLIENT_AND_SERVER
 
 
Selects for scenarios when the workload is either the
 source or destination of the network traffic.

diff --git a/vendor/istio.io/api/type/v1beta1/selector.proto b/vendor/istio.io/api/type/v1beta1/selector.proto
index 30cbd6275..b95fce4ea 100644
--- a/vendor/istio.io/api/type/v1beta1/selector.proto
+++ b/vendor/istio.io/api/type/v1beta1/selector.proto
@@ -13,14 +13,14 @@
 // limitations under the License.
 syntax = "proto3";
 
-import "google/api/field_behavior.proto";
-
 // $title: Workload Selector
 // $description: Definition of a workload selector.
 // $location: https://istio.io/docs/reference/config/type/workload-selector.html
 
 package istio.type.v1beta1;
 
+import "google/api/field_behavior.proto";
+
 option go_package="istio.io/api/type/v1beta1";
 
 // WorkloadSelector specifies the criteria used to determine if a policy can be applied
@@ -33,14 +33,21 @@ message WorkloadSelector {
   // One or more labels that indicate a specific set of pods/VMs
   // on which a policy should be applied. The scope of label search is restricted to
   // the configuration namespace in which the resource is present.
-  map match_labels = 1 [(google.api.field_behavior) = REQUIRED];
+  // +kubebuilder:validation:XValidation:message="wildcard not allowed in label key match",rule="self.all(key, !key.contains('*'))"
+  // +kubebuilder:validation:XValidation:message="key must not be empty",rule="self.all(key, key.size() != 0)"
+  // +protoc-gen-crd:map-value-validation:XValidation:message="wildcard not allowed in label value match",rule="!self.contains('*')"
+  // +protoc-gen-crd:map-value-validation:MaxLength=63
+  // +kubebuilder:validation:MaxProperties=4096
+  map match_labels = 1;
 }
 
 // PortSelector is the criteria for specifying if a policy can be applied to 
 // a listener having a specific port.
 message PortSelector {
   // Port number
-  uint32 number = 1;
+  // +kubebuilder:validation:Minimum=1
+  // +kubebuilder:validation:Maximum=65535
+  uint32 number = 1  [(google.api.field_behavior) = REQUIRED];
 }
 
 // WorkloadMode allows selection of the role of the underlying workload in
@@ -66,3 +73,59 @@ enum WorkloadMode {
   // source or destination of the network traffic.
   CLIENT_AND_SERVER = 3;
 }
+
+// PolicyTargetReference format as defined by [GEP-2648](https://gateway-api.sigs.k8s.io/geps/gep-2648/#direct-policy-design-rules).
+//
+// PolicyTargetReference specifies the targeted resource which the policy
+// should be applied to. It must only target a single resource at a time, but it
+// can be used to target larger resources such as Gateways that may apply to
+// multiple child resources. The PolicyTargetReference will be used instead of
+// a WorkloadSelector in the RequestAuthentication, AuthorizationPolicy,
+// Telemetry, and WasmPlugin CRDs to target a Kubernetes Gateway.
+//
+// The following is an example of an AuthorizationPolicy bound to a waypoint proxy using 
+// a PolicyTargetReference. The example sets `action` to `DENY` to create a deny policy.
+// It denies all the requests with `POST` method on port `8080` directed through the
+// `waypoint` Gateway in the `foo` namespace.
+//
+// ```yaml
+// apiVersion: security.istio.io/v1
+// kind: AuthorizationPolicy
+// metadata:
+//   name: httpbin
+//   namespace: foo
+// spec:
+//   targetRefs:
+//   - name: waypoint
+//     kind: Gateway
+//     group: gateway.networking.k8s.io
+//   action: DENY
+//   rules:
+//   - to:
+//     - operation:
+//         methods: ["POST"]
+//         ports: ["8080"]
+// ```
+// +kubebuilder:validation:XValidation:message="Support kinds are core/Service, networking.istio.io/ServiceEntry, gateway.networking.k8s.io/Gateway",rule="[self.group, self.kind] in [['core','Service'], ['','Service'], ['gateway.networking.k8s.io','Gateway'], ['networking.istio.io','ServiceEntry']]"
+message PolicyTargetReference {
+  // group is the group of the target resource.
+  // +kubebuilder:validation:MaxLength=253
+  // +kubebuilder:validation:Pattern=`^$|^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$`
+  string group = 1;
+
+  // kind is kind of the target resource.
+  // +kubebuilder:validation:MinLength=1
+  // +kubebuilder:validation:MaxLength=63
+  // +kubebuilder:validation:Pattern=`^[a-zA-Z]([-a-zA-Z0-9]*[a-zA-Z0-9])?$`
+  string kind = 2 [(google.api.field_behavior) = REQUIRED];
+
+  // name is the name of the target resource.
+  // +kubebuilder:validation:MinLength=1
+  // +kubebuilder:validation:MaxLength=253
+  string name = 3 [(google.api.field_behavior) = REQUIRED];
+
+  // namespace is the namespace of the referent. When unspecified, the local
+  // namespace is inferred.
+  // +kubebuilder:validation:XValidation:message="cross namespace referencing is not currently supported",rule="self.size() == 0"
+  string namespace = 4;
+}
diff --git a/vendor/istio.io/api/type/v1beta1/selector_deepcopy.gen.go b/vendor/istio.io/api/type/v1beta1/selector_deepcopy.gen.go
index 6827810bd..d9ebb472c 100644
--- a/vendor/istio.io/api/type/v1beta1/selector_deepcopy.gen.go
+++ b/vendor/istio.io/api/type/v1beta1/selector_deepcopy.gen.go
@@ -2,7 +2,7 @@
 package v1beta1
 
 import (
-	proto "github.com/golang/protobuf/proto"
+	proto "google.golang.org/protobuf/proto"
 )
 
 // DeepCopyInto supports using WorkloadSelector within kubernetes types, where deepcopy-gen is used.
@@ -46,3 +46,24 @@ func (in *PortSelector) DeepCopy() *PortSelector {
 func (in *PortSelector) DeepCopyInterface() interface{} {
 	return in.DeepCopy()
 }
+
+// DeepCopyInto supports using PolicyTargetReference within kubernetes types, where deepcopy-gen is used.
+func (in *PolicyTargetReference) DeepCopyInto(out *PolicyTargetReference) {
+	p := proto.Clone(in).(*PolicyTargetReference)
+	*out = *p
+}
+
+// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new PolicyTargetReference. Required by controller-gen.
+func (in *PolicyTargetReference) DeepCopy() *PolicyTargetReference {
+	if in == nil {
+		return nil
+	}
+	out := new(PolicyTargetReference)
+	in.DeepCopyInto(out)
+	return out
+}
+
+// DeepCopyInterface is an autogenerated deepcopy function, copying the receiver, creating a new PolicyTargetReference. Required by controller-gen.
+func (in *PolicyTargetReference) DeepCopyInterface() interface{} {
+	return in.DeepCopy()
+}
diff --git a/vendor/istio.io/api/type/v1beta1/selector_json.gen.go b/vendor/istio.io/api/type/v1beta1/selector_json.gen.go
index a42c97751..8b29ef989 100644
--- a/vendor/istio.io/api/type/v1beta1/selector_json.gen.go
+++ b/vendor/istio.io/api/type/v1beta1/selector_json.gen.go
@@ -28,6 +28,17 @@ func (this *PortSelector) UnmarshalJSON(b []byte) error {
 	return SelectorUnmarshaler.Unmarshal(bytes.NewReader(b), this)
 }
 
+// MarshalJSON is a custom marshaler for PolicyTargetReference
+func (this *PolicyTargetReference) MarshalJSON() ([]byte, error) {
+	str, err := SelectorMarshaler.MarshalToString(this)
+	return []byte(str), err
+}
+
+// UnmarshalJSON is a custom unmarshaler for PolicyTargetReference
+func (this *PolicyTargetReference) UnmarshalJSON(b []byte) error {
+	return SelectorUnmarshaler.Unmarshal(bytes.NewReader(b), this)
+}
+
 var (
 	SelectorMarshaler   = &jsonpb.Marshaler{}
 	SelectorUnmarshaler = &jsonpb.Unmarshaler{AllowUnknownFields: true}
diff --git a/vendor/k8s.io/apimachinery/pkg/api/errors/OWNERS b/vendor/k8s.io/apimachinery/pkg/api/errors/OWNERS
new file mode 100644
index 000000000..1a9f5e770
--- /dev/null
+++ b/vendor/k8s.io/apimachinery/pkg/api/errors/OWNERS
@@ -0,0 +1,16 @@
+# See the OWNERS docs at https://go.k8s.io/owners
+
+reviewers:
+  - thockin
+  - smarterclayton
+  - wojtek-t
+  - deads2k
+  - derekwaynecarr
+  - caesarxuchao
+  - mikedanese
+  - liggitt
+  - saad-ali
+  - janetkuo
+  - tallclair
+  - dims
+  - cjcullen
diff --git a/vendor/k8s.io/apimachinery/pkg/api/meta/OWNERS b/vendor/k8s.io/apimachinery/pkg/api/meta/OWNERS
new file mode 100644
index 000000000..1e1330fff
--- /dev/null
+++ b/vendor/k8s.io/apimachinery/pkg/api/meta/OWNERS
@@ -0,0 +1,14 @@
+# See the OWNERS docs at https://go.k8s.io/owners
+
+reviewers:
+  - thockin
+  - smarterclayton
+  - wojtek-t
+  - deads2k
+  - derekwaynecarr
+  - caesarxuchao
+  - mikedanese
+  - liggitt
+  - janetkuo
+  - ncdc
+  - dims
diff --git a/vendor/k8s.io/apimachinery/pkg/api/resource/OWNERS b/vendor/k8s.io/apimachinery/pkg/api/resource/OWNERS
new file mode 100644
index 000000000..063fd285d
--- /dev/null
+++ b/vendor/k8s.io/apimachinery/pkg/api/resource/OWNERS
@@ -0,0 +1,10 @@
+# See the OWNERS docs at https://go.k8s.io/owners
+
+reviewers:
+  - thockin
+  - smarterclayton
+  - wojtek-t
+  - derekwaynecarr
+  - mikedanese
+  - saad-ali
+  - janetkuo
diff --git a/vendor/k8s.io/apimachinery/pkg/api/validation/OWNERS b/vendor/k8s.io/apimachinery/pkg/api/validation/OWNERS
new file mode 100644
index 000000000..402373247
--- /dev/null
+++ b/vendor/k8s.io/apimachinery/pkg/api/validation/OWNERS
@@ -0,0 +1,11 @@
+# See the OWNERS docs at https://go.k8s.io/owners
+
+# Disable inheritance as this is an api owners file
+options:
+  no_parent_owners: true
+approvers:
+  - api-approvers
+reviewers:
+  - api-reviewers
+labels:
+  - kind/api-change
diff --git a/vendor/k8s.io/apimachinery/pkg/apis/meta/v1/OWNERS b/vendor/k8s.io/apimachinery/pkg/apis/meta/v1/OWNERS
new file mode 100644
index 000000000..e7e5c152d
--- /dev/null
+++ b/vendor/k8s.io/apimachinery/pkg/apis/meta/v1/OWNERS
@@ -0,0 +1,16 @@
+# See the OWNERS docs at https://go.k8s.io/owners
+
+reviewers:
+  - thockin
+  - smarterclayton
+  - wojtek-t
+  - deads2k
+  - caesarxuchao
+  - liggitt
+  - sttts
+  - luxas
+  - janetkuo
+  - justinsb
+  - ncdc
+  - soltysh
+  - dims
diff --git a/vendor/k8s.io/apimachinery/pkg/util/mergepatch/OWNERS b/vendor/k8s.io/apimachinery/pkg/util/mergepatch/OWNERS
new file mode 100644
index 000000000..349bc69d6
--- /dev/null
+++ b/vendor/k8s.io/apimachinery/pkg/util/mergepatch/OWNERS
@@ -0,0 +1,6 @@
+# See the OWNERS docs at https://go.k8s.io/owners
+
+approvers:
+  - pwittrock
+reviewers:
+  - apelisse
diff --git a/vendor/k8s.io/apimachinery/pkg/util/strategicpatch/OWNERS b/vendor/k8s.io/apimachinery/pkg/util/strategicpatch/OWNERS
new file mode 100644
index 000000000..73244449f
--- /dev/null
+++ b/vendor/k8s.io/apimachinery/pkg/util/strategicpatch/OWNERS
@@ -0,0 +1,9 @@
+# See the OWNERS docs at https://go.k8s.io/owners
+
+approvers:
+  - apelisse
+  - pwittrock
+reviewers:
+  - apelisse
+emeritus_approvers:
+  - mengqiy
diff --git a/vendor/k8s.io/apimachinery/pkg/util/validation/OWNERS b/vendor/k8s.io/apimachinery/pkg/util/validation/OWNERS
new file mode 100644
index 000000000..402373247
--- /dev/null
+++ b/vendor/k8s.io/apimachinery/pkg/util/validation/OWNERS
@@ -0,0 +1,11 @@
+# See the OWNERS docs at https://go.k8s.io/owners
+
+# Disable inheritance as this is an api owners file
+options:
+  no_parent_owners: true
+approvers:
+  - api-approvers
+reviewers:
+  - api-reviewers
+labels:
+  - kind/api-change
diff --git a/vendor/k8s.io/apimachinery/third_party/forked/golang/json/OWNERS b/vendor/k8s.io/apimachinery/third_party/forked/golang/json/OWNERS
new file mode 100644
index 000000000..349bc69d6
--- /dev/null
+++ b/vendor/k8s.io/apimachinery/third_party/forked/golang/json/OWNERS
@@ -0,0 +1,6 @@
+# See the OWNERS docs at https://go.k8s.io/owners
+
+approvers:
+  - pwittrock
+reviewers:
+  - apelisse
diff --git a/vendor/k8s.io/client-go/applyconfigurations/OWNERS b/vendor/k8s.io/client-go/applyconfigurations/OWNERS
new file mode 100644
index 000000000..ea0928429
--- /dev/null
+++ b/vendor/k8s.io/client-go/applyconfigurations/OWNERS
@@ -0,0 +1,5 @@
+# See the OWNERS docs at https://go.k8s.io/owners
+
+approvers:
+  - apelisse
+  - jpbetz
diff --git a/vendor/k8s.io/client-go/openapi/OWNERS b/vendor/k8s.io/client-go/openapi/OWNERS
new file mode 100644
index 000000000..e61009424
--- /dev/null
+++ b/vendor/k8s.io/client-go/openapi/OWNERS
@@ -0,0 +1,4 @@
+# See the OWNERS docs at https://go.k8s.io/owners
+
+approvers:
+  - apelisse
diff --git a/vendor/k8s.io/client-go/pkg/apis/clientauthentication/OWNERS b/vendor/k8s.io/client-go/pkg/apis/clientauthentication/OWNERS
new file mode 100644
index 000000000..4dfbb98ae
--- /dev/null
+++ b/vendor/k8s.io/client-go/pkg/apis/clientauthentication/OWNERS
@@ -0,0 +1,8 @@
+# See the OWNERS docs at https://go.k8s.io/owners
+
+# approval on api packages bubbles to api-approvers
+reviewers:
+  - sig-auth-authenticators-approvers
+  - sig-auth-authenticators-reviewers
+labels:
+  - sig/auth
diff --git a/vendor/k8s.io/client-go/rest/OWNERS b/vendor/k8s.io/client-go/rest/OWNERS
new file mode 100644
index 000000000..7b23294c4
--- /dev/null
+++ b/vendor/k8s.io/client-go/rest/OWNERS
@@ -0,0 +1,14 @@
+# See the OWNERS docs at https://go.k8s.io/owners
+
+reviewers:
+  - thockin
+  - smarterclayton
+  - caesarxuchao
+  - wojtek-t
+  - deads2k
+  - liggitt
+  - sttts
+  - luxas
+  - dims
+  - cjcullen
+  - lojies
diff --git a/vendor/k8s.io/client-go/tools/auth/OWNERS b/vendor/k8s.io/client-go/tools/auth/OWNERS
new file mode 100644
index 000000000..c4ea6463d
--- /dev/null
+++ b/vendor/k8s.io/client-go/tools/auth/OWNERS
@@ -0,0 +1,8 @@
+# See the OWNERS docs at https://go.k8s.io/owners
+
+approvers:
+  - sig-auth-authenticators-approvers
+reviewers:
+  - sig-auth-authenticators-reviewers
+labels:
+  - sig/auth
diff --git a/vendor/k8s.io/client-go/tools/cache/OWNERS b/vendor/k8s.io/client-go/tools/cache/OWNERS
new file mode 100644
index 000000000..921ac2fa0
--- /dev/null
+++ b/vendor/k8s.io/client-go/tools/cache/OWNERS
@@ -0,0 +1,28 @@
+# See the OWNERS docs at https://go.k8s.io/owners
+
+approvers:
+  - thockin
+  - smarterclayton
+  - wojtek-t
+  - deads2k
+  - caesarxuchao
+  - liggitt
+  - ncdc
+reviewers:
+  - thockin
+  - smarterclayton
+  - wojtek-t
+  - deads2k
+  - derekwaynecarr
+  - caesarxuchao
+  - mikedanese
+  - liggitt
+  - janetkuo
+  - justinsb
+  - soltysh
+  - jsafrane
+  - dims
+  - ingvagabund
+  - ncdc
+emeritus_approvers:
+  - lavalamp
diff --git a/vendor/k8s.io/client-go/tools/leaderelection/OWNERS b/vendor/k8s.io/client-go/tools/leaderelection/OWNERS
new file mode 100644
index 000000000..908bdacdf
--- /dev/null
+++ b/vendor/k8s.io/client-go/tools/leaderelection/OWNERS
@@ -0,0 +1,11 @@
+# See the OWNERS docs at https://go.k8s.io/owners
+
+approvers:
+  - mikedanese
+reviewers:
+  - wojtek-t
+  - deads2k
+  - mikedanese
+  - ingvagabund
+emeritus_approvers:
+  - timothysc
diff --git a/vendor/k8s.io/client-go/tools/metrics/OWNERS b/vendor/k8s.io/client-go/tools/metrics/OWNERS
new file mode 100644
index 000000000..2c9488a5f
--- /dev/null
+++ b/vendor/k8s.io/client-go/tools/metrics/OWNERS
@@ -0,0 +1,5 @@
+# See the OWNERS docs at https://go.k8s.io/owners
+
+reviewers:
+  - wojtek-t
+  - jayunit100
diff --git a/vendor/k8s.io/client-go/tools/record/OWNERS b/vendor/k8s.io/client-go/tools/record/OWNERS
new file mode 100644
index 000000000..8105c4fe0
--- /dev/null
+++ b/vendor/k8s.io/client-go/tools/record/OWNERS
@@ -0,0 +1,6 @@
+# See the OWNERS docs at https://go.k8s.io/owners
+
+reviewers:
+  - sig-instrumentation-reviewers
+approvers:
+  - sig-instrumentation-approvers
diff --git a/vendor/k8s.io/client-go/transport/OWNERS b/vendor/k8s.io/client-go/transport/OWNERS
new file mode 100644
index 000000000..34adee5ec
--- /dev/null
+++ b/vendor/k8s.io/client-go/transport/OWNERS
@@ -0,0 +1,8 @@
+# See the OWNERS docs at https://go.k8s.io/owners
+
+reviewers:
+  - smarterclayton
+  - wojtek-t
+  - deads2k
+  - liggitt
+  - caesarxuchao
diff --git a/vendor/k8s.io/client-go/util/cert/OWNERS b/vendor/k8s.io/client-go/util/cert/OWNERS
new file mode 100644
index 000000000..3c3b94c58
--- /dev/null
+++ b/vendor/k8s.io/client-go/util/cert/OWNERS
@@ -0,0 +1,8 @@
+# See the OWNERS docs at https://go.k8s.io/owners
+
+approvers:
+  - sig-auth-certificates-approvers
+reviewers:
+  - sig-auth-certificates-reviewers
+labels:
+  - sig/auth
diff --git a/vendor/k8s.io/client-go/util/keyutil/OWNERS b/vendor/k8s.io/client-go/util/keyutil/OWNERS
new file mode 100644
index 000000000..e6d229d5d
--- /dev/null
+++ b/vendor/k8s.io/client-go/util/keyutil/OWNERS
@@ -0,0 +1,6 @@
+approvers:
+  - sig-auth-certificates-approvers
+reviewers:
+  - sig-auth-certificates-reviewers
+labels:
+  - sig/auth
diff --git a/vendor/k8s.io/client-go/util/retry/OWNERS b/vendor/k8s.io/client-go/util/retry/OWNERS
new file mode 100644
index 000000000..75736b5aa
--- /dev/null
+++ b/vendor/k8s.io/client-go/util/retry/OWNERS
@@ -0,0 +1,4 @@
+# See the OWNERS docs at https://go.k8s.io/owners
+
+reviewers:
+  - caesarxuchao
diff --git a/vendor/k8s.io/code-generator/OWNERS b/vendor/k8s.io/code-generator/OWNERS
new file mode 100644
index 000000000..d16e47e85
--- /dev/null
+++ b/vendor/k8s.io/code-generator/OWNERS
@@ -0,0 +1,16 @@
+# See the OWNERS docs at https://go.k8s.io/owners
+
+approvers:
+  - deads2k
+  - jpbetz
+  - wojtek-t
+  - sttts
+reviewers:
+  - deads2k
+  - wojtek-t
+  - sttts
+labels:
+  - sig/api-machinery
+  - area/code-generation
+emeritus_approvers:
+  - lavalamp
diff --git a/vendor/k8s.io/code-generator/cmd/client-gen/OWNERS b/vendor/k8s.io/code-generator/cmd/client-gen/OWNERS
new file mode 100644
index 000000000..967eb2a7b
--- /dev/null
+++ b/vendor/k8s.io/code-generator/cmd/client-gen/OWNERS
@@ -0,0 +1,11 @@
+# See the OWNERS docs at https://go.k8s.io/owners
+
+approvers:
+  - wojtek-t
+  - caesarxuchao
+reviewers:
+  - wojtek-t
+  - caesarxuchao
+  - jpbetz
+emeritus_approvers:
+  - lavalamp
diff --git a/vendor/k8s.io/code-generator/cmd/go-to-protobuf/OWNERS b/vendor/k8s.io/code-generator/cmd/go-to-protobuf/OWNERS
new file mode 100644
index 000000000..af7e2ec4c
--- /dev/null
+++ b/vendor/k8s.io/code-generator/cmd/go-to-protobuf/OWNERS
@@ -0,0 +1,6 @@
+# See the OWNERS docs at https://go.k8s.io/owners
+
+approvers:
+  - smarterclayton
+reviewers:
+  - smarterclayton
diff --git a/vendor/k8s.io/klog/v2/OWNERS b/vendor/k8s.io/klog/v2/OWNERS
new file mode 100644
index 000000000..7500475a6
--- /dev/null
+++ b/vendor/k8s.io/klog/v2/OWNERS
@@ -0,0 +1,16 @@
+# See the OWNERS docs at https://go.k8s.io/owners
+reviewers:
+  - harshanarayana
+  - mengjiao-liu
+  - pohly
+approvers:
+  - dims
+  - pohly
+  - thockin
+emeritus_approvers:
+  - brancz
+  - justinsb
+  - lavalamp
+  - piosz
+  - serathius
+  - tallclair
diff --git a/vendor/k8s.io/kube-openapi/pkg/generators/rules/OWNERS b/vendor/k8s.io/kube-openapi/pkg/generators/rules/OWNERS
new file mode 100644
index 000000000..235bc545b
--- /dev/null
+++ b/vendor/k8s.io/kube-openapi/pkg/generators/rules/OWNERS
@@ -0,0 +1,4 @@
+reviewers:
+- roycaihw
+approvers:
+- roycaihw
diff --git a/vendor/k8s.io/kube-openapi/pkg/util/proto/OWNERS b/vendor/k8s.io/kube-openapi/pkg/util/proto/OWNERS
new file mode 100644
index 000000000..9621a6a3a
--- /dev/null
+++ b/vendor/k8s.io/kube-openapi/pkg/util/proto/OWNERS
@@ -0,0 +1,2 @@
+approvers:
+- apelisse
diff --git a/vendor/k8s.io/utils/pointer/OWNERS b/vendor/k8s.io/utils/pointer/OWNERS
new file mode 100644
index 000000000..0d6392752
--- /dev/null
+++ b/vendor/k8s.io/utils/pointer/OWNERS
@@ -0,0 +1,10 @@
+# See the OWNERS docs at https://go.k8s.io/owners
+
+approvers:
+- apelisse
+- stewart-yu
+- thockin
+reviewers:
+- apelisse
+- stewart-yu
+- thockin
diff --git a/vendor/k8s.io/utils/ptr/OWNERS b/vendor/k8s.io/utils/ptr/OWNERS
new file mode 100644
index 000000000..0d6392752
--- /dev/null
+++ b/vendor/k8s.io/utils/ptr/OWNERS
@@ -0,0 +1,10 @@
+# See the OWNERS docs at https://go.k8s.io/owners
+
+approvers:
+- apelisse
+- stewart-yu
+- thockin
+reviewers:
+- apelisse
+- stewart-yu
+- thockin
diff --git a/vendor/knative.dev/hack/OWNERS b/vendor/knative.dev/hack/OWNERS
new file mode 100644
index 000000000..4d20bf8cf
--- /dev/null
+++ b/vendor/knative.dev/hack/OWNERS
@@ -0,0 +1,8 @@
+approvers:
+  - technical-oversight-committee
+  - productivity-writers
+  - knative-release-leads
+
+reviewers:
+  - productivity-writers
+  - productivity-reviewers
diff --git a/vendor/knative.dev/hack/OWNERS_ALIASES b/vendor/knative.dev/hack/OWNERS_ALIASES
new file mode 100644
index 000000000..0f0e6e767
--- /dev/null
+++ b/vendor/knative.dev/hack/OWNERS_ALIASES
@@ -0,0 +1,144 @@
+# This file is auto-generated from peribolos.
+# Do not modify this file, instead modify peribolos/knative.yaml
+
+aliases:
+  client-reviewers:
+  - itsmurugappan
+  client-wg-leads:
+  - dsimansk
+  - rhuss
+  client-writers:
+  - dsimansk
+  - rhuss
+  - vyasgun
+  docs-reviewers:
+  - nainaz
+  - skonto
+  docs-writers:
+  - csantanapr
+  - skonto
+  eventing-reviewers:
+  - Leo6Leo
+  - aslom
+  - cali0707
+  - creydr
+  eventing-wg-leads:
+  - pierDipi
+  eventing-writers:
+  - Leo6Leo
+  - aliok
+  - cali0707
+  - creydr
+  - lionelvillard
+  - matzew
+  - pierDipi
+  func-reviewers:
+  - jrangelramos
+  - nainaz
+  func-writers:
+  - gauron99
+  - jrangelramos
+  - lance
+  - lkingland
+  - matejvasek
+  - matzew
+  - salaboy
+  functions-wg-leads:
+  - lkingland
+  - salaboy
+  knative-admin:
+  - aliok
+  - cardil
+  - davidhadas
+  - dprotaso
+  - dsimansk
+  - evankanderson
+  - knative-automation
+  - knative-prow-releaser-robot
+  - knative-prow-robot
+  - knative-prow-updater-robot
+  - knative-test-reporter-robot
+  - nainaz
+  - psschwei
+  - salaboy
+  - skonto
+  - upodroid
+  knative-release-leads:
+  - dprotaso
+  - dsimansk
+  - skonto
+  knative-robots:
+  - knative-automation
+  - knative-prow-releaser-robot
+  - knative-prow-robot
+  - knative-prow-updater-robot
+  - knative-test-reporter-robot
+  operations-reviewers:
+  - aliok
+  - houshengbo
+  - matzew
+  operations-wg-leads:
+  - houshengbo
+  operations-writers:
+  - aliok
+  - houshengbo
+  - matzew
+  productivity-leads:
+  - cardil
+  - upodroid
+  productivity-reviewers:
+  - evankanderson
+  - mgencur
+  productivity-wg-leads:
+  - cardil
+  - upodroid
+  productivity-writers:
+  - cardil
+  - upodroid
+  security-wg-leads:
+  - davidhadas
+  - evankanderson
+  security-writers:
+  - davidhadas
+  - evankanderson
+  serving-approvers:
+  - skonto
+  serving-reviewers:
+  - izabelacg
+  - skonto
+  serving-triage:
+  - izabelacg
+  - skonto
+  serving-wg-leads:
+  - dprotaso
+  serving-writers:
+  - dprotaso
+  - skonto
+  steering-committee:
+  - aliok
+  - davidhadas
+  - dprotaso
+  - dsimansk
+  - evankanderson
+  - nainaz
+  - psschwei
+  - salaboy
+  technical-oversight-committee:
+  - aliok
+  - davidhadas
+  - dprotaso
+  - dsimansk
+  - evankanderson
+  - nainaz
+  - psschwei
+  - salaboy
+  ux-wg-leads:
+  - cali0707
+  - leo6leo
+  - mmejia02
+  - zainabhusain227
+  ux-writers:
+  - cali0707
+  - leo6leo
+  - mmejia02
+  - zainabhusain227
diff --git a/vendor/knative.dev/pkg/apis/OWNERS b/vendor/knative.dev/pkg/apis/OWNERS
new file mode 100644
index 000000000..13014203f
--- /dev/null
+++ b/vendor/knative.dev/pkg/apis/OWNERS
@@ -0,0 +1,15 @@
+# The OWNERS file is used by prow to automatically merge approved PRs.
+
+approvers:
+- technical-oversight-committee
+- serving-wg-leads
+- eventing-wg-leads
+
+reviewers:
+- serving-writers
+- eventing-writers
+- eventing-reviewers
+- serving-reviewers
+
+options:
+  no_parent_owners: true
diff --git a/vendor/knative.dev/pkg/apis/duck/OWNERS b/vendor/knative.dev/pkg/apis/duck/OWNERS
new file mode 100644
index 000000000..af1eb05da
--- /dev/null
+++ b/vendor/knative.dev/pkg/apis/duck/OWNERS
@@ -0,0 +1,8 @@
+# The OWNERS file is used by prow to automatically merge approved PRs.
+
+approvers:
+- eventing-wg-leads
+
+reviewers:
+- eventing-reviewers
+- eventing-writers
diff --git a/vendor/knative.dev/pkg/controller/OWNERS b/vendor/knative.dev/pkg/controller/OWNERS
new file mode 100644
index 000000000..64660c9e3
--- /dev/null
+++ b/vendor/knative.dev/pkg/controller/OWNERS
@@ -0,0 +1,7 @@
+# The OWNERS file is used by prow to automatically merge approved PRs.
+
+approvers:
+- serving-writers
+
+reviewers:
+- serving-reviewers
diff --git a/vendor/knative.dev/pkg/reconciler/OWNERS b/vendor/knative.dev/pkg/reconciler/OWNERS
new file mode 100644
index 000000000..136197a30
--- /dev/null
+++ b/vendor/knative.dev/pkg/reconciler/OWNERS
@@ -0,0 +1,7 @@
+# The OWNERS file is used by prow to automatically merge approved PRs.
+
+approvers:
+- serving-writers
+
+reviewers:
+- serving-writers
diff --git a/vendor/knative.dev/pkg/webhook/OWNERS b/vendor/knative.dev/pkg/webhook/OWNERS
new file mode 100644
index 000000000..64660c9e3
--- /dev/null
+++ b/vendor/knative.dev/pkg/webhook/OWNERS
@@ -0,0 +1,7 @@
+# The OWNERS file is used by prow to automatically merge approved PRs.
+
+approvers:
+- serving-writers
+
+reviewers:
+- serving-reviewers
diff --git a/vendor/modules.txt b/vendor/modules.txt
index a51ae586c..fe49dd09a 100644
--- a/vendor/modules.txt
+++ b/vendor/modules.txt
@@ -277,12 +277,12 @@ gomodules.xyz/jsonpatch/v2
 # google.golang.org/api v0.183.0
 ## explicit; go 1.20
 google.golang.org/api/support/bundler
-# google.golang.org/genproto/googleapis/api v0.0.0-20241015192408-796eee8c2d53
+# google.golang.org/genproto/googleapis/api v0.0.0-20241209162323-e6fa225c2576
 ## explicit; go 1.21
 google.golang.org/genproto/googleapis/api
 google.golang.org/genproto/googleapis/api/annotations
 google.golang.org/genproto/googleapis/api/httpbody
-# google.golang.org/genproto/googleapis/rpc v0.0.0-20241015192408-796eee8c2d53
+# google.golang.org/genproto/googleapis/rpc v0.0.0-20241209162323-e6fa225c2576
 ## explicit; go 1.21
 google.golang.org/genproto/googleapis/rpc/status
 # google.golang.org/grpc v1.69.2
@@ -402,10 +402,11 @@ gopkg.in/yaml.v2
 # gopkg.in/yaml.v3 v3.0.1
 ## explicit
 gopkg.in/yaml.v3
-# istio.io/api v0.0.0-20221208070204-0528cb6ce63b
-## explicit; go 1.18
+# istio.io/api v1.25.0-alpha.0
+## explicit; go 1.22.0
 istio.io/api/analysis/v1alpha1
 istio.io/api/meta/v1alpha1
+istio.io/api/networking/v1alpha3
 istio.io/api/networking/v1beta1
 istio.io/api/type/v1beta1
 # istio.io/client-go v1.16.1
diff --git a/vendor/sigs.k8s.io/json/OWNERS b/vendor/sigs.k8s.io/json/OWNERS
new file mode 100644
index 000000000..0fadafbdd
--- /dev/null
+++ b/vendor/sigs.k8s.io/json/OWNERS
@@ -0,0 +1,6 @@
+# See the OWNERS docs at https://go.k8s.io/owners
+
+approvers:
+  - deads2k
+  - lavalamp
+  - liggitt
diff --git a/vendor/sigs.k8s.io/yaml/OWNERS b/vendor/sigs.k8s.io/yaml/OWNERS
new file mode 100644
index 000000000..003a149e1
--- /dev/null
+++ b/vendor/sigs.k8s.io/yaml/OWNERS
@@ -0,0 +1,23 @@
+# See the OWNERS docs at https://go.k8s.io/owners
+
+approvers:
+- dims
+- jpbetz
+- smarterclayton
+- deads2k
+- sttts
+- liggitt
+reviewers:
+- dims
+- thockin
+- jpbetz
+- smarterclayton
+- wojtek-t
+- deads2k
+- derekwaynecarr
+- mikedanese
+- liggitt
+- sttts
+- tallclair
+labels:
+- sig/api-machinery
diff --git a/vendor/sigs.k8s.io/yaml/goyaml.v2/OWNERS b/vendor/sigs.k8s.io/yaml/goyaml.v2/OWNERS
new file mode 100644
index 000000000..73be0a3a9
--- /dev/null
+++ b/vendor/sigs.k8s.io/yaml/goyaml.v2/OWNERS
@@ -0,0 +1,24 @@
+# See the OWNERS docs at https://go.k8s.io/owners
+
+approvers:
+- dims
+- jpbetz
+- smarterclayton
+- deads2k
+- sttts
+- liggitt
+- natasha41575
+- knverey
+reviewers:
+- dims
+- thockin
+- jpbetz
+- smarterclayton
+- deads2k
+- derekwaynecarr
+- mikedanese
+- liggitt
+- sttts
+- tallclair
+labels:
+- sig/api-machinery

From f484b5b9723041b8fa748bd5a13fcb9019bf09f7 Mon Sep 17 00:00:00 2001
From: "github-actions[bot]"
 <41898282+github-actions[bot]@users.noreply.github.com>
Date: Mon, 10 Feb 2025 06:48:26 +0000
Subject: [PATCH 2/2] Run make generate-release

---
 .../v2/internal/httprule/BUILD.bazel          |  35 -----
 .../grpc-gateway/v2/runtime/BUILD.bazel       |  97 ------------
 .../grpc-gateway/v2/utilities/BUILD.bazel     |  31 ----
 .../k8s.io/apimachinery/pkg/api/errors/OWNERS |  16 --
 .../k8s.io/apimachinery/pkg/api/meta/OWNERS   |  14 --
 .../apimachinery/pkg/api/resource/OWNERS      |  10 --
 .../apimachinery/pkg/api/validation/OWNERS    |  11 --
 .../apimachinery/pkg/apis/meta/v1/OWNERS      |  16 --
 .../apimachinery/pkg/util/mergepatch/OWNERS   |   6 -
 .../pkg/util/strategicpatch/OWNERS            |   9 --
 .../apimachinery/pkg/util/validation/OWNERS   |  11 --
 .../third_party/forked/golang/json/OWNERS     |   6 -
 .../client-go/applyconfigurations/OWNERS      |   5 -
 vendor/k8s.io/client-go/openapi/OWNERS        |   4 -
 .../pkg/apis/clientauthentication/OWNERS      |   8 -
 vendor/k8s.io/client-go/rest/OWNERS           |  14 --
 vendor/k8s.io/client-go/tools/auth/OWNERS     |   8 -
 vendor/k8s.io/client-go/tools/cache/OWNERS    |  28 ----
 .../client-go/tools/leaderelection/OWNERS     |  11 --
 vendor/k8s.io/client-go/tools/metrics/OWNERS  |   5 -
 vendor/k8s.io/client-go/tools/record/OWNERS   |   6 -
 vendor/k8s.io/client-go/transport/OWNERS      |   8 -
 vendor/k8s.io/client-go/util/cert/OWNERS      |   8 -
 vendor/k8s.io/client-go/util/keyutil/OWNERS   |   6 -
 vendor/k8s.io/client-go/util/retry/OWNERS     |   4 -
 vendor/k8s.io/code-generator/OWNERS           |  16 --
 .../code-generator/cmd/client-gen/OWNERS      |  11 --
 .../code-generator/cmd/go-to-protobuf/OWNERS  |   6 -
 vendor/k8s.io/klog/v2/OWNERS                  |  16 --
 .../kube-openapi/pkg/generators/rules/OWNERS  |   4 -
 .../k8s.io/kube-openapi/pkg/util/proto/OWNERS |   2 -
 vendor/k8s.io/utils/pointer/OWNERS            |  10 --
 vendor/k8s.io/utils/ptr/OWNERS                |  10 --
 vendor/knative.dev/hack/OWNERS                |   8 -
 vendor/knative.dev/hack/OWNERS_ALIASES        | 144 ------------------
 vendor/knative.dev/pkg/apis/OWNERS            |  15 --
 vendor/knative.dev/pkg/apis/duck/OWNERS       |   8 -
 vendor/knative.dev/pkg/controller/OWNERS      |   7 -
 vendor/knative.dev/pkg/reconciler/OWNERS      |   7 -
 vendor/knative.dev/pkg/webhook/OWNERS         |   7 -
 vendor/sigs.k8s.io/json/OWNERS                |   6 -
 vendor/sigs.k8s.io/yaml/OWNERS                |  23 ---
 vendor/sigs.k8s.io/yaml/goyaml.v2/OWNERS      |  24 ---
 43 files changed, 701 deletions(-)
 delete mode 100644 vendor/github.com/grpc-ecosystem/grpc-gateway/v2/internal/httprule/BUILD.bazel
 delete mode 100644 vendor/github.com/grpc-ecosystem/grpc-gateway/v2/runtime/BUILD.bazel
 delete mode 100644 vendor/github.com/grpc-ecosystem/grpc-gateway/v2/utilities/BUILD.bazel
 delete mode 100644 vendor/k8s.io/apimachinery/pkg/api/errors/OWNERS
 delete mode 100644 vendor/k8s.io/apimachinery/pkg/api/meta/OWNERS
 delete mode 100644 vendor/k8s.io/apimachinery/pkg/api/resource/OWNERS
 delete mode 100644 vendor/k8s.io/apimachinery/pkg/api/validation/OWNERS
 delete mode 100644 vendor/k8s.io/apimachinery/pkg/apis/meta/v1/OWNERS
 delete mode 100644 vendor/k8s.io/apimachinery/pkg/util/mergepatch/OWNERS
 delete mode 100644 vendor/k8s.io/apimachinery/pkg/util/strategicpatch/OWNERS
 delete mode 100644 vendor/k8s.io/apimachinery/pkg/util/validation/OWNERS
 delete mode 100644 vendor/k8s.io/apimachinery/third_party/forked/golang/json/OWNERS
 delete mode 100644 vendor/k8s.io/client-go/applyconfigurations/OWNERS
 delete mode 100644 vendor/k8s.io/client-go/openapi/OWNERS
 delete mode 100644 vendor/k8s.io/client-go/pkg/apis/clientauthentication/OWNERS
 delete mode 100644 vendor/k8s.io/client-go/rest/OWNERS
 delete mode 100644 vendor/k8s.io/client-go/tools/auth/OWNERS
 delete mode 100644 vendor/k8s.io/client-go/tools/cache/OWNERS
 delete mode 100644 vendor/k8s.io/client-go/tools/leaderelection/OWNERS
 delete mode 100644 vendor/k8s.io/client-go/tools/metrics/OWNERS
 delete mode 100644 vendor/k8s.io/client-go/tools/record/OWNERS
 delete mode 100644 vendor/k8s.io/client-go/transport/OWNERS
 delete mode 100644 vendor/k8s.io/client-go/util/cert/OWNERS
 delete mode 100644 vendor/k8s.io/client-go/util/keyutil/OWNERS
 delete mode 100644 vendor/k8s.io/client-go/util/retry/OWNERS
 delete mode 100644 vendor/k8s.io/code-generator/OWNERS
 delete mode 100644 vendor/k8s.io/code-generator/cmd/client-gen/OWNERS
 delete mode 100644 vendor/k8s.io/code-generator/cmd/go-to-protobuf/OWNERS
 delete mode 100644 vendor/k8s.io/klog/v2/OWNERS
 delete mode 100644 vendor/k8s.io/kube-openapi/pkg/generators/rules/OWNERS
 delete mode 100644 vendor/k8s.io/kube-openapi/pkg/util/proto/OWNERS
 delete mode 100644 vendor/k8s.io/utils/pointer/OWNERS
 delete mode 100644 vendor/k8s.io/utils/ptr/OWNERS
 delete mode 100644 vendor/knative.dev/hack/OWNERS
 delete mode 100644 vendor/knative.dev/hack/OWNERS_ALIASES
 delete mode 100644 vendor/knative.dev/pkg/apis/OWNERS
 delete mode 100644 vendor/knative.dev/pkg/apis/duck/OWNERS
 delete mode 100644 vendor/knative.dev/pkg/controller/OWNERS
 delete mode 100644 vendor/knative.dev/pkg/reconciler/OWNERS
 delete mode 100644 vendor/knative.dev/pkg/webhook/OWNERS
 delete mode 100644 vendor/sigs.k8s.io/json/OWNERS
 delete mode 100644 vendor/sigs.k8s.io/yaml/OWNERS
 delete mode 100644 vendor/sigs.k8s.io/yaml/goyaml.v2/OWNERS

diff --git a/vendor/github.com/grpc-ecosystem/grpc-gateway/v2/internal/httprule/BUILD.bazel b/vendor/github.com/grpc-ecosystem/grpc-gateway/v2/internal/httprule/BUILD.bazel
deleted file mode 100644
index b8fbb2b77..000000000
--- a/vendor/github.com/grpc-ecosystem/grpc-gateway/v2/internal/httprule/BUILD.bazel
+++ /dev/null
@@ -1,35 +0,0 @@
-load("@io_bazel_rules_go//go:def.bzl", "go_library", "go_test")
-
-package(default_visibility = ["//visibility:public"])
-
-go_library(
-    name = "httprule",
-    srcs = [
-        "compile.go",
-        "parse.go",
-        "types.go",
-    ],
-    importpath = "github.com/grpc-ecosystem/grpc-gateway/v2/internal/httprule",
-    deps = ["//utilities"],
-)
-
-go_test(
-    name = "httprule_test",
-    size = "small",
-    srcs = [
-        "compile_test.go",
-        "parse_test.go",
-        "types_test.go",
-    ],
-    embed = [":httprule"],
-    deps = [
-        "//utilities",
-        "@org_golang_google_grpc//grpclog",
-    ],
-)
-
-alias(
-    name = "go_default_library",
-    actual = ":httprule",
-    visibility = ["//:__subpackages__"],
-)
diff --git a/vendor/github.com/grpc-ecosystem/grpc-gateway/v2/runtime/BUILD.bazel b/vendor/github.com/grpc-ecosystem/grpc-gateway/v2/runtime/BUILD.bazel
deleted file mode 100644
index a65d88eb8..000000000
--- a/vendor/github.com/grpc-ecosystem/grpc-gateway/v2/runtime/BUILD.bazel
+++ /dev/null
@@ -1,97 +0,0 @@
-load("@io_bazel_rules_go//go:def.bzl", "go_library", "go_test")
-
-package(default_visibility = ["//visibility:public"])
-
-go_library(
-    name = "runtime",
-    srcs = [
-        "context.go",
-        "convert.go",
-        "doc.go",
-        "errors.go",
-        "fieldmask.go",
-        "handler.go",
-        "marshal_httpbodyproto.go",
-        "marshal_json.go",
-        "marshal_jsonpb.go",
-        "marshal_proto.go",
-        "marshaler.go",
-        "marshaler_registry.go",
-        "mux.go",
-        "pattern.go",
-        "proto2_convert.go",
-        "query.go",
-    ],
-    importpath = "github.com/grpc-ecosystem/grpc-gateway/v2/runtime",
-    deps = [
-        "//internal/httprule",
-        "//utilities",
-        "@org_golang_google_genproto_googleapis_api//httpbody",
-        "@org_golang_google_grpc//codes",
-        "@org_golang_google_grpc//grpclog",
-        "@org_golang_google_grpc//health/grpc_health_v1",
-        "@org_golang_google_grpc//metadata",
-        "@org_golang_google_grpc//status",
-        "@org_golang_google_protobuf//encoding/protojson",
-        "@org_golang_google_protobuf//proto",
-        "@org_golang_google_protobuf//reflect/protoreflect",
-        "@org_golang_google_protobuf//reflect/protoregistry",
-        "@org_golang_google_protobuf//types/known/durationpb",
-        "@org_golang_google_protobuf//types/known/fieldmaskpb",
-        "@org_golang_google_protobuf//types/known/structpb",
-        "@org_golang_google_protobuf//types/known/timestamppb",
-        "@org_golang_google_protobuf//types/known/wrapperspb",
-    ],
-)
-
-go_test(
-    name = "runtime_test",
-    size = "small",
-    srcs = [
-        "context_test.go",
-        "convert_test.go",
-        "errors_test.go",
-        "fieldmask_test.go",
-        "handler_test.go",
-        "marshal_httpbodyproto_test.go",
-        "marshal_json_test.go",
-        "marshal_jsonpb_test.go",
-        "marshal_proto_test.go",
-        "marshaler_registry_test.go",
-        "mux_internal_test.go",
-        "mux_test.go",
-        "pattern_test.go",
-        "query_fuzz_test.go",
-        "query_test.go",
-    ],
-    embed = [":runtime"],
-    deps = [
-        "//runtime/internal/examplepb",
-        "//utilities",
-        "@com_github_google_go_cmp//cmp",
-        "@com_github_google_go_cmp//cmp/cmpopts",
-        "@org_golang_google_genproto_googleapis_api//httpbody",
-        "@org_golang_google_genproto_googleapis_rpc//errdetails",
-        "@org_golang_google_genproto_googleapis_rpc//status",
-        "@org_golang_google_grpc//:grpc",
-        "@org_golang_google_grpc//codes",
-        "@org_golang_google_grpc//health/grpc_health_v1",
-        "@org_golang_google_grpc//metadata",
-        "@org_golang_google_grpc//status",
-        "@org_golang_google_protobuf//encoding/protojson",
-        "@org_golang_google_protobuf//proto",
-        "@org_golang_google_protobuf//testing/protocmp",
-        "@org_golang_google_protobuf//types/known/durationpb",
-        "@org_golang_google_protobuf//types/known/emptypb",
-        "@org_golang_google_protobuf//types/known/fieldmaskpb",
-        "@org_golang_google_protobuf//types/known/structpb",
-        "@org_golang_google_protobuf//types/known/timestamppb",
-        "@org_golang_google_protobuf//types/known/wrapperspb",
-    ],
-)
-
-alias(
-    name = "go_default_library",
-    actual = ":runtime",
-    visibility = ["//visibility:public"],
-)
diff --git a/vendor/github.com/grpc-ecosystem/grpc-gateway/v2/utilities/BUILD.bazel b/vendor/github.com/grpc-ecosystem/grpc-gateway/v2/utilities/BUILD.bazel
deleted file mode 100644
index b89409465..000000000
--- a/vendor/github.com/grpc-ecosystem/grpc-gateway/v2/utilities/BUILD.bazel
+++ /dev/null
@@ -1,31 +0,0 @@
-load("@io_bazel_rules_go//go:def.bzl", "go_library", "go_test")
-
-package(default_visibility = ["//visibility:public"])
-
-go_library(
-    name = "utilities",
-    srcs = [
-        "doc.go",
-        "pattern.go",
-        "readerfactory.go",
-        "string_array_flag.go",
-        "trie.go",
-    ],
-    importpath = "github.com/grpc-ecosystem/grpc-gateway/v2/utilities",
-)
-
-go_test(
-    name = "utilities_test",
-    size = "small",
-    srcs = [
-        "string_array_flag_test.go",
-        "trie_test.go",
-    ],
-    deps = [":utilities"],
-)
-
-alias(
-    name = "go_default_library",
-    actual = ":utilities",
-    visibility = ["//visibility:public"],
-)
diff --git a/vendor/k8s.io/apimachinery/pkg/api/errors/OWNERS b/vendor/k8s.io/apimachinery/pkg/api/errors/OWNERS
deleted file mode 100644
index 1a9f5e770..000000000
--- a/vendor/k8s.io/apimachinery/pkg/api/errors/OWNERS
+++ /dev/null
@@ -1,16 +0,0 @@
-# See the OWNERS docs at https://go.k8s.io/owners
-
-reviewers:
-  - thockin
-  - smarterclayton
-  - wojtek-t
-  - deads2k
-  - derekwaynecarr
-  - caesarxuchao
-  - mikedanese
-  - liggitt
-  - saad-ali
-  - janetkuo
-  - tallclair
-  - dims
-  - cjcullen
diff --git a/vendor/k8s.io/apimachinery/pkg/api/meta/OWNERS b/vendor/k8s.io/apimachinery/pkg/api/meta/OWNERS
deleted file mode 100644
index 1e1330fff..000000000
--- a/vendor/k8s.io/apimachinery/pkg/api/meta/OWNERS
+++ /dev/null
@@ -1,14 +0,0 @@
-# See the OWNERS docs at https://go.k8s.io/owners
-
-reviewers:
-  - thockin
-  - smarterclayton
-  - wojtek-t
-  - deads2k
-  - derekwaynecarr
-  - caesarxuchao
-  - mikedanese
-  - liggitt
-  - janetkuo
-  - ncdc
-  - dims
diff --git a/vendor/k8s.io/apimachinery/pkg/api/resource/OWNERS b/vendor/k8s.io/apimachinery/pkg/api/resource/OWNERS
deleted file mode 100644
index 063fd285d..000000000
--- a/vendor/k8s.io/apimachinery/pkg/api/resource/OWNERS
+++ /dev/null
@@ -1,10 +0,0 @@
-# See the OWNERS docs at https://go.k8s.io/owners
-
-reviewers:
-  - thockin
-  - smarterclayton
-  - wojtek-t
-  - derekwaynecarr
-  - mikedanese
-  - saad-ali
-  - janetkuo
diff --git a/vendor/k8s.io/apimachinery/pkg/api/validation/OWNERS b/vendor/k8s.io/apimachinery/pkg/api/validation/OWNERS
deleted file mode 100644
index 402373247..000000000
--- a/vendor/k8s.io/apimachinery/pkg/api/validation/OWNERS
+++ /dev/null
@@ -1,11 +0,0 @@
-# See the OWNERS docs at https://go.k8s.io/owners
-
-# Disable inheritance as this is an api owners file
-options:
-  no_parent_owners: true
-approvers:
-  - api-approvers
-reviewers:
-  - api-reviewers
-labels:
-  - kind/api-change
diff --git a/vendor/k8s.io/apimachinery/pkg/apis/meta/v1/OWNERS b/vendor/k8s.io/apimachinery/pkg/apis/meta/v1/OWNERS
deleted file mode 100644
index e7e5c152d..000000000
--- a/vendor/k8s.io/apimachinery/pkg/apis/meta/v1/OWNERS
+++ /dev/null
@@ -1,16 +0,0 @@
-# See the OWNERS docs at https://go.k8s.io/owners
-
-reviewers:
-  - thockin
-  - smarterclayton
-  - wojtek-t
-  - deads2k
-  - caesarxuchao
-  - liggitt
-  - sttts
-  - luxas
-  - janetkuo
-  - justinsb
-  - ncdc
-  - soltysh
-  - dims
diff --git a/vendor/k8s.io/apimachinery/pkg/util/mergepatch/OWNERS b/vendor/k8s.io/apimachinery/pkg/util/mergepatch/OWNERS
deleted file mode 100644
index 349bc69d6..000000000
--- a/vendor/k8s.io/apimachinery/pkg/util/mergepatch/OWNERS
+++ /dev/null
@@ -1,6 +0,0 @@
-# See the OWNERS docs at https://go.k8s.io/owners
-
-approvers:
-  - pwittrock
-reviewers:
-  - apelisse
diff --git a/vendor/k8s.io/apimachinery/pkg/util/strategicpatch/OWNERS b/vendor/k8s.io/apimachinery/pkg/util/strategicpatch/OWNERS
deleted file mode 100644
index 73244449f..000000000
--- a/vendor/k8s.io/apimachinery/pkg/util/strategicpatch/OWNERS
+++ /dev/null
@@ -1,9 +0,0 @@
-# See the OWNERS docs at https://go.k8s.io/owners
-
-approvers:
-  - apelisse
-  - pwittrock
-reviewers:
-  - apelisse
-emeritus_approvers:
-  - mengqiy
diff --git a/vendor/k8s.io/apimachinery/pkg/util/validation/OWNERS b/vendor/k8s.io/apimachinery/pkg/util/validation/OWNERS
deleted file mode 100644
index 402373247..000000000
--- a/vendor/k8s.io/apimachinery/pkg/util/validation/OWNERS
+++ /dev/null
@@ -1,11 +0,0 @@
-# See the OWNERS docs at https://go.k8s.io/owners
-
-# Disable inheritance as this is an api owners file
-options:
-  no_parent_owners: true
-approvers:
-  - api-approvers
-reviewers:
-  - api-reviewers
-labels:
-  - kind/api-change
diff --git a/vendor/k8s.io/apimachinery/third_party/forked/golang/json/OWNERS b/vendor/k8s.io/apimachinery/third_party/forked/golang/json/OWNERS
deleted file mode 100644
index 349bc69d6..000000000
--- a/vendor/k8s.io/apimachinery/third_party/forked/golang/json/OWNERS
+++ /dev/null
@@ -1,6 +0,0 @@
-# See the OWNERS docs at https://go.k8s.io/owners
-
-approvers:
-  - pwittrock
-reviewers:
-  - apelisse
diff --git a/vendor/k8s.io/client-go/applyconfigurations/OWNERS b/vendor/k8s.io/client-go/applyconfigurations/OWNERS
deleted file mode 100644
index ea0928429..000000000
--- a/vendor/k8s.io/client-go/applyconfigurations/OWNERS
+++ /dev/null
@@ -1,5 +0,0 @@
-# See the OWNERS docs at https://go.k8s.io/owners
-
-approvers:
-  - apelisse
-  - jpbetz
diff --git a/vendor/k8s.io/client-go/openapi/OWNERS b/vendor/k8s.io/client-go/openapi/OWNERS
deleted file mode 100644
index e61009424..000000000
--- a/vendor/k8s.io/client-go/openapi/OWNERS
+++ /dev/null
@@ -1,4 +0,0 @@
-# See the OWNERS docs at https://go.k8s.io/owners
-
-approvers:
-  - apelisse
diff --git a/vendor/k8s.io/client-go/pkg/apis/clientauthentication/OWNERS b/vendor/k8s.io/client-go/pkg/apis/clientauthentication/OWNERS
deleted file mode 100644
index 4dfbb98ae..000000000
--- a/vendor/k8s.io/client-go/pkg/apis/clientauthentication/OWNERS
+++ /dev/null
@@ -1,8 +0,0 @@
-# See the OWNERS docs at https://go.k8s.io/owners
-
-# approval on api packages bubbles to api-approvers
-reviewers:
-  - sig-auth-authenticators-approvers
-  - sig-auth-authenticators-reviewers
-labels:
-  - sig/auth
diff --git a/vendor/k8s.io/client-go/rest/OWNERS b/vendor/k8s.io/client-go/rest/OWNERS
deleted file mode 100644
index 7b23294c4..000000000
--- a/vendor/k8s.io/client-go/rest/OWNERS
+++ /dev/null
@@ -1,14 +0,0 @@
-# See the OWNERS docs at https://go.k8s.io/owners
-
-reviewers:
-  - thockin
-  - smarterclayton
-  - caesarxuchao
-  - wojtek-t
-  - deads2k
-  - liggitt
-  - sttts
-  - luxas
-  - dims
-  - cjcullen
-  - lojies
diff --git a/vendor/k8s.io/client-go/tools/auth/OWNERS b/vendor/k8s.io/client-go/tools/auth/OWNERS
deleted file mode 100644
index c4ea6463d..000000000
--- a/vendor/k8s.io/client-go/tools/auth/OWNERS
+++ /dev/null
@@ -1,8 +0,0 @@
-# See the OWNERS docs at https://go.k8s.io/owners
-
-approvers:
-  - sig-auth-authenticators-approvers
-reviewers:
-  - sig-auth-authenticators-reviewers
-labels:
-  - sig/auth
diff --git a/vendor/k8s.io/client-go/tools/cache/OWNERS b/vendor/k8s.io/client-go/tools/cache/OWNERS
deleted file mode 100644
index 921ac2fa0..000000000
--- a/vendor/k8s.io/client-go/tools/cache/OWNERS
+++ /dev/null
@@ -1,28 +0,0 @@
-# See the OWNERS docs at https://go.k8s.io/owners
-
-approvers:
-  - thockin
-  - smarterclayton
-  - wojtek-t
-  - deads2k
-  - caesarxuchao
-  - liggitt
-  - ncdc
-reviewers:
-  - thockin
-  - smarterclayton
-  - wojtek-t
-  - deads2k
-  - derekwaynecarr
-  - caesarxuchao
-  - mikedanese
-  - liggitt
-  - janetkuo
-  - justinsb
-  - soltysh
-  - jsafrane
-  - dims
-  - ingvagabund
-  - ncdc
-emeritus_approvers:
-  - lavalamp
diff --git a/vendor/k8s.io/client-go/tools/leaderelection/OWNERS b/vendor/k8s.io/client-go/tools/leaderelection/OWNERS
deleted file mode 100644
index 908bdacdf..000000000
--- a/vendor/k8s.io/client-go/tools/leaderelection/OWNERS
+++ /dev/null
@@ -1,11 +0,0 @@
-# See the OWNERS docs at https://go.k8s.io/owners
-
-approvers:
-  - mikedanese
-reviewers:
-  - wojtek-t
-  - deads2k
-  - mikedanese
-  - ingvagabund
-emeritus_approvers:
-  - timothysc
diff --git a/vendor/k8s.io/client-go/tools/metrics/OWNERS b/vendor/k8s.io/client-go/tools/metrics/OWNERS
deleted file mode 100644
index 2c9488a5f..000000000
--- a/vendor/k8s.io/client-go/tools/metrics/OWNERS
+++ /dev/null
@@ -1,5 +0,0 @@
-# See the OWNERS docs at https://go.k8s.io/owners
-
-reviewers:
-  - wojtek-t
-  - jayunit100
diff --git a/vendor/k8s.io/client-go/tools/record/OWNERS b/vendor/k8s.io/client-go/tools/record/OWNERS
deleted file mode 100644
index 8105c4fe0..000000000
--- a/vendor/k8s.io/client-go/tools/record/OWNERS
+++ /dev/null
@@ -1,6 +0,0 @@
-# See the OWNERS docs at https://go.k8s.io/owners
-
-reviewers:
-  - sig-instrumentation-reviewers
-approvers:
-  - sig-instrumentation-approvers
diff --git a/vendor/k8s.io/client-go/transport/OWNERS b/vendor/k8s.io/client-go/transport/OWNERS
deleted file mode 100644
index 34adee5ec..000000000
--- a/vendor/k8s.io/client-go/transport/OWNERS
+++ /dev/null
@@ -1,8 +0,0 @@
-# See the OWNERS docs at https://go.k8s.io/owners
-
-reviewers:
-  - smarterclayton
-  - wojtek-t
-  - deads2k
-  - liggitt
-  - caesarxuchao
diff --git a/vendor/k8s.io/client-go/util/cert/OWNERS b/vendor/k8s.io/client-go/util/cert/OWNERS
deleted file mode 100644
index 3c3b94c58..000000000
--- a/vendor/k8s.io/client-go/util/cert/OWNERS
+++ /dev/null
@@ -1,8 +0,0 @@
-# See the OWNERS docs at https://go.k8s.io/owners
-
-approvers:
-  - sig-auth-certificates-approvers
-reviewers:
-  - sig-auth-certificates-reviewers
-labels:
-  - sig/auth
diff --git a/vendor/k8s.io/client-go/util/keyutil/OWNERS b/vendor/k8s.io/client-go/util/keyutil/OWNERS
deleted file mode 100644
index e6d229d5d..000000000
--- a/vendor/k8s.io/client-go/util/keyutil/OWNERS
+++ /dev/null
@@ -1,6 +0,0 @@
-approvers:
-  - sig-auth-certificates-approvers
-reviewers:
-  - sig-auth-certificates-reviewers
-labels:
-  - sig/auth
diff --git a/vendor/k8s.io/client-go/util/retry/OWNERS b/vendor/k8s.io/client-go/util/retry/OWNERS
deleted file mode 100644
index 75736b5aa..000000000
--- a/vendor/k8s.io/client-go/util/retry/OWNERS
+++ /dev/null
@@ -1,4 +0,0 @@
-# See the OWNERS docs at https://go.k8s.io/owners
-
-reviewers:
-  - caesarxuchao
diff --git a/vendor/k8s.io/code-generator/OWNERS b/vendor/k8s.io/code-generator/OWNERS
deleted file mode 100644
index d16e47e85..000000000
--- a/vendor/k8s.io/code-generator/OWNERS
+++ /dev/null
@@ -1,16 +0,0 @@
-# See the OWNERS docs at https://go.k8s.io/owners
-
-approvers:
-  - deads2k
-  - jpbetz
-  - wojtek-t
-  - sttts
-reviewers:
-  - deads2k
-  - wojtek-t
-  - sttts
-labels:
-  - sig/api-machinery
-  - area/code-generation
-emeritus_approvers:
-  - lavalamp
diff --git a/vendor/k8s.io/code-generator/cmd/client-gen/OWNERS b/vendor/k8s.io/code-generator/cmd/client-gen/OWNERS
deleted file mode 100644
index 967eb2a7b..000000000
--- a/vendor/k8s.io/code-generator/cmd/client-gen/OWNERS
+++ /dev/null
@@ -1,11 +0,0 @@
-# See the OWNERS docs at https://go.k8s.io/owners
-
-approvers:
-  - wojtek-t
-  - caesarxuchao
-reviewers:
-  - wojtek-t
-  - caesarxuchao
-  - jpbetz
-emeritus_approvers:
-  - lavalamp
diff --git a/vendor/k8s.io/code-generator/cmd/go-to-protobuf/OWNERS b/vendor/k8s.io/code-generator/cmd/go-to-protobuf/OWNERS
deleted file mode 100644
index af7e2ec4c..000000000
--- a/vendor/k8s.io/code-generator/cmd/go-to-protobuf/OWNERS
+++ /dev/null
@@ -1,6 +0,0 @@
-# See the OWNERS docs at https://go.k8s.io/owners
-
-approvers:
-  - smarterclayton
-reviewers:
-  - smarterclayton
diff --git a/vendor/k8s.io/klog/v2/OWNERS b/vendor/k8s.io/klog/v2/OWNERS
deleted file mode 100644
index 7500475a6..000000000
--- a/vendor/k8s.io/klog/v2/OWNERS
+++ /dev/null
@@ -1,16 +0,0 @@
-# See the OWNERS docs at https://go.k8s.io/owners
-reviewers:
-  - harshanarayana
-  - mengjiao-liu
-  - pohly
-approvers:
-  - dims
-  - pohly
-  - thockin
-emeritus_approvers:
-  - brancz
-  - justinsb
-  - lavalamp
-  - piosz
-  - serathius
-  - tallclair
diff --git a/vendor/k8s.io/kube-openapi/pkg/generators/rules/OWNERS b/vendor/k8s.io/kube-openapi/pkg/generators/rules/OWNERS
deleted file mode 100644
index 235bc545b..000000000
--- a/vendor/k8s.io/kube-openapi/pkg/generators/rules/OWNERS
+++ /dev/null
@@ -1,4 +0,0 @@
-reviewers:
-- roycaihw
-approvers:
-- roycaihw
diff --git a/vendor/k8s.io/kube-openapi/pkg/util/proto/OWNERS b/vendor/k8s.io/kube-openapi/pkg/util/proto/OWNERS
deleted file mode 100644
index 9621a6a3a..000000000
--- a/vendor/k8s.io/kube-openapi/pkg/util/proto/OWNERS
+++ /dev/null
@@ -1,2 +0,0 @@
-approvers:
-- apelisse
diff --git a/vendor/k8s.io/utils/pointer/OWNERS b/vendor/k8s.io/utils/pointer/OWNERS
deleted file mode 100644
index 0d6392752..000000000
--- a/vendor/k8s.io/utils/pointer/OWNERS
+++ /dev/null
@@ -1,10 +0,0 @@
-# See the OWNERS docs at https://go.k8s.io/owners
-
-approvers:
-- apelisse
-- stewart-yu
-- thockin
-reviewers:
-- apelisse
-- stewart-yu
-- thockin
diff --git a/vendor/k8s.io/utils/ptr/OWNERS b/vendor/k8s.io/utils/ptr/OWNERS
deleted file mode 100644
index 0d6392752..000000000
--- a/vendor/k8s.io/utils/ptr/OWNERS
+++ /dev/null
@@ -1,10 +0,0 @@
-# See the OWNERS docs at https://go.k8s.io/owners
-
-approvers:
-- apelisse
-- stewart-yu
-- thockin
-reviewers:
-- apelisse
-- stewart-yu
-- thockin
diff --git a/vendor/knative.dev/hack/OWNERS b/vendor/knative.dev/hack/OWNERS
deleted file mode 100644
index 4d20bf8cf..000000000
--- a/vendor/knative.dev/hack/OWNERS
+++ /dev/null
@@ -1,8 +0,0 @@
-approvers:
-  - technical-oversight-committee
-  - productivity-writers
-  - knative-release-leads
-
-reviewers:
-  - productivity-writers
-  - productivity-reviewers
diff --git a/vendor/knative.dev/hack/OWNERS_ALIASES b/vendor/knative.dev/hack/OWNERS_ALIASES
deleted file mode 100644
index 0f0e6e767..000000000
--- a/vendor/knative.dev/hack/OWNERS_ALIASES
+++ /dev/null
@@ -1,144 +0,0 @@
-# This file is auto-generated from peribolos.
-# Do not modify this file, instead modify peribolos/knative.yaml
-
-aliases:
-  client-reviewers:
-  - itsmurugappan
-  client-wg-leads:
-  - dsimansk
-  - rhuss
-  client-writers:
-  - dsimansk
-  - rhuss
-  - vyasgun
-  docs-reviewers:
-  - nainaz
-  - skonto
-  docs-writers:
-  - csantanapr
-  - skonto
-  eventing-reviewers:
-  - Leo6Leo
-  - aslom
-  - cali0707
-  - creydr
-  eventing-wg-leads:
-  - pierDipi
-  eventing-writers:
-  - Leo6Leo
-  - aliok
-  - cali0707
-  - creydr
-  - lionelvillard
-  - matzew
-  - pierDipi
-  func-reviewers:
-  - jrangelramos
-  - nainaz
-  func-writers:
-  - gauron99
-  - jrangelramos
-  - lance
-  - lkingland
-  - matejvasek
-  - matzew
-  - salaboy
-  functions-wg-leads:
-  - lkingland
-  - salaboy
-  knative-admin:
-  - aliok
-  - cardil
-  - davidhadas
-  - dprotaso
-  - dsimansk
-  - evankanderson
-  - knative-automation
-  - knative-prow-releaser-robot
-  - knative-prow-robot
-  - knative-prow-updater-robot
-  - knative-test-reporter-robot
-  - nainaz
-  - psschwei
-  - salaboy
-  - skonto
-  - upodroid
-  knative-release-leads:
-  - dprotaso
-  - dsimansk
-  - skonto
-  knative-robots:
-  - knative-automation
-  - knative-prow-releaser-robot
-  - knative-prow-robot
-  - knative-prow-updater-robot
-  - knative-test-reporter-robot
-  operations-reviewers:
-  - aliok
-  - houshengbo
-  - matzew
-  operations-wg-leads:
-  - houshengbo
-  operations-writers:
-  - aliok
-  - houshengbo
-  - matzew
-  productivity-leads:
-  - cardil
-  - upodroid
-  productivity-reviewers:
-  - evankanderson
-  - mgencur
-  productivity-wg-leads:
-  - cardil
-  - upodroid
-  productivity-writers:
-  - cardil
-  - upodroid
-  security-wg-leads:
-  - davidhadas
-  - evankanderson
-  security-writers:
-  - davidhadas
-  - evankanderson
-  serving-approvers:
-  - skonto
-  serving-reviewers:
-  - izabelacg
-  - skonto
-  serving-triage:
-  - izabelacg
-  - skonto
-  serving-wg-leads:
-  - dprotaso
-  serving-writers:
-  - dprotaso
-  - skonto
-  steering-committee:
-  - aliok
-  - davidhadas
-  - dprotaso
-  - dsimansk
-  - evankanderson
-  - nainaz
-  - psschwei
-  - salaboy
-  technical-oversight-committee:
-  - aliok
-  - davidhadas
-  - dprotaso
-  - dsimansk
-  - evankanderson
-  - nainaz
-  - psschwei
-  - salaboy
-  ux-wg-leads:
-  - cali0707
-  - leo6leo
-  - mmejia02
-  - zainabhusain227
-  ux-writers:
-  - cali0707
-  - leo6leo
-  - mmejia02
-  - zainabhusain227
diff --git a/vendor/knative.dev/pkg/apis/OWNERS b/vendor/knative.dev/pkg/apis/OWNERS
deleted file mode 100644
index 13014203f..000000000
--- a/vendor/knative.dev/pkg/apis/OWNERS
+++ /dev/null
@@ -1,15 +0,0 @@
-# The OWNERS file is used by prow to automatically merge approved PRs.
-
-approvers:
-- technical-oversight-committee
-- serving-wg-leads
-- eventing-wg-leads
-
-reviewers:
-- serving-writers
-- eventing-writers
-- eventing-reviewers
-- serving-reviewers
-
-options:
-  no_parent_owners: true
diff --git a/vendor/knative.dev/pkg/apis/duck/OWNERS b/vendor/knative.dev/pkg/apis/duck/OWNERS
deleted file mode 100644
index af1eb05da..000000000
--- a/vendor/knative.dev/pkg/apis/duck/OWNERS
+++ /dev/null
@@ -1,8 +0,0 @@
-# The OWNERS file is used by prow to automatically merge approved PRs.
-
-approvers:
-- eventing-wg-leads
-
-reviewers:
-- eventing-reviewers
-- eventing-writers
diff --git a/vendor/knative.dev/pkg/controller/OWNERS b/vendor/knative.dev/pkg/controller/OWNERS
deleted file mode 100644
index 64660c9e3..000000000
--- a/vendor/knative.dev/pkg/controller/OWNERS
+++ /dev/null
@@ -1,7 +0,0 @@
-# The OWNERS file is used by prow to automatically merge approved PRs.
-
-approvers:
-- serving-writers
-
-reviewers:
-- serving-reviewers
diff --git a/vendor/knative.dev/pkg/reconciler/OWNERS b/vendor/knative.dev/pkg/reconciler/OWNERS
deleted file mode 100644
index 136197a30..000000000
--- a/vendor/knative.dev/pkg/reconciler/OWNERS
+++ /dev/null
@@ -1,7 +0,0 @@
-# The OWNERS file is used by prow to automatically merge approved PRs.
-
-approvers:
-- serving-writers
-
-reviewers:
-- serving-writers
diff --git a/vendor/knative.dev/pkg/webhook/OWNERS b/vendor/knative.dev/pkg/webhook/OWNERS
deleted file mode 100644
index 64660c9e3..000000000
--- a/vendor/knative.dev/pkg/webhook/OWNERS
+++ /dev/null
@@ -1,7 +0,0 @@
-# The OWNERS file is used by prow to automatically merge approved PRs.
-
-approvers:
-- serving-writers
-
-reviewers:
-- serving-reviewers
diff --git a/vendor/sigs.k8s.io/json/OWNERS b/vendor/sigs.k8s.io/json/OWNERS
deleted file mode 100644
index 0fadafbdd..000000000
--- a/vendor/sigs.k8s.io/json/OWNERS
+++ /dev/null
@@ -1,6 +0,0 @@
-# See the OWNERS docs at https://go.k8s.io/owners
-
-approvers:
-  - deads2k
-  - lavalamp
-  - liggitt
diff --git a/vendor/sigs.k8s.io/yaml/OWNERS b/vendor/sigs.k8s.io/yaml/OWNERS
deleted file mode 100644
index 003a149e1..000000000
--- a/vendor/sigs.k8s.io/yaml/OWNERS
+++ /dev/null
@@ -1,23 +0,0 @@
-# See the OWNERS docs at https://go.k8s.io/owners
-
-approvers:
-- dims
-- jpbetz
-- smarterclayton
-- deads2k
-- sttts
-- liggitt
-reviewers:
-- dims
-- thockin
-- jpbetz
-- smarterclayton
-- wojtek-t
-- deads2k
-- derekwaynecarr
-- mikedanese
-- liggitt
-- sttts
-- tallclair
-labels:
-- sig/api-machinery
diff --git a/vendor/sigs.k8s.io/yaml/goyaml.v2/OWNERS b/vendor/sigs.k8s.io/yaml/goyaml.v2/OWNERS
deleted file mode 100644
index 73be0a3a9..000000000
--- a/vendor/sigs.k8s.io/yaml/goyaml.v2/OWNERS
+++ /dev/null
@@ -1,24 +0,0 @@
-# See the OWNERS docs at https://go.k8s.io/owners
-
-approvers:
-- dims
-- jpbetz
-- smarterclayton
-- deads2k
-- sttts
-- liggitt
-- natasha41575
-- knverey
-reviewers:
-- dims
-- thockin
-- jpbetz
-- smarterclayton
-- deads2k
-- derekwaynecarr
-- mikedanese
-- liggitt
-- sttts
-- tallclair
-labels:
-- sig/api-machinery