diff --git a/.circleci/config.yml b/.circleci/config.yml index adbfaa36888e..f2eb347d3618 100644 --- a/.circleci/config.yml +++ b/.circleci/config.yml @@ -125,13 +125,27 @@ commands: echo "PR doesn't have label <> keep running job" exit 0 executors: - golang: + golang-amd64: resource_class: xlarge docker: - image: "cimg/go:<< pipeline.parameters.go_version >>" environment: KUMA_DIR: . GO_VERSION: << pipeline.parameters.go_version >> + golang-arm64: + resource_class: arm.xlarge + docker: + - image: "cimg/go:<< pipeline.parameters.go_version >>" + environment: + KUMA_DIR: . + GO_VERSION: << pipeline.parameters.go_version >> + vm-xlarge-amd64: + resource_class: xlarge + machine: + image: << pipeline.parameters.ubuntu_image >> + environment: + KUMA_DIR: . + GO_VERSION: << pipeline.parameters.go_version >> vm-amd64: resource_class: large machine: @@ -148,26 +162,16 @@ executors: GO_VERSION: << pipeline.parameters.go_version >> jobs: go_cache: - executor: << parameters.executor >> + executor: golang-<< parameters.arch >> parameters: - executor: + arch: description: the executor to run on type: string default: golang steps: - - when: - condition: {equal: [vm-amd64, << parameters.executor >>]} - steps: - - install_build_tools: - go_arch: amd64 - - when: - condition: {equal: [vm-arm64, << parameters.executor >>]} - steps: - - install_build_tools: - go_arch: arm64 - checkout - restore_cache: - key: << parameters.executor >>_go.mod_{{ checksum "go.sum" }}_{{ checksum "mk/dependencies/deps.lock" }}_{{ checksum ".circleci/config.yml" }} + key: vm-<< parameters.arch >>_go.mod_{{ checksum "go.sum" }}_{{ checksum "mk/dependencies/deps.lock" }}_{{ checksum ".circleci/config.yml" }} - run: command: make dev/tools - run: @@ -175,7 +179,7 @@ jobs: command: | go mod download -x - save_cache: - key: << parameters.executor >>_go.mod_{{ checksum "go.sum" }}_{{ checksum "mk/dependencies/deps.lock" }}_{{ checksum ".circleci/config.yml" }} + key: vm-<< parameters.arch >>_go.mod_{{ checksum "go.sum" }}_{{ checksum "mk/dependencies/deps.lock" }}_{{ checksum ".circleci/config.yml" }} paths: - "/home/circleci/go/pkg/mod" - "/home/circleci/.kuma-dev" @@ -353,19 +357,16 @@ jobs: name: "Store logs" path: /tmp/e2e build: - executor: - name: golang + executor: vm-xlarge-amd64 steps: + - install_build_tools - checkout - - setup_remote_docker - - run: - command: ssh remote-docker "sudo apt-get update; sudo apt-get install -y qemu-user-static binfmt-support" - setenv_depending_on_priority: label: "ci/run-full-matrix" env: ENABLED_GOARCHES="arm64 amd64" ENABLED_GOOSES="linux darwin" - restore_cache: keys: - - docker_go.mod_{{ checksum "go.sum" }}_{{ checksum "mk/dependencies/deps.lock" }}_{{ checksum ".circleci/config.yml" }} + - build_go.mod_{{ checksum "go.sum" }}_{{ checksum "mk/dependencies/deps.lock" }}_{{ checksum ".circleci/config.yml" }} - run: command: make dev/tools - run: @@ -381,7 +382,7 @@ jobs: - run: command: make -j docker/save - save_cache: - key: docker_go.mod_{{ checksum "go.sum" }}_{{ checksum "mk/dependencies/deps.lock" }}_{{ checksum ".circleci/config.yml" }} + key: build_go.mod_{{ checksum "go.sum" }}_{{ checksum "mk/dependencies/deps.lock" }}_{{ checksum ".circleci/config.yml" }} paths: - "/home/circleci/go/pkg/mod" - "/home/circleci/.kuma-dev" @@ -455,11 +456,11 @@ workflows: kuma-commit: jobs: - go_cache: - name: go_cache-<< matrix.executor >> + name: go_cache-<< matrix.arch >> matrix: alias: go_cache parameters: - executor: [vm-amd64, vm-arm64] + arch: [amd64, arm64] - build: name: build - test: @@ -468,7 +469,7 @@ workflows: alias: test parameters: arch: [amd64, arm64] - requires: [build, go_cache-vm-<< matrix.arch >>] + requires: [build, go_cache-<< matrix.arch >>] - e2e: name: legacy-k8s:<< matrix.arch >>-<< matrix.k8sVersion >> matrix: @@ -478,7 +479,7 @@ workflows: arch: [amd64, arm64] parallelism: 3 target: "" - requires: [build, go_cache-vm-<< matrix.arch >>] + requires: [build, go_cache-<< matrix.arch >>] - e2e: name: << matrix.target >>:<< matrix.arch >>-<< matrix.k8sVersion >> matrix: @@ -487,7 +488,7 @@ workflows: k8sVersion: [<< pipeline.parameters.first_k8s_version >>, << pipeline.parameters.last_k8s_version >>, kind, kindIpv6] target: [kubernetes, universal, multizone] arch: [amd64, arm64] - requires: [build, go_cache-vm-<< matrix.arch >>] + requires: [build, go_cache-<< matrix.arch >>] - e2e: name: << matrix.target >>:<< matrix.arch >>-<< matrix.k8sVersion >>-delta-kds matrix: @@ -497,7 +498,7 @@ workflows: target: [multizone] arch: [amd64] deltaKDS: [true] - requires: [build, go_cache-vm-amd64] + requires: [build, go_cache-amd64] - e2e: name: << matrix.target >>:<< matrix.arch >>-<< matrix.k8sVersion >>-calico matrix: @@ -507,7 +508,7 @@ workflows: target: [multizone] arch: [amd64] cniNetworkPlugin: [calico] - requires: [build, go_cache-vm-amd64] + requires: [build, go_cache-amd64] - container-structure: name: container-structure requires: [build] diff --git a/api/openapi/specs/global_insight.yaml b/api/openapi/specs/global_insight.yaml index b1d172701e92..4dcbb507e0d0 100644 --- a/api/openapi/specs/global_insight.yaml +++ b/api/openapi/specs/global_insight.yaml @@ -7,6 +7,7 @@ paths: /global-insight: get: summary: Get Global Insight + tags: ["GlobalInsight"] responses: '200': $ref: '#/components/responses/GlobalInsightResponse' @@ -232,4 +233,4 @@ components: policies: total: 100 meshes: - total: 3 \ No newline at end of file + total: 3 diff --git a/docs/generated/openapi.yaml b/docs/generated/openapi.yaml new file mode 100644 index 000000000000..eeaa8db2bd85 --- /dev/null +++ b/docs/generated/openapi.yaml @@ -0,0 +1,6229 @@ +openapi: 3.0.3 +info: + title: Kuma API + description: Kuma API + version: v1alpha1 + x-ref-schema-name: MeshTrafficPermission +paths: + /global-insight: + get: + summary: Get Global Insight + tags: + - GlobalInsight + responses: + '200': + $ref: '#/components/responses/GlobalInsightResponse' + '400': + $ref: '#/components/responses/BadRequest' + '500': + $ref: '#/components/responses/InternalServerError' + operationId: get-global-insight + description: Returns a Global Insight object + /meshes/{mesh}/meshaccesslogs/{name}: + get: + summary: Returns MeshAccessLog entity + tags: + - MeshAccessLog + parameters: + - in: path + name: mesh + schema: + type: string + required: true + description: name of the mesh + - in: path + name: name + schema: + type: string + required: true + description: name of the MeshAccessLog + responses: + '200': + $ref: '#/components/responses/MeshAccessLogItem' + put: + summary: Creates or Updates MeshAccessLog entity + tags: + - MeshAccessLog + parameters: + - in: path + name: mesh + schema: + type: string + required: true + description: name of the mesh + - in: path + name: name + schema: + type: string + required: true + description: name of the MeshAccessLog + requestBody: + description: Put request + required: true + content: + application/json: + schema: + $ref: '#/components/schemas/MeshAccessLogItem' + responses: + '200': + description: Updated + '201': + description: Created + delete: + summary: Deletes MeshAccessLog entity + tags: + - MeshAccessLog + parameters: + - in: path + name: mesh + schema: + type: string + required: true + description: name of the mesh + - in: path + name: name + schema: + type: string + required: true + description: name of the MeshAccessLog + responses: + '200': + description: Successful response + /meshes/{mesh}/meshaccesslogs: + get: + summary: Returns a list of MeshAccessLog in the mesh. + tags: + - MeshAccessLog + parameters: + - in: path + name: mesh + schema: + type: string + required: true + description: name of the mesh + responses: + '200': + $ref: '#/components/responses/MeshAccessLogList' + /meshes/{mesh}/meshcircuitbreakers/{name}: + get: + summary: Returns MeshCircuitBreaker entity + tags: + - MeshCircuitBreaker + parameters: + - in: path + name: mesh + schema: + type: string + required: true + description: name of the mesh + - in: path + name: name + schema: + type: string + required: true + description: name of the MeshCircuitBreaker + responses: + '200': + $ref: '#/components/responses/MeshCircuitBreakerItem' + put: + summary: Creates or Updates MeshCircuitBreaker entity + tags: + - MeshCircuitBreaker + parameters: + - in: path + name: mesh + schema: + type: string + required: true + description: name of the mesh + - in: path + name: name + schema: + type: string + required: true + description: name of the MeshCircuitBreaker + requestBody: + description: Put request + required: true + content: + application/json: + schema: + $ref: '#/components/schemas/MeshCircuitBreakerItem' + responses: + '200': + description: Updated + '201': + description: Created + delete: + summary: Deletes MeshCircuitBreaker entity + tags: + - MeshCircuitBreaker + parameters: + - in: path + name: mesh + schema: + type: string + required: true + description: name of the mesh + - in: path + name: name + schema: + type: string + required: true + description: name of the MeshCircuitBreaker + responses: + '200': + description: Successful response + /meshes/{mesh}/meshcircuitbreakers: + get: + summary: Returns a list of MeshCircuitBreaker in the mesh. + tags: + - MeshCircuitBreaker + parameters: + - in: path + name: mesh + schema: + type: string + required: true + description: name of the mesh + responses: + '200': + $ref: '#/components/responses/MeshCircuitBreakerList' + /meshes/{mesh}/meshfaultinjections/{name}: + get: + summary: Returns MeshFaultInjection entity + tags: + - MeshFaultInjection + parameters: + - in: path + name: mesh + schema: + type: string + required: true + description: name of the mesh + - in: path + name: name + schema: + type: string + required: true + description: name of the MeshFaultInjection + responses: + '200': + $ref: '#/components/responses/MeshFaultInjectionItem' + put: + summary: Creates or Updates MeshFaultInjection entity + tags: + - MeshFaultInjection + parameters: + - in: path + name: mesh + schema: + type: string + required: true + description: name of the mesh + - in: path + name: name + schema: + type: string + required: true + description: name of the MeshFaultInjection + requestBody: + description: Put request + required: true + content: + application/json: + schema: + $ref: '#/components/schemas/MeshFaultInjectionItem' + responses: + '200': + description: Updated + '201': + description: Created + delete: + summary: Deletes MeshFaultInjection entity + tags: + - MeshFaultInjection + parameters: + - in: path + name: mesh + schema: + type: string + required: true + description: name of the mesh + - in: path + name: name + schema: + type: string + required: true + description: name of the MeshFaultInjection + responses: + '200': + description: Successful response + /meshes/{mesh}/meshfaultinjections: + get: + summary: Returns a list of MeshFaultInjection in the mesh. + tags: + - MeshFaultInjection + parameters: + - in: path + name: mesh + schema: + type: string + required: true + description: name of the mesh + responses: + '200': + $ref: '#/components/responses/MeshFaultInjectionList' + /meshes/{mesh}/meshhealthchecks/{name}: + get: + summary: Returns MeshHealthCheck entity + tags: + - MeshHealthCheck + parameters: + - in: path + name: mesh + schema: + type: string + required: true + description: name of the mesh + - in: path + name: name + schema: + type: string + required: true + description: name of the MeshHealthCheck + responses: + '200': + $ref: '#/components/responses/MeshHealthCheckItem' + put: + summary: Creates or Updates MeshHealthCheck entity + tags: + - MeshHealthCheck + parameters: + - in: path + name: mesh + schema: + type: string + required: true + description: name of the mesh + - in: path + name: name + schema: + type: string + required: true + description: name of the MeshHealthCheck + requestBody: + description: Put request + required: true + content: + application/json: + schema: + $ref: '#/components/schemas/MeshHealthCheckItem' + responses: + '200': + description: Updated + '201': + description: Created + delete: + summary: Deletes MeshHealthCheck entity + tags: + - MeshHealthCheck + parameters: + - in: path + name: mesh + schema: + type: string + required: true + description: name of the mesh + - in: path + name: name + schema: + type: string + required: true + description: name of the MeshHealthCheck + responses: + '200': + description: Successful response + /meshes/{mesh}/meshhealthchecks: + get: + summary: Returns a list of MeshHealthCheck in the mesh. + tags: + - MeshHealthCheck + parameters: + - in: path + name: mesh + schema: + type: string + required: true + description: name of the mesh + responses: + '200': + $ref: '#/components/responses/MeshHealthCheckList' + /meshes/{mesh}/meshhttproutes/{name}: + get: + summary: Returns MeshHTTPRoute entity + tags: + - MeshHTTPRoute + parameters: + - in: path + name: mesh + schema: + type: string + required: true + description: name of the mesh + - in: path + name: name + schema: + type: string + required: true + description: name of the MeshHTTPRoute + responses: + '200': + $ref: '#/components/responses/MeshHTTPRouteItem' + put: + summary: Creates or Updates MeshHTTPRoute entity + tags: + - MeshHTTPRoute + parameters: + - in: path + name: mesh + schema: + type: string + required: true + description: name of the mesh + - in: path + name: name + schema: + type: string + required: true + description: name of the MeshHTTPRoute + requestBody: + description: Put request + required: true + content: + application/json: + schema: + $ref: '#/components/schemas/MeshHTTPRouteItem' + responses: + '200': + description: Updated + '201': + description: Created + delete: + summary: Deletes MeshHTTPRoute entity + tags: + - MeshHTTPRoute + parameters: + - in: path + name: mesh + schema: + type: string + required: true + description: name of the mesh + - in: path + name: name + schema: + type: string + required: true + description: name of the MeshHTTPRoute + responses: + '200': + description: Successful response + /meshes/{mesh}/meshhttproutes: + get: + summary: Returns a list of MeshHTTPRoute in the mesh. + tags: + - MeshHTTPRoute + parameters: + - in: path + name: mesh + schema: + type: string + required: true + description: name of the mesh + responses: + '200': + $ref: '#/components/responses/MeshHTTPRouteList' + /meshes/{mesh}/meshloadbalancingstrategies/{name}: + get: + summary: Returns MeshLoadBalancingStrategy entity + tags: + - MeshLoadBalancingStrategy + parameters: + - in: path + name: mesh + schema: + type: string + required: true + description: name of the mesh + - in: path + name: name + schema: + type: string + required: true + description: name of the MeshLoadBalancingStrategy + responses: + '200': + $ref: '#/components/responses/MeshLoadBalancingStrategyItem' + put: + summary: Creates or Updates MeshLoadBalancingStrategy entity + tags: + - MeshLoadBalancingStrategy + parameters: + - in: path + name: mesh + schema: + type: string + required: true + description: name of the mesh + - in: path + name: name + schema: + type: string + required: true + description: name of the MeshLoadBalancingStrategy + requestBody: + description: Put request + required: true + content: + application/json: + schema: + $ref: '#/components/schemas/MeshLoadBalancingStrategyItem' + responses: + '200': + description: Updated + '201': + description: Created + delete: + summary: Deletes MeshLoadBalancingStrategy entity + tags: + - MeshLoadBalancingStrategy + parameters: + - in: path + name: mesh + schema: + type: string + required: true + description: name of the mesh + - in: path + name: name + schema: + type: string + required: true + description: name of the MeshLoadBalancingStrategy + responses: + '200': + description: Successful response + /meshes/{mesh}/meshloadbalancingstrategies: + get: + summary: Returns a list of MeshLoadBalancingStrategy in the mesh. + tags: + - MeshLoadBalancingStrategy + parameters: + - in: path + name: mesh + schema: + type: string + required: true + description: name of the mesh + responses: + '200': + $ref: '#/components/responses/MeshLoadBalancingStrategyList' + /meshes/{mesh}/meshproxypatches/{name}: + get: + summary: Returns MeshProxyPatch entity + tags: + - MeshProxyPatch + parameters: + - in: path + name: mesh + schema: + type: string + required: true + description: name of the mesh + - in: path + name: name + schema: + type: string + required: true + description: name of the MeshProxyPatch + responses: + '200': + $ref: '#/components/responses/MeshProxyPatchItem' + put: + summary: Creates or Updates MeshProxyPatch entity + tags: + - MeshProxyPatch + parameters: + - in: path + name: mesh + schema: + type: string + required: true + description: name of the mesh + - in: path + name: name + schema: + type: string + required: true + description: name of the MeshProxyPatch + requestBody: + description: Put request + required: true + content: + application/json: + schema: + $ref: '#/components/schemas/MeshProxyPatchItem' + responses: + '200': + description: Updated + '201': + description: Created + delete: + summary: Deletes MeshProxyPatch entity + tags: + - MeshProxyPatch + parameters: + - in: path + name: mesh + schema: + type: string + required: true + description: name of the mesh + - in: path + name: name + schema: + type: string + required: true + description: name of the MeshProxyPatch + responses: + '200': + description: Successful response + /meshes/{mesh}/meshproxypatches: + get: + summary: Returns a list of MeshProxyPatch in the mesh. + tags: + - MeshProxyPatch + parameters: + - in: path + name: mesh + schema: + type: string + required: true + description: name of the mesh + responses: + '200': + $ref: '#/components/responses/MeshProxyPatchList' + /meshes/{mesh}/meshratelimits/{name}: + get: + summary: Returns MeshRateLimit entity + tags: + - MeshRateLimit + parameters: + - in: path + name: mesh + schema: + type: string + required: true + description: name of the mesh + - in: path + name: name + schema: + type: string + required: true + description: name of the MeshRateLimit + responses: + '200': + $ref: '#/components/responses/MeshRateLimitItem' + put: + summary: Creates or Updates MeshRateLimit entity + tags: + - MeshRateLimit + parameters: + - in: path + name: mesh + schema: + type: string + required: true + description: name of the mesh + - in: path + name: name + schema: + type: string + required: true + description: name of the MeshRateLimit + requestBody: + description: Put request + required: true + content: + application/json: + schema: + $ref: '#/components/schemas/MeshRateLimitItem' + responses: + '200': + description: Updated + '201': + description: Created + delete: + summary: Deletes MeshRateLimit entity + tags: + - MeshRateLimit + parameters: + - in: path + name: mesh + schema: + type: string + required: true + description: name of the mesh + - in: path + name: name + schema: + type: string + required: true + description: name of the MeshRateLimit + responses: + '200': + description: Successful response + /meshes/{mesh}/meshratelimits: + get: + summary: Returns a list of MeshRateLimit in the mesh. + tags: + - MeshRateLimit + parameters: + - in: path + name: mesh + schema: + type: string + required: true + description: name of the mesh + responses: + '200': + $ref: '#/components/responses/MeshRateLimitList' + /meshes/{mesh}/meshretries/{name}: + get: + summary: Returns MeshRetry entity + tags: + - MeshRetry + parameters: + - in: path + name: mesh + schema: + type: string + required: true + description: name of the mesh + - in: path + name: name + schema: + type: string + required: true + description: name of the MeshRetry + responses: + '200': + $ref: '#/components/responses/MeshRetryItem' + put: + summary: Creates or Updates MeshRetry entity + tags: + - MeshRetry + parameters: + - in: path + name: mesh + schema: + type: string + required: true + description: name of the mesh + - in: path + name: name + schema: + type: string + required: true + description: name of the MeshRetry + requestBody: + description: Put request + required: true + content: + application/json: + schema: + $ref: '#/components/schemas/MeshRetryItem' + responses: + '200': + description: Updated + '201': + description: Created + delete: + summary: Deletes MeshRetry entity + tags: + - MeshRetry + parameters: + - in: path + name: mesh + schema: + type: string + required: true + description: name of the mesh + - in: path + name: name + schema: + type: string + required: true + description: name of the MeshRetry + responses: + '200': + description: Successful response + /meshes/{mesh}/meshretries: + get: + summary: Returns a list of MeshRetry in the mesh. + tags: + - MeshRetry + parameters: + - in: path + name: mesh + schema: + type: string + required: true + description: name of the mesh + responses: + '200': + $ref: '#/components/responses/MeshRetryList' + /meshes/{mesh}/meshtcproutes/{name}: + get: + summary: Returns MeshTCPRoute entity + tags: + - MeshTCPRoute + parameters: + - in: path + name: mesh + schema: + type: string + required: true + description: name of the mesh + - in: path + name: name + schema: + type: string + required: true + description: name of the MeshTCPRoute + responses: + '200': + $ref: '#/components/responses/MeshTCPRouteItem' + put: + summary: Creates or Updates MeshTCPRoute entity + tags: + - MeshTCPRoute + parameters: + - in: path + name: mesh + schema: + type: string + required: true + description: name of the mesh + - in: path + name: name + schema: + type: string + required: true + description: name of the MeshTCPRoute + requestBody: + description: Put request + required: true + content: + application/json: + schema: + $ref: '#/components/schemas/MeshTCPRouteItem' + responses: + '200': + description: Updated + '201': + description: Created + delete: + summary: Deletes MeshTCPRoute entity + tags: + - MeshTCPRoute + parameters: + - in: path + name: mesh + schema: + type: string + required: true + description: name of the mesh + - in: path + name: name + schema: + type: string + required: true + description: name of the MeshTCPRoute + responses: + '200': + description: Successful response + /meshes/{mesh}/meshtcproutes: + get: + summary: Returns a list of MeshTCPRoute in the mesh. + tags: + - MeshTCPRoute + parameters: + - in: path + name: mesh + schema: + type: string + required: true + description: name of the mesh + responses: + '200': + $ref: '#/components/responses/MeshTCPRouteList' + /meshes/{mesh}/meshtimeouts/{name}: + get: + summary: Returns MeshTimeout entity + tags: + - MeshTimeout + parameters: + - in: path + name: mesh + schema: + type: string + required: true + description: name of the mesh + - in: path + name: name + schema: + type: string + required: true + description: name of the MeshTimeout + responses: + '200': + $ref: '#/components/responses/MeshTimeoutItem' + put: + summary: Creates or Updates MeshTimeout entity + tags: + - MeshTimeout + parameters: + - in: path + name: mesh + schema: + type: string + required: true + description: name of the mesh + - in: path + name: name + schema: + type: string + required: true + description: name of the MeshTimeout + requestBody: + description: Put request + required: true + content: + application/json: + schema: + $ref: '#/components/schemas/MeshTimeoutItem' + responses: + '200': + description: Updated + '201': + description: Created + delete: + summary: Deletes MeshTimeout entity + tags: + - MeshTimeout + parameters: + - in: path + name: mesh + schema: + type: string + required: true + description: name of the mesh + - in: path + name: name + schema: + type: string + required: true + description: name of the MeshTimeout + responses: + '200': + description: Successful response + /meshes/{mesh}/meshtimeouts: + get: + summary: Returns a list of MeshTimeout in the mesh. + tags: + - MeshTimeout + parameters: + - in: path + name: mesh + schema: + type: string + required: true + description: name of the mesh + responses: + '200': + $ref: '#/components/responses/MeshTimeoutList' + /meshes/{mesh}/meshtraces/{name}: + get: + summary: Returns MeshTrace entity + tags: + - MeshTrace + parameters: + - in: path + name: mesh + schema: + type: string + required: true + description: name of the mesh + - in: path + name: name + schema: + type: string + required: true + description: name of the MeshTrace + responses: + '200': + $ref: '#/components/responses/MeshTraceItem' + put: + summary: Creates or Updates MeshTrace entity + tags: + - MeshTrace + parameters: + - in: path + name: mesh + schema: + type: string + required: true + description: name of the mesh + - in: path + name: name + schema: + type: string + required: true + description: name of the MeshTrace + requestBody: + description: Put request + required: true + content: + application/json: + schema: + $ref: '#/components/schemas/MeshTraceItem' + responses: + '200': + description: Updated + '201': + description: Created + delete: + summary: Deletes MeshTrace entity + tags: + - MeshTrace + parameters: + - in: path + name: mesh + schema: + type: string + required: true + description: name of the mesh + - in: path + name: name + schema: + type: string + required: true + description: name of the MeshTrace + responses: + '200': + description: Successful response + /meshes/{mesh}/meshtraces: + get: + summary: Returns a list of MeshTrace in the mesh. + tags: + - MeshTrace + parameters: + - in: path + name: mesh + schema: + type: string + required: true + description: name of the mesh + responses: + '200': + $ref: '#/components/responses/MeshTraceList' + /meshes/{mesh}/meshtrafficpermissions/{name}: + get: + summary: Returns MeshTrafficPermission entity + tags: + - MeshTrafficPermission + parameters: + - in: path + name: mesh + schema: + type: string + required: true + description: name of the mesh + - in: path + name: name + schema: + type: string + required: true + description: name of the MeshTrafficPermission + responses: + '200': + $ref: '#/components/responses/MeshTrafficPermissionItem' + put: + summary: Creates or Updates MeshTrafficPermission entity + tags: + - MeshTrafficPermission + parameters: + - in: path + name: mesh + schema: + type: string + required: true + description: name of the mesh + - in: path + name: name + schema: + type: string + required: true + description: name of the MeshTrafficPermission + requestBody: + description: Put request + required: true + content: + application/json: + schema: + $ref: '#/components/schemas/MeshTrafficPermissionItem' + responses: + '200': + description: Updated + '201': + description: Created + delete: + summary: Deletes MeshTrafficPermission entity + tags: + - MeshTrafficPermission + parameters: + - in: path + name: mesh + schema: + type: string + required: true + description: name of the mesh + - in: path + name: name + schema: + type: string + required: true + description: name of the MeshTrafficPermission + responses: + '200': + description: Successful response + /meshes/{mesh}/meshtrafficpermissions: + get: + summary: Returns a list of MeshTrafficPermission in the mesh. + tags: + - MeshTrafficPermission + parameters: + - in: path + name: mesh + schema: + type: string + required: true + description: name of the mesh + responses: + '200': + $ref: '#/components/responses/MeshTrafficPermissionList' +components: + schemas: + BaseStatus: + type: object + title: Status + required: + - online + - total + properties: + online: + type: integer + example: 10 + total: + type: integer + example: 30 + FullStatus: + allOf: + - $ref: '#/components/schemas/BaseStatus' + - type: object + required: + - offline + - partiallyDegraded + properties: + offline: + type: integer + example: 15 + partiallyDegraded: + type: integer + example: 5 + ServicesStats: + type: object + title: ServicesStats + description: Services statistics + required: + - total + - internal + - external + - gatewayBuiltin + - gatewayDelegated + properties: + internal: + description: Internal services statistics + allOf: + - $ref: '#/components/schemas/FullStatus' + external: + type: object + description: External services statistics + required: + - total + properties: + total: + type: integer + example: 5 + gatewayBuiltin: + description: Builtin Gateway services statistics + allOf: + - $ref: '#/components/schemas/FullStatus' + gatewayDelegated: + description: Delegated Gateway services statistics + allOf: + - $ref: '#/components/schemas/FullStatus' + ZonesStats: + type: object + title: Zones Stats + description: Zone statistics + required: + - controlPlanes + - zoneEgresses + - zoneIngresses + properties: + controlPlanes: + description: Control Planes statistics + allOf: + - $ref: '#/components/schemas/BaseStatus' + zoneEgresses: + description: Zone Egresses statistics + allOf: + - $ref: '#/components/schemas/BaseStatus' + zoneIngresses: + description: Zone Ingresses statistics + allOf: + - $ref: '#/components/schemas/BaseStatus' + DataplanesStats: + type: object + title: Dataplanes Stats + description: Dataplanes statistics + required: + - standard + - gatewayBuiltin + - gatewayDelegated + properties: + standard: + description: Standard dataplane proxy statistics + allOf: + - $ref: '#/components/schemas/FullStatus' + gatewayBuiltin: + description: Builtin Gateway dataplane proxy statistics + allOf: + - $ref: '#/components/schemas/FullStatus' + gatewayDelegated: + description: Delegated Gateway dataplane proxy statistics + allOf: + - $ref: '#/components/schemas/FullStatus' + PoliciesStats: + type: object + title: Policies Stats + description: Policies statistics + required: + - total + properties: + total: + type: integer + description: Number of policies + example: 30 + MeshesStats: + type: object + title: Meshes Stats + description: Mesh statistics + required: + - total + properties: + total: + type: integer + description: Number of meshes + example: 3 + GlobalInsight: + type: object + title: GlobalInsight + description: Global Insight contains statistics for all main resources + required: + - createdAt + - services + - zones + - dataplanes + - policies + - meshes + properties: + createdAt: + type: string + description: Time of Global Insight creation + format: date-time + example: '2023-01-11T02:30:42.227Z' + services: + description: Mesh services statistics + allOf: + - $ref: '#/components/schemas/ServicesStats' + zones: + description: Zones statistics + allOf: + - $ref: '#/components/schemas/ZonesStats' + dataplanes: + description: Dataplane proxy statistics + allOf: + - $ref: '#/components/schemas/DataplanesStats' + policies: + description: Policies statistics + allOf: + - $ref: '#/components/schemas/PoliciesStats' + meshes: + description: Mesh statistics + allOf: + - $ref: '#/components/schemas/MeshesStats' + InvalidParameters: + type: object + title: Invalid Parameters + properties: + field: + type: string + reason: + type: string + rule: + type: string + choices: + type: array + items: + type: string + Error: + type: object + title: Error + description: standard error + x-examples: + Example 1: + status: 404 + title: Not Found + type: https://kongapi.info/konnect/not-found + instance: portal:trace:2287285207635123011 + detail: The requested document was not found + required: + - status + - title + - instance + properties: + status: + type: integer + description: The HTTP status code. + example: 404 + title: + type: string + description: The error response code. + example: Not Found + type: + type: string + description: The error type. + example: Not Found + instance: + type: string + example: portal:trace:2287285207635123011 + description: The portal traceback code + detail: + type: string + example: The requested team was not found + description: Details about the error. + invalid_parameters: + type: array + description: TODO + items: + $ref: '#/components/schemas/InvalidParameters' + MeshAccessLogItem: + type: object + properties: + type: + description: the type of the resource + type: string + enum: + - MeshAccessLog + mesh: + description: >- + Mesh is the name of the Kuma mesh this resource belongs to. It may + be omitted for cluster-scoped resources. + type: string + default: default + name: + description: Name of the Kuma resource + type: string + spec: + description: Spec is the specification of the Kuma MeshAccessLog resource. + properties: + from: + description: >- + From list makes a match between clients and corresponding + configurations + items: + properties: + default: + description: >- + Default is a configuration specific to the group of + clients referenced in 'targetRef' + properties: + backends: + items: + properties: + file: + description: >- + FileBackend defines configuration for file based + access logs + properties: + format: + description: >- + Format of access logs. Placeholders + available on + https://www.envoyproxy.io/docs/envoy/latest/configuration/observability/access_log/usage#command-operators + properties: + json: + items: + properties: + key: + type: string + value: + type: string + type: object + type: array + omitEmptyValues: + type: boolean + plain: + type: string + type: + enum: + - Plain + - Json + type: string + required: + - type + type: object + path: + description: Path to a file that logs will be written to + type: string + required: + - path + type: object + openTelemetry: + description: Defines an OpenTelemetry logging backend. + properties: + attributes: + description: >- + Attributes can contain placeholders + available on + https://www.envoyproxy.io/docs/envoy/latest/configuration/observability/access_log/usage#command-operators + items: + properties: + key: + type: string + value: + type: string + type: object + type: array + body: + description: >- + Body is a raw string or an OTLP any value as + described at + https://github.com/open-telemetry/opentelemetry-specification/blob/main/specification/logs/data-model.md#field-body + It can contain placeholders available on + https://www.envoyproxy.io/docs/envoy/latest/configuration/observability/access_log/usage#command-operators + x-kubernetes-preserve-unknown-fields: true + endpoint: + description: >- + Endpoint of OpenTelemetry collector. An + empty port defaults to 4317. + example: otel-collector:4317 + minLength: 1 + type: string + required: + - endpoint + type: object + tcp: + description: TCPBackend defines a TCP logging backend. + properties: + address: + description: Address of the TCP logging backend + type: string + format: + description: >- + Format of access logs. Placeholders + available on + https://www.envoyproxy.io/docs/envoy/latest/configuration/observability/access_log/usage#command-operators + properties: + json: + items: + properties: + key: + type: string + value: + type: string + type: object + type: array + omitEmptyValues: + type: boolean + plain: + type: string + type: + enum: + - Plain + - Json + type: string + required: + - type + type: object + required: + - address + type: object + type: + enum: + - Tcp + - File + - OpenTelemetry + type: string + required: + - type + type: object + type: array + type: object + targetRef: + description: >- + TargetRef is a reference to the resource that represents a + group of clients. + properties: + kind: + description: Kind of the referenced resource + enum: + - Mesh + - MeshSubset + - MeshGateway + - MeshService + - MeshServiceSubset + - MeshHTTPRoute + type: string + mesh: + description: >- + Mesh is reserved for future use to identify cross mesh + resources. + type: string + name: + description: >- + Name of the referenced resource. Can only be used with + kinds: `MeshService`, `MeshServiceSubset` and + `MeshGatewayRoute` + type: string + tags: + additionalProperties: + type: string + description: >- + Tags used to select a subset of proxies by tags. Can + only be used with kinds `MeshSubset` and + `MeshServiceSubset` + type: object + type: object + required: + - targetRef + type: object + type: array + targetRef: + description: >- + TargetRef is a reference to the resource the policy takes an + effect on. The resource could be either a real store object or + virtual resource defined inplace. + properties: + kind: + description: Kind of the referenced resource + enum: + - Mesh + - MeshSubset + - MeshGateway + - MeshService + - MeshServiceSubset + - MeshHTTPRoute + type: string + mesh: + description: >- + Mesh is reserved for future use to identify cross mesh + resources. + type: string + name: + description: >- + Name of the referenced resource. Can only be used with + kinds: `MeshService`, `MeshServiceSubset` and + `MeshGatewayRoute` + type: string + tags: + additionalProperties: + type: string + description: >- + Tags used to select a subset of proxies by tags. Can only be + used with kinds `MeshSubset` and `MeshServiceSubset` + type: object + type: object + to: + description: >- + To list makes a match between the consumed services and + corresponding configurations + items: + properties: + default: + description: >- + Default is a configuration specific to the group of + destinations referenced in 'targetRef' + properties: + backends: + items: + properties: + file: + description: >- + FileBackend defines configuration for file based + access logs + properties: + format: + description: >- + Format of access logs. Placeholders + available on + https://www.envoyproxy.io/docs/envoy/latest/configuration/observability/access_log/usage#command-operators + properties: + json: + items: + properties: + key: + type: string + value: + type: string + type: object + type: array + omitEmptyValues: + type: boolean + plain: + type: string + type: + enum: + - Plain + - Json + type: string + required: + - type + type: object + path: + description: Path to a file that logs will be written to + type: string + required: + - path + type: object + openTelemetry: + description: Defines an OpenTelemetry logging backend. + properties: + attributes: + description: >- + Attributes can contain placeholders + available on + https://www.envoyproxy.io/docs/envoy/latest/configuration/observability/access_log/usage#command-operators + items: + properties: + key: + type: string + value: + type: string + type: object + type: array + body: + description: >- + Body is a raw string or an OTLP any value as + described at + https://github.com/open-telemetry/opentelemetry-specification/blob/main/specification/logs/data-model.md#field-body + It can contain placeholders available on + https://www.envoyproxy.io/docs/envoy/latest/configuration/observability/access_log/usage#command-operators + x-kubernetes-preserve-unknown-fields: true + endpoint: + description: >- + Endpoint of OpenTelemetry collector. An + empty port defaults to 4317. + example: otel-collector:4317 + minLength: 1 + type: string + required: + - endpoint + type: object + tcp: + description: TCPBackend defines a TCP logging backend. + properties: + address: + description: Address of the TCP logging backend + type: string + format: + description: >- + Format of access logs. Placeholders + available on + https://www.envoyproxy.io/docs/envoy/latest/configuration/observability/access_log/usage#command-operators + properties: + json: + items: + properties: + key: + type: string + value: + type: string + type: object + type: array + omitEmptyValues: + type: boolean + plain: + type: string + type: + enum: + - Plain + - Json + type: string + required: + - type + type: object + required: + - address + type: object + type: + enum: + - Tcp + - File + - OpenTelemetry + type: string + required: + - type + type: object + type: array + type: object + targetRef: + description: >- + TargetRef is a reference to the resource that represents a + group of destinations. + properties: + kind: + description: Kind of the referenced resource + enum: + - Mesh + - MeshSubset + - MeshGateway + - MeshService + - MeshServiceSubset + - MeshHTTPRoute + type: string + mesh: + description: >- + Mesh is reserved for future use to identify cross mesh + resources. + type: string + name: + description: >- + Name of the referenced resource. Can only be used with + kinds: `MeshService`, `MeshServiceSubset` and + `MeshGatewayRoute` + type: string + tags: + additionalProperties: + type: string + description: >- + Tags used to select a subset of proxies by tags. Can + only be used with kinds `MeshSubset` and + `MeshServiceSubset` + type: object + type: object + required: + - targetRef + type: object + type: array + required: + - targetRef + type: object + MeshCircuitBreakerItem: + type: object + properties: + type: + description: the type of the resource + type: string + enum: + - MeshCircuitBreaker + mesh: + description: >- + Mesh is the name of the Kuma mesh this resource belongs to. It may + be omitted for cluster-scoped resources. + type: string + default: default + name: + description: Name of the Kuma resource + type: string + spec: + description: Spec is the specification of the Kuma MeshCircuitBreaker resource. + properties: + from: + description: >- + From list makes a match between clients and corresponding + configurations + items: + properties: + default: + description: >- + Default is a configuration specific to the group of + destinations referenced in 'targetRef' + properties: + connectionLimits: + description: >- + ConnectionLimits contains configuration of each + circuit breaking limit, which when exceeded makes the + circuit breaker to become open (no traffic is allowed + like no current is allowed in the circuits when + physical circuit breaker ir open) + properties: + maxConnectionPools: + description: >- + The maximum number of connection pools per cluster + that are concurrently supported at once. Set this + for clusters which create a large number of + connection pools. + format: int32 + type: integer + maxConnections: + description: >- + The maximum number of connections allowed to be + made to the upstream cluster. + format: int32 + type: integer + maxPendingRequests: + description: >- + The maximum number of pending requests that are + allowed to the upstream cluster. This limit is + applied as a connection limit for non-HTTP + traffic. + format: int32 + type: integer + maxRequests: + description: >- + The maximum number of parallel requests that are + allowed to be made to the upstream cluster. This + limit does not apply to non-HTTP traffic. + format: int32 + type: integer + maxRetries: + description: >- + The maximum number of parallel retries that will + be allowed to the upstream cluster. + format: int32 + type: integer + type: object + outlierDetection: + description: >- + OutlierDetection contains the configuration of the + process of dynamically determining whether some number + of hosts in an upstream cluster are performing unlike + the others and removing them from the healthy load + balancing set. Performance might be along different + axes such as consecutive failures, temporal success + rate, temporal latency, etc. Outlier detection is a + form of passive health checking. + properties: + baseEjectionTime: + description: >- + The base time that a host is ejected for. The real + time is equal to the base time multiplied by the + number of times the host has been ejected. + type: string + detectors: + description: >- + Contains configuration for supported outlier + detectors + properties: + failurePercentage: + description: >- + Failure Percentage based outlier detection + functions similarly to success rate detection, + in that it relies on success rate data from + each host in a cluster. However, rather than + compare those values to the mean success rate + of the cluster as a whole, they are compared + to a flat user-configured threshold. This + threshold is configured via the + outlierDetection.failurePercentageThreshold + field. The other configuration fields for + failure percentage based detection are similar + to the fields for success rate detection. As + with success rate detection, detection will + not be performed for a host if its request + volume over the aggregation interval is less + than the + outlierDetection.detectors.failurePercentage.requestVolume + value. Detection also will not be performed + for a cluster if the number of hosts with the + minimum required request volume in an interval + is less than the + outlierDetection.detectors.failurePercentage.minimumHosts + value. + properties: + minimumHosts: + description: >- + The minimum number of hosts in a cluster + in order to perform failure + percentage-based ejection. If the total + number of hosts in the cluster is less + than this value, failure percentage-based + ejection will not be performed. + format: int32 + type: integer + requestVolume: + description: >- + The minimum number of total requests that + must be collected in one interval (as + defined by the interval duration above) to + perform failure percentage-based ejection + for this host. If the volume is lower than + this setting, failure percentage-based + ejection will not be performed for this + host. + format: int32 + type: integer + threshold: + description: >- + The failure percentage to use when + determining failure percentage-based + outlier detection. If the failure + percentage of a given host is greater than + or equal to this value, it will be + ejected. + format: int32 + type: integer + type: object + gatewayFailures: + description: >- + In the default mode + (outlierDetection.splitExternalLocalOriginErrors + is false) this detection type takes into + account a subset of 5xx errors, called + "gateway errors" (502, 503 or 504 status code) + and local origin failures, such as timeout, + TCP reset etc. In split mode + (outlierDetection.splitExternalLocalOriginErrors + is true) this detection type takes into + account a subset of 5xx errors, called + "gateway errors" (502, 503 or 504 status code) + and is supported only by the http router. + properties: + consecutive: + description: >- + The number of consecutive gateway failures + (502, 503, 504 status codes) before a + consecutive gateway failure ejection + occurs. + format: int32 + type: integer + type: object + localOriginFailures: + description: >- + This detection type is enabled only when + outlierDetection.splitExternalLocalOriginErrors + is true and takes into account only locally + originated errors (timeout, reset, etc). If + Envoy repeatedly cannot connect to an upstream + host or communication with the upstream host + is repeatedly interrupted, it will be ejected. + Various locally originated problems are + detected: timeout, TCP reset, ICMP errors, + etc. This detection type is supported by http + router and tcp proxy. + properties: + consecutive: + description: >- + The number of consecutive locally + originated failures before ejection + occurs. Parameter takes effect only when + splitExternalAndLocalErrors is set to + true. + format: int32 + type: integer + type: object + successRate: + description: >- + Success Rate based outlier detection + aggregates success rate data from every host + in a cluster. Then at given intervals ejects + hosts based on statistical outlier detection. + Success Rate outlier detection will not be + calculated for a host if its request volume + over the aggregation interval is less than the + outlierDetection.detectors.successRate.requestVolume + value. Moreover, detection will not be + performed for a cluster if the number of hosts + with the minimum required request volume in an + interval is less than the + outlierDetection.detectors.successRate.minimumHosts + value. In the default configuration mode + (outlierDetection.splitExternalLocalOriginErrors + is false) this detection type takes into + account all types of errors: locally and + externally originated. In split mode + (outlierDetection.splitExternalLocalOriginErrors + is true), locally originated errors and + externally originated (transaction) errors are + counted and treated separately. + properties: + minimumHosts: + description: >- + The number of hosts in a cluster that must + have enough request volume to detect + success rate outliers. If the number of + hosts is less than this setting, outlier + detection via success rate statistics is + not performed for any host in the cluster. + format: int32 + type: integer + requestVolume: + description: >- + The minimum number of total requests that + must be collected in one interval (as + defined by the interval duration + configured in outlierDetection section) to + include this host in success rate based + outlier detection. If the volume is lower + than this setting, outlier detection via + success rate statistics is not performed + for that host. + format: int32 + type: integer + standardDeviationFactor: + anyOf: + - type: integer + - type: string + description: >- + This factor is used to determine the + ejection threshold for success rate + outlier ejection. The ejection threshold + is the difference between the mean success + rate, and the product of this factor and + the standard deviation of the mean success + rate: mean - (standard_deviation * + success_rate_standard_deviation_factor). + Either int or decimal represented as + string. + x-kubernetes-int-or-string: true + type: object + totalFailures: + description: >- + In the default mode + (outlierDetection.splitExternalAndLocalErrors + is false) this detection type takes into + account all generated errors: locally + originated and externally originated + (transaction) errors. In split mode + (outlierDetection.splitExternalLocalOriginErrors + is true) this detection type takes into + account only externally originated + (transaction) errors, ignoring locally + originated errors. If an upstream host is an + HTTP-server, only 5xx types of error are taken + into account (see Consecutive Gateway Failure + for exceptions). Properly formatted responses, + even when they carry an operational error + (like index not found, access denied) are not + taken into account. + properties: + consecutive: + description: >- + The number of consecutive server-side + error responses (for HTTP traffic, 5xx + responses; for TCP traffic, connection + failures; for Redis, failure to respond + PONG; etc.) before a consecutive total + failure ejection occurs. + format: int32 + type: integer + type: object + type: object + disabled: + description: >- + When set to true, outlierDetection configuration + won't take any effect + type: boolean + interval: + description: >- + The time interval between ejection analysis + sweeps. This can result in both new ejections and + hosts being returned to service. + type: string + maxEjectionPercent: + description: >- + The maximum % of an upstream cluster that can be + ejected due to outlier detection. Defaults to 10% + but will eject at least one host regardless of the + value. + format: int32 + type: integer + splitExternalAndLocalErrors: + description: >- + Determines whether to distinguish local origin + failures from external errors. If set to true the + following configuration parameters are taken into + account: detectors.localOriginFailures.consecutive + type: boolean + type: object + type: object + targetRef: + description: >- + TargetRef is a reference to the resource that represents a + group of destinations. + properties: + kind: + description: Kind of the referenced resource + enum: + - Mesh + - MeshSubset + - MeshGateway + - MeshService + - MeshServiceSubset + - MeshHTTPRoute + type: string + mesh: + description: >- + Mesh is reserved for future use to identify cross mesh + resources. + type: string + name: + description: >- + Name of the referenced resource. Can only be used with + kinds: `MeshService`, `MeshServiceSubset` and + `MeshGatewayRoute` + type: string + tags: + additionalProperties: + type: string + description: >- + Tags used to select a subset of proxies by tags. Can + only be used with kinds `MeshSubset` and + `MeshServiceSubset` + type: object + type: object + required: + - targetRef + type: object + type: array + targetRef: + description: >- + TargetRef is a reference to the resource the policy takes an + effect on. The resource could be either a real store object or + virtual resource defined in place. + properties: + kind: + description: Kind of the referenced resource + enum: + - Mesh + - MeshSubset + - MeshGateway + - MeshService + - MeshServiceSubset + - MeshHTTPRoute + type: string + mesh: + description: >- + Mesh is reserved for future use to identify cross mesh + resources. + type: string + name: + description: >- + Name of the referenced resource. Can only be used with + kinds: `MeshService`, `MeshServiceSubset` and + `MeshGatewayRoute` + type: string + tags: + additionalProperties: + type: string + description: >- + Tags used to select a subset of proxies by tags. Can only be + used with kinds `MeshSubset` and `MeshServiceSubset` + type: object + type: object + to: + description: >- + To list makes a match between the consumed services and + corresponding configurations + items: + properties: + default: + description: >- + Default is a configuration specific to the group of + destinations referenced in 'targetRef' + properties: + connectionLimits: + description: >- + ConnectionLimits contains configuration of each + circuit breaking limit, which when exceeded makes the + circuit breaker to become open (no traffic is allowed + like no current is allowed in the circuits when + physical circuit breaker ir open) + properties: + maxConnectionPools: + description: >- + The maximum number of connection pools per cluster + that are concurrently supported at once. Set this + for clusters which create a large number of + connection pools. + format: int32 + type: integer + maxConnections: + description: >- + The maximum number of connections allowed to be + made to the upstream cluster. + format: int32 + type: integer + maxPendingRequests: + description: >- + The maximum number of pending requests that are + allowed to the upstream cluster. This limit is + applied as a connection limit for non-HTTP + traffic. + format: int32 + type: integer + maxRequests: + description: >- + The maximum number of parallel requests that are + allowed to be made to the upstream cluster. This + limit does not apply to non-HTTP traffic. + format: int32 + type: integer + maxRetries: + description: >- + The maximum number of parallel retries that will + be allowed to the upstream cluster. + format: int32 + type: integer + type: object + outlierDetection: + description: >- + OutlierDetection contains the configuration of the + process of dynamically determining whether some number + of hosts in an upstream cluster are performing unlike + the others and removing them from the healthy load + balancing set. Performance might be along different + axes such as consecutive failures, temporal success + rate, temporal latency, etc. Outlier detection is a + form of passive health checking. + properties: + baseEjectionTime: + description: >- + The base time that a host is ejected for. The real + time is equal to the base time multiplied by the + number of times the host has been ejected. + type: string + detectors: + description: >- + Contains configuration for supported outlier + detectors + properties: + failurePercentage: + description: >- + Failure Percentage based outlier detection + functions similarly to success rate detection, + in that it relies on success rate data from + each host in a cluster. However, rather than + compare those values to the mean success rate + of the cluster as a whole, they are compared + to a flat user-configured threshold. This + threshold is configured via the + outlierDetection.failurePercentageThreshold + field. The other configuration fields for + failure percentage based detection are similar + to the fields for success rate detection. As + with success rate detection, detection will + not be performed for a host if its request + volume over the aggregation interval is less + than the + outlierDetection.detectors.failurePercentage.requestVolume + value. Detection also will not be performed + for a cluster if the number of hosts with the + minimum required request volume in an interval + is less than the + outlierDetection.detectors.failurePercentage.minimumHosts + value. + properties: + minimumHosts: + description: >- + The minimum number of hosts in a cluster + in order to perform failure + percentage-based ejection. If the total + number of hosts in the cluster is less + than this value, failure percentage-based + ejection will not be performed. + format: int32 + type: integer + requestVolume: + description: >- + The minimum number of total requests that + must be collected in one interval (as + defined by the interval duration above) to + perform failure percentage-based ejection + for this host. If the volume is lower than + this setting, failure percentage-based + ejection will not be performed for this + host. + format: int32 + type: integer + threshold: + description: >- + The failure percentage to use when + determining failure percentage-based + outlier detection. If the failure + percentage of a given host is greater than + or equal to this value, it will be + ejected. + format: int32 + type: integer + type: object + gatewayFailures: + description: >- + In the default mode + (outlierDetection.splitExternalLocalOriginErrors + is false) this detection type takes into + account a subset of 5xx errors, called + "gateway errors" (502, 503 or 504 status code) + and local origin failures, such as timeout, + TCP reset etc. In split mode + (outlierDetection.splitExternalLocalOriginErrors + is true) this detection type takes into + account a subset of 5xx errors, called + "gateway errors" (502, 503 or 504 status code) + and is supported only by the http router. + properties: + consecutive: + description: >- + The number of consecutive gateway failures + (502, 503, 504 status codes) before a + consecutive gateway failure ejection + occurs. + format: int32 + type: integer + type: object + localOriginFailures: + description: >- + This detection type is enabled only when + outlierDetection.splitExternalLocalOriginErrors + is true and takes into account only locally + originated errors (timeout, reset, etc). If + Envoy repeatedly cannot connect to an upstream + host or communication with the upstream host + is repeatedly interrupted, it will be ejected. + Various locally originated problems are + detected: timeout, TCP reset, ICMP errors, + etc. This detection type is supported by http + router and tcp proxy. + properties: + consecutive: + description: >- + The number of consecutive locally + originated failures before ejection + occurs. Parameter takes effect only when + splitExternalAndLocalErrors is set to + true. + format: int32 + type: integer + type: object + successRate: + description: >- + Success Rate based outlier detection + aggregates success rate data from every host + in a cluster. Then at given intervals ejects + hosts based on statistical outlier detection. + Success Rate outlier detection will not be + calculated for a host if its request volume + over the aggregation interval is less than the + outlierDetection.detectors.successRate.requestVolume + value. Moreover, detection will not be + performed for a cluster if the number of hosts + with the minimum required request volume in an + interval is less than the + outlierDetection.detectors.successRate.minimumHosts + value. In the default configuration mode + (outlierDetection.splitExternalLocalOriginErrors + is false) this detection type takes into + account all types of errors: locally and + externally originated. In split mode + (outlierDetection.splitExternalLocalOriginErrors + is true), locally originated errors and + externally originated (transaction) errors are + counted and treated separately. + properties: + minimumHosts: + description: >- + The number of hosts in a cluster that must + have enough request volume to detect + success rate outliers. If the number of + hosts is less than this setting, outlier + detection via success rate statistics is + not performed for any host in the cluster. + format: int32 + type: integer + requestVolume: + description: >- + The minimum number of total requests that + must be collected in one interval (as + defined by the interval duration + configured in outlierDetection section) to + include this host in success rate based + outlier detection. If the volume is lower + than this setting, outlier detection via + success rate statistics is not performed + for that host. + format: int32 + type: integer + standardDeviationFactor: + anyOf: + - type: integer + - type: string + description: >- + This factor is used to determine the + ejection threshold for success rate + outlier ejection. The ejection threshold + is the difference between the mean success + rate, and the product of this factor and + the standard deviation of the mean success + rate: mean - (standard_deviation * + success_rate_standard_deviation_factor). + Either int or decimal represented as + string. + x-kubernetes-int-or-string: true + type: object + totalFailures: + description: >- + In the default mode + (outlierDetection.splitExternalAndLocalErrors + is false) this detection type takes into + account all generated errors: locally + originated and externally originated + (transaction) errors. In split mode + (outlierDetection.splitExternalLocalOriginErrors + is true) this detection type takes into + account only externally originated + (transaction) errors, ignoring locally + originated errors. If an upstream host is an + HTTP-server, only 5xx types of error are taken + into account (see Consecutive Gateway Failure + for exceptions). Properly formatted responses, + even when they carry an operational error + (like index not found, access denied) are not + taken into account. + properties: + consecutive: + description: >- + The number of consecutive server-side + error responses (for HTTP traffic, 5xx + responses; for TCP traffic, connection + failures; for Redis, failure to respond + PONG; etc.) before a consecutive total + failure ejection occurs. + format: int32 + type: integer + type: object + type: object + disabled: + description: >- + When set to true, outlierDetection configuration + won't take any effect + type: boolean + interval: + description: >- + The time interval between ejection analysis + sweeps. This can result in both new ejections and + hosts being returned to service. + type: string + maxEjectionPercent: + description: >- + The maximum % of an upstream cluster that can be + ejected due to outlier detection. Defaults to 10% + but will eject at least one host regardless of the + value. + format: int32 + type: integer + splitExternalAndLocalErrors: + description: >- + Determines whether to distinguish local origin + failures from external errors. If set to true the + following configuration parameters are taken into + account: detectors.localOriginFailures.consecutive + type: boolean + type: object + type: object + targetRef: + description: >- + TargetRef is a reference to the resource that represents a + group of destinations. + properties: + kind: + description: Kind of the referenced resource + enum: + - Mesh + - MeshSubset + - MeshGateway + - MeshService + - MeshServiceSubset + - MeshHTTPRoute + type: string + mesh: + description: >- + Mesh is reserved for future use to identify cross mesh + resources. + type: string + name: + description: >- + Name of the referenced resource. Can only be used with + kinds: `MeshService`, `MeshServiceSubset` and + `MeshGatewayRoute` + type: string + tags: + additionalProperties: + type: string + description: >- + Tags used to select a subset of proxies by tags. Can + only be used with kinds `MeshSubset` and + `MeshServiceSubset` + type: object + type: object + required: + - targetRef + type: object + type: array + required: + - targetRef + type: object + MeshFaultInjectionItem: + type: object + properties: + type: + description: the type of the resource + type: string + enum: + - MeshFaultInjection + mesh: + description: >- + Mesh is the name of the Kuma mesh this resource belongs to. It may + be omitted for cluster-scoped resources. + type: string + default: default + name: + description: Name of the Kuma resource + type: string + spec: + description: Spec is the specification of the Kuma MeshFaultInjection resource. + properties: + from: + description: >- + From list makes a match between clients and corresponding + configurations + items: + properties: + default: + description: >- + Default is a configuration specific to the group of + destinations referenced in 'targetRef' + properties: + http: + description: >- + Http allows to define list of Http faults between + dataplanes. + items: + description: >- + FaultInjection defines the configuration of faults + between dataplanes. + properties: + abort: + description: >- + Abort defines a configuration of not delivering + requests to destination service and replacing + the responses from destination dataplane by + predefined status code + properties: + httpStatus: + description: >- + HTTP status code which will be returned to + source side + format: int32 + type: integer + percentage: + anyOf: + - type: integer + - type: string + description: >- + Percentage of requests on which abort will + be injected, has to be either int or decimal + represented as string. + x-kubernetes-int-or-string: true + required: + - httpStatus + - percentage + type: object + delay: + description: >- + Delay defines configuration of delaying a + response from a destination + properties: + percentage: + anyOf: + - type: integer + - type: string + description: >- + Percentage of requests on which delay will + be injected, has to be either int or decimal + represented as string. + x-kubernetes-int-or-string: true + value: + description: >- + The duration during which the response will + be delayed + type: string + required: + - percentage + - value + type: object + responseBandwidth: + description: >- + ResponseBandwidth defines a configuration to + limit the speed of responding to the requests + properties: + limit: + description: >- + Limit is represented by value measure in + gbps, mbps, kbps or bps, e.g. 10kbps + type: string + percentage: + anyOf: + - type: integer + - type: string + description: >- + Percentage of requests on which response + bandwidth limit will be either int or + decimal represented as string. + x-kubernetes-int-or-string: true + required: + - limit + - percentage + type: object + type: object + type: array + type: object + targetRef: + description: >- + TargetRef is a reference to the resource that represents a + group of destinations. + properties: + kind: + description: Kind of the referenced resource + enum: + - Mesh + - MeshSubset + - MeshGateway + - MeshService + - MeshServiceSubset + - MeshHTTPRoute + type: string + mesh: + description: >- + Mesh is reserved for future use to identify cross mesh + resources. + type: string + name: + description: >- + Name of the referenced resource. Can only be used with + kinds: `MeshService`, `MeshServiceSubset` and + `MeshGatewayRoute` + type: string + tags: + additionalProperties: + type: string + description: >- + Tags used to select a subset of proxies by tags. Can + only be used with kinds `MeshSubset` and + `MeshServiceSubset` + type: object + type: object + required: + - targetRef + type: object + type: array + targetRef: + description: >- + TargetRef is a reference to the resource the policy takes an + effect on. The resource could be either a real store object or + virtual resource defined inplace. + properties: + kind: + description: Kind of the referenced resource + enum: + - Mesh + - MeshSubset + - MeshGateway + - MeshService + - MeshServiceSubset + - MeshHTTPRoute + type: string + mesh: + description: >- + Mesh is reserved for future use to identify cross mesh + resources. + type: string + name: + description: >- + Name of the referenced resource. Can only be used with + kinds: `MeshService`, `MeshServiceSubset` and + `MeshGatewayRoute` + type: string + tags: + additionalProperties: + type: string + description: >- + Tags used to select a subset of proxies by tags. Can only be + used with kinds `MeshSubset` and `MeshServiceSubset` + type: object + type: object + required: + - targetRef + type: object + MeshHealthCheckItem: + type: object + properties: + type: + description: the type of the resource + type: string + enum: + - MeshHealthCheck + mesh: + description: >- + Mesh is the name of the Kuma mesh this resource belongs to. It may + be omitted for cluster-scoped resources. + type: string + default: default + name: + description: Name of the Kuma resource + type: string + spec: + description: Spec is the specification of the Kuma MeshHealthCheck resource. + properties: + targetRef: + description: >- + TargetRef is a reference to the resource the policy takes an + effect on. The resource could be either a real store object or + virtual resource defined inplace. + properties: + kind: + description: Kind of the referenced resource + enum: + - Mesh + - MeshSubset + - MeshGateway + - MeshService + - MeshServiceSubset + - MeshHTTPRoute + type: string + mesh: + description: >- + Mesh is reserved for future use to identify cross mesh + resources. + type: string + name: + description: >- + Name of the referenced resource. Can only be used with + kinds: `MeshService`, `MeshServiceSubset` and + `MeshGatewayRoute` + type: string + tags: + additionalProperties: + type: string + description: >- + Tags used to select a subset of proxies by tags. Can only be + used with kinds `MeshSubset` and `MeshServiceSubset` + type: object + type: object + to: + description: >- + To list makes a match between the consumed services and + corresponding configurations + items: + properties: + default: + description: >- + Default is a configuration specific to the group of + destinations referenced in 'targetRef' + properties: + alwaysLogHealthCheckFailures: + description: >- + If set to true, health check failure events will + always be logged. If set to false, only the initial + health check failure event will be logged. The default + value is false. + type: boolean + eventLogPath: + description: >- + Specifies the path to the file where Envoy can log + health check events. If empty, no event log will be + written. + type: string + failTrafficOnPanic: + description: >- + If set to true, Envoy will not consider any hosts when + the cluster is in 'panic mode'. Instead, the cluster + will fail all requests as if all hosts are unhealthy. + This can help avoid potentially overwhelming a failing + service. + type: boolean + grpc: + description: >- + GrpcHealthCheck defines gRPC configuration which will + instruct the service the health check will be made for + is a gRPC service. + properties: + authority: + description: >- + The value of the :authority header in the gRPC + health check request, by default name of the + cluster this health check is associated with + type: string + disabled: + description: If true the GrpcHealthCheck is disabled + type: boolean + serviceName: + description: >- + Service name parameter which will be sent to gRPC + service + type: string + type: object + healthyPanicThreshold: + anyOf: + - type: integer + - type: string + description: >- + Allows to configure panic threshold for Envoy cluster. + If not specified, the default is 50%. To disable panic + mode, set to 0%. Either int or decimal represented as + string. + x-kubernetes-int-or-string: true + healthyThreshold: + default: 1 + description: >- + Number of consecutive healthy checks before + considering a host healthy. + format: int32 + type: integer + http: + description: >- + HttpHealthCheck defines HTTP configuration which will + instruct the service the health check will be made for + is an HTTP service. + properties: + disabled: + description: If true the HttpHealthCheck is disabled + type: boolean + expectedStatuses: + description: >- + List of HTTP response statuses which are + considered healthy + items: + format: int32 + type: integer + type: array + path: + default: / + description: >- + The HTTP path which will be requested during the + health check (ie. /health) + type: string + requestHeadersToAdd: + description: >- + The list of HTTP headers which should be added to + each health check request + properties: + add: + items: + properties: + name: + maxLength: 256 + minLength: 1 + pattern: ^[a-z0-9!#$%&'*+\-.^_\x60|~]+$ + type: string + value: + type: string + required: + - name + - value + type: object + maxItems: 16 + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map + set: + items: + properties: + name: + maxLength: 256 + minLength: 1 + pattern: ^[a-z0-9!#$%&'*+\-.^_\x60|~]+$ + type: string + value: + type: string + required: + - name + - value + type: object + maxItems: 16 + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map + type: object + type: object + initialJitter: + description: >- + If specified, Envoy will start health checking after a + random time in ms between 0 and initialJitter. This + only applies to the first health check. + type: string + interval: + default: 1m + description: Interval between consecutive health checks. + type: string + intervalJitter: + description: >- + If specified, during every interval Envoy will add + IntervalJitter to the wait time. + type: string + intervalJitterPercent: + description: >- + If specified, during every interval Envoy will add + IntervalJitter * IntervalJitterPercent / 100 to the + wait time. If IntervalJitter and IntervalJitterPercent + are both set, both of them will be used to increase + the wait time. + format: int32 + type: integer + noTrafficInterval: + description: >- + The "no traffic interval" is a special health check + interval that is used when a cluster has never had + traffic routed to it. This lower interval allows + cluster information to be kept up to date, without + sending a potentially large amount of active health + checking traffic for no reason. Once a cluster has + been used for traffic routing, Envoy will shift back + to using the standard health check interval that is + defined. Note that this interval takes precedence over + any other. The default value for "no traffic interval" + is 60 seconds. + type: string + reuseConnection: + description: >- + Reuse health check connection between health checks. + Default is true. + type: boolean + tcp: + description: >- + TcpHealthCheck defines configuration for specifying + bytes to send and expected response during the health + check + properties: + disabled: + description: If true the TcpHealthCheck is disabled + type: boolean + receive: + description: >- + List of Base64 encoded blocks of strings expected + as a response. When checking the response, "fuzzy" + matching is performed such that each block must be + found, and in the order specified, but not + necessarily contiguous. If not provided or empty, + checks will be performed as "connect only" and be + marked as successful when TCP connection is + successfully established. + items: + type: string + type: array + send: + description: >- + Base64 encoded content of the message which will + be sent during the health check to the target + type: string + type: object + timeout: + default: 15s + description: Maximum time to wait for a health check response. + type: string + unhealthyThreshold: + default: 5 + description: >- + Number of consecutive unhealthy checks before + considering a host unhealthy. + format: int32 + type: integer + type: object + targetRef: + description: >- + TargetRef is a reference to the resource that represents a + group of destinations. + properties: + kind: + description: Kind of the referenced resource + enum: + - Mesh + - MeshSubset + - MeshGateway + - MeshService + - MeshServiceSubset + - MeshHTTPRoute + type: string + mesh: + description: >- + Mesh is reserved for future use to identify cross mesh + resources. + type: string + name: + description: >- + Name of the referenced resource. Can only be used with + kinds: `MeshService`, `MeshServiceSubset` and + `MeshGatewayRoute` + type: string + tags: + additionalProperties: + type: string + description: >- + Tags used to select a subset of proxies by tags. Can + only be used with kinds `MeshSubset` and + `MeshServiceSubset` + type: object + type: object + required: + - targetRef + type: object + type: array + required: + - targetRef + type: object + MeshHTTPRouteItem: + type: object + properties: + type: + description: the type of the resource + type: string + enum: + - MeshHTTPRoute + mesh: + description: >- + Mesh is the name of the Kuma mesh this resource belongs to. It may + be omitted for cluster-scoped resources. + type: string + default: default + name: + description: Name of the Kuma resource + type: string + spec: + description: Spec is the specification of the Kuma MeshHTTPRoute resource. + properties: + targetRef: + description: >- + TargetRef is a reference to the resource the policy takes an + effect on. The resource could be either a real store object or + virtual resource defined inplace. + properties: + kind: + description: Kind of the referenced resource + enum: + - Mesh + - MeshSubset + - MeshGateway + - MeshService + - MeshServiceSubset + - MeshHTTPRoute + type: string + mesh: + description: >- + Mesh is reserved for future use to identify cross mesh + resources. + type: string + name: + description: >- + Name of the referenced resource. Can only be used with + kinds: `MeshService`, `MeshServiceSubset` and + `MeshGatewayRoute` + type: string + tags: + additionalProperties: + type: string + description: >- + Tags used to select a subset of proxies by tags. Can only be + used with kinds `MeshSubset` and `MeshServiceSubset` + type: object + type: object + to: + description: >- + To matches destination services of requests and holds + configuration. + items: + properties: + rules: + description: >- + Rules contains the routing rules applies to a combination + of top-level targetRef and the targetRef in this entry. + items: + properties: + default: + description: >- + Default holds routing rules that can be merged with + rules from other policies. + properties: + backendRefs: + items: + description: BackendRef defines where to forward traffic. + properties: + kind: + description: Kind of the referenced resource + enum: + - Mesh + - MeshSubset + - MeshGateway + - MeshService + - MeshServiceSubset + - MeshHTTPRoute + type: string + mesh: + description: >- + Mesh is reserved for future use to + identify cross mesh resources. + type: string + name: + description: >- + Name of the referenced resource. Can only + be used with kinds: `MeshService`, + `MeshServiceSubset` and `MeshGatewayRoute` + type: string + tags: + additionalProperties: + type: string + description: >- + Tags used to select a subset of proxies by + tags. Can only be used with kinds + `MeshSubset` and `MeshServiceSubset` + type: object + weight: + default: 1 + minimum: 0 + type: integer + type: object + type: array + filters: + items: + properties: + requestHeaderModifier: + description: >- + Only one action is supported per header + name. Configuration to set or add multiple + values for a header must use RFC 7230 + header value formatting, separating each + value with a comma. + properties: + add: + items: + properties: + name: + maxLength: 256 + minLength: 1 + pattern: ^[a-z0-9!#$%&'*+\-.^_\x60|~]+$ + type: string + value: + type: string + required: + - name + - value + type: object + maxItems: 16 + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map + remove: + items: + type: string + maxItems: 16 + type: array + set: + items: + properties: + name: + maxLength: 256 + minLength: 1 + pattern: ^[a-z0-9!#$%&'*+\-.^_\x60|~]+$ + type: string + value: + type: string + required: + - name + - value + type: object + maxItems: 16 + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map + type: object + requestMirror: + properties: + backendRef: + description: >- + TargetRef defines structure that allows + attaching policy to various objects + properties: + kind: + description: Kind of the referenced resource + enum: + - Mesh + - MeshSubset + - MeshGateway + - MeshService + - MeshServiceSubset + - MeshHTTPRoute + type: string + mesh: + description: >- + Mesh is reserved for future use to + identify cross mesh resources. + type: string + name: + description: >- + Name of the referenced resource. Can + only be used with kinds: `MeshService`, + `MeshServiceSubset` and + `MeshGatewayRoute` + type: string + tags: + additionalProperties: + type: string + description: >- + Tags used to select a subset of proxies + by tags. Can only be used with kinds + `MeshSubset` and `MeshServiceSubset` + type: object + type: object + percentage: + anyOf: + - type: integer + - type: string + description: >- + Percentage of requests to mirror. If not + specified, all requests to the target + cluster will be mirrored. + x-kubernetes-int-or-string: true + required: + - backendRef + type: object + requestRedirect: + properties: + hostname: + description: >- + PreciseHostname is the fully qualified + domain name of a network host. This + matches the RFC 1123 definition of a + hostname with 1 notable exception that + numeric IP addresses are not allowed. + Note that as per RFC1035 and RFC1123, a *label* must consist of lower case alphanumeric characters or '-', and must start and end with an alphanumeric character. No other punctuation is allowed. + maxLength: 253 + minLength: 1 + pattern: >- + ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$ + type: string + path: + description: >- + Path defines parameters used to modify + the path of the incoming request. The + modified path is then used to construct + the location header. When empty, the + request path is used as-is. + properties: + replaceFullPath: + type: string + replacePrefixMatch: + type: string + type: + enum: + - ReplaceFullPath + - ReplacePrefixMatch + type: string + required: + - type + type: object + port: + description: >- + Port is the port to be used in the value + of the `Location` header in the + response. When empty, port (if + specified) of the request is used. + format: int32 + maximum: 65535 + minimum: 1 + type: integer + scheme: + enum: + - http + - https + type: string + statusCode: + default: 302 + description: >- + StatusCode is the HTTP status code to be + used in response. + enum: + - 301 + - 302 + - 303 + - 307 + - 308 + type: integer + type: object + responseHeaderModifier: + description: >- + Only one action is supported per header + name. Configuration to set or add multiple + values for a header must use RFC 7230 + header value formatting, separating each + value with a comma. + properties: + add: + items: + properties: + name: + maxLength: 256 + minLength: 1 + pattern: ^[a-z0-9!#$%&'*+\-.^_\x60|~]+$ + type: string + value: + type: string + required: + - name + - value + type: object + maxItems: 16 + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map + remove: + items: + type: string + maxItems: 16 + type: array + set: + items: + properties: + name: + maxLength: 256 + minLength: 1 + pattern: ^[a-z0-9!#$%&'*+\-.^_\x60|~]+$ + type: string + value: + type: string + required: + - name + - value + type: object + maxItems: 16 + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map + type: object + type: + enum: + - RequestHeaderModifier + - ResponseHeaderModifier + - RequestRedirect + - URLRewrite + - RequestMirror + type: string + urlRewrite: + properties: + hostname: + description: >- + Hostname is the value to be used to + replace the host header value during + forwarding. + maxLength: 253 + minLength: 1 + pattern: >- + ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$ + type: string + path: + description: Path defines a path rewrite. + properties: + replaceFullPath: + type: string + replacePrefixMatch: + type: string + type: + enum: + - ReplaceFullPath + - ReplacePrefixMatch + type: string + required: + - type + type: object + type: object + required: + - type + type: object + type: array + type: object + matches: + description: >- + Matches describes how to match HTTP requests this + rule should be applied to. + items: + properties: + headers: + items: + description: >- + HeaderMatch describes how to select an HTTP + route by matching HTTP request headers. + properties: + name: + description: >- + Name is the name of the HTTP Header to + be matched. Name MUST be lower case as + they will be handled with case + insensitivity (See + https://tools.ietf.org/html/rfc7230#section-3.2). + maxLength: 256 + minLength: 1 + pattern: ^[a-z0-9!#$%&'*+\-.^_\x60|~]+$ + type: string + type: + default: Exact + description: >- + Type specifies how to match against the + value of the header. + enum: + - Exact + - Present + - RegularExpression + - Absent + - Prefix + type: string + value: + description: >- + Value is the value of HTTP Header to be + matched. + type: string + required: + - name + type: object + type: array + method: + enum: + - CONNECT + - DELETE + - GET + - HEAD + - OPTIONS + - PATCH + - POST + - PUT + - TRACE + type: string + path: + properties: + type: + enum: + - Exact + - PathPrefix + - RegularExpression + type: string + value: + description: >- + Exact or prefix matches must be an + absolute path. A prefix matches only if + separated by a slash or the entire path. + minLength: 1 + type: string + required: + - type + - value + type: object + queryParams: + description: >- + QueryParams matches based on HTTP URL query + parameters. Multiple matches are ANDed + together such that all listed matches must + succeed. + items: + properties: + name: + minLength: 1 + type: string + type: + enum: + - Exact + - RegularExpression + type: string + value: + type: string + required: + - name + - type + - value + type: object + type: array + type: object + minItems: 1 + type: array + required: + - default + - matches + type: object + type: array + targetRef: + description: >- + TargetRef is a reference to the resource that represents a + group of request destinations. + properties: + kind: + description: Kind of the referenced resource + enum: + - Mesh + - MeshSubset + - MeshGateway + - MeshService + - MeshServiceSubset + - MeshHTTPRoute + type: string + mesh: + description: >- + Mesh is reserved for future use to identify cross mesh + resources. + type: string + name: + description: >- + Name of the referenced resource. Can only be used with + kinds: `MeshService`, `MeshServiceSubset` and + `MeshGatewayRoute` + type: string + tags: + additionalProperties: + type: string + description: >- + Tags used to select a subset of proxies by tags. Can + only be used with kinds `MeshSubset` and + `MeshServiceSubset` + type: object + type: object + type: object + type: array + type: object + MeshLoadBalancingStrategyItem: + type: object + properties: + type: + description: the type of the resource + type: string + enum: + - MeshLoadBalancingStrategy + mesh: + description: >- + Mesh is the name of the Kuma mesh this resource belongs to. It may + be omitted for cluster-scoped resources. + type: string + default: default + name: + description: Name of the Kuma resource + type: string + spec: + description: >- + Spec is the specification of the Kuma MeshLoadBalancingStrategy + resource. + properties: + targetRef: + description: >- + TargetRef is a reference to the resource the policy takes an + effect on. The resource could be either a real store object or + virtual resource defined inplace. + properties: + kind: + description: Kind of the referenced resource + enum: + - Mesh + - MeshSubset + - MeshGateway + - MeshService + - MeshServiceSubset + - MeshHTTPRoute + type: string + mesh: + description: >- + Mesh is reserved for future use to identify cross mesh + resources. + type: string + name: + description: >- + Name of the referenced resource. Can only be used with + kinds: `MeshService`, `MeshServiceSubset` and + `MeshGatewayRoute` + type: string + tags: + additionalProperties: + type: string + description: >- + Tags used to select a subset of proxies by tags. Can only be + used with kinds `MeshSubset` and `MeshServiceSubset` + type: object + type: object + to: + description: >- + To list makes a match between the consumed services and + corresponding configurations + items: + properties: + default: + description: >- + Default is a configuration specific to the group of + destinations referenced in 'targetRef' + properties: + loadBalancer: + description: >- + LoadBalancer allows to specify load balancing + algorithm. + properties: + leastRequest: + description: >- + LeastRequest selects N random available hosts as + specified in 'choiceCount' (2 by default) and + picks the host which has the fewest active + requests + properties: + choiceCount: + description: >- + ChoiceCount is the number of random healthy + hosts from which the host with the fewest + active requests will be chosen. Defaults to 2 + so that Envoy performs two-choice selection if + the field is not set. + format: int32 + minimum: 2 + type: integer + type: object + maglev: + description: >- + Maglev implements consistent hashing to upstream + hosts. Maglev can be used as a drop in replacement + for the ring hash load balancer any place in which + consistent hashing is desired. + properties: + hashPolicies: + description: >- + HashPolicies specify a list of + request/connection properties that are used to + calculate a hash. These hash policies are + executed in the specified order. If a hash + policy has the “terminal” attribute set to + true, and there is already a hash generated, + the hash is returned immediately, ignoring the + rest of the hash policy list. + items: + properties: + connection: + properties: + sourceIP: + description: Hash on source IP address. + type: boolean + type: object + cookie: + properties: + name: + description: >- + The name of the cookie that will be used + to obtain the hash key. + minLength: 1 + type: string + path: + description: The name of the path for the cookie. + type: string + ttl: + description: >- + If specified, a cookie with the TTL will + be generated if the cookie is not + present. + type: string + required: + - name + type: object + filterState: + properties: + key: + description: >- + The name of the Object in the + per-request filterState, which is an + Envoy::Hashable object. If there is no + data associated with the key, or the + stored object is not Envoy::Hashable, no + hash will be produced. + minLength: 1 + type: string + required: + - key + type: object + header: + properties: + name: + description: >- + The name of the request header that will + be used to obtain the hash key. + minLength: 1 + type: string + required: + - name + type: object + queryParameter: + properties: + name: + description: >- + The name of the URL query parameter that + will be used to obtain the hash key. If + the parameter is not present, no hash + will be produced. Query parameter names + are case-sensitive. + minLength: 1 + type: string + required: + - name + type: object + terminal: + description: >- + Terminal is a flag that short-circuits + the hash computing. This field provides + a ‘fallback’ style of configuration: “if + a terminal policy doesn’t work, fallback + to rest of the policy list”, it saves + time when the terminal policy works. If + true, and there is already a hash + computed, ignore rest of the list of + hash polices. + type: boolean + type: + enum: + - Header + - Cookie + - SourceIP + - QueryParameter + - FilterState + type: string + required: + - type + type: object + type: array + tableSize: + description: >- + The table size for Maglev hashing. Maglev aims + for “minimal disruption” rather than an + absolute guarantee. Minimal disruption means + that when the set of upstream hosts change, a + connection will likely be sent to the same + upstream as it was before. Increasing the + table size reduces the amount of disruption. + The table size must be prime number limited to + 5000011. If it is not specified, the default + is 65537. + format: int32 + maximum: 5000011 + minimum: 1 + type: integer + type: object + random: + description: >- + Random selects a random available host. The random + load balancer generally performs better than + round-robin if no health checking policy is + configured. Random selection avoids bias towards + the host in the set that comes after a failed + host. + type: object + ringHash: + description: >- + RingHash implements consistent hashing to + upstream hosts. Each host is mapped onto a circle + (the “ring”) by hashing its address; each request + is then routed to a host by hashing some property + of the request, and finding the nearest + corresponding host clockwise around the ring. + properties: + hashFunction: + description: >- + HashFunction is a function used to hash hosts + onto the ketama ring. The value defaults to + XX_HASH. Available values – XX_HASH, + MURMUR_HASH_2. + enum: + - XXHash + - MurmurHash2 + type: string + hashPolicies: + description: >- + HashPolicies specify a list of + request/connection properties that are used to + calculate a hash. These hash policies are + executed in the specified order. If a hash + policy has the “terminal” attribute set to + true, and there is already a hash generated, + the hash is returned immediately, ignoring the + rest of the hash policy list. + items: + properties: + connection: + properties: + sourceIP: + description: Hash on source IP address. + type: boolean + type: object + cookie: + properties: + name: + description: >- + The name of the cookie that will be used + to obtain the hash key. + minLength: 1 + type: string + path: + description: The name of the path for the cookie. + type: string + ttl: + description: >- + If specified, a cookie with the TTL will + be generated if the cookie is not + present. + type: string + required: + - name + type: object + filterState: + properties: + key: + description: >- + The name of the Object in the + per-request filterState, which is an + Envoy::Hashable object. If there is no + data associated with the key, or the + stored object is not Envoy::Hashable, no + hash will be produced. + minLength: 1 + type: string + required: + - key + type: object + header: + properties: + name: + description: >- + The name of the request header that will + be used to obtain the hash key. + minLength: 1 + type: string + required: + - name + type: object + queryParameter: + properties: + name: + description: >- + The name of the URL query parameter that + will be used to obtain the hash key. If + the parameter is not present, no hash + will be produced. Query parameter names + are case-sensitive. + minLength: 1 + type: string + required: + - name + type: object + terminal: + description: >- + Terminal is a flag that short-circuits + the hash computing. This field provides + a ‘fallback’ style of configuration: “if + a terminal policy doesn’t work, fallback + to rest of the policy list”, it saves + time when the terminal policy works. If + true, and there is already a hash + computed, ignore rest of the list of + hash polices. + type: boolean + type: + enum: + - Header + - Cookie + - SourceIP + - QueryParameter + - FilterState + type: string + required: + - type + type: object + type: array + maxRingSize: + description: >- + Maximum hash ring size. Defaults to 8M + entries, and limited to 8M entries, but can be + lowered to further constrain resource use. + format: int32 + maximum: 8000000 + minimum: 1 + type: integer + minRingSize: + description: >- + Minimum hash ring size. The larger the ring is + (that is, the more hashes there are for each + provided host) the better the request + distribution will reflect the desired weights. + Defaults to 1024 entries, and limited to 8M + entries. + format: int32 + maximum: 8000000 + minimum: 1 + type: integer + type: object + roundRobin: + description: >- + RoundRobin is a load balancing algorithm that + distributes requests across available upstream + hosts in round-robin order. + type: object + type: + enum: + - RoundRobin + - LeastRequest + - RingHash + - Random + - Maglev + type: string + required: + - type + type: object + localityAwareness: + description: >- + LocalityAwareness contains configuration for locality + aware load balancing. + properties: + disabled: + description: >- + Disabled allows to disable locality-aware load + balancing. When disabled requests are distributed + across all endpoints regardless of locality. + type: boolean + type: object + type: object + targetRef: + description: >- + TargetRef is a reference to the resource that represents a + group of destinations. + properties: + kind: + description: Kind of the referenced resource + enum: + - Mesh + - MeshSubset + - MeshGateway + - MeshService + - MeshServiceSubset + - MeshHTTPRoute + type: string + mesh: + description: >- + Mesh is reserved for future use to identify cross mesh + resources. + type: string + name: + description: >- + Name of the referenced resource. Can only be used with + kinds: `MeshService`, `MeshServiceSubset` and + `MeshGatewayRoute` + type: string + tags: + additionalProperties: + type: string + description: >- + Tags used to select a subset of proxies by tags. Can + only be used with kinds `MeshSubset` and + `MeshServiceSubset` + type: object + type: object + required: + - targetRef + type: object + type: array + required: + - targetRef + type: object + MeshProxyPatchItem: + type: object + properties: + type: + description: the type of the resource + type: string + enum: + - MeshProxyPatch + mesh: + description: >- + Mesh is the name of the Kuma mesh this resource belongs to. It may + be omitted for cluster-scoped resources. + type: string + default: default + name: + description: Name of the Kuma resource + type: string + spec: + description: Spec is the specification of the Kuma MeshProxyPatch resource. + properties: + default: + description: >- + Default is a configuration specific to the group of destinations + referenced in 'targetRef'. + properties: + appendModifications: + description: >- + AppendModifications is a list of modifications applied on + the selected proxy. + items: + properties: + cluster: + description: Cluster is a modification of Envoy's Cluster resource. + properties: + jsonPatches: + description: >- + JsonPatches specifies list of jsonpatches to apply + to on Envoy's Cluster resource + items: + description: >- + JsonPatchBlock is one json patch operation + block. + properties: + from: + description: >- + From is a jsonpatch from string, used by + move and copy operations. + type: string + op: + description: Op is a jsonpatch operation string. + enum: + - add + - remove + - replace + - move + - copy + type: string + path: + description: Path is a jsonpatch path string. + type: string + value: + description: >- + Value must be a valid json value used by + replace and add operations. + x-kubernetes-preserve-unknown-fields: true + required: + - op + - path + type: object + type: array + match: + description: >- + Match is a set of conditions that have to be + matched for modification operation to happen. + properties: + name: + description: Name of the cluster to match. + type: string + origin: + description: >- + Origin is the name of the component or plugin + that generated the resource. + Here is the list of well-known origins: inbound - resources generated for handling incoming traffic. outbound - resources generated for handling outgoing traffic. transparent - resources generated for transparent proxy functionality. prometheus - resources generated when Prometheus metrics are enabled. direct-access - resources generated for Direct Access functionality. ingress - resources generated for Zone Ingress. egress - resources generated for Zone Egress. gateway - resources generated for MeshGateway. + The list is not complete, because policy plugins can introduce new resources. For example MeshTrace plugin can create Cluster with "mesh-trace" origin. + type: string + type: object + operation: + description: Operation to execute on matched cluster. + enum: + - Add + - Remove + - Patch + type: string + value: + description: >- + Value of xDS resource in YAML format to add or + patch. + type: string + required: + - operation + type: object + httpFilter: + description: >- + HTTPFilter is a modification of Envoy HTTP Filter + available in HTTP Connection Manager in a Listener + resource. + properties: + jsonPatches: + description: >- + JsonPatches specifies list of jsonpatches to apply + to on Envoy's HTTP Filter available in HTTP + Connection Manager in a Listener resource. + items: + description: >- + JsonPatchBlock is one json patch operation + block. + properties: + from: + description: >- + From is a jsonpatch from string, used by + move and copy operations. + type: string + op: + description: Op is a jsonpatch operation string. + enum: + - add + - remove + - replace + - move + - copy + type: string + path: + description: Path is a jsonpatch path string. + type: string + value: + description: >- + Value must be a valid json value used by + replace and add operations. + x-kubernetes-preserve-unknown-fields: true + required: + - op + - path + type: object + type: array + match: + description: >- + Match is a set of conditions that have to be + matched for modification operation to happen. + properties: + listenerName: + description: Name of the listener to match. + type: string + listenerTags: + additionalProperties: + type: string + description: >- + Listener tags available in + Listener#Metadata#FilterMetadata[io.kuma.tags] + type: object + name: + description: >- + Name of the HTTP filter. For example + "envoy.filters.http.local_ratelimit" + type: string + origin: + description: >- + Origin is the name of the component or plugin + that generated the resource. + Here is the list of well-known origins: inbound - resources generated for handling incoming traffic. outbound - resources generated for handling outgoing traffic. transparent - resources generated for transparent proxy functionality. prometheus - resources generated when Prometheus metrics are enabled. direct-access - resources generated for Direct Access functionality. ingress - resources generated for Zone Ingress. egress - resources generated for Zone Egress. gateway - resources generated for MeshGateway. + The list is not complete, because policy plugins can introduce new resources. For example MeshTrace plugin can create Cluster with "mesh-trace" origin. + type: string + type: object + operation: + description: Operation to execute on matched listener. + enum: + - Remove + - Patch + - AddFirst + - AddBefore + - AddAfter + - AddLast + type: string + value: + description: >- + Value of xDS resource in YAML format to add or + patch. + type: string + required: + - operation + type: object + listener: + description: >- + Listener is a modification of Envoy's Listener + resource. + properties: + jsonPatches: + description: >- + JsonPatches specifies list of jsonpatches to apply + to on Envoy's Listener resource + items: + description: >- + JsonPatchBlock is one json patch operation + block. + properties: + from: + description: >- + From is a jsonpatch from string, used by + move and copy operations. + type: string + op: + description: Op is a jsonpatch operation string. + enum: + - add + - remove + - replace + - move + - copy + type: string + path: + description: Path is a jsonpatch path string. + type: string + value: + description: >- + Value must be a valid json value used by + replace and add operations. + x-kubernetes-preserve-unknown-fields: true + required: + - op + - path + type: object + type: array + match: + description: >- + Match is a set of conditions that have to be + matched for modification operation to happen. + properties: + name: + description: Name of the listener to match. + type: string + origin: + description: >- + Origin is the name of the component or plugin + that generated the resource. + Here is the list of well-known origins: inbound - resources generated for handling incoming traffic. outbound - resources generated for handling outgoing traffic. transparent - resources generated for transparent proxy functionality. prometheus - resources generated when Prometheus metrics are enabled. direct-access - resources generated for Direct Access functionality. ingress - resources generated for Zone Ingress. egress - resources generated for Zone Egress. gateway - resources generated for MeshGateway. + The list is not complete, because policy plugins can introduce new resources. For example MeshTrace plugin can create Cluster with "mesh-trace" origin. + type: string + tags: + additionalProperties: + type: string + description: >- + Tags available in + Listener#Metadata#FilterMetadata[io.kuma.tags] + type: object + type: object + operation: + description: Operation to execute on matched listener. + enum: + - Add + - Remove + - Patch + type: string + value: + description: >- + Value of xDS resource in YAML format to add or + patch. + type: string + required: + - operation + type: object + networkFilter: + description: >- + NetworkFilter is a modification of Envoy Listener's + filter. + properties: + jsonPatches: + description: >- + JsonPatches specifies list of jsonpatches to apply + to on Envoy Listener's filter. + items: + description: >- + JsonPatchBlock is one json patch operation + block. + properties: + from: + description: >- + From is a jsonpatch from string, used by + move and copy operations. + type: string + op: + description: Op is a jsonpatch operation string. + enum: + - add + - remove + - replace + - move + - copy + type: string + path: + description: Path is a jsonpatch path string. + type: string + value: + description: >- + Value must be a valid json value used by + replace and add operations. + x-kubernetes-preserve-unknown-fields: true + required: + - op + - path + type: object + type: array + match: + description: >- + Match is a set of conditions that have to be + matched for modification operation to happen. + properties: + listenerName: + description: Name of the listener to match. + type: string + listenerTags: + additionalProperties: + type: string + description: >- + Listener tags available in + Listener#Metadata#FilterMetadata[io.kuma.tags] + type: object + name: + description: >- + Name of the network filter. For example + "envoy.filters.network.ratelimit" + type: string + origin: + description: >- + Origin is the name of the component or plugin + that generated the resource. + Here is the list of well-known origins: inbound - resources generated for handling incoming traffic. outbound - resources generated for handling outgoing traffic. transparent - resources generated for transparent proxy functionality. prometheus - resources generated when Prometheus metrics are enabled. direct-access - resources generated for Direct Access functionality. ingress - resources generated for Zone Ingress. egress - resources generated for Zone Egress. gateway - resources generated for MeshGateway. + The list is not complete, because policy plugins can introduce new resources. For example MeshTrace plugin can create Cluster with "mesh-trace" origin. + type: string + type: object + operation: + description: Operation to execute on matched listener. + enum: + - Remove + - Patch + - AddFirst + - AddBefore + - AddAfter + - AddLast + type: string + value: + description: >- + Value of xDS resource in YAML format to add or + patch. + type: string + required: + - operation + type: object + virtualHost: + description: >- + VirtualHost is a modification of Envoy's VirtualHost + referenced in HTTP Connection Manager in a Listener + resource. + properties: + jsonPatches: + description: >- + JsonPatches specifies list of jsonpatches to apply + to on Envoy's VirtualHost resource + items: + description: >- + JsonPatchBlock is one json patch operation + block. + properties: + from: + description: >- + From is a jsonpatch from string, used by + move and copy operations. + type: string + op: + description: Op is a jsonpatch operation string. + enum: + - add + - remove + - replace + - move + - copy + type: string + path: + description: Path is a jsonpatch path string. + type: string + value: + description: >- + Value must be a valid json value used by + replace and add operations. + x-kubernetes-preserve-unknown-fields: true + required: + - op + - path + type: object + type: array + match: + description: >- + Match is a set of conditions that have to be + matched for modification operation to happen. + properties: + name: + description: Name of the VirtualHost to match. + type: string + origin: + description: >- + Origin is the name of the component or plugin + that generated the resource. + Here is the list of well-known origins: inbound - resources generated for handling incoming traffic. outbound - resources generated for handling outgoing traffic. transparent - resources generated for transparent proxy functionality. prometheus - resources generated when Prometheus metrics are enabled. direct-access - resources generated for Direct Access functionality. ingress - resources generated for Zone Ingress. egress - resources generated for Zone Egress. gateway - resources generated for MeshGateway. + The list is not complete, because policy plugins can introduce new resources. For example MeshTrace plugin can create Cluster with "mesh-trace" origin. + type: string + routeConfigurationName: + description: >- + Name of the RouteConfiguration resource to + match. + type: string + type: object + operation: + description: Operation to execute on matched listener. + enum: + - Add + - Remove + - Patch + type: string + value: + description: >- + Value of xDS resource in YAML format to add or + patch. + type: string + required: + - match + - operation + type: object + type: object + type: array + required: + - appendModifications + type: object + targetRef: + description: >- + TargetRef is a reference to the resource the policy takes an + effect on. The resource could be either a real store object or + virtual resource defined inplace. + properties: + kind: + description: Kind of the referenced resource + enum: + - Mesh + - MeshSubset + - MeshGateway + - MeshService + - MeshServiceSubset + - MeshHTTPRoute + type: string + mesh: + description: >- + Mesh is reserved for future use to identify cross mesh + resources. + type: string + name: + description: >- + Name of the referenced resource. Can only be used with + kinds: `MeshService`, `MeshServiceSubset` and + `MeshGatewayRoute` + type: string + tags: + additionalProperties: + type: string + description: >- + Tags used to select a subset of proxies by tags. Can only be + used with kinds `MeshSubset` and `MeshServiceSubset` + type: object + type: object + required: + - default + - targetRef + type: object + MeshRateLimitItem: + type: object + properties: + type: + description: the type of the resource + type: string + enum: + - MeshRateLimit + mesh: + description: >- + Mesh is the name of the Kuma mesh this resource belongs to. It may + be omitted for cluster-scoped resources. + type: string + default: default + name: + description: Name of the Kuma resource + type: string + spec: + description: Spec is the specification of the Kuma MeshRateLimit resource. + properties: + from: + description: >- + From list makes a match between clients and corresponding + configurations + items: + properties: + default: + description: >- + Default is a configuration specific to the group of + clients referenced in 'targetRef' + properties: + local: + description: >- + LocalConf defines local http or/and tcp rate limit + configuration + properties: + http: + description: >- + LocalHTTP defines confguration of local HTTP rate + limiting + https://www.envoyproxy.io/docs/envoy/latest/configuration/http/http_filters/local_rate_limit_filter + properties: + disabled: + description: Define if rate limiting should be disabled. + type: boolean + onRateLimit: + description: >- + Describes the actions to take on a rate limit + event + properties: + headers: + description: >- + The Headers to be added to the HTTP + response on a rate limit event + properties: + add: + items: + properties: + name: + maxLength: 256 + minLength: 1 + pattern: ^[a-z0-9!#$%&'*+\-.^_\x60|~]+$ + type: string + value: + type: string + required: + - name + - value + type: object + maxItems: 16 + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map + set: + items: + properties: + name: + maxLength: 256 + minLength: 1 + pattern: ^[a-z0-9!#$%&'*+\-.^_\x60|~]+$ + type: string + value: + type: string + required: + - name + - value + type: object + maxItems: 16 + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map + type: object + status: + description: >- + The HTTP status code to be set on a rate + limit event + format: int32 + type: integer + type: object + requestRate: + description: >- + Defines how many requests are allowed per + interval. + properties: + interval: + description: >- + The interval the number of units is + accounted for. + type: string + num: + description: >- + Number of units per interval (depending on + usage it can be a number of requests, or a + number of connections). + format: int32 + type: integer + required: + - interval + - num + type: object + type: object + tcp: + description: >- + LocalTCP defines confguration of local TCP rate + limiting + https://www.envoyproxy.io/docs/envoy/latest/configuration/listeners/network_filters/local_rate_limit_filter + properties: + connectionRate: + description: >- + Defines how many connections are allowed per + interval. + properties: + interval: + description: >- + The interval the number of units is + accounted for. + type: string + num: + description: >- + Number of units per interval (depending on + usage it can be a number of requests, or a + number of connections). + format: int32 + type: integer + required: + - interval + - num + type: object + disabled: + description: >- + Define if rate limiting should be disabled. + Default: false + type: boolean + type: object + type: object + type: object + targetRef: + description: >- + TargetRef is a reference to the resource that represents a + group of clients. + properties: + kind: + description: Kind of the referenced resource + enum: + - Mesh + - MeshSubset + - MeshGateway + - MeshService + - MeshServiceSubset + - MeshHTTPRoute + type: string + mesh: + description: >- + Mesh is reserved for future use to identify cross mesh + resources. + type: string + name: + description: >- + Name of the referenced resource. Can only be used with + kinds: `MeshService`, `MeshServiceSubset` and + `MeshGatewayRoute` + type: string + tags: + additionalProperties: + type: string + description: >- + Tags used to select a subset of proxies by tags. Can + only be used with kinds `MeshSubset` and + `MeshServiceSubset` + type: object + type: object + required: + - targetRef + type: object + type: array + targetRef: + description: >- + TargetRef is a reference to the resource the policy takes an + effect on. The resource could be either a real store object or + virtual resource defined inplace. + properties: + kind: + description: Kind of the referenced resource + enum: + - Mesh + - MeshSubset + - MeshGateway + - MeshService + - MeshServiceSubset + - MeshHTTPRoute + type: string + mesh: + description: >- + Mesh is reserved for future use to identify cross mesh + resources. + type: string + name: + description: >- + Name of the referenced resource. Can only be used with + kinds: `MeshService`, `MeshServiceSubset` and + `MeshGatewayRoute` + type: string + tags: + additionalProperties: + type: string + description: >- + Tags used to select a subset of proxies by tags. Can only be + used with kinds `MeshSubset` and `MeshServiceSubset` + type: object + type: object + required: + - targetRef + type: object + MeshRetryItem: + type: object + properties: + type: + description: the type of the resource + type: string + enum: + - MeshRetry + mesh: + description: >- + Mesh is the name of the Kuma mesh this resource belongs to. It may + be omitted for cluster-scoped resources. + type: string + default: default + name: + description: Name of the Kuma resource + type: string + spec: + description: Spec is the specification of the Kuma MeshRetry resource. + properties: + targetRef: + description: >- + TargetRef is a reference to the resource the policy takes an + effect on. The resource could be either a real store object or + virtual resource defined inplace. + properties: + kind: + description: Kind of the referenced resource + enum: + - Mesh + - MeshSubset + - MeshGateway + - MeshService + - MeshServiceSubset + - MeshHTTPRoute + type: string + mesh: + description: >- + Mesh is reserved for future use to identify cross mesh + resources. + type: string + name: + description: >- + Name of the referenced resource. Can only be used with + kinds: `MeshService`, `MeshServiceSubset` and + `MeshGatewayRoute` + type: string + tags: + additionalProperties: + type: string + description: >- + Tags used to select a subset of proxies by tags. Can only be + used with kinds `MeshSubset` and `MeshServiceSubset` + type: object + type: object + to: + description: >- + To list makes a match between the consumed services and + corresponding configurations + items: + properties: + default: + description: >- + Default is a configuration specific to the group of + destinations referenced in 'targetRef' + properties: + grpc: + description: >- + GRPC defines a configuration of retries for GRPC + traffic + properties: + backOff: + description: >- + BackOff is a configuration of durations which will + be used in exponential backoff strategy between + retries. + properties: + baseInterval: + description: >- + BaseInterval is an amount of time which should + be taken between retries. Must be greater than + zero. Values less than 1 ms are rounded up to + 1 ms. Default is 25ms. + type: string + maxInterval: + description: >- + MaxInterval is a maximal amount of time which + will be taken between retries. Default is 10 + times the "BaseInterval". + type: string + type: object + numRetries: + description: >- + NumRetries is the number of attempts that will be + made on failed (and retriable) requests. + format: int32 + type: integer + perTryTimeout: + description: >- + PerTryTimeout is the amount of time after which + retry attempt should timeout. Setting this timeout + to 0 will disable it. Default is 15s. + type: string + rateLimitedBackOff: + description: >- + RateLimitedBackOff is a configuration of backoff + which will be used when the upstream returns one + of the headers configured. + properties: + maxInterval: + description: >- + MaxInterval is a maximal amount of time which + will be taken between retries. Default is 300 + seconds. + type: string + resetHeaders: + description: >- + ResetHeaders specifies the list of headers + (like Retry-After or X-RateLimit-Reset) to + match against the response. Headers are tried + in order, and matched case-insensitive. The + first header to be parsed successfully is + used. If no headers match the default + exponential BackOff is used instead. + items: + properties: + format: + description: >- + The format of the reset header, either + Seconds or UnixTimestamp. + enum: + - Seconds + - UnixTimestamp + type: string + name: + description: The Name of the reset header. + maxLength: 256 + minLength: 1 + pattern: ^[a-z0-9!#$%&'*+\-.^_\x60|~]+$ + type: string + required: + - format + - name + type: object + type: array + type: object + retryOn: + description: >- + RetryOn is a list of conditions which will cause a + retry. Available values are: [Canceled, + DeadlineExceeded, Internal, ResourceExhausted, + Unavailable]. + items: + type: string + type: array + type: object + http: + description: >- + HTTP defines a configuration of retries for HTTP + traffic + properties: + backOff: + description: >- + BackOff is a configuration of durations which will + be used in exponential backoff strategy between + retries + properties: + baseInterval: + description: >- + BaseInterval is an amount of time which should + be taken between retries. Must be greater than + zero. Values less than 1 ms are rounded up to + 1 ms. Default is 25ms. + type: string + maxInterval: + description: >- + MaxInterval is a maximal amount of time which + will be taken between retries. Default is 10 + times the "BaseInterval". + type: string + type: object + hostSelection: + description: >- + HostSelection is a list of predicates that dictate + how hosts should be selected when requests are + retried. + items: + properties: + predicate: + description: >- + Type is requested predicate mode. Available + values are OmitPreviousHosts, + OmitHostsWithTags, and + OmitPreviousPriorities. + type: string + tags: + additionalProperties: + type: string + description: >- + Tags is a map of metadata to match against + for selecting the omitted hosts. Required if + Type is OmitHostsWithTags + type: object + updateFrequency: + description: >- + UpdateFrequency is how often the priority + load should be updated based on previously + attempted priorities. Used for + OmitPreviousPriorities. Default is 2 if not + set. + format: int32 + type: integer + required: + - predicate + type: object + type: array + hostSelectionMaxAttempts: + description: >- + HostSelectionMaxAttempts is the maximum number of + times host selection will be reattempted before + giving up, at which point the host that was last + selected will be routed to. If unspecified, this + will default to retrying once. + format: int64 + type: integer + numRetries: + description: >- + NumRetries is the number of attempts that will be + made on failed (and retriable) requests + format: int32 + type: integer + perTryTimeout: + description: >- + PerTryTimeout is the amount of time after which + retry attempt should timeout. Setting this timeout + to 0 will disable it. Default is 15s. + type: string + rateLimitedBackOff: + description: >- + RateLimitedBackOff is a configuration of backoff + which will be used when the upstream returns one + of the headers configured. + properties: + maxInterval: + description: >- + MaxInterval is a maximal amount of time which + will be taken between retries. Default is 300 + seconds. + type: string + resetHeaders: + description: >- + ResetHeaders specifies the list of headers + (like Retry-After or X-RateLimit-Reset) to + match against the response. Headers are tried + in order, and matched case-insensitive. The + first header to be parsed successfully is + used. If no headers match the default + exponential BackOff is used instead. + items: + properties: + format: + description: >- + The format of the reset header, either + Seconds or UnixTimestamp. + enum: + - Seconds + - UnixTimestamp + type: string + name: + description: The Name of the reset header. + maxLength: 256 + minLength: 1 + pattern: ^[a-z0-9!#$%&'*+\-.^_\x60|~]+$ + type: string + required: + - format + - name + type: object + type: array + type: object + retriableRequestHeaders: + description: >- + RetriableRequestHeaders is an HTTP headers which + must be present in the request for retries to be + attempted. + items: + description: >- + HeaderMatch describes how to select an HTTP + route by matching HTTP request headers. + properties: + name: + description: >- + Name is the name of the HTTP Header to be + matched. Name MUST be lower case as they + will be handled with case insensitivity (See + https://tools.ietf.org/html/rfc7230#section-3.2). + maxLength: 256 + minLength: 1 + pattern: ^[a-z0-9!#$%&'*+\-.^_\x60|~]+$ + type: string + type: + default: Exact + description: >- + Type specifies how to match against the + value of the header. + enum: + - Exact + - Present + - RegularExpression + - Absent + - Prefix + type: string + value: + description: >- + Value is the value of HTTP Header to be + matched. + type: string + required: + - name + type: object + type: array + retriableResponseHeaders: + description: >- + RetriableResponseHeaders is an HTTP response + headers that trigger a retry if present in the + response. A retry will be triggered if any of the + header matches match the upstream response + headers. + items: + description: >- + HeaderMatch describes how to select an HTTP + route by matching HTTP request headers. + properties: + name: + description: >- + Name is the name of the HTTP Header to be + matched. Name MUST be lower case as they + will be handled with case insensitivity (See + https://tools.ietf.org/html/rfc7230#section-3.2). + maxLength: 256 + minLength: 1 + pattern: ^[a-z0-9!#$%&'*+\-.^_\x60|~]+$ + type: string + type: + default: Exact + description: >- + Type specifies how to match against the + value of the header. + enum: + - Exact + - Present + - RegularExpression + - Absent + - Prefix + type: string + value: + description: >- + Value is the value of HTTP Header to be + matched. + type: string + required: + - name + type: object + type: array + retryOn: + description: >- + RetryOn is a list of conditions which will cause a + retry. Available values are: [5XX, GatewayError, + Reset, Retriable4xx, ConnectFailure, + EnvoyRatelimited, RefusedStream, + Http3PostConnectFailure, HttpMethodConnect, + HttpMethodDelete, HttpMethodGet, HttpMethodHead, + HttpMethodOptions, HttpMethodPatch, + HttpMethodPost, HttpMethodPut, HttpMethodTrace]. + Also, any HTTP status code (500, 503, etc). + items: + type: string + type: array + type: object + tcp: + description: TCP defines a configuration of retries for TCP traffic + properties: + maxConnectAttempt: + description: >- + MaxConnectAttempt is a maximal amount of TCP + connection attempts which will be made before + giving up + format: int32 + type: integer + type: object + type: object + targetRef: + description: >- + TargetRef is a reference to the resource that represents a + group of destinations. + properties: + kind: + description: Kind of the referenced resource + enum: + - Mesh + - MeshSubset + - MeshGateway + - MeshService + - MeshServiceSubset + - MeshHTTPRoute + type: string + mesh: + description: >- + Mesh is reserved for future use to identify cross mesh + resources. + type: string + name: + description: >- + Name of the referenced resource. Can only be used with + kinds: `MeshService`, `MeshServiceSubset` and + `MeshGatewayRoute` + type: string + tags: + additionalProperties: + type: string + description: >- + Tags used to select a subset of proxies by tags. Can + only be used with kinds `MeshSubset` and + `MeshServiceSubset` + type: object + type: object + required: + - targetRef + type: object + type: array + required: + - targetRef + type: object + MeshTCPRouteItem: + type: object + properties: + type: + description: the type of the resource + type: string + enum: + - MeshTCPRoute + mesh: + description: >- + Mesh is the name of the Kuma mesh this resource belongs to. It may + be omitted for cluster-scoped resources. + type: string + default: default + name: + description: Name of the Kuma resource + type: string + spec: + description: Spec is the specification of the Kuma MeshTCPRoute resource. + properties: + targetRef: + description: >- + TargetRef is a reference to the resource the policy takes an + effect on. The resource could be either a real store object or + virtual resource defined in-place. + properties: + kind: + description: Kind of the referenced resource + enum: + - Mesh + - MeshSubset + - MeshGateway + - MeshService + - MeshServiceSubset + - MeshHTTPRoute + type: string + mesh: + description: >- + Mesh is reserved for future use to identify cross mesh + resources. + type: string + name: + description: >- + Name of the referenced resource. Can only be used with + kinds: `MeshService`, `MeshServiceSubset` and + `MeshGatewayRoute` + type: string + tags: + additionalProperties: + type: string + description: >- + Tags used to select a subset of proxies by tags. Can only be + used with kinds `MeshSubset` and `MeshServiceSubset` + type: object + type: object + to: + description: >- + To list makes a match between the consumed services and + corresponding configurations + items: + properties: + rules: + description: >- + Rules contains the routing rules applies to a combination + of top-level targetRef and the targetRef in this entry. + items: + properties: + default: + description: >- + Default holds routing rules that can be merged with + rules from other policies. + properties: + backendRefs: + items: + description: BackendRef defines where to forward traffic. + properties: + kind: + description: Kind of the referenced resource + enum: + - Mesh + - MeshSubset + - MeshGateway + - MeshService + - MeshServiceSubset + - MeshHTTPRoute + type: string + mesh: + description: >- + Mesh is reserved for future use to + identify cross mesh resources. + type: string + name: + description: >- + Name of the referenced resource. Can only + be used with kinds: `MeshService`, + `MeshServiceSubset` and `MeshGatewayRoute` + type: string + tags: + additionalProperties: + type: string + description: >- + Tags used to select a subset of proxies by + tags. Can only be used with kinds + `MeshSubset` and `MeshServiceSubset` + type: object + weight: + default: 1 + minimum: 0 + type: integer + type: object + minItems: 1 + type: array + required: + - backendRefs + type: object + required: + - default + type: object + maxItems: 1 + type: array + targetRef: + description: >- + TargetRef is a reference to the resource that represents a + group of destinations. + properties: + kind: + description: Kind of the referenced resource + enum: + - Mesh + - MeshSubset + - MeshGateway + - MeshService + - MeshServiceSubset + - MeshHTTPRoute + type: string + mesh: + description: >- + Mesh is reserved for future use to identify cross mesh + resources. + type: string + name: + description: >- + Name of the referenced resource. Can only be used with + kinds: `MeshService`, `MeshServiceSubset` and + `MeshGatewayRoute` + type: string + tags: + additionalProperties: + type: string + description: >- + Tags used to select a subset of proxies by tags. Can + only be used with kinds `MeshSubset` and + `MeshServiceSubset` + type: object + type: object + required: + - targetRef + type: object + minItems: 1 + type: array + required: + - targetRef + type: object + MeshTimeoutItem: + type: object + properties: + type: + description: the type of the resource + type: string + enum: + - MeshTimeout + mesh: + description: >- + Mesh is the name of the Kuma mesh this resource belongs to. It may + be omitted for cluster-scoped resources. + type: string + default: default + name: + description: Name of the Kuma resource + type: string + spec: + description: Spec is the specification of the Kuma MeshTimeout resource. + properties: + from: + description: >- + From list makes a match between clients and corresponding + configurations + items: + properties: + default: + description: >- + Default is a configuration specific to the group of + clients referenced in 'targetRef' + properties: + connectionTimeout: + description: >- + ConnectionTimeout specifies the amount of time proxy + will wait for an TCP connection to be established. + Default value is 5 seconds. Cannot be set to 0. + type: string + http: + description: Http provides configuration for HTTP specific timeouts + properties: + maxConnectionDuration: + description: >- + MaxConnectionDuration is the time after which a + connection will be drained and/or closed, starting + from when it was first established. Setting this + timeout to 0 will disable it. Disabled by default. + type: string + maxStreamDuration: + description: >- + MaxStreamDuration is the maximum time that a + stream’s lifetime will span. Setting this timeout + to 0 will disable it. Disabled by default. + type: string + requestTimeout: + description: >- + RequestTimeout The amount of time that proxy will + wait for the entire request to be received. The + timer is activated when the request is initiated, + and is disarmed when the last byte of the request + is sent, OR when the response is initiated. + Setting this timeout to 0 will disable it. Default + is 15s. + type: string + streamIdleTimeout: + description: >- + StreamIdleTimeout is the amount of time that proxy + will allow a stream to exist with no activity. + Setting this timeout to 0 will disable it. Default + is 30m + type: string + type: object + idleTimeout: + description: >- + IdleTimeout is defined as the period in which there + are no bytes sent or received on connection Setting + this timeout to 0 will disable it. Be cautious when + disabling it because it can lead to connection + leaking. Default value is 1h. + type: string + type: object + targetRef: + description: >- + TargetRef is a reference to the resource that represents a + group of clients. + properties: + kind: + description: Kind of the referenced resource + enum: + - Mesh + - MeshSubset + - MeshGateway + - MeshService + - MeshServiceSubset + - MeshHTTPRoute + type: string + mesh: + description: >- + Mesh is reserved for future use to identify cross mesh + resources. + type: string + name: + description: >- + Name of the referenced resource. Can only be used with + kinds: `MeshService`, `MeshServiceSubset` and + `MeshGatewayRoute` + type: string + tags: + additionalProperties: + type: string + description: >- + Tags used to select a subset of proxies by tags. Can + only be used with kinds `MeshSubset` and + `MeshServiceSubset` + type: object + type: object + required: + - targetRef + type: object + type: array + targetRef: + description: >- + TargetRef is a reference to the resource the policy takes an + effect on. The resource could be either a real store object or + virtual resource defined inplace. + properties: + kind: + description: Kind of the referenced resource + enum: + - Mesh + - MeshSubset + - MeshGateway + - MeshService + - MeshServiceSubset + - MeshHTTPRoute + type: string + mesh: + description: >- + Mesh is reserved for future use to identify cross mesh + resources. + type: string + name: + description: >- + Name of the referenced resource. Can only be used with + kinds: `MeshService`, `MeshServiceSubset` and + `MeshGatewayRoute` + type: string + tags: + additionalProperties: + type: string + description: >- + Tags used to select a subset of proxies by tags. Can only be + used with kinds `MeshSubset` and `MeshServiceSubset` + type: object + type: object + to: + description: >- + To list makes a match between the consumed services and + corresponding configurations + items: + properties: + default: + description: >- + Default is a configuration specific to the group of + destinations referenced in 'targetRef' + properties: + connectionTimeout: + description: >- + ConnectionTimeout specifies the amount of time proxy + will wait for an TCP connection to be established. + Default value is 5 seconds. Cannot be set to 0. + type: string + http: + description: Http provides configuration for HTTP specific timeouts + properties: + maxConnectionDuration: + description: >- + MaxConnectionDuration is the time after which a + connection will be drained and/or closed, starting + from when it was first established. Setting this + timeout to 0 will disable it. Disabled by default. + type: string + maxStreamDuration: + description: >- + MaxStreamDuration is the maximum time that a + stream’s lifetime will span. Setting this timeout + to 0 will disable it. Disabled by default. + type: string + requestTimeout: + description: >- + RequestTimeout The amount of time that proxy will + wait for the entire request to be received. The + timer is activated when the request is initiated, + and is disarmed when the last byte of the request + is sent, OR when the response is initiated. + Setting this timeout to 0 will disable it. Default + is 15s. + type: string + streamIdleTimeout: + description: >- + StreamIdleTimeout is the amount of time that proxy + will allow a stream to exist with no activity. + Setting this timeout to 0 will disable it. Default + is 30m + type: string + type: object + idleTimeout: + description: >- + IdleTimeout is defined as the period in which there + are no bytes sent or received on connection Setting + this timeout to 0 will disable it. Be cautious when + disabling it because it can lead to connection + leaking. Default value is 1h. + type: string + type: object + targetRef: + description: >- + TargetRef is a reference to the resource that represents a + group of destinations. + properties: + kind: + description: Kind of the referenced resource + enum: + - Mesh + - MeshSubset + - MeshGateway + - MeshService + - MeshServiceSubset + - MeshHTTPRoute + type: string + mesh: + description: >- + Mesh is reserved for future use to identify cross mesh + resources. + type: string + name: + description: >- + Name of the referenced resource. Can only be used with + kinds: `MeshService`, `MeshServiceSubset` and + `MeshGatewayRoute` + type: string + tags: + additionalProperties: + type: string + description: >- + Tags used to select a subset of proxies by tags. Can + only be used with kinds `MeshSubset` and + `MeshServiceSubset` + type: object + type: object + required: + - targetRef + type: object + type: array + required: + - targetRef + type: object + MeshTraceItem: + type: object + properties: + type: + description: the type of the resource + type: string + enum: + - MeshTrace + mesh: + description: >- + Mesh is the name of the Kuma mesh this resource belongs to. It may + be omitted for cluster-scoped resources. + type: string + default: default + name: + description: Name of the Kuma resource + type: string + spec: + description: Spec is the specification of the Kuma MeshTrace resource. + properties: + default: + description: MeshTrace configuration. + properties: + backends: + description: >- + A one element array of backend definition. Envoy allows + configuring only 1 backend, so the natural way of + representing that would be just one object. Unfortunately + due to the reasons explained in MADR 009-tracing-policy this + has to be a one element array for now. + items: + description: Only one of zipkin, datadog or openTelemetry can be used. + properties: + datadog: + description: Datadog backend configuration. + properties: + splitService: + description: >- + Determines if datadog service name should be split + based on traffic direction and destination. For + example, with `splitService: true` and a `backend` + service that communicates with a couple of + databases, you would get service names like + `backend_INBOUND`, `backend_OUTBOUND_db1`, and + `backend_OUTBOUND_db2` in Datadog. Default: false + type: boolean + url: + description: >- + Address of Datadog collector, only host and port + are allowed (no paths, fragments etc.) + type: string + required: + - url + type: object + openTelemetry: + description: OpenTelemetry backend configuration. + properties: + endpoint: + description: Address of OpenTelemetry collector. + example: otel-collector:4317 + minLength: 1 + type: string + required: + - endpoint + type: object + type: + enum: + - Zipkin + - Datadog + - OpenTelemetry + type: string + zipkin: + description: Zipkin backend configuration. + properties: + apiVersion: + default: httpJson + description: >- + Version of the API. values: httpJson, httpProto. + Default: httpJson see + https://github.com/envoyproxy/envoy/blob/v1.22.0/api/envoy/config/trace/v3/zipkin.proto#L66 + enum: + - httpJson + - httpProto + type: string + sharedSpanContext: + description: >- + Determines whether client and server spans will + share the same span context. Default: true. + https://github.com/envoyproxy/envoy/blob/v1.22.0/api/envoy/config/trace/v3/zipkin.proto#L63 + type: boolean + traceId128bit: + description: 'Generate 128bit traces. Default: false' + type: boolean + url: + description: Address of Zipkin collector. + type: string + required: + - url + type: object + required: + - type + type: object + type: array + sampling: + description: >- + Sampling configuration. Sampling is the process by which a + decision is made on whether to process/export a span or not. + properties: + client: + anyOf: + - type: integer + - type: string + description: >- + Target percentage of requests that will be force traced + if the 'x-client-trace-id' header is set. Default: 100% + Mirror of client_sampling in Envoy + https://github.com/envoyproxy/envoy/blob/v1.22.0/api/envoy/config/filter/network/http_connection_manager/v2/http_connection_manager.proto#L127-L133 + Either int or decimal represented as string. + x-kubernetes-int-or-string: true + overall: + anyOf: + - type: integer + - type: string + description: >- + Target percentage of requests will be traced after all + other sampling checks have been applied (client, force + tracing, random sampling). This field functions as an + upper limit on the total configured sampling rate. For + instance, setting client_sampling to 100% but + overall_sampling to 1% will result in only 1% of client + requests with the appropriate headers to be force + traced. Default: 100% Mirror of overall_sampling in + Envoy + https://github.com/envoyproxy/envoy/blob/v1.22.0/api/envoy/config/filter/network/http_connection_manager/v2/http_connection_manager.proto#L142-L150 + Either int or decimal represented as string. + x-kubernetes-int-or-string: true + random: + anyOf: + - type: integer + - type: string + description: >- + Target percentage of requests that will be randomly + selected for trace generation, if not requested by the + client or not forced. Default: 100% Mirror of + random_sampling in Envoy + https://github.com/envoyproxy/envoy/blob/v1.22.0/api/envoy/config/filter/network/http_connection_manager/v2/http_connection_manager.proto#L135-L140 + Either int or decimal represented as string. + x-kubernetes-int-or-string: true + type: object + tags: + description: >- + Custom tags configuration. You can add custom tags to traces + based on headers or literal values. + items: + description: >- + Custom tags configuration. Only one of literal or header + can be used. + properties: + header: + description: Tag taken from a header. + properties: + default: + description: >- + Default value to use if header is missing. If the + default is missing and there is no value the tag + will not be included. + type: string + name: + description: Name of the header. + type: string + required: + - name + type: object + literal: + description: Tag taken from literal value. + type: string + name: + description: Name of the tag. + type: string + required: + - name + type: object + type: array + type: object + targetRef: + description: >- + TargetRef is a reference to the resource the policy takes an + effect on. The resource could be either a real store object or + virtual resource defined inplace. + properties: + kind: + description: Kind of the referenced resource + enum: + - Mesh + - MeshSubset + - MeshGateway + - MeshService + - MeshServiceSubset + - MeshHTTPRoute + type: string + mesh: + description: >- + Mesh is reserved for future use to identify cross mesh + resources. + type: string + name: + description: >- + Name of the referenced resource. Can only be used with + kinds: `MeshService`, `MeshServiceSubset` and + `MeshGatewayRoute` + type: string + tags: + additionalProperties: + type: string + description: >- + Tags used to select a subset of proxies by tags. Can only be + used with kinds `MeshSubset` and `MeshServiceSubset` + type: object + type: object + required: + - targetRef + type: object + MeshTrafficPermissionItem: + type: object + properties: + type: + description: the type of the resource + type: string + enum: + - MeshTrafficPermission + mesh: + description: >- + Mesh is the name of the Kuma mesh this resource belongs to. It may + be omitted for cluster-scoped resources. + type: string + default: default + name: + description: Name of the Kuma resource + type: string + spec: + description: >- + Spec is the specification of the Kuma MeshTrafficPermission + resource. + properties: + from: + description: >- + From list makes a match between clients and corresponding + configurations + items: + properties: + default: + description: >- + Default is a configuration specific to the group of + clients referenced in 'targetRef' + properties: + action: + description: >- + Action defines a behavior for the specified group of + clients: + enum: + - Allow + - Deny + - AllowWithShadowDeny + type: string + type: object + targetRef: + description: >- + TargetRef is a reference to the resource that represents a + group of clients. + properties: + kind: + description: Kind of the referenced resource + enum: + - Mesh + - MeshSubset + - MeshGateway + - MeshService + - MeshServiceSubset + - MeshHTTPRoute + type: string + mesh: + description: >- + Mesh is reserved for future use to identify cross mesh + resources. + type: string + name: + description: >- + Name of the referenced resource. Can only be used with + kinds: `MeshService`, `MeshServiceSubset` and + `MeshGatewayRoute` + type: string + tags: + additionalProperties: + type: string + description: >- + Tags used to select a subset of proxies by tags. Can + only be used with kinds `MeshSubset` and + `MeshServiceSubset` + type: object + type: object + required: + - targetRef + type: object + type: array + targetRef: + description: >- + TargetRef is a reference to the resource the policy takes an + effect on. The resource could be either a real store object or + virtual resource defined inplace. + properties: + kind: + description: Kind of the referenced resource + enum: + - Mesh + - MeshSubset + - MeshGateway + - MeshService + - MeshServiceSubset + - MeshHTTPRoute + type: string + mesh: + description: >- + Mesh is reserved for future use to identify cross mesh + resources. + type: string + name: + description: >- + Name of the referenced resource. Can only be used with + kinds: `MeshService`, `MeshServiceSubset` and + `MeshGatewayRoute` + type: string + tags: + additionalProperties: + type: string + description: >- + Tags used to select a subset of proxies by tags. Can only be + used with kinds `MeshSubset` and `MeshServiceSubset` + type: object + type: object + required: + - targetRef + type: object + responses: + GlobalInsightResponse: + description: A response containing global insight. + content: + application/json: + schema: + $ref: '#/components/schemas/GlobalInsight' + examples: + Single control plane response: + $ref: '#/components/examples/GlobalInsightExample' + BadRequest: + description: Bad Request + content: + application/problem+json: + schema: + $ref: '#/components/schemas/Error' + InternalServerError: + description: Internal Server Error + content: + application/problem+json: + schema: + $ref: '#/components/schemas/Error' + MeshAccessLogItem: + description: Successful response + content: + application/json: + schema: + $ref: '#/components/schemas/MeshAccessLogItem' + MeshAccessLogList: + description: List + content: + application/json: + schema: + type: object + properties: + items: + type: array + items: + $ref: '#/components/schemas/MeshAccessLogItem' + total: + type: number + description: The total number of entities + next: + type: string + description: URL to the next page + MeshCircuitBreakerItem: + description: Successful response + content: + application/json: + schema: + $ref: '#/components/schemas/MeshCircuitBreakerItem' + MeshCircuitBreakerList: + description: List + content: + application/json: + schema: + type: object + properties: + items: + type: array + items: + $ref: '#/components/schemas/MeshCircuitBreakerItem' + total: + type: number + description: The total number of entities + next: + type: string + description: URL to the next page + MeshFaultInjectionItem: + description: Successful response + content: + application/json: + schema: + $ref: '#/components/schemas/MeshFaultInjectionItem' + MeshFaultInjectionList: + description: List + content: + application/json: + schema: + type: object + properties: + items: + type: array + items: + $ref: '#/components/schemas/MeshFaultInjectionItem' + total: + type: number + description: The total number of entities + next: + type: string + description: URL to the next page + MeshHealthCheckItem: + description: Successful response + content: + application/json: + schema: + $ref: '#/components/schemas/MeshHealthCheckItem' + MeshHealthCheckList: + description: List + content: + application/json: + schema: + type: object + properties: + items: + type: array + items: + $ref: '#/components/schemas/MeshHealthCheckItem' + total: + type: number + description: The total number of entities + next: + type: string + description: URL to the next page + MeshHTTPRouteItem: + description: Successful response + content: + application/json: + schema: + $ref: '#/components/schemas/MeshHTTPRouteItem' + MeshHTTPRouteList: + description: List + content: + application/json: + schema: + type: object + properties: + items: + type: array + items: + $ref: '#/components/schemas/MeshHTTPRouteItem' + total: + type: number + description: The total number of entities + next: + type: string + description: URL to the next page + MeshLoadBalancingStrategyItem: + description: Successful response + content: + application/json: + schema: + $ref: '#/components/schemas/MeshLoadBalancingStrategyItem' + MeshLoadBalancingStrategyList: + description: List + content: + application/json: + schema: + type: object + properties: + items: + type: array + items: + $ref: '#/components/schemas/MeshLoadBalancingStrategyItem' + total: + type: number + description: The total number of entities + next: + type: string + description: URL to the next page + MeshProxyPatchItem: + description: Successful response + content: + application/json: + schema: + $ref: '#/components/schemas/MeshProxyPatchItem' + MeshProxyPatchList: + description: List + content: + application/json: + schema: + type: object + properties: + items: + type: array + items: + $ref: '#/components/schemas/MeshProxyPatchItem' + total: + type: number + description: The total number of entities + next: + type: string + description: URL to the next page + MeshRateLimitItem: + description: Successful response + content: + application/json: + schema: + $ref: '#/components/schemas/MeshRateLimitItem' + MeshRateLimitList: + description: List + content: + application/json: + schema: + type: object + properties: + items: + type: array + items: + $ref: '#/components/schemas/MeshRateLimitItem' + total: + type: number + description: The total number of entities + next: + type: string + description: URL to the next page + MeshRetryItem: + description: Successful response + content: + application/json: + schema: + $ref: '#/components/schemas/MeshRetryItem' + MeshRetryList: + description: List + content: + application/json: + schema: + type: object + properties: + items: + type: array + items: + $ref: '#/components/schemas/MeshRetryItem' + total: + type: number + description: The total number of entities + next: + type: string + description: URL to the next page + MeshTCPRouteItem: + description: Successful response + content: + application/json: + schema: + $ref: '#/components/schemas/MeshTCPRouteItem' + MeshTCPRouteList: + description: List + content: + application/json: + schema: + type: object + properties: + items: + type: array + items: + $ref: '#/components/schemas/MeshTCPRouteItem' + total: + type: number + description: The total number of entities + next: + type: string + description: URL to the next page + MeshTimeoutItem: + description: Successful response + content: + application/json: + schema: + $ref: '#/components/schemas/MeshTimeoutItem' + MeshTimeoutList: + description: List + content: + application/json: + schema: + type: object + properties: + items: + type: array + items: + $ref: '#/components/schemas/MeshTimeoutItem' + total: + type: number + description: The total number of entities + next: + type: string + description: URL to the next page + MeshTraceItem: + description: Successful response + content: + application/json: + schema: + $ref: '#/components/schemas/MeshTraceItem' + MeshTraceList: + description: List + content: + application/json: + schema: + type: object + properties: + items: + type: array + items: + $ref: '#/components/schemas/MeshTraceItem' + total: + type: number + description: The total number of entities + next: + type: string + description: URL to the next page + MeshTrafficPermissionItem: + description: Successful response + content: + application/json: + schema: + $ref: '#/components/schemas/MeshTrafficPermissionItem' + MeshTrafficPermissionList: + description: List + content: + application/json: + schema: + type: object + properties: + items: + type: array + items: + $ref: '#/components/schemas/MeshTrafficPermissionItem' + total: + type: number + description: The total number of entities + next: + type: string + description: URL to the next page + examples: + GlobalInsightExample: + value: + services: + total: 5 + internal: 4 + external: 1 + gatewayBuiltin: 1 + gatewayProvided: 2 + internalByStatus: + online: 2 + offline: 1 + partiallyDegraded: 1 + zones: + controlPlanes: + online: 1 + total: 1 + zoneEgresses: + online: 1 + total: 1 + zoneIngresses: + online: 1 + total: 1 + dataplanes: + online: 23 + offline: 10 + partiallyDegraded: 17 + total: 50 + policies: + total: 100 + meshes: + total: 3 + diff --git a/mk/docs.mk b/mk/docs.mk index 656edcf155ec..d6828e80d738 100644 --- a/mk/docs.mk +++ b/mk/docs.mk @@ -6,7 +6,7 @@ clean/docs: rm -rf docs/generated .PHONY: docs -docs: docs/generated/cmd docs/generated/kuma-cp.md docs/generated/resources helm-docs docs/generated/raw ## Dev: Generate local documentation +docs: docs/generated/cmd docs/generated/kuma-cp.md docs/generated/resources helm-docs docs/generated/raw docs/generated/openapi.yaml ## Dev: Generate local documentation .PHONY: helm-docs helm-docs: ## Dev: Runs helm-docs generator @@ -47,3 +47,20 @@ docs/generated/raw: --jsonschema_out=$@/protos \ --plugin=protoc-gen-jsonschema=$(PROTOC_GEN_JSONSCHEMA) \ $(DOCS_PROTOS) + +OAPI_TMP_DIR ?= $(BUILD_DIR)/oapitmp +API_DIRS="$(TOP)/api/openapi/specs:base" + +.PHONY: docs/generated/openapi.yaml +docs/generated/openapi.yaml: + rm -rf $(OAPI_TMP_DIR) + mkdir -p $(dir $@) + mkdir -p $(OAPI_TMP_DIR)/policies + for i in $(API_DIRS); do mkdir -p $(OAPI_TMP_DIR)/$$(echo $${i} | cut -d: -f2); cp -r $$(echo $${i} | cut -d: -f1) $(OAPI_TMP_DIR)/$$(echo $${i} | cut -d: -f2); done + for i in $$( find $(POLICIES_DIR) -name '*.yaml' | grep '/api/'); do DIR=$(OAPI_TMP_DIR)/policies/$$(echo $${i} | awk -F/ '{print $$(NF-3)}'); mkdir -p $${DIR}; cp $${i} $${DIR}/$$(echo $${i} | awk -F/ '{print $$(NF)}'); done + +ifdef BASE_API + docker run --rm -v $$PWD/$(dir $(BASE_API)):/base -v $(OAPI_TMP_DIR):/specs ghcr.io/kumahq/openapi-tool:v0.8.0 generate /base/$(notdir $(BASE_API)) '/specs/**/*.yaml' '!/specs/kuma/**' > $@ +else + docker run --rm -v $(OAPI_TMP_DIR):/specs ghcr.io/kumahq/openapi-tool:v0.8.0 generate '/specs/**/*.yaml' > $@ +endif diff --git a/pkg/plugins/policies/donothingpolicy/api/v1alpha1/rest.yaml b/pkg/plugins/policies/donothingpolicy/api/v1alpha1/rest.yaml deleted file mode 100644 index 5d86cd149331..000000000000 --- a/pkg/plugins/policies/donothingpolicy/api/v1alpha1/rest.yaml +++ /dev/null @@ -1,129 +0,0 @@ -openapi: 3.0.1 -info: - version: v1alpha1 - title: Kuma API - description: Kuma API - -paths: - /meshes/{mesh}/donothingpolicies/{name}: - get: - summary: Returns DoNothingPolicy entity - tags: [ "DoNothingPolicy" ] - parameters: - - in: path - name: mesh - schema: - type: string - required: true - description: name of the mesh - - in: path - name: name - schema: - type: string - required: true - description: name of the DoNothingPolicy - responses: - '200': - description: Successful response - content: - application/json: - schema: - $ref: 'schema.yaml' - - put: - summary: Creates or Updates DoNothingPolicy entity - tags: [ "DoNothingPolicy" ] - parameters: - - in: path - name: mesh - schema: - type: string - required: true - description: name of the mesh - - in: path - name: name - schema: - type: string - required: true - description: name of the DoNothingPolicy - requestBody: - description: DoNothingPolicy entity - required: true - content: - application/json: - schema: - $ref: 'schema.yaml' - responses: - '200': - description: Updated - '201': - description: Created - - delete: - summary: Deletes DoNothingPolicy entity - tags: [ "DoNothingPolicy" ] - parameters: - - in: path - name: mesh - schema: - type: string - required: true - description: name of the mesh - - in: path - name: name - schema: - type: string - required: true - description: name of the DoNothingPolicy - responses: - '200': - description: Successful response - - - /meshes/{mesh}/donothingpolicies: - get: - summary: Returns a list of DoNothingPolicy in the mesh. - tags: [ "DoNothingPolicy" ] - parameters: - - in: path - name: mesh - schema: - type: string - required: true - description: name of the mesh - responses: - '200': - description: Successful response - content: - application/json: - schema: - type: object - properties: - items: - type: array - items: - $ref: 'schema.yaml' - next: - type: string - description: URL to the next page - - - /donothingpolicies: - get: - summary: Returns a list of DoNothingPolicy from all meshes - tags: [ "DoNothingPolicy" ] - responses: - '200': - description: Successful response - content: - application/json: - schema: - type: object - properties: - items: - type: array - items: - $ref: 'schema.yaml' - next: - type: string - description: URL to the next page diff --git a/pkg/plugins/policies/meshaccesslog/api/v1alpha1/rest.yaml b/pkg/plugins/policies/meshaccesslog/api/v1alpha1/rest.yaml index c198455f2a6b..c2125c0032fe 100644 --- a/pkg/plugins/policies/meshaccesslog/api/v1alpha1/rest.yaml +++ b/pkg/plugins/policies/meshaccesslog/api/v1alpha1/rest.yaml @@ -1,8 +1,9 @@ -openapi: 3.0.1 +openapi: 3.0.3 info: version: v1alpha1 title: Kuma API description: Kuma API + x-ref-schema-name: "MeshAccessLog" paths: /meshes/{mesh}/meshaccesslogs/{name}: @@ -24,11 +25,7 @@ paths: description: name of the MeshAccessLog responses: '200': - description: Successful response - content: - application/json: - schema: - $ref: 'schema.yaml' + $ref: "#/components/responses/MeshAccessLogItem" put: summary: Creates or Updates MeshAccessLog entity @@ -47,12 +44,12 @@ paths: required: true description: name of the MeshAccessLog requestBody: - description: MeshAccessLog entity + description: Put request required: true content: application/json: schema: - $ref: 'schema.yaml' + $ref: '#/components/schemas/MeshAccessLogItem' responses: '200': description: Updated @@ -93,37 +90,33 @@ paths: description: name of the mesh responses: '200': - description: Successful response - content: - application/json: - schema: - type: object - properties: - items: - type: array - items: - $ref: 'schema.yaml' - next: - type: string - description: URL to the next page - + $ref: "#/components/responses/MeshAccessLogList" - /meshaccesslogs: - get: - summary: Returns a list of MeshAccessLog from all meshes - tags: [ "MeshAccessLog" ] - responses: - '200': - description: Successful response - content: - application/json: - schema: - type: object - properties: - items: - type: array - items: - $ref: 'schema.yaml' - next: - type: string - description: URL to the next page +components: + schemas: + MeshAccessLogItem: + $ref: 'schema.yaml' + responses: + MeshAccessLogItem: + description: Successful response + content: + application/json: + schema: + $ref: '#/components/schemas/MeshAccessLogItem' + MeshAccessLogList: + description: List + content: + application/json: + schema: + type: object + properties: + items: + type: array + items: + $ref: "#/components/schemas/MeshAccessLogItem" + total: + type: number + description: The total number of entities + next: + type: string + description: URL to the next page diff --git a/pkg/plugins/policies/meshcircuitbreaker/api/v1alpha1/rest.yaml b/pkg/plugins/policies/meshcircuitbreaker/api/v1alpha1/rest.yaml index 6613b6793b51..0e1fd2de5420 100644 --- a/pkg/plugins/policies/meshcircuitbreaker/api/v1alpha1/rest.yaml +++ b/pkg/plugins/policies/meshcircuitbreaker/api/v1alpha1/rest.yaml @@ -1,8 +1,9 @@ -openapi: 3.0.1 +openapi: 3.0.3 info: version: v1alpha1 title: Kuma API description: Kuma API + x-ref-schema-name: "MeshCircuitBreaker" paths: /meshes/{mesh}/meshcircuitbreakers/{name}: @@ -24,11 +25,7 @@ paths: description: name of the MeshCircuitBreaker responses: '200': - description: Successful response - content: - application/json: - schema: - $ref: 'schema.yaml' + $ref: "#/components/responses/MeshCircuitBreakerItem" put: summary: Creates or Updates MeshCircuitBreaker entity @@ -47,12 +44,12 @@ paths: required: true description: name of the MeshCircuitBreaker requestBody: - description: MeshCircuitBreaker entity + description: Put request required: true content: application/json: schema: - $ref: 'schema.yaml' + $ref: '#/components/schemas/MeshCircuitBreakerItem' responses: '200': description: Updated @@ -93,37 +90,33 @@ paths: description: name of the mesh responses: '200': - description: Successful response - content: - application/json: - schema: - type: object - properties: - items: - type: array - items: - $ref: 'schema.yaml' - next: - type: string - description: URL to the next page - + $ref: "#/components/responses/MeshCircuitBreakerList" - /meshcircuitbreakers: - get: - summary: Returns a list of MeshCircuitBreaker from all meshes - tags: [ "MeshCircuitBreaker" ] - responses: - '200': - description: Successful response - content: - application/json: - schema: - type: object - properties: - items: - type: array - items: - $ref: 'schema.yaml' - next: - type: string - description: URL to the next page +components: + schemas: + MeshCircuitBreakerItem: + $ref: 'schema.yaml' + responses: + MeshCircuitBreakerItem: + description: Successful response + content: + application/json: + schema: + $ref: '#/components/schemas/MeshCircuitBreakerItem' + MeshCircuitBreakerList: + description: List + content: + application/json: + schema: + type: object + properties: + items: + type: array + items: + $ref: "#/components/schemas/MeshCircuitBreakerItem" + total: + type: number + description: The total number of entities + next: + type: string + description: URL to the next page diff --git a/pkg/plugins/policies/meshfaultinjection/api/v1alpha1/rest.yaml b/pkg/plugins/policies/meshfaultinjection/api/v1alpha1/rest.yaml index c095eadca8e6..f8957289d0ea 100644 --- a/pkg/plugins/policies/meshfaultinjection/api/v1alpha1/rest.yaml +++ b/pkg/plugins/policies/meshfaultinjection/api/v1alpha1/rest.yaml @@ -1,8 +1,9 @@ -openapi: 3.0.1 +openapi: 3.0.3 info: version: v1alpha1 title: Kuma API description: Kuma API + x-ref-schema-name: "MeshFaultInjection" paths: /meshes/{mesh}/meshfaultinjections/{name}: @@ -24,11 +25,7 @@ paths: description: name of the MeshFaultInjection responses: '200': - description: Successful response - content: - application/json: - schema: - $ref: 'schema.yaml' + $ref: "#/components/responses/MeshFaultInjectionItem" put: summary: Creates or Updates MeshFaultInjection entity @@ -47,12 +44,12 @@ paths: required: true description: name of the MeshFaultInjection requestBody: - description: MeshFaultInjection entity + description: Put request required: true content: application/json: schema: - $ref: 'schema.yaml' + $ref: '#/components/schemas/MeshFaultInjectionItem' responses: '200': description: Updated @@ -93,37 +90,33 @@ paths: description: name of the mesh responses: '200': - description: Successful response - content: - application/json: - schema: - type: object - properties: - items: - type: array - items: - $ref: 'schema.yaml' - next: - type: string - description: URL to the next page - + $ref: "#/components/responses/MeshFaultInjectionList" - /meshfaultinjections: - get: - summary: Returns a list of MeshFaultInjection from all meshes - tags: [ "MeshFaultInjection" ] - responses: - '200': - description: Successful response - content: - application/json: - schema: - type: object - properties: - items: - type: array - items: - $ref: 'schema.yaml' - next: - type: string - description: URL to the next page +components: + schemas: + MeshFaultInjectionItem: + $ref: 'schema.yaml' + responses: + MeshFaultInjectionItem: + description: Successful response + content: + application/json: + schema: + $ref: '#/components/schemas/MeshFaultInjectionItem' + MeshFaultInjectionList: + description: List + content: + application/json: + schema: + type: object + properties: + items: + type: array + items: + $ref: "#/components/schemas/MeshFaultInjectionItem" + total: + type: number + description: The total number of entities + next: + type: string + description: URL to the next page diff --git a/pkg/plugins/policies/meshhealthcheck/api/v1alpha1/rest.yaml b/pkg/plugins/policies/meshhealthcheck/api/v1alpha1/rest.yaml index 643c8c4d3a81..c1774909ab8a 100644 --- a/pkg/plugins/policies/meshhealthcheck/api/v1alpha1/rest.yaml +++ b/pkg/plugins/policies/meshhealthcheck/api/v1alpha1/rest.yaml @@ -1,8 +1,9 @@ -openapi: 3.0.1 +openapi: 3.0.3 info: version: v1alpha1 title: Kuma API description: Kuma API + x-ref-schema-name: "MeshHealthCheck" paths: /meshes/{mesh}/meshhealthchecks/{name}: @@ -24,11 +25,7 @@ paths: description: name of the MeshHealthCheck responses: '200': - description: Successful response - content: - application/json: - schema: - $ref: 'schema.yaml' + $ref: "#/components/responses/MeshHealthCheckItem" put: summary: Creates or Updates MeshHealthCheck entity @@ -47,12 +44,12 @@ paths: required: true description: name of the MeshHealthCheck requestBody: - description: MeshHealthCheck entity + description: Put request required: true content: application/json: schema: - $ref: 'schema.yaml' + $ref: '#/components/schemas/MeshHealthCheckItem' responses: '200': description: Updated @@ -93,37 +90,33 @@ paths: description: name of the mesh responses: '200': - description: Successful response - content: - application/json: - schema: - type: object - properties: - items: - type: array - items: - $ref: 'schema.yaml' - next: - type: string - description: URL to the next page - + $ref: "#/components/responses/MeshHealthCheckList" - /meshhealthchecks: - get: - summary: Returns a list of MeshHealthCheck from all meshes - tags: [ "MeshHealthCheck" ] - responses: - '200': - description: Successful response - content: - application/json: - schema: - type: object - properties: - items: - type: array - items: - $ref: 'schema.yaml' - next: - type: string - description: URL to the next page +components: + schemas: + MeshHealthCheckItem: + $ref: 'schema.yaml' + responses: + MeshHealthCheckItem: + description: Successful response + content: + application/json: + schema: + $ref: '#/components/schemas/MeshHealthCheckItem' + MeshHealthCheckList: + description: List + content: + application/json: + schema: + type: object + properties: + items: + type: array + items: + $ref: "#/components/schemas/MeshHealthCheckItem" + total: + type: number + description: The total number of entities + next: + type: string + description: URL to the next page diff --git a/pkg/plugins/policies/meshhttproute/api/v1alpha1/rest.yaml b/pkg/plugins/policies/meshhttproute/api/v1alpha1/rest.yaml index df064cd58189..3c3f341f76e2 100644 --- a/pkg/plugins/policies/meshhttproute/api/v1alpha1/rest.yaml +++ b/pkg/plugins/policies/meshhttproute/api/v1alpha1/rest.yaml @@ -1,8 +1,9 @@ -openapi: 3.0.1 +openapi: 3.0.3 info: version: v1alpha1 title: Kuma API description: Kuma API + x-ref-schema-name: "MeshHTTPRoute" paths: /meshes/{mesh}/meshhttproutes/{name}: @@ -24,11 +25,7 @@ paths: description: name of the MeshHTTPRoute responses: '200': - description: Successful response - content: - application/json: - schema: - $ref: 'schema.yaml' + $ref: "#/components/responses/MeshHTTPRouteItem" put: summary: Creates or Updates MeshHTTPRoute entity @@ -47,12 +44,12 @@ paths: required: true description: name of the MeshHTTPRoute requestBody: - description: MeshHTTPRoute entity + description: Put request required: true content: application/json: schema: - $ref: 'schema.yaml' + $ref: '#/components/schemas/MeshHTTPRouteItem' responses: '200': description: Updated @@ -93,37 +90,33 @@ paths: description: name of the mesh responses: '200': - description: Successful response - content: - application/json: - schema: - type: object - properties: - items: - type: array - items: - $ref: 'schema.yaml' - next: - type: string - description: URL to the next page - + $ref: "#/components/responses/MeshHTTPRouteList" - /meshhttproutes: - get: - summary: Returns a list of MeshHTTPRoute from all meshes - tags: [ "MeshHTTPRoute" ] - responses: - '200': - description: Successful response - content: - application/json: - schema: - type: object - properties: - items: - type: array - items: - $ref: 'schema.yaml' - next: - type: string - description: URL to the next page +components: + schemas: + MeshHTTPRouteItem: + $ref: 'schema.yaml' + responses: + MeshHTTPRouteItem: + description: Successful response + content: + application/json: + schema: + $ref: '#/components/schemas/MeshHTTPRouteItem' + MeshHTTPRouteList: + description: List + content: + application/json: + schema: + type: object + properties: + items: + type: array + items: + $ref: "#/components/schemas/MeshHTTPRouteItem" + total: + type: number + description: The total number of entities + next: + type: string + description: URL to the next page diff --git a/pkg/plugins/policies/meshloadbalancingstrategy/api/v1alpha1/rest.yaml b/pkg/plugins/policies/meshloadbalancingstrategy/api/v1alpha1/rest.yaml index 686307cf9b34..c2b626757605 100644 --- a/pkg/plugins/policies/meshloadbalancingstrategy/api/v1alpha1/rest.yaml +++ b/pkg/plugins/policies/meshloadbalancingstrategy/api/v1alpha1/rest.yaml @@ -1,8 +1,9 @@ -openapi: 3.0.1 +openapi: 3.0.3 info: version: v1alpha1 title: Kuma API description: Kuma API + x-ref-schema-name: "MeshLoadBalancingStrategy" paths: /meshes/{mesh}/meshloadbalancingstrategies/{name}: @@ -24,11 +25,7 @@ paths: description: name of the MeshLoadBalancingStrategy responses: '200': - description: Successful response - content: - application/json: - schema: - $ref: 'schema.yaml' + $ref: "#/components/responses/MeshLoadBalancingStrategyItem" put: summary: Creates or Updates MeshLoadBalancingStrategy entity @@ -47,12 +44,12 @@ paths: required: true description: name of the MeshLoadBalancingStrategy requestBody: - description: MeshLoadBalancingStrategy entity + description: Put request required: true content: application/json: schema: - $ref: 'schema.yaml' + $ref: '#/components/schemas/MeshLoadBalancingStrategyItem' responses: '200': description: Updated @@ -93,37 +90,33 @@ paths: description: name of the mesh responses: '200': - description: Successful response - content: - application/json: - schema: - type: object - properties: - items: - type: array - items: - $ref: 'schema.yaml' - next: - type: string - description: URL to the next page - + $ref: "#/components/responses/MeshLoadBalancingStrategyList" - /meshloadbalancingstrategies: - get: - summary: Returns a list of MeshLoadBalancingStrategy from all meshes - tags: [ "MeshLoadBalancingStrategy" ] - responses: - '200': - description: Successful response - content: - application/json: - schema: - type: object - properties: - items: - type: array - items: - $ref: 'schema.yaml' - next: - type: string - description: URL to the next page +components: + schemas: + MeshLoadBalancingStrategyItem: + $ref: 'schema.yaml' + responses: + MeshLoadBalancingStrategyItem: + description: Successful response + content: + application/json: + schema: + $ref: '#/components/schemas/MeshLoadBalancingStrategyItem' + MeshLoadBalancingStrategyList: + description: List + content: + application/json: + schema: + type: object + properties: + items: + type: array + items: + $ref: "#/components/schemas/MeshLoadBalancingStrategyItem" + total: + type: number + description: The total number of entities + next: + type: string + description: URL to the next page diff --git a/pkg/plugins/policies/meshproxypatch/api/v1alpha1/rest.yaml b/pkg/plugins/policies/meshproxypatch/api/v1alpha1/rest.yaml index de4b84951aad..f3adf2ae2836 100644 --- a/pkg/plugins/policies/meshproxypatch/api/v1alpha1/rest.yaml +++ b/pkg/plugins/policies/meshproxypatch/api/v1alpha1/rest.yaml @@ -1,8 +1,9 @@ -openapi: 3.0.1 +openapi: 3.0.3 info: version: v1alpha1 title: Kuma API description: Kuma API + x-ref-schema-name: "MeshProxyPatch" paths: /meshes/{mesh}/meshproxypatches/{name}: @@ -24,11 +25,7 @@ paths: description: name of the MeshProxyPatch responses: '200': - description: Successful response - content: - application/json: - schema: - $ref: 'schema.yaml' + $ref: "#/components/responses/MeshProxyPatchItem" put: summary: Creates or Updates MeshProxyPatch entity @@ -47,12 +44,12 @@ paths: required: true description: name of the MeshProxyPatch requestBody: - description: MeshProxyPatch entity + description: Put request required: true content: application/json: schema: - $ref: 'schema.yaml' + $ref: '#/components/schemas/MeshProxyPatchItem' responses: '200': description: Updated @@ -93,37 +90,33 @@ paths: description: name of the mesh responses: '200': - description: Successful response - content: - application/json: - schema: - type: object - properties: - items: - type: array - items: - $ref: 'schema.yaml' - next: - type: string - description: URL to the next page - + $ref: "#/components/responses/MeshProxyPatchList" - /meshproxypatches: - get: - summary: Returns a list of MeshProxyPatch from all meshes - tags: [ "MeshProxyPatch" ] - responses: - '200': - description: Successful response - content: - application/json: - schema: - type: object - properties: - items: - type: array - items: - $ref: 'schema.yaml' - next: - type: string - description: URL to the next page +components: + schemas: + MeshProxyPatchItem: + $ref: 'schema.yaml' + responses: + MeshProxyPatchItem: + description: Successful response + content: + application/json: + schema: + $ref: '#/components/schemas/MeshProxyPatchItem' + MeshProxyPatchList: + description: List + content: + application/json: + schema: + type: object + properties: + items: + type: array + items: + $ref: "#/components/schemas/MeshProxyPatchItem" + total: + type: number + description: The total number of entities + next: + type: string + description: URL to the next page diff --git a/pkg/plugins/policies/meshratelimit/api/v1alpha1/rest.yaml b/pkg/plugins/policies/meshratelimit/api/v1alpha1/rest.yaml index 100d03f34217..9a599843562f 100644 --- a/pkg/plugins/policies/meshratelimit/api/v1alpha1/rest.yaml +++ b/pkg/plugins/policies/meshratelimit/api/v1alpha1/rest.yaml @@ -1,8 +1,9 @@ -openapi: 3.0.1 +openapi: 3.0.3 info: version: v1alpha1 title: Kuma API description: Kuma API + x-ref-schema-name: "MeshRateLimit" paths: /meshes/{mesh}/meshratelimits/{name}: @@ -24,11 +25,7 @@ paths: description: name of the MeshRateLimit responses: '200': - description: Successful response - content: - application/json: - schema: - $ref: 'schema.yaml' + $ref: "#/components/responses/MeshRateLimitItem" put: summary: Creates or Updates MeshRateLimit entity @@ -47,12 +44,12 @@ paths: required: true description: name of the MeshRateLimit requestBody: - description: MeshRateLimit entity + description: Put request required: true content: application/json: schema: - $ref: 'schema.yaml' + $ref: '#/components/schemas/MeshRateLimitItem' responses: '200': description: Updated @@ -93,37 +90,33 @@ paths: description: name of the mesh responses: '200': - description: Successful response - content: - application/json: - schema: - type: object - properties: - items: - type: array - items: - $ref: 'schema.yaml' - next: - type: string - description: URL to the next page - + $ref: "#/components/responses/MeshRateLimitList" - /meshratelimits: - get: - summary: Returns a list of MeshRateLimit from all meshes - tags: [ "MeshRateLimit" ] - responses: - '200': - description: Successful response - content: - application/json: - schema: - type: object - properties: - items: - type: array - items: - $ref: 'schema.yaml' - next: - type: string - description: URL to the next page +components: + schemas: + MeshRateLimitItem: + $ref: 'schema.yaml' + responses: + MeshRateLimitItem: + description: Successful response + content: + application/json: + schema: + $ref: '#/components/schemas/MeshRateLimitItem' + MeshRateLimitList: + description: List + content: + application/json: + schema: + type: object + properties: + items: + type: array + items: + $ref: "#/components/schemas/MeshRateLimitItem" + total: + type: number + description: The total number of entities + next: + type: string + description: URL to the next page diff --git a/pkg/plugins/policies/meshretry/api/v1alpha1/rest.yaml b/pkg/plugins/policies/meshretry/api/v1alpha1/rest.yaml index 4c7ba9d1d803..86249e6ab6cd 100644 --- a/pkg/plugins/policies/meshretry/api/v1alpha1/rest.yaml +++ b/pkg/plugins/policies/meshretry/api/v1alpha1/rest.yaml @@ -1,8 +1,9 @@ -openapi: 3.0.1 +openapi: 3.0.3 info: version: v1alpha1 title: Kuma API description: Kuma API + x-ref-schema-name: "MeshRetry" paths: /meshes/{mesh}/meshretries/{name}: @@ -24,11 +25,7 @@ paths: description: name of the MeshRetry responses: '200': - description: Successful response - content: - application/json: - schema: - $ref: 'schema.yaml' + $ref: "#/components/responses/MeshRetryItem" put: summary: Creates or Updates MeshRetry entity @@ -47,12 +44,12 @@ paths: required: true description: name of the MeshRetry requestBody: - description: MeshRetry entity + description: Put request required: true content: application/json: schema: - $ref: 'schema.yaml' + $ref: '#/components/schemas/MeshRetryItem' responses: '200': description: Updated @@ -93,37 +90,33 @@ paths: description: name of the mesh responses: '200': - description: Successful response - content: - application/json: - schema: - type: object - properties: - items: - type: array - items: - $ref: 'schema.yaml' - next: - type: string - description: URL to the next page - + $ref: "#/components/responses/MeshRetryList" - /meshretries: - get: - summary: Returns a list of MeshRetry from all meshes - tags: [ "MeshRetry" ] - responses: - '200': - description: Successful response - content: - application/json: - schema: - type: object - properties: - items: - type: array - items: - $ref: 'schema.yaml' - next: - type: string - description: URL to the next page +components: + schemas: + MeshRetryItem: + $ref: 'schema.yaml' + responses: + MeshRetryItem: + description: Successful response + content: + application/json: + schema: + $ref: '#/components/schemas/MeshRetryItem' + MeshRetryList: + description: List + content: + application/json: + schema: + type: object + properties: + items: + type: array + items: + $ref: "#/components/schemas/MeshRetryItem" + total: + type: number + description: The total number of entities + next: + type: string + description: URL to the next page diff --git a/pkg/plugins/policies/meshtcproute/api/v1alpha1/rest.yaml b/pkg/plugins/policies/meshtcproute/api/v1alpha1/rest.yaml index 1a1fed358adf..0ec803d24875 100644 --- a/pkg/plugins/policies/meshtcproute/api/v1alpha1/rest.yaml +++ b/pkg/plugins/policies/meshtcproute/api/v1alpha1/rest.yaml @@ -1,8 +1,9 @@ -openapi: 3.0.1 +openapi: 3.0.3 info: version: v1alpha1 title: Kuma API description: Kuma API + x-ref-schema-name: "MeshTCPRoute" paths: /meshes/{mesh}/meshtcproutes/{name}: @@ -24,11 +25,7 @@ paths: description: name of the MeshTCPRoute responses: '200': - description: Successful response - content: - application/json: - schema: - $ref: 'schema.yaml' + $ref: "#/components/responses/MeshTCPRouteItem" put: summary: Creates or Updates MeshTCPRoute entity @@ -47,12 +44,12 @@ paths: required: true description: name of the MeshTCPRoute requestBody: - description: MeshTCPRoute entity + description: Put request required: true content: application/json: schema: - $ref: 'schema.yaml' + $ref: '#/components/schemas/MeshTCPRouteItem' responses: '200': description: Updated @@ -93,37 +90,33 @@ paths: description: name of the mesh responses: '200': - description: Successful response - content: - application/json: - schema: - type: object - properties: - items: - type: array - items: - $ref: 'schema.yaml' - next: - type: string - description: URL to the next page - + $ref: "#/components/responses/MeshTCPRouteList" - /meshtcproutes: - get: - summary: Returns a list of MeshTCPRoute from all meshes - tags: [ "MeshTCPRoute" ] - responses: - '200': - description: Successful response - content: - application/json: - schema: - type: object - properties: - items: - type: array - items: - $ref: 'schema.yaml' - next: - type: string - description: URL to the next page +components: + schemas: + MeshTCPRouteItem: + $ref: 'schema.yaml' + responses: + MeshTCPRouteItem: + description: Successful response + content: + application/json: + schema: + $ref: '#/components/schemas/MeshTCPRouteItem' + MeshTCPRouteList: + description: List + content: + application/json: + schema: + type: object + properties: + items: + type: array + items: + $ref: "#/components/schemas/MeshTCPRouteItem" + total: + type: number + description: The total number of entities + next: + type: string + description: URL to the next page diff --git a/pkg/plugins/policies/meshtimeout/api/v1alpha1/rest.yaml b/pkg/plugins/policies/meshtimeout/api/v1alpha1/rest.yaml index 606152aa8451..a1368336bd41 100644 --- a/pkg/plugins/policies/meshtimeout/api/v1alpha1/rest.yaml +++ b/pkg/plugins/policies/meshtimeout/api/v1alpha1/rest.yaml @@ -1,8 +1,9 @@ -openapi: 3.0.1 +openapi: 3.0.3 info: version: v1alpha1 title: Kuma API description: Kuma API + x-ref-schema-name: "MeshTimeout" paths: /meshes/{mesh}/meshtimeouts/{name}: @@ -24,11 +25,7 @@ paths: description: name of the MeshTimeout responses: '200': - description: Successful response - content: - application/json: - schema: - $ref: 'schema.yaml' + $ref: "#/components/responses/MeshTimeoutItem" put: summary: Creates or Updates MeshTimeout entity @@ -47,12 +44,12 @@ paths: required: true description: name of the MeshTimeout requestBody: - description: MeshTimeout entity + description: Put request required: true content: application/json: schema: - $ref: 'schema.yaml' + $ref: '#/components/schemas/MeshTimeoutItem' responses: '200': description: Updated @@ -93,37 +90,33 @@ paths: description: name of the mesh responses: '200': - description: Successful response - content: - application/json: - schema: - type: object - properties: - items: - type: array - items: - $ref: 'schema.yaml' - next: - type: string - description: URL to the next page - + $ref: "#/components/responses/MeshTimeoutList" - /meshtimeouts: - get: - summary: Returns a list of MeshTimeout from all meshes - tags: [ "MeshTimeout" ] - responses: - '200': - description: Successful response - content: - application/json: - schema: - type: object - properties: - items: - type: array - items: - $ref: 'schema.yaml' - next: - type: string - description: URL to the next page +components: + schemas: + MeshTimeoutItem: + $ref: 'schema.yaml' + responses: + MeshTimeoutItem: + description: Successful response + content: + application/json: + schema: + $ref: '#/components/schemas/MeshTimeoutItem' + MeshTimeoutList: + description: List + content: + application/json: + schema: + type: object + properties: + items: + type: array + items: + $ref: "#/components/schemas/MeshTimeoutItem" + total: + type: number + description: The total number of entities + next: + type: string + description: URL to the next page diff --git a/pkg/plugins/policies/meshtrace/api/v1alpha1/rest.yaml b/pkg/plugins/policies/meshtrace/api/v1alpha1/rest.yaml index 2cd6c22078c6..691207fad542 100644 --- a/pkg/plugins/policies/meshtrace/api/v1alpha1/rest.yaml +++ b/pkg/plugins/policies/meshtrace/api/v1alpha1/rest.yaml @@ -1,8 +1,9 @@ -openapi: 3.0.1 +openapi: 3.0.3 info: version: v1alpha1 title: Kuma API description: Kuma API + x-ref-schema-name: "MeshTrace" paths: /meshes/{mesh}/meshtraces/{name}: @@ -24,11 +25,7 @@ paths: description: name of the MeshTrace responses: '200': - description: Successful response - content: - application/json: - schema: - $ref: 'schema.yaml' + $ref: "#/components/responses/MeshTraceItem" put: summary: Creates or Updates MeshTrace entity @@ -47,12 +44,12 @@ paths: required: true description: name of the MeshTrace requestBody: - description: MeshTrace entity + description: Put request required: true content: application/json: schema: - $ref: 'schema.yaml' + $ref: '#/components/schemas/MeshTraceItem' responses: '200': description: Updated @@ -93,37 +90,33 @@ paths: description: name of the mesh responses: '200': - description: Successful response - content: - application/json: - schema: - type: object - properties: - items: - type: array - items: - $ref: 'schema.yaml' - next: - type: string - description: URL to the next page - + $ref: "#/components/responses/MeshTraceList" - /meshtraces: - get: - summary: Returns a list of MeshTrace from all meshes - tags: [ "MeshTrace" ] - responses: - '200': - description: Successful response - content: - application/json: - schema: - type: object - properties: - items: - type: array - items: - $ref: 'schema.yaml' - next: - type: string - description: URL to the next page +components: + schemas: + MeshTraceItem: + $ref: 'schema.yaml' + responses: + MeshTraceItem: + description: Successful response + content: + application/json: + schema: + $ref: '#/components/schemas/MeshTraceItem' + MeshTraceList: + description: List + content: + application/json: + schema: + type: object + properties: + items: + type: array + items: + $ref: "#/components/schemas/MeshTraceItem" + total: + type: number + description: The total number of entities + next: + type: string + description: URL to the next page diff --git a/pkg/plugins/policies/meshtrafficpermission/api/v1alpha1/rest.yaml b/pkg/plugins/policies/meshtrafficpermission/api/v1alpha1/rest.yaml index ccf0443adbba..1a2d9afac632 100644 --- a/pkg/plugins/policies/meshtrafficpermission/api/v1alpha1/rest.yaml +++ b/pkg/plugins/policies/meshtrafficpermission/api/v1alpha1/rest.yaml @@ -1,8 +1,9 @@ -openapi: 3.0.1 +openapi: 3.0.3 info: version: v1alpha1 title: Kuma API description: Kuma API + x-ref-schema-name: "MeshTrafficPermission" paths: /meshes/{mesh}/meshtrafficpermissions/{name}: @@ -24,11 +25,7 @@ paths: description: name of the MeshTrafficPermission responses: '200': - description: Successful response - content: - application/json: - schema: - $ref: 'schema.yaml' + $ref: "#/components/responses/MeshTrafficPermissionItem" put: summary: Creates or Updates MeshTrafficPermission entity @@ -47,12 +44,12 @@ paths: required: true description: name of the MeshTrafficPermission requestBody: - description: MeshTrafficPermission entity + description: Put request required: true content: application/json: schema: - $ref: 'schema.yaml' + $ref: '#/components/schemas/MeshTrafficPermissionItem' responses: '200': description: Updated @@ -93,37 +90,33 @@ paths: description: name of the mesh responses: '200': - description: Successful response - content: - application/json: - schema: - type: object - properties: - items: - type: array - items: - $ref: 'schema.yaml' - next: - type: string - description: URL to the next page - + $ref: "#/components/responses/MeshTrafficPermissionList" - /meshtrafficpermissions: - get: - summary: Returns a list of MeshTrafficPermission from all meshes - tags: [ "MeshTrafficPermission" ] - responses: - '200': - description: Successful response - content: - application/json: - schema: - type: object - properties: - items: - type: array - items: - $ref: 'schema.yaml' - next: - type: string - description: URL to the next page +components: + schemas: + MeshTrafficPermissionItem: + $ref: 'schema.yaml' + responses: + MeshTrafficPermissionItem: + description: Successful response + content: + application/json: + schema: + $ref: '#/components/schemas/MeshTrafficPermissionItem' + MeshTrafficPermissionList: + description: List + content: + application/json: + schema: + type: object + properties: + items: + type: array + items: + $ref: "#/components/schemas/MeshTrafficPermissionItem" + total: + type: number + description: The total number of entities + next: + type: string + description: URL to the next page diff --git a/tools/policy-gen/generator/cmd/openapi.go b/tools/policy-gen/generator/cmd/openapi.go index 1fa559bd0367..352ef43d77fc 100644 --- a/tools/policy-gen/generator/cmd/openapi.go +++ b/tools/policy-gen/generator/cmd/openapi.go @@ -30,6 +30,9 @@ func newOpenAPI(rootArgs *args) *cobra.Command { if err != nil { return err } + if pconfig.SkipRegistration { + return nil + } tmpl, err := template.ParseFiles(localArgs.openAPITemplate) if err != nil { diff --git a/tools/policy-gen/templates/endpoints.yaml b/tools/policy-gen/templates/endpoints.yaml index 4b48a166fbf1..1c63e029b204 100644 --- a/tools/policy-gen/templates/endpoints.yaml +++ b/tools/policy-gen/templates/endpoints.yaml @@ -1,8 +1,9 @@ -openapi: 3.0.1 +openapi: 3.0.3 info: version: {{ .Package }} title: Kuma API description: Kuma API + x-ref-schema-name: "{{ .Name }}" paths: /meshes/{mesh}/{{ .Path }}/{name}: @@ -24,11 +25,7 @@ paths: description: name of the {{ .Name }} responses: '200': - description: Successful response - content: - application/json: - schema: - $ref: 'schema.yaml' + $ref: "#/components/responses/{{.Name}}Item" put: summary: Creates or Updates {{ .Name }} entity @@ -47,12 +44,12 @@ paths: required: true description: name of the {{ .Name }} requestBody: - description: {{ .Name }} entity + description: Put request required: true content: application/json: schema: - $ref: 'schema.yaml' + $ref: '#/components/schemas/{{.Name}}Item' responses: '200': description: Updated @@ -93,37 +90,33 @@ paths: description: name of the mesh responses: '200': - description: Successful response - content: - application/json: - schema: - type: object - properties: - items: - type: array - items: - $ref: 'schema.yaml' - next: - type: string - description: URL to the next page - + $ref: "#/components/responses/{{.Name}}List" - /{{ .Path }}: - get: - summary: Returns a list of {{ .Name }} from all meshes - tags: [ "{{ .Name }}" ] - responses: - '200': - description: Successful response - content: - application/json: - schema: - type: object - properties: - items: - type: array - items: - $ref: 'schema.yaml' - next: - type: string - description: URL to the next page +components: + schemas: + {{.Name}}Item: + $ref: 'schema.yaml' + responses: + {{.Name}}Item: + description: Successful response + content: + application/json: + schema: + $ref: '#/components/schemas/{{.Name}}Item' + {{.Name}}List: + description: List + content: + application/json: + schema: + type: object + properties: + items: + type: array + items: + $ref: "#/components/schemas/{{.Name}}Item" + total: + type: number + description: The total number of entities + next: + type: string + description: URL to the next page