diff --git a/extensions.istio.io/wasmplugin_v1alpha1.json b/extensions.istio.io/wasmplugin_v1alpha1.json index 7712a447..b73c76aa 100644 --- a/extensions.istio.io/wasmplugin_v1alpha1.json +++ b/extensions.istio.io/wasmplugin_v1alpha1.json @@ -4,7 +4,7 @@ "description": "Extend the functionality provided by the Istio proxy through WebAssembly filters. See more details at: https://istio.io/docs/reference/config/proxy_extensions/wasm-plugin.html", "properties": { "failStrategy": { - "description": "Specifies the failure behavior for the plugin due to fatal errors.", + "description": "Specifies the failure behavior for the plugin due to fatal errors.\n\nValid Options: FAIL_CLOSE, FAIL_OPEN", "enum": [ "FAIL_CLOSE", "FAIL_OPEN" @@ -12,7 +12,7 @@ "type": "string" }, "imagePullPolicy": { - "description": "The pull behaviour to be applied when fetching Wasm module by either OCI image or `http/https`.", + "description": "The pull behaviour to be applied when fetching Wasm module by either OCI image or `http/https`.\n\nValid Options: IfNotPresent, Always", "enum": [ "UNSPECIFIED_POLICY", "IfNotPresent", @@ -31,7 +31,7 @@ "items": { "properties": { "mode": { - "description": "Criteria for selecting traffic by their direction.", + "description": "Criteria for selecting traffic by their direction.\n\nValid Options: CLIENT, SERVER, CLIENT_AND_SERVER", "enum": [ "UNDEFINED", "CLIENT", @@ -69,7 +69,7 @@ "type": "array" }, "phase": { - "description": "Determines where in the filter chain this `WasmPlugin` is to be injected.", + "description": "Determines where in the filter chain this `WasmPlugin` is to be injected.\n\nValid Options: AUTHN, AUTHZ, STATS", "enum": [ "UNSPECIFIED_PHASE", "AUTHN", @@ -91,6 +91,7 @@ }, "priority": { "description": "Determines ordering of `WasmPlugins` in the same `phase`.", + "format": "int32", "nullable": true, "type": "integer" }, @@ -114,7 +115,6 @@ "type": "string" }, "targetRef": { - "description": "Optional.", "properties": { "group": { "description": "group is the group of the target resource.", @@ -136,8 +136,34 @@ "type": "object", "additionalProperties": false }, + "targetRefs": { + "description": "Optional.", + "items": { + "properties": { + "group": { + "description": "group is the group of the target resource.", + "type": "string" + }, + "kind": { + "description": "kind is kind of the target resource.", + "type": "string" + }, + "name": { + "description": "name is the name of the target resource.", + "type": "string" + }, + "namespace": { + "description": "namespace is the namespace of the referent.", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + }, + "type": "array" + }, "type": { - "description": "Specifies the type of Wasm Extension to be used.", + "description": "Specifies the type of Wasm Extension to be used.\n\nValid Options: HTTP, NETWORK", "enum": [ "UNSPECIFIED_PLUGIN_TYPE", "HTTP", @@ -178,7 +204,7 @@ "type": "string" }, "valueFrom": { - "description": "Source for the environment variable's value.", + "description": "Source for the environment variable's value.\n\nValid Options: INLINE, HOST", "enum": [ "INLINE", "HOST" diff --git a/networking.istio.io/destinationrule_v1alpha3.json b/networking.istio.io/destinationrule_v1alpha3.json index 3d31f5e3..271c14af 100644 --- a/networking.istio.io/destinationrule_v1alpha3.json +++ b/networking.istio.io/destinationrule_v1alpha3.json @@ -38,7 +38,7 @@ "description": "HTTP connection pool settings.", "properties": { "h2UpgradePolicy": { - "description": "Specify if http1.1 connection should be upgraded to http2 for the associated destination.", + "description": "Specify if http1.1 connection should be upgraded to http2 for the associated destination.\n\nValid Options: DEFAULT, DO_NOT_UPGRADE, UPGRADE", "enum": [ "DEFAULT", "DO_NOT_UPGRADE", @@ -112,6 +112,8 @@ }, "probes": { "description": "Maximum number of keepalive probes to send without response before deciding the connection is dead.", + "maximum": 4294967295, + "minimum": 0, "type": "integer" }, "time": { @@ -280,6 +282,7 @@ "properties": { "tableSize": { "description": "The table size for Maglev hashing.", + "minimum": 0, "type": "integer" } }, @@ -288,6 +291,7 @@ }, "minimumRingSize": { "description": "Deprecated.", + "minimum": 0, "type": "integer" }, "ringHash": { @@ -295,6 +299,7 @@ "properties": { "minimumRingSize": { "description": "The minimum number of virtual nodes to use for the hash ring.", + "minimum": 0, "type": "integer" } }, @@ -321,6 +326,8 @@ }, "to": { "additionalProperties": { + "maximum": 4294967295, + "minimum": 0, "type": "integer" }, "description": "Map of upstream localities to traffic distribution weights.", @@ -367,6 +374,7 @@ "additionalProperties": false }, "simple": { + "description": "\n\nValid Options: LEAST_CONN, RANDOM, PASSTHROUGH, ROUND_ROBIN, LEAST_REQUEST", "enum": [ "UNSPECIFIED", "LEAST_CONN", @@ -393,6 +401,8 @@ }, "consecutive5xxErrors": { "description": "Number of 5xx errors before a host is ejected from the connection pool.", + "maximum": 4294967295, + "minimum": 0, "nullable": true, "type": "integer" }, @@ -402,11 +412,15 @@ }, "consecutiveGatewayErrors": { "description": "Number of gateway errors before a host is ejected from the connection pool.", + "maximum": 4294967295, + "minimum": 0, "nullable": true, "type": "integer" }, "consecutiveLocalOriginFailures": { "description": "The number of consecutive locally originated failures before ejection occurs.", + "maximum": 4294967295, + "minimum": 0, "nullable": true, "type": "integer" }, @@ -442,7 +456,7 @@ "description": "HTTP connection pool settings.", "properties": { "h2UpgradePolicy": { - "description": "Specify if http1.1 connection should be upgraded to http2 for the associated destination.", + "description": "Specify if http1.1 connection should be upgraded to http2 for the associated destination.\n\nValid Options: DEFAULT, DO_NOT_UPGRADE, UPGRADE", "enum": [ "DEFAULT", "DO_NOT_UPGRADE", @@ -516,6 +530,8 @@ }, "probes": { "description": "Maximum number of keepalive probes to send without response before deciding the connection is dead.", + "maximum": 4294967295, + "minimum": 0, "type": "integer" }, "time": { @@ -684,6 +700,7 @@ "properties": { "tableSize": { "description": "The table size for Maglev hashing.", + "minimum": 0, "type": "integer" } }, @@ -692,6 +709,7 @@ }, "minimumRingSize": { "description": "Deprecated.", + "minimum": 0, "type": "integer" }, "ringHash": { @@ -699,6 +717,7 @@ "properties": { "minimumRingSize": { "description": "The minimum number of virtual nodes to use for the hash ring.", + "minimum": 0, "type": "integer" } }, @@ -725,6 +744,8 @@ }, "to": { "additionalProperties": { + "maximum": 4294967295, + "minimum": 0, "type": "integer" }, "description": "Map of upstream localities to traffic distribution weights.", @@ -771,6 +792,7 @@ "additionalProperties": false }, "simple": { + "description": "\n\nValid Options: LEAST_CONN, RANDOM, PASSTHROUGH, ROUND_ROBIN, LEAST_REQUEST", "enum": [ "UNSPECIFIED", "LEAST_CONN", @@ -797,6 +819,8 @@ }, "consecutive5xxErrors": { "description": "Number of 5xx errors before a host is ejected from the connection pool.", + "maximum": 4294967295, + "minimum": 0, "nullable": true, "type": "integer" }, @@ -806,11 +830,15 @@ }, "consecutiveGatewayErrors": { "description": "Number of gateway errors before a host is ejected from the connection pool.", + "maximum": 4294967295, + "minimum": 0, "nullable": true, "type": "integer" }, "consecutiveLocalOriginFailures": { "description": "The number of consecutive locally originated failures before ejection occurs.", + "maximum": 4294967295, + "minimum": 0, "nullable": true, "type": "integer" }, @@ -840,6 +868,8 @@ "description": "Specifies the number of a port on the destination service on which this policy is being applied.", "properties": { "number": { + "maximum": 4294967295, + "minimum": 0, "type": "integer" } }, @@ -853,6 +883,10 @@ "description": "OPTIONAL: The path to the file containing certificate authority certificates to use in verifying a presented server certificate.", "type": "string" }, + "caCrl": { + "description": "OPTIONAL: The path to the file containing the certificate revocation list (CRL) to use in verifying a presented server certificate.", + "type": "string" + }, "clientCertificate": { "description": "REQUIRED if mode is `MUTUAL`.", "type": "string" @@ -867,7 +901,7 @@ "type": "boolean" }, "mode": { - "description": "Indicates whether connections to this port should be secured using TLS.", + "description": "Indicates whether connections to this port should be secured using TLS.\n\nValid Options: DISABLE, SIMPLE, MUTUAL, ISTIO_MUTUAL", "enum": [ "DISABLE", "SIMPLE", @@ -905,7 +939,7 @@ "description": "The upstream PROXY protocol settings.", "properties": { "version": { - "description": "The PROXY protocol version to use.", + "description": "The PROXY protocol version to use.\n\nValid Options: V1, V2", "enum": [ "V1", "V2" @@ -923,6 +957,10 @@ "description": "OPTIONAL: The path to the file containing certificate authority certificates to use in verifying a presented server certificate.", "type": "string" }, + "caCrl": { + "description": "OPTIONAL: The path to the file containing the certificate revocation list (CRL) to use in verifying a presented server certificate.", + "type": "string" + }, "clientCertificate": { "description": "REQUIRED if mode is `MUTUAL`.", "type": "string" @@ -937,7 +975,7 @@ "type": "boolean" }, "mode": { - "description": "Indicates whether connections to this port should be secured using TLS.", + "description": "Indicates whether connections to this port should be secured using TLS.\n\nValid Options: DISABLE, SIMPLE, MUTUAL, ISTIO_MUTUAL", "enum": [ "DISABLE", "SIMPLE", @@ -978,6 +1016,8 @@ }, "targetPort": { "description": "Specifies a port to which the downstream connection is tunneled.", + "maximum": 4294967295, + "minimum": 0, "type": "integer" } }, @@ -1010,7 +1050,7 @@ "description": "HTTP connection pool settings.", "properties": { "h2UpgradePolicy": { - "description": "Specify if http1.1 connection should be upgraded to http2 for the associated destination.", + "description": "Specify if http1.1 connection should be upgraded to http2 for the associated destination.\n\nValid Options: DEFAULT, DO_NOT_UPGRADE, UPGRADE", "enum": [ "DEFAULT", "DO_NOT_UPGRADE", @@ -1084,6 +1124,8 @@ }, "probes": { "description": "Maximum number of keepalive probes to send without response before deciding the connection is dead.", + "maximum": 4294967295, + "minimum": 0, "type": "integer" }, "time": { @@ -1252,6 +1294,7 @@ "properties": { "tableSize": { "description": "The table size for Maglev hashing.", + "minimum": 0, "type": "integer" } }, @@ -1260,6 +1303,7 @@ }, "minimumRingSize": { "description": "Deprecated.", + "minimum": 0, "type": "integer" }, "ringHash": { @@ -1267,6 +1311,7 @@ "properties": { "minimumRingSize": { "description": "The minimum number of virtual nodes to use for the hash ring.", + "minimum": 0, "type": "integer" } }, @@ -1293,6 +1338,8 @@ }, "to": { "additionalProperties": { + "maximum": 4294967295, + "minimum": 0, "type": "integer" }, "description": "Map of upstream localities to traffic distribution weights.", @@ -1339,6 +1386,7 @@ "additionalProperties": false }, "simple": { + "description": "\n\nValid Options: LEAST_CONN, RANDOM, PASSTHROUGH, ROUND_ROBIN, LEAST_REQUEST", "enum": [ "UNSPECIFIED", "LEAST_CONN", @@ -1365,6 +1413,8 @@ }, "consecutive5xxErrors": { "description": "Number of 5xx errors before a host is ejected from the connection pool.", + "maximum": 4294967295, + "minimum": 0, "nullable": true, "type": "integer" }, @@ -1374,11 +1424,15 @@ }, "consecutiveGatewayErrors": { "description": "Number of gateway errors before a host is ejected from the connection pool.", + "maximum": 4294967295, + "minimum": 0, "nullable": true, "type": "integer" }, "consecutiveLocalOriginFailures": { "description": "The number of consecutive locally originated failures before ejection occurs.", + "maximum": 4294967295, + "minimum": 0, "nullable": true, "type": "integer" }, @@ -1414,7 +1468,7 @@ "description": "HTTP connection pool settings.", "properties": { "h2UpgradePolicy": { - "description": "Specify if http1.1 connection should be upgraded to http2 for the associated destination.", + "description": "Specify if http1.1 connection should be upgraded to http2 for the associated destination.\n\nValid Options: DEFAULT, DO_NOT_UPGRADE, UPGRADE", "enum": [ "DEFAULT", "DO_NOT_UPGRADE", @@ -1488,6 +1542,8 @@ }, "probes": { "description": "Maximum number of keepalive probes to send without response before deciding the connection is dead.", + "maximum": 4294967295, + "minimum": 0, "type": "integer" }, "time": { @@ -1656,6 +1712,7 @@ "properties": { "tableSize": { "description": "The table size for Maglev hashing.", + "minimum": 0, "type": "integer" } }, @@ -1664,6 +1721,7 @@ }, "minimumRingSize": { "description": "Deprecated.", + "minimum": 0, "type": "integer" }, "ringHash": { @@ -1671,6 +1729,7 @@ "properties": { "minimumRingSize": { "description": "The minimum number of virtual nodes to use for the hash ring.", + "minimum": 0, "type": "integer" } }, @@ -1697,6 +1756,8 @@ }, "to": { "additionalProperties": { + "maximum": 4294967295, + "minimum": 0, "type": "integer" }, "description": "Map of upstream localities to traffic distribution weights.", @@ -1743,6 +1804,7 @@ "additionalProperties": false }, "simple": { + "description": "\n\nValid Options: LEAST_CONN, RANDOM, PASSTHROUGH, ROUND_ROBIN, LEAST_REQUEST", "enum": [ "UNSPECIFIED", "LEAST_CONN", @@ -1769,6 +1831,8 @@ }, "consecutive5xxErrors": { "description": "Number of 5xx errors before a host is ejected from the connection pool.", + "maximum": 4294967295, + "minimum": 0, "nullable": true, "type": "integer" }, @@ -1778,11 +1842,15 @@ }, "consecutiveGatewayErrors": { "description": "Number of gateway errors before a host is ejected from the connection pool.", + "maximum": 4294967295, + "minimum": 0, "nullable": true, "type": "integer" }, "consecutiveLocalOriginFailures": { "description": "The number of consecutive locally originated failures before ejection occurs.", + "maximum": 4294967295, + "minimum": 0, "nullable": true, "type": "integer" }, @@ -1812,6 +1880,8 @@ "description": "Specifies the number of a port on the destination service on which this policy is being applied.", "properties": { "number": { + "maximum": 4294967295, + "minimum": 0, "type": "integer" } }, @@ -1825,6 +1895,10 @@ "description": "OPTIONAL: The path to the file containing certificate authority certificates to use in verifying a presented server certificate.", "type": "string" }, + "caCrl": { + "description": "OPTIONAL: The path to the file containing the certificate revocation list (CRL) to use in verifying a presented server certificate.", + "type": "string" + }, "clientCertificate": { "description": "REQUIRED if mode is `MUTUAL`.", "type": "string" @@ -1839,7 +1913,7 @@ "type": "boolean" }, "mode": { - "description": "Indicates whether connections to this port should be secured using TLS.", + "description": "Indicates whether connections to this port should be secured using TLS.\n\nValid Options: DISABLE, SIMPLE, MUTUAL, ISTIO_MUTUAL", "enum": [ "DISABLE", "SIMPLE", @@ -1877,7 +1951,7 @@ "description": "The upstream PROXY protocol settings.", "properties": { "version": { - "description": "The PROXY protocol version to use.", + "description": "The PROXY protocol version to use.\n\nValid Options: V1, V2", "enum": [ "V1", "V2" @@ -1895,6 +1969,10 @@ "description": "OPTIONAL: The path to the file containing certificate authority certificates to use in verifying a presented server certificate.", "type": "string" }, + "caCrl": { + "description": "OPTIONAL: The path to the file containing the certificate revocation list (CRL) to use in verifying a presented server certificate.", + "type": "string" + }, "clientCertificate": { "description": "REQUIRED if mode is `MUTUAL`.", "type": "string" @@ -1909,7 +1987,7 @@ "type": "boolean" }, "mode": { - "description": "Indicates whether connections to this port should be secured using TLS.", + "description": "Indicates whether connections to this port should be secured using TLS.\n\nValid Options: DISABLE, SIMPLE, MUTUAL, ISTIO_MUTUAL", "enum": [ "DISABLE", "SIMPLE", @@ -1950,6 +2028,8 @@ }, "targetPort": { "description": "Specifies a port to which the downstream connection is tunneled.", + "maximum": 4294967295, + "minimum": 0, "type": "integer" } }, diff --git a/networking.istio.io/destinationrule_v1beta1.json b/networking.istio.io/destinationrule_v1beta1.json index 3d31f5e3..271c14af 100644 --- a/networking.istio.io/destinationrule_v1beta1.json +++ b/networking.istio.io/destinationrule_v1beta1.json @@ -38,7 +38,7 @@ "description": "HTTP connection pool settings.", "properties": { "h2UpgradePolicy": { - "description": "Specify if http1.1 connection should be upgraded to http2 for the associated destination.", + "description": "Specify if http1.1 connection should be upgraded to http2 for the associated destination.\n\nValid Options: DEFAULT, DO_NOT_UPGRADE, UPGRADE", "enum": [ "DEFAULT", "DO_NOT_UPGRADE", @@ -112,6 +112,8 @@ }, "probes": { "description": "Maximum number of keepalive probes to send without response before deciding the connection is dead.", + "maximum": 4294967295, + "minimum": 0, "type": "integer" }, "time": { @@ -280,6 +282,7 @@ "properties": { "tableSize": { "description": "The table size for Maglev hashing.", + "minimum": 0, "type": "integer" } }, @@ -288,6 +291,7 @@ }, "minimumRingSize": { "description": "Deprecated.", + "minimum": 0, "type": "integer" }, "ringHash": { @@ -295,6 +299,7 @@ "properties": { "minimumRingSize": { "description": "The minimum number of virtual nodes to use for the hash ring.", + "minimum": 0, "type": "integer" } }, @@ -321,6 +326,8 @@ }, "to": { "additionalProperties": { + "maximum": 4294967295, + "minimum": 0, "type": "integer" }, "description": "Map of upstream localities to traffic distribution weights.", @@ -367,6 +374,7 @@ "additionalProperties": false }, "simple": { + "description": "\n\nValid Options: LEAST_CONN, RANDOM, PASSTHROUGH, ROUND_ROBIN, LEAST_REQUEST", "enum": [ "UNSPECIFIED", "LEAST_CONN", @@ -393,6 +401,8 @@ }, "consecutive5xxErrors": { "description": "Number of 5xx errors before a host is ejected from the connection pool.", + "maximum": 4294967295, + "minimum": 0, "nullable": true, "type": "integer" }, @@ -402,11 +412,15 @@ }, "consecutiveGatewayErrors": { "description": "Number of gateway errors before a host is ejected from the connection pool.", + "maximum": 4294967295, + "minimum": 0, "nullable": true, "type": "integer" }, "consecutiveLocalOriginFailures": { "description": "The number of consecutive locally originated failures before ejection occurs.", + "maximum": 4294967295, + "minimum": 0, "nullable": true, "type": "integer" }, @@ -442,7 +456,7 @@ "description": "HTTP connection pool settings.", "properties": { "h2UpgradePolicy": { - "description": "Specify if http1.1 connection should be upgraded to http2 for the associated destination.", + "description": "Specify if http1.1 connection should be upgraded to http2 for the associated destination.\n\nValid Options: DEFAULT, DO_NOT_UPGRADE, UPGRADE", "enum": [ "DEFAULT", "DO_NOT_UPGRADE", @@ -516,6 +530,8 @@ }, "probes": { "description": "Maximum number of keepalive probes to send without response before deciding the connection is dead.", + "maximum": 4294967295, + "minimum": 0, "type": "integer" }, "time": { @@ -684,6 +700,7 @@ "properties": { "tableSize": { "description": "The table size for Maglev hashing.", + "minimum": 0, "type": "integer" } }, @@ -692,6 +709,7 @@ }, "minimumRingSize": { "description": "Deprecated.", + "minimum": 0, "type": "integer" }, "ringHash": { @@ -699,6 +717,7 @@ "properties": { "minimumRingSize": { "description": "The minimum number of virtual nodes to use for the hash ring.", + "minimum": 0, "type": "integer" } }, @@ -725,6 +744,8 @@ }, "to": { "additionalProperties": { + "maximum": 4294967295, + "minimum": 0, "type": "integer" }, "description": "Map of upstream localities to traffic distribution weights.", @@ -771,6 +792,7 @@ "additionalProperties": false }, "simple": { + "description": "\n\nValid Options: LEAST_CONN, RANDOM, PASSTHROUGH, ROUND_ROBIN, LEAST_REQUEST", "enum": [ "UNSPECIFIED", "LEAST_CONN", @@ -797,6 +819,8 @@ }, "consecutive5xxErrors": { "description": "Number of 5xx errors before a host is ejected from the connection pool.", + "maximum": 4294967295, + "minimum": 0, "nullable": true, "type": "integer" }, @@ -806,11 +830,15 @@ }, "consecutiveGatewayErrors": { "description": "Number of gateway errors before a host is ejected from the connection pool.", + "maximum": 4294967295, + "minimum": 0, "nullable": true, "type": "integer" }, "consecutiveLocalOriginFailures": { "description": "The number of consecutive locally originated failures before ejection occurs.", + "maximum": 4294967295, + "minimum": 0, "nullable": true, "type": "integer" }, @@ -840,6 +868,8 @@ "description": "Specifies the number of a port on the destination service on which this policy is being applied.", "properties": { "number": { + "maximum": 4294967295, + "minimum": 0, "type": "integer" } }, @@ -853,6 +883,10 @@ "description": "OPTIONAL: The path to the file containing certificate authority certificates to use in verifying a presented server certificate.", "type": "string" }, + "caCrl": { + "description": "OPTIONAL: The path to the file containing the certificate revocation list (CRL) to use in verifying a presented server certificate.", + "type": "string" + }, "clientCertificate": { "description": "REQUIRED if mode is `MUTUAL`.", "type": "string" @@ -867,7 +901,7 @@ "type": "boolean" }, "mode": { - "description": "Indicates whether connections to this port should be secured using TLS.", + "description": "Indicates whether connections to this port should be secured using TLS.\n\nValid Options: DISABLE, SIMPLE, MUTUAL, ISTIO_MUTUAL", "enum": [ "DISABLE", "SIMPLE", @@ -905,7 +939,7 @@ "description": "The upstream PROXY protocol settings.", "properties": { "version": { - "description": "The PROXY protocol version to use.", + "description": "The PROXY protocol version to use.\n\nValid Options: V1, V2", "enum": [ "V1", "V2" @@ -923,6 +957,10 @@ "description": "OPTIONAL: The path to the file containing certificate authority certificates to use in verifying a presented server certificate.", "type": "string" }, + "caCrl": { + "description": "OPTIONAL: The path to the file containing the certificate revocation list (CRL) to use in verifying a presented server certificate.", + "type": "string" + }, "clientCertificate": { "description": "REQUIRED if mode is `MUTUAL`.", "type": "string" @@ -937,7 +975,7 @@ "type": "boolean" }, "mode": { - "description": "Indicates whether connections to this port should be secured using TLS.", + "description": "Indicates whether connections to this port should be secured using TLS.\n\nValid Options: DISABLE, SIMPLE, MUTUAL, ISTIO_MUTUAL", "enum": [ "DISABLE", "SIMPLE", @@ -978,6 +1016,8 @@ }, "targetPort": { "description": "Specifies a port to which the downstream connection is tunneled.", + "maximum": 4294967295, + "minimum": 0, "type": "integer" } }, @@ -1010,7 +1050,7 @@ "description": "HTTP connection pool settings.", "properties": { "h2UpgradePolicy": { - "description": "Specify if http1.1 connection should be upgraded to http2 for the associated destination.", + "description": "Specify if http1.1 connection should be upgraded to http2 for the associated destination.\n\nValid Options: DEFAULT, DO_NOT_UPGRADE, UPGRADE", "enum": [ "DEFAULT", "DO_NOT_UPGRADE", @@ -1084,6 +1124,8 @@ }, "probes": { "description": "Maximum number of keepalive probes to send without response before deciding the connection is dead.", + "maximum": 4294967295, + "minimum": 0, "type": "integer" }, "time": { @@ -1252,6 +1294,7 @@ "properties": { "tableSize": { "description": "The table size for Maglev hashing.", + "minimum": 0, "type": "integer" } }, @@ -1260,6 +1303,7 @@ }, "minimumRingSize": { "description": "Deprecated.", + "minimum": 0, "type": "integer" }, "ringHash": { @@ -1267,6 +1311,7 @@ "properties": { "minimumRingSize": { "description": "The minimum number of virtual nodes to use for the hash ring.", + "minimum": 0, "type": "integer" } }, @@ -1293,6 +1338,8 @@ }, "to": { "additionalProperties": { + "maximum": 4294967295, + "minimum": 0, "type": "integer" }, "description": "Map of upstream localities to traffic distribution weights.", @@ -1339,6 +1386,7 @@ "additionalProperties": false }, "simple": { + "description": "\n\nValid Options: LEAST_CONN, RANDOM, PASSTHROUGH, ROUND_ROBIN, LEAST_REQUEST", "enum": [ "UNSPECIFIED", "LEAST_CONN", @@ -1365,6 +1413,8 @@ }, "consecutive5xxErrors": { "description": "Number of 5xx errors before a host is ejected from the connection pool.", + "maximum": 4294967295, + "minimum": 0, "nullable": true, "type": "integer" }, @@ -1374,11 +1424,15 @@ }, "consecutiveGatewayErrors": { "description": "Number of gateway errors before a host is ejected from the connection pool.", + "maximum": 4294967295, + "minimum": 0, "nullable": true, "type": "integer" }, "consecutiveLocalOriginFailures": { "description": "The number of consecutive locally originated failures before ejection occurs.", + "maximum": 4294967295, + "minimum": 0, "nullable": true, "type": "integer" }, @@ -1414,7 +1468,7 @@ "description": "HTTP connection pool settings.", "properties": { "h2UpgradePolicy": { - "description": "Specify if http1.1 connection should be upgraded to http2 for the associated destination.", + "description": "Specify if http1.1 connection should be upgraded to http2 for the associated destination.\n\nValid Options: DEFAULT, DO_NOT_UPGRADE, UPGRADE", "enum": [ "DEFAULT", "DO_NOT_UPGRADE", @@ -1488,6 +1542,8 @@ }, "probes": { "description": "Maximum number of keepalive probes to send without response before deciding the connection is dead.", + "maximum": 4294967295, + "minimum": 0, "type": "integer" }, "time": { @@ -1656,6 +1712,7 @@ "properties": { "tableSize": { "description": "The table size for Maglev hashing.", + "minimum": 0, "type": "integer" } }, @@ -1664,6 +1721,7 @@ }, "minimumRingSize": { "description": "Deprecated.", + "minimum": 0, "type": "integer" }, "ringHash": { @@ -1671,6 +1729,7 @@ "properties": { "minimumRingSize": { "description": "The minimum number of virtual nodes to use for the hash ring.", + "minimum": 0, "type": "integer" } }, @@ -1697,6 +1756,8 @@ }, "to": { "additionalProperties": { + "maximum": 4294967295, + "minimum": 0, "type": "integer" }, "description": "Map of upstream localities to traffic distribution weights.", @@ -1743,6 +1804,7 @@ "additionalProperties": false }, "simple": { + "description": "\n\nValid Options: LEAST_CONN, RANDOM, PASSTHROUGH, ROUND_ROBIN, LEAST_REQUEST", "enum": [ "UNSPECIFIED", "LEAST_CONN", @@ -1769,6 +1831,8 @@ }, "consecutive5xxErrors": { "description": "Number of 5xx errors before a host is ejected from the connection pool.", + "maximum": 4294967295, + "minimum": 0, "nullable": true, "type": "integer" }, @@ -1778,11 +1842,15 @@ }, "consecutiveGatewayErrors": { "description": "Number of gateway errors before a host is ejected from the connection pool.", + "maximum": 4294967295, + "minimum": 0, "nullable": true, "type": "integer" }, "consecutiveLocalOriginFailures": { "description": "The number of consecutive locally originated failures before ejection occurs.", + "maximum": 4294967295, + "minimum": 0, "nullable": true, "type": "integer" }, @@ -1812,6 +1880,8 @@ "description": "Specifies the number of a port on the destination service on which this policy is being applied.", "properties": { "number": { + "maximum": 4294967295, + "minimum": 0, "type": "integer" } }, @@ -1825,6 +1895,10 @@ "description": "OPTIONAL: The path to the file containing certificate authority certificates to use in verifying a presented server certificate.", "type": "string" }, + "caCrl": { + "description": "OPTIONAL: The path to the file containing the certificate revocation list (CRL) to use in verifying a presented server certificate.", + "type": "string" + }, "clientCertificate": { "description": "REQUIRED if mode is `MUTUAL`.", "type": "string" @@ -1839,7 +1913,7 @@ "type": "boolean" }, "mode": { - "description": "Indicates whether connections to this port should be secured using TLS.", + "description": "Indicates whether connections to this port should be secured using TLS.\n\nValid Options: DISABLE, SIMPLE, MUTUAL, ISTIO_MUTUAL", "enum": [ "DISABLE", "SIMPLE", @@ -1877,7 +1951,7 @@ "description": "The upstream PROXY protocol settings.", "properties": { "version": { - "description": "The PROXY protocol version to use.", + "description": "The PROXY protocol version to use.\n\nValid Options: V1, V2", "enum": [ "V1", "V2" @@ -1895,6 +1969,10 @@ "description": "OPTIONAL: The path to the file containing certificate authority certificates to use in verifying a presented server certificate.", "type": "string" }, + "caCrl": { + "description": "OPTIONAL: The path to the file containing the certificate revocation list (CRL) to use in verifying a presented server certificate.", + "type": "string" + }, "clientCertificate": { "description": "REQUIRED if mode is `MUTUAL`.", "type": "string" @@ -1909,7 +1987,7 @@ "type": "boolean" }, "mode": { - "description": "Indicates whether connections to this port should be secured using TLS.", + "description": "Indicates whether connections to this port should be secured using TLS.\n\nValid Options: DISABLE, SIMPLE, MUTUAL, ISTIO_MUTUAL", "enum": [ "DISABLE", "SIMPLE", @@ -1950,6 +2028,8 @@ }, "targetPort": { "description": "Specifies a port to which the downstream connection is tunneled.", + "maximum": 4294967295, + "minimum": 0, "type": "integer" } }, diff --git a/networking.istio.io/envoyfilter_v1alpha3.json b/networking.istio.io/envoyfilter_v1alpha3.json index 2061852d..ebae7113 100644 --- a/networking.istio.io/envoyfilter_v1alpha3.json +++ b/networking.istio.io/envoyfilter_v1alpha3.json @@ -8,7 +8,7 @@ "items": { "properties": { "applyTo": { - "description": "Specifies where in the Envoy configuration, the patch should be applied.", + "description": "Specifies where in the Envoy configuration, the patch should be applied.\n\nValid Options: LISTENER, FILTER_CHAIN, NETWORK_FILTER, HTTP_FILTER, ROUTE_CONFIGURATION, VIRTUAL_HOST, HTTP_ROUTE, CLUSTER, EXTENSION_CONFIG, BOOTSTRAP, LISTENER_FILTER", "enum": [ "INVALID", "LISTENER", @@ -75,6 +75,8 @@ }, "portNumber": { "description": "The service port for which this cluster was generated.", + "maximum": 4294967295, + "minimum": 0, "type": "integer" }, "service": { @@ -90,7 +92,7 @@ "additionalProperties": false }, "context": { - "description": "The specific config generation context to match on.", + "description": "The specific config generation context to match on.\n\nValid Options: ANY, SIDECAR_INBOUND, SIDECAR_OUTBOUND, GATEWAY", "enum": [ "ANY", "SIDECAR_INBOUND", @@ -111,6 +113,8 @@ }, "destinationPort": { "description": "The destination_port value used by a filter chain's match condition.", + "maximum": 4294967295, + "minimum": 0, "type": "integer" }, "filter": { @@ -164,6 +168,8 @@ }, "portNumber": { "description": "The service port/gateway port to which traffic is being sent/received.", + "maximum": 4294967295, + "minimum": 0, "type": "integer" } }, @@ -205,6 +211,8 @@ }, "portNumber": { "description": "The service port number or gateway server port number for which this route configuration was generated.", + "maximum": 4294967295, + "minimum": 0, "type": "integer" }, "vhost": { @@ -218,7 +226,7 @@ "description": "Match a specific route within the virtual host.", "properties": { "action": { - "description": "Match a route with specific action type.", + "description": "Match a route with specific action type.\n\nValid Options: ANY, ROUTE, REDIRECT, DIRECT_RESPONSE", "enum": [ "ANY", "ROUTE", @@ -251,7 +259,7 @@ "description": "The patch to apply along with the operation.", "properties": { "filterClass": { - "description": "Determines the filter insertion order.", + "description": "Determines the filter insertion order.\n\nValid Options: AUTHN, AUTHZ, STATS", "enum": [ "UNSPECIFIED", "AUTHN", @@ -261,7 +269,7 @@ "type": "string" }, "operation": { - "description": "Determines how the patch should be applied.", + "description": "Determines how the patch should be applied.\n\nValid Options: MERGE, ADD, REMOVE, INSERT_BEFORE, INSERT_AFTER, INSERT_FIRST, REPLACE", "enum": [ "INVALID", "MERGE", @@ -294,6 +302,32 @@ "format": "int32", "type": "integer" }, + "targetRefs": { + "description": "Optional.", + "items": { + "properties": { + "group": { + "description": "group is the group of the target resource.", + "type": "string" + }, + "kind": { + "description": "kind is kind of the target resource.", + "type": "string" + }, + "name": { + "description": "name is the name of the target resource.", + "type": "string" + }, + "namespace": { + "description": "namespace is the namespace of the referent.", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + }, + "type": "array" + }, "workloadSelector": { "description": "Criteria used to select the specific set of pods/VMs on which this patch configuration should be applied.", "properties": { diff --git a/networking.istio.io/gateway_v1alpha3.json b/networking.istio.io/gateway_v1alpha3.json index 2a185046..74cc9d1d 100644 --- a/networking.istio.io/gateway_v1alpha3.json +++ b/networking.istio.io/gateway_v1alpha3.json @@ -41,6 +41,8 @@ }, "number": { "description": "A valid non-negative integer port number.", + "maximum": 4294967295, + "minimum": 0, "type": "integer" }, "protocol": { @@ -48,6 +50,8 @@ "type": "string" }, "targetPort": { + "maximum": 4294967295, + "minimum": 0, "type": "integer" } }, @@ -66,6 +70,10 @@ "description": "REQUIRED if mode is `MUTUAL` or `OPTIONAL_MUTUAL`.", "type": "string" }, + "caCrl": { + "description": "OPTIONAL: The path to the file containing the certificate revocation list (CRL) to use in verifying a presented client side certificate.", + "type": "string" + }, "cipherSuites": { "description": "Optional: If specified, only support the specified cipher list.", "items": { @@ -82,7 +90,7 @@ "type": "boolean" }, "maxProtocolVersion": { - "description": "Optional: Maximum TLS protocol version.", + "description": "Optional: Maximum TLS protocol version.\n\nValid Options: TLS_AUTO, TLSV1_0, TLSV1_1, TLSV1_2, TLSV1_3", "enum": [ "TLS_AUTO", "TLSV1_0", @@ -93,7 +101,7 @@ "type": "string" }, "minProtocolVersion": { - "description": "Optional: Minimum TLS protocol version.", + "description": "Optional: Minimum TLS protocol version.\n\nValid Options: TLS_AUTO, TLSV1_0, TLSV1_1, TLSV1_2, TLSV1_3", "enum": [ "TLS_AUTO", "TLSV1_0", @@ -104,7 +112,7 @@ "type": "string" }, "mode": { - "description": "Optional: Indicates whether connections to this port should be secured using TLS.", + "description": "Optional: Indicates whether connections to this port should be secured using TLS.\n\nValid Options: PASSTHROUGH, SIMPLE, MUTUAL, AUTO_PASSTHROUGH, ISTIO_MUTUAL, OPTIONAL_MUTUAL", "enum": [ "PASSTHROUGH", "SIMPLE", diff --git a/networking.istio.io/gateway_v1beta1.json b/networking.istio.io/gateway_v1beta1.json index 2a185046..74cc9d1d 100644 --- a/networking.istio.io/gateway_v1beta1.json +++ b/networking.istio.io/gateway_v1beta1.json @@ -41,6 +41,8 @@ }, "number": { "description": "A valid non-negative integer port number.", + "maximum": 4294967295, + "minimum": 0, "type": "integer" }, "protocol": { @@ -48,6 +50,8 @@ "type": "string" }, "targetPort": { + "maximum": 4294967295, + "minimum": 0, "type": "integer" } }, @@ -66,6 +70,10 @@ "description": "REQUIRED if mode is `MUTUAL` or `OPTIONAL_MUTUAL`.", "type": "string" }, + "caCrl": { + "description": "OPTIONAL: The path to the file containing the certificate revocation list (CRL) to use in verifying a presented client side certificate.", + "type": "string" + }, "cipherSuites": { "description": "Optional: If specified, only support the specified cipher list.", "items": { @@ -82,7 +90,7 @@ "type": "boolean" }, "maxProtocolVersion": { - "description": "Optional: Maximum TLS protocol version.", + "description": "Optional: Maximum TLS protocol version.\n\nValid Options: TLS_AUTO, TLSV1_0, TLSV1_1, TLSV1_2, TLSV1_3", "enum": [ "TLS_AUTO", "TLSV1_0", @@ -93,7 +101,7 @@ "type": "string" }, "minProtocolVersion": { - "description": "Optional: Minimum TLS protocol version.", + "description": "Optional: Minimum TLS protocol version.\n\nValid Options: TLS_AUTO, TLSV1_0, TLSV1_1, TLSV1_2, TLSV1_3", "enum": [ "TLS_AUTO", "TLSV1_0", @@ -104,7 +112,7 @@ "type": "string" }, "mode": { - "description": "Optional: Indicates whether connections to this port should be secured using TLS.", + "description": "Optional: Indicates whether connections to this port should be secured using TLS.\n\nValid Options: PASSTHROUGH, SIMPLE, MUTUAL, AUTO_PASSTHROUGH, ISTIO_MUTUAL, OPTIONAL_MUTUAL", "enum": [ "PASSTHROUGH", "SIMPLE", diff --git a/networking.istio.io/proxyconfig_v1beta1.json b/networking.istio.io/proxyconfig_v1beta1.json index 110a3800..fb7a178f 100644 --- a/networking.istio.io/proxyconfig_v1beta1.json +++ b/networking.istio.io/proxyconfig_v1beta1.json @@ -5,6 +5,7 @@ "properties": { "concurrency": { "description": "The number of worker threads to run.", + "format": "int32", "nullable": true, "type": "integer" }, diff --git a/networking.istio.io/serviceentry_v1alpha3.json b/networking.istio.io/serviceentry_v1alpha3.json index e1f3f77f..61cdb6c5 100644 --- a/networking.istio.io/serviceentry_v1alpha3.json +++ b/networking.istio.io/serviceentry_v1alpha3.json @@ -35,6 +35,8 @@ }, "ports": { "additionalProperties": { + "maximum": 4294967295, + "minimum": 0, "type": "integer" }, "description": "Set of ports associated with the endpoint.", @@ -46,6 +48,8 @@ }, "weight": { "description": "The load balancing weight associated with the endpoint.", + "maximum": 4294967295, + "minimum": 0, "type": "integer" } }, @@ -69,7 +73,7 @@ "type": "array" }, "location": { - "description": "Specify whether the service should be considered external to the mesh or part of the mesh.", + "description": "Specify whether the service should be considered external to the mesh or part of the mesh.\n\nValid Options: MESH_EXTERNAL, MESH_INTERNAL", "enum": [ "MESH_EXTERNAL", "MESH_INTERNAL" @@ -86,6 +90,8 @@ }, "number": { "description": "A valid non-negative integer port number.", + "maximum": 4294967295, + "minimum": 0, "type": "integer" }, "protocol": { @@ -94,6 +100,8 @@ }, "targetPort": { "description": "The port number on the endpoint where the traffic will be received.", + "maximum": 4294967295, + "minimum": 0, "type": "integer" } }, @@ -107,7 +115,7 @@ "type": "array" }, "resolution": { - "description": "Service resolution mode for the hosts.", + "description": "Service resolution mode for the hosts.\n\nValid Options: NONE, STATIC, DNS, DNS_ROUND_ROBIN", "enum": [ "NONE", "STATIC", diff --git a/networking.istio.io/serviceentry_v1beta1.json b/networking.istio.io/serviceentry_v1beta1.json index e1f3f77f..61cdb6c5 100644 --- a/networking.istio.io/serviceentry_v1beta1.json +++ b/networking.istio.io/serviceentry_v1beta1.json @@ -35,6 +35,8 @@ }, "ports": { "additionalProperties": { + "maximum": 4294967295, + "minimum": 0, "type": "integer" }, "description": "Set of ports associated with the endpoint.", @@ -46,6 +48,8 @@ }, "weight": { "description": "The load balancing weight associated with the endpoint.", + "maximum": 4294967295, + "minimum": 0, "type": "integer" } }, @@ -69,7 +73,7 @@ "type": "array" }, "location": { - "description": "Specify whether the service should be considered external to the mesh or part of the mesh.", + "description": "Specify whether the service should be considered external to the mesh or part of the mesh.\n\nValid Options: MESH_EXTERNAL, MESH_INTERNAL", "enum": [ "MESH_EXTERNAL", "MESH_INTERNAL" @@ -86,6 +90,8 @@ }, "number": { "description": "A valid non-negative integer port number.", + "maximum": 4294967295, + "minimum": 0, "type": "integer" }, "protocol": { @@ -94,6 +100,8 @@ }, "targetPort": { "description": "The port number on the endpoint where the traffic will be received.", + "maximum": 4294967295, + "minimum": 0, "type": "integer" } }, @@ -107,7 +115,7 @@ "type": "array" }, "resolution": { - "description": "Service resolution mode for the hosts.", + "description": "Service resolution mode for the hosts.\n\nValid Options: NONE, STATIC, DNS, DNS_ROUND_ROBIN", "enum": [ "NONE", "STATIC", diff --git a/networking.istio.io/sidecar_v1alpha3.json b/networking.istio.io/sidecar_v1alpha3.json index 1e2e248b..38472543 100644 --- a/networking.istio.io/sidecar_v1alpha3.json +++ b/networking.istio.io/sidecar_v1alpha3.json @@ -12,7 +12,7 @@ "type": "string" }, "captureMode": { - "description": "When the bind address is an IP, the captureMode option dictates how traffic to the listener is expected to be captured (or not).", + "description": "When the bind address is an IP, the captureMode option dictates how traffic to the listener is expected to be captured (or not).\n\nValid Options: DEFAULT, IPTABLES, NONE", "enum": [ "DEFAULT", "IPTABLES", @@ -36,6 +36,8 @@ }, "number": { "description": "A valid non-negative integer port number.", + "maximum": 4294967295, + "minimum": 0, "type": "integer" }, "protocol": { @@ -43,6 +45,8 @@ "type": "string" }, "targetPort": { + "maximum": 4294967295, + "minimum": 0, "type": "integer" } }, @@ -65,7 +69,7 @@ "description": "HTTP connection pool settings.", "properties": { "h2UpgradePolicy": { - "description": "Specify if http1.1 connection should be upgraded to http2 for the associated destination.", + "description": "Specify if http1.1 connection should be upgraded to http2 for the associated destination.\n\nValid Options: DEFAULT, DO_NOT_UPGRADE, UPGRADE", "enum": [ "DEFAULT", "DO_NOT_UPGRADE", @@ -139,6 +143,8 @@ }, "probes": { "description": "Maximum number of keepalive probes to send without response before deciding the connection is dead.", + "maximum": 4294967295, + "minimum": 0, "type": "integer" }, "time": { @@ -166,7 +172,7 @@ "type": "string" }, "captureMode": { - "description": "The captureMode option dictates how traffic to the listener is expected to be captured (or not).", + "description": "The captureMode option dictates how traffic to the listener is expected to be captured (or not).\n\nValid Options: DEFAULT, IPTABLES, NONE", "enum": [ "DEFAULT", "IPTABLES", @@ -181,7 +187,7 @@ "description": "HTTP connection pool settings.", "properties": { "h2UpgradePolicy": { - "description": "Specify if http1.1 connection should be upgraded to http2 for the associated destination.", + "description": "Specify if http1.1 connection should be upgraded to http2 for the associated destination.\n\nValid Options: DEFAULT, DO_NOT_UPGRADE, UPGRADE", "enum": [ "DEFAULT", "DO_NOT_UPGRADE", @@ -255,6 +261,8 @@ }, "probes": { "description": "Maximum number of keepalive probes to send without response before deciding the connection is dead.", + "maximum": 4294967295, + "minimum": 0, "type": "integer" }, "time": { @@ -286,6 +294,8 @@ }, "number": { "description": "A valid non-negative integer port number.", + "maximum": 4294967295, + "minimum": 0, "type": "integer" }, "protocol": { @@ -293,6 +303,8 @@ "type": "string" }, "targetPort": { + "maximum": 4294967295, + "minimum": 0, "type": "integer" } }, @@ -306,6 +318,10 @@ "description": "REQUIRED if mode is `MUTUAL` or `OPTIONAL_MUTUAL`.", "type": "string" }, + "caCrl": { + "description": "OPTIONAL: The path to the file containing the certificate revocation list (CRL) to use in verifying a presented client side certificate.", + "type": "string" + }, "cipherSuites": { "description": "Optional: If specified, only support the specified cipher list.", "items": { @@ -322,7 +338,7 @@ "type": "boolean" }, "maxProtocolVersion": { - "description": "Optional: Maximum TLS protocol version.", + "description": "Optional: Maximum TLS protocol version.\n\nValid Options: TLS_AUTO, TLSV1_0, TLSV1_1, TLSV1_2, TLSV1_3", "enum": [ "TLS_AUTO", "TLSV1_0", @@ -333,7 +349,7 @@ "type": "string" }, "minProtocolVersion": { - "description": "Optional: Minimum TLS protocol version.", + "description": "Optional: Minimum TLS protocol version.\n\nValid Options: TLS_AUTO, TLSV1_0, TLSV1_1, TLSV1_2, TLSV1_3", "enum": [ "TLS_AUTO", "TLSV1_0", @@ -344,7 +360,7 @@ "type": "string" }, "mode": { - "description": "Optional: Indicates whether connections to this port should be secured using TLS.", + "description": "Optional: Indicates whether connections to this port should be secured using TLS.\n\nValid Options: PASSTHROUGH, SIMPLE, MUTUAL, AUTO_PASSTHROUGH, ISTIO_MUTUAL, OPTIONAL_MUTUAL", "enum": [ "PASSTHROUGH", "SIMPLE", @@ -410,6 +426,8 @@ "description": "Specifies the port on the host that is being addressed.", "properties": { "number": { + "maximum": 4294967295, + "minimum": 0, "type": "integer" } }, @@ -428,6 +446,7 @@ "additionalProperties": false }, "mode": { + "description": "\n\nValid Options: REGISTRY_ONLY, ALLOW_ANY", "enum": [ "REGISTRY_ONLY", "ALLOW_ANY" diff --git a/networking.istio.io/sidecar_v1beta1.json b/networking.istio.io/sidecar_v1beta1.json index 1e2e248b..38472543 100644 --- a/networking.istio.io/sidecar_v1beta1.json +++ b/networking.istio.io/sidecar_v1beta1.json @@ -12,7 +12,7 @@ "type": "string" }, "captureMode": { - "description": "When the bind address is an IP, the captureMode option dictates how traffic to the listener is expected to be captured (or not).", + "description": "When the bind address is an IP, the captureMode option dictates how traffic to the listener is expected to be captured (or not).\n\nValid Options: DEFAULT, IPTABLES, NONE", "enum": [ "DEFAULT", "IPTABLES", @@ -36,6 +36,8 @@ }, "number": { "description": "A valid non-negative integer port number.", + "maximum": 4294967295, + "minimum": 0, "type": "integer" }, "protocol": { @@ -43,6 +45,8 @@ "type": "string" }, "targetPort": { + "maximum": 4294967295, + "minimum": 0, "type": "integer" } }, @@ -65,7 +69,7 @@ "description": "HTTP connection pool settings.", "properties": { "h2UpgradePolicy": { - "description": "Specify if http1.1 connection should be upgraded to http2 for the associated destination.", + "description": "Specify if http1.1 connection should be upgraded to http2 for the associated destination.\n\nValid Options: DEFAULT, DO_NOT_UPGRADE, UPGRADE", "enum": [ "DEFAULT", "DO_NOT_UPGRADE", @@ -139,6 +143,8 @@ }, "probes": { "description": "Maximum number of keepalive probes to send without response before deciding the connection is dead.", + "maximum": 4294967295, + "minimum": 0, "type": "integer" }, "time": { @@ -166,7 +172,7 @@ "type": "string" }, "captureMode": { - "description": "The captureMode option dictates how traffic to the listener is expected to be captured (or not).", + "description": "The captureMode option dictates how traffic to the listener is expected to be captured (or not).\n\nValid Options: DEFAULT, IPTABLES, NONE", "enum": [ "DEFAULT", "IPTABLES", @@ -181,7 +187,7 @@ "description": "HTTP connection pool settings.", "properties": { "h2UpgradePolicy": { - "description": "Specify if http1.1 connection should be upgraded to http2 for the associated destination.", + "description": "Specify if http1.1 connection should be upgraded to http2 for the associated destination.\n\nValid Options: DEFAULT, DO_NOT_UPGRADE, UPGRADE", "enum": [ "DEFAULT", "DO_NOT_UPGRADE", @@ -255,6 +261,8 @@ }, "probes": { "description": "Maximum number of keepalive probes to send without response before deciding the connection is dead.", + "maximum": 4294967295, + "minimum": 0, "type": "integer" }, "time": { @@ -286,6 +294,8 @@ }, "number": { "description": "A valid non-negative integer port number.", + "maximum": 4294967295, + "minimum": 0, "type": "integer" }, "protocol": { @@ -293,6 +303,8 @@ "type": "string" }, "targetPort": { + "maximum": 4294967295, + "minimum": 0, "type": "integer" } }, @@ -306,6 +318,10 @@ "description": "REQUIRED if mode is `MUTUAL` or `OPTIONAL_MUTUAL`.", "type": "string" }, + "caCrl": { + "description": "OPTIONAL: The path to the file containing the certificate revocation list (CRL) to use in verifying a presented client side certificate.", + "type": "string" + }, "cipherSuites": { "description": "Optional: If specified, only support the specified cipher list.", "items": { @@ -322,7 +338,7 @@ "type": "boolean" }, "maxProtocolVersion": { - "description": "Optional: Maximum TLS protocol version.", + "description": "Optional: Maximum TLS protocol version.\n\nValid Options: TLS_AUTO, TLSV1_0, TLSV1_1, TLSV1_2, TLSV1_3", "enum": [ "TLS_AUTO", "TLSV1_0", @@ -333,7 +349,7 @@ "type": "string" }, "minProtocolVersion": { - "description": "Optional: Minimum TLS protocol version.", + "description": "Optional: Minimum TLS protocol version.\n\nValid Options: TLS_AUTO, TLSV1_0, TLSV1_1, TLSV1_2, TLSV1_3", "enum": [ "TLS_AUTO", "TLSV1_0", @@ -344,7 +360,7 @@ "type": "string" }, "mode": { - "description": "Optional: Indicates whether connections to this port should be secured using TLS.", + "description": "Optional: Indicates whether connections to this port should be secured using TLS.\n\nValid Options: PASSTHROUGH, SIMPLE, MUTUAL, AUTO_PASSTHROUGH, ISTIO_MUTUAL, OPTIONAL_MUTUAL", "enum": [ "PASSTHROUGH", "SIMPLE", @@ -410,6 +426,8 @@ "description": "Specifies the port on the host that is being addressed.", "properties": { "number": { + "maximum": 4294967295, + "minimum": 0, "type": "integer" } }, @@ -428,6 +446,7 @@ "additionalProperties": false }, "mode": { + "description": "\n\nValid Options: REGISTRY_ONLY, ALLOW_ANY", "enum": [ "REGISTRY_ONLY", "ALLOW_ANY" diff --git a/networking.istio.io/virtualservice_v1alpha3.json b/networking.istio.io/virtualservice_v1alpha3.json index 8b0a1a98..75847433 100644 --- a/networking.istio.io/virtualservice_v1alpha3.json +++ b/networking.istio.io/virtualservice_v1alpha3.json @@ -192,6 +192,8 @@ }, "status": { "description": "Specifies the HTTP response status to be returned.", + "maximum": 4294967295, + "minimum": 0, "type": "integer" } }, @@ -577,6 +579,8 @@ }, "port": { "description": "Specifies the ports on the host that is being addressed.", + "maximum": 4294967295, + "minimum": 0, "type": "integer" }, "queryParams": { @@ -837,6 +841,8 @@ "description": "Specifies the port on the host that is being addressed.", "properties": { "number": { + "maximum": 4294967295, + "minimum": 0, "type": "integer" } }, @@ -855,10 +861,14 @@ "additionalProperties": false }, "mirror_percent": { + "maximum": 4294967295, + "minimum": 0, "nullable": true, "type": "integer" }, "mirrorPercent": { + "maximum": 4294967295, + "minimum": 0, "nullable": true, "type": "integer" }, @@ -888,6 +898,8 @@ "description": "Specifies the port on the host that is being addressed.", "properties": { "number": { + "maximum": 4294967295, + "minimum": 0, "type": "integer" } }, @@ -965,7 +977,7 @@ "type": "string" }, "derivePort": { - "description": "On a redirect, dynamically set the port: * FROM_PROTOCOL_DEFAULT: automatically set to 80 for HTTP and 443 for HTTPS.", + "description": "On a redirect, dynamically set the port: * FROM_PROTOCOL_DEFAULT: automatically set to 80 for HTTP and 443 for HTTPS.\n\nValid Options: FROM_PROTOCOL_DEFAULT, FROM_REQUEST_PORT", "enum": [ "FROM_PROTOCOL_DEFAULT", "FROM_REQUEST_PORT" @@ -974,10 +986,14 @@ }, "port": { "description": "On a redirect, overwrite the port portion of the URL with this value.", + "maximum": 4294967295, + "minimum": 0, "type": "integer" }, "redirectCode": { "description": "On a redirect, Specifies the HTTP status code to use in the redirect response.", + "maximum": 4294967295, + "minimum": 0, "type": "integer" }, "scheme": { @@ -1062,6 +1078,8 @@ "description": "Specifies the port on the host that is being addressed.", "properties": { "number": { + "maximum": 4294967295, + "minimum": 0, "type": "integer" } }, @@ -1181,6 +1199,8 @@ }, "port": { "description": "Specifies the port on the host that is being addressed.", + "maximum": 4294967295, + "minimum": 0, "type": "integer" }, "sourceLabels": { @@ -1218,6 +1238,8 @@ "description": "Specifies the port on the host that is being addressed.", "properties": { "number": { + "maximum": 4294967295, + "minimum": 0, "type": "integer" } }, @@ -1279,6 +1301,8 @@ }, "port": { "description": "Specifies the port on the host that is being addressed.", + "maximum": 4294967295, + "minimum": 0, "type": "integer" }, "sniHosts": { @@ -1323,6 +1347,8 @@ "description": "Specifies the port on the host that is being addressed.", "properties": { "number": { + "maximum": 4294967295, + "minimum": 0, "type": "integer" } }, diff --git a/networking.istio.io/virtualservice_v1beta1.json b/networking.istio.io/virtualservice_v1beta1.json index 8b0a1a98..75847433 100644 --- a/networking.istio.io/virtualservice_v1beta1.json +++ b/networking.istio.io/virtualservice_v1beta1.json @@ -192,6 +192,8 @@ }, "status": { "description": "Specifies the HTTP response status to be returned.", + "maximum": 4294967295, + "minimum": 0, "type": "integer" } }, @@ -577,6 +579,8 @@ }, "port": { "description": "Specifies the ports on the host that is being addressed.", + "maximum": 4294967295, + "minimum": 0, "type": "integer" }, "queryParams": { @@ -837,6 +841,8 @@ "description": "Specifies the port on the host that is being addressed.", "properties": { "number": { + "maximum": 4294967295, + "minimum": 0, "type": "integer" } }, @@ -855,10 +861,14 @@ "additionalProperties": false }, "mirror_percent": { + "maximum": 4294967295, + "minimum": 0, "nullable": true, "type": "integer" }, "mirrorPercent": { + "maximum": 4294967295, + "minimum": 0, "nullable": true, "type": "integer" }, @@ -888,6 +898,8 @@ "description": "Specifies the port on the host that is being addressed.", "properties": { "number": { + "maximum": 4294967295, + "minimum": 0, "type": "integer" } }, @@ -965,7 +977,7 @@ "type": "string" }, "derivePort": { - "description": "On a redirect, dynamically set the port: * FROM_PROTOCOL_DEFAULT: automatically set to 80 for HTTP and 443 for HTTPS.", + "description": "On a redirect, dynamically set the port: * FROM_PROTOCOL_DEFAULT: automatically set to 80 for HTTP and 443 for HTTPS.\n\nValid Options: FROM_PROTOCOL_DEFAULT, FROM_REQUEST_PORT", "enum": [ "FROM_PROTOCOL_DEFAULT", "FROM_REQUEST_PORT" @@ -974,10 +986,14 @@ }, "port": { "description": "On a redirect, overwrite the port portion of the URL with this value.", + "maximum": 4294967295, + "minimum": 0, "type": "integer" }, "redirectCode": { "description": "On a redirect, Specifies the HTTP status code to use in the redirect response.", + "maximum": 4294967295, + "minimum": 0, "type": "integer" }, "scheme": { @@ -1062,6 +1078,8 @@ "description": "Specifies the port on the host that is being addressed.", "properties": { "number": { + "maximum": 4294967295, + "minimum": 0, "type": "integer" } }, @@ -1181,6 +1199,8 @@ }, "port": { "description": "Specifies the port on the host that is being addressed.", + "maximum": 4294967295, + "minimum": 0, "type": "integer" }, "sourceLabels": { @@ -1218,6 +1238,8 @@ "description": "Specifies the port on the host that is being addressed.", "properties": { "number": { + "maximum": 4294967295, + "minimum": 0, "type": "integer" } }, @@ -1279,6 +1301,8 @@ }, "port": { "description": "Specifies the port on the host that is being addressed.", + "maximum": 4294967295, + "minimum": 0, "type": "integer" }, "sniHosts": { @@ -1323,6 +1347,8 @@ "description": "Specifies the port on the host that is being addressed.", "properties": { "number": { + "maximum": 4294967295, + "minimum": 0, "type": "integer" } }, diff --git a/networking.istio.io/workloadentry_v1alpha3.json b/networking.istio.io/workloadentry_v1alpha3.json index ca3de5df..225a1d36 100644 --- a/networking.istio.io/workloadentry_v1alpha3.json +++ b/networking.istio.io/workloadentry_v1alpha3.json @@ -24,6 +24,8 @@ }, "ports": { "additionalProperties": { + "maximum": 4294967295, + "minimum": 0, "type": "integer" }, "description": "Set of ports associated with the endpoint.", @@ -35,6 +37,8 @@ }, "weight": { "description": "The load balancing weight associated with the endpoint.", + "maximum": 4294967295, + "minimum": 0, "type": "integer" } }, diff --git a/networking.istio.io/workloadentry_v1beta1.json b/networking.istio.io/workloadentry_v1beta1.json index ca3de5df..225a1d36 100644 --- a/networking.istio.io/workloadentry_v1beta1.json +++ b/networking.istio.io/workloadentry_v1beta1.json @@ -24,6 +24,8 @@ }, "ports": { "additionalProperties": { + "maximum": 4294967295, + "minimum": 0, "type": "integer" }, "description": "Set of ports associated with the endpoint.", @@ -35,6 +37,8 @@ }, "weight": { "description": "The load balancing weight associated with the endpoint.", + "maximum": 4294967295, + "minimum": 0, "type": "integer" } }, diff --git a/networking.istio.io/workloadgroup_v1alpha3.json b/networking.istio.io/workloadgroup_v1alpha3.json index 7ce94ca2..2113f68e 100644 --- a/networking.istio.io/workloadgroup_v1alpha3.json +++ b/networking.istio.io/workloadgroup_v1alpha3.json @@ -111,6 +111,8 @@ }, "port": { "description": "Port on which the endpoint lives.", + "maximum": 4294967295, + "minimum": 0, "type": "integer" }, "scheme": { @@ -145,6 +147,8 @@ "type": "string" }, "port": { + "maximum": 4294967295, + "minimum": 0, "type": "integer" } }, @@ -187,6 +191,8 @@ }, "ports": { "additionalProperties": { + "maximum": 4294967295, + "minimum": 0, "type": "integer" }, "description": "Set of ports associated with the endpoint.", @@ -198,6 +204,8 @@ }, "weight": { "description": "The load balancing weight associated with the endpoint.", + "maximum": 4294967295, + "minimum": 0, "type": "integer" } }, diff --git a/networking.istio.io/workloadgroup_v1beta1.json b/networking.istio.io/workloadgroup_v1beta1.json index 8d4a96cd..68ad839b 100644 --- a/networking.istio.io/workloadgroup_v1beta1.json +++ b/networking.istio.io/workloadgroup_v1beta1.json @@ -111,6 +111,8 @@ }, "port": { "description": "Port on which the endpoint lives.", + "maximum": 4294967295, + "minimum": 0, "type": "integer" }, "scheme": { @@ -145,6 +147,8 @@ "type": "string" }, "port": { + "maximum": 4294967295, + "minimum": 0, "type": "integer" } }, @@ -187,6 +191,8 @@ }, "ports": { "additionalProperties": { + "maximum": 4294967295, + "minimum": 0, "type": "integer" }, "description": "Set of ports associated with the endpoint.", @@ -198,6 +204,8 @@ }, "weight": { "description": "The load balancing weight associated with the endpoint.", + "maximum": 4294967295, + "minimum": 0, "type": "integer" } }, diff --git a/security.istio.io/authorizationpolicy_v1.json b/security.istio.io/authorizationpolicy_v1.json index 4dacff12..213e1c58 100644 --- a/security.istio.io/authorizationpolicy_v1.json +++ b/security.istio.io/authorizationpolicy_v1.json @@ -22,7 +22,7 @@ ], "properties": { "action": { - "description": "Optional.", + "description": "Optional.\n\nValid Options: ALLOW, DENY, AUDIT, CUSTOM", "enum": [ "ALLOW", "DENY", @@ -258,7 +258,6 @@ "additionalProperties": false }, "targetRef": { - "description": "Optional.", "properties": { "group": { "description": "group is the group of the target resource.", @@ -279,6 +278,32 @@ }, "type": "object", "additionalProperties": false + }, + "targetRefs": { + "description": "Optional.", + "items": { + "properties": { + "group": { + "description": "group is the group of the target resource.", + "type": "string" + }, + "kind": { + "description": "kind is kind of the target resource.", + "type": "string" + }, + "name": { + "description": "name is the name of the target resource.", + "type": "string" + }, + "namespace": { + "description": "namespace is the namespace of the referent.", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + }, + "type": "array" } }, "type": "object", diff --git a/security.istio.io/authorizationpolicy_v1beta1.json b/security.istio.io/authorizationpolicy_v1beta1.json index 4dacff12..213e1c58 100644 --- a/security.istio.io/authorizationpolicy_v1beta1.json +++ b/security.istio.io/authorizationpolicy_v1beta1.json @@ -22,7 +22,7 @@ ], "properties": { "action": { - "description": "Optional.", + "description": "Optional.\n\nValid Options: ALLOW, DENY, AUDIT, CUSTOM", "enum": [ "ALLOW", "DENY", @@ -258,7 +258,6 @@ "additionalProperties": false }, "targetRef": { - "description": "Optional.", "properties": { "group": { "description": "group is the group of the target resource.", @@ -279,6 +278,32 @@ }, "type": "object", "additionalProperties": false + }, + "targetRefs": { + "description": "Optional.", + "items": { + "properties": { + "group": { + "description": "group is the group of the target resource.", + "type": "string" + }, + "kind": { + "description": "kind is kind of the target resource.", + "type": "string" + }, + "name": { + "description": "name is the name of the target resource.", + "type": "string" + }, + "namespace": { + "description": "namespace is the namespace of the referent.", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + }, + "type": "array" } }, "type": "object", diff --git a/security.istio.io/peerauthentication_v1.json b/security.istio.io/peerauthentication_v1.json new file mode 100644 index 00000000..d3c6a854 --- /dev/null +++ b/security.istio.io/peerauthentication_v1.json @@ -0,0 +1,67 @@ +{ + "properties": { + "spec": { + "description": "Peer authentication configuration for workloads. See more details at: https://istio.io/docs/reference/config/security/peer_authentication.html", + "properties": { + "mtls": { + "description": "Mutual TLS settings for workload.", + "properties": { + "mode": { + "description": "Defines the mTLS mode used for peer authentication.\n\nValid Options: DISABLE, PERMISSIVE, STRICT", + "enum": [ + "UNSET", + "DISABLE", + "PERMISSIVE", + "STRICT" + ], + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + }, + "portLevelMtls": { + "additionalProperties": { + "properties": { + "mode": { + "description": "Defines the mTLS mode used for peer authentication.\n\nValid Options: DISABLE, PERMISSIVE, STRICT", + "enum": [ + "UNSET", + "DISABLE", + "PERMISSIVE", + "STRICT" + ], + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + }, + "description": "Port specific mutual TLS settings.", + "type": "object" + }, + "selector": { + "description": "The selector determines the workloads to apply the PeerAuthentication on.", + "properties": { + "matchLabels": { + "additionalProperties": { + "type": "string" + }, + "description": "One or more labels that indicate a specific set of pods/VMs on which a policy should be applied.", + "type": "object" + } + }, + "type": "object", + "additionalProperties": false + } + }, + "type": "object", + "additionalProperties": false + }, + "status": { + "type": "object", + "x-kubernetes-preserve-unknown-fields": true + } + }, + "type": "object" +} diff --git a/security.istio.io/peerauthentication_v1beta1.json b/security.istio.io/peerauthentication_v1beta1.json index e9923a57..d3c6a854 100644 --- a/security.istio.io/peerauthentication_v1beta1.json +++ b/security.istio.io/peerauthentication_v1beta1.json @@ -7,7 +7,7 @@ "description": "Mutual TLS settings for workload.", "properties": { "mode": { - "description": "Defines the mTLS mode used for peer authentication.", + "description": "Defines the mTLS mode used for peer authentication.\n\nValid Options: DISABLE, PERMISSIVE, STRICT", "enum": [ "UNSET", "DISABLE", @@ -24,7 +24,7 @@ "additionalProperties": { "properties": { "mode": { - "description": "Defines the mTLS mode used for peer authentication.", + "description": "Defines the mTLS mode used for peer authentication.\n\nValid Options: DISABLE, PERMISSIVE, STRICT", "enum": [ "UNSET", "DISABLE", diff --git a/security.istio.io/requestauthentication_v1.json b/security.istio.io/requestauthentication_v1.json index bdff7954..f75df0ea 100644 --- a/security.istio.io/requestauthentication_v1.json +++ b/security.istio.io/requestauthentication_v1.json @@ -90,6 +90,10 @@ "outputPayloadToHeader": { "description": "This field specifies the header name to output a successfully verified JWT payload to the backend.", "type": "string" + }, + "timeout": { + "description": "The maximum amount of time that the resolver, determined by the PILOT_JWT_ENABLE_REMOTE_JWKS environment variable, will spend waiting for the JWKS to be fetched.", + "type": "string" } }, "required": [ @@ -115,7 +119,6 @@ "additionalProperties": false }, "targetRef": { - "description": "Optional.", "properties": { "group": { "description": "group is the group of the target resource.", @@ -136,6 +139,32 @@ }, "type": "object", "additionalProperties": false + }, + "targetRefs": { + "description": "Optional.", + "items": { + "properties": { + "group": { + "description": "group is the group of the target resource.", + "type": "string" + }, + "kind": { + "description": "kind is kind of the target resource.", + "type": "string" + }, + "name": { + "description": "name is the name of the target resource.", + "type": "string" + }, + "namespace": { + "description": "namespace is the namespace of the referent.", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + }, + "type": "array" } }, "type": "object", diff --git a/security.istio.io/requestauthentication_v1beta1.json b/security.istio.io/requestauthentication_v1beta1.json index bdff7954..f75df0ea 100644 --- a/security.istio.io/requestauthentication_v1beta1.json +++ b/security.istio.io/requestauthentication_v1beta1.json @@ -90,6 +90,10 @@ "outputPayloadToHeader": { "description": "This field specifies the header name to output a successfully verified JWT payload to the backend.", "type": "string" + }, + "timeout": { + "description": "The maximum amount of time that the resolver, determined by the PILOT_JWT_ENABLE_REMOTE_JWKS environment variable, will spend waiting for the JWKS to be fetched.", + "type": "string" } }, "required": [ @@ -115,7 +119,6 @@ "additionalProperties": false }, "targetRef": { - "description": "Optional.", "properties": { "group": { "description": "group is the group of the target resource.", @@ -136,6 +139,32 @@ }, "type": "object", "additionalProperties": false + }, + "targetRefs": { + "description": "Optional.", + "items": { + "properties": { + "group": { + "description": "group is the group of the target resource.", + "type": "string" + }, + "kind": { + "description": "kind is kind of the target resource.", + "type": "string" + }, + "name": { + "description": "name is the name of the target resource.", + "type": "string" + }, + "namespace": { + "description": "namespace is the namespace of the referent.", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + }, + "type": "array" } }, "type": "object", diff --git a/telemetry.istio.io/telemetry_v1.json b/telemetry.istio.io/telemetry_v1.json index f0d615ec..7b88d691 100644 --- a/telemetry.istio.io/telemetry_v1.json +++ b/telemetry.istio.io/telemetry_v1.json @@ -200,13 +200,7 @@ }, "reportingInterval": { "description": "Optional.", - "type": "string", - "x-kubernetes-validations": [ - { - "message": "must be a valid duration greater than 1ms", - "rule": "duration(self) >= duration('1ms')" - } - ] + "type": "string" } }, "type": "object", @@ -219,28 +213,10 @@ "properties": { "matchLabels": { "additionalProperties": { - "maxLength": 63, - "type": "string", - "x-kubernetes-validations": [ - { - "message": "wildcard not allowed in label value match", - "rule": "!self.contains('*')" - } - ] + "type": "string" }, "description": "One or more labels that indicate a specific set of pods/VMs on which a policy should be applied.", - "maxProperties": 4096, - "type": "object", - "x-kubernetes-validations": [ - { - "message": "wildcard not allowed in label key match", - "rule": "self.all(key, !key.contains('*'))" - }, - { - "message": "key must not be empty", - "rule": "self.all(key, key.size() != 0)" - } - ] + "type": "object" } }, "type": "object", @@ -250,45 +226,22 @@ "properties": { "group": { "description": "group is the group of the target resource.", - "maxLength": 253, - "pattern": "^$|^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$", "type": "string" }, "kind": { "description": "kind is kind of the target resource.", - "maxLength": 63, - "minLength": 1, - "pattern": "^[a-zA-Z]([-a-zA-Z0-9]*[a-zA-Z0-9])?$", "type": "string" }, "name": { "description": "name is the name of the target resource.", - "maxLength": 253, - "minLength": 1, "type": "string" }, "namespace": { "description": "namespace is the namespace of the referent.", - "type": "string", - "x-kubernetes-validations": [ - { - "message": "cross namespace referencing is not currently supported", - "rule": "self.size() == 0" - } - ] + "type": "string" } }, - "required": [ - "kind", - "name" - ], "type": "object", - "x-kubernetes-validations": [ - { - "message": "Support kinds are core/Service and gateway.networking.k8s.io/Gateway", - "rule": "[self.group, self.kind] in [['core','Service'], ['','Service'], ['gateway.networking.k8s.io','Gateway']]" - } - ], "additionalProperties": false }, "targetRefs": { @@ -297,45 +250,22 @@ "properties": { "group": { "description": "group is the group of the target resource.", - "maxLength": 253, - "pattern": "^$|^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$", "type": "string" }, "kind": { "description": "kind is kind of the target resource.", - "maxLength": 63, - "minLength": 1, - "pattern": "^[a-zA-Z]([-a-zA-Z0-9]*[a-zA-Z0-9])?$", "type": "string" }, "name": { "description": "name is the name of the target resource.", - "maxLength": 253, - "minLength": 1, "type": "string" }, "namespace": { "description": "namespace is the namespace of the referent.", - "type": "string", - "x-kubernetes-validations": [ - { - "message": "cross namespace referencing is not currently supported", - "rule": "self.size() == 0" - } - ] + "type": "string" } }, - "required": [ - "kind", - "name" - ], "type": "object", - "x-kubernetes-validations": [ - { - "message": "Support kinds are core/Service and gateway.networking.k8s.io/Gateway", - "rule": "[self.group, self.kind] in [['core','Service'], ['','Service'], ['gateway.networking.k8s.io','Gateway']]" - } - ], "additionalProperties": false }, "type": "array" diff --git a/telemetry.istio.io/telemetry_v1alpha1.json b/telemetry.istio.io/telemetry_v1alpha1.json index fd03d47c..7b88d691 100644 --- a/telemetry.istio.io/telemetry_v1alpha1.json +++ b/telemetry.istio.io/telemetry_v1alpha1.json @@ -27,7 +27,7 @@ "description": "Allows tailoring of logging behavior to specific conditions.", "properties": { "mode": { - "description": "This determines whether or not to apply the access logging configuration based on the direction of traffic relative to the proxied workload.", + "description": "This determines whether or not to apply the access logging configuration based on the direction of traffic relative to the proxied workload.\n\nValid Options: CLIENT_AND_SERVER, CLIENT, SERVER", "enum": [ "CLIENT_AND_SERVER", "CLIENT", @@ -113,7 +113,7 @@ "type": "string" }, "metric": { - "description": "One of the well-known [Istio Standard Metrics](https://istio.io/latest/docs/reference/config/metrics/).", + "description": "One of the well-known [Istio Standard Metrics](https://istio.io/latest/docs/reference/config/metrics/).\n\nValid Options: ALL_METRICS, REQUEST_COUNT, REQUEST_DURATION, REQUEST_SIZE, RESPONSE_SIZE, TCP_OPENED_CONNECTIONS, TCP_CLOSED_CONNECTIONS, TCP_SENT_BYTES, TCP_RECEIVED_BYTES, GRPC_REQUEST_MESSAGES, GRPC_RESPONSE_MESSAGES", "enum": [ "ALL_METRICS", "REQUEST_COUNT", @@ -130,7 +130,7 @@ "type": "string" }, "mode": { - "description": "Controls which mode of metrics generation is selected: `CLIENT`, `SERVER`, or `CLIENT_AND_SERVER`.", + "description": "Controls which mode of metrics generation is selected: `CLIENT`, `SERVER`, or `CLIENT_AND_SERVER`.\n\nValid Options: CLIENT_AND_SERVER, CLIENT, SERVER", "enum": [ "CLIENT_AND_SERVER", "CLIENT", @@ -146,7 +146,7 @@ "additionalProperties": { "properties": { "operation": { - "description": "Operation controls whether or not to update/add a tag, or to remove it.", + "description": "Operation controls whether or not to update/add a tag, or to remove it.\n\nValid Options: UPSERT, REMOVE", "enum": [ "UPSERT", "REMOVE" @@ -223,7 +223,6 @@ "additionalProperties": false }, "targetRef": { - "description": "Optional.", "properties": { "group": { "description": "group is the group of the target resource.", @@ -245,6 +244,32 @@ "type": "object", "additionalProperties": false }, + "targetRefs": { + "description": "Optional.", + "items": { + "properties": { + "group": { + "description": "group is the group of the target resource.", + "type": "string" + }, + "kind": { + "description": "kind is kind of the target resource.", + "type": "string" + }, + "name": { + "description": "name is the name of the target resource.", + "type": "string" + }, + "namespace": { + "description": "namespace is the namespace of the referent.", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + }, + "type": "array" + }, "tracing": { "description": "Optional.", "items": { @@ -359,7 +384,7 @@ "description": "Allows tailoring of behavior to specific conditions.", "properties": { "mode": { - "description": "This determines whether or not to apply the tracing configuration based on the direction of traffic relative to the proxied workload.", + "description": "This determines whether or not to apply the tracing configuration based on the direction of traffic relative to the proxied workload.\n\nValid Options: CLIENT_AND_SERVER, CLIENT, SERVER", "enum": [ "CLIENT_AND_SERVER", "CLIENT", @@ -391,6 +416,7 @@ }, "randomSamplingPercentage": { "description": "Controls the rate at which traffic will be selected for tracing if no prior sampling decision has been made.", + "format": "double", "maximum": 100, "minimum": 0, "nullable": true,