traffic.tsb.tetrate.io/v2
Resource Types:
Group
Name | Type | Description | Required |
---|---|---|---|
apiVersion | string | traffic.tsb.tetrate.io/v2 | true |
kind | string | Group | true |
metadata | object | Refer to the Kubernetes API documentation for the fields of the metadata field. | true |
spec | object | A traffic group manages the routing properties of proxy workloads in a group of namespaces owned by the parent workspace. | false |
status | object | false |
Group.spec
A traffic group manages the routing properties of proxy workloads in a group of namespaces owned by the parent workspace.
Name | Type | Description | Required |
---|---|---|---|
namespaceSelector | object | Set of namespaces owned exclusively by this group. | true |
configGenerationMetadata | object | Default metadata values that will be propagated to the children Istio generated configurations. | false |
configMode | enum | The Configuration types that will be added to this group. Enum: BRIDGED, DIRECT | false |
deletionProtectionEnabled | boolean | When set, prevents the resource from being deleted. | false |
description | string | A description of the resource. | false |
displayName | string | User friendly name for the resource. | false |
etag | string | The etag for the resource. | false |
fqn | string | Fully-qualified name of the resource. | false |
profiles | []string | List of profiles attached to the traffic group to be used to propagate default and mandatory configurations down to the children. | false |
Group.spec.namespaceSelector
Set of namespaces owned exclusively by this group.
Name | Type | Description | Required |
---|---|---|---|
names | []string | Under the tenant/workspace/group: - | true |
Group.spec.configGenerationMetadata
Default metadata values that will be propagated to the children Istio generated configurations.
Name | Type | Description | Required |
---|---|---|---|
annotations | map[string]string | Set of key value paris that will be added into the | false |
labels | map[string]string | Set of key value paris that will be added into the | false |
ServiceRoute
Name | Type | Description | Required |
---|---|---|---|
apiVersion | string | traffic.tsb.tetrate.io/v2 | true |
kind | string | ServiceRoute | true |
metadata | object | Refer to the Kubernetes API documentation for the fields of the metadata field. | true |
spec | object | A service route controls routing configurations for traffic to a service in a traffic group. | false |
status | object | false |
ServiceRoute.spec
A service route controls routing configurations for traffic to a service in a traffic group.
Name | Type | Description | Required |
---|---|---|---|
service | string | The service on which the configuration is being applied. | true |
configGenerationMetadata | object | Metadata values that will be add into the Istio generated configurations. | false |
description | string | A description of the resource. | false |
displayName | string | User friendly name for the resource. | false |
etag | string | The etag for the resource. | false |
fqn | string | Fully-qualified name of the resource. | false |
httpRoutes | []object | HTTPRoutes are used when HTTP traffic needs to be matched on uri, headers and port and destination routes need to be set using subset-weight combinations specified within the route. | false |
portLevelSettings | []object | In order to support multi-protocol routing, a list of all port/protocol combinations is needed. | false |
stickySession | object | false | |
subsets | []object | The set of versions of a service and the percentage of traffic to send to each version. | false |
tcpRoutes | []object | TCPRoutes match TCP traffic based on port number. | false |
ServiceRoute.spec.configGenerationMetadata
Metadata values that will be add into the Istio generated configurations.
Name | Type | Description | Required |
---|---|---|---|
annotations | map[string]string | Set of key value paris that will be added into the | false |
labels | map[string]string | Set of key value paris that will be added into the | false |
ServiceRoute.spec.httpRoutes[index]
Name | Type | Description | Required |
---|---|---|---|
name | string | Name of the route. | true |
destination | []object | Destination host:port and subset where HTTP traffic should be directed. | false |
fault | object | Fault injection policy to apply on HTTP traffic at the client side. | false |
flagger | object | FlaggerDestination will route traffic based on a Flagger Canary resource. | false |
match | []object | false | |
mirrors | []object | Mirror HTTP traffic to multiple destinations in addition to forwarding the requests to the intended destination. | false |
ServiceRoute.spec.httpRoutes[index].destination[index]
Name | Type | Description | Required |
---|---|---|---|
port | integer | true | |
destinationHost | string | Service host where traffic should be routed to. | false |
subset | string | false | |
weight | integer | false |
ServiceRoute.spec.httpRoutes[index].fault
Fault injection policy to apply on HTTP traffic at the client side.
Name | Type | Description | Required |
---|---|---|---|
abort | object | Abort HTTP request attempts and return error codes back to downstream service, giving the impression that the upstream service is faulty. | false |
delay | object | Delay requests before forwarding, emulating various failures such as network issues, overloaded upstream service, etc. | false |
ServiceRoute.spec.httpRoutes[index].fault.abort
Abort HTTP request attempts and return error codes back to downstream service, giving the impression that the upstream service is faulty.
Name | Type | Description | Required |
---|---|---|---|
grpcStatus | string | GRPC status code to use to abort the request. | false |
httpStatus | integer | HTTP status code to use to abort the HTTP request. Format: int32 | false |
percentage | number | Percentage of requests to be aborted with the error code provided. Format: double | false |
ServiceRoute.spec.httpRoutes[index].fault.delay
Delay requests before forwarding, emulating various failures such as network issues, overloaded upstream service, etc.
Name | Type | Description | Required |
---|---|---|---|
fixedDelay | string | Add a fixed delay before forwarding the request. | false |
percentage | number | Percentage of requests on which the delay will be injected. Format: double | false |
ServiceRoute.spec.httpRoutes[index].flagger
FlaggerDestination will route traffic based on a Flagger Canary resource.
Name | Type | Description | Required |
---|---|---|---|
canary | string | Name of the Canary resource that will manage the deployment. | true |
namespace | string | Namespace of the Canary resource that will manage the deployment. | true |
ServiceRoute.spec.httpRoutes[index].match[index]
Name | Type | Description | Required |
---|---|---|---|
name | string | true | |
headers | map[string]object | false | |
port | integer | false | |
uri | object | false |
ServiceRoute.spec.httpRoutes[index].match[index].headers[key]
Name | Type | Description | Required |
---|---|---|---|
exact | string | Exact string match. | false |
prefix | string | Prefix-based match. | false |
regex | string | ECMAscript style regex-based match. | false |
ServiceRoute.spec.httpRoutes[index].match[index].uri
Name | Type | Description | Required |
---|---|---|---|
exact | string | Exact string match. | false |
prefix | string | Prefix-based match. | false |
regex | string | ECMAscript style regex-based match. | false |
ServiceRoute.spec.httpRoutes[index].mirrors[index]
Name | Type | Description | Required |
---|---|---|---|
port | integer | true | |
host | string | The host where traffic should be routed to. | false |
percentage | number | Percentage of the traffic to be mirrored. Format: double | false |
subset | string | false |
ServiceRoute.spec.portLevelSettings[index]
Name | Type | Description | Required |
---|---|---|---|
port | integer | true | |
trafficType | enum | Enum: HTTP, TCP, TLS_PASSTHROUGH | true |
stickySession | object | Since we are supporting multiple types of protocols, so we expect to have separate sticky sessions for each route (i.e. | false |
ServiceRoute.spec.portLevelSettings[index].stickySession
Since we are supporting multiple types of protocols, so we expect to have separate sticky sessions for each route (i.e.
Name | Type | Description | Required |
---|---|---|---|
cookie | object | Hash based on HTTP cookie. | false |
header | string | Hash based on a specific HTTP header. | false |
useSourceIp | boolean | Hash based on the source IP address. | false |
ServiceRoute.spec.portLevelSettings[index].stickySession.cookie
Hash based on HTTP cookie.
Name | Type | Description | Required |
---|---|---|---|
name | string | Name of the cookie. | true |
path | string | Path to set for the cookie. | true |
ttl | string | Lifetime of the cookie. | true |
ServiceRoute.spec.stickySession
Name | Type | Description | Required |
---|---|---|---|
cookie | object | Hash based on HTTP cookie. | false |
header | string | Hash based on a specific HTTP header. | false |
useSourceIp | boolean | Hash based on the source IP address. | false |
ServiceRoute.spec.stickySession.cookie
Hash based on HTTP cookie.
Name | Type | Description | Required |
---|---|---|---|
name | string | Name of the cookie. | true |
path | string | Path to set for the cookie. | true |
ttl | string | Lifetime of the cookie. | true |
ServiceRoute.spec.subsets[index]
Name | Type | Description | Required |
---|---|---|---|
name | string | Name used to refer to the subset. | true |
labels | map[string]string | Labels apply a filter over the endpoints of a service in the service registry. | false |
portLevelSettings | []object | Port/Protocol/StickySession combination for which routes need to be generated specifically for a subset. | false |
weight | integer | Percentage of traffic to be sent to this subset. | false |
ServiceRoute.spec.subsets[index].portLevelSettings[index]
Name | Type | Description | Required |
---|---|---|---|
port | integer | true | |
trafficType | enum | Enum: HTTP, TCP, TLS_PASSTHROUGH | true |
stickySession | object | Since we are supporting multiple types of protocols, so we expect to have separate sticky sessions for each route (i.e. | false |
ServiceRoute.spec.subsets[index].portLevelSettings[index].stickySession
Since we are supporting multiple types of protocols, so we expect to have separate sticky sessions for each route (i.e.
Name | Type | Description | Required |
---|---|---|---|
cookie | object | Hash based on HTTP cookie. | false |
header | string | Hash based on a specific HTTP header. | false |
useSourceIp | boolean | Hash based on the source IP address. | false |
ServiceRoute.spec.subsets[index].portLevelSettings[index].stickySession.cookie
Hash based on HTTP cookie.
Name | Type | Description | Required |
---|---|---|---|
name | string | Name of the cookie. | true |
path | string | Path to set for the cookie. | true |
ttl | string | Lifetime of the cookie. | true |
ServiceRoute.spec.tcpRoutes[index]
Name | Type | Description | Required |
---|---|---|---|
name | string | true | |
destination | []object | false | |
match | []object | false |
ServiceRoute.spec.tcpRoutes[index].destination[index]
Name | Type | Description | Required |
---|---|---|---|
port | integer | true | |
destinationHost | string | Service host where traffic should be routed to. | false |
subset | string | false | |
weight | integer | false |
ServiceRoute.spec.tcpRoutes[index].match[index]
Name | Type | Description | Required |
---|---|---|---|
name | string | true | |
port | integer | true |
ServiceTrafficSetting
Name | Type | Description | Required |
---|---|---|---|
apiVersion | string | traffic.tsb.tetrate.io/v2 | true |
kind | string | ServiceTrafficSetting | true |
metadata | object | Refer to the Kubernetes API documentation for the fields of the metadata field. | true |
spec | object | A service traffic setting applies configuration to a service in a traffic group. | false |
status | object | false |
ServiceTrafficSetting.spec
A service traffic setting applies configuration to a service in a traffic group.
Name | Type | Description | Required |
---|---|---|---|
service | string | The service on which the configuration is being applied. | true |
settings | object | Traffic settings to apply to this service. | true |
configGenerationMetadata | object | Metadata values that will be add into the mesh-generated configurations. | false |
description | string | A description of the resource. | false |
displayName | string | User friendly name for the resource. | false |
etag | string | The etag for the resource. | false |
fqn | string | Fully-qualified name of the resource. | false |
ServiceTrafficSetting.spec.settings
Traffic settings to apply to this service.
Name | Type | Description | Required |
---|---|---|---|
configGenerationMetadata | object | Metadata values that will be add into the Istio generated configurations. | false |
description | string | A description of the resource. | false |
displayName | string | User friendly name for the resource. | false |
egress | object | Specifies the details of the egress proxy to which unknown traffic should be forwarded to from the proxy workload. | false |
etag | string | The etag for the resource. | false |
fqn | string | Fully-qualified name of the resource. | false |
inbound | object | Configures inbound traffic. | false |
outbound | object | Configures outbound traffic. | false |
rateLimiting | object | Configuration for rate limiting requests. | false |
reachability | object | The set of services and hosts accessed by a workload (and hence its sidecar) in the mesh. | false |
resilience | object | Resilience settings such as timeouts, retries, etc., affecting outbound traffic from proxy workloads. | false |
upstreamTrafficSettings | []object | List of hosts and the associated traffic settings to be used by the clients that are downstreams to the defined upstream hosts. | false |
ServiceTrafficSetting.spec.settings.configGenerationMetadata
Metadata values that will be add into the Istio generated configurations.
Name | Type | Description | Required |
---|---|---|---|
annotations | map[string]string | Set of key value paris that will be added into the | false |
labels | map[string]string | Set of key value paris that will be added into the | false |
ServiceTrafficSetting.spec.settings.egress
Specifies the details of the egress proxy to which unknown traffic should be forwarded to from the proxy workload.
Name | Type | Description | Required |
---|---|---|---|
host | string | Specifies the egress gateway hostname. | true |
port | integer | Deprecated. Format: int32 | false |
ServiceTrafficSetting.spec.settings.inbound
Configures inbound traffic.
Name | Type | Description | Required |
---|---|---|---|
failoverSettings | object | Failover settings apply to all clients accessing the hostname defined in this section. | false |
rateLimiting | object | Configuration for rate limiting requests. | false |
resilience | object | Resiliency configuration for inbound connections. | false |
ServiceTrafficSetting.spec.settings.inbound.failoverSettings
Failover settings apply to all clients accessing the hostname defined in this section.
Name | Type | Description | Required |
---|---|---|---|
failoverPriority | []string | FailoverPriority specifies the failover priority for traffic. | false |
regionalFailover | []object | Locality routing settings for all gateways in the Workspace/Organization for which this is defined. | false |
topologyChoice | enum | TopologyChoice specifies the topology preference for traffic priority. Enum: NONE, CLUSTER, LOCALITY | false |
ServiceTrafficSetting.spec.settings.inbound.failoverSettings.regionalFailover[index]
Name | Type | Description | Required |
---|---|---|---|
from | string | Originating region. | false |
to | string | Destination region the traffic will fail over to when endpoints in the 'from' region become unhealthy. | false |
ServiceTrafficSetting.spec.settings.inbound.rateLimiting
Configuration for rate limiting requests.
Name | Type | Description | Required |
---|---|---|---|
externalService | object | Configure ratelimiting using an external ratelimit server. | false |
settings | object | false |
ServiceTrafficSetting.spec.settings.inbound.rateLimiting.externalService
Configure ratelimiting using an external ratelimit server.
Name | Type | Description | Required |
---|---|---|---|
domain | string | The rate limit domain to use when calling the rate limit service. | true |
rateLimitServerUri | string | The URI at which the external rate limit server can be reached. | true |
rules | []object | A set of rate limit rules. | true |
failClosed | boolean | If the rate limit service is unavailable, the request will fail if failClosed is set to true. | false |
timeout | string | The timeout in seconds for the external rate limit server RPC. | false |
tls | object | Configure TLS parameters to be used when connecting to the external rate limit server. | false |
ServiceTrafficSetting.spec.settings.inbound.rateLimiting.externalService.rules[index]
Name | Type | Description | Required |
---|---|---|---|
dimensions | []object | A list of dimensions that are to be applied for this rate limit configuration. | true |
ServiceTrafficSetting.spec.settings.inbound.rateLimiting.externalService.rules[index].dimensions[index]
Name | Type | Description | Required |
---|---|---|---|
destinationCluster | object | Rate limit on destination envoy cluster. | false |
headerValueMatch | object | Rate limit on the existence of certain request headers. | false |
remoteAddress | object | Rate limit on remote address of client. | false |
requestHeaders | object | Rate limit on the value of certain request headers. | false |
sourceCluster | object | Rate limit on source envoy cluster. | false |
ServiceTrafficSetting.spec.settings.inbound.rateLimiting.externalService.rules[index].dimensions[index].headerValueMatch
Rate limit on the existence of certain request headers.
Name | Type | Description | Required |
---|---|---|---|
descriptorValue | string | The value to use in the descriptor entry. | true |
headers | map[string]object | Specifies a set of headers that the rate limit action should match on. | true |
dontMatch | boolean | If set to true, the condition will be met when the header value does not match. | false |
ServiceTrafficSetting.spec.settings.inbound.rateLimiting.externalService.rules[index].dimensions[index].headerValueMatch.headers[key]
Name | Type | Description | Required |
---|---|---|---|
exact | string | Exact string match. | false |
prefix | string | Prefix-based match. | false |
regex | string | ECMAscript style regex-based match. | false |
ServiceTrafficSetting.spec.settings.inbound.rateLimiting.externalService.rules[index].dimensions[index].requestHeaders
Rate limit on the value of certain request headers.
Name | Type | Description | Required |
---|---|---|---|
descriptorKey | string | The key to use in the descriptor entry. | true |
headerName | string | The header name to be queried from the request headers. | true |
ServiceTrafficSetting.spec.settings.inbound.rateLimiting.externalService.tls
Configure TLS parameters to be used when connecting to the external rate limit server.
Name | Type | Description | Required |
---|---|---|---|
files | object | TLS key source from files. | false |
mode | enum | Enum: DISABLED, SIMPLE, MUTUAL | false |
secretName | string | TLS key source from a Kubernetes Secret. | false |
subjectAltNames | []string | false |
ServiceTrafficSetting.spec.settings.inbound.rateLimiting.externalService.tls.files
TLS key source from files.
Name | Type | Description | Required |
---|---|---|---|
caCertificates | string | File containing CA certificates to verify the certificates presented by the server. | false |
clientCertificate | string | Certificate file to authenticate the client. | false |
privateKey | string | Private key file associated with the client certificate. | false |
ServiceTrafficSetting.spec.settings.inbound.rateLimiting.settings
Name | Type | Description | Required |
---|---|---|---|
rules | []object | A list of rules for ratelimiting. | true |
failClosed | boolean | If the rate limit service is unavailable, the request will fail if failClosed is set to true. | false |
timeout | string | The timeout in seconds for the rate limit server RPC. | false |
ServiceTrafficSetting.spec.settings.inbound.rateLimiting.settings.rules[index]
Name | Type | Description | Required |
---|---|---|---|
dimensions | []object | A list of dimensions to define each ratelimit rule. | true |
limit | object | The ratelimit value that will be configured for the above rules. | true |
ServiceTrafficSetting.spec.settings.inbound.rateLimiting.settings.rules[index].dimensions[index]
Name | Type | Description | Required |
---|---|---|---|
header | object | Rate limit on certain HTTP headers. | false |
remoteAddress | object | Rate limit on the remote address of client. | false |
ServiceTrafficSetting.spec.settings.inbound.rateLimiting.settings.rules[index].dimensions[index].header
Rate limit on certain HTTP headers.
Name | Type | Description | Required |
---|---|---|---|
name | string | Name of the header to match on. | true |
dontMatch | boolean | If set to true, the condition will be met when the header value does not match. | false |
value | object | Value of the header to match on if matching on a specific value. | false |
ServiceTrafficSetting.spec.settings.inbound.rateLimiting.settings.rules[index].dimensions[index].header.value
Value of the header to match on if matching on a specific value.
Name | Type | Description | Required |
---|---|---|---|
exact | string | Exact string match. | false |
prefix | string | Prefix-based match. | false |
regex | string | ECMAscript style regex-based match. | false |
ServiceTrafficSetting.spec.settings.inbound.rateLimiting.settings.rules[index].dimensions[index].remoteAddress
Rate limit on the remote address of client.
Name | Type | Description | Required |
---|---|---|---|
value | string | Ratelimit on a specific remote address. | true |
ServiceTrafficSetting.spec.settings.inbound.rateLimiting.settings.rules[index].limit
The ratelimit value that will be configured for the above rules.
Name | Type | Description | Required |
---|---|---|---|
requestsPerUnit | integer | Specifies the value of the rate limit. | true |
unit | enum | Specifies the unit of time for rate limit. Enum: UNKNOWN, SECOND, MINUTE, HOUR, DAY | true |
ServiceTrafficSetting.spec.settings.inbound.resilience
Resiliency configuration for inbound connections.
Name | Type | Description | Required |
---|---|---|---|
connectionPool | object | Configures tolerance and other settings for TCP/HTTP connections to the service. | false |
meshTimeout | object | Configures the max connection and stream durations for HTTP and TCP connections. | false |
ServiceTrafficSetting.spec.settings.inbound.resilience.connectionPool
Configures tolerance and other settings for TCP/HTTP connections to the service.
Name | Type | Description | Required |
---|---|---|---|
tcp | object | false |
ServiceTrafficSetting.spec.settings.inbound.resilience.connectionPool.tcp
Name | Type | Description | Required |
---|---|---|---|
keepAlive | object | Keep Alive Settings. | false |
ServiceTrafficSetting.spec.settings.inbound.resilience.connectionPool.tcp.keepAlive
Keep Alive Settings.
Name | Type | Description | Required |
---|---|---|---|
idleTime | integer | The number of seconds a connection needs to be idle before keep-alive probes start being sent. | false |
interval | integer | The number of seconds between keep-alive probes. | false |
probes | integer | The total number of unacknowledged probes to send before deciding the connection is dead. | false |
ServiceTrafficSetting.spec.settings.inbound.resilience.meshTimeout
Configures the max connection and stream durations for HTTP and TCP connections.
Name | Type | Description | Required |
---|---|---|---|
maxConnectionDuration | string | This specifies the duration of time after which a downstream and upstream connection will be drained and/or closed, starting from when it was first established. | false |
maxDownstreamConnectionDuration | string | The maximum duration of a TCP connection. | false |
maxStreamDuration | string | The max stream duration is the maximum time that a stream’s lifetime will span. | false |
proxyType | enum | Specifies the type of proxy to which to apply the mesh timeout settings. Enum: ANY, SIDECAR, GATEWAY | false |
ServiceTrafficSetting.spec.settings.outbound
Configures outbound traffic.
Name | Type | Description | Required |
---|---|---|---|
egress | object | Specifies the details of the egress proxy to which traffic to services that are not part to the mesh should be forwarded to from the proxy workloads. | false |
reachability | object | The set of services and hosts accessed by a workload (and hence its sidecar) in the mesh. | false |
upstreamTrafficSettings | []object | List of hosts and the associated traffic settings to be used by the clients sending traffic to them. | false |
ServiceTrafficSetting.spec.settings.outbound.egress
Specifies the details of the egress proxy to which traffic to services that are not part to the mesh should be forwarded to from the proxy workloads.
Name | Type | Description | Required |
---|---|---|---|
host | string | Specifies the egress gateway hostname. | true |
ServiceTrafficSetting.spec.settings.outbound.reachability
The set of services and hosts accessed by a workload (and hence its sidecar) in the mesh.
Name | Type | Description | Required |
---|---|---|---|
hosts | []string | When the mode is | false |
mode | enum | A short cut for specifying the set of services accessed by the workload. Enum: UNSET, NAMESPACE, GROUP, WORKSPACE, CLUSTER, CUSTOM | false |
ServiceTrafficSetting.spec.settings.outbound.upstreamTrafficSettings[index]
Name | Type | Description | Required |
---|---|---|---|
hosts | []string | List of hosts for which the settings will be created. | false |
settings | object | A single setting to be applied to all the clients connecting to the upstream hosts. | false |
ServiceTrafficSetting.spec.settings.outbound.upstreamTrafficSettings[index].settings
A single setting to be applied to all the clients connecting to the upstream hosts.
Name | Type | Description | Required |
---|---|---|---|
authentication | object | Configuration for connection authentication parameters. | false |
loadBalancer | object | Load balancing settings for the clients. | false |
resilience | object | Resilience settings for the clients. | false |
ServiceTrafficSetting.spec.settings.outbound.upstreamTrafficSettings[index].settings.authentication
Configuration for connection authentication parameters.
Name | Type | Description | Required |
---|---|---|---|
trafficMode | enum | If set to Enum: UNSET, OPTIONAL, REQUIRED | false |
ServiceTrafficSetting.spec.settings.outbound.upstreamTrafficSettings[index].settings.loadBalancer
Load balancing settings for the clients.
Name | Type | Description | Required |
---|---|---|---|
consistentHash | object | Use consistent hash load balancing which can provide soft session affinity. | false |
simple | enum | Use standard load balancing algorithms that require no tuning. Enum: UNSPECIFIED, RANDOM, PASSTHROUGH, ROUND_ROBIN, LEAST_REQUEST | false |
ServiceTrafficSetting.spec.settings.outbound.upstreamTrafficSettings[index].settings.loadBalancer.consistentHash
Use consistent hash load balancing which can provide soft session affinity.
Name | Type | Description | Required |
---|---|---|---|
httpCookie | object | Hash based on HTTP cookie. | false |
httpHeaderName | string | Hash based on a specific HTTP header. | false |
httpQueryParameterName | string | Hash based on a specific HTTP query parameter. | false |
maglev | object | The Maglev load balancer implements consistent hashing to backend hosts. | false |
ringHash | object | The ring/modulo hash load balancer implements consistent hashing to backend hosts. | false |
useSourceIp | boolean | Hash based on the source IP address. | false |
ServiceTrafficSetting.spec.settings.outbound.upstreamTrafficSettings[index].settings.loadBalancer.consistentHash.httpCookie
Hash based on HTTP cookie.
Name | Type | Description | Required |
---|---|---|---|
name | string | Name of the cookie. | true |
ttl | string | Lifetime of the cookie. | true |
path | string | Path to set for the cookie. | false |
ServiceTrafficSetting.spec.settings.outbound.upstreamTrafficSettings[index].settings.loadBalancer.consistentHash.maglev
The Maglev load balancer implements consistent hashing to backend hosts.
Name | Type | Description | Required |
---|---|---|---|
tableSize | integer | The table size for Maglev hashing. | true |
ServiceTrafficSetting.spec.settings.outbound.upstreamTrafficSettings[index].settings.loadBalancer.consistentHash.ringHash
The ring/modulo hash load balancer implements consistent hashing to backend hosts.
Name | Type | Description | Required |
---|---|---|---|
minimumRingSize | integer | The minimum number of virtual nodes to use for the hash ring. | false |
ServiceTrafficSetting.spec.settings.outbound.upstreamTrafficSettings[index].settings.resilience
Resilience settings for the clients.
Name | Type | Description | Required |
---|---|---|---|
circuitBreakerSensitivity | enum | Circuit breakers in Envoy are applied per endpoint in a load balancing pool. Enum: UNSET, LOW, MEDIUM, HIGH, CUSTOM | false |
connectionPool | object | Configures tolerance and other settings for TCP/HTTP connections to the service. | false |
outlierDetection | object | Outlier detection settings for the upstream host when custom mode is used. | false |
ServiceTrafficSetting.spec.settings.outbound.upstreamTrafficSettings[index].settings.resilience.connectionPool
Configures tolerance and other settings for TCP/HTTP connections to the service.
Name | Type | Description | Required |
---|---|---|---|
http | object | false | |
tcp | object | false |
ServiceTrafficSetting.spec.settings.outbound.upstreamTrafficSettings[index].settings.resilience.connectionPool.http
Name | Type | Description | Required |
---|---|---|---|
maxRequests | integer | Maximum number of active requests to the service. | false |
maxRequestsPerConnection | integer | Maximum number of requests per connection to the service. | false |
requestTimeout | string | Timeout for HTTP requests. | false |
retries | object | Retry policy for HTTP requests. | false |
ServiceTrafficSetting.spec.settings.outbound.upstreamTrafficSettings[index].settings.resilience.connectionPool.http.retries
Retry policy for HTTP requests.
Name | Type | Description | Required |
---|---|---|---|
attempts | integer | Number of retries for a given request. Format: int32 | true |
perTryTimeout | string | Timeout per retry attempt for a given request. | false |
retryOn | string | Specifies the conditions under which retry takes place. | false |
ServiceTrafficSetting.spec.settings.outbound.upstreamTrafficSettings[index].settings.resilience.connectionPool.tcp
Name | Type | Description | Required |
---|---|---|---|
connectTimeout | string | TCP connection timeout. | false |
keepAlive | object | Keep Alive Settings. | false |
maxConnections | integer | Maximum number of HTTP1 /TCP connections to the service. | false |
ServiceTrafficSetting.spec.settings.outbound.upstreamTrafficSettings[index].settings.resilience.connectionPool.tcp.keepAlive
Keep Alive Settings.
Name | Type | Description | Required |
---|---|---|---|
idleTime | integer | The number of seconds a connection needs to be idle before keep-alive probes start being sent. | false |
interval | integer | The number of seconds between keep-alive probes. | false |
probes | integer | The total number of unacknowledged probes to send before deciding the connection is dead. | false |
ServiceTrafficSetting.spec.settings.outbound.upstreamTrafficSettings[index].settings.resilience.outlierDetection
Outlier detection settings for the upstream host when custom mode is used.
Name | Type | Description | Required |
---|---|---|---|
baseEjectionTime | string | The base time that a host is ejected for. | false |
consecutive5xx | integer | The number of consecutive server-side error responses (for HTTP traffic, 5xx responses; for TCP traffic, connection failures; for Redis, failure to respond PONG; etc.) before a consecutive 5xx ejection occurs. | false |
consecutiveGatewayFailure | integer | The number of consecutive gateway failures (502, 503, 504 status codes) before a consecutive gateway failure ejection occurs. | false |
consecutiveLocalOriginFailure | integer | false | |
enforcingConsecutive5xx | integer | The percentage of a host to be actually ejected when an outlier status is detected through consecutive 5xx. | false |
enforcingConsecutiveGatewayFailure | integer | The percentage of a host to be ejected when an outlier status is detected through consecutive gateway failures. | false |
enforcingConsecutiveLocalOriginFailure | integer | The percentage of a host to be actually ejected when an outlier status is detected through consecutive locally originated failures. | false |
interval | string | The time interval between ejection analysis sweeps. | false |
splitExternalLocalOriginErrors | boolean | Determines whether to distinguish local origin failures from external errors. | false |
ServiceTrafficSetting.spec.settings.rateLimiting
Configuration for rate limiting requests.
Name | Type | Description | Required |
---|---|---|---|
externalService | object | Configure ratelimiting using an external ratelimit server. | false |
settings | object | false |
ServiceTrafficSetting.spec.settings.rateLimiting.externalService
Configure ratelimiting using an external ratelimit server.
Name | Type | Description | Required |
---|---|---|---|
domain | string | The rate limit domain to use when calling the rate limit service. | true |
rateLimitServerUri | string | The URI at which the external rate limit server can be reached. | true |
rules | []object | A set of rate limit rules. | true |
failClosed | boolean | If the rate limit service is unavailable, the request will fail if failClosed is set to true. | false |
timeout | string | The timeout in seconds for the external rate limit server RPC. | false |
tls | object | Configure TLS parameters to be used when connecting to the external rate limit server. | false |
ServiceTrafficSetting.spec.settings.rateLimiting.externalService.rules[index]
Name | Type | Description | Required |
---|---|---|---|
dimensions | []object | A list of dimensions that are to be applied for this rate limit configuration. | true |
ServiceTrafficSetting.spec.settings.rateLimiting.externalService.rules[index].dimensions[index]
Name | Type | Description | Required |
---|---|---|---|
destinationCluster | object | Rate limit on destination envoy cluster. | false |
headerValueMatch | object | Rate limit on the existence of certain request headers. | false |
remoteAddress | object | Rate limit on remote address of client. | false |
requestHeaders | object | Rate limit on the value of certain request headers. | false |
sourceCluster | object | Rate limit on source envoy cluster. | false |
ServiceTrafficSetting.spec.settings.rateLimiting.externalService.rules[index].dimensions[index].headerValueMatch
Rate limit on the existence of certain request headers.
Name | Type | Description | Required |
---|---|---|---|
descriptorValue | string | The value to use in the descriptor entry. | true |
headers | map[string]object | Specifies a set of headers that the rate limit action should match on. | true |
dontMatch | boolean | If set to true, the condition will be met when the header value does not match. | false |
ServiceTrafficSetting.spec.settings.rateLimiting.externalService.rules[index].dimensions[index].headerValueMatch.headers[key]
Name | Type | Description | Required |
---|---|---|---|
exact | string | Exact string match. | false |
prefix | string | Prefix-based match. | false |
regex | string | ECMAscript style regex-based match. | false |
ServiceTrafficSetting.spec.settings.rateLimiting.externalService.rules[index].dimensions[index].requestHeaders
Rate limit on the value of certain request headers.
Name | Type | Description | Required |
---|---|---|---|
descriptorKey | string | The key to use in the descriptor entry. | true |
headerName | string | The header name to be queried from the request headers. | true |
ServiceTrafficSetting.spec.settings.rateLimiting.externalService.tls
Configure TLS parameters to be used when connecting to the external rate limit server.
Name | Type | Description | Required |
---|---|---|---|
files | object | TLS key source from files. | false |
mode | enum | Enum: DISABLED, SIMPLE, MUTUAL | false |
secretName | string | TLS key source from a Kubernetes Secret. | false |
subjectAltNames | []string | false |
ServiceTrafficSetting.spec.settings.rateLimiting.externalService.tls.files
TLS key source from files.
Name | Type | Description | Required |
---|---|---|---|
caCertificates | string | File containing CA certificates to verify the certificates presented by the server. | false |
clientCertificate | string | Certificate file to authenticate the client. | false |
privateKey | string | Private key file associated with the client certificate. | false |
ServiceTrafficSetting.spec.settings.rateLimiting.settings
Name | Type | Description | Required |
---|---|---|---|
rules | []object | A list of rules for ratelimiting. | true |
failClosed | boolean | If the rate limit service is unavailable, the request will fail if failClosed is set to true. | false |
timeout | string | The timeout in seconds for the rate limit server RPC. | false |
ServiceTrafficSetting.spec.settings.rateLimiting.settings.rules[index]
Name | Type | Description | Required |
---|---|---|---|
dimensions | []object | A list of dimensions to define each ratelimit rule. | true |
limit | object | The ratelimit value that will be configured for the above rules. | true |
ServiceTrafficSetting.spec.settings.rateLimiting.settings.rules[index].dimensions[index]
Name | Type | Description | Required |
---|---|---|---|
header | object | Rate limit on certain HTTP headers. | false |
remoteAddress | object | Rate limit on the remote address of client. | false |
ServiceTrafficSetting.spec.settings.rateLimiting.settings.rules[index].dimensions[index].header
Rate limit on certain HTTP headers.
Name | Type | Description | Required |
---|---|---|---|
name | string | Name of the header to match on. | true |
dontMatch | boolean | If set to true, the condition will be met when the header value does not match. | false |
value | object | Value of the header to match on if matching on a specific value. | false |
ServiceTrafficSetting.spec.settings.rateLimiting.settings.rules[index].dimensions[index].header.value
Value of the header to match on if matching on a specific value.
Name | Type | Description | Required |
---|---|---|---|
exact | string | Exact string match. | false |
prefix | string | Prefix-based match. | false |
regex | string | ECMAscript style regex-based match. | false |
ServiceTrafficSetting.spec.settings.rateLimiting.settings.rules[index].dimensions[index].remoteAddress
Rate limit on the remote address of client.
Name | Type | Description | Required |
---|---|---|---|
value | string | Ratelimit on a specific remote address. | true |
ServiceTrafficSetting.spec.settings.rateLimiting.settings.rules[index].limit
The ratelimit value that will be configured for the above rules.
Name | Type | Description | Required |
---|---|---|---|
requestsPerUnit | integer | Specifies the value of the rate limit. | true |
unit | enum | Specifies the unit of time for rate limit. Enum: UNKNOWN, SECOND, MINUTE, HOUR, DAY | true |
ServiceTrafficSetting.spec.settings.reachability
The set of services and hosts accessed by a workload (and hence its sidecar) in the mesh.
Name | Type | Description | Required |
---|---|---|---|
hosts | []string | When the mode is | false |
mode | enum | A short cut for specifying the set of services accessed by the workload. Enum: UNSET, NAMESPACE, GROUP, WORKSPACE, CLUSTER, CUSTOM | false |
ServiceTrafficSetting.spec.settings.resilience
Resilience settings such as timeouts, retries, etc., affecting outbound traffic from proxy workloads.
Name | Type | Description | Required |
---|---|---|---|
circuitBreakerSensitivity | enum | This field is DEPRECATED in favor of Enum: UNSET, LOW, MEDIUM, HIGH | false |
httpRequestTimeout | string | This field is DEPRECATED in favor of | false |
httpRetries | object | This field is DEPRECATED in favor of | false |
keepAlive | object | Keep Alive Settings. | false |
ServiceTrafficSetting.spec.settings.resilience.httpRetries
This field is DEPRECATED in favor of upstreamTrafficSettings.resilience.connectionPool.http.retries
.
Name | Type | Description | Required |
---|---|---|---|
attempts | integer | Number of retries for a given request. Format: int32 | true |
perTryTimeout | string | Timeout per retry attempt for a given request. | false |
retryOn | string | Specifies the conditions under which retry takes place. | false |
ServiceTrafficSetting.spec.settings.resilience.keepAlive
Keep Alive Settings.
Name | Type | Description | Required |
---|---|---|---|
tcp | object | TCP Keep Alive settings associated with the upstream and downstream TCP connections. | false |
ServiceTrafficSetting.spec.settings.resilience.keepAlive.tcp
TCP Keep Alive settings associated with the upstream and downstream TCP connections.
Name | Type | Description | Required |
---|---|---|---|
downstream | object | TCP Keep Alive Settings associated with the downstream (client) connection. | false |
upstream | object | This field is DEPRECATED in favor of | false |
ServiceTrafficSetting.spec.settings.resilience.keepAlive.tcp.downstream
TCP Keep Alive Settings associated with the downstream (client) connection.
Name | Type | Description | Required |
---|---|---|---|
idleTime | integer | The number of seconds a connection needs to be idle before keep-alive probes start being sent. | false |
interval | integer | The number of seconds between keep-alive probes. | false |
probes | integer | The total number of unacknowledged probes to send before deciding the connection is dead. | false |
ServiceTrafficSetting.spec.settings.resilience.keepAlive.tcp.upstream
This field is DEPRECATED in favor of upstreamTrafficSettings.resilience.connectionPool.tcp.keepAlive
.
Name | Type | Description | Required |
---|---|---|---|
idleTime | integer | The number of seconds a connection needs to be idle before keep-alive probes start being sent. | false |
interval | integer | The number of seconds between keep-alive probes. | false |
probes | integer | The total number of unacknowledged probes to send before deciding the connection is dead. | false |
ServiceTrafficSetting.spec.settings.upstreamTrafficSettings[index]
Name | Type | Description | Required |
---|---|---|---|
hosts | []string | List of hosts for which the settings will be created. | false |
settings | object | A single setting to be applied to all the clients connecting to the upstream hosts. | false |
ServiceTrafficSetting.spec.settings.upstreamTrafficSettings[index].settings
A single setting to be applied to all the clients connecting to the upstream hosts.
Name | Type | Description | Required |
---|---|---|---|
authentication | object | Configuration for connection authentication parameters. | false |
loadBalancer | object | Load balancing settings for the clients. | false |
resilience | object | Resilience settings for the clients. | false |
ServiceTrafficSetting.spec.settings.upstreamTrafficSettings[index].settings.authentication
Configuration for connection authentication parameters.
Name | Type | Description | Required |
---|---|---|---|
trafficMode | enum | If set to Enum: UNSET, OPTIONAL, REQUIRED | false |
ServiceTrafficSetting.spec.settings.upstreamTrafficSettings[index].settings.loadBalancer
Load balancing settings for the clients.
Name | Type | Description | Required |
---|---|---|---|
consistentHash | object | Use consistent hash load balancing which can provide soft session affinity. | false |
simple | enum | Use standard load balancing algorithms that require no tuning. Enum: UNSPECIFIED, RANDOM, PASSTHROUGH, ROUND_ROBIN, LEAST_REQUEST | false |
ServiceTrafficSetting.spec.settings.upstreamTrafficSettings[index].settings.loadBalancer.consistentHash
Use consistent hash load balancing which can provide soft session affinity.
Name | Type | Description | Required |
---|---|---|---|
httpCookie | object | Hash based on HTTP cookie. | false |
httpHeaderName | string | Hash based on a specific HTTP header. | false |
httpQueryParameterName | string | Hash based on a specific HTTP query parameter. | false |
maglev | object | The Maglev load balancer implements consistent hashing to backend hosts. | false |
ringHash | object | The ring/modulo hash load balancer implements consistent hashing to backend hosts. | false |
useSourceIp | boolean | Hash based on the source IP address. | false |
ServiceTrafficSetting.spec.settings.upstreamTrafficSettings[index].settings.loadBalancer.consistentHash.httpCookie
Hash based on HTTP cookie.
Name | Type | Description | Required |
---|---|---|---|
name | string | Name of the cookie. | true |
ttl | string | Lifetime of the cookie. | true |
path | string | Path to set for the cookie. | false |
ServiceTrafficSetting.spec.settings.upstreamTrafficSettings[index].settings.loadBalancer.consistentHash.maglev
The Maglev load balancer implements consistent hashing to backend hosts.
Name | Type | Description | Required |
---|---|---|---|
tableSize | integer | The table size for Maglev hashing. | true |
ServiceTrafficSetting.spec.settings.upstreamTrafficSettings[index].settings.loadBalancer.consistentHash.ringHash
The ring/modulo hash load balancer implements consistent hashing to backend hosts.
Name | Type | Description | Required |
---|---|---|---|
minimumRingSize | integer | The minimum number of virtual nodes to use for the hash ring. | false |
ServiceTrafficSetting.spec.settings.upstreamTrafficSettings[index].settings.resilience
Resilience settings for the clients.
Name | Type | Description | Required |
---|---|---|---|
circuitBreakerSensitivity | enum | Circuit breakers in Envoy are applied per endpoint in a load balancing pool. Enum: UNSET, LOW, MEDIUM, HIGH, CUSTOM | false |
connectionPool | object | Configures tolerance and other settings for TCP/HTTP connections to the service. | false |
outlierDetection | object | Outlier detection settings for the upstream host when custom mode is used. | false |
ServiceTrafficSetting.spec.settings.upstreamTrafficSettings[index].settings.resilience.connectionPool
Configures tolerance and other settings for TCP/HTTP connections to the service.
Name | Type | Description | Required |
---|---|---|---|
http | object | false | |
tcp | object | false |
ServiceTrafficSetting.spec.settings.upstreamTrafficSettings[index].settings.resilience.connectionPool.http
Name | Type | Description | Required |
---|---|---|---|
maxRequests | integer | Maximum number of active requests to the service. | false |
maxRequestsPerConnection | integer | Maximum number of requests per connection to the service. | false |
requestTimeout | string | Timeout for HTTP requests. | false |
retries | object | Retry policy for HTTP requests. | false |
ServiceTrafficSetting.spec.settings.upstreamTrafficSettings[index].settings.resilience.connectionPool.http.retries
Retry policy for HTTP requests.
Name | Type | Description | Required |
---|---|---|---|
attempts | integer | Number of retries for a given request. Format: int32 | true |
perTryTimeout | string | Timeout per retry attempt for a given request. | false |
retryOn | string | Specifies the conditions under which retry takes place. | false |
ServiceTrafficSetting.spec.settings.upstreamTrafficSettings[index].settings.resilience.connectionPool.tcp
Name | Type | Description | Required |
---|---|---|---|
connectTimeout | string | TCP connection timeout. | false |
keepAlive | object | Keep Alive Settings. | false |
maxConnections | integer | Maximum number of HTTP1 /TCP connections to the service. | false |
ServiceTrafficSetting.spec.settings.upstreamTrafficSettings[index].settings.resilience.connectionPool.tcp.keepAlive
Keep Alive Settings.
Name | Type | Description | Required |
---|---|---|---|
idleTime | integer | The number of seconds a connection needs to be idle before keep-alive probes start being sent. | false |
interval | integer | The number of seconds between keep-alive probes. | false |
probes | integer | The total number of unacknowledged probes to send before deciding the connection is dead. | false |
ServiceTrafficSetting.spec.settings.upstreamTrafficSettings[index].settings.resilience.outlierDetection
Outlier detection settings for the upstream host when custom mode is used.
Name | Type | Description | Required |
---|---|---|---|
baseEjectionTime | string | The base time that a host is ejected for. | false |
consecutive5xx | integer | The number of consecutive server-side error responses (for HTTP traffic, 5xx responses; for TCP traffic, connection failures; for Redis, failure to respond PONG; etc.) before a consecutive 5xx ejection occurs. | false |
consecutiveGatewayFailure | integer | The number of consecutive gateway failures (502, 503, 504 status codes) before a consecutive gateway failure ejection occurs. | false |
consecutiveLocalOriginFailure | integer | false | |
enforcingConsecutive5xx | integer | The percentage of a host to be actually ejected when an outlier status is detected through consecutive 5xx. | false |
enforcingConsecutiveGatewayFailure | integer | The percentage of a host to be ejected when an outlier status is detected through consecutive gateway failures. | false |
enforcingConsecutiveLocalOriginFailure | integer | The percentage of a host to be actually ejected when an outlier status is detected through consecutive locally originated failures. | false |
interval | string | The time interval between ejection analysis sweeps. | false |
splitExternalLocalOriginErrors | boolean | Determines whether to distinguish local origin failures from external errors. | false |
ServiceTrafficSetting.spec.configGenerationMetadata
Metadata values that will be add into the mesh-generated configurations.
Name | Type | Description | Required |
---|---|---|---|
annotations | map[string]string | Set of key value paris that will be added into the | false |
labels | map[string]string | Set of key value paris that will be added into the | false |
TrafficSetting
Name | Type | Description | Required |
---|---|---|---|
apiVersion | string | traffic.tsb.tetrate.io/v2 | true |
kind | string | TrafficSetting | true |
metadata | object | Refer to the Kubernetes API documentation for the fields of the metadata field. | true |
spec | object | A traffic setting applies configuration to a set of proxy workloads in a traffic group or a workspace. | false |
status | object | false |
TrafficSetting.spec
A traffic setting applies configuration to a set of proxy workloads in a traffic group or a workspace.
Name | Type | Description | Required |
---|---|---|---|
configGenerationMetadata | object | Metadata values that will be add into the Istio generated configurations. | false |
description | string | A description of the resource. | false |
displayName | string | User friendly name for the resource. | false |
egress | object | Specifies the details of the egress proxy to which unknown traffic should be forwarded to from the proxy workload. | false |
etag | string | The etag for the resource. | false |
fqn | string | Fully-qualified name of the resource. | false |
inbound | object | Configures inbound traffic. | false |
outbound | object | Configures outbound traffic. | false |
rateLimiting | object | Configuration for rate limiting requests. | false |
reachability | object | The set of services and hosts accessed by a workload (and hence its sidecar) in the mesh. | false |
resilience | object | Resilience settings such as timeouts, retries, etc., affecting outbound traffic from proxy workloads. | false |
upstreamTrafficSettings | []object | List of hosts and the associated traffic settings to be used by the clients that are downstreams to the defined upstream hosts. | false |
TrafficSetting.spec.configGenerationMetadata
Metadata values that will be add into the Istio generated configurations.
Name | Type | Description | Required |
---|---|---|---|
annotations | map[string]string | Set of key value paris that will be added into the | false |
labels | map[string]string | Set of key value paris that will be added into the | false |
TrafficSetting.spec.egress
Specifies the details of the egress proxy to which unknown traffic should be forwarded to from the proxy workload.
Name | Type | Description | Required |
---|---|---|---|
host | string | Specifies the egress gateway hostname. | true |
port | integer | Deprecated. Format: int32 | false |
TrafficSetting.spec.inbound
Configures inbound traffic.
Name | Type | Description | Required |
---|---|---|---|
failoverSettings | object | Failover settings apply to all clients accessing the hostname defined in this section. | false |
rateLimiting | object | Configuration for rate limiting requests. | false |
resilience | object | Resiliency configuration for inbound connections. | false |
TrafficSetting.spec.inbound.failoverSettings
Failover settings apply to all clients accessing the hostname defined in this section.
Name | Type | Description | Required |
---|---|---|---|
failoverPriority | []string | FailoverPriority specifies the failover priority for traffic. | false |
regionalFailover | []object | Locality routing settings for all gateways in the Workspace/Organization for which this is defined. | false |
topologyChoice | enum | TopologyChoice specifies the topology preference for traffic priority. Enum: NONE, CLUSTER, LOCALITY | false |
TrafficSetting.spec.inbound.failoverSettings.regionalFailover[index]
Name | Type | Description | Required |
---|---|---|---|
from | string | Originating region. | false |
to | string | Destination region the traffic will fail over to when endpoints in the 'from' region become unhealthy. | false |
TrafficSetting.spec.inbound.rateLimiting
Configuration for rate limiting requests.
Name | Type | Description | Required |
---|---|---|---|
externalService | object | Configure ratelimiting using an external ratelimit server. | false |
settings | object | false |
TrafficSetting.spec.inbound.rateLimiting.externalService
Configure ratelimiting using an external ratelimit server.
Name | Type | Description | Required |
---|---|---|---|
domain | string | The rate limit domain to use when calling the rate limit service. | true |
rateLimitServerUri | string | The URI at which the external rate limit server can be reached. | true |
rules | []object | A set of rate limit rules. | true |
failClosed | boolean | If the rate limit service is unavailable, the request will fail if failClosed is set to true. | false |
timeout | string | The timeout in seconds for the external rate limit server RPC. | false |
tls | object | Configure TLS parameters to be used when connecting to the external rate limit server. | false |
TrafficSetting.spec.inbound.rateLimiting.externalService.rules[index]
Name | Type | Description | Required |
---|---|---|---|
dimensions | []object | A list of dimensions that are to be applied for this rate limit configuration. | true |
TrafficSetting.spec.inbound.rateLimiting.externalService.rules[index].dimensions[index]
Name | Type | Description | Required |
---|---|---|---|
destinationCluster | object | Rate limit on destination envoy cluster. | false |
headerValueMatch | object | Rate limit on the existence of certain request headers. | false |
remoteAddress | object | Rate limit on remote address of client. | false |
requestHeaders | object | Rate limit on the value of certain request headers. | false |
sourceCluster | object | Rate limit on source envoy cluster. | false |
TrafficSetting.spec.inbound.rateLimiting.externalService.rules[index].dimensions[index].headerValueMatch
Rate limit on the existence of certain request headers.
Name | Type | Description | Required |
---|---|---|---|
descriptorValue | string | The value to use in the descriptor entry. | true |
headers | map[string]object | Specifies a set of headers that the rate limit action should match on. | true |
dontMatch | boolean | If set to true, the condition will be met when the header value does not match. | false |
TrafficSetting.spec.inbound.rateLimiting.externalService.rules[index].dimensions[index].headerValueMatch.headers[key]
Name | Type | Description | Required |
---|---|---|---|
exact | string | Exact string match. | false |
prefix | string | Prefix-based match. | false |
regex | string | ECMAscript style regex-based match. | false |
TrafficSetting.spec.inbound.rateLimiting.externalService.rules[index].dimensions[index].requestHeaders
Rate limit on the value of certain request headers.
Name | Type | Description | Required |
---|---|---|---|
descriptorKey | string | The key to use in the descriptor entry. | true |
headerName | string | The header name to be queried from the request headers. | true |
TrafficSetting.spec.inbound.rateLimiting.externalService.tls
Configure TLS parameters to be used when connecting to the external rate limit server.
Name | Type | Description | Required |
---|---|---|---|
files | object | TLS key source from files. | false |
mode | enum | Enum: DISABLED, SIMPLE, MUTUAL | false |
secretName | string | TLS key source from a Kubernetes Secret. | false |
subjectAltNames | []string | false |
TrafficSetting.spec.inbound.rateLimiting.externalService.tls.files
TLS key source from files.
Name | Type | Description | Required |
---|---|---|---|
caCertificates | string | File containing CA certificates to verify the certificates presented by the server. | false |
clientCertificate | string | Certificate file to authenticate the client. | false |
privateKey | string | Private key file associated with the client certificate. | false |
TrafficSetting.spec.inbound.rateLimiting.settings
Name | Type | Description | Required |
---|---|---|---|
rules | []object | A list of rules for ratelimiting. | true |
failClosed | boolean | If the rate limit service is unavailable, the request will fail if failClosed is set to true. | false |
timeout | string | The timeout in seconds for the rate limit server RPC. | false |
TrafficSetting.spec.inbound.rateLimiting.settings.rules[index]
Name | Type | Description | Required |
---|---|---|---|
dimensions | []object | A list of dimensions to define each ratelimit rule. | true |
limit | object | The ratelimit value that will be configured for the above rules. | true |
TrafficSetting.spec.inbound.rateLimiting.settings.rules[index].dimensions[index]
Name | Type | Description | Required |
---|---|---|---|
header | object | Rate limit on certain HTTP headers. | false |
remoteAddress | object | Rate limit on the remote address of client. | false |
TrafficSetting.spec.inbound.rateLimiting.settings.rules[index].dimensions[index].header
Rate limit on certain HTTP headers.
Name | Type | Description | Required |
---|---|---|---|
name | string | Name of the header to match on. | true |
dontMatch | boolean | If set to true, the condition will be met when the header value does not match. | false |
value | object | Value of the header to match on if matching on a specific value. | false |
TrafficSetting.spec.inbound.rateLimiting.settings.rules[index].dimensions[index].header.value
Value of the header to match on if matching on a specific value.
Name | Type | Description | Required |
---|---|---|---|
exact | string | Exact string match. | false |
prefix | string | Prefix-based match. | false |
regex | string | ECMAscript style regex-based match. | false |
TrafficSetting.spec.inbound.rateLimiting.settings.rules[index].dimensions[index].remoteAddress
Rate limit on the remote address of client.
Name | Type | Description | Required |
---|---|---|---|
value | string | Ratelimit on a specific remote address. | true |
TrafficSetting.spec.inbound.rateLimiting.settings.rules[index].limit
The ratelimit value that will be configured for the above rules.
Name | Type | Description | Required |
---|---|---|---|
requestsPerUnit | integer | Specifies the value of the rate limit. | true |
unit | enum | Specifies the unit of time for rate limit. Enum: UNKNOWN, SECOND, MINUTE, HOUR, DAY | true |
TrafficSetting.spec.inbound.resilience
Resiliency configuration for inbound connections.
Name | Type | Description | Required |
---|---|---|---|
connectionPool | object | Configures tolerance and other settings for TCP/HTTP connections to the service. | false |
meshTimeout | object | Configures the max connection and stream durations for HTTP and TCP connections. | false |
TrafficSetting.spec.inbound.resilience.connectionPool
Configures tolerance and other settings for TCP/HTTP connections to the service.
Name | Type | Description | Required |
---|---|---|---|
tcp | object | false |
TrafficSetting.spec.inbound.resilience.connectionPool.tcp
Name | Type | Description | Required |
---|---|---|---|
keepAlive | object | Keep Alive Settings. | false |
TrafficSetting.spec.inbound.resilience.connectionPool.tcp.keepAlive
Keep Alive Settings.
Name | Type | Description | Required |
---|---|---|---|
idleTime | integer | The number of seconds a connection needs to be idle before keep-alive probes start being sent. | false |
interval | integer | The number of seconds between keep-alive probes. | false |
probes | integer | The total number of unacknowledged probes to send before deciding the connection is dead. | false |
TrafficSetting.spec.inbound.resilience.meshTimeout
Configures the max connection and stream durations for HTTP and TCP connections.
Name | Type | Description | Required |
---|---|---|---|
maxConnectionDuration | string | This specifies the duration of time after which a downstream and upstream connection will be drained and/or closed, starting from when it was first established. | false |
maxDownstreamConnectionDuration | string | The maximum duration of a TCP connection. | false |
maxStreamDuration | string | The max stream duration is the maximum time that a stream’s lifetime will span. | false |
proxyType | enum | Specifies the type of proxy to which to apply the mesh timeout settings. Enum: ANY, SIDECAR, GATEWAY | false |
TrafficSetting.spec.outbound
Configures outbound traffic.
Name | Type | Description | Required |
---|---|---|---|
egress | object | Specifies the details of the egress proxy to which traffic to services that are not part to the mesh should be forwarded to from the proxy workloads. | false |
reachability | object | The set of services and hosts accessed by a workload (and hence its sidecar) in the mesh. | false |
upstreamTrafficSettings | []object | List of hosts and the associated traffic settings to be used by the clients sending traffic to them. | false |
TrafficSetting.spec.outbound.egress
Specifies the details of the egress proxy to which traffic to services that are not part to the mesh should be forwarded to from the proxy workloads.
Name | Type | Description | Required |
---|---|---|---|
host | string | Specifies the egress gateway hostname. | true |
TrafficSetting.spec.outbound.reachability
The set of services and hosts accessed by a workload (and hence its sidecar) in the mesh.
Name | Type | Description | Required |
---|---|---|---|
hosts | []string | When the mode is | false |
mode | enum | A short cut for specifying the set of services accessed by the workload. Enum: UNSET, NAMESPACE, GROUP, WORKSPACE, CLUSTER, CUSTOM | false |
TrafficSetting.spec.outbound.upstreamTrafficSettings[index]
Name | Type | Description | Required |
---|---|---|---|
hosts | []string | List of hosts for which the settings will be created. | false |
settings | object | A single setting to be applied to all the clients connecting to the upstream hosts. | false |
TrafficSetting.spec.outbound.upstreamTrafficSettings[index].settings
A single setting to be applied to all the clients connecting to the upstream hosts.
Name | Type | Description | Required |
---|---|---|---|
authentication | object | Configuration for connection authentication parameters. | false |
loadBalancer | object | Load balancing settings for the clients. | false |
resilience | object | Resilience settings for the clients. | false |
TrafficSetting.spec.outbound.upstreamTrafficSettings[index].settings.authentication
Configuration for connection authentication parameters.
Name | Type | Description | Required |
---|---|---|---|
trafficMode | enum | If set to Enum: UNSET, OPTIONAL, REQUIRED | false |
TrafficSetting.spec.outbound.upstreamTrafficSettings[index].settings.loadBalancer
Load balancing settings for the clients.
Name | Type | Description | Required |
---|---|---|---|
consistentHash | object | Use consistent hash load balancing which can provide soft session affinity. | false |
simple | enum | Use standard load balancing algorithms that require no tuning. Enum: UNSPECIFIED, RANDOM, PASSTHROUGH, ROUND_ROBIN, LEAST_REQUEST | false |
TrafficSetting.spec.outbound.upstreamTrafficSettings[index].settings.loadBalancer.consistentHash
Use consistent hash load balancing which can provide soft session affinity.
Name | Type | Description | Required |
---|---|---|---|
httpCookie | object | Hash based on HTTP cookie. | false |
httpHeaderName | string | Hash based on a specific HTTP header. | false |
httpQueryParameterName | string | Hash based on a specific HTTP query parameter. | false |
maglev | object | The Maglev load balancer implements consistent hashing to backend hosts. | false |
ringHash | object | The ring/modulo hash load balancer implements consistent hashing to backend hosts. | false |
useSourceIp | boolean | Hash based on the source IP address. | false |
TrafficSetting.spec.outbound.upstreamTrafficSettings[index].settings.loadBalancer.consistentHash.httpCookie
Hash based on HTTP cookie.
Name | Type | Description | Required |
---|---|---|---|
name | string | Name of the cookie. | true |
ttl | string | Lifetime of the cookie. | true |
path | string | Path to set for the cookie. | false |
TrafficSetting.spec.outbound.upstreamTrafficSettings[index].settings.loadBalancer.consistentHash.maglev
The Maglev load balancer implements consistent hashing to backend hosts.
Name | Type | Description | Required |
---|---|---|---|
tableSize | integer | The table size for Maglev hashing. | true |
TrafficSetting.spec.outbound.upstreamTrafficSettings[index].settings.loadBalancer.consistentHash.ringHash
The ring/modulo hash load balancer implements consistent hashing to backend hosts.
Name | Type | Description | Required |
---|---|---|---|
minimumRingSize | integer | The minimum number of virtual nodes to use for the hash ring. | false |
TrafficSetting.spec.outbound.upstreamTrafficSettings[index].settings.resilience
Resilience settings for the clients.
Name | Type | Description | Required |
---|---|---|---|
circuitBreakerSensitivity | enum | Circuit breakers in Envoy are applied per endpoint in a load balancing pool. Enum: UNSET, LOW, MEDIUM, HIGH, CUSTOM | false |
connectionPool | object | Configures tolerance and other settings for TCP/HTTP connections to the service. | false |
outlierDetection | object | Outlier detection settings for the upstream host when custom mode is used. | false |
TrafficSetting.spec.outbound.upstreamTrafficSettings[index].settings.resilience.connectionPool
Configures tolerance and other settings for TCP/HTTP connections to the service.
Name | Type | Description | Required |
---|---|---|---|
http | object | false | |
tcp | object | false |
TrafficSetting.spec.outbound.upstreamTrafficSettings[index].settings.resilience.connectionPool.http
Name | Type | Description | Required |
---|---|---|---|
maxRequests | integer | Maximum number of active requests to the service. | false |
maxRequestsPerConnection | integer | Maximum number of requests per connection to the service. | false |
requestTimeout | string | Timeout for HTTP requests. | false |
retries | object | Retry policy for HTTP requests. | false |
TrafficSetting.spec.outbound.upstreamTrafficSettings[index].settings.resilience.connectionPool.http.retries
Retry policy for HTTP requests.
Name | Type | Description | Required |
---|---|---|---|
attempts | integer | Number of retries for a given request. Format: int32 | true |
perTryTimeout | string | Timeout per retry attempt for a given request. | false |
retryOn | string | Specifies the conditions under which retry takes place. | false |
TrafficSetting.spec.outbound.upstreamTrafficSettings[index].settings.resilience.connectionPool.tcp
Name | Type | Description | Required |
---|---|---|---|
connectTimeout | string | TCP connection timeout. | false |
keepAlive | object | Keep Alive Settings. | false |
maxConnections | integer | Maximum number of HTTP1 /TCP connections to the service. | false |
TrafficSetting.spec.outbound.upstreamTrafficSettings[index].settings.resilience.connectionPool.tcp.keepAlive
Keep Alive Settings.
Name | Type | Description | Required |
---|---|---|---|
idleTime | integer | The number of seconds a connection needs to be idle before keep-alive probes start being sent. | false |
interval | integer | The number of seconds between keep-alive probes. | false |
probes | integer | The total number of unacknowledged probes to send before deciding the connection is dead. | false |
TrafficSetting.spec.outbound.upstreamTrafficSettings[index].settings.resilience.outlierDetection
Outlier detection settings for the upstream host when custom mode is used.
Name | Type | Description | Required |
---|---|---|---|
baseEjectionTime | string | The base time that a host is ejected for. | false |
consecutive5xx | integer | The number of consecutive server-side error responses (for HTTP traffic, 5xx responses; for TCP traffic, connection failures; for Redis, failure to respond PONG; etc.) before a consecutive 5xx ejection occurs. | false |
consecutiveGatewayFailure | integer | The number of consecutive gateway failures (502, 503, 504 status codes) before a consecutive gateway failure ejection occurs. | false |
consecutiveLocalOriginFailure | integer | false | |
enforcingConsecutive5xx | integer | The percentage of a host to be actually ejected when an outlier status is detected through consecutive 5xx. | false |
enforcingConsecutiveGatewayFailure | integer | The percentage of a host to be ejected when an outlier status is detected through consecutive gateway failures. | false |
enforcingConsecutiveLocalOriginFailure | integer | The percentage of a host to be actually ejected when an outlier status is detected through consecutive locally originated failures. | false |
interval | string | The time interval between ejection analysis sweeps. | false |
splitExternalLocalOriginErrors | boolean | Determines whether to distinguish local origin failures from external errors. | false |
TrafficSetting.spec.rateLimiting
Configuration for rate limiting requests.
Name | Type | Description | Required |
---|---|---|---|
externalService | object | Configure ratelimiting using an external ratelimit server. | false |
settings | object | false |
TrafficSetting.spec.rateLimiting.externalService
Configure ratelimiting using an external ratelimit server.
Name | Type | Description | Required |
---|---|---|---|
domain | string | The rate limit domain to use when calling the rate limit service. | true |
rateLimitServerUri | string | The URI at which the external rate limit server can be reached. | true |
rules | []object | A set of rate limit rules. | true |
failClosed | boolean | If the rate limit service is unavailable, the request will fail if failClosed is set to true. | false |
timeout | string | The timeout in seconds for the external rate limit server RPC. | false |
tls | object | Configure TLS parameters to be used when connecting to the external rate limit server. | false |
TrafficSetting.spec.rateLimiting.externalService.rules[index]
Name | Type | Description | Required |
---|---|---|---|
dimensions | []object | A list of dimensions that are to be applied for this rate limit configuration. | true |
TrafficSetting.spec.rateLimiting.externalService.rules[index].dimensions[index]
Name | Type | Description | Required |
---|---|---|---|
destinationCluster | object | Rate limit on destination envoy cluster. | false |
headerValueMatch | object | Rate limit on the existence of certain request headers. | false |
remoteAddress | object | Rate limit on remote address of client. | false |
requestHeaders | object | Rate limit on the value of certain request headers. | false |
sourceCluster | object | Rate limit on source envoy cluster. | false |
TrafficSetting.spec.rateLimiting.externalService.rules[index].dimensions[index].headerValueMatch
Rate limit on the existence of certain request headers.
Name | Type | Description | Required |
---|---|---|---|
descriptorValue | string | The value to use in the descriptor entry. | true |
headers | map[string]object | Specifies a set of headers that the rate limit action should match on. | true |
dontMatch | boolean | If set to true, the condition will be met when the header value does not match. | false |
TrafficSetting.spec.rateLimiting.externalService.rules[index].dimensions[index].headerValueMatch.headers[key]
Name | Type | Description | Required |
---|---|---|---|
exact | string | Exact string match. | false |
prefix | string | Prefix-based match. | false |
regex | string | ECMAscript style regex-based match. | false |
TrafficSetting.spec.rateLimiting.externalService.rules[index].dimensions[index].requestHeaders
Rate limit on the value of certain request headers.
Name | Type | Description | Required |
---|---|---|---|
descriptorKey | string | The key to use in the descriptor entry. | true |
headerName | string | The header name to be queried from the request headers. | true |
TrafficSetting.spec.rateLimiting.externalService.tls
Configure TLS parameters to be used when connecting to the external rate limit server.
Name | Type | Description | Required |
---|---|---|---|
files | object | TLS key source from files. | false |
mode | enum | Enum: DISABLED, SIMPLE, MUTUAL | false |
secretName | string | TLS key source from a Kubernetes Secret. | false |
subjectAltNames | []string | false |
TrafficSetting.spec.rateLimiting.externalService.tls.files
TLS key source from files.
Name | Type | Description | Required |
---|---|---|---|
caCertificates | string | File containing CA certificates to verify the certificates presented by the server. | false |
clientCertificate | string | Certificate file to authenticate the client. | false |
privateKey | string | Private key file associated with the client certificate. | false |
TrafficSetting.spec.rateLimiting.settings
Name | Type | Description | Required |
---|---|---|---|
rules | []object | A list of rules for ratelimiting. | true |
failClosed | boolean | If the rate limit service is unavailable, the request will fail if failClosed is set to true. | false |
timeout | string | The timeout in seconds for the rate limit server RPC. | false |
TrafficSetting.spec.rateLimiting.settings.rules[index]
Name | Type | Description | Required |
---|---|---|---|
dimensions | []object | A list of dimensions to define each ratelimit rule. | true |
limit | object | The ratelimit value that will be configured for the above rules. | true |
TrafficSetting.spec.rateLimiting.settings.rules[index].dimensions[index]
Name | Type | Description | Required |
---|---|---|---|
header | object | Rate limit on certain HTTP headers. | false |
remoteAddress | object | Rate limit on the remote address of client. | false |
TrafficSetting.spec.rateLimiting.settings.rules[index].dimensions[index].header
Rate limit on certain HTTP headers.
Name | Type | Description | Required |
---|---|---|---|
name | string | Name of the header to match on. | true |
dontMatch | boolean | If set to true, the condition will be met when the header value does not match. | false |
value | object | Value of the header to match on if matching on a specific value. | false |
TrafficSetting.spec.rateLimiting.settings.rules[index].dimensions[index].header.value
Value of the header to match on if matching on a specific value.
Name | Type | Description | Required |
---|---|---|---|
exact | string | Exact string match. | false |
prefix | string | Prefix-based match. | false |
regex | string | ECMAscript style regex-based match. | false |
TrafficSetting.spec.rateLimiting.settings.rules[index].dimensions[index].remoteAddress
Rate limit on the remote address of client.
Name | Type | Description | Required |
---|---|---|---|
value | string | Ratelimit on a specific remote address. | true |
TrafficSetting.spec.rateLimiting.settings.rules[index].limit
The ratelimit value that will be configured for the above rules.
Name | Type | Description | Required |
---|---|---|---|
requestsPerUnit | integer | Specifies the value of the rate limit. | true |
unit | enum | Specifies the unit of time for rate limit. Enum: UNKNOWN, SECOND, MINUTE, HOUR, DAY | true |
TrafficSetting.spec.reachability
The set of services and hosts accessed by a workload (and hence its sidecar) in the mesh.
Name | Type | Description | Required |
---|---|---|---|
hosts | []string | When the mode is | false |
mode | enum | A short cut for specifying the set of services accessed by the workload. Enum: UNSET, NAMESPACE, GROUP, WORKSPACE, CLUSTER, CUSTOM | false |
TrafficSetting.spec.resilience
Resilience settings such as timeouts, retries, etc., affecting outbound traffic from proxy workloads.
Name | Type | Description | Required |
---|---|---|---|
circuitBreakerSensitivity | enum | This field is DEPRECATED in favor of Enum: UNSET, LOW, MEDIUM, HIGH | false |
httpRequestTimeout | string | This field is DEPRECATED in favor of | false |
httpRetries | object | This field is DEPRECATED in favor of | false |
keepAlive | object | Keep Alive Settings. | false |
TrafficSetting.spec.resilience.httpRetries
This field is DEPRECATED in favor of upstreamTrafficSettings.resilience.connectionPool.http.retries
.
Name | Type | Description | Required |
---|---|---|---|
attempts | integer | Number of retries for a given request. Format: int32 | true |
perTryTimeout | string | Timeout per retry attempt for a given request. | false |
retryOn | string | Specifies the conditions under which retry takes place. | false |
TrafficSetting.spec.resilience.keepAlive
Keep Alive Settings.
Name | Type | Description | Required |
---|---|---|---|
tcp | object | TCP Keep Alive settings associated with the upstream and downstream TCP connections. | false |
TrafficSetting.spec.resilience.keepAlive.tcp
TCP Keep Alive settings associated with the upstream and downstream TCP connections.
Name | Type | Description | Required |
---|---|---|---|
downstream | object | TCP Keep Alive Settings associated with the downstream (client) connection. | false |
upstream | object | This field is DEPRECATED in favor of | false |
TrafficSetting.spec.resilience.keepAlive.tcp.downstream
TCP Keep Alive Settings associated with the downstream (client) connection.
Name | Type | Description | Required |
---|---|---|---|
idleTime | integer | The number of seconds a connection needs to be idle before keep-alive probes start being sent. | false |
interval | integer | The number of seconds between keep-alive probes. | false |
probes | integer | The total number of unacknowledged probes to send before deciding the connection is dead. | false |
TrafficSetting.spec.resilience.keepAlive.tcp.upstream
This field is DEPRECATED in favor of upstreamTrafficSettings.resilience.connectionPool.tcp.keepAlive
.
Name | Type | Description | Required |
---|---|---|---|
idleTime | integer | The number of seconds a connection needs to be idle before keep-alive probes start being sent. | false |
interval | integer | The number of seconds between keep-alive probes. | false |
probes | integer | The total number of unacknowledged probes to send before deciding the connection is dead. | false |
TrafficSetting.spec.upstreamTrafficSettings[index]
Name | Type | Description | Required |
---|---|---|---|
hosts | []string | List of hosts for which the settings will be created. | false |
settings | object | A single setting to be applied to all the clients connecting to the upstream hosts. | false |
TrafficSetting.spec.upstreamTrafficSettings[index].settings
A single setting to be applied to all the clients connecting to the upstream hosts.
Name | Type | Description | Required |
---|---|---|---|
authentication | object | Configuration for connection authentication parameters. | false |
loadBalancer | object | Load balancing settings for the clients. | false |
resilience | object | Resilience settings for the clients. | false |
TrafficSetting.spec.upstreamTrafficSettings[index].settings.authentication
Configuration for connection authentication parameters.
Name | Type | Description | Required |
---|---|---|---|
trafficMode | enum | If set to Enum: UNSET, OPTIONAL, REQUIRED | false |
TrafficSetting.spec.upstreamTrafficSettings[index].settings.loadBalancer
Load balancing settings for the clients.
Name | Type | Description | Required |
---|---|---|---|
consistentHash | object | Use consistent hash load balancing which can provide soft session affinity. | false |
simple | enum | Use standard load balancing algorithms that require no tuning. Enum: UNSPECIFIED, RANDOM, PASSTHROUGH, ROUND_ROBIN, LEAST_REQUEST | false |
TrafficSetting.spec.upstreamTrafficSettings[index].settings.loadBalancer.consistentHash
Use consistent hash load balancing which can provide soft session affinity.
Name | Type | Description | Required |
---|---|---|---|
httpCookie | object | Hash based on HTTP cookie. | false |
httpHeaderName | string | Hash based on a specific HTTP header. | false |
httpQueryParameterName | string | Hash based on a specific HTTP query parameter. | false |
maglev | object | The Maglev load balancer implements consistent hashing to backend hosts. | false |
ringHash | object | The ring/modulo hash load balancer implements consistent hashing to backend hosts. | false |
useSourceIp | boolean | Hash based on the source IP address. | false |
TrafficSetting.spec.upstreamTrafficSettings[index].settings.loadBalancer.consistentHash.httpCookie
Hash based on HTTP cookie.
Name | Type | Description | Required |
---|---|---|---|
name | string | Name of the cookie. | true |
ttl | string | Lifetime of the cookie. | true |
path | string | Path to set for the cookie. | false |
TrafficSetting.spec.upstreamTrafficSettings[index].settings.loadBalancer.consistentHash.maglev
The Maglev load balancer implements consistent hashing to backend hosts.
Name | Type | Description | Required |
---|---|---|---|
tableSize | integer | The table size for Maglev hashing. | true |
TrafficSetting.spec.upstreamTrafficSettings[index].settings.loadBalancer.consistentHash.ringHash
The ring/modulo hash load balancer implements consistent hashing to backend hosts.
Name | Type | Description | Required |
---|---|---|---|
minimumRingSize | integer | The minimum number of virtual nodes to use for the hash ring. | false |
TrafficSetting.spec.upstreamTrafficSettings[index].settings.resilience
Resilience settings for the clients.
Name | Type | Description | Required |
---|---|---|---|
circuitBreakerSensitivity | enum | Circuit breakers in Envoy are applied per endpoint in a load balancing pool. Enum: UNSET, LOW, MEDIUM, HIGH, CUSTOM | false |
connectionPool | object | Configures tolerance and other settings for TCP/HTTP connections to the service. | false |
outlierDetection | object | Outlier detection settings for the upstream host when custom mode is used. | false |
TrafficSetting.spec.upstreamTrafficSettings[index].settings.resilience.connectionPool
Configures tolerance and other settings for TCP/HTTP connections to the service.
Name | Type | Description | Required |
---|---|---|---|
http | object | false | |
tcp | object | false |
TrafficSetting.spec.upstreamTrafficSettings[index].settings.resilience.connectionPool.http
Name | Type | Description | Required |
---|---|---|---|
maxRequests | integer | Maximum number of active requests to the service. | false |
maxRequestsPerConnection | integer | Maximum number of requests per connection to the service. | false |
requestTimeout | string | Timeout for HTTP requests. | false |
retries | object | Retry policy for HTTP requests. | false |
TrafficSetting.spec.upstreamTrafficSettings[index].settings.resilience.connectionPool.http.retries
Retry policy for HTTP requests.
Name | Type | Description | Required |
---|---|---|---|
attempts | integer | Number of retries for a given request. Format: int32 | true |
perTryTimeout | string | Timeout per retry attempt for a given request. | false |
retryOn | string | Specifies the conditions under which retry takes place. | false |
TrafficSetting.spec.upstreamTrafficSettings[index].settings.resilience.connectionPool.tcp
Name | Type | Description | Required |
---|---|---|---|
connectTimeout | string | TCP connection timeout. | false |
keepAlive | object | Keep Alive Settings. | false |
maxConnections | integer | Maximum number of HTTP1 /TCP connections to the service. | false |
TrafficSetting.spec.upstreamTrafficSettings[index].settings.resilience.connectionPool.tcp.keepAlive
Keep Alive Settings.
Name | Type | Description | Required |
---|---|---|---|
idleTime | integer | The number of seconds a connection needs to be idle before keep-alive probes start being sent. | false |
interval | integer | The number of seconds between keep-alive probes. | false |
probes | integer | The total number of unacknowledged probes to send before deciding the connection is dead. | false |
TrafficSetting.spec.upstreamTrafficSettings[index].settings.resilience.outlierDetection
Outlier detection settings for the upstream host when custom mode is used.
Name | Type | Description | Required |
---|---|---|---|
baseEjectionTime | string | The base time that a host is ejected for. | false |
consecutive5xx | integer | The number of consecutive server-side error responses (for HTTP traffic, 5xx responses; for TCP traffic, connection failures; for Redis, failure to respond PONG; etc.) before a consecutive 5xx ejection occurs. | false |
consecutiveGatewayFailure | integer | The number of consecutive gateway failures (502, 503, 504 status codes) before a consecutive gateway failure ejection occurs. | false |
consecutiveLocalOriginFailure | integer | false | |
enforcingConsecutive5xx | integer | The percentage of a host to be actually ejected when an outlier status is detected through consecutive 5xx. | false |
enforcingConsecutiveGatewayFailure | integer | The percentage of a host to be ejected when an outlier status is detected through consecutive gateway failures. | false |
enforcingConsecutiveLocalOriginFailure | integer | The percentage of a host to be actually ejected when an outlier status is detected through consecutive locally originated failures. | false |
interval | string | The time interval between ejection analysis sweeps. | false |
splitExternalLocalOriginErrors | boolean | Determines whether to distinguish local origin failures from external errors. | false |