434 lines
23 KiB
YAML
434 lines
23 KiB
YAML
{{- if .Values.connectInject.enabled }}
|
|
---
|
|
apiVersion: apiextensions.k8s.io/v1
|
|
kind: CustomResourceDefinition
|
|
metadata:
|
|
annotations:
|
|
controller-gen.kubebuilder.io/version: v0.8.0
|
|
creationTimestamp: null
|
|
name: servicedefaults.consul.hashicorp.com
|
|
labels:
|
|
app: {{ template "consul.name" . }}
|
|
chart: {{ template "consul.chart" . }}
|
|
heritage: {{ .Release.Service }}
|
|
release: {{ .Release.Name }}
|
|
component: crd
|
|
spec:
|
|
group: consul.hashicorp.com
|
|
names:
|
|
kind: ServiceDefaults
|
|
listKind: ServiceDefaultsList
|
|
plural: servicedefaults
|
|
shortNames:
|
|
- service-defaults
|
|
singular: servicedefaults
|
|
scope: Namespaced
|
|
versions:
|
|
- additionalPrinterColumns:
|
|
- description: The sync status of the resource with Consul
|
|
jsonPath: .status.conditions[?(@.type=="Synced")].status
|
|
name: Synced
|
|
type: string
|
|
- description: The last successful synced time of the resource with Consul
|
|
jsonPath: .status.lastSyncedTime
|
|
name: Last Synced
|
|
type: date
|
|
- description: The age of the resource
|
|
jsonPath: .metadata.creationTimestamp
|
|
name: Age
|
|
type: date
|
|
name: v1alpha1
|
|
schema:
|
|
openAPIV3Schema:
|
|
description: ServiceDefaults is the Schema for the servicedefaults API
|
|
properties:
|
|
apiVersion:
|
|
description: 'APIVersion defines the versioned schema of this representation
|
|
of an object. Servers should convert recognized schemas to the latest
|
|
internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
|
|
type: string
|
|
kind:
|
|
description: 'Kind is a string value representing the REST resource this
|
|
object represents. Servers may infer this from the endpoint the client
|
|
submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
|
|
type: string
|
|
metadata:
|
|
type: object
|
|
spec:
|
|
description: ServiceDefaultsSpec defines the desired state of ServiceDefaults.
|
|
properties:
|
|
destination:
|
|
description: Destination is an address(es)/port combination that represents
|
|
an endpoint outside the mesh. This is only valid when the mesh is
|
|
configured in "transparent" mode. Destinations live outside of Consul's
|
|
catalog, and because of this, they do not require an artificial
|
|
node to be created.
|
|
properties:
|
|
addresses:
|
|
description: Addresses is a list of IPs and/or hostnames that
|
|
can be dialed and routed through a terminating gateway.
|
|
items:
|
|
type: string
|
|
type: array
|
|
port:
|
|
description: Port is the port that can be dialed on any of the
|
|
addresses in this Destination.
|
|
format: int32
|
|
type: integer
|
|
type: object
|
|
expose:
|
|
description: Expose controls the default expose path configuration
|
|
for Envoy.
|
|
properties:
|
|
checks:
|
|
description: Checks defines whether paths associated with Consul
|
|
checks will be exposed. This flag triggers exposing all HTTP
|
|
and GRPC check paths registered for the service.
|
|
type: boolean
|
|
paths:
|
|
description: Paths is the list of paths exposed through the proxy.
|
|
items:
|
|
properties:
|
|
listenerPort:
|
|
description: ListenerPort defines the port of the proxy's
|
|
listener for exposed paths.
|
|
type: integer
|
|
localPathPort:
|
|
description: LocalPathPort is the port that the service
|
|
is listening on for the given path.
|
|
type: integer
|
|
path:
|
|
description: Path is the path to expose through the proxy,
|
|
ie. "/metrics".
|
|
type: string
|
|
protocol:
|
|
description: Protocol describes the upstream's service protocol.
|
|
Valid values are "http" and "http2", defaults to "http".
|
|
type: string
|
|
type: object
|
|
type: array
|
|
type: object
|
|
externalSNI:
|
|
description: ExternalSNI is an optional setting that allows for the
|
|
TLS SNI value to be changed to a non-connect value when federating
|
|
with an external system.
|
|
type: string
|
|
localConnectTimeoutMs:
|
|
description: The number of milliseconds allowed to make connections
|
|
to the local application instance before timing out. Defaults to
|
|
5000.
|
|
type: integer
|
|
localRequestTimeoutMs:
|
|
description: In milliseconds, the timeout for HTTP requests to the
|
|
local application instance. Applies to HTTP-based protocols only.
|
|
If not specified, inherits the Envoy default for route timeouts
|
|
(15s).
|
|
type: integer
|
|
maxInboundConnections:
|
|
description: MaxInboundConnections is the maximum number of concurrent
|
|
inbound connections to each service instance. Defaults to 0 (using
|
|
consul's default) if not set.
|
|
type: integer
|
|
meshGateway:
|
|
description: MeshGateway controls the default mesh gateway configuration
|
|
for this service.
|
|
properties:
|
|
mode:
|
|
description: Mode is the mode that should be used for the upstream
|
|
connection. One of none, local, or remote.
|
|
type: string
|
|
type: object
|
|
mode:
|
|
description: 'Mode can be one of "direct" or "transparent". "transparent"
|
|
represents that inbound and outbound application traffic is being
|
|
captured and redirected through the proxy. This mode does not enable
|
|
the traffic redirection itself. Instead it signals Consul to configure
|
|
Envoy as if traffic is already being redirected. "direct" represents
|
|
that the proxy''s listeners must be dialed directly by the local
|
|
application and other proxies. Note: This cannot be set using the
|
|
CRD and should be set using annotations on the services that are
|
|
part of the mesh.'
|
|
type: string
|
|
protocol:
|
|
description: Protocol sets the protocol of the service. This is used
|
|
by Connect proxies for things like observability features and to
|
|
unlock usage of the service-splitter and service-router config entries
|
|
for a service.
|
|
type: string
|
|
transparentProxy:
|
|
description: 'TransparentProxy controls configuration specific to
|
|
proxies in transparent mode. Note: This cannot be set using the
|
|
CRD and should be set using annotations on the services that are
|
|
part of the mesh.'
|
|
properties:
|
|
dialedDirectly:
|
|
description: DialedDirectly indicates whether transparent proxies
|
|
can dial this proxy instance directly. The discovery chain is
|
|
not considered when dialing a service instance directly. This
|
|
setting is useful when addressing stateful services, such as
|
|
a database cluster with a leader node.
|
|
type: boolean
|
|
outboundListenerPort:
|
|
description: OutboundListenerPort is the port of the listener
|
|
where outbound application traffic is being redirected to.
|
|
type: integer
|
|
type: object
|
|
upstreamConfig:
|
|
description: UpstreamConfig controls default configuration settings
|
|
that apply across all upstreams, and per-upstream configuration
|
|
overrides. Note that per-upstream configuration applies across all
|
|
federated datacenters to the pairing of source and upstream destination
|
|
services.
|
|
properties:
|
|
defaults:
|
|
description: Defaults contains default configuration for all upstreams
|
|
of a given service. The name field must be empty.
|
|
properties:
|
|
connectTimeoutMs:
|
|
description: ConnectTimeoutMs is the number of milliseconds
|
|
to timeout making a new connection to this upstream. Defaults
|
|
to 5000 (5 seconds) if not set.
|
|
type: integer
|
|
envoyClusterJSON:
|
|
description: 'EnvoyClusterJSON is a complete override ("escape
|
|
hatch") for the upstream''s cluster. The Connect client
|
|
TLS certificate and context will be injected overriding
|
|
any TLS settings present. Note: This escape hatch is NOT
|
|
compatible with the discovery chain and will be ignored
|
|
if a discovery chain is active.'
|
|
type: string
|
|
envoyListenerJSON:
|
|
description: 'EnvoyListenerJSON is a complete override ("escape
|
|
hatch") for the upstream''s listener. Note: This escape
|
|
hatch is NOT compatible with the discovery chain and will
|
|
be ignored if a discovery chain is active.'
|
|
type: string
|
|
limits:
|
|
description: Limits are the set of limits that are applied
|
|
to the proxy for a specific upstream of a service instance.
|
|
properties:
|
|
maxConcurrentRequests:
|
|
description: MaxConcurrentRequests is the maximum number
|
|
of in-flight requests that will be allowed to the upstream
|
|
cluster at a point in time. This is mostly applicable
|
|
to HTTP/2 clusters since all HTTP/1.1 requests are limited
|
|
by MaxConnections.
|
|
type: integer
|
|
maxConnections:
|
|
description: MaxConnections is the maximum number of connections
|
|
the local proxy can make to the upstream service.
|
|
type: integer
|
|
maxPendingRequests:
|
|
description: MaxPendingRequests is the maximum number
|
|
of requests that will be queued waiting for an available
|
|
connection. This is mostly applicable to HTTP/1.1 clusters
|
|
since all HTTP/2 requests are streamed over a single
|
|
connection.
|
|
type: integer
|
|
type: object
|
|
meshGateway:
|
|
description: MeshGatewayConfig controls how Mesh Gateways
|
|
are configured and used.
|
|
properties:
|
|
mode:
|
|
description: Mode is the mode that should be used for
|
|
the upstream connection. One of none, local, or remote.
|
|
type: string
|
|
type: object
|
|
name:
|
|
description: Name is only accepted within a service-defaults
|
|
config entry.
|
|
type: string
|
|
namespace:
|
|
description: Namespace is only accepted within a service-defaults
|
|
config entry.
|
|
type: string
|
|
partition:
|
|
description: Partition is only accepted within a service-defaults
|
|
config entry.
|
|
type: string
|
|
passiveHealthCheck:
|
|
description: PassiveHealthCheck configuration determines how
|
|
upstream proxy instances will be monitored for removal from
|
|
the load balancing pool.
|
|
properties:
|
|
enforcing_consecutive_5xx:
|
|
description: EnforcingConsecutive5xx is the % chance that
|
|
a host will be actually ejected when an outlier status
|
|
is detected through consecutive 5xx. This setting can
|
|
be used to disable ejection or to ramp it up slowly.
|
|
format: int32
|
|
type: integer
|
|
interval:
|
|
description: Interval between health check analysis sweeps.
|
|
Each sweep may remove hosts or return hosts to the pool.
|
|
type: string
|
|
maxFailures:
|
|
description: MaxFailures is the count of consecutive failures
|
|
that results in a host being removed from the pool.
|
|
format: int32
|
|
type: integer
|
|
type: object
|
|
protocol:
|
|
description: Protocol describes the upstream's service protocol.
|
|
Valid values are "tcp", "http" and "grpc". Anything else
|
|
is treated as tcp. This enables protocol aware features
|
|
like per-request metrics and connection pooling, tracing,
|
|
routing etc.
|
|
type: string
|
|
type: object
|
|
overrides:
|
|
description: Overrides is a slice of per-service configuration.
|
|
The name field is required.
|
|
items:
|
|
properties:
|
|
connectTimeoutMs:
|
|
description: ConnectTimeoutMs is the number of milliseconds
|
|
to timeout making a new connection to this upstream. Defaults
|
|
to 5000 (5 seconds) if not set.
|
|
type: integer
|
|
envoyClusterJSON:
|
|
description: 'EnvoyClusterJSON is a complete override ("escape
|
|
hatch") for the upstream''s cluster. The Connect client
|
|
TLS certificate and context will be injected overriding
|
|
any TLS settings present. Note: This escape hatch is NOT
|
|
compatible with the discovery chain and will be ignored
|
|
if a discovery chain is active.'
|
|
type: string
|
|
envoyListenerJSON:
|
|
description: 'EnvoyListenerJSON is a complete override ("escape
|
|
hatch") for the upstream''s listener. Note: This escape
|
|
hatch is NOT compatible with the discovery chain and will
|
|
be ignored if a discovery chain is active.'
|
|
type: string
|
|
limits:
|
|
description: Limits are the set of limits that are applied
|
|
to the proxy for a specific upstream of a service instance.
|
|
properties:
|
|
maxConcurrentRequests:
|
|
description: MaxConcurrentRequests is the maximum number
|
|
of in-flight requests that will be allowed to the
|
|
upstream cluster at a point in time. This is mostly
|
|
applicable to HTTP/2 clusters since all HTTP/1.1 requests
|
|
are limited by MaxConnections.
|
|
type: integer
|
|
maxConnections:
|
|
description: MaxConnections is the maximum number of
|
|
connections the local proxy can make to the upstream
|
|
service.
|
|
type: integer
|
|
maxPendingRequests:
|
|
description: MaxPendingRequests is the maximum number
|
|
of requests that will be queued waiting for an available
|
|
connection. This is mostly applicable to HTTP/1.1
|
|
clusters since all HTTP/2 requests are streamed over
|
|
a single connection.
|
|
type: integer
|
|
type: object
|
|
meshGateway:
|
|
description: MeshGatewayConfig controls how Mesh Gateways
|
|
are configured and used.
|
|
properties:
|
|
mode:
|
|
description: Mode is the mode that should be used for
|
|
the upstream connection. One of none, local, or remote.
|
|
type: string
|
|
type: object
|
|
name:
|
|
description: Name is only accepted within a service-defaults
|
|
config entry.
|
|
type: string
|
|
namespace:
|
|
description: Namespace is only accepted within a service-defaults
|
|
config entry.
|
|
type: string
|
|
partition:
|
|
description: Partition is only accepted within a service-defaults
|
|
config entry.
|
|
type: string
|
|
passiveHealthCheck:
|
|
description: PassiveHealthCheck configuration determines
|
|
how upstream proxy instances will be monitored for removal
|
|
from the load balancing pool.
|
|
properties:
|
|
enforcing_consecutive_5xx:
|
|
description: EnforcingConsecutive5xx is the % chance
|
|
that a host will be actually ejected when an outlier
|
|
status is detected through consecutive 5xx. This setting
|
|
can be used to disable ejection or to ramp it up slowly.
|
|
format: int32
|
|
type: integer
|
|
interval:
|
|
description: Interval between health check analysis
|
|
sweeps. Each sweep may remove hosts or return hosts
|
|
to the pool.
|
|
type: string
|
|
maxFailures:
|
|
description: MaxFailures is the count of consecutive
|
|
failures that results in a host being removed from
|
|
the pool.
|
|
format: int32
|
|
type: integer
|
|
type: object
|
|
protocol:
|
|
description: Protocol describes the upstream's service protocol.
|
|
Valid values are "tcp", "http" and "grpc". Anything else
|
|
is treated as tcp. This enables protocol aware features
|
|
like per-request metrics and connection pooling, tracing,
|
|
routing etc.
|
|
type: string
|
|
type: object
|
|
type: array
|
|
type: object
|
|
type: object
|
|
status:
|
|
properties:
|
|
conditions:
|
|
description: Conditions indicate the latest available observations
|
|
of a resource's current state.
|
|
items:
|
|
description: 'Conditions define a readiness condition for a Consul
|
|
resource. See: https://github.com/kubernetes/community/blob/master/contributors/devel/sig-architecture/api-conventions.md#typical-status-properties'
|
|
properties:
|
|
lastTransitionTime:
|
|
description: LastTransitionTime is the last time the condition
|
|
transitioned from one status to another.
|
|
format: date-time
|
|
type: string
|
|
message:
|
|
description: A human readable message indicating details about
|
|
the transition.
|
|
type: string
|
|
reason:
|
|
description: The reason for the condition's last transition.
|
|
type: string
|
|
status:
|
|
description: Status of the condition, one of True, False, Unknown.
|
|
type: string
|
|
type:
|
|
description: Type of condition.
|
|
type: string
|
|
required:
|
|
- status
|
|
- type
|
|
type: object
|
|
type: array
|
|
lastSyncedTime:
|
|
description: LastSyncedTime is the last time the resource successfully
|
|
synced with Consul.
|
|
format: date-time
|
|
type: string
|
|
type: object
|
|
type: object
|
|
served: true
|
|
storage: true
|
|
subresources:
|
|
status: {}
|
|
status:
|
|
acceptedNames:
|
|
kind: ""
|
|
plural: ""
|
|
conditions: []
|
|
storedVersions: []
|
|
{{- end }}
|