211 lines
10 KiB
YAML
211 lines
10 KiB
YAML
{{- if .Values.connectInject.enabled }}
|
|
---
|
|
apiVersion: apiextensions.k8s.io/v1
|
|
kind: CustomResourceDefinition
|
|
metadata:
|
|
annotations:
|
|
controller-gen.kubebuilder.io/version: v0.8.0
|
|
creationTimestamp: null
|
|
name: meshes.consul.hashicorp.com
|
|
labels:
|
|
app: {{ template "consul.name" . }}
|
|
chart: {{ template "consul.chart" . }}
|
|
heritage: {{ .Release.Service }}
|
|
release: {{ .Release.Name }}
|
|
component: crd
|
|
spec:
|
|
group: consul.hashicorp.com
|
|
names:
|
|
kind: Mesh
|
|
listKind: MeshList
|
|
plural: meshes
|
|
singular: mesh
|
|
scope: Namespaced
|
|
versions:
|
|
- additionalPrinterColumns:
|
|
- description: The sync status of the resource with Consul
|
|
jsonPath: .status.conditions[?(@.type=="Synced")].status
|
|
name: Synced
|
|
type: string
|
|
- description: The last successful synced time of the resource with Consul
|
|
jsonPath: .status.lastSyncedTime
|
|
name: Last Synced
|
|
type: date
|
|
- description: The age of the resource
|
|
jsonPath: .metadata.creationTimestamp
|
|
name: Age
|
|
type: date
|
|
name: v1alpha1
|
|
schema:
|
|
openAPIV3Schema:
|
|
description: Mesh is the Schema for the mesh API
|
|
properties:
|
|
apiVersion:
|
|
description: 'APIVersion defines the versioned schema of this representation
|
|
of an object. Servers should convert recognized schemas to the latest
|
|
internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
|
|
type: string
|
|
kind:
|
|
description: 'Kind is a string value representing the REST resource this
|
|
object represents. Servers may infer this from the endpoint the client
|
|
submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
|
|
type: string
|
|
metadata:
|
|
type: object
|
|
spec:
|
|
description: MeshSpec defines the desired state of Mesh.
|
|
properties:
|
|
http:
|
|
description: HTTP defines the HTTP configuration for the service mesh.
|
|
properties:
|
|
sanitizeXForwardedClientCert:
|
|
type: boolean
|
|
required:
|
|
- sanitizeXForwardedClientCert
|
|
type: object
|
|
peering:
|
|
description: Peering defines the peering configuration for the service
|
|
mesh.
|
|
properties:
|
|
peerThroughMeshGateways:
|
|
description: PeerThroughMeshGateways determines whether peering
|
|
traffic between control planes should flow through mesh gateways.
|
|
If enabled, Consul servers will advertise mesh gateway addresses
|
|
as their own. Additionally, mesh gateways will configure themselves
|
|
to expose the local servers using a peering-specific SNI.
|
|
type: boolean
|
|
type: object
|
|
tls:
|
|
description: TLS defines the TLS configuration for the service mesh.
|
|
properties:
|
|
incoming:
|
|
description: Incoming defines the TLS configuration for inbound
|
|
mTLS connections targeting the public listener on Connect and
|
|
TerminatingGateway proxy kinds.
|
|
properties:
|
|
cipherSuites:
|
|
description: CipherSuites sets the default list of TLS cipher
|
|
suites to support when negotiating connections using TLS
|
|
1.2 or earlier. If unspecified, Envoy will use a default
|
|
server cipher list. The list of supported cipher suites
|
|
can be seen in https://github.com/hashicorp/consul/blob/v1.11.2/types/tls.go#L154-L169
|
|
and is dependent on underlying support in Envoy. Future
|
|
releases of Envoy may remove currently-supported but insecure
|
|
cipher suites, and future releases of Consul may add new
|
|
supported cipher suites if any are added to Envoy.
|
|
items:
|
|
type: string
|
|
type: array
|
|
tlsMaxVersion:
|
|
description: TLSMaxVersion sets the default maximum TLS version
|
|
supported. Must be greater than or equal to `TLSMinVersion`.
|
|
One of `TLS_AUTO`, `TLSv1_0`, `TLSv1_1`, `TLSv1_2`, or `TLSv1_3`.
|
|
If unspecified, Envoy will default to TLS 1.3 as a max version
|
|
for incoming connections.
|
|
type: string
|
|
tlsMinVersion:
|
|
description: TLSMinVersion sets the default minimum TLS version
|
|
supported. One of `TLS_AUTO`, `TLSv1_0`, `TLSv1_1`, `TLSv1_2`,
|
|
or `TLSv1_3`. If unspecified, Envoy v1.22.0 and newer will
|
|
default to TLS 1.2 as a min version, while older releases
|
|
of Envoy default to TLS 1.0.
|
|
type: string
|
|
type: object
|
|
outgoing:
|
|
description: Outgoing defines the TLS configuration for outbound
|
|
mTLS connections dialing upstreams from Connect and IngressGateway
|
|
proxy kinds.
|
|
properties:
|
|
cipherSuites:
|
|
description: CipherSuites sets the default list of TLS cipher
|
|
suites to support when negotiating connections using TLS
|
|
1.2 or earlier. If unspecified, Envoy will use a default
|
|
server cipher list. The list of supported cipher suites
|
|
can be seen in https://github.com/hashicorp/consul/blob/v1.11.2/types/tls.go#L154-L169
|
|
and is dependent on underlying support in Envoy. Future
|
|
releases of Envoy may remove currently-supported but insecure
|
|
cipher suites, and future releases of Consul may add new
|
|
supported cipher suites if any are added to Envoy.
|
|
items:
|
|
type: string
|
|
type: array
|
|
tlsMaxVersion:
|
|
description: TLSMaxVersion sets the default maximum TLS version
|
|
supported. Must be greater than or equal to `TLSMinVersion`.
|
|
One of `TLS_AUTO`, `TLSv1_0`, `TLSv1_1`, `TLSv1_2`, or `TLSv1_3`.
|
|
If unspecified, Envoy will default to TLS 1.3 as a max version
|
|
for incoming connections.
|
|
type: string
|
|
tlsMinVersion:
|
|
description: TLSMinVersion sets the default minimum TLS version
|
|
supported. One of `TLS_AUTO`, `TLSv1_0`, `TLSv1_1`, `TLSv1_2`,
|
|
or `TLSv1_3`. If unspecified, Envoy v1.22.0 and newer will
|
|
default to TLS 1.2 as a min version, while older releases
|
|
of Envoy default to TLS 1.0.
|
|
type: string
|
|
type: object
|
|
type: object
|
|
transparentProxy:
|
|
description: TransparentProxy controls the configuration specific
|
|
to proxies in "transparent" mode. Added in v1.10.0.
|
|
properties:
|
|
meshDestinationsOnly:
|
|
description: MeshDestinationsOnly determines whether sidecar proxies
|
|
operating in "transparent" mode can proxy traffic to IP addresses
|
|
not registered in Consul's catalog. If enabled, traffic will
|
|
only be proxied to upstreams with service registrations in the
|
|
catalog.
|
|
type: boolean
|
|
type: object
|
|
type: object
|
|
status:
|
|
properties:
|
|
conditions:
|
|
description: Conditions indicate the latest available observations
|
|
of a resource's current state.
|
|
items:
|
|
description: 'Conditions define a readiness condition for a Consul
|
|
resource. See: https://github.com/kubernetes/community/blob/master/contributors/devel/sig-architecture/api-conventions.md#typical-status-properties'
|
|
properties:
|
|
lastTransitionTime:
|
|
description: LastTransitionTime is the last time the condition
|
|
transitioned from one status to another.
|
|
format: date-time
|
|
type: string
|
|
message:
|
|
description: A human readable message indicating details about
|
|
the transition.
|
|
type: string
|
|
reason:
|
|
description: The reason for the condition's last transition.
|
|
type: string
|
|
status:
|
|
description: Status of the condition, one of True, False, Unknown.
|
|
type: string
|
|
type:
|
|
description: Type of condition.
|
|
type: string
|
|
required:
|
|
- status
|
|
- type
|
|
type: object
|
|
type: array
|
|
lastSyncedTime:
|
|
description: LastSyncedTime is the last time the resource successfully
|
|
synced with Consul.
|
|
format: date-time
|
|
type: string
|
|
type: object
|
|
type: object
|
|
served: true
|
|
storage: true
|
|
subresources:
|
|
status: {}
|
|
status:
|
|
acceptedNames:
|
|
kind: ""
|
|
plural: ""
|
|
conditions: []
|
|
storedVersions: []
|
|
{{- end }}
|