Config v1alpha1 API Reference

ServiceCertValidityDuration defines the service certificate validity duration.

CertKeyBitSize defines the certicate key bit size.

IngressGateway defines the certificate specification for an ingress gateway.

Name defines the name of cluster property.

Value defines the name of cluster property.

Properties defines properties for cluster.

Enable defines a boolean indicating if the external authorization policy is to be enabled.

Address defines the remote address of the external authorization endpoint.

Port defines the destination port of the remote external authorization endpoint.

StatPrefix defines a prefix for the stats sink for this external authorization policy.

Timeout defines the timeout in which a response from the external authorization endpoint. is expected to execute.

FailureModeAllow defines a boolean indicating if traffic should be allowed on a failure to get a response against the external authorization endpoint.

EnableEgressPolicy defines if FSM’s Egress policy is enabled.

EnableSnapshotCacheMode defines if XDS server starts with snapshot cache.

EnableAsyncProxyServiceMapping defines if FSM will map proxies to services asynchronously.

EnableIngressBackendPolicy defines if FSM will use the IngressBackend API to allow ingress traffic to service mesh backends.

EnableAccessControlPolicy defines if FSM will use the AccessControl API to allow access control traffic to service mesh backends.

EnableAccessCertPolicy defines if FSM can issue certificates for external services..

EnableSidecarActiveHealthChecks defines if FSM will sidecar active health checks between services allowed to communicate.

EnableRetryPolicy defines if retry policy is enabled.

EnablePluginPolicy defines if plugin policy is enabled.

EnableAutoDefaultRoute defines if auto default route is enabled.

SubjectAltNames defines the Subject Alternative Names (domain names and IP addresses) secured by the certificate.

ValidityDuration defines the validity duration of the certificate.

Secret defines the secret in which the certificate is stored.

Object’s metadata.

Spec is the MeshConfig specification.

ClusterSetSpec defines the configurations of cluster.

Sidecar defines the configurations of the proxy sidecar in a mesh.

RepoServer defines the configurations of pipy repo server.

Traffic defines the traffic management configurations for a mesh instance.

Observalility defines the observability configurations for a mesh instance.

Certificate defines the certificate management configurations for a mesh instance.

FeatureFlags defines the feature flags for a mesh instance.

PluginChains defines the default plugin chains.

FSMLogLevel defines the log level for FSM control plane logs.

EnableDebugServer defines if the debug endpoint on the FSM controller pod is enabled.

Tracing defines FSM’s tracing configuration.

RemoteLogging defines FSM’s remot logging configuration.

Plugin defines the name of plugin

Priority defines the priority of plugin

Disable defines the visibility of plugin

InboundTCPChains defines inbound tcp chains

InboundHTTPChains defines inbound http chains

OutboundTCPChains defines outbound tcp chains

OutboundHTTPChains defines outbound http chains

Enable defines a boolean indicating if the sidecars are enabled for remote logging.

Level defines the remote logging’s level.

Port defines the remote loggings port.

Address defines the remote logging’s hostname.

Endpoint defines the API endpoint for remote logging requests sent to the collector.

Authorization defines the access entity that allows to authorize someone in remote logging service.

SampledFraction defines the sampled fraction.

IPAddr of the pipy repo server

Codebase is the folder used by fsmController

SidecarName defines the name of the sidecar driver.

SidecarImage defines the container image used for the proxy sidecar.

InitContainerImage defines the container image used for the init container injected to meshed pods.

ProxyServerPort is the port on which the Discovery Service listens for new connections from Sidecars

SidecarDisabledMTLS defines if mTLS are disabled.

EnablePrivilegedInitContainer defines a boolean indicating whether the init container for a meshed pod should run as privileged.

LogLevel defines the logging level for the sidecar’s logs. Non developers should generally never set this value. In production environments the LogLevel should be set to error.

SidecarClass defines the container provider used for the proxy sidecar.

SidecarImage defines the container image used for the proxy sidecar.

SidecarDisabledMTLS defines whether mTLS is disabled.

InitContainerImage defines the container image used for the init container injected to meshed pods.

SidecarDrivers defines the sidecar supported.

MaxDataPlaneConnections defines the maximum allowed data plane connections from a proxy sidecar to the FSM controller.

ConfigResyncInterval defines the resync interval for regular proxy broadcast updates.

SidecarTimeout defines the connect/idle/read/write timeout.

Resources defines the compute resources for the sidecar.

Enable defines a boolean indicating if the sidecars are enabled for tracing.

Port defines the tracing collector’s port.

Address defines the tracing collectio’s hostname.

Endpoint defines the API endpoint for tracing requests sent to the collector.

SampledFraction defines the sampled fraction.

InterceptionMode defines a string indicating which traffic interception mode is used.

EnableEgress defines a boolean indicating if mesh-wide Egress is enabled.

OutboundIPRangeExclusionList defines a global list of IP address ranges to exclude from outbound traffic interception by the sidecar proxy.

OutboundPortExclusionList defines a global list of ports to exclude from outbound traffic interception by the sidecar proxy.

InboundPortExclusionList defines a global list of ports to exclude from inbound traffic interception by the sidecar proxy.

EnablePermissiveTrafficPolicyMode defines a boolean indicating if permissive traffic policy mode is enabled mesh-wide.

ServiceAccessMode defines a string indicating service access mode.

InboundExternalAuthorization defines a ruleset that, if enabled, will configure a remote external authorization endpoint for all inbound and ingress traffic in the mesh.

HTTP1PerRequestLoadBalancing defines a boolean indicating if load balancing based on request is enabled for http1.

HTTP1PerRequestLoadBalancing defines a boolean indicating if load balancing based on request is enabled for http2.