Package v1alpha1 contains API Schema definitions for the envoy v1alpha1 API group
Blueprint is an enum of the supported blueprints for generated resources
ConfigRevisionRef holds a reference to EnvoyConfigRevision object
| Field | Description |
|---|---|
|
Version is a hash of the EnvoyResources field |
|
Ref is a reference to the EnvoyConfigRevision object that holds the configuration matching the Version field. |
EnvoyConfig holds the configuration for a given envoy nodeID. The spec of an EnvoyConfig object holds the Envoy resources that conform the desired configuration for the given nodeID and that the discovery service will send to any envoy client that identifies itself with that nodeID.
| Field | Description |
|---|---|
|
|
|
|
|
Refer to Kubernetes API documentation for fields of |
|
|
|
EnvoyConfigList contains a list of EnvoyConfig
| Field | Description |
|---|---|
|
|
|
|
|
Refer to Kubernetes API documentation for fields of |
|
EnvoyConfigRevision is an internal resource that stores a specific version of an EnvoyConfig resource. EnvoyConfigRevisions are automatically created and deleted by the EnvoyConfig controller and are not intended to be directly used. Use EnvoyConfig objects instead.
| Field | Description |
|---|---|
|
|
|
|
|
Refer to Kubernetes API documentation for fields of |
|
EnvoyConfigRevisionList contains a list of EnvoyConfigRevision
| Field | Description |
|---|---|
|
|
|
|
|
Refer to Kubernetes API documentation for fields of |
|
EnvoyConfigRevisionSpec defines the desired state of EnvoyConfigRevision
| Field | Description |
|---|---|
|
NodeID holds the envoy identifier for the discovery service to know which set of resources to send to each of the envoy clients that connect to it. |
|
Version is a hash of the EnvoyResources field |
|
EnvoyAPI is the version of envoy’s API to use. Defaults to v3. |
|
Serialization specicifies the serialization format used to describe the resources. "json" and "yaml" are supported. "json" is used if unset. |
|
EnvoyResources holds the different types of resources suported by the envoy discovery service |
|
Resources holds the different types of resources suported by the envoy discovery service |
EnvoyConfigRevisionStatus defines the observed state of EnvoyConfigRevision
| Field | Description |
|---|---|
|
Published signals if the EnvoyConfigRevision is the one currently published in the xds server cache |
|
ProvidesVersions keeps track of the version that this revision publishes in the xDS server for each resource type |
|
LastPublishedAt indicates the last time this config review transitioned to published |
|
Tainted indicates whether the EnvoyConfigRevision is eligible for publishing or not |
|
Conditions represent the latest available observations of an object’s state |
EnvoyConfigSpec defines the desired state of EnvoyConfig
| Field | Description |
|---|---|
|
NodeID holds the envoy identifier for the discovery service to know which set of resources to send to each of the envoy clients that connect to it. |
|
Serialization specicifies the serialization format used to describe the resources. "json" and "yaml" are supported. "json" is used if unset. |
|
EnvoyAPI is the version of envoy’s API to use. Defaults to v3. |
|
EnvoyResources holds the different types of resources suported by the envoy discovery service DEPRECATED. Use the |
|
Resources holds the different types of resources suported by the envoy discovery service |
EnvoyConfigStatus defines the observed state of EnvoyConfig
| Field | Description |
|---|---|
|
CacheState summarizes all the observations about the EnvoyConfig to give the user a concrete idea on the general status of the discovery servie cache. It is intended only for human consumption. Other controllers should relly on conditions to determine the status of the discovery server cache. |
|
PublishedVersion is the config version currently served by the envoy discovery service for the give nodeID |
|
DesiredVersion represents the resources version described in the spec of the EnvoyConfig object |
|
Conditions represent the latest available observations of an object’s state |
|
ConfigRevisions is an ordered list of references to EnvoyConfigRevision objects |
EnvoyResource holds serialized representation of an envoy resource
| Field | Description |
|---|---|
|
Name of the envoy resource. DEPRECATED: this field has no effect and will be removed in an upcoming release. The name of the resources for discovery purposes is included in the resource itself. Refer to the envoy API reference to check how the name is specified for each resource type. |
|
Value is the serialized representation of the envoy resource |
EnvoyResources holds each envoy api resource type
| Field | Description |
|---|---|
|
Endpoints is a list of the envoy ClusterLoadAssignment resource type. API V3 reference: https://www.envoyproxy.io/docs/envoy/latest/api-v3/config/endpoint/v3/endpoint.proto |
|
Clusters is a list of the envoy Cluster resource type. API V3 reference: https://www.envoyproxy.io/docs/envoy/latest/api-v3/config/cluster/v3/cluster.proto |
|
Routes is a list of the envoy Route resource type. API V3 reference: https://www.envoyproxy.io/docs/envoy/latest/api-v3/config/route/v3/route.proto |
|
ScopedRoutes is a list of the envoy ScopeRoute resource type. API V3 reference: https://www.envoyproxy.io/docs/envoy/latest/api-v3/config/route/v3/scoped_route.proto |
|
Listeners is a list of the envoy Listener resource type. API V3 reference: https://www.envoyproxy.io/docs/envoy/latest/api-v3/config/listener/v3/listener.proto |
|
Runtimes is a list of the envoy Runtime resource type. API V3 reference: https://www.envoyproxy.io/docs/envoy/latest/api-v3/service/runtime/v3/rtds.proto |
|
Secrets is a list of references to Kubernetes Secret objects. |
|
ExtensionConfigs is a list of the envoy ExtensionConfig resource type API V3 reference: https://www.envoyproxy.io/docs/envoy/latest/api-v3/config/core/v3/extension.proto |
EnvoySecretResource holds a reference to a k8s Secret from where to take a secret from. Only Secrets within the same namespace can be referred.
| Field | Description |
|---|---|
|
Name of the envoy tslCerticate secret resource. The certificate will be fetched from a Kubernetes Secrets of type 'kubernetes.io/tls' with this same name. |
|
DEPRECATED: this field is deprecated and it’s value will be ignored. The 'name' of the Kubernetes Secret must match the 'name' field. |
| Field | Description |
|---|---|
|
|
|
|
|
Resource holds serialized representation of an envoy resource
| Field | Description |
|---|---|
|
Type is the type url for the protobuf message |
|
Value is the protobufer message that configures the resource. The proto must match the envoy configuration API v3 specification for the given resource type (https://www.envoyproxy.io/docs/envoy/latest/api-docs/xds_protocol#resource-types) |
|
The name of a Kubernetes Secret of type "kubernetes.io/tls" |
|
The name of a Kubernetes Secret of type "Opaque". It will generate an envoy "generic secret" proto. |
|
Specifies a label selector to watch for EndpointSlices that will be used to generate the endpoint resource |
|
Blueprint specifies a template to generate a configuration proto. It is currently only supported to generate secret configuration resources from k8s Secrets |
| Field | Description |
|---|---|
|
The name of the secret in the pod’s namespace to select from. |
|
The key of the secret to select from. Must be a valid secret key. |
|
A unique name to refer to the name:key combination |
VersionTracker tracks the versions of the resources that this revision publishes in the xDS server cache
| Field | Description |
|---|---|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
Package v1alpha1 contains API Schema definitions for the operator v1alpha1 API group
CASignedConfig is used ti generate certificates signed by a CA contained in a Secret
| Field | Description |
|---|---|
|
A reference to a Secret containing the CA |
CertificateOptions specifies options to generate the server certificate used both for the xDS server and the mutating webhook server.
| Field | Description |
|---|---|
|
|
|
CertificateRenewalConfig configures the certificate renewal process.
| Field | Description |
|---|---|
|
Enabled is a flag to enable or disable renewal of the certificate |
ContainerPort defines port for the Marin3r sidecar container
| Field | Description |
|---|---|
|
Port name |
|
Port value |
|
Protocol. Defaults to TCP. |
DiscoveryService represents an envoy discovery service server. Only one instance per namespace is currently supported.
| Field | Description |
|---|---|
|
|
|
|
|
Refer to Kubernetes API documentation for fields of |
|
|
|
DiscoveryServiceCertificate is an internal resource used to create certificates. This resource is used by the DiscoveryService controller to create the required certificates for the different components. Direct use of DiscoveryServiceCertificate objects is discouraged.
| Field | Description |
|---|---|
|
|
|
|
|
Refer to Kubernetes API documentation for fields of |
DiscoveryServiceCertificateList contains a list of DiscoveryServiceCertificate
| Field | Description |
|---|---|
|
|
|
|
|
Refer to Kubernetes API documentation for fields of |
|
DiscoveryServiceCertificateSigner specifies the signer to use to provision the certificate
| Field | Description |
|---|---|
|
SelfSigned holds specific configuration for the SelfSigned signer |
|
CASigned holds specific configuration for the CASigned signer |
DiscoveryServiceCertificateSpec defines the desired state of DiscoveryServiceCertificate
| Field | Description |
|---|---|
|
CommonName is the CommonName of the certificate |
|
IsServerCertificate is a boolean specifying if the certificate should be issued with server auth usage enabled |
|
IsCA is a boolean specifying that the certificate is a CA |
|
ValidFor specifies the validity of the certificate in seconds |
|
Hosts is the list of hosts the certificate is valid for. Only use when 'IsServerCertificate' is true. If unset, the CommonName field will be used to populate the valid hosts of the certificate. |
Signer specifies the signer to use to create this certificate. Supported signers are CertManager and SelfSigned. |
|
|
SecretRef is a reference to the secret that will hold the certificate and the private key. |
|
CertificateRenewalConfig configures the certificate renewal process. If unset default behavior is to renew the certificate but not notify of renewals. |
DiscoveryServiceCertificateStatus defines the observed state of DiscoveryServiceCertificate
| Field | Description |
|---|---|
|
Ready is a boolean that specifies if the certificate is ready to be used |
|
NotBefore is the time at which the certificate starts being valid |
|
NotAfter is the time at which the certificate expires |
|
CertificateHash stores the current hash of the certificate. It is used for other controllers to validate if a certificate has been re-issued. |
|
Conditions represent the latest available observations of an object’s state |
DiscoveryServiceList contains a list of DiscoveryService
| Field | Description |
|---|---|
|
|
|
|
|
Refer to Kubernetes API documentation for fields of |
|
DiscoveryServiceSpec defines the desired state of DiscoveryService
| Field | Description |
|---|---|
|
Image holds the image to use for the discovery service Deployment |
|
Debug enables debugging log level for the discovery service controllers. It is safe to use since secret data is never shown in the logs. |
|
Resources holds the Resource Requirements to use for the discovery service Deployment. When not set it defaults to no resource requests nor limits. CPU and Memory resources are supported. |
|
PKIConfig has configuration for the PKI that marin3r manages for the different certificates it requires |
|
XdsServerPort is the port where the xDS server listens. Defaults to 18000. |
|
MetricsPort is the port where metrics are served. Defaults to 8383. |
|
ProbePort is the port where healthz endpoint is served. Defaults to 8384. |
|
ServiceConfig configures the way the DiscoveryService endpoints are exposed |
|
PriorityClass to assign the discovery service Pod to |
DiscoveryServiceStatus defines the observed state of DiscoveryService
| Field | Description |
|---|---|
|
|
|
| Field | Description |
|---|---|
|
minReplicas is the lower limit for the number of replicas to which the autoscaler can scale down. It defaults to 1 pod. minReplicas is allowed to be 0 if the alpha feature gate HPAScaleToZero is enabled and at least one Object or External metric is configured. Scaling is active as long as at least one metric value is available. |
|
maxReplicas is the upper limit for the number of replicas to which the autoscaler can scale up. It cannot be less that minReplicas. |
|
metrics contains the specifications for which to use to calculate the desired replica count (the maximum replica count across all metrics will be used). The desired replica count is calculated multiplying the ratio between the target value and the current value by the current number of pods. Ergo, metrics used must decrease as the pod count is increased, and vice-versa. See the individual metric source types for more information about how each type of metric must respond. If not set, the default metric will be set to 80% average CPU utilization. |
|
behavior configures the scaling behavior of the target in both Up and Down directions (scaleUp and scaleDown fields respectively). If not set, the default HPAScalingRules for scale up and scale down are used. |
EnvoyDeployment is a resource to deploy and manage a Kubernetes Deployment of Envoy Pods.
| Field | Description |
|---|---|
|
|
|
|
|
Refer to Kubernetes API documentation for fields of |
|
|
|
EnvoyDeploymentList contains a list of EnvoyDeployment
| Field | Description |
|---|---|
|
|
|
|
|
Refer to Kubernetes API documentation for fields of |
|
EnvoyDeploymentSpec defines the desired state of EnvoyDeployment
| Field | Description |
|---|---|
|
EnvoyConfigRef points to an EnvoyConfig in the same namespace that holds the envoy resources for this Deployment |
|
DiscoveryServiceRef points to a DiscoveryService in the same namespace |
|
Defines the local service cluster name where Envoy is running. Defaults to the NodeID in the EnvoyConfig if unset |
|
Ports exposed by the Envoy container |
|
Image is the envoy image and tag to use |
|
Resources holds the resource requirements to use for the Envoy Deployment. Defaults to no resource requests nor limits. |
|
Defines the duration of the client certificate that is used to authenticate with the DiscoveryService |
|
Allows the user to define extra command line arguments for the Envoy process |
|
Configures envoy’s admin port. Defaults to 9901. |
|
Configures envoy’s admin access log path. Defaults to /dev/null. |
|
Replicas configures the number of replicas in the Deployment. One of 'static', 'dynamic' can be set. If both are set, static has precedence. |
|
Liveness probe for the envoy pods |
|
Readiness probe for the envoy pods |
|
Affinity configuration for the envoy pods |
|
Configures PodDisruptionBudget for the envoy Pods |
|
ShutdownManager defines configuration for Envoy’s shutdown manager, which handles graceful termination of Envoy pods |
|
InitManager defines configuration for Envoy’s init manager, which handles initialization for Envoy pods |
EnvoyDeploymentStatus defines the observed state of EnvoyDeployment
| Field | Description |
|---|---|
|
|
|
InitManager defines configuration for Envoy’s shutdown manager, which handles initialization for Envoy pods
| Field | Description |
|---|---|
|
Image is the init manager image and tag to use |
PKIConfig has configuration for the PKI that marin3r manages for the different certificates it requires
| Field | Description |
|---|---|
|
|
|
PodDisruptionBudgetSpec defines the PDB for the component
| Field | Description |
|---|---|
|
An eviction is allowed if at least "minAvailable" pods selected by "selector" will still be available after the eviction, i.e. even in the absence of the evicted pod. So for example you can prevent all voluntary evictions by specifying "100%". |
|
An eviction is allowed if at most "maxUnavailable" pods selected by "selector" are unavailable after the eviction, i.e. even in absence of the evicted pod. For example, one can prevent all voluntary evictions by specifying 0. This is a mutually exclusive setting with "minAvailable". |
ProbeSpec specifies configuration for a probe
| Field | Description |
|---|---|
|
Number of seconds after the container has started before liveness probes are initiated |
|
Number of seconds after which the probe times out |
|
How often (in seconds) to perform the probe |
|
Minimum consecutive successes for the probe to be considered successful after having failed |
|
Minimum consecutive failures for the probe to be considered failed after having succeeded |
ReplicasSpec configures the number of replicas of the Deployment
| Field | Description |
|---|---|
|
Configure a static number of replicas. Defaults to 1. |
|
Configure a min and max value for the number of pods to autoscale dynamically. |
SelfSignedConfig is an empty struct to refer to the selfsiged certificates provisioner
ServiceConfig has options to configure the way the Service is deployed
| Field | Description |
|---|---|
|
|
|
ShutdownManager defines configuration for Envoy’s shutdown manager, which handles graceful termination of Envoy Pods
| Field | Description |
|---|---|
|
Image is the shutdown manager image and tag to use |
|
Configures the sutdown manager’s server port. Defaults to 8090. |
|
The time in seconds that Envoy will drain connections during shutdown. It also affects drain behaviour when listeners are modified or removed via LDS. |
|
The drain strategy for the graceful shutdown. It also affects drain when listeners are modified or removed via LDS. |