diff --git a/analysis/v1alpha1/message.pb.html b/analysis/v1alpha1/message.pb.html index bd53f75ea1..2c14e38e39 100644 --- a/analysis/v1alpha1/message.pb.html +++ b/analysis/v1alpha1/message.pb.html @@ -25,7 +25,7 @@

AnalysisMessageBase

-type +type Type @@ -34,7 +34,7 @@

AnalysisMessageBase

-level +level Level

Represents how severe a message is. Required.

@@ -45,7 +45,7 @@

AnalysisMessageBase

-documentationUrl +documentationUrl string

A url pointing to the Istio documentation for this specific error type. @@ -79,7 +79,7 @@

AnalysisMessageWeakSchema

-messageBase +messageBase AnalysisMessageBase

Required

@@ -90,7 +90,7 @@

AnalysisMessageWeakSchema

-description +description string

A human readable description of what the error means. Required.

@@ -101,7 +101,7 @@

AnalysisMessageWeakSchema

-template +template string

A go-style template string (https://golang.org/pkg/fmt/#hdr-Printing) @@ -114,7 +114,7 @@

AnalysisMessageWeakSchema

-args +args ArgType[]

A description of the arguments for a particular message type

@@ -147,7 +147,7 @@

GenericAnalysisMessage

-messageBase +messageBase AnalysisMessageBase

Required

@@ -158,7 +158,7 @@

GenericAnalysisMessage

-args +args Struct

Any message-type specific arguments that need to get codified. Optional.

@@ -169,7 +169,7 @@

GenericAnalysisMessage

-resourcePaths +resourcePaths string[]

A list of strings specifying the resource identifiers that were the cause @@ -203,7 +203,7 @@

InternalErrorAnalysisMessage

-messageBase +messageBase AnalysisMessageBase

Required

@@ -214,7 +214,7 @@

InternalErrorAnalysisMessage

-detail +detail string

Any detail regarding specifics of the error. Should be human-readable.

@@ -245,7 +245,7 @@

AnalysisMessageBase.Type

-name +name string

A human-readable name for the message type. e.g. “InternalError”, @@ -258,7 +258,7 @@

AnalysisMessageBase.Type

-code +code string

A 7 character code matching ^IST[0-9]{4}$ intended to uniquely identify @@ -286,7 +286,7 @@

AnalysisMessageWeakSchema.ArgType

-name +name string

Required

@@ -297,7 +297,7 @@

AnalysisMessageWeakSchema.ArgType

-goType +goType string

Required. Should be a golang type, used in code generation. @@ -327,24 +327,24 @@

AnalysisMessageBase.Level

-UNKNOWN +UNKNOWN

invalid, but included for proto compatibility for 0 values

-ERROR +ERROR -WARNING +WARNING -INFO +INFO diff --git a/extensions/v1alpha1/wasm.pb.html b/extensions/v1alpha1/wasm.pb.html index da9d554ea2..785281bf06 100644 --- a/extensions/v1alpha1/wasm.pb.html +++ b/extensions/v1alpha1/wasm.pb.html @@ -183,7 +183,7 @@

WasmPlugin

-selector +selector WorkloadSelector

Criteria used to select the specific set of pods/VMs on which @@ -200,7 +200,7 @@

WasmPlugin

-targetRefs +targetRefs PolicyTargetReference[]

Optional. The targetRefs specifies a list of resources the policy should be @@ -225,7 +225,7 @@

WasmPlugin

-url +url string

URL of a Wasm module or OCI container. If no scheme is present, @@ -240,7 +240,7 @@

WasmPlugin

-sha256 +sha256 string

SHA256 checksum that will be used to verify Wasm module or OCI container. @@ -255,7 +255,7 @@

WasmPlugin

-imagePullPolicy +imagePullPolicy PullPolicy

The pull behaviour to be applied when fetching Wasm module by either @@ -271,7 +271,7 @@

WasmPlugin

-imagePullSecret +imagePullSecret string

Credentials to use for OCI image pulling. @@ -285,7 +285,7 @@

WasmPlugin

-pluginConfig +pluginConfig Struct

The configuration that will be passed on to the plugin.

@@ -296,7 +296,7 @@

WasmPlugin

-pluginName +pluginName string

The plugin name to be used in the Envoy configuration (used to be called @@ -309,7 +309,7 @@

WasmPlugin

-phase +phase PluginPhase

Determines where in the filter chain this WasmPlugin is to be injected.

@@ -320,7 +320,7 @@

WasmPlugin

-priority +priority Int32Value

Determines ordering of WasmPlugins in the same phase. @@ -336,7 +336,7 @@

WasmPlugin

-failStrategy +failStrategy FailStrategy

Specifies the failure behavior for the plugin due to fatal errors.

@@ -347,7 +347,7 @@

WasmPlugin

-vmConfig +vmConfig VmConfig

Configuration for a Wasm VM. @@ -359,7 +359,7 @@

WasmPlugin

-match +match TrafficSelector[]

Specifies the criteria to determine which traffic is passed to WasmPlugin. @@ -372,7 +372,7 @@

WasmPlugin

-type +type PluginType

Specifies the type of Wasm Extension to be used.

@@ -401,7 +401,7 @@

VmConfig

-env +env EnvVar[]

Specifies environment variables to be injected to this VM. @@ -429,7 +429,7 @@

EnvVar

-name +name string

Name of the environment variable. @@ -441,7 +441,7 @@

EnvVar

-valueFrom +valueFrom EnvValueSource

Source for the environment variable’s value.

@@ -452,7 +452,7 @@

EnvVar

-value +value string

Value for the environment variable. @@ -485,7 +485,7 @@

WasmPlugin.TrafficSelector

-mode +mode WorkloadMode

Criteria for selecting traffic by their direction. @@ -500,7 +500,7 @@

WasmPlugin.TrafficSelector

-ports +ports PortSelector[]

Criteria for selecting traffic by their destination port. @@ -545,21 +545,21 @@

PluginType

-UNSPECIFIED_PLUGIN_TYPE +UNSPECIFIED_PLUGIN_TYPE

Defaults to HTTP.

-HTTP +HTTP

Use HTTP Wasm Extension.

-NETWORK +NETWORK

Use Network Wasm Extension.

@@ -581,7 +581,7 @@

PluginPhase

-UNSPECIFIED_PHASE +UNSPECIFIED_PHASE

Control plane decides where to insert the plugin. This will generally be at the end of the filter chain, right before the Router. @@ -590,21 +590,21 @@

PluginPhase

-AUTHN +AUTHN

Insert plugin before Istio authentication filters.

-AUTHZ +AUTHZ

Insert plugin before Istio authorization filters and after Istio authentication filters.

-STATS +STATS

Insert plugin before Istio stats filters and after Istio authorization filters.

@@ -627,7 +627,7 @@

PullPolicy

-UNSPECIFIED_POLICY +UNSPECIFIED_POLICY

Defaults to IfNotPresent, except for OCI images with tag latest, for which the default will be Always.

@@ -635,7 +635,7 @@

PullPolicy

-IfNotPresent +IfNotPresent

If an existing version of the image has been pulled before, that will be used. If no version of the image is present locally, we @@ -644,7 +644,7 @@

PullPolicy

-Always +Always

We will always pull the latest version of an image when changing this plugin. Note that the change includes metadata field as well.

@@ -665,14 +665,14 @@

EnvValueSource

-INLINE +INLINE

Explicitly given key-value pairs to be injected to this VM

-HOST +HOST

Istio-proxy’s environment variables exposed to this VM.

@@ -692,7 +692,7 @@

FailStrategy

-FAIL_CLOSE +FAIL_CLOSE

A fatal error in the binary fetching or during the plugin execution causes all subsequent requests to fail with 5xx.

@@ -700,7 +700,7 @@

FailStrategy

-FAIL_OPEN +FAIL_OPEN

Enables the fail open behavior for the Wasm plugin fatal errors to bypass the plugin execution. A fatal error can be a failure to fetch the remote diff --git a/kubernetes/customresourcedefinitions.gen.yaml b/kubernetes/customresourcedefinitions.gen.yaml index 63389bc3ce..26044e2deb 100644 --- a/kubernetes/customresourcedefinitions.gen.yaml +++ b/kubernetes/customresourcedefinitions.gen.yaml @@ -7341,6 +7341,11 @@ spec: description: The image type of the image. type: string type: object + preserveCase: + description: When true, the original case of HTTP/1.x headers will + be preserved as they pass through the proxy, rather than normalizing + them to lowercase. + type: boolean selector: description: Optional. properties: diff --git a/mesh/v1alpha1/istio.mesh.v1alpha1.pb.html b/mesh/v1alpha1/istio.mesh.v1alpha1.pb.html index 667a280942..4c8634b2b9 100644 --- a/mesh/v1alpha1/istio.mesh.v1alpha1.pb.html +++ b/mesh/v1alpha1/istio.mesh.v1alpha1.pb.html @@ -24,7 +24,7 @@

MeshConfig

-proxyListenPort +proxyListenPort int32

Port on which Envoy should listen for all outbound traffic to other services. @@ -36,7 +36,7 @@

MeshConfig

-proxyInboundListenPort +proxyInboundListenPort int32

Port on which Envoy should listen for all inbound traffic to the pod/vm will be captured to. @@ -48,7 +48,7 @@

MeshConfig

-proxyHttpPort +proxyHttpPort int32

Port on which Envoy should listen for HTTP PROXY requests if set.

@@ -59,7 +59,7 @@

MeshConfig

-connectTimeout +connectTimeout Duration

Connection timeout used by Envoy. (MUST BE >=1ms) @@ -71,7 +71,7 @@

MeshConfig

-tcpKeepalive +tcpKeepalive TcpKeepalive

If set then set SO_KEEPALIVE on the socket to enable TCP Keepalives.

@@ -82,7 +82,7 @@

MeshConfig

-ingressClass +ingressClass string

Class of ingress resources to be processed by Istio ingress @@ -95,7 +95,7 @@

MeshConfig

-ingressService +ingressService string

Name of the Kubernetes service used for the istio ingress controller. @@ -107,7 +107,7 @@

MeshConfig

-ingressControllerMode +ingressControllerMode IngressControllerMode

Defines whether to use Istio ingress controller for annotated or all ingress resources. @@ -119,7 +119,7 @@

MeshConfig

-ingressSelector +ingressSelector string

Defines which gateway deployment to use as the Ingress controller. This field corresponds to @@ -134,7 +134,7 @@

MeshConfig

-enableTracing +enableTracing bool

Flag to control generation of trace spans and request IDs. @@ -146,7 +146,7 @@

MeshConfig

-accessLogFile +accessLogFile string

File address for the proxy access log (e.g. /dev/stdout). @@ -158,7 +158,7 @@

MeshConfig

-accessLogFormat +accessLogFormat string

Format for the proxy access log @@ -170,7 +170,7 @@

MeshConfig

-accessLogEncoding +accessLogEncoding AccessLogEncoding

Encoding for the proxy access log (TEXT or JSON). @@ -182,7 +182,7 @@

MeshConfig

-enableEnvoyAccessLogService +enableEnvoyAccessLogService bool

This flag enables Envoy’s gRPC Access Log Service. @@ -196,7 +196,7 @@

MeshConfig

-disableEnvoyListenerLog +disableEnvoyListenerLog bool

This flag disables Envoy Listener logs. @@ -210,7 +210,7 @@

MeshConfig

-defaultConfig +defaultConfig ProxyConfig

Default proxy config used by gateway and sidecars. @@ -225,7 +225,7 @@

MeshConfig

-outboundTrafficPolicy +outboundTrafficPolicy OutboundTrafficPolicy

Set the default behavior of the sidecar for handling outbound @@ -240,7 +240,7 @@

MeshConfig

-inboundTrafficPolicy +inboundTrafficPolicy InboundTrafficPolicy

Set the default behavior of the sidecar for handling inbound @@ -253,7 +253,7 @@

MeshConfig

-configSources +configSources ConfigSource[]

ConfigSource describes a source of configuration data for networking @@ -266,7 +266,7 @@

MeshConfig

-enableAutoMtls +enableAutoMtls BoolValue

This flag is used to enable mutual TLS automatically for service to service communication @@ -287,7 +287,7 @@

MeshConfig

-trustDomain +trustDomain string

The trust domain corresponds to the trust root of a system. @@ -299,7 +299,7 @@

MeshConfig

-trustDomainAliases +trustDomainAliases string[]

The trust domain aliases represent the aliases of trustDomain. @@ -316,7 +316,7 @@

MeshConfig

-caCertificates +caCertificates CertificateData[]

The extra root certificates for workload-to-workload communication. @@ -330,7 +330,7 @@

MeshConfig

-defaultServiceExportTo +defaultServiceExportTo string[]

The default value for the ServiceEntry.exportTo field and services @@ -361,7 +361,7 @@

MeshConfig

-defaultVirtualServiceExportTo +defaultVirtualServiceExportTo string[]

The default value for the VirtualService.exportTo field. Has the same @@ -375,7 +375,7 @@

MeshConfig

-defaultDestinationRuleExportTo +defaultDestinationRuleExportTo string[]

The default value for the DestinationRule.exportTo field. Has the same @@ -389,7 +389,7 @@

MeshConfig

-rootNamespace +rootNamespace string

The namespace to treat as the administrative root namespace for @@ -406,7 +406,7 @@

MeshConfig

-localityLbSetting +localityLbSetting LocalityLoadBalancerSetting

Locality based load balancing distribution or failover settings. @@ -420,7 +420,7 @@

MeshConfig

-dnsRefreshRate +dnsRefreshRate Duration

Configures DNS refresh rate for Envoy clusters of type STRICT_DNS @@ -432,7 +432,7 @@

MeshConfig

-h2UpgradePolicy +h2UpgradePolicy H2UpgradePolicy

Specify if http1.1 connections should be upgraded to http2 by default. @@ -446,7 +446,7 @@

MeshConfig

-inboundClusterStatName +inboundClusterStatName string

Name to be used while emitting statistics for inbound clusters. The same pattern is used while computing stat prefix for @@ -474,7 +474,7 @@

MeshConfig

-outboundClusterStatName +outboundClusterStatName string

Name to be used while emitting statistics for outbound clusters. The same pattern is used while computing stat prefix for @@ -502,7 +502,7 @@

MeshConfig

-enablePrometheusMerge +enablePrometheusMerge BoolValue

If enabled, Istio agent will merge metrics exposed by the application with metrics from Envoy @@ -521,7 +521,7 @@

MeshConfig

-extensionProviders +extensionProviders ExtensionProvider[]

Defines a list of extension providers that extend Istio’s functionality. For example, the AuthorizationPolicy @@ -533,7 +533,7 @@

MeshConfig

-defaultProviders +defaultProviders DefaultProviders

Specifies extension providers to use by default in Istio configuration resources.

@@ -544,7 +544,7 @@

MeshConfig

-discoverySelectors +discoverySelectors LabelSelector[]

A list of Kubernetes selectors that specify the set of namespaces that Istio considers when @@ -577,7 +577,7 @@

MeshConfig

-pathNormalization +pathNormalization ProxyPathNormalization

ProxyPathNormalization configures how URL paths in incoming and outgoing HTTP requests are @@ -594,7 +594,7 @@

MeshConfig

-defaultHttpRetryPolicy +defaultHttpRetryPolicy HTTPRetry

Configure the default HTTP retry policy. @@ -612,7 +612,7 @@

MeshConfig

-meshMTLS +meshMTLS TLSConfig

The below configuration parameters can be used to specify TLSConfig for mesh traffic. @@ -635,7 +635,7 @@

MeshConfig

-tlsDefaults +tlsDefaults TLSConfig

Configuration of TLS for all traffic except for ISTIO_MUTUAL mode. @@ -667,7 +667,7 @@

LabelSelector

-matchLabels +matchLabels map<string, string>

matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels @@ -680,7 +680,7 @@

LabelSelector

-matchExpressions +matchExpressions LabelSelectorRequirement[]

matchExpressions is a list of label selector requirements. The requirements are ANDed.

@@ -710,7 +710,7 @@

LabelSelectorRequirement

-key +key string

key is the label key that the selector applies to.

@@ -721,7 +721,7 @@

LabelSelectorRequirement

-operator +operator string

operator represents a key’s relationship to a set of values. @@ -733,7 +733,7 @@

LabelSelectorRequirement

-values +values string[]

values is an array of string values. If the operator is In or NotIn, @@ -766,7 +766,7 @@

ConfigSource

-address +address string

Address of the server implementing the Istio Mesh Configuration @@ -780,7 +780,7 @@

ConfigSource

-tlsSettings +tlsSettings ClientTLSSettings

Use the tlsSettings to specify the tls mode to use. If the MCP server @@ -793,7 +793,7 @@

ConfigSource

-subscribedResources +subscribedResources Resource[]

Describes the source of configuration, if nothing is specified default is MCP

@@ -822,7 +822,7 @@

MeshConfig.OutboundTrafficPolicy

-mode +mode Mode @@ -846,7 +846,7 @@

MeshConfig.InboundTrafficPolicy

-mode +mode Mode @@ -870,7 +870,7 @@

MeshConfig.CertificateData

-pem +pem string (oneof)

The PEM data of the certificate.

@@ -881,7 +881,7 @@

MeshConfig.CertificateData

-spiffeBundleUrl +spiffeBundleUrl string (oneof)

The SPIFFE bundle endpoint URL that complies to: @@ -896,7 +896,7 @@

MeshConfig.CertificateData

-certSigners +certSigners string[]

Optional. Specify the kubernetes signers (External CA) that use this trustAnchor @@ -909,7 +909,7 @@

MeshConfig.CertificateData

-trustDomains +trustDomains string[]

Optional. Specify the list of trust domains to which this trustAnchor data belongs. @@ -943,7 +943,7 @@

MeshConfig.CA

-address +address string

REQUIRED. Address of the CA server implementing the Istio CA gRPC API. @@ -956,7 +956,7 @@

MeshConfig.CA

-tlsSettings +tlsSettings ClientTLSSettings

Use the tlsSettings to specify the tls mode to use. @@ -975,7 +975,7 @@

MeshConfig.CA

-requestTimeout +requestTimeout Duration

timeout for forward CSR requests from Istiod to External CA @@ -987,7 +987,7 @@

MeshConfig.CA

-istiodSide +istiodSide bool

Use istiodSide to specify CA Server integrate to Istiod side or Agent side @@ -1014,7 +1014,7 @@

MeshConfig.ExtensionProvider

-name +name string

REQUIRED. A unique name identifying the extension provider.

@@ -1025,7 +1025,7 @@

MeshConfig.ExtensionProvider

-envoyExtAuthzHttp +envoyExtAuthzHttp EnvoyExternalAuthorizationHttpProvider (oneof)

Configures an external authorizer that implements the Envoy ext_authz filter authorization check service using the HTTP API.

@@ -1036,7 +1036,7 @@

MeshConfig.ExtensionProvider

-envoyExtAuthzGrpc +envoyExtAuthzGrpc EnvoyExternalAuthorizationGrpcProvider (oneof)

Configures an external authorizer that implements the Envoy ext_authz filter authorization check service using the gRPC API.

@@ -1047,7 +1047,7 @@

MeshConfig.ExtensionProvider

-zipkin +zipkin ZipkinTracingProvider (oneof)

Configures a tracing provider that uses the Zipkin API.

@@ -1058,7 +1058,7 @@

MeshConfig.ExtensionProvider

-datadog +datadog DatadogTracingProvider (oneof)

Configures a Datadog tracing provider.

@@ -1069,7 +1069,7 @@

MeshConfig.ExtensionProvider

-stackdriver +stackdriver StackdriverProvider (oneof)

Configures a Stackdriver provider.

@@ -1080,7 +1080,7 @@

MeshConfig.ExtensionProvider

-skywalking +skywalking SkyWalkingTracingProvider (oneof)

Configures a Apache SkyWalking provider.

@@ -1091,7 +1091,7 @@

MeshConfig.ExtensionProvider

-opentelemetry +opentelemetry OpenTelemetryTracingProvider (oneof)

Configures an OpenTelemetry tracing provider.

@@ -1102,7 +1102,7 @@

MeshConfig.ExtensionProvider

-prometheus +prometheus PrometheusMetricsProvider (oneof)

Configures a Prometheus metrics provider.

@@ -1113,7 +1113,7 @@

MeshConfig.ExtensionProvider

-envoyFileAccessLog +envoyFileAccessLog EnvoyFileAccessLogProvider (oneof)

Configures an Envoy File Access Log provider.

@@ -1124,7 +1124,7 @@

MeshConfig.ExtensionProvider

-envoyHttpAls +envoyHttpAls EnvoyHttpGrpcV3LogProvider (oneof)

Configures an Envoy Access Logging Service provider for HTTP traffic.

@@ -1135,7 +1135,7 @@

MeshConfig.ExtensionProvider

-envoyTcpAls +envoyTcpAls EnvoyTcpGrpcV3LogProvider (oneof)

Configures an Envoy Access Logging Service provider for TCP traffic.

@@ -1146,7 +1146,7 @@

MeshConfig.ExtensionProvider

-envoyOtelAls +envoyOtelAls EnvoyOpenTelemetryLogProvider (oneof)

Configures an Envoy Open Telemetry Access Logging Service provider.

@@ -1177,7 +1177,7 @@

MeshConfig.DefaultProviders

-tracing +tracing string[]

Name of the default provider(s) for tracing.

@@ -1188,7 +1188,7 @@

MeshConfig.DefaultProviders

-metrics +metrics string[]

Name of the default provider(s) for metrics.

@@ -1199,7 +1199,7 @@

MeshConfig.DefaultProviders

-accessLogging +accessLogging string[]

Name of the default provider(s) for access logging.

@@ -1225,7 +1225,7 @@

MeshConfig.ProxyPathNormalization

-normalization +normalization NormalizationType @@ -1249,7 +1249,7 @@

MeshConfig.TLSConfig

-minProtocolVersion +minProtocolVersion TLSProtocol

Optional: the minimum TLS protocol version. The default minimum @@ -1265,7 +1265,7 @@

MeshConfig.TLSConfig

-ecdhCurves +ecdhCurves string[]

Optional: If specified, the TLS connection will only support the specified ECDH curves for the DH key exchange. @@ -1278,7 +1278,7 @@

MeshConfig.TLSConfig

-cipherSuites +cipherSuites string[]

Optional: If specified, the TLS connection will only support the specified cipher list when negotiating TLS 1.0-1.2. @@ -1314,7 +1314,7 @@

MeshConfig.ServiceSettings.Settings -clusterLocal +clusterLocal bool

If true, specifies that the client and service endpoints must reside in the same cluster. @@ -1355,7 +1355,7 @@

Mesh -maxRequestBytes +maxRequestBytes uint32

Sets the maximum size of a message body that the ext-authz filter will hold in memory. @@ -1370,7 +1370,7 @@

Mesh -allowPartialMessage +allowPartialMessage bool

When this field is true, ext-authz filter will buffer the message until maxRequestBytes is reached. @@ -1384,7 +1384,7 @@

Mesh -packAsBytes +packAsBytes bool

If true, the body sent to the external authorization service in the gRPC authorization request is set with raw bytes @@ -1413,7 +1413,7 @@

Mes -service +service string

REQUIRED. Specifies the service that implements the Envoy ext_authz HTTP authorization service. @@ -1428,7 +1428,7 @@

Mes -port +port uint32

REQUIRED. Specifies the port of the service.

@@ -1439,7 +1439,7 @@

Mes -timeout +timeout Duration

The maximum duration that the proxy will wait for a response from the provider (default timeout: 600s). @@ -1452,7 +1452,7 @@

Mes -pathPrefix +pathPrefix string

Sets a prefix to the value of authorization request header Path. @@ -1465,7 +1465,7 @@

Mes -failOpen +failOpen bool

If true, the user request will be allowed even if the communication with the authorization service has failed, @@ -1478,7 +1478,7 @@

Mes -clearRouteCache +clearRouteCache bool

If true, clears route cache in order to allow the external authorization service to correctly affect routing decisions. @@ -1491,7 +1491,7 @@

Mes -statusOnError +statusOnError string

Sets the HTTP status that is returned to the client when there is a network error to the authorization service. @@ -1503,7 +1503,7 @@

Mes -includeRequestHeadersInCheck +includeRequestHeadersInCheck string[]

List of client request headers that should be included in the authorization request sent to the authorization service. @@ -1529,7 +1529,7 @@

Mes -includeAdditionalHeadersInCheck +includeAdditionalHeadersInCheck map<string, string>

Set of additional fixed headers that should be included in the authorization request sent to the authorization service. @@ -1542,7 +1542,7 @@

Mes -includeRequestBodyInCheck +includeRequestBodyInCheck EnvoyExternalAuthorizationRequestBody

If set, the client request body will be included in the authorization request sent to the authorization service.

@@ -1553,7 +1553,7 @@

Mes -headersToUpstreamOnAllow +headersToUpstreamOnAllow string[]

List of headers from the authorization service that should be added or overridden in the original request and @@ -1575,7 +1575,7 @@

Mes -headersToDownstreamOnDeny +headersToDownstreamOnDeny string[]

List of headers from the authorization service that should be forwarded to downstream when the authorization @@ -1600,7 +1600,7 @@

Mes -headersToDownstreamOnAllow +headersToDownstreamOnAllow string[]

List of headers from the authorization service that should be forwarded to downstream when the authorization @@ -1622,7 +1622,7 @@

Mes -includeHeadersInCheck +includeHeadersInCheck string[]

DEPRECATED. Use includeRequestHeadersInCheck instead.

@@ -1648,7 +1648,7 @@

Mes -service +service string

REQUIRED. Specifies the service that implements the Envoy ext_authz gRPC authorization service. @@ -1663,7 +1663,7 @@

Mes -port +port uint32

REQUIRED. Specifies the port of the service.

@@ -1674,7 +1674,7 @@

Mes -timeout +timeout Duration

The maximum duration that the proxy will wait for a response from the provider, this is the timeout for a specific request (default timeout: 600s). @@ -1687,7 +1687,7 @@

Mes -failOpen +failOpen bool

If true, the HTTP request or TCP connection will be allowed even if the communication with the authorization service has failed, @@ -1700,7 +1700,7 @@

Mes -clearRouteCache +clearRouteCache bool

If true, clears route cache in order to allow the external authorization service to correctly affect routing decisions. @@ -1713,7 +1713,7 @@

Mes -statusOnError +statusOnError string

Sets the HTTP status that is returned to the client when there is a network error to the authorization service. @@ -1725,7 +1725,7 @@

Mes -includeRequestBodyInCheck +includeRequestBodyInCheck EnvoyExternalAuthorizationRequestBody

If set, the client request body will be included in the authorization request sent to the authorization service.

@@ -1753,7 +1753,7 @@

MeshConfig.Extension -service +service string

REQUIRED. Specifies the service that the Zipkin API. @@ -1768,7 +1768,7 @@

MeshConfig.Extension -port +port uint32

REQUIRED. Specifies the port of the service.

@@ -1779,7 +1779,7 @@

MeshConfig.Extension -maxTagLength +maxTagLength uint32

Optional. Controls the overall path length allowed in a reported span. @@ -1791,7 +1791,7 @@

MeshConfig.Extension -enable64bitTraceId +enable64bitTraceId bool

Optional. A 128 bit trace id will be used in Istio. @@ -1803,7 +1803,7 @@

MeshConfig.Extension -path +path string

Optional. Specifies the endpoint of Zipkin API. @@ -1834,7 +1834,7 @@

MeshConfig.Extens -service +service string

REQUIRED. Specifies the service for the Lightstep collector. @@ -1849,7 +1849,7 @@

MeshConfig.Extens -port +port uint32

REQUIRED. Specifies the port of the service.

@@ -1860,7 +1860,7 @@

MeshConfig.Extens -accessToken +accessToken string

The Lightstep access token.

@@ -1871,7 +1871,7 @@

MeshConfig.Extens -maxTagLength +maxTagLength uint32

Optional. Controls the overall path length allowed in a reported span. @@ -1900,7 +1900,7 @@

MeshConfig.Extensio -service +service string

REQUIRED. Specifies the service for the Datadog agent. @@ -1915,7 +1915,7 @@

MeshConfig.Extensio -port +port uint32

REQUIRED. Specifies the port of the service.

@@ -1926,7 +1926,7 @@

MeshConfig.Extensio -maxTagLength +maxTagLength uint32

Optional. Controls the overall path length allowed in a reported span. @@ -1955,7 +1955,7 @@

MeshConfig.Exten -service +service string

REQUIRED. Specifies the service for the SkyWalking receiver. @@ -1970,7 +1970,7 @@

MeshConfig.Exten -port +port uint32

REQUIRED. Specifies the port of the service.

@@ -1981,7 +1981,7 @@

MeshConfig.Exten -accessToken +accessToken string

Optional. The SkyWalking OAP access token.

@@ -2012,7 +2012,7 @@

MeshConfig.ExtensionPr -maxTagLength +maxTagLength uint32

Optional. Controls the overall path length allowed in a reported span. @@ -2024,7 +2024,7 @@

MeshConfig.ExtensionPr -logging +logging Logging

Optional. Controls Stackdriver logging behavior.

@@ -2059,7 +2059,7 @@

MeshConfig. -service +service string

REQUIRED. Specifies the service for the OpenCensusAgent. @@ -2074,7 +2074,7 @@

MeshConfig. -port +port uint32

REQUIRED. Specifies the port of the service.

@@ -2085,7 +2085,7 @@

MeshConfig. -context +context TraceContext[]

Specifies the set of context propagation headers used for distributed @@ -2099,7 +2099,7 @@

MeshConfig. -maxTagLength +maxTagLength uint32

Optional. Controls the overall path length allowed in a reported span. @@ -2132,7 +2132,7 @@

MeshConfig.Exte -path +path string

Path to a local file to write the access log entries. @@ -2145,7 +2145,7 @@

MeshConfig.Exte -logFormat +logFormat LogFormat

Optional. Allows overriding of the default access log format.

@@ -2174,7 +2174,7 @@

MeshConfig.Exte -service +service string

REQUIRED. Specifies the service that implements the Envoy ALS gRPC authorization service. @@ -2189,7 +2189,7 @@

MeshConfig.Exte -port +port uint32

REQUIRED. Specifies the port of the service.

@@ -2200,7 +2200,7 @@

MeshConfig.Exte -logName +logName string

Optional. The friendly name of the access log. @@ -2216,7 +2216,7 @@

MeshConfig.Exte -filterStateObjectsToLog +filterStateObjectsToLog string[]

Optional. Additional filter state objects to log.

@@ -2227,7 +2227,7 @@

MeshConfig.Exte -additionalRequestHeadersToLog +additionalRequestHeadersToLog string[]

Optional. Additional request headers to log.

@@ -2238,7 +2238,7 @@

MeshConfig.Exte -additionalResponseHeadersToLog +additionalResponseHeadersToLog string[]

Optional. Additional response headers to log.

@@ -2249,7 +2249,7 @@

MeshConfig.Exte -additionalResponseTrailersToLog +additionalResponseTrailersToLog string[]

Optional. Additional response trailers to log.

@@ -2278,7 +2278,7 @@

MeshConfig.Exten -service +service string

REQUIRED. Specifies the service that implements the Envoy ALS gRPC authorization service. @@ -2293,7 +2293,7 @@

MeshConfig.Exten -port +port uint32

REQUIRED. Specifies the port of the service.

@@ -2304,7 +2304,7 @@

MeshConfig.Exten -logName +logName string

Optional. The friendly name of the access log. @@ -2320,7 +2320,7 @@

MeshConfig.Exten -filterStateObjectsToLog +filterStateObjectsToLog string[]

Optional. Additional filter state objects to log.

@@ -2348,7 +2348,7 @@

MeshConfig.E -service +service string

REQUIRED. Specifies the service that implements the Envoy ALS gRPC authorization service. @@ -2363,7 +2363,7 @@

MeshConfig.E -port +port uint32

REQUIRED. Specifies the port of the service.

@@ -2374,7 +2374,7 @@

MeshConfig.E -logName +logName string

Optional. The friendly name of the access log. @@ -2389,7 +2389,7 @@

MeshConfig.E -logFormat +logFormat LogFormat

Optional. Format for the proxy access log @@ -2418,7 +2418,7 @@

MeshConfig.Ex -service +service string

REQUIRED. Specifies the OpenTelemetry endpoint that will receive OTLP traces. @@ -2433,7 +2433,7 @@

MeshConfig.Ex -port +port uint32

REQUIRED. Specifies the port of the service.

@@ -2444,7 +2444,7 @@

MeshConfig.Ex -maxTagLength +maxTagLength uint32

Optional. Controls the overall path length allowed in a reported span. @@ -2456,7 +2456,7 @@

MeshConfig.Ex -http +http HttpService

Optional. Specifies the configuration for exporting OTLP traces via HTTP. @@ -2513,7 +2513,7 @@

MeshConfig.Ex -grpc +grpc GrpcService

Optional. Specifies the configuration for exporting OTLP traces via GRPC. @@ -2557,7 +2557,7 @@

MeshConfig.Ex -resourceDetectors +resourceDetectors ResourceDetectors

Optional. Specifies Resource Detectors @@ -2579,7 +2579,7 @@

MeshConfig.Ex -dynatraceSampler +dynatraceSampler DynatraceSampler (oneof)

The Dynatrace adaptive traffic management (ATM) sampler.

@@ -2624,7 +2624,7 @@

MeshConfig.ExtensionProvider.H -path +path string

REQUIRED. Specifies the path on the service.

@@ -2635,7 +2635,7 @@

MeshConfig.ExtensionProvider.H -timeout +timeout Duration

Optional. Specifies the timeout for the HTTP request. @@ -2647,7 +2647,7 @@

MeshConfig.ExtensionProvider.H -headers +headers HttpHeader[]

Optional. Allows specifying custom HTTP headers that will be added @@ -2674,7 +2674,7 @@

MeshConfig.ExtensionProvider.Ht -name +name string

REQUIRED. The HTTP header name.

@@ -2685,7 +2685,7 @@

MeshConfig.ExtensionProvider.Ht -value +value string

REQUIRED. The HTTP header value.

@@ -2711,7 +2711,7 @@

MeshConfig.ExtensionProv -environment +environment EnvironmentResourceDetector @@ -2720,7 +2720,7 @@

MeshConfig.ExtensionProv -dynatrace +dynatrace DynatraceResourceDetector @@ -2747,7 +2747,7 @@

MeshConfig.ExtensionProvider.G -timeout +timeout Duration

Optional. Specifies the timeout for the GRPC request.

@@ -2758,7 +2758,7 @@

MeshConfig.ExtensionProvider.G -initialMetadata +initialMetadata HttpHeader[]

Optional. Additional metadata to include in streams initiated to the GrpcService. This can be used for @@ -2786,7 +2786,7 @@

MeshConfig.Ext -labels +labels map<string, string>

Collection of tag names and tag expressions to include in the log @@ -2818,7 +2818,7 @@

MeshC -text +text string (oneof)

Textual format for the envoy access logs. Envoy command operators may be @@ -2833,7 +2833,7 @@

MeshC -labels +labels Struct (oneof)

JSON structured format for the envoy access logs. Envoy command operators @@ -2869,7 +2869,7 @@

Me -text +text string

Textual format for the envoy access logs. Envoy command operators may be @@ -2884,7 +2884,7 @@

Me -labels +labels Struct

Optional. Additional attributes that describe the specific event occurrence. @@ -2921,7 +2921,7 @@

-tenant +tenant string

REQUIRED. The Dynatrace customer’s tenant identifier.

@@ -2933,7 +2933,7 @@

-clusterId +clusterId int32

REQUIRED. The identifier of the cluster in the Dynatrace platform. @@ -2946,7 +2946,7 @@

-rootSpansPerMinute +rootSpansPerMinute uint32

Optional. Number of sampled spans per minute to be used @@ -2963,7 +2963,7 @@

-httpService +httpService DynatraceApi

Optional. Dynatrace HTTP API to obtain sampling configuration.

@@ -2991,7 +2991,7 @@

-service +service string

REQUIRED. Specifies the Dynatrace environment to obtain the sampling configuration. @@ -3005,7 +3005,7 @@

-port +port uint32

REQUIRED. Specifies the port of the service.

@@ -3016,7 +3016,7 @@

-http +http HttpService

REQUIRED. Specifies sampling configuration URI.

@@ -3060,7 +3060,7 @@

Tracing

-zipkin +zipkin Zipkin (oneof)

Use a Zipkin tracer.

@@ -3071,7 +3071,7 @@

Tracing

-lightstep +lightstep Lightstep (oneof)

Use a Lightstep tracer. @@ -3084,7 +3084,7 @@

Tracing

-datadog +datadog Datadog (oneof)

Use a Datadog tracer.

@@ -3095,7 +3095,7 @@

Tracing

-stackdriver +stackdriver Stackdriver (oneof)

Use a Stackdriver tracer.

@@ -3106,7 +3106,7 @@

Tracing

-openCensusAgent +openCensusAgent OpenCensusAgent (oneof)

Use an OpenCensus tracer exporting to an OpenCensus agent.

@@ -3117,7 +3117,7 @@

Tracing

-sampling +sampling double

The percentage of requests (0.0 - 100.0) that will be randomly selected for trace generation, @@ -3129,7 +3129,7 @@

Tracing

-tlsSettings +tlsSettings ClientTLSSettings

Use the tlsSettings to specify the tls mode to use. If the remote tracing service @@ -3142,7 +3142,7 @@

Tracing

-enableIstioTags +enableIstioTags BoolValue

Determines whether or not trace spans generated by Envoy will include Istio specific tags. @@ -3174,7 +3174,7 @@

Topology

-numTrustedProxies +numTrustedProxies uint32

Number of trusted proxies deployed in front of the Istio gateway proxy. @@ -3198,7 +3198,7 @@

Topology

-forwardClientCertDetails +forwardClientCertDetails ForwardClientCertDetails

Configures how the gateway proxy handles x-forwarded-client-cert (XFCC) @@ -3210,7 +3210,7 @@

Topology

-proxyProtocol +proxyProtocol ProxyProtocolConfiguration

Enables PROXY protocol for @@ -3240,7 +3240,7 @@

PrivateKeyProvider

-cryptomb +cryptomb CryptoMb (oneof)

Use CryptoMb private key provider

@@ -3251,7 +3251,7 @@

PrivateKeyProvider

-qat +qat QAT (oneof)

Use QAT private key provider

@@ -3295,7 +3295,7 @@

ProxyConfig

-configPath +configPath string

Path to the generated configuration file directory. @@ -3307,7 +3307,7 @@

ProxyConfig

-binaryPath +binaryPath string

Path to the proxy binary

@@ -3318,7 +3318,7 @@

ProxyConfig

-serviceCluster +serviceCluster string (oneof)

Service cluster defines the name for the service_cluster that is @@ -3340,7 +3340,7 @@

ProxyConfig

-tracingServiceName +tracingServiceName TracingServiceName (oneof)

Used by Envoy proxies to assign the values for the service names in trace @@ -3352,7 +3352,7 @@

ProxyConfig

-drainDuration +drainDuration Duration

The time in seconds that Envoy will drain connections during a hot @@ -3365,7 +3365,7 @@

ProxyConfig

-discoveryAddress +discoveryAddress string

Address of the discovery service exposing xDS with mTLS connection. @@ -3377,7 +3377,7 @@

ProxyConfig

-statsdUdpAddress +statsdUdpAddress string

IP Address and Port of a statsd UDP listener (e.g. 10.75.241.127:9125).

@@ -3388,7 +3388,7 @@

ProxyConfig

-proxyAdminPort +proxyAdminPort int32

Port on which Envoy should listen for administrative commands. @@ -3400,7 +3400,7 @@

ProxyConfig

-controlPlaneAuthPolicy +controlPlaneAuthPolicy AuthenticationPolicy

AuthenticationPolicy defines how the proxy is authenticated when it connects to the control plane. @@ -3412,7 +3412,7 @@

ProxyConfig

-customConfigFile +customConfigFile string

File path of custom proxy configuration, currently used by proxies @@ -3424,7 +3424,7 @@

ProxyConfig

-statNameLength +statNameLength int32

Maximum length of name field in Envoy’s metrics. The length of the name field @@ -3439,7 +3439,7 @@

ProxyConfig

-concurrency +concurrency Int32Value

The number of worker threads to run. @@ -3453,7 +3453,7 @@

ProxyConfig

-proxyBootstrapTemplatePath +proxyBootstrapTemplatePath string

Path to the proxy bootstrap template file

@@ -3464,7 +3464,7 @@

ProxyConfig

-interceptionMode +interceptionMode InboundInterceptionMode

The mode used to redirect inbound traffic to Envoy.

@@ -3475,7 +3475,7 @@

ProxyConfig

-tracing +tracing Tracing

Tracing configuration to be used by the proxy.

@@ -3486,7 +3486,7 @@

ProxyConfig

-envoyAccessLogService +envoyAccessLogService RemoteService

Address of the service to which access logs from Envoys should be @@ -3500,7 +3500,7 @@

ProxyConfig

-envoyMetricsService +envoyMetricsService RemoteService

Address of the Envoy Metrics Service implementation (e.g. metrics-service:15000). @@ -3513,7 +3513,7 @@

ProxyConfig

-proxyMetadata +proxyMetadata map<string, string>

Additional environment variables for the proxy. @@ -3525,7 +3525,7 @@

ProxyConfig

-runtimeValues +runtimeValues map<string, string>

Envoy runtime configuration to set during bootstrapping. @@ -3537,7 +3537,7 @@

ProxyConfig

-statusPort +statusPort int32

Port on which the agent should listen for administrative commands such as readiness probe. @@ -3549,7 +3549,7 @@

ProxyConfig

-extraStatTags +extraStatTags string[]

An additional list of tags to extract from the in-proxy Istio telemetry. These extra tags can be @@ -3564,7 +3564,7 @@

ProxyConfig

-gatewayTopology +gatewayTopology Topology

Topology encapsulates the configuration which describes where the proxy is @@ -3579,7 +3579,7 @@

ProxyConfig

-terminationDrainDuration +terminationDrainDuration Duration

The amount of time allowed for connections to complete on proxy shutdown. @@ -3594,7 +3594,7 @@

ProxyConfig

-meshId +meshId string

The unique identifier for the service mesh @@ -3607,7 +3607,7 @@

ProxyConfig

-readinessProbe +readinessProbe ReadinessProbe

VM Health Checking readiness probe. This health check config exactly mirrors the @@ -3620,7 +3620,7 @@

ProxyConfig

-proxyStatsMatcher +proxyStatsMatcher ProxyStatsMatcher

Proxy stats matcher defines configuration for reporting custom Envoy stats. @@ -3652,7 +3652,7 @@

ProxyConfig

-holdApplicationUntilProxyStarts +holdApplicationUntilProxyStarts BoolValue

Boolean flag for enabling/disabling the holdApplicationUntilProxyStarts behavior. @@ -3666,7 +3666,7 @@

ProxyConfig

-caCertificatesPem +caCertificatesPem string[]

The PEM data of the extra root certificates for workload-to-workload communication. @@ -3680,18 +3680,37 @@

ProxyConfig

-image +image ProxyImage

Specifies the details of the proxy image.

+ + +No + + + +preserveCase +bool + +

When true, the original case of HTTP/1.x headers will be preserved +as they pass through the proxy, rather than normalizing them to lowercase. +This field is particularly useful for applications that require case-sensitive +headers for interoperability with downstream systems or APIs that expect specific +casing. +The preserve_case option only applies to HTTP/1.x traffic, as HTTP/2 requires all headers +to be lowercase per the protocol specification. Envoy will ignore this field for HTTP/2 +requests and automatically normalize headers to lowercase, ensuring compliance with HTTP/2 +standards.

+ No -privateKeyProvider +privateKeyProvider PrivateKeyProvider

Specifies the details of the Private Key Provider configuration for gateway and sidecar proxies.

@@ -3702,7 +3721,7 @@

ProxyConfig

-proxyHeaders +proxyHeaders ProxyHeaders

Define the set of headers to add/modify for HTTP request/responses.

@@ -3737,7 +3756,7 @@

ProxyConfig

-zipkinAddress +zipkinAddress string

Address of the Zipkin service (e.g. zipkin:9411). @@ -3764,7 +3783,7 @@

RemoteService

-address +address string

Address of a remove service used for various purposes (access log @@ -3777,7 +3796,7 @@

RemoteService

-tlsSettings +tlsSettings ClientTLSSettings

Use the tlsSettings to specify the tls mode to use. If the remote service @@ -3790,7 +3809,7 @@

RemoteService

-tcpKeepalive +tcpKeepalive TcpKeepalive

If set then set SO_KEEPALIVE on the socket to enable TCP Keepalives.

@@ -3818,7 +3837,7 @@

Tracing.Zipkin

-address +address string

Address of the Zipkin service (e.g. zipkin:9411).

@@ -3846,7 +3865,7 @@

Tracing.Datadog

-address +address string

Address of the Datadog Agent.

@@ -3899,7 +3918,7 @@

Tracing.OpenCensusAgent

-address +address string

gRPC address for the OpenCensus agent (e.g. dns://authority/host:port or @@ -3913,7 +3932,7 @@

Tracing.OpenCensusAgent

-context +context TraceContext[]

Specifies the set of context propagation headers used for distributed @@ -3949,7 +3968,7 @@

PrivateKeyProvider.CryptoMb

-pollDelay +pollDelay Duration

How long to wait until the per-thread processing queue should be processed. If the processing queue @@ -3965,7 +3984,7 @@

PrivateKeyProvider.CryptoMb

-fallback +fallback BoolValue

If the private key provider isn’t available (eg. the required hardware capability doesn’t existed) @@ -3995,7 +4014,7 @@

PrivateKeyProvider.QAT

-pollDelay +pollDelay Duration

How long to wait before polling the hardware accelerator after a request has been submitted there. @@ -4009,7 +4028,7 @@

PrivateKeyProvider.QAT

-fallback +fallback BoolValue

If the private key provider isn’t available (eg. the required hardware capability doesn’t existed) @@ -4040,7 +4059,7 @@

ProxyConfig.ProxyStatsMatcher

-inclusionPrefixes +inclusionPrefixes string[]

Proxy stats name prefix matcher for inclusion.

@@ -4051,7 +4070,7 @@

ProxyConfig.ProxyStatsMatcher

-inclusionSuffixes +inclusionSuffixes string[]

Proxy stats name suffix matcher for inclusion.

@@ -4062,7 +4081,7 @@

ProxyConfig.ProxyStatsMatcher

-inclusionRegexps +inclusionRegexps string[]

Proxy stats name regexps matcher for inclusion.

@@ -4088,7 +4107,7 @@

ProxyConfig.ProxyHeaders

-forwardedClientCert +forwardedClientCert ForwardClientCertDetails

Controls the X-Forwarded-Client-Cert header for inbound sidecar requests. To set this on gateways, use the Topology setting. @@ -4101,7 +4120,7 @@

ProxyConfig.ProxyHeaders

-setCurrentClientCertDetails +setCurrentClientCertDetails SetCurrentClientCertDetails

This field is valid only when forward_client_cert_details is APPEND_FORWARD or SANITIZE_SET @@ -4115,7 +4134,7 @@

ProxyConfig.ProxyHeaders

-requestId +requestId RequestId

Controls the X-Request-Id header. If enabled, a request ID is generated for each request if one is not already set. @@ -4130,7 +4149,7 @@

ProxyConfig.ProxyHeaders

-server +server Server

Controls the server header. If enabled, the Server: istio-envoy header is set in response headers for inbound traffic (including gateways). @@ -4142,7 +4161,7 @@

ProxyConfig.ProxyHeaders

-attemptCount +attemptCount AttemptCount

Controls the X-Envoy-Attempt-Count header. @@ -4156,7 +4175,7 @@

ProxyConfig.ProxyHeaders

-envoyDebugHeaders +envoyDebugHeaders EnvoyDebugHeaders

Controls various X-Envoy-* headers, such as X-Envoy-Overloaded and X-Envoy-Upstream-Service-Time. If enabled, @@ -4171,7 +4190,7 @@

ProxyConfig.ProxyHeaders

-metadataExchangeHeaders +metadataExchangeHeaders MetadataExchangeHeaders

Controls Istio metadata exchange headers X-Envoy-Peer-Metadata and X-Envoy-Peer-Metadata-Id. @@ -4199,7 +4218,7 @@

ProxyConfig.ProxyHeaders.Server

-disabled +disabled BoolValue @@ -4208,7 +4227,7 @@

ProxyConfig.ProxyHeaders.Server

-value +value string

If set, and the server header is enabled, this value will be set as the server header. By default, istio-envoy will be used.

@@ -4234,7 +4253,7 @@

ProxyConfig.ProxyHeaders.RequestId -disabled +disabled BoolValue @@ -4258,7 +4277,7 @@

ProxyConfig.ProxyHeaders.AttemptC -disabled +disabled BoolValue @@ -4282,7 +4301,7 @@

ProxyConfig.ProxyHeaders.Env -disabled +disabled BoolValue @@ -4306,7 +4325,7 @@

ProxyConfig.ProxyHeade -mode +mode MetadataExchangeMode @@ -4330,7 +4349,7 @@

ProxyConfig.ProxyH -subject +subject BoolValue

Whether to forward the subject of the client cert. Defaults to true.

@@ -4341,7 +4360,7 @@

ProxyConfig.ProxyH -cert +cert BoolValue

Whether to forward the entire client cert in URL encoded PEM format. This will appear in the @@ -4354,7 +4373,7 @@

ProxyConfig.ProxyH -chain +chain BoolValue

Whether to forward the entire client cert chain (including the leaf cert) in URL encoded PEM @@ -4368,7 +4387,7 @@

ProxyConfig.ProxyH -dns +dns BoolValue

Whether to forward the DNS type Subject Alternative Names of the client cert. @@ -4380,7 +4399,7 @@

ProxyConfig.ProxyH -uri +uri BoolValue

Whether to forward the URI type Subject Alternative Name of the client cert. Defaults to @@ -4413,7 +4432,7 @@

Network

-endpoints +endpoints NetworkEndpoints[]

The list of endpoints in the network (obtained through the @@ -4426,7 +4445,7 @@

Network

-gateways +gateways IstioNetworkGateway[]

Set of gateways associated with the network.

@@ -4469,7 +4488,7 @@

MeshNetworks

-networks +networks map<string, Network>

The set of networks inside this mesh. Each network should @@ -4519,7 +4538,7 @@

Network.NetworkEndpoints

-fromCidr +fromCidr string (oneof)

A CIDR range for the set of endpoints in this network. The CIDR @@ -4531,7 +4550,7 @@

Network.NetworkEndpoints

-fromRegistry +fromRegistry string (oneof)

Add all endpoints from the specified registry into this network. @@ -4564,7 +4583,7 @@

Network.IstioNetworkGateway

-registryServiceName +registryServiceName string (oneof)

A fully qualified domain name of the gateway service. Pilot will @@ -4581,7 +4600,7 @@

Network.IstioNetworkGateway

-address +address string (oneof)

IP address or externally resolvable DNS address associated with the gateway.

@@ -4592,7 +4611,7 @@

Network.IstioNetworkGateway

-port +port uint32

The port associated with the gateway.

@@ -4603,7 +4622,7 @@

Network.IstioNetworkGateway

-locality +locality string

The locality associated with an explicitly specified gateway (i.e. ip)

@@ -4627,7 +4646,7 @@

MeshConfig.OutboundTrafficPolicy. -REGISTRY_ONLY +REGISTRY_ONLY

In REGISTRY_ONLY mode, unknown outbound traffic will be dropped. Traffic destinations must be explicitly declared into the service registry through ServiceEntry configurations.

@@ -4638,7 +4657,7 @@

MeshConfig.OutboundTrafficPolicy. -ALLOW_ANY +ALLOW_ANY

In ALLOW_ANY mode, any traffic to unknown destinations will be allowed. Unknown destination traffic will have limited functionality, however, such as reduced observability. @@ -4661,7 +4680,7 @@

MeshConfig.InboundTrafficPolicy.Mo -PASSTHROUGH +PASSTHROUGH

inbound traffic will be passed through to the destination listening on Pod IP. This matches the behavior without Istio enabled at all @@ -4670,7 +4689,7 @@

MeshConfig.InboundTrafficPolicy.Mo -LOCALHOST +LOCALHOST

inbound traffic will be sent to the destinations listening on localhost.

@@ -4693,7 +4712,7 @@

-W3C_TRACE_CONTEXT +W3C_TRACE_CONTEXT

Use W3C Trace Context propagation using the traceparent HTTP header. See the @@ -4702,14 +4721,14 @@

-GRPC_BIN +GRPC_BIN

Use gRPC binary context propagation using the grpc-trace-bin http header.

-CLOUD_TRACE_CONTEXT +CLOUD_TRACE_CONTEXT

Use Cloud Trace context propagation using the X-Cloud-Trace-Context http header.

@@ -4717,7 +4736,7 @@

-B3 +B3

Use multi-header B3 context propagation using the X-B3-TraceId, X-B3-SpanId, and X-B3-Sampled HTTP headers. See @@ -4740,21 +4759,21 @@

MeshConfig.ProxyPat -DEFAULT +DEFAULT

Apply default normalizations. Currently, this is BASE.

-NONE +NONE

No normalization, paths are used as is.

-BASE +BASE

Normalize according to RFC 3986. For Envoy proxies, this is the normalize_path option. @@ -4763,7 +4782,7 @@

MeshConfig.ProxyPat -MERGE_SLASHES +MERGE_SLASHES

In addition to the BASE normalization, consecutive slashes are also merged. For example, /a//b normalizes to a/b.

@@ -4771,7 +4790,7 @@

MeshConfig.ProxyPat -DECODE_AND_MERGE_SLASHES +DECODE_AND_MERGE_SLASHES

In addition to normalization in MERGE_SLASHES, slash characters are UTF-8 decoded (case insensitive) prior to merging. This means %2F, %2f, %5C, and %5c sequences in the request path will be rewritten to / or \. @@ -4795,21 +4814,21 @@

MeshConfig.TLSConfig.TLSProtocol

-TLS_AUTO +TLS_AUTO

Automatically choose the optimal TLS version.

-TLSV1_2 +TLSV1_2

TLS version 1.2

-TLSV1_3 +TLSV1_3

TLS version 1.3

@@ -4829,21 +4848,21 @@

MeshConfig.IngressControllerMode

-UNSPECIFIED +UNSPECIFIED

Unspecified Istio ingress controller.

-OFF +OFF

Disables Istio ingress controller.

-DEFAULT +DEFAULT

Istio ingress controller will act on ingress resources that do not contain any annotation or whose annotations match the value @@ -4854,7 +4873,7 @@

MeshConfig.IngressControllerMode

-STRICT +STRICT

Istio ingress controller will only act on ingress resources whose annotations match the value specified in the ingressClass parameter @@ -4878,14 +4897,14 @@

MeshConfig.AccessLogEncoding

-TEXT +TEXT

text encoding for the proxy access log

-JSON +JSON

json encoding for the proxy access log

@@ -4907,14 +4926,14 @@

MeshConfig.H2UpgradePolicy

-DO_NOT_UPGRADE +DO_NOT_UPGRADE

Do not upgrade connections to http2.

-UPGRADE +UPGRADE

Upgrade the connections to http2.

@@ -4936,7 +4955,7 @@

Resource

-SERVICE_REGISTRY +SERVICE_REGISTRY

Set to only receive service entries that are generated by the platform. These auto generated service entries are combination of services and endpoints @@ -4961,7 +4980,7 @@

Tracing.OpenCensusAgent.TraceConte -W3C_TRACE_CONTEXT +W3C_TRACE_CONTEXT

Use W3C Trace Context propagation using the traceparent HTTP header. See the @@ -4970,14 +4989,14 @@

Tracing.OpenCensusAgent.TraceConte -GRPC_BIN +GRPC_BIN

Use gRPC binary context propagation using the grpc-trace-bin http header.

-CLOUD_TRACE_CONTEXT +CLOUD_TRACE_CONTEXT

Use Cloud Trace context propagation using the X-Cloud-Trace-Context http header.

@@ -4985,7 +5004,7 @@

Tracing.OpenCensusAgent.TraceConte -B3 +B3

Use multi-header B3 context propagation using the X-B3-TraceId, X-B3-SpanId, and X-B3-Sampled HTTP headers. See @@ -5008,14 +5027,14 @@

ProxyConfig.ProxyHeaders. -UNDEFINED +UNDEFINED

Existing Istio behavior for the metadata exchange headers is unchanged.

-IN_MESH +IN_MESH

Only append the istio metadata exchange headers for services considered in-mesh. Traffic is considered in-mesh if it is secured with Istio mutual TLS. This means that MESH_EXTERNAL services, unmatched passthrough traffic, and requests to workloads without Istio enabled will be considered out of mesh.

@@ -5040,7 +5059,7 @@

ProxyConfig.TracingServiceName

-APP_LABEL_AND_NAMESPACE +APP_LABEL_AND_NAMESPACE

Default scheme. Uses the app label and workload namespace to construct a cluster name. If the app label does not exist istio-proxy is used.

@@ -5048,14 +5067,14 @@

ProxyConfig.TracingServiceName

-CANONICAL_NAME_ONLY +CANONICAL_NAME_ONLY

Uses the canonical name for a workload (excluding namespace).

-CANONICAL_NAME_AND_NAMESPACE +CANONICAL_NAME_AND_NAMESPACE

Uses the canonical name and namespace for a workload.

@@ -5079,7 +5098,7 @@

ProxyConfig.InboundInterceptionMode -REDIRECT +REDIRECT

The REDIRECT mode uses iptables REDIRECT to NAT and redirect to Envoy. This mode loses source IP addresses during redirection. This is the default redirection mode.

@@ -5087,7 +5106,7 @@

ProxyConfig.InboundInterceptionMode -TPROXY +TPROXY

The TPROXY mode uses iptables TPROXY to redirect to Envoy. This mode preserves both the source and destination IP addresses and ports, so that they can be used for advanced @@ -5097,7 +5116,7 @@

ProxyConfig.InboundInterceptionMode -NONE +NONE

The NONE mode does not configure redirect to Envoy at all. This is an advanced configuration that typically requires changes to user applications.

@@ -5122,21 +5141,21 @@

AuthenticationPolicy

-NONE +NONE

Do not encrypt proxy to control plane traffic.

-MUTUAL_TLS +MUTUAL_TLS

Proxy to control plane traffic is wrapped into mutual TLS connections.

-INHERIT +INHERIT

Use the policy defined by the parent scope. Should not be used for mesh policy.

@@ -5162,21 +5181,21 @@

ForwardClientCertDetails

-UNDEFINED +UNDEFINED

Field is not set

-SANITIZE +SANITIZE

Do not send the XFCC header to the next hop.

-FORWARD_ONLY +FORWARD_ONLY

When the client connection is mTLS (Mutual TLS), forward the XFCC header in the request.

@@ -5184,7 +5203,7 @@

ForwardClientCertDetails

-APPEND_FORWARD +APPEND_FORWARD

When the client connection is mTLS, append the client certificate information to the request’s XFCC header and forward it. This is the default value for sidecar proxies.

@@ -5192,7 +5211,7 @@

ForwardClientCertDetails

-SANITIZE_SET +SANITIZE_SET

When the client connection is mTLS, reset the XFCC header with the client certificate information and send it to the next hop. This is the default value for gateway proxies.

@@ -5200,7 +5219,7 @@

ForwardClientCertDetails

-ALWAYS_FORWARD_ONLY +ALWAYS_FORWARD_ONLY

Always forward the XFCC header in the request, regardless of whether the client connection is mTLS.

diff --git a/mesh/v1alpha1/proxy.pb.go b/mesh/v1alpha1/proxy.pb.go index ee4c84433a..3cac04da9d 100644 --- a/mesh/v1alpha1/proxy.pb.go +++ b/mesh/v1alpha1/proxy.pb.go @@ -1006,6 +1006,16 @@ type ProxyConfig struct { CaCertificatesPem []string `protobuf:"bytes,34,rep,name=ca_certificates_pem,json=caCertificatesPem,proto3" json:"ca_certificates_pem,omitempty"` // Specifies the details of the proxy image. Image *v1beta1.ProxyImage `protobuf:"bytes,35,opt,name=image,proto3" json:"image,omitempty"` + // When true, the original case of HTTP/1.x headers will be preserved + // as they pass through the proxy, rather than normalizing them to lowercase. + // This field is particularly useful for applications that require case-sensitive + // headers for interoperability with downstream systems or APIs that expect specific + // casing. + // The preserve_case option only applies to HTTP/1.x traffic, as HTTP/2 requires all headers + // to be lowercase per the protocol specification. Envoy will ignore this field for HTTP/2 + // requests and automatically normalize headers to lowercase, ensuring compliance with HTTP/2 + // standards. + PreserveCase bool `protobuf:"varint,40,opt,name=preserve_case,json=preserveCase,proto3" json:"preserve_case,omitempty"` // Specifies the details of the Private Key Provider configuration for gateway and sidecar proxies. PrivateKeyProvider *PrivateKeyProvider `protobuf:"bytes,38,opt,name=private_key_provider,json=privateKeyProvider,proto3" json:"private_key_provider,omitempty"` // Define the set of headers to add/modify for HTTP request/responses. @@ -1327,6 +1337,13 @@ func (x *ProxyConfig) GetImage() *v1beta1.ProxyImage { return nil } +func (x *ProxyConfig) GetPreserveCase() bool { + if x != nil { + return x.PreserveCase + } + return false +} + func (x *ProxyConfig) GetPrivateKeyProvider() *PrivateKeyProvider { if x != nil { return x.PrivateKeyProvider @@ -2866,7 +2883,7 @@ var file_mesh_v1alpha1_proxy_proto_rawDesc = []byte{ 0x63, 0x6b, 0x18, 0x02, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x1a, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2e, 0x42, 0x6f, 0x6f, 0x6c, 0x56, 0x61, 0x6c, 0x75, 0x65, 0x52, 0x08, 0x66, 0x61, 0x6c, 0x6c, 0x62, 0x61, 0x63, 0x6b, 0x42, 0x0a, - 0x0a, 0x08, 0x70, 0x72, 0x6f, 0x76, 0x69, 0x64, 0x65, 0x72, 0x22, 0xea, 0x22, 0x0a, 0x0b, 0x50, + 0x0a, 0x08, 0x70, 0x72, 0x6f, 0x76, 0x69, 0x64, 0x65, 0x72, 0x22, 0x8f, 0x23, 0x0a, 0x0b, 0x50, 0x72, 0x6f, 0x78, 0x79, 0x43, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x12, 0x1f, 0x0a, 0x0b, 0x63, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x5f, 0x70, 0x61, 0x74, 0x68, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x0a, 0x63, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x50, 0x61, 0x74, 0x68, 0x12, 0x1f, 0x0a, 0x0b, 0x62, @@ -3006,176 +3023,178 @@ var file_mesh_v1alpha1_proxy_proto_rawDesc = []byte{ 0x01, 0x28, 0x0b, 0x32, 0x24, 0x2e, 0x69, 0x73, 0x74, 0x69, 0x6f, 0x2e, 0x6e, 0x65, 0x74, 0x77, 0x6f, 0x72, 0x6b, 0x69, 0x6e, 0x67, 0x2e, 0x76, 0x31, 0x62, 0x65, 0x74, 0x61, 0x31, 0x2e, 0x50, 0x72, 0x6f, 0x78, 0x79, 0x49, 0x6d, 0x61, 0x67, 0x65, 0x52, 0x05, 0x69, 0x6d, 0x61, 0x67, 0x65, - 0x12, 0x59, 0x0a, 0x14, 0x70, 0x72, 0x69, 0x76, 0x61, 0x74, 0x65, 0x5f, 0x6b, 0x65, 0x79, 0x5f, - 0x70, 0x72, 0x6f, 0x76, 0x69, 0x64, 0x65, 0x72, 0x18, 0x26, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x27, - 0x2e, 0x69, 0x73, 0x74, 0x69, 0x6f, 0x2e, 0x6d, 0x65, 0x73, 0x68, 0x2e, 0x76, 0x31, 0x61, 0x6c, - 0x70, 0x68, 0x61, 0x31, 0x2e, 0x50, 0x72, 0x69, 0x76, 0x61, 0x74, 0x65, 0x4b, 0x65, 0x79, 0x50, - 0x72, 0x6f, 0x76, 0x69, 0x64, 0x65, 0x72, 0x52, 0x12, 0x70, 0x72, 0x69, 0x76, 0x61, 0x74, 0x65, - 0x4b, 0x65, 0x79, 0x50, 0x72, 0x6f, 0x76, 0x69, 0x64, 0x65, 0x72, 0x12, 0x52, 0x0a, 0x0d, 0x70, - 0x72, 0x6f, 0x78, 0x79, 0x5f, 0x68, 0x65, 0x61, 0x64, 0x65, 0x72, 0x73, 0x18, 0x27, 0x20, 0x01, - 0x28, 0x0b, 0x32, 0x2d, 0x2e, 0x69, 0x73, 0x74, 0x69, 0x6f, 0x2e, 0x6d, 0x65, 0x73, 0x68, 0x2e, - 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x31, 0x2e, 0x50, 0x72, 0x6f, 0x78, 0x79, 0x43, 0x6f, - 0x6e, 0x66, 0x69, 0x67, 0x2e, 0x50, 0x72, 0x6f, 0x78, 0x79, 0x48, 0x65, 0x61, 0x64, 0x65, 0x72, - 0x73, 0x52, 0x0c, 0x70, 0x72, 0x6f, 0x78, 0x79, 0x48, 0x65, 0x61, 0x64, 0x65, 0x72, 0x73, 0x1a, - 0x40, 0x0a, 0x12, 0x50, 0x72, 0x6f, 0x78, 0x79, 0x4d, 0x65, 0x74, 0x61, 0x64, 0x61, 0x74, 0x61, - 0x45, 0x6e, 0x74, 0x72, 0x79, 0x12, 0x10, 0x0a, 0x03, 0x6b, 0x65, 0x79, 0x18, 0x01, 0x20, 0x01, - 0x28, 0x09, 0x52, 0x03, 0x6b, 0x65, 0x79, 0x12, 0x14, 0x0a, 0x05, 0x76, 0x61, 0x6c, 0x75, 0x65, - 0x18, 0x02, 0x20, 0x01, 0x28, 0x09, 0x52, 0x05, 0x76, 0x61, 0x6c, 0x75, 0x65, 0x3a, 0x02, 0x38, - 0x01, 0x1a, 0x40, 0x0a, 0x12, 0x52, 0x75, 0x6e, 0x74, 0x69, 0x6d, 0x65, 0x56, 0x61, 0x6c, 0x75, - 0x65, 0x73, 0x45, 0x6e, 0x74, 0x72, 0x79, 0x12, 0x10, 0x0a, 0x03, 0x6b, 0x65, 0x79, 0x18, 0x01, - 0x20, 0x01, 0x28, 0x09, 0x52, 0x03, 0x6b, 0x65, 0x79, 0x12, 0x14, 0x0a, 0x05, 0x76, 0x61, 0x6c, - 0x75, 0x65, 0x18, 0x02, 0x20, 0x01, 0x28, 0x09, 0x52, 0x05, 0x76, 0x61, 0x6c, 0x75, 0x65, 0x3a, - 0x02, 0x38, 0x01, 0x1a, 0x9e, 0x01, 0x0a, 0x11, 0x50, 0x72, 0x6f, 0x78, 0x79, 0x53, 0x74, 0x61, - 0x74, 0x73, 0x4d, 0x61, 0x74, 0x63, 0x68, 0x65, 0x72, 0x12, 0x2d, 0x0a, 0x12, 0x69, 0x6e, 0x63, - 0x6c, 0x75, 0x73, 0x69, 0x6f, 0x6e, 0x5f, 0x70, 0x72, 0x65, 0x66, 0x69, 0x78, 0x65, 0x73, 0x18, - 0x01, 0x20, 0x03, 0x28, 0x09, 0x52, 0x11, 0x69, 0x6e, 0x63, 0x6c, 0x75, 0x73, 0x69, 0x6f, 0x6e, - 0x50, 0x72, 0x65, 0x66, 0x69, 0x78, 0x65, 0x73, 0x12, 0x2d, 0x0a, 0x12, 0x69, 0x6e, 0x63, 0x6c, - 0x75, 0x73, 0x69, 0x6f, 0x6e, 0x5f, 0x73, 0x75, 0x66, 0x66, 0x69, 0x78, 0x65, 0x73, 0x18, 0x02, - 0x20, 0x03, 0x28, 0x09, 0x52, 0x11, 0x69, 0x6e, 0x63, 0x6c, 0x75, 0x73, 0x69, 0x6f, 0x6e, 0x53, - 0x75, 0x66, 0x66, 0x69, 0x78, 0x65, 0x73, 0x12, 0x2b, 0x0a, 0x11, 0x69, 0x6e, 0x63, 0x6c, 0x75, - 0x73, 0x69, 0x6f, 0x6e, 0x5f, 0x72, 0x65, 0x67, 0x65, 0x78, 0x70, 0x73, 0x18, 0x03, 0x20, 0x03, - 0x28, 0x09, 0x52, 0x10, 0x69, 0x6e, 0x63, 0x6c, 0x75, 0x73, 0x69, 0x6f, 0x6e, 0x52, 0x65, 0x67, - 0x65, 0x78, 0x70, 0x73, 0x1a, 0xec, 0x0b, 0x0a, 0x0c, 0x50, 0x72, 0x6f, 0x78, 0x79, 0x48, 0x65, - 0x61, 0x64, 0x65, 0x72, 0x73, 0x12, 0x61, 0x0a, 0x15, 0x66, 0x6f, 0x72, 0x77, 0x61, 0x72, 0x64, - 0x65, 0x64, 0x5f, 0x63, 0x6c, 0x69, 0x65, 0x6e, 0x74, 0x5f, 0x63, 0x65, 0x72, 0x74, 0x18, 0x01, - 0x20, 0x01, 0x28, 0x0e, 0x32, 0x2d, 0x2e, 0x69, 0x73, 0x74, 0x69, 0x6f, 0x2e, 0x6d, 0x65, 0x73, - 0x68, 0x2e, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x31, 0x2e, 0x46, 0x6f, 0x72, 0x77, 0x61, - 0x72, 0x64, 0x43, 0x6c, 0x69, 0x65, 0x6e, 0x74, 0x43, 0x65, 0x72, 0x74, 0x44, 0x65, 0x74, 0x61, - 0x69, 0x6c, 0x73, 0x52, 0x13, 0x66, 0x6f, 0x72, 0x77, 0x61, 0x72, 0x64, 0x65, 0x64, 0x43, 0x6c, - 0x69, 0x65, 0x6e, 0x74, 0x43, 0x65, 0x72, 0x74, 0x12, 0x8f, 0x01, 0x0a, 0x1f, 0x73, 0x65, 0x74, - 0x5f, 0x63, 0x75, 0x72, 0x72, 0x65, 0x6e, 0x74, 0x5f, 0x63, 0x6c, 0x69, 0x65, 0x6e, 0x74, 0x5f, - 0x63, 0x65, 0x72, 0x74, 0x5f, 0x64, 0x65, 0x74, 0x61, 0x69, 0x6c, 0x73, 0x18, 0x07, 0x20, 0x01, - 0x28, 0x0b, 0x32, 0x49, 0x2e, 0x69, 0x73, 0x74, 0x69, 0x6f, 0x2e, 0x6d, 0x65, 0x73, 0x68, 0x2e, - 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x31, 0x2e, 0x50, 0x72, 0x6f, 0x78, 0x79, 0x43, 0x6f, - 0x6e, 0x66, 0x69, 0x67, 0x2e, 0x50, 0x72, 0x6f, 0x78, 0x79, 0x48, 0x65, 0x61, 0x64, 0x65, 0x72, - 0x73, 0x2e, 0x53, 0x65, 0x74, 0x43, 0x75, 0x72, 0x72, 0x65, 0x6e, 0x74, 0x43, 0x6c, 0x69, 0x65, - 0x6e, 0x74, 0x43, 0x65, 0x72, 0x74, 0x44, 0x65, 0x74, 0x61, 0x69, 0x6c, 0x73, 0x52, 0x1b, 0x73, - 0x65, 0x74, 0x43, 0x75, 0x72, 0x72, 0x65, 0x6e, 0x74, 0x43, 0x6c, 0x69, 0x65, 0x6e, 0x74, 0x43, - 0x65, 0x72, 0x74, 0x44, 0x65, 0x74, 0x61, 0x69, 0x6c, 0x73, 0x12, 0x56, 0x0a, 0x0a, 0x72, 0x65, - 0x71, 0x75, 0x65, 0x73, 0x74, 0x5f, 0x69, 0x64, 0x18, 0x03, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x37, - 0x2e, 0x69, 0x73, 0x74, 0x69, 0x6f, 0x2e, 0x6d, 0x65, 0x73, 0x68, 0x2e, 0x76, 0x31, 0x61, 0x6c, - 0x70, 0x68, 0x61, 0x31, 0x2e, 0x50, 0x72, 0x6f, 0x78, 0x79, 0x43, 0x6f, 0x6e, 0x66, 0x69, 0x67, - 0x2e, 0x50, 0x72, 0x6f, 0x78, 0x79, 0x48, 0x65, 0x61, 0x64, 0x65, 0x72, 0x73, 0x2e, 0x52, 0x65, - 0x71, 0x75, 0x65, 0x73, 0x74, 0x49, 0x64, 0x52, 0x09, 0x72, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, - 0x49, 0x64, 0x12, 0x4c, 0x0a, 0x06, 0x73, 0x65, 0x72, 0x76, 0x65, 0x72, 0x18, 0x02, 0x20, 0x01, - 0x28, 0x0b, 0x32, 0x34, 0x2e, 0x69, 0x73, 0x74, 0x69, 0x6f, 0x2e, 0x6d, 0x65, 0x73, 0x68, 0x2e, - 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x31, 0x2e, 0x50, 0x72, 0x6f, 0x78, 0x79, 0x43, 0x6f, - 0x6e, 0x66, 0x69, 0x67, 0x2e, 0x50, 0x72, 0x6f, 0x78, 0x79, 0x48, 0x65, 0x61, 0x64, 0x65, 0x72, - 0x73, 0x2e, 0x53, 0x65, 0x72, 0x76, 0x65, 0x72, 0x52, 0x06, 0x73, 0x65, 0x72, 0x76, 0x65, 0x72, - 0x12, 0x5f, 0x0a, 0x0d, 0x61, 0x74, 0x74, 0x65, 0x6d, 0x70, 0x74, 0x5f, 0x63, 0x6f, 0x75, 0x6e, - 0x74, 0x18, 0x04, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x3a, 0x2e, 0x69, 0x73, 0x74, 0x69, 0x6f, 0x2e, + 0x12, 0x23, 0x0a, 0x0d, 0x70, 0x72, 0x65, 0x73, 0x65, 0x72, 0x76, 0x65, 0x5f, 0x63, 0x61, 0x73, + 0x65, 0x18, 0x28, 0x20, 0x01, 0x28, 0x08, 0x52, 0x0c, 0x70, 0x72, 0x65, 0x73, 0x65, 0x72, 0x76, + 0x65, 0x43, 0x61, 0x73, 0x65, 0x12, 0x59, 0x0a, 0x14, 0x70, 0x72, 0x69, 0x76, 0x61, 0x74, 0x65, + 0x5f, 0x6b, 0x65, 0x79, 0x5f, 0x70, 0x72, 0x6f, 0x76, 0x69, 0x64, 0x65, 0x72, 0x18, 0x26, 0x20, + 0x01, 0x28, 0x0b, 0x32, 0x27, 0x2e, 0x69, 0x73, 0x74, 0x69, 0x6f, 0x2e, 0x6d, 0x65, 0x73, 0x68, + 0x2e, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x31, 0x2e, 0x50, 0x72, 0x69, 0x76, 0x61, 0x74, + 0x65, 0x4b, 0x65, 0x79, 0x50, 0x72, 0x6f, 0x76, 0x69, 0x64, 0x65, 0x72, 0x52, 0x12, 0x70, 0x72, + 0x69, 0x76, 0x61, 0x74, 0x65, 0x4b, 0x65, 0x79, 0x50, 0x72, 0x6f, 0x76, 0x69, 0x64, 0x65, 0x72, + 0x12, 0x52, 0x0a, 0x0d, 0x70, 0x72, 0x6f, 0x78, 0x79, 0x5f, 0x68, 0x65, 0x61, 0x64, 0x65, 0x72, + 0x73, 0x18, 0x27, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x2d, 0x2e, 0x69, 0x73, 0x74, 0x69, 0x6f, 0x2e, 0x6d, 0x65, 0x73, 0x68, 0x2e, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x31, 0x2e, 0x50, 0x72, 0x6f, 0x78, 0x79, 0x43, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x2e, 0x50, 0x72, 0x6f, 0x78, 0x79, 0x48, - 0x65, 0x61, 0x64, 0x65, 0x72, 0x73, 0x2e, 0x41, 0x74, 0x74, 0x65, 0x6d, 0x70, 0x74, 0x43, 0x6f, - 0x75, 0x6e, 0x74, 0x52, 0x0c, 0x61, 0x74, 0x74, 0x65, 0x6d, 0x70, 0x74, 0x43, 0x6f, 0x75, 0x6e, - 0x74, 0x12, 0x6f, 0x0a, 0x13, 0x65, 0x6e, 0x76, 0x6f, 0x79, 0x5f, 0x64, 0x65, 0x62, 0x75, 0x67, - 0x5f, 0x68, 0x65, 0x61, 0x64, 0x65, 0x72, 0x73, 0x18, 0x05, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x3f, - 0x2e, 0x69, 0x73, 0x74, 0x69, 0x6f, 0x2e, 0x6d, 0x65, 0x73, 0x68, 0x2e, 0x76, 0x31, 0x61, 0x6c, - 0x70, 0x68, 0x61, 0x31, 0x2e, 0x50, 0x72, 0x6f, 0x78, 0x79, 0x43, 0x6f, 0x6e, 0x66, 0x69, 0x67, - 0x2e, 0x50, 0x72, 0x6f, 0x78, 0x79, 0x48, 0x65, 0x61, 0x64, 0x65, 0x72, 0x73, 0x2e, 0x45, 0x6e, - 0x76, 0x6f, 0x79, 0x44, 0x65, 0x62, 0x75, 0x67, 0x48, 0x65, 0x61, 0x64, 0x65, 0x72, 0x73, 0x52, - 0x11, 0x65, 0x6e, 0x76, 0x6f, 0x79, 0x44, 0x65, 0x62, 0x75, 0x67, 0x48, 0x65, 0x61, 0x64, 0x65, - 0x72, 0x73, 0x12, 0x81, 0x01, 0x0a, 0x19, 0x6d, 0x65, 0x74, 0x61, 0x64, 0x61, 0x74, 0x61, 0x5f, - 0x65, 0x78, 0x63, 0x68, 0x61, 0x6e, 0x67, 0x65, 0x5f, 0x68, 0x65, 0x61, 0x64, 0x65, 0x72, 0x73, - 0x18, 0x06, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x45, 0x2e, 0x69, 0x73, 0x74, 0x69, 0x6f, 0x2e, 0x6d, - 0x65, 0x73, 0x68, 0x2e, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x31, 0x2e, 0x50, 0x72, 0x6f, - 0x78, 0x79, 0x43, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x2e, 0x50, 0x72, 0x6f, 0x78, 0x79, 0x48, 0x65, - 0x61, 0x64, 0x65, 0x72, 0x73, 0x2e, 0x4d, 0x65, 0x74, 0x61, 0x64, 0x61, 0x74, 0x61, 0x45, 0x78, - 0x63, 0x68, 0x61, 0x6e, 0x67, 0x65, 0x48, 0x65, 0x61, 0x64, 0x65, 0x72, 0x73, 0x52, 0x17, 0x6d, - 0x65, 0x74, 0x61, 0x64, 0x61, 0x74, 0x61, 0x45, 0x78, 0x63, 0x68, 0x61, 0x6e, 0x67, 0x65, 0x48, - 0x65, 0x61, 0x64, 0x65, 0x72, 0x73, 0x1a, 0x56, 0x0a, 0x06, 0x53, 0x65, 0x72, 0x76, 0x65, 0x72, + 0x65, 0x61, 0x64, 0x65, 0x72, 0x73, 0x52, 0x0c, 0x70, 0x72, 0x6f, 0x78, 0x79, 0x48, 0x65, 0x61, + 0x64, 0x65, 0x72, 0x73, 0x1a, 0x40, 0x0a, 0x12, 0x50, 0x72, 0x6f, 0x78, 0x79, 0x4d, 0x65, 0x74, + 0x61, 0x64, 0x61, 0x74, 0x61, 0x45, 0x6e, 0x74, 0x72, 0x79, 0x12, 0x10, 0x0a, 0x03, 0x6b, 0x65, + 0x79, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x03, 0x6b, 0x65, 0x79, 0x12, 0x14, 0x0a, 0x05, + 0x76, 0x61, 0x6c, 0x75, 0x65, 0x18, 0x02, 0x20, 0x01, 0x28, 0x09, 0x52, 0x05, 0x76, 0x61, 0x6c, + 0x75, 0x65, 0x3a, 0x02, 0x38, 0x01, 0x1a, 0x40, 0x0a, 0x12, 0x52, 0x75, 0x6e, 0x74, 0x69, 0x6d, + 0x65, 0x56, 0x61, 0x6c, 0x75, 0x65, 0x73, 0x45, 0x6e, 0x74, 0x72, 0x79, 0x12, 0x10, 0x0a, 0x03, + 0x6b, 0x65, 0x79, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x03, 0x6b, 0x65, 0x79, 0x12, 0x14, + 0x0a, 0x05, 0x76, 0x61, 0x6c, 0x75, 0x65, 0x18, 0x02, 0x20, 0x01, 0x28, 0x09, 0x52, 0x05, 0x76, + 0x61, 0x6c, 0x75, 0x65, 0x3a, 0x02, 0x38, 0x01, 0x1a, 0x9e, 0x01, 0x0a, 0x11, 0x50, 0x72, 0x6f, + 0x78, 0x79, 0x53, 0x74, 0x61, 0x74, 0x73, 0x4d, 0x61, 0x74, 0x63, 0x68, 0x65, 0x72, 0x12, 0x2d, + 0x0a, 0x12, 0x69, 0x6e, 0x63, 0x6c, 0x75, 0x73, 0x69, 0x6f, 0x6e, 0x5f, 0x70, 0x72, 0x65, 0x66, + 0x69, 0x78, 0x65, 0x73, 0x18, 0x01, 0x20, 0x03, 0x28, 0x09, 0x52, 0x11, 0x69, 0x6e, 0x63, 0x6c, + 0x75, 0x73, 0x69, 0x6f, 0x6e, 0x50, 0x72, 0x65, 0x66, 0x69, 0x78, 0x65, 0x73, 0x12, 0x2d, 0x0a, + 0x12, 0x69, 0x6e, 0x63, 0x6c, 0x75, 0x73, 0x69, 0x6f, 0x6e, 0x5f, 0x73, 0x75, 0x66, 0x66, 0x69, + 0x78, 0x65, 0x73, 0x18, 0x02, 0x20, 0x03, 0x28, 0x09, 0x52, 0x11, 0x69, 0x6e, 0x63, 0x6c, 0x75, + 0x73, 0x69, 0x6f, 0x6e, 0x53, 0x75, 0x66, 0x66, 0x69, 0x78, 0x65, 0x73, 0x12, 0x2b, 0x0a, 0x11, + 0x69, 0x6e, 0x63, 0x6c, 0x75, 0x73, 0x69, 0x6f, 0x6e, 0x5f, 0x72, 0x65, 0x67, 0x65, 0x78, 0x70, + 0x73, 0x18, 0x03, 0x20, 0x03, 0x28, 0x09, 0x52, 0x10, 0x69, 0x6e, 0x63, 0x6c, 0x75, 0x73, 0x69, + 0x6f, 0x6e, 0x52, 0x65, 0x67, 0x65, 0x78, 0x70, 0x73, 0x1a, 0xec, 0x0b, 0x0a, 0x0c, 0x50, 0x72, + 0x6f, 0x78, 0x79, 0x48, 0x65, 0x61, 0x64, 0x65, 0x72, 0x73, 0x12, 0x61, 0x0a, 0x15, 0x66, 0x6f, + 0x72, 0x77, 0x61, 0x72, 0x64, 0x65, 0x64, 0x5f, 0x63, 0x6c, 0x69, 0x65, 0x6e, 0x74, 0x5f, 0x63, + 0x65, 0x72, 0x74, 0x18, 0x01, 0x20, 0x01, 0x28, 0x0e, 0x32, 0x2d, 0x2e, 0x69, 0x73, 0x74, 0x69, + 0x6f, 0x2e, 0x6d, 0x65, 0x73, 0x68, 0x2e, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x31, 0x2e, + 0x46, 0x6f, 0x72, 0x77, 0x61, 0x72, 0x64, 0x43, 0x6c, 0x69, 0x65, 0x6e, 0x74, 0x43, 0x65, 0x72, + 0x74, 0x44, 0x65, 0x74, 0x61, 0x69, 0x6c, 0x73, 0x52, 0x13, 0x66, 0x6f, 0x72, 0x77, 0x61, 0x72, + 0x64, 0x65, 0x64, 0x43, 0x6c, 0x69, 0x65, 0x6e, 0x74, 0x43, 0x65, 0x72, 0x74, 0x12, 0x8f, 0x01, + 0x0a, 0x1f, 0x73, 0x65, 0x74, 0x5f, 0x63, 0x75, 0x72, 0x72, 0x65, 0x6e, 0x74, 0x5f, 0x63, 0x6c, + 0x69, 0x65, 0x6e, 0x74, 0x5f, 0x63, 0x65, 0x72, 0x74, 0x5f, 0x64, 0x65, 0x74, 0x61, 0x69, 0x6c, + 0x73, 0x18, 0x07, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x49, 0x2e, 0x69, 0x73, 0x74, 0x69, 0x6f, 0x2e, + 0x6d, 0x65, 0x73, 0x68, 0x2e, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x31, 0x2e, 0x50, 0x72, + 0x6f, 0x78, 0x79, 0x43, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x2e, 0x50, 0x72, 0x6f, 0x78, 0x79, 0x48, + 0x65, 0x61, 0x64, 0x65, 0x72, 0x73, 0x2e, 0x53, 0x65, 0x74, 0x43, 0x75, 0x72, 0x72, 0x65, 0x6e, + 0x74, 0x43, 0x6c, 0x69, 0x65, 0x6e, 0x74, 0x43, 0x65, 0x72, 0x74, 0x44, 0x65, 0x74, 0x61, 0x69, + 0x6c, 0x73, 0x52, 0x1b, 0x73, 0x65, 0x74, 0x43, 0x75, 0x72, 0x72, 0x65, 0x6e, 0x74, 0x43, 0x6c, + 0x69, 0x65, 0x6e, 0x74, 0x43, 0x65, 0x72, 0x74, 0x44, 0x65, 0x74, 0x61, 0x69, 0x6c, 0x73, 0x12, + 0x56, 0x0a, 0x0a, 0x72, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x5f, 0x69, 0x64, 0x18, 0x03, 0x20, + 0x01, 0x28, 0x0b, 0x32, 0x37, 0x2e, 0x69, 0x73, 0x74, 0x69, 0x6f, 0x2e, 0x6d, 0x65, 0x73, 0x68, + 0x2e, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x31, 0x2e, 0x50, 0x72, 0x6f, 0x78, 0x79, 0x43, + 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x2e, 0x50, 0x72, 0x6f, 0x78, 0x79, 0x48, 0x65, 0x61, 0x64, 0x65, + 0x72, 0x73, 0x2e, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x49, 0x64, 0x52, 0x09, 0x72, 0x65, + 0x71, 0x75, 0x65, 0x73, 0x74, 0x49, 0x64, 0x12, 0x4c, 0x0a, 0x06, 0x73, 0x65, 0x72, 0x76, 0x65, + 0x72, 0x18, 0x02, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x34, 0x2e, 0x69, 0x73, 0x74, 0x69, 0x6f, 0x2e, + 0x6d, 0x65, 0x73, 0x68, 0x2e, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x31, 0x2e, 0x50, 0x72, + 0x6f, 0x78, 0x79, 0x43, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x2e, 0x50, 0x72, 0x6f, 0x78, 0x79, 0x48, + 0x65, 0x61, 0x64, 0x65, 0x72, 0x73, 0x2e, 0x53, 0x65, 0x72, 0x76, 0x65, 0x72, 0x52, 0x06, 0x73, + 0x65, 0x72, 0x76, 0x65, 0x72, 0x12, 0x5f, 0x0a, 0x0d, 0x61, 0x74, 0x74, 0x65, 0x6d, 0x70, 0x74, + 0x5f, 0x63, 0x6f, 0x75, 0x6e, 0x74, 0x18, 0x04, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x3a, 0x2e, 0x69, + 0x73, 0x74, 0x69, 0x6f, 0x2e, 0x6d, 0x65, 0x73, 0x68, 0x2e, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, + 0x61, 0x31, 0x2e, 0x50, 0x72, 0x6f, 0x78, 0x79, 0x43, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x2e, 0x50, + 0x72, 0x6f, 0x78, 0x79, 0x48, 0x65, 0x61, 0x64, 0x65, 0x72, 0x73, 0x2e, 0x41, 0x74, 0x74, 0x65, + 0x6d, 0x70, 0x74, 0x43, 0x6f, 0x75, 0x6e, 0x74, 0x52, 0x0c, 0x61, 0x74, 0x74, 0x65, 0x6d, 0x70, + 0x74, 0x43, 0x6f, 0x75, 0x6e, 0x74, 0x12, 0x6f, 0x0a, 0x13, 0x65, 0x6e, 0x76, 0x6f, 0x79, 0x5f, + 0x64, 0x65, 0x62, 0x75, 0x67, 0x5f, 0x68, 0x65, 0x61, 0x64, 0x65, 0x72, 0x73, 0x18, 0x05, 0x20, + 0x01, 0x28, 0x0b, 0x32, 0x3f, 0x2e, 0x69, 0x73, 0x74, 0x69, 0x6f, 0x2e, 0x6d, 0x65, 0x73, 0x68, + 0x2e, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x31, 0x2e, 0x50, 0x72, 0x6f, 0x78, 0x79, 0x43, + 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x2e, 0x50, 0x72, 0x6f, 0x78, 0x79, 0x48, 0x65, 0x61, 0x64, 0x65, + 0x72, 0x73, 0x2e, 0x45, 0x6e, 0x76, 0x6f, 0x79, 0x44, 0x65, 0x62, 0x75, 0x67, 0x48, 0x65, 0x61, + 0x64, 0x65, 0x72, 0x73, 0x52, 0x11, 0x65, 0x6e, 0x76, 0x6f, 0x79, 0x44, 0x65, 0x62, 0x75, 0x67, + 0x48, 0x65, 0x61, 0x64, 0x65, 0x72, 0x73, 0x12, 0x81, 0x01, 0x0a, 0x19, 0x6d, 0x65, 0x74, 0x61, + 0x64, 0x61, 0x74, 0x61, 0x5f, 0x65, 0x78, 0x63, 0x68, 0x61, 0x6e, 0x67, 0x65, 0x5f, 0x68, 0x65, + 0x61, 0x64, 0x65, 0x72, 0x73, 0x18, 0x06, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x45, 0x2e, 0x69, 0x73, + 0x74, 0x69, 0x6f, 0x2e, 0x6d, 0x65, 0x73, 0x68, 0x2e, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, + 0x31, 0x2e, 0x50, 0x72, 0x6f, 0x78, 0x79, 0x43, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x2e, 0x50, 0x72, + 0x6f, 0x78, 0x79, 0x48, 0x65, 0x61, 0x64, 0x65, 0x72, 0x73, 0x2e, 0x4d, 0x65, 0x74, 0x61, 0x64, + 0x61, 0x74, 0x61, 0x45, 0x78, 0x63, 0x68, 0x61, 0x6e, 0x67, 0x65, 0x48, 0x65, 0x61, 0x64, 0x65, + 0x72, 0x73, 0x52, 0x17, 0x6d, 0x65, 0x74, 0x61, 0x64, 0x61, 0x74, 0x61, 0x45, 0x78, 0x63, 0x68, + 0x61, 0x6e, 0x67, 0x65, 0x48, 0x65, 0x61, 0x64, 0x65, 0x72, 0x73, 0x1a, 0x56, 0x0a, 0x06, 0x53, + 0x65, 0x72, 0x76, 0x65, 0x72, 0x12, 0x36, 0x0a, 0x08, 0x64, 0x69, 0x73, 0x61, 0x62, 0x6c, 0x65, + 0x64, 0x18, 0x01, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x1a, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, + 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2e, 0x42, 0x6f, 0x6f, 0x6c, 0x56, 0x61, + 0x6c, 0x75, 0x65, 0x52, 0x08, 0x64, 0x69, 0x73, 0x61, 0x62, 0x6c, 0x65, 0x64, 0x12, 0x14, 0x0a, + 0x05, 0x76, 0x61, 0x6c, 0x75, 0x65, 0x18, 0x02, 0x20, 0x01, 0x28, 0x09, 0x52, 0x05, 0x76, 0x61, + 0x6c, 0x75, 0x65, 0x1a, 0x43, 0x0a, 0x09, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x49, 0x64, 0x12, 0x36, 0x0a, 0x08, 0x64, 0x69, 0x73, 0x61, 0x62, 0x6c, 0x65, 0x64, 0x18, 0x01, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x1a, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2e, 0x42, 0x6f, 0x6f, 0x6c, 0x56, 0x61, 0x6c, 0x75, 0x65, 0x52, 0x08, - 0x64, 0x69, 0x73, 0x61, 0x62, 0x6c, 0x65, 0x64, 0x12, 0x14, 0x0a, 0x05, 0x76, 0x61, 0x6c, 0x75, - 0x65, 0x18, 0x02, 0x20, 0x01, 0x28, 0x09, 0x52, 0x05, 0x76, 0x61, 0x6c, 0x75, 0x65, 0x1a, 0x43, - 0x0a, 0x09, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x49, 0x64, 0x12, 0x36, 0x0a, 0x08, 0x64, - 0x69, 0x73, 0x61, 0x62, 0x6c, 0x65, 0x64, 0x18, 0x01, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x1a, 0x2e, - 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2e, - 0x42, 0x6f, 0x6f, 0x6c, 0x56, 0x61, 0x6c, 0x75, 0x65, 0x52, 0x08, 0x64, 0x69, 0x73, 0x61, 0x62, - 0x6c, 0x65, 0x64, 0x1a, 0x46, 0x0a, 0x0c, 0x41, 0x74, 0x74, 0x65, 0x6d, 0x70, 0x74, 0x43, 0x6f, - 0x75, 0x6e, 0x74, 0x12, 0x36, 0x0a, 0x08, 0x64, 0x69, 0x73, 0x61, 0x62, 0x6c, 0x65, 0x64, 0x18, - 0x01, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x1a, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x70, + 0x64, 0x69, 0x73, 0x61, 0x62, 0x6c, 0x65, 0x64, 0x1a, 0x46, 0x0a, 0x0c, 0x41, 0x74, 0x74, 0x65, + 0x6d, 0x70, 0x74, 0x43, 0x6f, 0x75, 0x6e, 0x74, 0x12, 0x36, 0x0a, 0x08, 0x64, 0x69, 0x73, 0x61, + 0x62, 0x6c, 0x65, 0x64, 0x18, 0x01, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x1a, 0x2e, 0x67, 0x6f, 0x6f, + 0x67, 0x6c, 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2e, 0x42, 0x6f, 0x6f, + 0x6c, 0x56, 0x61, 0x6c, 0x75, 0x65, 0x52, 0x08, 0x64, 0x69, 0x73, 0x61, 0x62, 0x6c, 0x65, 0x64, + 0x1a, 0x4b, 0x0a, 0x11, 0x45, 0x6e, 0x76, 0x6f, 0x79, 0x44, 0x65, 0x62, 0x75, 0x67, 0x48, 0x65, + 0x61, 0x64, 0x65, 0x72, 0x73, 0x12, 0x36, 0x0a, 0x08, 0x64, 0x69, 0x73, 0x61, 0x62, 0x6c, 0x65, + 0x64, 0x18, 0x01, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x1a, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, + 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2e, 0x42, 0x6f, 0x6f, 0x6c, 0x56, 0x61, + 0x6c, 0x75, 0x65, 0x52, 0x08, 0x64, 0x69, 0x73, 0x61, 0x62, 0x6c, 0x65, 0x64, 0x1a, 0x71, 0x0a, + 0x17, 0x4d, 0x65, 0x74, 0x61, 0x64, 0x61, 0x74, 0x61, 0x45, 0x78, 0x63, 0x68, 0x61, 0x6e, 0x67, + 0x65, 0x48, 0x65, 0x61, 0x64, 0x65, 0x72, 0x73, 0x12, 0x56, 0x0a, 0x04, 0x6d, 0x6f, 0x64, 0x65, + 0x18, 0x01, 0x20, 0x01, 0x28, 0x0e, 0x32, 0x42, 0x2e, 0x69, 0x73, 0x74, 0x69, 0x6f, 0x2e, 0x6d, + 0x65, 0x73, 0x68, 0x2e, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x31, 0x2e, 0x50, 0x72, 0x6f, + 0x78, 0x79, 0x43, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x2e, 0x50, 0x72, 0x6f, 0x78, 0x79, 0x48, 0x65, + 0x61, 0x64, 0x65, 0x72, 0x73, 0x2e, 0x4d, 0x65, 0x74, 0x61, 0x64, 0x61, 0x74, 0x61, 0x45, 0x78, + 0x63, 0x68, 0x61, 0x6e, 0x67, 0x65, 0x4d, 0x6f, 0x64, 0x65, 0x52, 0x04, 0x6d, 0x6f, 0x64, 0x65, + 0x1a, 0x91, 0x02, 0x0a, 0x1b, 0x53, 0x65, 0x74, 0x43, 0x75, 0x72, 0x72, 0x65, 0x6e, 0x74, 0x43, + 0x6c, 0x69, 0x65, 0x6e, 0x74, 0x43, 0x65, 0x72, 0x74, 0x44, 0x65, 0x74, 0x61, 0x69, 0x6c, 0x73, + 0x12, 0x34, 0x0a, 0x07, 0x73, 0x75, 0x62, 0x6a, 0x65, 0x63, 0x74, 0x18, 0x01, 0x20, 0x01, 0x28, + 0x0b, 0x32, 0x1a, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, + 0x62, 0x75, 0x66, 0x2e, 0x42, 0x6f, 0x6f, 0x6c, 0x56, 0x61, 0x6c, 0x75, 0x65, 0x52, 0x07, 0x73, + 0x75, 0x62, 0x6a, 0x65, 0x63, 0x74, 0x12, 0x2e, 0x0a, 0x04, 0x63, 0x65, 0x72, 0x74, 0x18, 0x02, + 0x20, 0x01, 0x28, 0x0b, 0x32, 0x1a, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x70, 0x72, + 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2e, 0x42, 0x6f, 0x6f, 0x6c, 0x56, 0x61, 0x6c, 0x75, 0x65, + 0x52, 0x04, 0x63, 0x65, 0x72, 0x74, 0x12, 0x30, 0x0a, 0x05, 0x63, 0x68, 0x61, 0x69, 0x6e, 0x18, + 0x03, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x1a, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2e, 0x42, 0x6f, 0x6f, 0x6c, 0x56, 0x61, 0x6c, 0x75, - 0x65, 0x52, 0x08, 0x64, 0x69, 0x73, 0x61, 0x62, 0x6c, 0x65, 0x64, 0x1a, 0x4b, 0x0a, 0x11, 0x45, - 0x6e, 0x76, 0x6f, 0x79, 0x44, 0x65, 0x62, 0x75, 0x67, 0x48, 0x65, 0x61, 0x64, 0x65, 0x72, 0x73, - 0x12, 0x36, 0x0a, 0x08, 0x64, 0x69, 0x73, 0x61, 0x62, 0x6c, 0x65, 0x64, 0x18, 0x01, 0x20, 0x01, - 0x28, 0x0b, 0x32, 0x1a, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, - 0x6f, 0x62, 0x75, 0x66, 0x2e, 0x42, 0x6f, 0x6f, 0x6c, 0x56, 0x61, 0x6c, 0x75, 0x65, 0x52, 0x08, - 0x64, 0x69, 0x73, 0x61, 0x62, 0x6c, 0x65, 0x64, 0x1a, 0x71, 0x0a, 0x17, 0x4d, 0x65, 0x74, 0x61, - 0x64, 0x61, 0x74, 0x61, 0x45, 0x78, 0x63, 0x68, 0x61, 0x6e, 0x67, 0x65, 0x48, 0x65, 0x61, 0x64, - 0x65, 0x72, 0x73, 0x12, 0x56, 0x0a, 0x04, 0x6d, 0x6f, 0x64, 0x65, 0x18, 0x01, 0x20, 0x01, 0x28, - 0x0e, 0x32, 0x42, 0x2e, 0x69, 0x73, 0x74, 0x69, 0x6f, 0x2e, 0x6d, 0x65, 0x73, 0x68, 0x2e, 0x76, - 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x31, 0x2e, 0x50, 0x72, 0x6f, 0x78, 0x79, 0x43, 0x6f, 0x6e, - 0x66, 0x69, 0x67, 0x2e, 0x50, 0x72, 0x6f, 0x78, 0x79, 0x48, 0x65, 0x61, 0x64, 0x65, 0x72, 0x73, - 0x2e, 0x4d, 0x65, 0x74, 0x61, 0x64, 0x61, 0x74, 0x61, 0x45, 0x78, 0x63, 0x68, 0x61, 0x6e, 0x67, - 0x65, 0x4d, 0x6f, 0x64, 0x65, 0x52, 0x04, 0x6d, 0x6f, 0x64, 0x65, 0x1a, 0x91, 0x02, 0x0a, 0x1b, - 0x53, 0x65, 0x74, 0x43, 0x75, 0x72, 0x72, 0x65, 0x6e, 0x74, 0x43, 0x6c, 0x69, 0x65, 0x6e, 0x74, - 0x43, 0x65, 0x72, 0x74, 0x44, 0x65, 0x74, 0x61, 0x69, 0x6c, 0x73, 0x12, 0x34, 0x0a, 0x07, 0x73, - 0x75, 0x62, 0x6a, 0x65, 0x63, 0x74, 0x18, 0x01, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x1a, 0x2e, 0x67, - 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2e, 0x42, - 0x6f, 0x6f, 0x6c, 0x56, 0x61, 0x6c, 0x75, 0x65, 0x52, 0x07, 0x73, 0x75, 0x62, 0x6a, 0x65, 0x63, - 0x74, 0x12, 0x2e, 0x0a, 0x04, 0x63, 0x65, 0x72, 0x74, 0x18, 0x02, 0x20, 0x01, 0x28, 0x0b, 0x32, - 0x1a, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, - 0x66, 0x2e, 0x42, 0x6f, 0x6f, 0x6c, 0x56, 0x61, 0x6c, 0x75, 0x65, 0x52, 0x04, 0x63, 0x65, 0x72, - 0x74, 0x12, 0x30, 0x0a, 0x05, 0x63, 0x68, 0x61, 0x69, 0x6e, 0x18, 0x03, 0x20, 0x01, 0x28, 0x0b, - 0x32, 0x1a, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, - 0x75, 0x66, 0x2e, 0x42, 0x6f, 0x6f, 0x6c, 0x56, 0x61, 0x6c, 0x75, 0x65, 0x52, 0x05, 0x63, 0x68, - 0x61, 0x69, 0x6e, 0x12, 0x2c, 0x0a, 0x03, 0x64, 0x6e, 0x73, 0x18, 0x04, 0x20, 0x01, 0x28, 0x0b, - 0x32, 0x1a, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, - 0x75, 0x66, 0x2e, 0x42, 0x6f, 0x6f, 0x6c, 0x56, 0x61, 0x6c, 0x75, 0x65, 0x52, 0x03, 0x64, 0x6e, - 0x73, 0x12, 0x2c, 0x0a, 0x03, 0x75, 0x72, 0x69, 0x18, 0x05, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x1a, - 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, - 0x2e, 0x42, 0x6f, 0x6f, 0x6c, 0x56, 0x61, 0x6c, 0x75, 0x65, 0x52, 0x03, 0x75, 0x72, 0x69, 0x22, - 0x32, 0x0a, 0x14, 0x4d, 0x65, 0x74, 0x61, 0x64, 0x61, 0x74, 0x61, 0x45, 0x78, 0x63, 0x68, 0x61, - 0x6e, 0x67, 0x65, 0x4d, 0x6f, 0x64, 0x65, 0x12, 0x0d, 0x0a, 0x09, 0x55, 0x4e, 0x44, 0x45, 0x46, - 0x49, 0x4e, 0x45, 0x44, 0x10, 0x00, 0x12, 0x0b, 0x0a, 0x07, 0x49, 0x4e, 0x5f, 0x4d, 0x45, 0x53, - 0x48, 0x10, 0x01, 0x22, 0x6c, 0x0a, 0x12, 0x54, 0x72, 0x61, 0x63, 0x69, 0x6e, 0x67, 0x53, 0x65, - 0x72, 0x76, 0x69, 0x63, 0x65, 0x4e, 0x61, 0x6d, 0x65, 0x12, 0x1b, 0x0a, 0x17, 0x41, 0x50, 0x50, - 0x5f, 0x4c, 0x41, 0x42, 0x45, 0x4c, 0x5f, 0x41, 0x4e, 0x44, 0x5f, 0x4e, 0x41, 0x4d, 0x45, 0x53, - 0x50, 0x41, 0x43, 0x45, 0x10, 0x00, 0x12, 0x17, 0x0a, 0x13, 0x43, 0x41, 0x4e, 0x4f, 0x4e, 0x49, - 0x43, 0x41, 0x4c, 0x5f, 0x4e, 0x41, 0x4d, 0x45, 0x5f, 0x4f, 0x4e, 0x4c, 0x59, 0x10, 0x01, 0x12, - 0x20, 0x0a, 0x1c, 0x43, 0x41, 0x4e, 0x4f, 0x4e, 0x49, 0x43, 0x41, 0x4c, 0x5f, 0x4e, 0x41, 0x4d, - 0x45, 0x5f, 0x41, 0x4e, 0x44, 0x5f, 0x4e, 0x41, 0x4d, 0x45, 0x53, 0x50, 0x41, 0x43, 0x45, 0x10, - 0x02, 0x22, 0x3d, 0x0a, 0x17, 0x49, 0x6e, 0x62, 0x6f, 0x75, 0x6e, 0x64, 0x49, 0x6e, 0x74, 0x65, - 0x72, 0x63, 0x65, 0x70, 0x74, 0x69, 0x6f, 0x6e, 0x4d, 0x6f, 0x64, 0x65, 0x12, 0x0c, 0x0a, 0x08, - 0x52, 0x45, 0x44, 0x49, 0x52, 0x45, 0x43, 0x54, 0x10, 0x00, 0x12, 0x0a, 0x0a, 0x06, 0x54, 0x50, - 0x52, 0x4f, 0x58, 0x59, 0x10, 0x01, 0x12, 0x08, 0x0a, 0x04, 0x4e, 0x4f, 0x4e, 0x45, 0x10, 0x02, - 0x42, 0x0e, 0x0a, 0x0c, 0x63, 0x6c, 0x75, 0x73, 0x74, 0x65, 0x72, 0x5f, 0x6e, 0x61, 0x6d, 0x65, - 0x4a, 0x04, 0x08, 0x05, 0x10, 0x06, 0x4a, 0x04, 0x08, 0x09, 0x10, 0x0a, 0x52, 0x18, 0x70, 0x61, - 0x72, 0x65, 0x6e, 0x74, 0x5f, 0x73, 0x68, 0x75, 0x74, 0x64, 0x6f, 0x77, 0x6e, 0x5f, 0x64, 0x75, - 0x72, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x52, 0x0f, 0x63, 0x6f, 0x6e, 0x6e, 0x65, 0x63, 0x74, 0x5f, - 0x74, 0x69, 0x6d, 0x65, 0x6f, 0x75, 0x74, 0x22, 0xeb, 0x01, 0x0a, 0x0d, 0x52, 0x65, 0x6d, 0x6f, - 0x74, 0x65, 0x53, 0x65, 0x72, 0x76, 0x69, 0x63, 0x65, 0x12, 0x18, 0x0a, 0x07, 0x61, 0x64, 0x64, - 0x72, 0x65, 0x73, 0x73, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x07, 0x61, 0x64, 0x64, 0x72, - 0x65, 0x73, 0x73, 0x12, 0x4f, 0x0a, 0x0c, 0x74, 0x6c, 0x73, 0x5f, 0x73, 0x65, 0x74, 0x74, 0x69, - 0x6e, 0x67, 0x73, 0x18, 0x02, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x2c, 0x2e, 0x69, 0x73, 0x74, 0x69, - 0x6f, 0x2e, 0x6e, 0x65, 0x74, 0x77, 0x6f, 0x72, 0x6b, 0x69, 0x6e, 0x67, 0x2e, 0x76, 0x31, 0x61, - 0x6c, 0x70, 0x68, 0x61, 0x33, 0x2e, 0x43, 0x6c, 0x69, 0x65, 0x6e, 0x74, 0x54, 0x4c, 0x53, 0x53, - 0x65, 0x74, 0x74, 0x69, 0x6e, 0x67, 0x73, 0x52, 0x0b, 0x74, 0x6c, 0x73, 0x53, 0x65, 0x74, 0x74, - 0x69, 0x6e, 0x67, 0x73, 0x12, 0x6f, 0x0a, 0x0d, 0x74, 0x63, 0x70, 0x5f, 0x6b, 0x65, 0x65, 0x70, - 0x61, 0x6c, 0x69, 0x76, 0x65, 0x18, 0x03, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x4a, 0x2e, 0x69, 0x73, - 0x74, 0x69, 0x6f, 0x2e, 0x6e, 0x65, 0x74, 0x77, 0x6f, 0x72, 0x6b, 0x69, 0x6e, 0x67, 0x2e, 0x76, - 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x33, 0x2e, 0x43, 0x6f, 0x6e, 0x6e, 0x65, 0x63, 0x74, 0x69, - 0x6f, 0x6e, 0x50, 0x6f, 0x6f, 0x6c, 0x53, 0x65, 0x74, 0x74, 0x69, 0x6e, 0x67, 0x73, 0x2e, 0x54, - 0x43, 0x50, 0x53, 0x65, 0x74, 0x74, 0x69, 0x6e, 0x67, 0x73, 0x2e, 0x54, 0x63, 0x70, 0x4b, 0x65, - 0x65, 0x70, 0x61, 0x6c, 0x69, 0x76, 0x65, 0x52, 0x0c, 0x74, 0x63, 0x70, 0x4b, 0x65, 0x65, 0x70, - 0x61, 0x6c, 0x69, 0x76, 0x65, 0x2a, 0x3e, 0x0a, 0x14, 0x41, 0x75, 0x74, 0x68, 0x65, 0x6e, 0x74, - 0x69, 0x63, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x50, 0x6f, 0x6c, 0x69, 0x63, 0x79, 0x12, 0x08, 0x0a, - 0x04, 0x4e, 0x4f, 0x4e, 0x45, 0x10, 0x00, 0x12, 0x0e, 0x0a, 0x0a, 0x4d, 0x55, 0x54, 0x55, 0x41, - 0x4c, 0x5f, 0x54, 0x4c, 0x53, 0x10, 0x01, 0x12, 0x0c, 0x0a, 0x07, 0x49, 0x4e, 0x48, 0x45, 0x52, - 0x49, 0x54, 0x10, 0xe8, 0x07, 0x2a, 0x88, 0x01, 0x0a, 0x18, 0x46, 0x6f, 0x72, 0x77, 0x61, 0x72, - 0x64, 0x43, 0x6c, 0x69, 0x65, 0x6e, 0x74, 0x43, 0x65, 0x72, 0x74, 0x44, 0x65, 0x74, 0x61, 0x69, - 0x6c, 0x73, 0x12, 0x0d, 0x0a, 0x09, 0x55, 0x4e, 0x44, 0x45, 0x46, 0x49, 0x4e, 0x45, 0x44, 0x10, - 0x00, 0x12, 0x0c, 0x0a, 0x08, 0x53, 0x41, 0x4e, 0x49, 0x54, 0x49, 0x5a, 0x45, 0x10, 0x01, 0x12, - 0x10, 0x0a, 0x0c, 0x46, 0x4f, 0x52, 0x57, 0x41, 0x52, 0x44, 0x5f, 0x4f, 0x4e, 0x4c, 0x59, 0x10, - 0x02, 0x12, 0x12, 0x0a, 0x0e, 0x41, 0x50, 0x50, 0x45, 0x4e, 0x44, 0x5f, 0x46, 0x4f, 0x52, 0x57, - 0x41, 0x52, 0x44, 0x10, 0x03, 0x12, 0x10, 0x0a, 0x0c, 0x53, 0x41, 0x4e, 0x49, 0x54, 0x49, 0x5a, - 0x45, 0x5f, 0x53, 0x45, 0x54, 0x10, 0x04, 0x12, 0x17, 0x0a, 0x13, 0x41, 0x4c, 0x57, 0x41, 0x59, - 0x53, 0x5f, 0x46, 0x4f, 0x52, 0x57, 0x41, 0x52, 0x44, 0x5f, 0x4f, 0x4e, 0x4c, 0x59, 0x10, 0x05, - 0x42, 0x1c, 0x5a, 0x1a, 0x69, 0x73, 0x74, 0x69, 0x6f, 0x2e, 0x69, 0x6f, 0x2f, 0x61, 0x70, 0x69, - 0x2f, 0x6d, 0x65, 0x73, 0x68, 0x2f, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x31, 0x62, 0x06, - 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x33, + 0x65, 0x52, 0x05, 0x63, 0x68, 0x61, 0x69, 0x6e, 0x12, 0x2c, 0x0a, 0x03, 0x64, 0x6e, 0x73, 0x18, + 0x04, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x1a, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x70, + 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2e, 0x42, 0x6f, 0x6f, 0x6c, 0x56, 0x61, 0x6c, 0x75, + 0x65, 0x52, 0x03, 0x64, 0x6e, 0x73, 0x12, 0x2c, 0x0a, 0x03, 0x75, 0x72, 0x69, 0x18, 0x05, 0x20, + 0x01, 0x28, 0x0b, 0x32, 0x1a, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x70, 0x72, 0x6f, + 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2e, 0x42, 0x6f, 0x6f, 0x6c, 0x56, 0x61, 0x6c, 0x75, 0x65, 0x52, + 0x03, 0x75, 0x72, 0x69, 0x22, 0x32, 0x0a, 0x14, 0x4d, 0x65, 0x74, 0x61, 0x64, 0x61, 0x74, 0x61, + 0x45, 0x78, 0x63, 0x68, 0x61, 0x6e, 0x67, 0x65, 0x4d, 0x6f, 0x64, 0x65, 0x12, 0x0d, 0x0a, 0x09, + 0x55, 0x4e, 0x44, 0x45, 0x46, 0x49, 0x4e, 0x45, 0x44, 0x10, 0x00, 0x12, 0x0b, 0x0a, 0x07, 0x49, + 0x4e, 0x5f, 0x4d, 0x45, 0x53, 0x48, 0x10, 0x01, 0x22, 0x6c, 0x0a, 0x12, 0x54, 0x72, 0x61, 0x63, + 0x69, 0x6e, 0x67, 0x53, 0x65, 0x72, 0x76, 0x69, 0x63, 0x65, 0x4e, 0x61, 0x6d, 0x65, 0x12, 0x1b, + 0x0a, 0x17, 0x41, 0x50, 0x50, 0x5f, 0x4c, 0x41, 0x42, 0x45, 0x4c, 0x5f, 0x41, 0x4e, 0x44, 0x5f, + 0x4e, 0x41, 0x4d, 0x45, 0x53, 0x50, 0x41, 0x43, 0x45, 0x10, 0x00, 0x12, 0x17, 0x0a, 0x13, 0x43, + 0x41, 0x4e, 0x4f, 0x4e, 0x49, 0x43, 0x41, 0x4c, 0x5f, 0x4e, 0x41, 0x4d, 0x45, 0x5f, 0x4f, 0x4e, + 0x4c, 0x59, 0x10, 0x01, 0x12, 0x20, 0x0a, 0x1c, 0x43, 0x41, 0x4e, 0x4f, 0x4e, 0x49, 0x43, 0x41, + 0x4c, 0x5f, 0x4e, 0x41, 0x4d, 0x45, 0x5f, 0x41, 0x4e, 0x44, 0x5f, 0x4e, 0x41, 0x4d, 0x45, 0x53, + 0x50, 0x41, 0x43, 0x45, 0x10, 0x02, 0x22, 0x3d, 0x0a, 0x17, 0x49, 0x6e, 0x62, 0x6f, 0x75, 0x6e, + 0x64, 0x49, 0x6e, 0x74, 0x65, 0x72, 0x63, 0x65, 0x70, 0x74, 0x69, 0x6f, 0x6e, 0x4d, 0x6f, 0x64, + 0x65, 0x12, 0x0c, 0x0a, 0x08, 0x52, 0x45, 0x44, 0x49, 0x52, 0x45, 0x43, 0x54, 0x10, 0x00, 0x12, + 0x0a, 0x0a, 0x06, 0x54, 0x50, 0x52, 0x4f, 0x58, 0x59, 0x10, 0x01, 0x12, 0x08, 0x0a, 0x04, 0x4e, + 0x4f, 0x4e, 0x45, 0x10, 0x02, 0x42, 0x0e, 0x0a, 0x0c, 0x63, 0x6c, 0x75, 0x73, 0x74, 0x65, 0x72, + 0x5f, 0x6e, 0x61, 0x6d, 0x65, 0x4a, 0x04, 0x08, 0x05, 0x10, 0x06, 0x4a, 0x04, 0x08, 0x09, 0x10, + 0x0a, 0x52, 0x18, 0x70, 0x61, 0x72, 0x65, 0x6e, 0x74, 0x5f, 0x73, 0x68, 0x75, 0x74, 0x64, 0x6f, + 0x77, 0x6e, 0x5f, 0x64, 0x75, 0x72, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x52, 0x0f, 0x63, 0x6f, 0x6e, + 0x6e, 0x65, 0x63, 0x74, 0x5f, 0x74, 0x69, 0x6d, 0x65, 0x6f, 0x75, 0x74, 0x22, 0xeb, 0x01, 0x0a, + 0x0d, 0x52, 0x65, 0x6d, 0x6f, 0x74, 0x65, 0x53, 0x65, 0x72, 0x76, 0x69, 0x63, 0x65, 0x12, 0x18, + 0x0a, 0x07, 0x61, 0x64, 0x64, 0x72, 0x65, 0x73, 0x73, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, + 0x07, 0x61, 0x64, 0x64, 0x72, 0x65, 0x73, 0x73, 0x12, 0x4f, 0x0a, 0x0c, 0x74, 0x6c, 0x73, 0x5f, + 0x73, 0x65, 0x74, 0x74, 0x69, 0x6e, 0x67, 0x73, 0x18, 0x02, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x2c, + 0x2e, 0x69, 0x73, 0x74, 0x69, 0x6f, 0x2e, 0x6e, 0x65, 0x74, 0x77, 0x6f, 0x72, 0x6b, 0x69, 0x6e, + 0x67, 0x2e, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x33, 0x2e, 0x43, 0x6c, 0x69, 0x65, 0x6e, + 0x74, 0x54, 0x4c, 0x53, 0x53, 0x65, 0x74, 0x74, 0x69, 0x6e, 0x67, 0x73, 0x52, 0x0b, 0x74, 0x6c, + 0x73, 0x53, 0x65, 0x74, 0x74, 0x69, 0x6e, 0x67, 0x73, 0x12, 0x6f, 0x0a, 0x0d, 0x74, 0x63, 0x70, + 0x5f, 0x6b, 0x65, 0x65, 0x70, 0x61, 0x6c, 0x69, 0x76, 0x65, 0x18, 0x03, 0x20, 0x01, 0x28, 0x0b, + 0x32, 0x4a, 0x2e, 0x69, 0x73, 0x74, 0x69, 0x6f, 0x2e, 0x6e, 0x65, 0x74, 0x77, 0x6f, 0x72, 0x6b, + 0x69, 0x6e, 0x67, 0x2e, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x33, 0x2e, 0x43, 0x6f, 0x6e, + 0x6e, 0x65, 0x63, 0x74, 0x69, 0x6f, 0x6e, 0x50, 0x6f, 0x6f, 0x6c, 0x53, 0x65, 0x74, 0x74, 0x69, + 0x6e, 0x67, 0x73, 0x2e, 0x54, 0x43, 0x50, 0x53, 0x65, 0x74, 0x74, 0x69, 0x6e, 0x67, 0x73, 0x2e, + 0x54, 0x63, 0x70, 0x4b, 0x65, 0x65, 0x70, 0x61, 0x6c, 0x69, 0x76, 0x65, 0x52, 0x0c, 0x74, 0x63, + 0x70, 0x4b, 0x65, 0x65, 0x70, 0x61, 0x6c, 0x69, 0x76, 0x65, 0x2a, 0x3e, 0x0a, 0x14, 0x41, 0x75, + 0x74, 0x68, 0x65, 0x6e, 0x74, 0x69, 0x63, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x50, 0x6f, 0x6c, 0x69, + 0x63, 0x79, 0x12, 0x08, 0x0a, 0x04, 0x4e, 0x4f, 0x4e, 0x45, 0x10, 0x00, 0x12, 0x0e, 0x0a, 0x0a, + 0x4d, 0x55, 0x54, 0x55, 0x41, 0x4c, 0x5f, 0x54, 0x4c, 0x53, 0x10, 0x01, 0x12, 0x0c, 0x0a, 0x07, + 0x49, 0x4e, 0x48, 0x45, 0x52, 0x49, 0x54, 0x10, 0xe8, 0x07, 0x2a, 0x88, 0x01, 0x0a, 0x18, 0x46, + 0x6f, 0x72, 0x77, 0x61, 0x72, 0x64, 0x43, 0x6c, 0x69, 0x65, 0x6e, 0x74, 0x43, 0x65, 0x72, 0x74, + 0x44, 0x65, 0x74, 0x61, 0x69, 0x6c, 0x73, 0x12, 0x0d, 0x0a, 0x09, 0x55, 0x4e, 0x44, 0x45, 0x46, + 0x49, 0x4e, 0x45, 0x44, 0x10, 0x00, 0x12, 0x0c, 0x0a, 0x08, 0x53, 0x41, 0x4e, 0x49, 0x54, 0x49, + 0x5a, 0x45, 0x10, 0x01, 0x12, 0x10, 0x0a, 0x0c, 0x46, 0x4f, 0x52, 0x57, 0x41, 0x52, 0x44, 0x5f, + 0x4f, 0x4e, 0x4c, 0x59, 0x10, 0x02, 0x12, 0x12, 0x0a, 0x0e, 0x41, 0x50, 0x50, 0x45, 0x4e, 0x44, + 0x5f, 0x46, 0x4f, 0x52, 0x57, 0x41, 0x52, 0x44, 0x10, 0x03, 0x12, 0x10, 0x0a, 0x0c, 0x53, 0x41, + 0x4e, 0x49, 0x54, 0x49, 0x5a, 0x45, 0x5f, 0x53, 0x45, 0x54, 0x10, 0x04, 0x12, 0x17, 0x0a, 0x13, + 0x41, 0x4c, 0x57, 0x41, 0x59, 0x53, 0x5f, 0x46, 0x4f, 0x52, 0x57, 0x41, 0x52, 0x44, 0x5f, 0x4f, + 0x4e, 0x4c, 0x59, 0x10, 0x05, 0x42, 0x1c, 0x5a, 0x1a, 0x69, 0x73, 0x74, 0x69, 0x6f, 0x2e, 0x69, + 0x6f, 0x2f, 0x61, 0x70, 0x69, 0x2f, 0x6d, 0x65, 0x73, 0x68, 0x2f, 0x76, 0x31, 0x61, 0x6c, 0x70, + 0x68, 0x61, 0x31, 0x62, 0x06, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x33, } var ( diff --git a/mesh/v1alpha1/proxy.proto b/mesh/v1alpha1/proxy.proto index 623f2eaea7..f4bc793c74 100644 --- a/mesh/v1alpha1/proxy.proto +++ b/mesh/v1alpha1/proxy.proto @@ -603,6 +603,17 @@ message ProxyConfig { // Specifies the details of the proxy image. istio.networking.v1beta1.ProxyImage image = 35; + // When true, the original case of HTTP/1.x headers will be preserved + // as they pass through the proxy, rather than normalizing them to lowercase. + // This field is particularly useful for applications that require case-sensitive + // headers for interoperability with downstream systems or APIs that expect specific + // casing. + // The preserve_case option only applies to HTTP/1.x traffic, as HTTP/2 requires all headers + // to be lowercase per the protocol specification. Envoy will ignore this field for HTTP/2 + // requests and automatically normalize headers to lowercase, ensuring compliance with HTTP/2 + // standards. + bool preserve_case = 40; + // Specifies the details of the Private Key Provider configuration for gateway and sidecar proxies. PrivateKeyProvider private_key_provider = 38; diff --git a/meta/v1alpha1/status.pb.html b/meta/v1alpha1/status.pb.html index 4d9de89d6b..8674ffc462 100644 --- a/meta/v1alpha1/status.pb.html +++ b/meta/v1alpha1/status.pb.html @@ -19,7 +19,7 @@

IstioStatus

-conditions +conditions IstioCondition[]

Current service state of the resource. @@ -31,7 +31,7 @@

IstioStatus

-validationMessages +validationMessages AnalysisMessageBase[]

Includes any errors or warnings detected by Istio’s analyzers.

@@ -57,7 +57,7 @@

IstioCondition

-type +type string

Type is the type of the condition.

@@ -68,7 +68,7 @@

IstioCondition

-status +status string

Status is the status of the condition. @@ -80,7 +80,7 @@

IstioCondition

-lastProbeTime +lastProbeTime Timestamp

Last time we probed the condition.

@@ -91,7 +91,7 @@

IstioCondition

-lastTransitionTime +lastTransitionTime Timestamp

Last time the condition transitioned from one status to another.

@@ -102,7 +102,7 @@

IstioCondition

-reason +reason string

Unique, one-word, CamelCase reason for the condition’s last transition.

@@ -113,7 +113,7 @@

IstioCondition

-message +message string

Human-readable message indicating details about last transition.

@@ -124,7 +124,7 @@

IstioCondition

-observedGeneration +observedGeneration int64

Resource Generation to which the Condition refers.

diff --git a/networking/v1alpha3/destination_rule.pb.html b/networking/v1alpha3/destination_rule.pb.html index a0786c3e77..5efb061607 100644 --- a/networking/v1alpha3/destination_rule.pb.html +++ b/networking/v1alpha3/destination_rule.pb.html @@ -108,7 +108,7 @@

DestinationRule

-host +host string

The name of a service from the service registry. Service @@ -132,7 +132,7 @@

DestinationRule

-trafficPolicy +trafficPolicy TrafficPolicy

Traffic policies to apply (load balancing policy, connection pool @@ -144,7 +144,7 @@

DestinationRule

-subsets +subsets Subset[]

One or more named sets that represent individual versions of a @@ -156,7 +156,7 @@

DestinationRule

-exportTo +exportTo string[]

A list of namespaces to which this destination rule is exported. @@ -178,7 +178,7 @@

DestinationRule

-workloadSelector +workloadSelector WorkloadSelector

Criteria used to select the specific set of pods/VMs on which this @@ -214,7 +214,7 @@

TrafficPolicy

-loadBalancer +loadBalancer LoadBalancerSettings

Settings controlling the load balancer algorithms.

@@ -225,7 +225,7 @@

TrafficPolicy

-connectionPool +connectionPool ConnectionPoolSettings

Settings controlling the volume of connections to an upstream service

@@ -236,7 +236,7 @@

TrafficPolicy

-outlierDetection +outlierDetection OutlierDetection

Settings controlling eviction of unhealthy hosts from the load balancing pool

@@ -247,7 +247,7 @@

TrafficPolicy

-tls +tls ClientTLSSettings

TLS related settings for connections to the upstream service.

@@ -258,7 +258,7 @@

TrafficPolicy

-portLevelSettings +portLevelSettings PortTrafficPolicy[]

Traffic policies specific to individual ports. Note that port level @@ -273,7 +273,7 @@

TrafficPolicy

-tunnel +tunnel TunnelSettings

Configuration of tunneling TCP over other transport or application layers @@ -286,7 +286,7 @@

TrafficPolicy

-proxyProtocol +proxyProtocol ProxyProtocol

The upstream PROXY protocol settings.

@@ -345,7 +345,7 @@

Subset

-name +name string

Name of the subset. The service name and the subset name can @@ -357,7 +357,7 @@

Subset

-labels +labels map<string, string>

Labels apply a filter over the endpoints of a service in the @@ -369,7 +369,7 @@

Subset

-trafficPolicy +trafficPolicy TrafficPolicy

Traffic policies that apply to this subset. Subsets inherit the @@ -431,7 +431,7 @@

LoadBalancerSettings

-simple +simple SimpleLB (oneof) @@ -440,7 +440,7 @@

LoadBalancerSettings

-consistentHash +consistentHash ConsistentHashLB (oneof) @@ -449,7 +449,7 @@

LoadBalancerSettings

-localityLbSetting +localityLbSetting LocalityLoadBalancerSetting

Locality load balancer settings, this will override mesh wide settings in entirety, meaning no merging would be performed @@ -461,7 +461,7 @@

LoadBalancerSettings

-warmupDurationSecs +warmupDurationSecs Duration

Deprecated: use warmup instead.

@@ -472,7 +472,7 @@

LoadBalancerSettings

-warmup +warmup WarmupConfiguration

Represents the warmup configuration of Service. If set, the newly created endpoint of service @@ -505,7 +505,7 @@

WarmupConfiguration

-duration +duration Duration

Duration of warmup mode

@@ -516,7 +516,7 @@

WarmupConfiguration

-minimumPercent +minimumPercent DoubleValue

Configures the minimum percentage of origin weight @@ -528,7 +528,7 @@

WarmupConfiguration

-aggression +aggression DoubleValue

This parameter controls the speed of traffic increase over the warmup duration. Defaults to 1.0, so that endpoints would @@ -579,7 +579,7 @@

ConnectionPoolSettings

-tcp +tcp TCPSettings

Settings common to both HTTP and TCP upstream connections.

@@ -590,7 +590,7 @@

ConnectionPoolSettings

-http +http HTTPSettings

HTTP connection pool settings.

@@ -649,7 +649,7 @@

OutlierDetection

-splitExternalLocalOriginErrors +splitExternalLocalOriginErrors bool

Determines whether to distinguish local origin failures from external errors. If set to true @@ -667,7 +667,7 @@

OutlierDetection

-consecutiveLocalOriginFailures +consecutiveLocalOriginFailures UInt32Value

The number of consecutive locally originated failures before ejection @@ -680,7 +680,7 @@

OutlierDetection

-consecutiveGatewayErrors +consecutiveGatewayErrors UInt32Value

Number of gateway errors before a host is ejected from the connection pool. @@ -702,7 +702,7 @@

OutlierDetection

-consecutive5xxErrors +consecutive5xxErrors UInt32Value

Number of 5xx errors before a host is ejected from the connection pool. @@ -723,7 +723,7 @@

OutlierDetection

-interval +interval Duration

Time interval between ejection sweep analysis. format: @@ -735,7 +735,7 @@

OutlierDetection

-baseEjectionTime +baseEjectionTime Duration

Minimum ejection duration. A host will remain ejected for a period @@ -750,7 +750,7 @@

OutlierDetection

-maxEjectionPercent +maxEjectionPercent int32

Maximum % of hosts in the load balancing pool for the upstream @@ -762,7 +762,7 @@

OutlierDetection

-minHealthPercent +minHealthPercent int32

Outlier detection will be enabled as long as the associated load balancing @@ -837,7 +837,7 @@

ClientTLSSettings

-mode +mode TLSmode

Indicates whether connections to this port should be secured @@ -849,7 +849,7 @@

ClientTLSSettings

-clientCertificate +clientCertificate string

REQUIRED if mode is MUTUAL. The path to the file holding the @@ -862,7 +862,7 @@

ClientTLSSettings

-privateKey +privateKey string

REQUIRED if mode is MUTUAL. The path to the file holding the @@ -875,7 +875,7 @@

ClientTLSSettings

-caCertificates +caCertificates string

OPTIONAL: The path to the file containing certificate authority @@ -890,7 +890,7 @@

ClientTLSSettings

-credentialName +credentialName string

The name of the secret that holds the TLS certs for the @@ -918,7 +918,7 @@

ClientTLSSettings

-subjectAltNames +subjectAltNames string[]

A list of alternate names to verify the subject identity in the @@ -935,7 +935,7 @@

ClientTLSSettings

-sni +sni string

SNI string to present to the server during TLS handshake. @@ -948,7 +948,7 @@

ClientTLSSettings

-insecureSkipVerify +insecureSkipVerify BoolValue

insecureSkipVerify specifies whether the proxy should skip verifying the @@ -961,7 +961,7 @@

ClientTLSSettings

-caCrl +caCrl string

OPTIONAL: The path to the file containing the certificate revocation list (CRL) @@ -1033,7 +1033,7 @@

LocalityLoadBalancerSetting

-distribute +distribute Distribute[]

Optional: only one of distribute, failover or failoverPriority can be set. @@ -1047,7 +1047,7 @@

LocalityLoadBalancerSetting

-failover +failover Failover[]

Optional: only one of distribute, failover or failoverPriority can be set. @@ -1061,7 +1061,7 @@

LocalityLoadBalancerSetting

-failoverPriority +failoverPriority string[]

failoverPriority is an ordered list of labels used to sort endpoints to do priority based load balancing. @@ -1133,7 +1133,7 @@

LocalityLoadBalancerSetting

-enabled +enabled BoolValue

enable locality load balancing, this is DestinationRule-level and will override mesh wide settings in entirety. @@ -1162,7 +1162,7 @@

TrafficPolicy.PortTrafficPolicy

-port +port PortSelector

Specifies the number of a port on the destination service @@ -1174,7 +1174,7 @@

TrafficPolicy.PortTrafficPolicy

-loadBalancer +loadBalancer LoadBalancerSettings

Settings controlling the load balancer algorithms.

@@ -1185,7 +1185,7 @@

TrafficPolicy.PortTrafficPolicy

-connectionPool +connectionPool ConnectionPoolSettings

Settings controlling the volume of connections to an upstream service

@@ -1196,7 +1196,7 @@

TrafficPolicy.PortTrafficPolicy

-outlierDetection +outlierDetection OutlierDetection

Settings controlling eviction of unhealthy hosts from the load balancing pool

@@ -1207,7 +1207,7 @@

TrafficPolicy.PortTrafficPolicy

-tls +tls ClientTLSSettings

TLS related settings for connections to the upstream service.

@@ -1233,7 +1233,7 @@

TrafficPolicy.TunnelSettings

-protocol +protocol string

Specifies which protocol to use for tunneling the downstream connection. @@ -1249,7 +1249,7 @@

TrafficPolicy.TunnelSettings

-targetHost +targetHost string

Specifies a host to which the downstream connection is tunneled. @@ -1261,7 +1261,7 @@

TrafficPolicy.TunnelSettings

-targetPort +targetPort uint32

Specifies a port to which the downstream connection is tunneled.

@@ -1287,7 +1287,7 @@

TrafficPolicy.ProxyProtocol

-version +version VERSION

The PROXY protocol version to use. See https://www.haproxy.org/download/2.1/doc/proxy-protocol.txt for details. @@ -1329,7 +1329,7 @@

LoadBalancerSettings.ConsistentHa -httpHeaderName +httpHeaderName string (oneof)

Hash based on a specific HTTP header.

@@ -1340,7 +1340,7 @@

LoadBalancerSettings.ConsistentHa -httpCookie +httpCookie HTTPCookie (oneof)

Hash based on HTTP cookie.

@@ -1351,7 +1351,7 @@

LoadBalancerSettings.ConsistentHa -useSourceIp +useSourceIp bool (oneof)

Hash based on the source IP address. @@ -1363,7 +1363,7 @@

LoadBalancerSettings.ConsistentHa -httpQueryParameterName +httpQueryParameterName string (oneof)

Hash based on a specific HTTP query parameter.

@@ -1374,7 +1374,7 @@

LoadBalancerSettings.ConsistentHa -ringHash +ringHash RingHash (oneof)

The ring/modulo hash load balancer implements consistent hashing to backend hosts.

@@ -1385,7 +1385,7 @@

LoadBalancerSettings.ConsistentHa -maglev +maglev MagLev (oneof)

The Maglev load balancer implements consistent hashing to backend hosts.

@@ -1396,7 +1396,7 @@

LoadBalancerSettings.ConsistentHa -minimumRingSize +minimumRingSize uint64

Deprecated. Use RingHash instead.

@@ -1422,7 +1422,7 @@

LoadBalancerSettings.Con -minimumRingSize +minimumRingSize uint64

The minimum number of virtual nodes to use for the hash @@ -1452,7 +1452,7 @@

LoadBalancerSettings.Consi -tableSize +tableSize uint64

The table size for Maglev hashing. This helps in controlling the @@ -1485,7 +1485,7 @@

LoadBalancerSettings.C -name +name string

Name of the cookie.

@@ -1496,7 +1496,7 @@

LoadBalancerSettings.C -path +path string

Path to set for the cookie.

@@ -1507,7 +1507,7 @@

LoadBalancerSettings.C -ttl +ttl Duration

Lifetime of the cookie. If specified, a cookie with the TTL will be @@ -1537,7 +1537,7 @@

ConnectionPoolSettings.TCPSettings -maxConnections +maxConnections int32

Maximum number of HTTP1 /TCP connections to a destination host. Default 2^32-1.

@@ -1548,7 +1548,7 @@

ConnectionPoolSettings.TCPSettings -connectTimeout +connectTimeout Duration

TCP connection timeout. format: @@ -1560,7 +1560,7 @@

ConnectionPoolSettings.TCPSettings -tcpKeepalive +tcpKeepalive TcpKeepalive

If set then set SO_KEEPALIVE on the socket to enable TCP Keepalives.

@@ -1571,7 +1571,7 @@

ConnectionPoolSettings.TCPSettings -maxConnectionDuration +maxConnectionDuration Duration

The maximum duration of a connection. The duration is defined as the period since a connection @@ -1584,7 +1584,7 @@

ConnectionPoolSettings.TCPSettings -idleTimeout +idleTimeout Duration

The idle timeout for TCP connections. @@ -1619,7 +1619,7 @@

ConnectionPoolSettings.HTTPSettings -http1MaxPendingRequests +http1MaxPendingRequests int32

Maximum number of requests that will be queued while waiting for @@ -1634,7 +1634,7 @@

ConnectionPoolSettings.HTTPSettings -http2MaxRequests +http2MaxRequests int32

Maximum number of active requests to a destination. Default 2^32-1. @@ -1646,7 +1646,7 @@

ConnectionPoolSettings.HTTPSettings -maxRequestsPerConnection +maxRequestsPerConnection int32

Maximum number of requests per connection to a backend. Setting this @@ -1659,7 +1659,7 @@

ConnectionPoolSettings.HTTPSettings -maxRetries +maxRetries int32

Maximum number of retries that can be outstanding to all hosts in a @@ -1671,7 +1671,7 @@

ConnectionPoolSettings.HTTPSettings -idleTimeout +idleTimeout Duration

The idle timeout for upstream connection pool connections. The idle timeout @@ -1688,7 +1688,7 @@

ConnectionPoolSettings.HTTPSettings -h2UpgradePolicy +h2UpgradePolicy H2UpgradePolicy

Specify if http1.1 connection should be upgraded to http2 for the associated destination.

@@ -1699,7 +1699,7 @@

ConnectionPoolSettings.HTTPSettings -useClientProtocol +useClientProtocol bool

If set to true, client protocol will be preserved while initiating connection to backend. @@ -1712,7 +1712,7 @@

ConnectionPoolSettings.HTTPSettings -maxConcurrentStreams +maxConcurrentStreams int32

The maximum number of concurrent streams allowed for a peer on one HTTP/2 connection. @@ -1741,7 +1741,7 @@

ConnectionPoolSettings. -probes +probes uint32

Maximum number of keepalive probes to send without response before @@ -1754,7 +1754,7 @@

ConnectionPoolSettings. -time +time Duration

The time duration a connection needs to be idle before keep-alive @@ -1767,7 +1767,7 @@

ConnectionPoolSettings. -interval +interval Duration

The time duration between keep-alive probes. @@ -1803,7 +1803,7 @@

LocalityLoadBalancerSetting.Dist -from +from string

Originating locality, ‘/’ separated, e.g. ‘region/zone/sub_zone’.

@@ -1814,7 +1814,7 @@

LocalityLoadBalancerSetting.Dist -to +to map<string, uint32>

Map of upstream localities to traffic distribution weights. The sum of @@ -1850,7 +1850,7 @@

LocalityLoadBalancerSetting.Failov -from +from string

Originating region.

@@ -1861,7 +1861,7 @@

LocalityLoadBalancerSetting.Failov -to +to string

Destination region the traffic will fail over to when endpoints in @@ -1891,7 +1891,7 @@

google.protobuf.UInt32Value

-value +value uint32

The uint32 value.

@@ -1915,14 +1915,14 @@

TrafficPolicy.ProxyProtocol.VERSION -V1 +V1

⁣PROXY protocol version 1. Human readable format.

-V2 +V2

⁣PROXY protocol version 2. Binary format.

@@ -1944,7 +1944,7 @@

LoadBalancerSettings.SimpleLB

-UNSPECIFIED +UNSPECIFIED

No load balancing algorithm has been specified by the user. Istio will select an appropriate default.

@@ -1952,7 +1952,7 @@

LoadBalancerSettings.SimpleLB

-RANDOM +RANDOM

The random load balancer selects a random healthy host. The random load balancer generally performs better than round robin if no health @@ -1961,7 +1961,7 @@

LoadBalancerSettings.SimpleLB

-PASSTHROUGH +PASSTHROUGH

This option will forward the connection to the original IP address requested by the caller without doing any form of load @@ -1972,7 +1972,7 @@

LoadBalancerSettings.SimpleLB

-ROUND_ROBIN +ROUND_ROBIN

A basic round robin load balancing policy. This is generally unsafe for many scenarios (e.g. when endpoint weighting is used) as it can @@ -1982,7 +1982,7 @@

LoadBalancerSettings.SimpleLB

-LEAST_REQUEST +LEAST_REQUEST

The least request load balancer spreads load across endpoints, favoring endpoints with the least outstanding requests. This is generally safer @@ -1992,7 +1992,7 @@

LoadBalancerSettings.SimpleLB

-LEAST_CONN +LEAST_CONN

Deprecated. Use LEAST_REQUEST instead.

@@ -2014,14 +2014,14 @@

ConnectionPoolSetti -DEFAULT +DEFAULT

Use the global default.

-DO_NOT_UPGRADE +DO_NOT_UPGRADE

Do not upgrade the connection to http2. This opt-out option overrides the default.

@@ -2029,7 +2029,7 @@

ConnectionPoolSetti -UPGRADE +UPGRADE

Upgrade the connection to http2. This opt-in option overrides the default.

@@ -2052,21 +2052,21 @@

ClientTLSSettings.TLSmode

-DISABLE +DISABLE

Do not setup a TLS connection to the upstream endpoint.

-SIMPLE +SIMPLE

Originate a TLS connection to the upstream endpoint.

-MUTUAL +MUTUAL

Secure connections to the upstream using mutual TLS by presenting client certificates for authentication.

@@ -2074,7 +2074,7 @@

ClientTLSSettings.TLSmode

-ISTIO_MUTUAL +ISTIO_MUTUAL

Secure connections to the upstream using mutual TLS by presenting client certificates for authentication. diff --git a/networking/v1alpha3/envoy_filter.pb.html b/networking/v1alpha3/envoy_filter.pb.html index 2abc80bef9..8008c6c708 100644 --- a/networking/v1alpha3/envoy_filter.pb.html +++ b/networking/v1alpha3/envoy_filter.pb.html @@ -368,7 +368,7 @@

EnvoyFilter

-workloadSelector +workloadSelector WorkloadSelector

Criteria used to select the specific set of pods/VMs on which @@ -384,7 +384,7 @@

EnvoyFilter

-targetRefs +targetRefs PolicyTargetReference[]

Optional. The targetRefs specifies a list of resources the policy should be @@ -409,7 +409,7 @@

EnvoyFilter

-configPatches +configPatches EnvoyConfigObjectPatch[]

One or more patches with match conditions.

@@ -420,7 +420,7 @@

EnvoyFilter

-priority +priority int32

Priority defines the order in which patch sets are applied within a context. @@ -460,7 +460,7 @@

EnvoyFilter.ProxyMatch

-proxyVersion +proxyVersion string

A regular expression in golang regex format (RE2) that can be @@ -478,7 +478,7 @@

EnvoyFilter.ProxyMatch

-metadata +metadata map<string, string>

Match on the node metadata supplied by a proxy when connecting @@ -512,7 +512,7 @@

EnvoyFilter.ClusterMatch

-portNumber +portNumber uint32

The service port for which this cluster was generated. If @@ -525,7 +525,7 @@

EnvoyFilter.ClusterMatch

-service +service string

The fully qualified service name for this cluster. If omitted, @@ -540,7 +540,7 @@

EnvoyFilter.ClusterMatch

-subset +subset string

The subset associated with the service. If omitted, applies to @@ -552,7 +552,7 @@

EnvoyFilter.ClusterMatch

-name +name string

The exact name of the cluster to match. To match a specific @@ -585,7 +585,7 @@

EnvoyFilter.RouteConfigurationMatch -portNumber +portNumber uint32

The service port number or gateway server port number for which @@ -598,7 +598,7 @@

EnvoyFilter.RouteConfigurationMatch -portName +portName string

Applicable only for GATEWAY context. The gateway server port @@ -610,7 +610,7 @@

EnvoyFilter.RouteConfigurationMatch -gateway +gateway string

The Istio gateway config’s namespace/name for which this route @@ -626,7 +626,7 @@

EnvoyFilter.RouteConfigurationMatch -vhost +vhost VirtualHostMatch

Match a specific virtual host in a route configuration and @@ -638,7 +638,7 @@

EnvoyFilter.RouteConfigurationMatch -name +name string

Route configuration name to match on. Can be used to match a @@ -670,7 +670,7 @@

EnvoyFilter.ListenerMatch

-portNumber +portNumber uint32

The service port/gateway port to which traffic is being @@ -684,7 +684,7 @@

EnvoyFilter.ListenerMatch

-filterChain +filterChain FilterChainMatch

Match a specific filter chain in a listener. If specified, the @@ -698,7 +698,7 @@

EnvoyFilter.ListenerMatch

-listenerFilter +listenerFilter string

Match a specific listener filter. If specified, the @@ -710,7 +710,7 @@

EnvoyFilter.ListenerMatch

-name +name string

Match a specific listener by its name. The listeners generated @@ -739,7 +739,7 @@

EnvoyFilter.Patch

-operation +operation Operation

Determines how the patch should be applied.

@@ -750,7 +750,7 @@

EnvoyFilter.Patch

-value +value Struct

The JSON config of the object being patched. This will be merged using @@ -762,7 +762,7 @@

EnvoyFilter.Patch

-filterClass +filterClass FilterClass

Determines the filter insertion order.

@@ -791,7 +791,7 @@

EnvoyFilter.EnvoyConfigObjectMatch -context +context PatchContext

The specific config generation context to match on. Istio Pilot @@ -804,7 +804,7 @@

EnvoyFilter.EnvoyConfigObjectMatch -proxy +proxy ProxyMatch

Match on properties associated with a proxy.

@@ -815,7 +815,7 @@

EnvoyFilter.EnvoyConfigObjectMatch -listener +listener ListenerMatch (oneof)

Match on envoy listener attributes.

@@ -826,7 +826,7 @@

EnvoyFilter.EnvoyConfigObjectMatch -routeConfiguration +routeConfiguration RouteConfigurationMatch (oneof)

Match on envoy HTTP route configuration attributes.

@@ -837,7 +837,7 @@

EnvoyFilter.EnvoyConfigObjectMatch -cluster +cluster ClusterMatch (oneof)

Match on envoy cluster attributes.

@@ -865,7 +865,7 @@

EnvoyFilter.EnvoyConfigObjectPatch -applyTo +applyTo ApplyTo

Specifies where in the Envoy configuration, the patch should be @@ -884,7 +884,7 @@

EnvoyFilter.EnvoyConfigObjectPatch -match +match EnvoyConfigObjectMatch

Match on listener/route configuration/cluster.

@@ -895,7 +895,7 @@

EnvoyFilter.EnvoyConfigObjectPatch -patch +patch Patch

The patch to apply along with the operation.

@@ -923,7 +923,7 @@

EnvoyFilter.RouteConfigu -name +name string

The Route objects generated by default are named as @@ -937,7 +937,7 @@

EnvoyFilter.RouteConfigu -action +action Action

Match a route with specific action type.

@@ -965,7 +965,7 @@

EnvoyFilter.RouteC -name +name string

The VirtualHosts objects generated by Istio are named as @@ -979,7 +979,7 @@

EnvoyFilter.RouteC -route +route RouteMatch

Match a specific route within the virtual host.

@@ -1010,7 +1010,7 @@

EnvoyFilter.ListenerMatch.Fi -name +name string

The name assigned to the filter chain.

@@ -1021,7 +1021,7 @@

EnvoyFilter.ListenerMatch.Fi -sni +sni string

The SNI value used by a filter chain’s match condition. This @@ -1034,7 +1034,7 @@

EnvoyFilter.ListenerMatch.Fi -transportProtocol +transportProtocol string

Applies only to SIDECAR_INBOUND context. If non-empty, a @@ -1054,7 +1054,7 @@

EnvoyFilter.ListenerMatch.Fi -applicationProtocols +applicationProtocols string

Applies only to sidecars. If non-empty, a comma separated set @@ -1070,7 +1070,7 @@

EnvoyFilter.ListenerMatch.Fi -filter +filter FilterMatch

The name of a specific filter to apply the patch to. Set this @@ -1083,7 +1083,7 @@

EnvoyFilter.ListenerMatch.Fi -destinationPort +destinationPort uint32

The destination_port value used by a filter chain’s match condition. @@ -1112,7 +1112,7 @@

EnvoyFilter.ListenerMatch.FilterM -name +name string

The filter name to match on. @@ -1125,7 +1125,7 @@

EnvoyFilter.ListenerMatch.FilterM -subFilter +subFilter SubFilterMatch

The next level filter within this filter to match @@ -1158,7 +1158,7 @@

EnvoyFilter.ListenerMatch.SubF -name +name string

The filter name to match on.

@@ -1184,28 +1184,28 @@

EnvoyFilter.Route -ANY +ANY

All three route actions

-ROUTE +ROUTE

Route traffic to a cluster / weighted clusters.

-REDIRECT +REDIRECT

Redirect request.

-DIRECT_RESPONSE +DIRECT_RESPONSE

directly respond to a request with specific payload.

@@ -1228,12 +1228,12 @@

EnvoyFilter.Patch.Operation

-INVALID +INVALID -MERGE +MERGE

Merge the provided config with the generated config using proto merge semantics. If you are specifying config in its @@ -1242,7 +1242,7 @@

EnvoyFilter.Patch.Operation

-ADD +ADD

Add the provided config to an existing list (of listeners, clusters, virtual hosts, network filters, or http @@ -1252,7 +1252,7 @@

EnvoyFilter.Patch.Operation

-REMOVE +REMOVE

Remove the selected object from the list (of listeners, clusters, virtual hosts, network filters, routes, or http @@ -1263,7 +1263,7 @@

EnvoyFilter.Patch.Operation

-INSERT_BEFORE +INSERT_BEFORE

Insert operation on an array of named objects. This operation is typically useful only in the context of filters or routes, @@ -1278,7 +1278,7 @@

EnvoyFilter.Patch.Operation

-INSERT_AFTER +INSERT_AFTER

Insert operation on an array of named objects. This operation is typically useful only in the context of filters or routes, @@ -1293,7 +1293,7 @@

EnvoyFilter.Patch.Operation

-INSERT_FIRST +INSERT_FIRST

Insert operation on an array of named objects. This operation is typically useful only in the context of filters or routes, @@ -1308,7 +1308,7 @@

EnvoyFilter.Patch.Operation

-REPLACE +REPLACE

Replace contents of a named filter with new contents. REPLACE operation is only valid for HTTP_FILTER and @@ -1341,7 +1341,7 @@

EnvoyFilter.Patch.FilterClass

-UNSPECIFIED +UNSPECIFIED

Control plane decides where to insert the filter. Do not specify FilterClass if the filter is independent of others.

@@ -1349,21 +1349,21 @@

EnvoyFilter.Patch.FilterClass

-AUTHN +AUTHN

Insert filter after Istio authentication filters.

-AUTHZ +AUTHZ

Insert filter after Istio authorization filters.

-STATS +STATS

Insert filter before Istio stats filters.

@@ -1385,26 +1385,26 @@

EnvoyFilter.ApplyTo

-INVALID +INVALID -LISTENER +LISTENER

Applies the patch to the listener.

-FILTER_CHAIN +FILTER_CHAIN

Applies the patch to the filter chain.

-NETWORK_FILTER +NETWORK_FILTER

Applies the patch to the network filter chain, to modify an existing filter or add a new filter.

@@ -1412,7 +1412,7 @@

EnvoyFilter.ApplyTo

-HTTP_FILTER +HTTP_FILTER

Applies the patch to the HTTP filter chain in the http connection manager, to modify an existing filter or add a new @@ -1421,7 +1421,7 @@

EnvoyFilter.ApplyTo

-ROUTE_CONFIGURATION +ROUTE_CONFIGURATION

Applies the patch to the Route configuration (rds output) inside a HTTP connection manager. This does not apply to the @@ -1431,14 +1431,14 @@

EnvoyFilter.ApplyTo

-VIRTUAL_HOST +VIRTUAL_HOST

Applies the patch to a virtual host inside a route configuration.

-HTTP_ROUTE +HTTP_ROUTE

Applies the patch to a route object inside the matched virtual host in a route configuration.

@@ -1446,14 +1446,14 @@

EnvoyFilter.ApplyTo

-CLUSTER +CLUSTER

Applies the patch to a cluster in a CDS output. Also used to add new clusters.

-EXTENSION_CONFIG +EXTENSION_CONFIG

Applies the patch to or adds an extension config in ECDS output. Note that ECDS is only supported by HTTP filters.

@@ -1461,14 +1461,14 @@

EnvoyFilter.ApplyTo

-BOOTSTRAP +BOOTSTRAP

DEPRECATED. Applies the patch to bootstrap configuration.

-LISTENER_FILTER +LISTENER_FILTER

Applies the patch to the listener filter.

@@ -1491,28 +1491,28 @@

EnvoyFilter.PatchContext

-ANY +ANY

All listeners/routes/clusters in both sidecars and gateways.

-SIDECAR_INBOUND +SIDECAR_INBOUND

Inbound listener/route/cluster in sidecar.

-SIDECAR_OUTBOUND +SIDECAR_OUTBOUND

Outbound listener/route/cluster in sidecar.

-GATEWAY +GATEWAY

Gateway listener/route/cluster.

diff --git a/networking/v1alpha3/gateway.pb.html b/networking/v1alpha3/gateway.pb.html index d63e31adc7..a797b2ad12 100644 --- a/networking/v1alpha3/gateway.pb.html +++ b/networking/v1alpha3/gateway.pb.html @@ -180,7 +180,7 @@

Gateway

-servers +servers Server[]

A list of server specifications.

@@ -191,7 +191,7 @@

Gateway

-selector +selector map<string, string>

One or more labels that indicate a specific set of pods/VMs @@ -281,7 +281,7 @@

Server

-port +port Port

The Port on which the proxy should listen for incoming @@ -293,7 +293,7 @@

Server

-bind +bind string

The ip or the Unix domain socket to which the listener should be bound @@ -311,7 +311,7 @@

Server

-hosts +hosts string[]

One or more hosts exposed by this gateway. @@ -347,7 +347,7 @@

Server

-tls +tls ServerTLSSettings

Set of TLS related options that govern the server’s behavior. Use @@ -360,7 +360,7 @@

Server

-name +name string

An optional name of the server, when set must be unique across all servers. @@ -390,7 +390,7 @@

Port

-number +number uint32

A valid non-negative integer port number.

@@ -401,7 +401,7 @@

Port

-protocol +protocol string

The protocol exposed on the port. @@ -415,7 +415,7 @@

Port

-name +name string

Label assigned to the port.

@@ -441,7 +441,7 @@

ServerTLSSettings

-httpsRedirect +httpsRedirect bool

If set to true, the load balancer will send a 301 redirect for @@ -453,7 +453,7 @@

ServerTLSSettings

-mode +mode TLSmode

Optional: Indicates whether connections to this port should be @@ -466,7 +466,7 @@

ServerTLSSettings

-serverCertificate +serverCertificate string

REQUIRED if mode is SIMPLE or MUTUAL. The path to the file @@ -478,7 +478,7 @@

ServerTLSSettings

-privateKey +privateKey string

REQUIRED if mode is SIMPLE or MUTUAL. The path to the file @@ -490,7 +490,7 @@

ServerTLSSettings

-caCertificates +caCertificates string

REQUIRED if mode is MUTUAL or OPTIONAL_MUTUAL. The path to a file @@ -503,7 +503,7 @@

ServerTLSSettings

-caCrl +caCrl string

OPTIONAL: The path to the file containing the certificate revocation list (CRL) @@ -518,7 +518,7 @@

ServerTLSSettings

-credentialName +credentialName string

For gateways running on Kubernetes, the name of the secret that @@ -540,7 +540,7 @@

ServerTLSSettings

-subjectAltNames +subjectAltNames string[]

A list of alternate names to verify the subject identity in the @@ -553,7 +553,7 @@

ServerTLSSettings

-verifyCertificateSpki +verifyCertificateSpki string[]

An optional list of base64-encoded SHA-256 hashes of the SPKIs of @@ -568,7 +568,7 @@

ServerTLSSettings

-verifyCertificateHash +verifyCertificateHash string[]

An optional list of hex-encoded SHA-256 hashes of the @@ -584,7 +584,7 @@

ServerTLSSettings

-minProtocolVersion +minProtocolVersion TLSProtocol

Optional: Minimum TLS protocol version. By default, it is TLSV1_2. @@ -598,7 +598,7 @@

ServerTLSSettings

-maxProtocolVersion +maxProtocolVersion TLSProtocol

Optional: Maximum TLS protocol version.

@@ -609,7 +609,7 @@

ServerTLSSettings

-cipherSuites +cipherSuites string[]

Optional: If specified, only support the specified cipher list. @@ -655,7 +655,7 @@

ServerTLSSettings.TLSmode

-PASSTHROUGH +PASSTHROUGH

The SNI string presented by the client will be used as the match criterion in a VirtualService TLS route to determine @@ -664,7 +664,7 @@

ServerTLSSettings.TLSmode

-SIMPLE +SIMPLE

Secure connections with standard TLS semantics. In this mode client certificate is not requested during handshake.

@@ -672,7 +672,7 @@

ServerTLSSettings.TLSmode

-MUTUAL +MUTUAL

Secure connections to the downstream using mutual TLS by presenting server certificates for authentication. @@ -682,7 +682,7 @@

ServerTLSSettings.TLSmode

-AUTO_PASSTHROUGH +AUTO_PASSTHROUGH

Similar to the passthrough mode, except servers with this TLS mode do not require an associated VirtualService to map from @@ -699,7 +699,7 @@

ServerTLSSettings.TLSmode

-ISTIO_MUTUAL +ISTIO_MUTUAL

Secure connections from the downstream using mutual TLS by presenting server certificates for authentication. Compared @@ -711,7 +711,7 @@

ServerTLSSettings.TLSmode

-OPTIONAL_MUTUAL +OPTIONAL_MUTUAL

Similar to MUTUAL mode, except that the client certificate is optional. Unlike SIMPLE mode, A client certificate will @@ -738,35 +738,35 @@

ServerTLSSettings.TLSProtocol

-TLS_AUTO +TLS_AUTO

Automatically choose the optimal TLS version.

-TLSV1_0 +TLSV1_0

TLS version 1.0

-TLSV1_1 +TLSV1_1

TLS version 1.1

-TLSV1_2 +TLSV1_2

TLS version 1.2

-TLSV1_3 +TLSV1_3

TLS version 1.3

diff --git a/networking/v1alpha3/service_entry.pb.html b/networking/v1alpha3/service_entry.pb.html index 089ad89666..a5cc7f0782 100644 --- a/networking/v1alpha3/service_entry.pb.html +++ b/networking/v1alpha3/service_entry.pb.html @@ -356,7 +356,7 @@

ServiceEntry

-hosts +hosts string[]

The hosts associated with the ServiceEntry. Could be a DNS @@ -389,7 +389,7 @@

ServiceEntry

-addresses +addresses string[]

The virtual IP addresses associated with the service. Could be CIDR @@ -413,7 +413,7 @@

ServiceEntry

-ports +ports ServicePort[]

The ports associated with the external service. If the @@ -426,7 +426,7 @@

ServiceEntry

-location +location Location

Specify whether the service should be considered external to the mesh @@ -438,7 +438,7 @@

ServiceEntry

-resolution +resolution Resolution

Service resolution mode for the hosts. Care must be taken @@ -452,7 +452,7 @@

ServiceEntry

-endpoints +endpoints WorkloadEntry[]

One or more endpoints associated with the service. Only one of @@ -464,7 +464,7 @@

ServiceEntry

-workloadSelector +workloadSelector WorkloadSelector

Applicable only for MESH_INTERNAL services. Only one of @@ -480,7 +480,7 @@

ServiceEntry

-exportTo +exportTo string[]

A list of namespaces to which this service is exported. Exporting a service @@ -503,7 +503,7 @@

ServiceEntry

-subjectAltNames +subjectAltNames string[]

If specified, the proxy will verify that the server certificate’s @@ -536,7 +536,7 @@

ServicePort

-number +number uint32

A valid non-negative integer port number.

@@ -547,7 +547,7 @@

ServicePort

-protocol +protocol string

The protocol exposed on the port. @@ -561,7 +561,7 @@

ServicePort

-name +name string

Label assigned to the port.

@@ -572,7 +572,7 @@

ServicePort

-targetPort +targetPort uint32

The port number on the endpoint where the traffic will be @@ -599,7 +599,7 @@

ServiceEntryStatus

-conditions +conditions IstioCondition[]

Current service state of ServiceEntry. @@ -611,7 +611,7 @@

ServiceEntryStatus

-validationMessages +validationMessages AnalysisMessageBase[]

Includes any errors or warnings detected by Istio’s analyzers.

@@ -622,7 +622,7 @@

ServiceEntryStatus

-observedGeneration +observedGeneration int64

Resource Generation to which the Reconciled Condition refers. @@ -635,7 +635,7 @@

ServiceEntryStatus

-addresses +addresses ServiceEntryAddress[]

List of addresses which were assigned to this ServiceEntry.

@@ -663,7 +663,7 @@

ServiceEntryAddress

-value +value string

Value is the address (192.168.0.2)

@@ -674,7 +674,7 @@

ServiceEntryAddress

-host +host string

Host is the name associated with this address

@@ -705,7 +705,7 @@

ServiceEntry.Location

-MESH_EXTERNAL +MESH_EXTERNAL

Signifies that the service is external to the mesh. Typically used to indicate external services consumed through APIs.

@@ -713,7 +713,7 @@

ServiceEntry.Location

-MESH_INTERNAL +MESH_INTERNAL

Signifies that the service is part of the mesh. Typically used to indicate services added explicitly as part of expanding the service @@ -746,7 +746,7 @@

ServiceEntry.Resolution

-NONE +NONE

Assume that incoming connections have already been resolved (to a specific destination IP address). Such connections are typically @@ -758,7 +758,7 @@

ServiceEntry.Resolution

-STATIC +STATIC

Use the static IP addresses specified in endpoints (see below) as the backing instances associated with the service.

@@ -766,7 +766,7 @@

ServiceEntry.Resolution

-DNS +DNS

Attempt to resolve the IP address by querying the ambient DNS, asynchronously. If no endpoints are specified, the proxy @@ -779,7 +779,7 @@

ServiceEntry.Resolution

-DNS_ROUND_ROBIN +DNS_ROUND_ROBIN

Attempt to resolve the IP address by querying the ambient DNS, asynchronously. Unlike DNS, DNS_ROUND_ROBIN only uses the diff --git a/networking/v1alpha3/sidecar.pb.html b/networking/v1alpha3/sidecar.pb.html index f43302e7ca..25f3ec343d 100644 --- a/networking/v1alpha3/sidecar.pb.html +++ b/networking/v1alpha3/sidecar.pb.html @@ -321,7 +321,7 @@

Sidecar

-workloadSelector +workloadSelector WorkloadSelector

Criteria used to select the specific set of pods/VMs on which this @@ -334,7 +334,7 @@

Sidecar

-ingress +ingress IstioIngressListener[]

Ingress specifies the configuration of the sidecar for processing @@ -350,7 +350,7 @@

Sidecar

-egress +egress IstioEgressListener[]

Egress specifies the configuration of the sidecar for processing @@ -364,7 +364,7 @@

Sidecar

-inboundConnectionPool +inboundConnectionPool ConnectionPoolSettings

Settings controlling the volume of connections Envoy will accept from the network. @@ -397,7 +397,7 @@

Sidecar

-outboundTrafficPolicy +outboundTrafficPolicy OutboundTrafficPolicy

Set the default behavior of the sidecar for handling outbound @@ -428,7 +428,7 @@

IstioIngressListener

-port +port SidecarPort

The port associated with the listener.

@@ -439,7 +439,7 @@

IstioIngressListener

-bind +bind string

The IP(IPv4 or IPv6) to which the listener should be bound. @@ -455,7 +455,7 @@

IstioIngressListener

-captureMode +captureMode CaptureMode

The captureMode option dictates how traffic to the listener is @@ -467,7 +467,7 @@

IstioIngressListener

-defaultEndpoint +defaultEndpoint string

The IP endpoint or Unix domain socket to which @@ -485,7 +485,7 @@

IstioIngressListener

-tls +tls ServerTLSSettings

Set of TLS related options that will enable TLS termination on the @@ -498,7 +498,7 @@

IstioIngressListener

-connectionPool +connectionPool ConnectionPoolSettings

Settings controlling the volume of connections Envoy will accept from the network. @@ -533,7 +533,7 @@

IstioEgressListener

-port +port SidecarPort

The port associated with the listener. If using Unix domain socket, @@ -552,7 +552,7 @@

IstioEgressListener

-bind +bind string

The IP(IPv4 or IPv6) or the Unix domain socket to which the listener should be bound @@ -569,7 +569,7 @@

IstioEgressListener

-captureMode +captureMode CaptureMode

When the bind address is an IP, the captureMode option dictates @@ -582,7 +582,7 @@

IstioEgressListener

-hosts +hosts string[]

One or more service hosts exposed by the listener @@ -641,7 +641,7 @@

WorkloadSelector

-labels +labels map<string, string>

One or more labels that indicate a specific set of pods/VMs @@ -673,7 +673,7 @@

OutboundTrafficPolicy

-mode +mode Mode @@ -699,7 +699,7 @@

SidecarPort

-number +number uint32

A valid non-negative integer port number.

@@ -710,7 +710,7 @@

SidecarPort

-protocol +protocol string

The protocol exposed on the port. @@ -724,7 +724,7 @@

SidecarPort

-name +name string

Label assigned to the port.

@@ -748,7 +748,7 @@

OutboundTrafficPolicy.Mode

-REGISTRY_ONLY +REGISTRY_ONLY

In REGISTRY_ONLY mode, unknown outbound traffic will be dropped. Traffic destinations must be explicitly declared into the service registry through ServiceEntry configurations.

@@ -759,7 +759,7 @@

OutboundTrafficPolicy.Mode

-ALLOW_ANY +ALLOW_ANY

In ALLOW_ANY mode, any traffic to unknown destinations will be allowed. Unknown destination traffic will have limited functionality, however, such as reduced observability. @@ -785,21 +785,21 @@

CaptureMode

-DEFAULT +DEFAULT

The default capture mode defined by the environment.

-IPTABLES +IPTABLES

Capture traffic using IPtables redirection.

-NONE +NONE

No traffic capture. When used in an egress listener, the application is expected to explicitly communicate with the listener port or Unix diff --git a/networking/v1alpha3/virtual_service.pb.html b/networking/v1alpha3/virtual_service.pb.html index 8713ce247a..912f74a0c4 100644 --- a/networking/v1alpha3/virtual_service.pb.html +++ b/networking/v1alpha3/virtual_service.pb.html @@ -100,7 +100,7 @@

VirtualService

-hosts +hosts string[]

The destination hosts to which traffic is being sent. Could @@ -135,7 +135,7 @@

VirtualService

-gateways +gateways string[]

The names of gateways and sidecars that should apply these routes. @@ -158,7 +158,7 @@

VirtualService

-http +http HTTPRoute[]

An ordered list of route rules for HTTP traffic. HTTP routes will be @@ -173,7 +173,7 @@

VirtualService

-tls +tls TLSRoute[]

An ordered list of route rule for non-terminated TLS & HTTPS @@ -192,7 +192,7 @@

VirtualService

-tcp +tcp TCPRoute[]

An ordered list of route rules for opaque TCP traffic. TCP routes will @@ -205,7 +205,7 @@

VirtualService

-exportTo +exportTo string[]

A list of namespaces to which this virtual service is exported. Exporting a @@ -355,7 +355,7 @@

Destination

-host +host string

The name of a service from the service registry. Service @@ -378,7 +378,7 @@

Destination

-subset +subset string

The name of a subset within the service. Applicable only to services @@ -391,7 +391,7 @@

Destination

-port +port PortSelector

Specifies the port on the host that is being addressed. If a service @@ -422,7 +422,7 @@

HTTPRoute

-name +name string

The name assigned to the route for debugging purposes. The @@ -436,7 +436,7 @@

HTTPRoute

-match +match HTTPMatchRequest[]

Match conditions to be satisfied for the rule to be @@ -450,7 +450,7 @@

HTTPRoute

-route +route HTTPRouteDestination[]

A HTTP rule can either return a direct_response, redirect or forward (default) traffic. @@ -464,7 +464,7 @@

HTTPRoute

-redirect +redirect HTTPRedirect

A HTTP rule can either return a direct_response, redirect or forward (default) traffic. @@ -478,7 +478,7 @@

HTTPRoute

-directResponse +directResponse HTTPDirectResponse

A HTTP rule can either return a direct_response, redirect or forward (default) traffic. @@ -492,7 +492,7 @@

HTTPRoute

-delegate +delegate Delegate

Delegate is used to specify the particular VirtualService which @@ -513,7 +513,7 @@

HTTPRoute

-rewrite +rewrite HTTPRewrite

Rewrite HTTP URIs and Authority headers. Rewrite cannot be used with @@ -525,7 +525,7 @@

HTTPRoute

-timeout +timeout Duration

Timeout for HTTP requests, default is disabled.

@@ -536,7 +536,7 @@

HTTPRoute

-retries +retries HTTPRetry

Retry policy for HTTP requests.

@@ -552,7 +552,7 @@

HTTPRoute

-fault +fault HTTPFaultInjection

Fault injection policy to apply on HTTP traffic at the client side. @@ -565,7 +565,7 @@

HTTPRoute

-mirror +mirror Destination

Mirror HTTP traffic to a another destination in addition to forwarding @@ -581,7 +581,7 @@

HTTPRoute

-mirrors +mirrors HTTPMirrorPolicy[]

Specifies the destinations to mirror HTTP traffic in addition @@ -597,7 +597,7 @@

HTTPRoute

-mirrorPercentage +mirrorPercentage Percent

Percentage of the traffic to be mirrored by the mirror field. @@ -610,7 +610,7 @@

HTTPRoute

-corsPolicy +corsPolicy CorsPolicy

Cross-Origin Resource Sharing policy (CORS). Refer to @@ -623,7 +623,7 @@

HTTPRoute

-headers +headers Headers

Header manipulation rules

@@ -704,7 +704,7 @@

Delegate

-name +name string

Name specifies the name of the delegate VirtualService.

@@ -715,7 +715,7 @@

Delegate

-namespace +namespace string

Namespace specifies the namespace where the delegate VirtualService resides. @@ -776,7 +776,7 @@

Headers

-request +request HeaderOperations

Header manipulation rules to apply before forwarding a request @@ -788,7 +788,7 @@

Headers

-response +response HeaderOperations

Header manipulation rules to apply before returning a response @@ -845,7 +845,7 @@

TLSRoute

-match +match TLSMatchAttributes[]

Match conditions to be satisfied for the rule to be @@ -859,7 +859,7 @@

TLSRoute

-route +route RouteDestination[]

The destination to which the connection should be forwarded to.

@@ -905,7 +905,7 @@

TCPRoute

-match +match L4MatchAttributes[]

Match conditions to be satisfied for the rule to be @@ -919,7 +919,7 @@

TCPRoute

-route +route RouteDestination[]

The destination to which the connection should be forwarded to.

@@ -976,7 +976,7 @@

HTTPMatchRequest

-name +name string

The name assigned to a match. The match’s name will be @@ -989,7 +989,7 @@

HTTPMatchRequest

-uri +uri StringMatch

URI to match @@ -1014,7 +1014,7 @@

HTTPMatchRequest

-scheme +scheme StringMatch

URI Scheme @@ -1037,7 +1037,7 @@

HTTPMatchRequest

-method +method StringMatch

HTTP Method @@ -1060,7 +1060,7 @@

HTTPMatchRequest

-authority +authority StringMatch

HTTP Authority @@ -1083,7 +1083,7 @@

HTTPMatchRequest

-headers +headers map<string, StringMatch>

The header keys must be lowercase and use hyphen as the separator, @@ -1114,7 +1114,7 @@

HTTPMatchRequest

-port +port uint32

Specifies the ports on the host that is being addressed. Many services @@ -1127,7 +1127,7 @@

HTTPMatchRequest

-sourceLabels +sourceLabels map<string, string>

One or more labels that constrain the applicability of a rule to source (client) workloads @@ -1141,7 +1141,7 @@

HTTPMatchRequest

-gateways +gateways string[]

Names of gateways where the rule should be applied. Gateway names @@ -1154,7 +1154,7 @@

HTTPMatchRequest

-queryParams +queryParams map<string, StringMatch>

Query parameters for matching.

@@ -1185,7 +1185,7 @@

HTTPMatchRequest

-ignoreUriCase +ignoreUriCase bool

Flag to specify whether the URI matching should be case-insensitive.

@@ -1198,7 +1198,7 @@

HTTPMatchRequest

-withoutHeaders +withoutHeaders map<string, StringMatch>

withoutHeader has the same syntax with the header, but has opposite meaning. @@ -1210,7 +1210,7 @@

HTTPMatchRequest

-sourceNamespace +sourceNamespace string

Source namespace constraining the applicability of a rule to workloads in that namespace. @@ -1223,7 +1223,7 @@

HTTPMatchRequest

-statPrefix +statPrefix string

The human readable prefix to use when emitting statistics for this route. @@ -1313,7 +1313,7 @@

HTTPRouteDestination

-destination +destination Destination

Destination uniquely identifies the instances of a service @@ -1325,7 +1325,7 @@

HTTPRouteDestination

-weight +weight int32

Weight specifies the relative proportion of traffic to be forwarded to the destination. A destination will receive weight/(sum of all weights) requests. @@ -1338,7 +1338,7 @@

HTTPRouteDestination

-headers +headers Headers

Header manipulation rules

@@ -1366,7 +1366,7 @@

RouteDestination

-destination +destination Destination

Destination uniquely identifies the instances of a service @@ -1378,7 +1378,7 @@

RouteDestination

-weight +weight int32

Weight specifies the relative proportion of traffic to be forwarded to the destination. A destination will receive weight/(sum of all weights) requests. @@ -1409,7 +1409,7 @@

L4MatchAttributes

-destinationSubnets +destinationSubnets string[]

IPv4 or IPv6 ip addresses of destination with optional subnet. E.g., @@ -1421,7 +1421,7 @@

L4MatchAttributes

-port +port uint32

Specifies the port on the host that is being addressed. Many services @@ -1434,7 +1434,7 @@

L4MatchAttributes

-sourceLabels +sourceLabels map<string, string>

One or more labels that constrain the applicability of a rule to @@ -1448,7 +1448,7 @@

L4MatchAttributes

-gateways +gateways string[]

Names of gateways where the rule should be applied. Gateway names @@ -1461,7 +1461,7 @@

L4MatchAttributes

-sourceNamespace +sourceNamespace string

Source namespace constraining the applicability of a rule to workloads in that namespace. @@ -1491,7 +1491,7 @@

TLSMatchAttributes

-sniHosts +sniHosts string[]

SNI (server name indicator) to match on. Wildcard prefixes @@ -1505,7 +1505,7 @@

TLSMatchAttributes

-destinationSubnets +destinationSubnets string[]

IPv4 or IPv6 ip addresses of destination with optional subnet. E.g., @@ -1517,7 +1517,7 @@

TLSMatchAttributes

-port +port uint32

Specifies the port on the host that is being addressed. Many services @@ -1531,7 +1531,7 @@

TLSMatchAttributes

-sourceLabels +sourceLabels map<string, string>

One or more labels that constrain the applicability of a rule to @@ -1545,7 +1545,7 @@

TLSMatchAttributes

-gateways +gateways string[]

Names of gateways where the rule should be applied. Gateway names @@ -1558,7 +1558,7 @@

TLSMatchAttributes

-sourceNamespace +sourceNamespace string

Source namespace constraining the applicability of a rule to workloads in that namespace. @@ -1608,7 +1608,7 @@

HTTPRedirect

-uri +uri string

On a redirect, overwrite the Path portion of the URL with this @@ -1621,7 +1621,7 @@

HTTPRedirect

-authority +authority string

On a redirect, overwrite the Authority/Host portion of the URL with @@ -1633,7 +1633,7 @@

HTTPRedirect

-port +port uint32 (oneof)

On a redirect, overwrite the port portion of the URL with this value.

@@ -1644,7 +1644,7 @@

HTTPRedirect

-derivePort +derivePort RedirectPortSelection (oneof)

On a redirect, dynamically set the port:

@@ -1659,7 +1659,7 @@

HTTPRedirect

-scheme +scheme string

On a redirect, overwrite the scheme portion of the URL with this value. @@ -1673,7 +1673,7 @@

HTTPRedirect

-redirectCode +redirectCode uint32

On a redirect, Specifies the HTTP status code to use in the redirect @@ -1764,7 +1764,7 @@

HTTPDirectResponse

-status +status uint32

Specifies the HTTP response status to be returned.

@@ -1775,7 +1775,7 @@

HTTPDirectResponse

-body +body HTTPBody

Specifies the content of the response body. If this setting is omitted, @@ -1802,7 +1802,7 @@

HTTPBody

-string +string string (oneof)

response body as a string

@@ -1813,7 +1813,7 @@

HTTPBody

-bytes +bytes bytes (oneof)

response body as base64 encoded bytes.

@@ -1863,7 +1863,7 @@

HTTPRewrite

-uri +uri string

rewrite the path (or the prefix) portion of the URI with this @@ -1876,7 +1876,7 @@

HTTPRewrite

-authority +authority string

rewrite the Authority/Host header with this value.

@@ -1887,7 +1887,7 @@

HTTPRewrite

-uriRegexRewrite +uriRegexRewrite RegexRewrite

rewrite the path portion of the URI with the specified regex.

@@ -1913,7 +1913,7 @@

RegexRewrite

-match +match string

RE2 style regex-based match.

@@ -1924,7 +1924,7 @@

RegexRewrite

-rewrite +rewrite string

The string that should replace into matching portions of original URI. @@ -1961,7 +1961,7 @@

StringMatch

-exact +exact string (oneof)

exact string match

@@ -1972,7 +1972,7 @@

StringMatch

-prefix +prefix string (oneof)

prefix-based match

@@ -1983,7 +1983,7 @@

StringMatch

-regex +regex string (oneof)

RE2 style regex-based match.

@@ -2033,7 +2033,7 @@

HTTPRetry

-attempts +attempts int32

Number of retries to be allowed for a given request. The interval @@ -2049,7 +2049,7 @@

HTTPRetry

-perTryTimeout +perTryTimeout Duration

Timeout per attempt for a given request, including the initial call and any retries. Format: 1h/1m/1s/1ms. MUST BE >=1ms. @@ -2063,7 +2063,7 @@

HTTPRetry

-retryOn +retryOn string

Specifies the conditions under which retry takes place. @@ -2082,7 +2082,7 @@

HTTPRetry

-retryRemoteLocalities +retryRemoteLocalities BoolValue

Flag to specify whether the retries should retry to other localities. @@ -2140,7 +2140,7 @@

CorsPolicy

-allowOrigins +allowOrigins StringMatch[]

String patterns that match allowed origins. @@ -2153,7 +2153,7 @@

CorsPolicy

-allowMethods +allowMethods string[]

List of HTTP methods allowed to access the resource. The content will @@ -2165,7 +2165,7 @@

CorsPolicy

-allowHeaders +allowHeaders string[]

List of HTTP headers that can be used when requesting the @@ -2177,7 +2177,7 @@

CorsPolicy

-exposeHeaders +exposeHeaders string[]

A list of HTTP headers that the browsers are allowed to @@ -2189,7 +2189,7 @@

CorsPolicy

-maxAge +maxAge Duration

Specifies how long the results of a preflight request can be @@ -2201,7 +2201,7 @@

CorsPolicy

-allowCredentials +allowCredentials BoolValue

Indicates whether the caller is allowed to send the actual request @@ -2214,7 +2214,7 @@

CorsPolicy

-unmatchedPreflights +unmatchedPreflights UnmatchedPreflights

Indicates whether preflight requests not matching the configured @@ -2250,7 +2250,7 @@

HTTPFaultInjection

-delay +delay Delay

Delay requests before forwarding, emulating various failures such as @@ -2262,7 +2262,7 @@

HTTPFaultInjection

-abort +abort Abort

Abort Http request attempts and return error codes back to downstream @@ -2296,7 +2296,7 @@

HTTPMirrorPolicy

-destination +destination Destination

Destination specifies the target of the mirror operation.

@@ -2307,7 +2307,7 @@

HTTPMirrorPolicy

-percentage +percentage Percent

Percentage of the traffic to be mirrored by the destination field. @@ -2338,7 +2338,7 @@

PortSelector

-number +number uint32

Valid port number

@@ -2366,7 +2366,7 @@

Percent

-value +value double @@ -2392,7 +2392,7 @@

Headers.HeaderOperations

-set +set map<string, string>

Overwrite the headers specified by key with the given values

@@ -2403,7 +2403,7 @@

Headers.HeaderOperations

-add +add map<string, string>

Append the given values to the headers specified by keys @@ -2415,7 +2415,7 @@

Headers.HeaderOperations

-remove +remove string[]

Remove the specified headers

@@ -2470,7 +2470,7 @@

HTTPFaultInjection.Delay

-fixedDelay +fixedDelay Duration (oneof)

Add a fixed delay before forwarding the request. Format: @@ -2482,7 +2482,7 @@

HTTPFaultInjection.Delay

-percentage +percentage Percent

Percentage of requests on which the delay will be injected. @@ -2494,7 +2494,7 @@

HTTPFaultInjection.Delay

-percent +percent int32

Percentage of requests on which the delay will be injected (0-100). @@ -2548,7 +2548,7 @@

HTTPFaultInjection.Abort

-httpStatus +httpStatus int32 (oneof)

HTTP status code to use to abort the Http request.

@@ -2559,7 +2559,7 @@

HTTPFaultInjection.Abort

-grpcStatus +grpcStatus string (oneof)

GRPC status code to use to abort the request. The supported @@ -2573,7 +2573,7 @@

HTTPFaultInjection.Abort

-percentage +percentage Percent

Percentage of requests to be aborted with the error code provided. @@ -2603,7 +2603,7 @@

google.protobuf.UInt32Value

-value +value uint32

The uint32 value.

@@ -2627,12 +2627,12 @@

HTTPRedirect.RedirectPortSelection -FROM_PROTOCOL_DEFAULT +FROM_PROTOCOL_DEFAULT -FROM_REQUEST_PORT +FROM_REQUEST_PORT @@ -2650,14 +2650,14 @@

CorsPolicy.UnmatchedPreflights

-UNSPECIFIED +UNSPECIFIED

Default to FORWARD

-FORWARD +FORWARD

Preflight requests not matching the configured allowed origin will be forwarded to the upstream.

@@ -2665,7 +2665,7 @@

CorsPolicy.UnmatchedPreflights

-IGNORE +IGNORE

Preflight requests not matching the configured allowed origin will not be forwarded to the upstream.

diff --git a/networking/v1alpha3/workload_entry.pb.html b/networking/v1alpha3/workload_entry.pb.html index d060278ed8..bcd16590e8 100644 --- a/networking/v1alpha3/workload_entry.pb.html +++ b/networking/v1alpha3/workload_entry.pb.html @@ -133,7 +133,7 @@

WorkloadEntry

-address +address string

Address associated with the network endpoint without the @@ -148,7 +148,7 @@

WorkloadEntry

-ports +ports map<string, uint32>

Set of ports associated with the endpoint. If the port map is @@ -170,7 +170,7 @@

WorkloadEntry

-labels +labels map<string, string>

One or more labels associated with the endpoint.

@@ -181,7 +181,7 @@

WorkloadEntry

-network +network string

Network enables Istio to group endpoints resident in the same L3 @@ -199,7 +199,7 @@

WorkloadEntry

-locality +locality string

The locality associated with the endpoint. A locality corresponds @@ -226,7 +226,7 @@

WorkloadEntry

-weight +weight uint32

The load balancing weight associated with the endpoint. Endpoints @@ -238,7 +238,7 @@

WorkloadEntry

-serviceAccount +serviceAccount string

The service account associated with the workload if a sidecar diff --git a/networking/v1alpha3/workload_group.pb.html b/networking/v1alpha3/workload_group.pb.html index 24e29d1b84..e6b3336962 100644 --- a/networking/v1alpha3/workload_group.pb.html +++ b/networking/v1alpha3/workload_group.pb.html @@ -70,7 +70,7 @@

WorkloadGroup

-metadata +metadata ObjectMeta

Metadata that will be used for all corresponding WorkloadEntries. @@ -82,7 +82,7 @@

WorkloadGroup

-template +template WorkloadEntry

Template to be used for the generation of WorkloadEntry resources that belong to this WorkloadGroup. @@ -97,7 +97,7 @@

WorkloadGroup

-probe +probe ReadinessProbe

ReadinessProbe describes the configuration the user must provide for healthchecking on their workload. @@ -124,7 +124,7 @@

ReadinessProbe

-initialDelaySeconds +initialDelaySeconds int32

Number of seconds after the container has started before readiness probes are initiated.

@@ -135,7 +135,7 @@

ReadinessProbe

-timeoutSeconds +timeoutSeconds int32

Number of seconds after which the probe times out. @@ -147,7 +147,7 @@

ReadinessProbe

-periodSeconds +periodSeconds int32

How often (in seconds) to perform the probe. @@ -159,7 +159,7 @@

ReadinessProbe

-successThreshold +successThreshold int32

Minimum consecutive successes for the probe to be considered successful after having failed. @@ -171,7 +171,7 @@

ReadinessProbe

-failureThreshold +failureThreshold int32

Minimum consecutive failures for the probe to be considered failed after having succeeded. @@ -183,7 +183,7 @@

ReadinessProbe

-httpGet +httpGet HTTPHealthCheckConfig (oneof)

httpGet is performed to a given endpoint @@ -195,7 +195,7 @@

ReadinessProbe

-tcpSocket +tcpSocket TCPHealthCheckConfig (oneof)

Health is determined by if the proxy is able to connect.

@@ -206,7 +206,7 @@

ReadinessProbe

-exec +exec ExecHealthCheckConfig (oneof)

Health is determined by how the command that is executed exited.

@@ -232,7 +232,7 @@

HTTPHealthCheckConfig

-path +path string

Path to access on the HTTP server.

@@ -243,7 +243,7 @@

HTTPHealthCheckConfig

-port +port uint32

Port on which the endpoint lives.

@@ -254,7 +254,7 @@

HTTPHealthCheckConfig

-host +host string

Host name to connect to, defaults to the pod IP. You probably want to set @@ -266,7 +266,7 @@

HTTPHealthCheckConfig

-scheme +scheme string

HTTP or HTTPS, defaults to HTTP

@@ -277,7 +277,7 @@

HTTPHealthCheckConfig

-httpHeaders +httpHeaders HTTPHeader[]

Headers the proxy will pass on to make the request. @@ -304,7 +304,7 @@

HTTPHeader

-name +name string

The header field name

@@ -315,7 +315,7 @@

HTTPHeader

-value +value string

The header field value

@@ -341,7 +341,7 @@

TCPHealthCheckConfig

-host +host string

Host to connect to, defaults to localhost

@@ -352,7 +352,7 @@

TCPHealthCheckConfig

-port +port uint32

Port of host

@@ -378,7 +378,7 @@

ExecHealthCheckConfig

-command +command string[]

Command to run. Exit status of 0 is treated as live/healthy and non-zero is unhealthy.

@@ -407,7 +407,7 @@

WorkloadGroup.ObjectMeta

-labels +labels map<string, string>

Labels to attach

@@ -418,7 +418,7 @@

WorkloadGroup.ObjectMeta

-annotations +annotations map<string, string>

Annotations to attach

diff --git a/networking/v1beta1/proxy_config.pb.go b/networking/v1beta1/proxy_config.pb.go index c0f9618061..74644c28f3 100644 --- a/networking/v1beta1/proxy_config.pb.go +++ b/networking/v1beta1/proxy_config.pb.go @@ -81,6 +81,17 @@ // imageType: debug // ``` // +// To preserve the header case for HTTP 1.x requests, set the `preserveCase` field on the `ProxyConfig` resource: +// ```yaml +// apiVersion: networking.istio.io/v1beta1 +// kind: ProxyConfig +// metadata: +// name: my-ns-proxyconfig +// namespace: user-namespace +// spec: +// preserveCase: true +// ``` +// // If a `ProxyConfig` CR is defined that matches a workload it will merge with its `proxy.istio.io/config` annotation if present, // with the CR taking precedence over the annotation for overlapping fields. Similarly, if a mesh wide `ProxyConfig` CR is defined and // `meshConfig.DefaultConfig` is set, the two resources will be merged with the CR taking precedence for overlapping fields. @@ -144,6 +155,16 @@ type ProxyConfig struct { EnvironmentVariables map[string]string `protobuf:"bytes,3,rep,name=environment_variables,json=environmentVariables,proto3" json:"environment_variables,omitempty" protobuf_key:"bytes,1,opt,name=key,proto3" protobuf_val:"bytes,2,opt,name=value,proto3"` // Specifies the details of the proxy image. Image *ProxyImage `protobuf:"bytes,4,opt,name=image,proto3" json:"image,omitempty"` + // When true, the original case of HTTP/1.x headers will be preserved + // as they pass through the proxy, rather than normalizing them to lowercase. + // This field is particularly useful for applications that require case-sensitive + // headers for interoperability with downstream systems or APIs that expect specific + // casing. + // The preserve_case option only applies to HTTP/1.x traffic, as HTTP/2 requires all headers + // to be lowercase per the protocol specification. Envoy will ignore this field for HTTP/2 + // requests and automatically normalize headers to lowercase, ensuring compliance with HTTP/2 + // standards. + PreserveCase bool `protobuf:"varint,5,opt,name=preserve_case,json=preserveCase,proto3" json:"preserve_case,omitempty"` } func (x *ProxyConfig) Reset() { @@ -204,6 +225,13 @@ func (x *ProxyConfig) GetImage() *ProxyImage { return nil } +func (x *ProxyConfig) GetPreserveCase() bool { + if x != nil { + return x.PreserveCase + } + return false +} + // The following values are used to construct proxy image url. // format: `${hub}/${image_name}/${tag}-${image_type}`, // example: `docker.io/istio/proxyv2:1.11.1` or `docker.io/istio/proxyv2:1.11.1-distroless`. @@ -267,7 +295,7 @@ var file_networking_v1beta1_proxy_config_proto_rawDesc = []byte{ 0x31, 0x1a, 0x1e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2f, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2f, 0x77, 0x72, 0x61, 0x70, 0x70, 0x65, 0x72, 0x73, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x1a, 0x1b, 0x74, 0x79, 0x70, 0x65, 0x2f, 0x76, 0x31, 0x62, 0x65, 0x74, 0x61, 0x31, 0x2f, - 0x73, 0x65, 0x6c, 0x65, 0x63, 0x74, 0x6f, 0x72, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x22, 0x89, + 0x73, 0x65, 0x6c, 0x65, 0x63, 0x74, 0x6f, 0x72, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x22, 0xae, 0x03, 0x0a, 0x0b, 0x50, 0x72, 0x6f, 0x78, 0x79, 0x43, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x12, 0x40, 0x0a, 0x08, 0x73, 0x65, 0x6c, 0x65, 0x63, 0x74, 0x6f, 0x72, 0x18, 0x01, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x24, 0x2e, 0x69, 0x73, 0x74, 0x69, 0x6f, 0x2e, 0x74, 0x79, 0x70, 0x65, 0x2e, 0x76, 0x31, @@ -288,17 +316,19 @@ var file_networking_v1beta1_proxy_config_proto_rawDesc = []byte{ 0x20, 0x01, 0x28, 0x0b, 0x32, 0x24, 0x2e, 0x69, 0x73, 0x74, 0x69, 0x6f, 0x2e, 0x6e, 0x65, 0x74, 0x77, 0x6f, 0x72, 0x6b, 0x69, 0x6e, 0x67, 0x2e, 0x76, 0x31, 0x62, 0x65, 0x74, 0x61, 0x31, 0x2e, 0x50, 0x72, 0x6f, 0x78, 0x79, 0x49, 0x6d, 0x61, 0x67, 0x65, 0x52, 0x05, 0x69, 0x6d, 0x61, 0x67, - 0x65, 0x1a, 0x47, 0x0a, 0x19, 0x45, 0x6e, 0x76, 0x69, 0x72, 0x6f, 0x6e, 0x6d, 0x65, 0x6e, 0x74, - 0x56, 0x61, 0x72, 0x69, 0x61, 0x62, 0x6c, 0x65, 0x73, 0x45, 0x6e, 0x74, 0x72, 0x79, 0x12, 0x10, - 0x0a, 0x03, 0x6b, 0x65, 0x79, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x03, 0x6b, 0x65, 0x79, - 0x12, 0x14, 0x0a, 0x05, 0x76, 0x61, 0x6c, 0x75, 0x65, 0x18, 0x02, 0x20, 0x01, 0x28, 0x09, 0x52, - 0x05, 0x76, 0x61, 0x6c, 0x75, 0x65, 0x3a, 0x02, 0x38, 0x01, 0x22, 0x2b, 0x0a, 0x0a, 0x50, 0x72, - 0x6f, 0x78, 0x79, 0x49, 0x6d, 0x61, 0x67, 0x65, 0x12, 0x1d, 0x0a, 0x0a, 0x69, 0x6d, 0x61, 0x67, - 0x65, 0x5f, 0x74, 0x79, 0x70, 0x65, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x09, 0x69, 0x6d, - 0x61, 0x67, 0x65, 0x54, 0x79, 0x70, 0x65, 0x42, 0x21, 0x5a, 0x1f, 0x69, 0x73, 0x74, 0x69, 0x6f, - 0x2e, 0x69, 0x6f, 0x2f, 0x61, 0x70, 0x69, 0x2f, 0x6e, 0x65, 0x74, 0x77, 0x6f, 0x72, 0x6b, 0x69, - 0x6e, 0x67, 0x2f, 0x76, 0x31, 0x62, 0x65, 0x74, 0x61, 0x31, 0x62, 0x06, 0x70, 0x72, 0x6f, 0x74, - 0x6f, 0x33, + 0x65, 0x12, 0x23, 0x0a, 0x0d, 0x70, 0x72, 0x65, 0x73, 0x65, 0x72, 0x76, 0x65, 0x5f, 0x63, 0x61, + 0x73, 0x65, 0x18, 0x05, 0x20, 0x01, 0x28, 0x08, 0x52, 0x0c, 0x70, 0x72, 0x65, 0x73, 0x65, 0x72, + 0x76, 0x65, 0x43, 0x61, 0x73, 0x65, 0x1a, 0x47, 0x0a, 0x19, 0x45, 0x6e, 0x76, 0x69, 0x72, 0x6f, + 0x6e, 0x6d, 0x65, 0x6e, 0x74, 0x56, 0x61, 0x72, 0x69, 0x61, 0x62, 0x6c, 0x65, 0x73, 0x45, 0x6e, + 0x74, 0x72, 0x79, 0x12, 0x10, 0x0a, 0x03, 0x6b, 0x65, 0x79, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, + 0x52, 0x03, 0x6b, 0x65, 0x79, 0x12, 0x14, 0x0a, 0x05, 0x76, 0x61, 0x6c, 0x75, 0x65, 0x18, 0x02, + 0x20, 0x01, 0x28, 0x09, 0x52, 0x05, 0x76, 0x61, 0x6c, 0x75, 0x65, 0x3a, 0x02, 0x38, 0x01, 0x22, + 0x2b, 0x0a, 0x0a, 0x50, 0x72, 0x6f, 0x78, 0x79, 0x49, 0x6d, 0x61, 0x67, 0x65, 0x12, 0x1d, 0x0a, + 0x0a, 0x69, 0x6d, 0x61, 0x67, 0x65, 0x5f, 0x74, 0x79, 0x70, 0x65, 0x18, 0x01, 0x20, 0x01, 0x28, + 0x09, 0x52, 0x09, 0x69, 0x6d, 0x61, 0x67, 0x65, 0x54, 0x79, 0x70, 0x65, 0x42, 0x21, 0x5a, 0x1f, + 0x69, 0x73, 0x74, 0x69, 0x6f, 0x2e, 0x69, 0x6f, 0x2f, 0x61, 0x70, 0x69, 0x2f, 0x6e, 0x65, 0x74, + 0x77, 0x6f, 0x72, 0x6b, 0x69, 0x6e, 0x67, 0x2f, 0x76, 0x31, 0x62, 0x65, 0x74, 0x61, 0x31, 0x62, + 0x06, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x33, } var ( diff --git a/networking/v1beta1/proxy_config.pb.html b/networking/v1beta1/proxy_config.pb.html index 353f56db73..3a24e04e09 100644 --- a/networking/v1beta1/proxy_config.pb.html +++ b/networking/v1beta1/proxy_config.pb.html @@ -51,6 +51,15 @@ image: imageType: debug +

To preserve the header case for HTTP 1.x requests, set the preserveCase field on the ProxyConfig resource:

+
apiVersion: networking.istio.io/v1beta1
+kind: ProxyConfig
+metadata:
+  name: my-ns-proxyconfig
+  namespace: user-namespace
+spec:
+  preserveCase: true
+

If a ProxyConfig CR is defined that matches a workload it will merge with its proxy.istio.io/config annotation if present, with the CR taking precedence over the annotation for overlapping fields. Similarly, if a mesh wide ProxyConfig CR is defined and meshConfig.DefaultConfig is set, the two resources will be merged with the CR taking precedence for overlapping fields.

@@ -70,7 +79,7 @@

ProxyConfig

-selector +selector WorkloadSelector

Optional. Selectors specify the set of pods/VMs on which this ProxyConfig resource should be applied. @@ -82,7 +91,7 @@

ProxyConfig

-concurrency +concurrency Int32Value

The number of worker threads to run. @@ -95,7 +104,7 @@

ProxyConfig

-environmentVariables +environmentVariables map<string, string>

Additional environment variables for the proxy. @@ -107,11 +116,30 @@

ProxyConfig

-image +image ProxyImage

Specifies the details of the proxy image.

+ + +No + + + +preserveCase +bool + +

When true, the original case of HTTP/1.x headers will be preserved +as they pass through the proxy, rather than normalizing them to lowercase. +This field is particularly useful for applications that require case-sensitive +headers for interoperability with downstream systems or APIs that expect specific +casing. +The preserve_case option only applies to HTTP/1.x traffic, as HTTP/2 requires all headers +to be lowercase per the protocol specification. Envoy will ignore this field for HTTP/2 +requests and automatically normalize headers to lowercase, ensuring compliance with HTTP/2 +standards.

+ No @@ -138,7 +166,7 @@

ProxyImage

-imageType +imageType string

The image type of the image. diff --git a/networking/v1beta1/proxy_config.proto b/networking/v1beta1/proxy_config.proto index 6b6e5a8a0c..6dccafd7c3 100644 --- a/networking/v1beta1/proxy_config.proto +++ b/networking/v1beta1/proxy_config.proto @@ -80,6 +80,17 @@ import "type/v1beta1/selector.proto"; // imageType: debug // ``` // +// To preserve the header case for HTTP 1.x requests, set the `preserveCase` field on the `ProxyConfig` resource: +// ```yaml +// apiVersion: networking.istio.io/v1beta1 +// kind: ProxyConfig +// metadata: +// name: my-ns-proxyconfig +// namespace: user-namespace +// spec: +// preserveCase: true +// ``` +// // If a `ProxyConfig` CR is defined that matches a workload it will merge with its `proxy.istio.io/config` annotation if present, // with the CR taking precedence over the annotation for overlapping fields. Similarly, if a mesh wide `ProxyConfig` CR is defined and // `meshConfig.DefaultConfig` is set, the two resources will be merged with the CR taking precedence for overlapping fields. @@ -127,6 +138,17 @@ message ProxyConfig { // Specifies the details of the proxy image. ProxyImage image = 4; + + // When true, the original case of HTTP/1.x headers will be preserved + // as they pass through the proxy, rather than normalizing them to lowercase. + // This field is particularly useful for applications that require case-sensitive + // headers for interoperability with downstream systems or APIs that expect specific + // casing. + // The preserve_case option only applies to HTTP/1.x traffic, as HTTP/2 requires all headers + // to be lowercase per the protocol specification. Envoy will ignore this field for HTTP/2 + // requests and automatically normalize headers to lowercase, ensuring compliance with HTTP/2 + // standards. + bool preserve_case = 5; } // The following values are used to construct proxy image url. @@ -139,4 +161,4 @@ message ProxyImage { // Other values are allowed if those image types (example: centos) are published to the specified hub. // supported values: default, debug, distroless. string image_type = 1; -} +} \ No newline at end of file diff --git a/releasenotes/notes/preserve-header-case.yaml b/releasenotes/notes/preserve-header-case.yaml new file mode 100644 index 0000000000..1b49a975bd --- /dev/null +++ b/releasenotes/notes/preserve-header-case.yaml @@ -0,0 +1,8 @@ +apiVersion: release-notes/v2 +kind: feature +area: traffic-management +issue: + - https://github.com/istio/istio/issues/53680 +releaseNotes: + - | + **Added** a feature to preserve the original case of HTTP/1.x headers. \ No newline at end of file diff --git a/security/v1alpha1/ca.pb.html b/security/v1alpha1/ca.pb.html index 4854efdfd5..93ed49648c 100644 --- a/security/v1alpha1/ca.pb.html +++ b/security/v1alpha1/ca.pb.html @@ -37,7 +37,7 @@

IstioCertificateRequest

-csr +csr string

PEM-encoded certificate request. @@ -50,7 +50,7 @@

IstioCertificateRequest

-validityDuration +validityDuration int64

Optional: requested certificate validity period, in seconds.

@@ -78,7 +78,7 @@

IstioCertificateResponse

-certChain +certChain string[]

PEM-encoded certificate chain. diff --git a/security/v1beta1/authorization_policy.pb.html b/security/v1beta1/authorization_policy.pb.html index e72d57260c..555312211b 100644 --- a/security/v1beta1/authorization_policy.pb.html +++ b/security/v1beta1/authorization_policy.pb.html @@ -209,7 +209,7 @@

AuthorizationPolicy

-selector +selector WorkloadSelector

Optional. The selector decides where to apply the authorization policy. The selector will match with workloads @@ -224,7 +224,7 @@

AuthorizationPolicy

-targetRefs +targetRefs PolicyTargetReference[]

Optional. The targetRefs specifies a list of resources the policy should be @@ -249,7 +249,7 @@

AuthorizationPolicy

-rules +rules Rule[]

Optional. A list of rules to match the request. A match occurs when at least one rule matches the request.

@@ -262,7 +262,7 @@

AuthorizationPolicy

-action +action Action

Optional. The action to take if the request is matched with the rules. Default is ALLOW if not specified.

@@ -273,7 +273,7 @@

AuthorizationPolicy

-provider +provider ExtensionProvider (oneof)

Specifies detailed configuration of the CUSTOM action. Must be used only with CUSTOM action.

@@ -310,7 +310,7 @@

Rule

-from +from From[]

Optional. from specifies the source of a request.

@@ -322,7 +322,7 @@

Rule

-to +to To[]

Optional. to specifies the operation of a request.

@@ -334,7 +334,7 @@

Rule

-when +when Condition[]

Optional. when specifies a list of additional conditions of a request.

@@ -370,7 +370,7 @@

Source

-principals +principals string[]

Optional. A list of peer identities derived from the peer certificate. The peer identity is in the format of @@ -384,7 +384,7 @@

Source

-notPrincipals +notPrincipals string[]

Optional. A list of negative match of peer identities.

@@ -395,7 +395,7 @@

Source

-requestPrincipals +requestPrincipals string[]

Optional. A list of request identities derived from the JWT. The request identity is in the format of @@ -409,7 +409,7 @@

Source

-notRequestPrincipals +notRequestPrincipals string[]

Optional. A list of negative match of request identities.

@@ -420,7 +420,7 @@

Source

-namespaces +namespaces string[]

Optional. A list of namespaces derived from the peer certificate. @@ -433,7 +433,7 @@

Source

-notNamespaces +notNamespaces string[]

Optional. A list of negative match of namespaces.

@@ -444,7 +444,7 @@

Source

-ipBlocks +ipBlocks string[]

Optional. A list of IP blocks, populated from the source address of the IP packet. Single IP (e.g. 203.0.113.4) and @@ -457,7 +457,7 @@

Source

-notIpBlocks +notIpBlocks string[]

Optional. A list of negative match of IP blocks.

@@ -468,7 +468,7 @@

Source

-remoteIpBlocks +remoteIpBlocks string[]

Optional. A list of IP blocks, populated from X-Forwarded-For header or proxy protocol. @@ -485,7 +485,7 @@

Source

-notRemoteIpBlocks +notRemoteIpBlocks string[]

Optional. A list of negative match of remote IP blocks.

@@ -520,7 +520,7 @@

Operation

-hosts +hosts string[]

Optional. A list of hosts as specified in the HTTP request. The match is case-insensitive. @@ -534,7 +534,7 @@

Operation

-notHosts +notHosts string[]

Optional. A list of negative match of hosts as specified in the HTTP request. The match is case-insensitive.

@@ -545,7 +545,7 @@

Operation

-ports +ports string[]

Optional. A list of ports as specified in the connection.

@@ -557,7 +557,7 @@

Operation

-notPorts +notPorts string[]

Optional. A list of negative match of ports as specified in the connection.

@@ -568,7 +568,7 @@

Operation

-methods +methods string[]

Optional. A list of methods as specified in the HTTP request. @@ -581,7 +581,7 @@

Operation

-notMethods +notMethods string[]

Optional. A list of negative match of methods as specified in the HTTP request.

@@ -592,7 +592,7 @@

Operation

-paths +paths string[]

Optional. A list of paths as specified in the HTTP request. See the Authorization Policy Normalization @@ -622,7 +622,7 @@

Operation

-notPaths +notPaths string[]

Optional. A list of negative match of paths.

@@ -650,7 +650,7 @@

Condition

-key +key string

The name of an Istio attribute. @@ -662,7 +662,7 @@

Condition

-values +values string[]

Optional. A list of allowed values for the attribute. @@ -674,7 +674,7 @@

Condition

-notValues +notValues string[]

Optional. A list of negative match of values for the attribute. @@ -701,7 +701,7 @@

AuthorizationPolicy.ExtensionProv -name +name string

Specifies the name of the extension provider. The list of available providers is defined in the MeshConfig. @@ -730,7 +730,7 @@

Rule.From

-source +source Source

Source specifies the source of a request.

@@ -758,7 +758,7 @@

Rule.To

-operation +operation Operation

Operation specifies the operation of a request.

@@ -784,28 +784,28 @@

AuthorizationPolicy.Action

-ALLOW +ALLOW

Allow a request only if it matches the rules. This is the default type.

-DENY +DENY

Deny a request if it matches any of the rules.

-AUDIT +AUDIT

Audit a request if it matches any of the rules.

-CUSTOM +CUSTOM

The CUSTOM action allows an extension to handle the user request if the matching rules evaluate to true. The extension is evaluated independently and before the native ALLOW and DENY actions. When used together, A request diff --git a/security/v1beta1/peer_authentication.pb.html b/security/v1beta1/peer_authentication.pb.html index 7859bf03c7..7da31505e0 100644 --- a/security/v1beta1/peer_authentication.pb.html +++ b/security/v1beta1/peer_authentication.pb.html @@ -99,7 +99,7 @@

PeerAuthentication

-selector +selector WorkloadSelector

The selector determines the workloads to apply the PeerAuthentication on. The selector will match with workloads in the @@ -113,7 +113,7 @@

PeerAuthentication

-mtls +mtls MutualTLS

Mutual TLS settings for workload. If not defined, inherit from parent.

@@ -124,7 +124,7 @@

PeerAuthentication

-portLevelMtls +portLevelMtls map<uint32, MutualTLS>

Port specific mutual TLS settings. These only apply when a workload selector @@ -154,7 +154,7 @@

PeerAuthentication.MutualTLS

-mode +mode Mode

Defines the mTLS mode used for peer authentication.

@@ -178,28 +178,28 @@

PeerAuthentication.MutualTLS.Mode

-UNSET +UNSET

Inherit from parent, if has one. Otherwise treated as PERMISSIVE.

-DISABLE +DISABLE

Connection is not tunneled.

-PERMISSIVE +PERMISSIVE

Connection can be either plaintext or mTLS tunnel.

-STRICT +STRICT

Connection is an mTLS tunnel (TLS with client cert must be presented).

diff --git a/security/v1beta1/request_authentication.pb.html b/security/v1beta1/request_authentication.pb.html index e98e1f2ce0..a0b664c7cf 100644 --- a/security/v1beta1/request_authentication.pb.html +++ b/security/v1beta1/request_authentication.pb.html @@ -214,7 +214,7 @@

RequestAuthentication

-selector +selector WorkloadSelector

Optional. The selector decides where to apply the request authentication policy. The selector will match with workloads @@ -229,7 +229,7 @@

RequestAuthentication

-targetRefs +targetRefs PolicyTargetReference[]

Optional. The targetRefs specifies a list of resources the policy should be @@ -254,7 +254,7 @@

RequestAuthentication

-jwtRules +jwtRules JWTRule[]

Define the list of JWTs that can be validated at the selected workloads’ proxy. A valid token @@ -308,7 +308,7 @@

JWTRule

-issuer +issuer string

Identifies the issuer that issued the JWT. See @@ -323,7 +323,7 @@

JWTRule

-audiences +audiences string[]

The list of JWT @@ -343,7 +343,7 @@

JWTRule

-jwksUri +jwksUri string

URL of the provider’s public key set to validate signature of the @@ -362,7 +362,7 @@

JWTRule

-jwks +jwks string

JSON Web Key Set of public keys to validate signature of the JWT. @@ -375,7 +375,7 @@

JWTRule

-fromHeaders +fromHeaders JWTHeader[]

List of header locations from which JWT is expected. For example, below is the location spec @@ -393,7 +393,7 @@

JWTRule

-fromParams +fromParams string[]

List of query parameters from which JWT is expected. For example, if JWT is provided via query @@ -410,7 +410,7 @@

JWTRule

-outputPayloadToHeader +outputPayloadToHeader string

This field specifies the header name to output a successfully verified JWT payload to the @@ -423,7 +423,7 @@

JWTRule

-fromCookies +fromCookies string[]

List of cookie names from which JWT is expected. // @@ -441,7 +441,7 @@

JWTRule

-forwardOriginalToken +forwardOriginalToken bool

If set to true, the original token will be kept for the upstream request. Default is false.

@@ -452,7 +452,7 @@

JWTRule

-outputClaimToHeaders +outputClaimToHeaders ClaimToHeader[]

This field specifies a list of operations to copy the claim to HTTP headers on a successfully verified token. @@ -474,7 +474,7 @@

JWTRule

-timeout +timeout Duration

The maximum amount of time that the resolver, determined by the PILOT_JWT_ENABLE_REMOTE_JWKS environment variable, @@ -503,7 +503,7 @@

JWTHeader

-name +name string

The HTTP header name.

@@ -514,7 +514,7 @@

JWTHeader

-prefix +prefix string

The prefix that should be stripped before decoding the token. @@ -544,7 +544,7 @@

ClaimToHeader

-header +header string

The name of the header to be created. The header will be overridden if it already exists in the request.

@@ -555,7 +555,7 @@

ClaimToHeader

-claim +claim string

The name of the claim to be copied from. Only claim of type string/int/bool is supported. diff --git a/telemetry/v1alpha1/telemetry.pb.html b/telemetry/v1alpha1/telemetry.pb.html index 1f84f8f8ec..f78539abbf 100644 --- a/telemetry/v1alpha1/telemetry.pb.html +++ b/telemetry/v1alpha1/telemetry.pb.html @@ -204,7 +204,7 @@

Telemetry

-selector +selector WorkloadSelector

Optional. The selector decides where to apply the policy. @@ -218,7 +218,7 @@

Telemetry

-targetRefs +targetRefs PolicyTargetReference[]

Optional. The targetRefs specifies a list of resources the policy should be @@ -243,7 +243,7 @@

Telemetry

-tracing +tracing Tracing[]

Optional. Tracing configures the tracing behavior for all @@ -255,7 +255,7 @@

Telemetry

-metrics +metrics Metrics[]

Optional. Metrics configures the metrics behavior for all @@ -267,7 +267,7 @@

Telemetry

-accessLogging +accessLogging AccessLogging[]

Optional. Access logging configures the access logging behavior for all @@ -303,7 +303,7 @@

Tracing

-match +match TracingSelector

Allows tailoring of behavior to specific conditions.

@@ -314,7 +314,7 @@

Tracing

-providers +providers ProviderRef[]

Optional. Name of provider(s) to use for span reporting. If a provider is @@ -329,7 +329,7 @@

Tracing

-randomSamplingPercentage +randomSamplingPercentage DoubleValue

Controls the rate at which traffic will be selected for tracing if no @@ -347,7 +347,7 @@

Tracing

-disableSpanReporting +disableSpanReporting BoolValue

Controls span reporting. If set to true, no spans will be reported for @@ -360,7 +360,7 @@

Tracing

-customTags +customTags map<string, CustomTag>

Optional. Configures additional custom tags to the generated trace spans.

@@ -371,7 +371,7 @@

Tracing

-enableIstioTags +enableIstioTags BoolValue

Determines whether or not trace spans generated by Envoy will include Istio specific tags. @@ -401,7 +401,7 @@

ProviderRef

-name +name string

Required. Name of Telemetry provider in MeshConfig.

@@ -431,7 +431,7 @@

Metrics

-providers +providers ProviderRef[]

Optional. Name of providers to which this configuration should apply. @@ -445,7 +445,7 @@

Metrics

-overrides +overrides MetricsOverrides[]

Optional. Ordered list of overrides to metrics generation behavior.

@@ -468,7 +468,7 @@

Metrics

-reportingInterval +reportingInterval Duration

Optional. Reporting interval allows configuration of the time between calls out to for metrics reporting. @@ -499,7 +499,7 @@

MetricSelector

-metric +metric IstioMetric (oneof)

One of the well-known Istio Standard Metrics.

@@ -510,7 +510,7 @@

MetricSelector

-customMetric +customMetric string (oneof)

Allows free-form specification of a metric. No validation of custom @@ -522,7 +522,7 @@

MetricSelector

-mode +mode WorkloadMode

Controls which mode of metrics generation is selected: CLIENT, SERVER, @@ -552,7 +552,7 @@

MetricsOverrides

-match +match MetricSelector

Match allows providing the scope of the override. It can be used to select @@ -567,7 +567,7 @@

MetricsOverrides

-disabled +disabled BoolValue

Optional. Must explicitly set this to true to turn off metrics reporting @@ -581,7 +581,7 @@

MetricsOverrides

-tagOverrides +tagOverrides map<string, TagOverride>

Optional. Collection of tag names and tag expressions to override in the @@ -616,7 +616,7 @@

AccessLogging

-match +match LogSelector

Allows tailoring of logging behavior to specific conditions.

@@ -627,7 +627,7 @@

AccessLogging

-providers +providers ProviderRef[]

Optional. Name of providers to which this configuration should apply. @@ -640,7 +640,7 @@

AccessLogging

-disabled +disabled BoolValue

Controls logging. If set to true, no access logs will be generated for @@ -655,7 +655,7 @@

AccessLogging

-filter +filter Filter

Optional. If specified, this filter will be used to select specific @@ -685,7 +685,7 @@

Tracing.TracingSelector

-mode +mode WorkloadMode

This determines whether or not to apply the tracing configuration @@ -719,7 +719,7 @@

Tracing.CustomTag

-literal +literal Literal (oneof)

Literal adds the same, hard-coded value to each span.

@@ -730,7 +730,7 @@

Tracing.CustomTag

-environment +environment Environment (oneof)

Environment adds the value of an environment variable to each span.

@@ -741,7 +741,7 @@

Tracing.CustomTag

-header +header RequestHeader (oneof)

RequestHeader adds the value of an header from the request to each @@ -768,7 +768,7 @@

Tracing.Literal

-value +value string

The tag value to use.

@@ -794,7 +794,7 @@

Tracing.Environment

-name +name string

Name of the environment variable from which to extract the tag value.

@@ -805,7 +805,7 @@

Tracing.Environment

-defaultValue +defaultValue string

Optional. If the environment variable is not found, this value will be @@ -832,7 +832,7 @@

Tracing.RequestHeader

-name +name string

Name of the header from which to extract the tag value.

@@ -843,7 +843,7 @@

Tracing.RequestHeader

-defaultValue +defaultValue string

Optional. If the header is not found, this value will be @@ -874,7 +874,7 @@

MetricsOverrides.TagOverride

-operation +operation Operation

Operation controls whether or not to update/add a tag, or to remove it.

@@ -885,7 +885,7 @@

MetricsOverrides.TagOverride

-value +value string

Value is only considered if the operation is UPSERT. @@ -925,7 +925,7 @@

AccessLogging.LogSelector

-mode +mode WorkloadMode

This determines whether or not to apply the access logging configuration @@ -954,7 +954,7 @@

AccessLogging.Filter

-expression +expression string

CEL expression for selecting when requests/connections should be logged.

@@ -988,7 +988,7 @@

MetricSelector.IstioMetric

-ALL_METRICS +ALL_METRICS

Use of this enum indicates that the override should apply to all Istio default metrics.

@@ -996,7 +996,7 @@

MetricSelector.IstioMetric

-REQUEST_COUNT +REQUEST_COUNT

Counter of requests to/from an application, generated for HTTP, HTTP/2, and GRPC traffic.

@@ -1010,7 +1010,7 @@

MetricSelector.IstioMetric

-REQUEST_DURATION +REQUEST_DURATION

Histogram of request durations, generated for HTTP, HTTP/2, and GRPC traffic.

@@ -1025,7 +1025,7 @@

MetricSelector.IstioMetric

-REQUEST_SIZE +REQUEST_SIZE

Histogram of request body sizes, generated for HTTP, HTTP/2, and GRPC traffic.

@@ -1039,7 +1039,7 @@

MetricSelector.IstioMetric

-RESPONSE_SIZE +RESPONSE_SIZE

Histogram of response body sizes, generated for HTTP, HTTP/2, and GRPC traffic.

@@ -1053,7 +1053,7 @@

MetricSelector.IstioMetric

-TCP_OPENED_CONNECTIONS +TCP_OPENED_CONNECTIONS

Counter of TCP connections opened over lifetime of workload.

The Prometheus provider exports this metric as: @@ -1067,7 +1067,7 @@

MetricSelector.IstioMetric

-TCP_CLOSED_CONNECTIONS +TCP_CLOSED_CONNECTIONS

Counter of TCP connections closed over lifetime of workload.

The Prometheus provider exports this metric as: @@ -1081,7 +1081,7 @@

MetricSelector.IstioMetric

-TCP_SENT_BYTES +TCP_SENT_BYTES

Counter of bytes sent during a response over a TCP connection.

The Prometheus provider exports this metric as: @@ -1095,7 +1095,7 @@

MetricSelector.IstioMetric

-TCP_RECEIVED_BYTES +TCP_RECEIVED_BYTES

Counter of bytes received during a request over a TCP connection.

The Prometheus provider exports this metric as: @@ -1109,7 +1109,7 @@

MetricSelector.IstioMetric

-GRPC_REQUEST_MESSAGES +GRPC_REQUEST_MESSAGES

Counter incremented for every gRPC messages sent from a client.

The Prometheus provider exports this metric as: @@ -1118,7 +1118,7 @@

MetricSelector.IstioMetric

-GRPC_RESPONSE_MESSAGES +GRPC_RESPONSE_MESSAGES

Counter incremented for every gRPC messages sent from a server.

The Prometheus provider exports this metric as: @@ -1140,7 +1140,7 @@

MetricsOverrides.TagOverride.Ope -UPSERT +UPSERT

Insert or Update the tag with the provided value expression. The value field MUST be specified if UPSERT is used as the operation.

@@ -1148,7 +1148,7 @@

MetricsOverrides.TagOverride.Ope -REMOVE +REMOVE

Specifies that the tag should not be included in the metric when generated.

@@ -1176,7 +1176,7 @@

WorkloadMode

-CLIENT_AND_SERVER +CLIENT_AND_SERVER

Selects for scenarios when the workload is either the source or destination of the network traffic.

@@ -1184,7 +1184,7 @@

WorkloadMode

-CLIENT +CLIENT

Selects for scenarios when the workload is the source of the network traffic.

@@ -1192,7 +1192,7 @@

WorkloadMode

-SERVER +SERVER

Selects for scenarios when the workload is the destination of the network traffic.

diff --git a/type/v1beta1/selector.pb.html b/type/v1beta1/selector.pb.html index 83377e6811..8c96cc3b5a 100644 --- a/type/v1beta1/selector.pb.html +++ b/type/v1beta1/selector.pb.html @@ -26,7 +26,7 @@

WorkloadSelector

-matchLabels +matchLabels map<string, string>

One or more labels that indicate a specific set of pods/VMs @@ -57,7 +57,7 @@

PortSelector

-number +number uint32

Port number

@@ -112,7 +112,7 @@

PolicyTargetReference

-group +group string

group is the group of the target resource.

@@ -123,7 +123,7 @@

PolicyTargetReference

-kind +kind string

kind is kind of the target resource.

@@ -134,7 +134,7 @@

PolicyTargetReference

-name +name string

name is the name of the target resource.

@@ -145,7 +145,7 @@

PolicyTargetReference

-namespace +namespace string

namespace is the namespace of the referent. When unspecified, the local @@ -177,14 +177,14 @@

WorkloadMode

-UNDEFINED +UNDEFINED

Default value, which will be interpreted by its own usage.

-CLIENT +CLIENT

Selects for scenarios when the workload is the source of the network traffic. In addition, @@ -193,7 +193,7 @@

WorkloadMode

-SERVER +SERVER

Selects for scenarios when the workload is the destination of the network traffic.

@@ -201,7 +201,7 @@

WorkloadMode

-CLIENT_AND_SERVER +CLIENT_AND_SERVER

Selects for scenarios when the workload is either the source or destination of the network traffic.