Navigation :

Selectors

Proto: selectors.proto

Package: common.gloo.solo.io

Types:

DestinationSelector
IdentitySelector
IdentitySelector.RequestIdentityMatcher
MeshSelector
MeshSelector.Istio
MeshSelector.Istio.ClusterSelectorEntry
MeshSelector.Istio.SelectorEntry
ObjectSelector
ObjectSelector.LabelsEntry
RouteDestinationSelector
RouteFilter
RouteLabelSelector
RouteLabelSelector.LabelsEntry
RouteSelector
WorkloadSelector
WorkspaceSelector
WorkspaceSelector.SelectorEntry
DestinationKind
WorkloadSelector.WorkloadKind

DestinationSelector

DestinationSelector is a selector for matching routable destinations for routes. DestinationSelectors can select a variety of object types. The behavior of the route action will vary depending on the type of destination selected. Defaults to the kubernetes v1/Service. Currently supported destination types:

v1 Service
networking.gloo.solo.io/v2 VirtualDestination (route traffic to a group of backing destinations)
networking.gloo.solo.io/v2 ExternalService (route traffic to a static set of service endpoints external to the mesh)

Field	Description
`selector`	(`ObjectSelector`) selector used to match destination objects by their metadata
`kind`	(`DestinationKind`) the kind of destination being selected. defaults to Kubernetes Service.
`port`	(`PortSelector`) the port on the Destination which receives traffic. All ports on the Destination will be selected if left empty.

IdentitySelector

IdentitySelector is a Selector specifically built for selecting client identities for security policies.

Field Description

serviceAccountSelector (ObjectSelector)

Select kubernetes service accounts as identities. When selecting a service account that will be created in the future for use in a AuthorizationPolicy, ONLY provide the name, namespace and cluster where the service account will exist in the selector. Providing labels and/or the workspace, or omitting the name, namespace or cluster for a service account that does not exist in the selector will not result in that service account being added to the resulting AuthorizationPolicy.

requestIdentityMatcher (IdentitySelector.RequestIdentityMatcher)

Select identities based on properties of the request. If multiple fields are set, they are ANDed together. More information about the individual values can be found here: https://istio.io/latest/docs/reference/config/security/authorization-policy/#Source

Field	Description
`serviceAccountSelector`	(`ObjectSelector`) Select kubernetes service accounts as identities. When selecting a service account that will be created in the future for use in a AuthorizationPolicy, ONLY provide the name, namespace and cluster where the service account will exist in the selector. Providing labels and/or the workspace, or omitting the name, namespace or cluster for a service account that does not exist in the selector will not result in that service account being added to the resulting AuthorizationPolicy.
`requestIdentityMatcher`	(`IdentitySelector.RequestIdentityMatcher`) Select identities based on properties of the request. If multiple fields are set, they are ANDed together. More information about the individual values can be found here: https://istio.io/latest/docs/reference/config/security/authorization-policy/#Source

IdentitySelector.RequestIdentityMatcher

Field	Description
`requestPrincipals`	(`repeated string`) Optional. A list of identities to match the request identity (“iss/sub” from the JWT). If omitted all request identity values will be accepted.
`notRequestPrincipals`	(`repeated string`) Optional. A list of identities to negative match the request identity.

MeshSelector

MeshSelector is a Selector built for selecting instances of Mesh control planes. A control plane is understood to have a single domain and provide a single root of trust for the data plane proxies it is managing. Each revision of Istiod maps

Field	Description
`istio`	(`MeshSelector.Istio`) options for selecting istio Mesh control planes.

MeshSelector.Istio

Field	Description
`revision`	(`string`) istio.io/revision of Istio to select. regex supported. omit to select across all revisions.
`namespace`	(`string`) match the name of the namespace where istiod is deployed. omit to select across all namespaces.
`clusterSelector`	(`repeated MeshSelector.Istio.ClusterSelectorEntry`) match the labels of the cluster where istiod is deployed. omit to select across all clusters.
`selector`	(`repeated MeshSelector.Istio.SelectorEntry`) select via the labels of the istiod deployment. omit to select across all labels.

MeshSelector.Istio.ClusterSelectorEntry

Field	Description
`key`	(`string`)
`value`	(`string`)

MeshSelector.Istio.SelectorEntry

Field	Description
`key`	(`string`)
`value`	(`string`)

ObjectSelector

selects zero or more Kubernetes API resources by matching on labels, name, namespace, cluster, and workspace.

Field	Description
`labels`	(`repeated ObjectSelector.LabelsEntry`) labels matching those of the object
`name`	(`string`) Only select objects with the matching name. If the field is omitted, Gloo Mesh will select matching objects with any name available in the parent object's workspace.
`namespace`	(`string`) Only select objects in the matching namespace. If the field is omitted, Gloo Mesh will select matching objects across all namespaces available in the parent object's workspace.
`cluster`	(`string`) Only select objects in the matching cluster. If the field is omitted, Gloo Mesh will select matching objects across all clusters available in the parent object's workspace.
`workspace`	(`string`) Only select objects in the given workspace. If the field is omitted, Gloo Mesh will select matching objects across all workspaces available in the parent object's workspace.

ObjectSelector.LabelsEntry

Field	Description
`key`	(`string`)
`value`	(`string`)

RouteDestinationSelector

RouteDestinationSelector is a Selector specifically built for individual destinations on individual Routes inside of RouteTables.

Field	Description
`route`	(`RouteLabelSelector`) select routes based on their labels. these labels can be used to match route tables or individual routes within route tables. if left empty, configuration will apply to all specified destinations on all routes in the workspace.
`onDestinations`	(`repeated DestinationSelector`) for the selected routes, select destinations on which to apply this policy

RouteFilter

Field	Description
`cloudProvider`	(`CloudProviderFilterOptions`) Optional: filter out route tables that specify CloudProvider functionality, if provided.

RouteLabelSelector

RouteLabelSelector is used to select the details of a route primarily by label. The selection may be further restricted by namespace, cluster, and workspace.

Field	Description
`labels`	(`repeated RouteLabelSelector.LabelsEntry`) Select routes including all specified labels on the route or route table.
`namespace`	(`string`) Only select routes attached to route tables matching the namespace.
`cluster`	(`string`) Only select routes attached to route tables matching the cluster.
`workspace`	(`string`) Only select routes attached to route tables matching the workspace.

RouteLabelSelector.LabelsEntry

Field	Description
`key`	(`string`)
`value`	(`string`)

RouteSelector

RouteSelector is a Selector specifically built for individual Routes inside of RouteTables.

This selector can be used to select individual routes or entire route tables using the same label selector.

Field	Description
`route`	(`RouteLabelSelector`) select routes based on their labels. these labels can be used to match route tables or individual routes within route tables.
`withDestinations`	(`DestinationSelector`) select routes with `forwardTo` actions based on their destinations. this can be used to apply policy to routes regardless of their labels

WorkloadSelector

WorkloadSelector is a Selector specifically built for selecting individual workloads. Workloads must have injected (sidecars) or be standalone proxies (gateways) to be selected by Gloo Mesh policies.

This selector can be used to select pods or injected external endpoints (vms).

Field	Description
`selector`	(`ObjectSelector`) Selector used to match Workload objects by their metadata.
`kind`	(`WorkloadSelector.WorkloadKind`) The kind of workload being selected. Defaults to Kube.
`port`	(`PortSelector`) The port to select on the selected workloads. Only applies to policies which select specific workload ports, such as the WasmDeploymentPolicy.

WorkspaceSelector

WorkspaceSelector is a selector for workspaces.

Field	Description
`name`	(`string`) Optional: Name of the workspace to select. Use * to match name patterns in multiple workspace names.
`selector`	(`repeated WorkspaceSelector.SelectorEntry`) Optional: Select workspaces based on their labels, such as setting `selector` to `team: backend`.

WorkspaceSelector.SelectorEntry

Field	Description
`key`	(`string`)
`value`	(`string`)

DestinationKind

Supported Kinds which can be selected by routes.

Name	Number	Description
`SERVICE`	0	Select a Kubernetes Service
`VIRTUAL_DESTINATION`	1	Select a Virtual Destination
`EXTERNAL_SERVICE`	2	Select an External Service

WorkloadSelector.WorkloadKind

Name	Number	Description
`KUBE`	0	Select kubernetes workloads (deployment, statefulset, daemonset, etc.).
`VM`	1	Select vms which are external, non-kube workloads.