Navigation :

selectors.proto

Package : common.gloo.solo.io

Top

selectors.proto

Table of Contents

DestinationReference

Destinations are pointers to routable destinations for routes. Each destination should resolve to one and only one hostname. Destinations can refer to a variety of object types. The behavior of the route action will vary depending on the type of destination selected. Defaults to the kubernetes v1/Service. Currently supported destination types: - Service - VirtualDestination (route traffic to one of the VirtualDestination's backing services, based on the locality of the request) - ExternalService (route traffic to a static set of service endpoints external to the mesh)

Field Type Label Description
ref common.gloo.solo.io.ObjectReference reference to the destination object by its metadata
kind common.gloo.solo.io.DestinationKind the kind of destination being selected. defaults to Kubernetes Service.
port common.gloo.solo.io.PortSelector the port on the destination object being targeted. required if the object provides more than one port.
subset []common.gloo.solo.io.DestinationReference.SubsetEntry repeated select a subset of the destination's endpoints for routing based on their labels.
weight uint32 Specify the proportion of traffic to be forwarded to this destination. Weights across all of the destinations must sum to 100. Weight is only relevant when used in the context of a route with multiple destinations.

DestinationReference.SubsetEntry

Field Type Label Description
key string
value string

DestinationSelector

DestinationSelector is a selector for matching routable destinations for routes. DestinationSelectors can select a variety of object types. The behavior of the route action will vary depending on the type of destination selected. Defaults to the kubernetes v1/Service. Currently supported destination types: - v1 Service - networking.gloo.solo.io/v2 VirtualDestination (route traffic to a group of backing destinations) - networking.gloo.solo.io/v2 ExternalService (route traffic to a static set of service endpoints external to the mesh)

Field Type Label Description
selector common.gloo.solo.io.ObjectSelector selector used to match destination objects by their metadata
kind common.gloo.solo.io.DestinationKind the kind of destination being selected. defaults to Kubernetes Service.
port common.gloo.solo.io.PortSelector the port on the Destination which receives traffic. All ports on the Destination will be selected if left empty.

IdentitySelector

IdentitySelector is a Selector specifically built for selecting client identities for security policies.

Field Type Label Description
serviceAccountSelector common.gloo.solo.io.ObjectSelector Select kubernetes service accounts as identities. When selecting a service account that will be created in the future for use in a AuthorizationPolicy, ONLY provide the name, namespace and cluster where the service account will exist in the selector. Providing labels and/or the workspace for a service account that does not exist in the selector will not result in that service account being added to the resulting AuthorizationPolicy.
requestIdentityMatcher common.gloo.solo.io.IdentitySelector.RequestIdentityMatcher Select identities based on properties of the request. If multiple fields are set, they are ANDed together. More information about the individual values can be found here: https://istio.io/latest/docs/reference/config/security/authorization-policy/#Source

IdentitySelector.RequestIdentityMatcher

Field Type Label Description
requestPrincipals []string repeated Optional. A list of identities to match the request identity (“iss/sub” from the JWT). If omitted all request identity values will be accepted.
notRequestPrincipals []string repeated Optional. A list of identities to negative match the request identity.

MeshSelector

MeshSelector is a Selector built for selecting instances of Mesh control planes. A control plane is understood to have a single domain and provide a single root of trust for the data plane proxies it is managing. Each revision of Istiod maps

Field Type Label Description
istio common.gloo.solo.io.MeshSelector.Istio options for selecting istio Mesh control planes.

MeshSelector.Istio

Field Type Label Description
revision string istio.io/revision of Istio to select. regex supported. omit to select across all revisions.
namespace string match the name of the namespace where istiod is deployed. omit to select across all namespaces.
clusterSelector []common.gloo.solo.io.MeshSelector.Istio.ClusterSelectorEntry repeated match the labels of the cluster where istiod is deployed. omit to select across all clusters.
selector []common.gloo.solo.io.MeshSelector.Istio.SelectorEntry repeated select via the labels of the istiod deployment. omit to select across all labels.

MeshSelector.Istio.ClusterSelectorEntry

Field Type Label Description
key string
value string

MeshSelector.Istio.SelectorEntry

Field Type Label Description
key string
value string

ObjectReference

reference to a Kubernetes API object. Kube API objects are referenced explicitly by the namespace and cluster containing them.

Field Type Label Description
name string the name of the object
namespace string the namespace of the object. if the field is omitted, Gloo Mesh will use the same namespace as the parent object containing this reference.
cluster string the cluster of the object. if the field is omitted, Gloo Mesh will use the same cluster as the parent object containing this reference.

ObjectReferenceList

Field Type Label Description
refs []common.gloo.solo.io.ObjectReference repeated

ObjectSelector

selects zero or more Kubernetes API resources by matching on labels, name, namespace, cluster, and workspace.

Field Type Label Description
labels []common.gloo.solo.io.ObjectSelector.LabelsEntry repeated labels matching those of the object
name string Only select objects with the matching name. If the field is omitted, Gloo Mesh will select matching objects with any name available in the parent object's workspace.
namespace string Only select objects in the matching namespace. If the field is omitted, Gloo Mesh will select matching objects across all namespaces available in the parent object's workspace.
cluster string Only select objects in the matching cluster. If the field is omitted, Gloo Mesh will select matching objects across all clusters available in the parent object's workspace.
workspace string Only select objects in the given workspace. If the field is omitted, Gloo Mesh will select matching objects across all workspaces available in the parent object's workspace.

ObjectSelector.LabelsEntry

Field Type Label Description
key string
value string

RouteDestinationSelector

RouteDestinationSelector is a Selector specifically built for individual destinations on individual Routes inside of RouteTables.

Field Type Label Description
route common.gloo.solo.io.ObjectSelector select routes based on their labels. these labels can be used to match route tables or individual routes within route tables. if left empty, configuration will apply to all specified destinations on all routes in the workspace.
onDestinations []common.gloo.solo.io.DestinationSelector repeated for the selected routes, select destinations on which to apply this policy

RouteSelector

RouteSelector is a Selector specifically built for individual Routes inside of RouteTables.
This selector can be used to select individual routes or entire route tables using the same label selector.

Field Type Label Description
route common.gloo.solo.io.ObjectSelector select routes based on their labels. these labels can be used to match route tables or individual routes within route tables.
withDestinations common.gloo.solo.io.DestinationSelector select routes with forwardTo actions based on their destinations. this can be used to apply policy to routes regardless of their labels

WorkloadSelector

WorkloadSelector is a Selector specifically built for selecting individual workloads. Workloads must have injected (sidecars) or be standalone proxies (gateways) to be selected by Gloo Mesh policies.
This selector can be used to select pods or injected external endpoints (vms).

Field Type Label Description
selector common.gloo.solo.io.ObjectSelector Selector used to match Workload objects by their metadata.
kind common.gloo.solo.io.WorkloadSelector.WorkloadKind The kind of workload being selected. Defaults to Kube.
port common.gloo.solo.io.PortSelector The port to select on the selected workloads. Only applies to policies which select specific workload ports, such as the WasmDeploymentPolicy.

WorkspaceSelector

WorkspaceSelector is a selector for workspaces.

Field Type Label Description
name string Optional: Name of the workspace to select. Use * to match name patterns in multiple workspace names.
selector []common.gloo.solo.io.WorkspaceSelector.SelectorEntry repeated Optional: Select workspaces based on their labels The example below select workspaces based on the label team: backend: yaml - selector: team: backend

WorkspaceSelector.SelectorEntry

Field Type Label Description
key string
value string

DestinationKind

Supported Kinds which can be selected for Destinations

Name Number Description
SERVICE 0 Select a Kubernetes Service
VIRTUAL_DESTINATION 1 Select a Virtual Destination
EXTERNAL_SERVICE 2 Select an External Service

WorkloadSelector.WorkloadKind

Name Number Description
KUBE 0 Select kubernetes workloads (deployment, statefulset, daemonset, etc.).
VM 1 Select vms which are external, non-kube workloads.