Navigation :
Concepts
Setting up Gloo Mesh Enterprise
Configure gateways for ingress
Route requests
Control traffic with policies
Observability
Reference
-
API reference
-- access_log_policy.proto
-- access_logging.proto
-- access_policy.proto
-- accesslog.proto
-- address.proto
-- address.proto
-- address.proto
-- advanced_http.proto
-- any.proto
-- api.proto
-- approval_state.proto
-- auth_config.proto
-- authority.proto
-- authorize.proto
-- aws_lambda.proto
-- backoff.proto
-- backoff.proto
-- base.proto
-- base.proto
-- base.proto
-- ca_options.proto
-- cache.proto
-- cache_filter.proto
-- certificate_request.proto
-- collection_entry.proto
-- common.proto
-- config.proto
-- config_source.proto
-- consul_connect.proto
-- context_params.proto
-- core.proto
-- cors_policy.proto
-- csrf_policy.proto
-- cue.proto
-- custom_tag.proto
-- custom_tag.proto
-- dashboard.proto
-- deprecation.proto
-- descriptor.proto
-- descriptor.proto
-- destination_rule.proto
-- discovered_gateway.proto
-- discovery.proto
-- duration.proto
-- empty.proto
-- envoy_filter.proto
-- event_service_config.proto
-- ext.proto
-- ext_auth_policy.proto
-- ext_auth_server.proto
-- extension.proto
-- external_endpoint.proto
-- external_service.proto
-- failover_policy.proto
-- fault_injection_policy.proto
-- field_behavior.proto
-- field_mask.proto
-- gateway.proto
-- generated.proto
-- generated.proto
-- generated.proto
-- generated.proto
-- generated.proto
-- generated.proto
-- gogo.proto
-- graphql.proto
-- grpc_service.proto
-- header_manipulation.proto
-- health_check.proto
-- http.proto
-- http_matchers.proto
-- http_path.proto
-- http_uri.proto
-- http_uri.proto
-- http_uri.proto
-- issued_certificate.proto
-- json_grpc_transcoder.proto
-- jwt_policy.proto
-- kubernetes_cluster.proto
-- locality.proto
-- mesh.proto
-- metadata.proto
-- metadata.proto
-- metadata.proto
-- metrics.proto
-- migrate.proto
-- mirror_policy.proto
-- modsecurity.proto
-- nats_streaming.proto
-- number.proto
-- operator.proto
-- outlier_detection_policy.proto
-- payload.proto
-- percent.proto
-- percent.proto
-- percent.proto
-- phase.proto
-- pod_bounce_directive.proto
-- port.proto
-- protocol.proto
-- proxy_protocol.proto
-- proxy_protocol_policy.proto
-- proxylatency.proto
-- range.proto
-- range.proto
-- ratelimit.proto
-- ratelimit_client_config.proto
-- ratelimit_policy.proto
-- ratelimit_server_config.proto
-- ratelimit_server_settings.proto
-- ref.proto
-- regex.proto
-- regex.proto
-- resource.proto
-- resource_locator.proto
-- retry_timeout_policy.proto
-- root_trust_policy.proto
-- route.proto
-- route_components.proto
-- route_components.proto
-- route_table.proto
-- sanitize.proto
-- security.proto
-- selectors.proto
-- semantic_version.proto
-- semantic_version.proto
-- semantic_version.proto
-- sensitive.proto
-- service_entry.proto
-- sidecar.proto
-- socket_option.proto
-- socket_option.proto
-- socket_option.proto
-- solo-kit.proto
-- solo_jwt_authn.proto
-- solo_xff_offset_filter.proto
-- source_context.proto
-- status.proto
-- status.proto
-- string.proto
-- string.proto
-- string_match.proto
-- struct.proto
-- timestamp.proto
-- trace.proto
-- trace_config.proto
-- transformation_ee_filter.proto
-- transformation_filter.proto
-- transformation_policy.proto
-- type.proto
-- validate.proto
-- value.proto
-- vault_ca.proto
-- versioning.proto
-- virtual_destination.proto
-- virtual_gateway.proto
-- virtual_service.proto
-- waf_policy.proto
-- wasm_deployment_policy.proto
-- workload_entry.proto
-- workload_group.proto
-- workspace.proto
-- workspace_settings.proto
-- wrappers.proto
-- xds_config.proto
-- xslt_transformer.proto
-
CLI reference
-
Helm value reference
-
Version reference
- Gloo Mesh Enterprise changelog
-
Gloo Mesh Security and CVE report
Troubleshoot
Get help and support
vault_ca.proto
Package : tls.security.policy.gloo.solo.io
Top
vault_ca.proto
Table of Contents
VaultCA
Field
Type
Label
Description
caPath
string
ca_path
is the mount path of the Vault PKI backend's sign
endpoint, e.g: “my_pki_mount/sign/my-role-name”.
csrPath
string
csr_path
is the mount path of the Vault PKI backend's generate
endpoint, e.g: “my_pki_mount/intermediate/generate/exported”. “exported” is necessary here as istio needs access to the private key See vault docs here: https://www.vaultproject.io/api-docs/secret/pki#parameters-4
server
string
Server is the connection address for the Vault server, e.g: “https://vault.example.com:8200" .
caBundle
bytes
Inline CA bytes
caSecretRef
core.skv2.solo.io.ObjectRef
Reference to a secret containing the CA bytes. The CA should be stored by the key root-cert.pem
caLocalPath
string
Path to a local file containing the CA bytes
namespace
string
Name of the vault namespace. Namespaces is a set of features within Vault Enterprise that allows Vault environments to support Secure Multi-tenancy. e.g: “ns1” More about namespaces can be found here
tokenSecretRef
core.skv2.solo.io.ObjectRef
TokenSecretRef authenticates with Vault by presenting a token.
kubernetesAuth
tls.security.policy.gloo.solo.io.VaultKubernetesAuth
Kubernetes authenticates with Vault by passing the ServiceAccount token stored in the named Secret resource to the Vault server.
VaultKubernetesAuth
Field
Type
Label
Description
mountPath
string
The Vault mountPath here is the mount path to use when authenticating with Vault. For example, setting a value to /v1/auth/foo
, will use the path /v1/auth/foo/login
to authenticate with Vault. If unspecified, the default value “/v1/auth/kubernetes” will be used.
role
string
A required field containing the Vault Role to assume. A Role binds a Kubernetes ServiceAccount with a set of Vault policies.
secretTokenKey
string
Key to search for the sa_token Default to “token”
serviceAccountRef
core.skv2.solo.io.ObjectRef
Reference to service account, other than the one mounted to the current pod.
mountedSaPath
string
File System path to grab the service account token from. Defaults to /var/run/secrets/kubernetes.io/serviceaccount