Navigation :
Get started
Concepts
Setting up Gloo Mesh Enterprise
Process and route traffic
Control traffic with policies
Observability
GraphQL
Reference
-
API reference
-- access_log_policy.proto
-- access_logging.proto
-- access_policy.proto
-- accesslog.proto
-- address.proto
-- address.proto
-- address.proto
-- advanced_http.proto
-- any.proto
-- api.proto
-- api_gateway_transformer.proto
-- api_schema.proto
-- approval_state.proto
-- auth_config.proto
-- authority.proto
-- authorize.proto
-- aws_lambda.proto
-- backoff.proto
-- backoff.proto
-- base.proto
-- base.proto
-- base.proto
-- ca_options.proto
-- cache_filter.proto
-- clientmode.proto
-- collection_entry.proto
-- common.proto
-- config.proto
-- config.proto
-- config_source.proto
-- connection_policy.proto
-- consul_connect.proto
-- context_params.proto
-- core.proto
-- cors_policy.proto
-- csrf_policy.proto
-- cue.proto
-- custom_tag.proto
-- custom_tag.proto
-- dashboard.proto
-- deprecation.proto
-- descriptor.proto
-- descriptor.proto
-- discovery.proto
-- duration.proto
-- empty.proto
-- event_service_config.proto
-- ext.proto
-- ext_auth_policy.proto
-- ext_auth_server.proto
-- extension.proto
-- external_endpoint.proto
-- external_service.proto
-- failover_policy.proto
-- fault_injection_policy.proto
-- field_behavior.proto
-- field_mask.proto
-- gateway_lifecycle_manager.proto
-- generated.proto
-- generated.proto
-- generated.proto
-- generated.proto
-- generated.proto
-- generated.proto
-- gogo.proto
-- graphql.proto
-- graphql_resolver_map.proto
-- graphql_stitched_schema.proto
-- grpc_service.proto
-- header_manipulation.proto
-- health_check.proto
-- http.proto
-- http_matchers.proto
-- http_path.proto
-- http_uri.proto
-- http_uri.proto
-- http_uri.proto
-- istio_lifecycle_manager.proto
-- istio_operator.proto
-- json_grpc_transcoder.proto
-- jwt_policy.proto
-- keepalive.proto
-- key.proto
-- kubernetes_cluster.proto
-- locality.proto
-- metadata.proto
-- metadata.proto
-- metadata.proto
-- metrics.proto
-- migrate.proto
-- mirror_policy.proto
-- modsecurity.proto
-- nats_streaming.proto
-- number.proto
-- operator.proto
-- outlier_detection_policy.proto
-- payload.proto
-- percent.proto
-- percent.proto
-- percent.proto
-- percent.proto
-- phase.proto
-- port.proto
-- protocol.proto
-- proxy_protocol.proto
-- proxy_protocol.proto
-- proxy_protocol_policy.proto
-- proxylatency.proto
-- range.proto
-- range.proto
-- ratelimit.proto
-- ratelimit_client_config.proto
-- ratelimit_policy.proto
-- ratelimit_server_config.proto
-- ratelimit_server_settings.proto
-- ref.proto
-- references.proto
-- regex.proto
-- regex.proto
-- resource.proto
-- resource_locator.proto
-- retry_timeout_policy.proto
-- root_trust_policy.proto
-- route.proto
-- route_components.proto
-- route_components.proto
-- route_table.proto
-- sanitize.proto
-- security.proto
-- selectors.proto
-- semantic_version.proto
-- semantic_version.proto
-- semantic_version.proto
-- sensitive.proto
-- socket_option.proto
-- socket_option.proto
-- socket_option.proto
-- solo-kit.proto
-- solo_jwt_authn.proto
-- solo_xff_offset_filter.proto
-- source_context.proto
-- status.proto
-- status.proto
-- stitching.proto
-- string.proto
-- string.proto
-- string_match.proto
-- struct.proto
-- timestamp.proto
-- trace.proto
-- trace_config.proto
-- transformation_ee_filter.proto
-- transformation_filter.proto
-- transformation_policy.proto
-- type.proto
-- validate.proto
-- value.proto
-- vault_ca.proto
-- versioning.proto
-- virtual_destination.proto
-- virtual_gateway.proto
-- waf_policy.proto
-- wasm_deployment_policy.proto
-- workspace.proto
-- workspace_settings.proto
-- wrappers.proto
-- xslt_transformer.proto
-
CLI reference
-
Helm value reference
-
Version reference
- Changelog
-
Security and CVE report
Troubleshoot issues
Get help and support
vault_ca.proto
Package : tls.security.policy.gloo.solo.io
Top
vault_ca.proto
Table of Contents
VaultCA
Field
Type
Label
Description
caPath
string
ca_path is the mount path of the Vault PKI backend's sign endpoint, e.g: “my_pki_mount/sign/my-role-name”.
csrPath
string
csr_path is the mount path of the Vault PKI backend's generate endpoint, e.g: “my_pki_mount/intermediate/generate/exported”. “exported” is necessary here as istio needs access to the private key See vault docs here: https://www.vaultproject.io/api-docs/secret/pki#parameters-4
server
string
Server is the connection address for the Vault server, e.g: “https://vault.example.com:8200" .
caBundle
bytes
Inline CA bytes
caSecretRef
core.skv2.solo.io.ObjectRef Reference to a secret containing the CA bytes. The CA should be stored by the key root-cert.pem
caLocalPath
string
Path to a local file containing the CA bytes
namespace
string
Name of the vault namespace. Namespaces is a set of features within Vault Enterprise that allows Vault environments to support Secure Multi-tenancy. e.g: “ns1” More about namespaces can be found here
tokenSecretRef
core.skv2.solo.io.ObjectRef TokenSecretRef authenticates with Vault by presenting a token.
kubernetesAuth
tls.security.policy.gloo.solo.io.VaultKubernetesAuth Kubernetes authenticates with Vault by passing the ServiceAccount token stored in the named Secret resource to the Vault server.
VaultKubernetesAuth
Field
Type
Label
Description
mountPath
string
The Vault mountPath here is the mount path to use when authenticating with Vault. For example, setting a value to /v1/auth/foo, will use the path /v1/auth/foo/login to authenticate with Vault. If unspecified, the default value “/v1/auth/kubernetes” will be used.
role
string
A required field containing the Vault Role to assume. A Role binds a Kubernetes ServiceAccount with a set of Vault policies.
secretTokenKey
string
Key to search for the sa_token Default to “token”
serviceAccountRef
core.skv2.solo.io.ObjectRef Reference to service account, other than the one mounted to the current pod.
mountedSaPath
string
File System path to grab the service account token from. Defaults to /var/run/secrets/kubernetes.io/serviceaccount
