selectors.proto

Package : common.mesh.gloo.solo.io

Top

selectors.proto

Table of Contents

DestinationSelector

Select Destinations using one or more platform-specific selectors.

Field Type Label Description
kubeServiceMatcher common.mesh.gloo.solo.io.DestinationSelector.KubeServiceMatcher Match Kubernetes Services by their labels, namespaces, and/or clusters.
kubeServiceRefs common.mesh.gloo.solo.io.DestinationSelector.KubeServiceRefs Match Kubernetes Services by direct reference.
externalServiceMatcher common.mesh.gloo.solo.io.DestinationSelector.DestinationMatcher Match ExternalService Destinations by their labels and/or namespaces. Note: selection of ExternalServices currently only implemented for the ServiceDependency API.
externalServiceRefs common.mesh.gloo.solo.io.DestinationSelector.DestinationRefs Match ExternalService Destinations by direct reference. Note: selection of ExternalServices currently only implemented for the ServiceDependency API.

DestinationSelector.DestinationMatcher

Match Destinations by labels and/or namespaces.

Field Type Label Description
labels []common.mesh.gloo.solo.io.DestinationSelector.DestinationMatcher.LabelsEntry repeated If specified, a match requires all labels to exist on a Destinations.
namespaces []string repeated If specified, match Destinations if they exist in one of the specified namespaces.

DestinationSelector.DestinationMatcher.LabelsEntry

Field Type Label Description
key string
value string

DestinationSelector.DestinationRefs

Match Destinations by direct reference.

Field Type Label Description
externalServices []core.skv2.solo.io.ObjectRef repeated Match Destinations by direct reference. All fields are required.

DestinationSelector.KubeServiceMatcher

Match Kubernetes Services by their labels, namespaces, and/or clusters.

Field Type Label Description
labels []common.mesh.gloo.solo.io.DestinationSelector.KubeServiceMatcher.LabelsEntry repeated If specified, a match requires all labels to exist on a Kubernetes Service. When used in a networking policy, omission matches any labels. When used in a Gloo Mesh Role, a wildcard ("*") must be specified to match any label key and/or value.
namespaces []string repeated If specified, match Kubernetes Services if they exist in one of the specified namespaces. When used in a networking policy, omission matches any namespace. When used in a Gloo Mesh Role, a wildcard ("*") must be specified to match any namespace.
clusters []string repeated If specified, match Kubernetes Services if they exist in one of the specified clusters. When used in a networking policy, omission matches any cluster. When used in a Gloo Mesh Role, a wildcard ("*") must be specified to match any cluster.

DestinationSelector.KubeServiceMatcher.LabelsEntry

Field Type Label Description
key string
value string

DestinationSelector.KubeServiceRefs

Match Kubernetes Services by direct reference.

Field Type Label Description
services []core.skv2.solo.io.ClusterObjectRef repeated Match Kubernetes Services by direct reference. All fields are required. When used in a Gloo Mesh Role, a wildcard ("*") must be specified to match any value for the given field.

IdentitySelector

Select Destination identities using one or more platform-specific selectors.

Field Type Label Description
kubeIdentityMatcher common.mesh.gloo.solo.io.IdentitySelector.KubeIdentityMatcher Match request identities based on the Kubernetes namespace and cluster.
kubeServiceAccountRefs common.mesh.gloo.solo.io.IdentitySelector.KubeServiceAccountRefs Match request identities based on the Kubernetes service account of the request.
requestIdentityMatcher common.mesh.gloo.solo.io.IdentitySelector.RequestIdentityMatcher Match requests based on the identity of the request. If multiple fields are set, they are ANDed together. More information about the individual values can be found here: https://istio.io/latest/docs/reference/config/security/authorization-policy/#Source

IdentitySelector.KubeIdentityMatcher

Field Type Label Description
namespaces []string repeated If specified, match a Kubernetes identity if it exists in one of the specified namespaces. When used in a networking policy, omission matches any namespace. When used in a Gloo Mesh Role, a wildcard ("*") must be specified to match any namespace.
clusters []string repeated If specified, match a Kubernetes identity if it exists in one of the specified clusters. When used in a networking policy, omission matches any cluster. When used in a Gloo Mesh Role, a wildcard ("*") must be specified to match any cluster.

IdentitySelector.KubeServiceAccountRefs

Field Type Label Description
serviceAccounts []core.skv2.solo.io.ClusterObjectRef repeated Match Kubernetes service accounts by direct reference. When used in a networking policy, omission of any field (name, namespace, or clusterName) allows matching any value for that field. When used in a Gloo Mesh Role, a wildcard ("*") must be specified to match any value for the given field.

IdentitySelector.RequestIdentityMatcher

Field Type Label Description
requestPrincipals []string repeated Optional. A list of identities to match the request identity (“iss/sub” from the JWT). If omitted all request identity values will be accepted.
notRequestPrincipals []string repeated Optional. A list of identities to negative match the request identity.

IngressGatewaySelector

Select a set of Destinations with tls ports to use as ingress gateway services for the referenced Meshes.

Field Type Label Description
destinationSelectors []common.mesh.gloo.solo.io.DestinationSelector repeated The set of Destinations that will be used as ingress gateways for external traffic entering the Mesh. If omitted, a mesh-specific default ingress gateway destination will be used. For Istio, any Kubernetes Service(s) with the label pair {"istio": "ingressgateway"} will be selected.
portName string Specify the name of the port on the ingress gateway service. If not specified, will default to “tls”.

WorkloadSelector

Select Workloads using one or more platform-specific selectors.

Field Type Label Description
kubeWorkloadMatcher common.mesh.gloo.solo.io.WorkloadSelector.KubeWorkloadMatcher Match Kubernetes workloads by their labels, namespaces, and/or clusters.

WorkloadSelector.KubeWorkloadMatcher

Match Kubernetes workloads by their labels, namespaces, and/or clusters.

Field Type Label Description
labels []common.mesh.gloo.solo.io.WorkloadSelector.KubeWorkloadMatcher.LabelsEntry repeated If specified, all labels must exist on Kubernetes workload. When used in a networking policy, omission matches any labels. When used in a Gloo Mesh Role, a wildcard ("*") must be specified to match any label key and/or value.
namespaces []string repeated If specified, match Kubernetes workloads if they exist in one of the specified namespaces. When used in a networking policy, omission matches any namespace. When used in a Gloo Mesh Role, a wildcard ("*") must be specified to match any namespace.
clusters []string repeated If specified, match Kubernetes workloads if they exist in one of the specified clusters. When used in a networking policy, omission matches any cluster. When used in a Gloo Mesh Role, a wildcard ("*") must be specified to match any cluster.

WorkloadSelector.KubeWorkloadMatcher.LabelsEntry

Field Type Label Description
key string
value string