Proto: trim_proxy_config_policy.proto

Package: resilience.policy.gloo.solo.io

Trim the number of destinations in the Istio sidecar proxy configuration for your workloads to avoid memory pressure issues. You can trim the Istio sidecar proxies for standard Kubernetes workloads, such as Deployments, DaemonSets, and StatefulSets. Proxy trimming is not supported for workloads from other tooling providers’ custom resource definitions (CRDs), such as DeploymentConfigs in OpenShift. For more information, see the Trim proxy config guide.

Example

The following example policy trims the sidecar proxy config for the productpage workload, removing the config for all destinations except the reviews app.

  apiVersion: resilience.policy.gloo.solo.io/v2
kind: TrimProxyConfigPolicy
metadata:
  annotations:
    cluster.solo.io/cluster: ""
  name: trim-1
  namespace: bookinfo
spec:
  applyToWorkloads:
  - selector:
      labels:
        app: productpage
  config:
    includedDestinations:
    - selector:
        labels:
          app: reviews
  

TrimProxyConfigPolicyReport

FieldDescription
workspaces(repeated TrimProxyConfigPolicyReport.WorkspacesEntry)

A list of workspaces in which the policy can apply to workloads.
selectedWorkloads(repeated common.gloo.solo.io.WorkloadReference)

A list of workloads selected by the policy.
includedHosts(repeated string)

A list of hosts of destinations included by the policy.

TrimProxyConfigPolicyReport.WorkspacesEntry

FieldDescription
key(string)

value(common.gloo.solo.io.Report)

TrimProxyConfigPolicySpec

Use the TrimConfigProxyPolicy to select workloads and their corresponding allowed destinations. Then, the Istio sidecar of the workloads keeps only the configuration of those allowed destinations instead of all the destinations in the Istio service mesh. Otherwise, the extra config can lead to memory pressure issues.

FieldDescription
applyToWorkloads(repeated common.gloo.solo.io.WorkloadSelector)

Select the workloads for the policy to trim the Istio sidecar config. If omitted, all workloads are selected. You can trim the Istio sidecar proxies for standard Kubernetes workloads, such as Deployments, DaemonSets, and StatefulSets. Proxy trimming is not supported for workloads from other tooling providers’ custom resource definitions (CRDs), such as DeploymentConfigs in OpenShift.
config(TrimProxyConfigPolicySpec.Config)

Trim Proxy Config

TrimProxyConfigPolicySpec.Config

FieldDescription
includedDestinations(repeated common.gloo.solo.io.DestinationSelector)

Select which destinations to include in the trimmed sidecar proxy configuration of the workloads that this policy applies to. You can select destinations by Kubernetes label. Destinations can be a Kubernetes service, VirtualDestination, or ExternalService. To select all destinations, specify {}. If omitted or if the selection does not match any destination, no destinations are selected and the sidecar proxy configurations of the workloads are not trimmed. The destinations must be within the same workspace as the policy, or imported to the workspace.

TrimProxyConfigPolicyStatus

FieldDescription
common(common.gloo.solo.io.Status)

The state and workspace conditions of the applied resource.
numSelectedWorkloads(uint32)

The number of workloads selected by the policy.
numIncludedHosts(uint32)

The number of hosts of destinations included by the policy.