Table of Contents
NOTE: ImagePullOptions are currently unsupported
|pullSecret||string||if a username/password is required, specify here the name of a secret: with keys: * username:
the secret must live in the Enterprise Agent namespace as the FilterDeployment
|insecureSkipVerify||bool||skip verifying the image server's TLS certificate|
|plainHttp||bool||use HTTP instead of HTTPS|
Specifies options for fetching WASM Filters from an HTTP URI.
|uri||string||The HTTP URI from which to fetch the filter|
|sha||string||The Sha256 Checksum of the filter binary (will be verified by the proxy). Required.|
A WasmDeployment deploys one or more WASM Envoy Filters to selected Sidecars and Gateways in a Mesh.
|workloadSelector||networking.mesh.gloo.solo.io.WorkloadSelector||repeated||Sidecars/Gateways whose Workloads match these selectors will attach the specified WASM Filters. Leave empty to have all workloads in the mesh apply receive the WASM Filter.|
|filters||networking.enterprise.mesh.gloo.solo.io.WasmFilterSpec||repeated||Parameters for specifying the WASM filter|
|weight||uint32||weight is used to determine the order of WASM Filters when applying multiple WasmDeployments to a single workload. Deployed WASM filters will be sorted in order of highest to lowest weight. WasmDeployments with equal weights will be sorted non-deterministically. Note that all WASM Filters are currently inserted just before the Envoy router filter in the HTTP Connection Manager's HTTP Filter Chain.|
|observedGeneration||int64||The most recent generation observed in the the WasmDeployment metadata. if the observedGeneration does not match generation, the controller has not received the most recent version of this resource.|
|error||string||Any errors encountered while processing this generation of the resource. This can include failures to pull a WASM image as well as missing or invalid fields in the spec.|
|workloadStates||networking.enterprise.mesh.gloo.solo.io.WasmDeploymentStatus.WorkloadStatesEntry||repeated||the state of the WasmDeployment as it has been applied to each individual workload.|
description of the WASM Filter to deploy
|wasmImageSource||networking.enterprise.mesh.gloo.solo.io.WasmImageSource||fetch the image from a WASM OCI Registry Images can be built and pushed to registries using
|staticFilterConfig||google.protobuf.Any||Provide configuration as a static
|dynamicFilterConfig||string||Provide configuration from a dynamic configuration source. This is used to connect proxies to a user-provided configuration server rather than using the WasmDeployment CR to update filter configuration. NOTE: Not currently implemented. This field serves as a placeholder. passing it to the plugin.
|rootId||string||the root id must match the root id defined inside the filter. if the user does not provide this field, Gloo Mesh will attempt to pull the image and set it from the filter_conf contained in the image config. note that if the filter_source is not set to wasm_image_source, this field is required|
|vmId||string||An ID which will be used along with a hash of the wasm code (or the name of the registered Null VM plugin) to determine which VM will be used to load the WASM filter. All filters on the same proxy which use the same vm_id and code within will use the same VM. May be left blank. Sharing a VM between plugins can reduce memory utilization and make sharing of data easier which may have security implications.|
|filterContext||istio.networking.v1alpha3.EnvoyFilter.PatchContext||The specific config generation context to which to attach the filter. Istio generates envoy configuration in the context of a gateway, inbound traffic to sidecar and outbound traffic from sidecar. Uses the Istio default (ANY).|
|insertBeforeFilter||string||The filter in the Envoy HTTP Filter Chain immediately before which the WASM filter will be inserted. Defaults to
Specifies options for fetching WASM Filters from a WASM-compatible OCI Registry Images can be built and pushed to registries using
|wasmImageTag||string||the full tag of the wasm image. should include the registry address at the beginning, e.g. webassemblyhub.io/ilackarms/helloworld:v0.1|
WorkloadState is the state of the WasmDeployment resource as it has been applied to an individual workload.
|DEPLOYMENT_PENDING||0||DEPLOYMENT_PENDING filters have not yet been deployed to the target workload.|
|FILTERS_DEPLOYED||1||FILTERS_DEPLOYED indicates the WASM Filters have been deployed to the target workload (along with any cluster dependencies).|
|DEPLOYMENT_FAILED||2||DEPLOYMENT_FAILED indicates Deploying the WASM Filters to this workload failed|