selectors.proto

Package : networking.mesh.gloo.solo.io

Top

selectors.proto

Table of Contents

IdentitySelector

Selector capable of selecting specific service identities. Useful for binding policy rules. Either (namespaces, cluster, service_account_names) or service_accounts can be specified. If all fields are omitted, any source identity is permitted.

Field Type Label Description
kubeIdentityMatcher networking.mesh.gloo.solo.io.IdentitySelector.KubeIdentityMatcher A KubeIdentityMatcher matches request identities based on the k8s namespace and cluster.
kubeServiceAccountRefs networking.mesh.gloo.solo.io.IdentitySelector.KubeServiceAccountRefs KubeServiceAccountRefs matches request identities based on the k8s service account of request.

IdentitySelector.KubeIdentityMatcher

Field Type Label Description
namespaces []string repeated If specified, match k8s identity if it exists in one of the specified namespaces. When used in a networking policy, omission matches any namespace. When used in a Role, a wildcard "*" must be explicitly used to match any namespace.
clusters []string repeated If specified, match k8s identity if it exists in one of the specified clusters. When used in a networking policy, omission matches any cluster. When used in a Role, a wildcard "*" must be explicitly used to match any cluster.

IdentitySelector.KubeServiceAccountRefs

Field Type Label Description
serviceAccounts []core.skv2.solo.io.ClusterObjectRef repeated Match k8s ServiceAccounts by direct reference. When used in a networking policy, omission of any field (name, namespace, or clusterName) allows matching any value for that field. When used in a Role, a wildcard "*" must be explicitly used to match any value for the given field.

TrafficTargetSelector

Select TrafficTargets using one or more platform-specific selection objects.

Field Type Label Description
kubeServiceMatcher networking.mesh.gloo.solo.io.TrafficTargetSelector.KubeServiceMatcher A KubeServiceMatcher matches kubernetes services by their labels, namespaces, and/or clusters.
kubeServiceRefs networking.mesh.gloo.solo.io.TrafficTargetSelector.KubeServiceRefs Match individual k8s Services by direct reference.

TrafficTargetSelector.KubeServiceMatcher

Field Type Label Description
labels []networking.mesh.gloo.solo.io.TrafficTargetSelector.KubeServiceMatcher.LabelsEntry repeated If specified, all labels must exist on k8s Service. When used in a networking policy, omission matches any labels. When used in a Role, a wildcard "*" must be explicitly used to match any label key and/or value.
namespaces []string repeated If specified, match k8s Services if they exist in one of the specified namespaces. When used in a networking policy, omission matches any namespace. When used in a Role, a wildcard "*" must be explicitly used to match any namespace.
clusters []string repeated If specified, match k8s Services if they exist in one of the specified clusters. When used in a networking policy, omission matches any cluster. When used in a Role, a wildcard "*" must be explicitly used to match any cluster.

TrafficTargetSelector.KubeServiceMatcher.LabelsEntry

Field Type Label Description
key string
value string

TrafficTargetSelector.KubeServiceRefs

Field Type Label Description
services []core.skv2.solo.io.ClusterObjectRef repeated Match k8s Services by direct reference. When used in a networking policy, omission of any field (name, namespace, or clusterName) allows matching any value for that field. When used in a Role, a wildcard "*" must be explicitly used to match any value for the given field.

WorkloadSelector

Select Kubernetes workloads directly using label namespace and/or cluster criteria. See comments on the fields for detailed semantics.

Field Type Label Description
labels []networking.mesh.gloo.solo.io.WorkloadSelector.LabelsEntry repeated If specified, all labels must exist on k8s workload. When used in a networking policy, omission matches any labels. When used in a Role, a wildcard "*" must be explicitly used to match any label key and/or value.
namespaces []string repeated If specified, match k8s workloads if they exist in one of the specified namespaces. When used in a networking policy, omission matches any namespace. When used in a Role, a wildcard "*" must be explicitly used to match any namespace.
clusters []string repeated If specified, match k8s workloads if they exist in one of the specified clusters. When used in a networking policy, omission matches any cluster. When used in a Role, a wildcard "*" must be explicitly used to match any cluster.

WorkloadSelector.LabelsEntry

Field Type Label Description
key string
value string