selectors.proto

Package : networking.smh.solo.io

Top

selectors.proto

Table of Contents

IdentitySelector

Selector capable of selecting specific service identities. Useful for binding policy rules. Either (namespaces, cluster, service_account_names) or service_accounts can be specified. If all fields are omitted, any source identity is permitted.

Field Type Label Description
kubeIdentityMatcher IdentitySelector.KubeIdentityMatcher A KubeIdentityMatcher matches request identities based on the k8s namespace and cluster.
kubeServiceAccountRefs IdentitySelector.KubeServiceAccountRefs KubeServiceAccountRefs matches request identities based on the k8s service account of request.

IdentitySelector.KubeIdentityMatcher

Field Type Label Description
namespaces []string repeated Namespaces to allow. If not set, any namespace is allowed.
clusters []string repeated Cluster to allow. If not set, any cluster is allowed.

IdentitySelector.KubeServiceAccountRefs

Field Type Label Description
serviceAccounts []core.skv2.solo.io.ClusterObjectRef repeated List of ServiceAccounts to allow. If not set, any ServiceAccount is allowed.

ServiceSelector

Select Kubernetes services.
Only one of (labels + namespaces + cluster) or (resource refs) may be provided. If all four are provided, it will be considered an error, and the Status of the top level resource will be updated to reflect an IllegalSelection.
Valid: 1. selector: matcher: labels: foo: bar hello: world namespaces: - default cluster: “cluster-name” 2. selector: matcher: refs: - name: foo namespace: bar
Invalid: 1. selector: matcher: labels: foo: bar hello: world namespaces: - default cluster: “cluster-name” refs: - name: foo namespace: bar
By default labels will select across all namespaces, unless a list of namespaces is provided, in which case it will only select from those. An empty list is equal to AllNamespaces.
If no labels are given, and only namespaces, all resources from the namespaces will be selected.
The following selector will select all resources with the following labels in every namespace, in the local cluster:
selector: matcher: labels: foo: bar hello: world
Whereas the next selector will only select from the specified namespaces (foo, bar), in the local cluster:
selector: matcher: labels: foo: bar hello: world namespaces - foo - bar
This final selector will select all resources of a given type in the target namespace (foo), in the local cluster:
selector matcher: namespaces - foo - bar labels: hello: world

Field Type Label Description
kubeServiceMatcher ServiceSelector.KubeServiceMatcher A KubeServiceMatcher matches kubernetes services by the namespaces and clusters they belong to, as well as the provided labels.
kubeServiceRefs ServiceSelector.KubeServiceRefs Match individual k8s Services by direct reference.

ServiceSelector.KubeServiceMatcher

Field Type Label Description
labels []ServiceSelector.KubeServiceMatcher.LabelsEntry repeated If specified, all labels must exist on k8s Service, else match on any labels.
namespaces []string repeated If specified, match k8s Services if they exist in one of the specified namespaces. If not specified, match on any namespace.
clusters []string repeated If specified, match k8s Services if they exist in one of the specified clusters. If not specified, match on any cluster.

ServiceSelector.KubeServiceMatcher.LabelsEntry

Field Type Label Description
key string
value string

ServiceSelector.KubeServiceRefs

Field Type Label Description
services []core.skv2.solo.io.ClusterObjectRef repeated Match k8s Services by direct reference.

WorkloadSelector

Select Kubernetes workloads directly using label and/or namespace criteria. See comments on the fields for detailed semantics.

Field Type Label Description
labels []WorkloadSelector.LabelsEntry repeated If specified, all labels must exist on workloads, else match on any labels.
namespaces []string repeated If specified, match workloads if they exist in one of the specified namespaces. If not specified, match on any namespace.

WorkloadSelector.LabelsEntry

Field Type Label Description
key string
value string