diff --git a/templates/oam/workloads/v1.2.1/egress.OSM.meshery.layer5.io.meshery.layer5io.schema.json b/templates/oam/workloads/v1.2.1/egress.OSM.meshery.layer5.io.meshery.layer5io.schema.json new file mode 100644 index 00000000..c77de28d --- /dev/null +++ b/templates/oam/workloads/v1.2.1/egress.OSM.meshery.layer5.io.meshery.layer5io.schema.json @@ -0,0 +1,103 @@ +{ + "properties": { + "hosts": { + "description": "Hosts that the sources are allowed to direct external traffic to.", + "items": { + "type": "string" + }, + "type": "array" + }, + "ipAddresses": { + "description": "IP address ranges that the sources are allowed to direct external traffic to.", + "items": { + "pattern": "((?:\\d{1,3}\\.){3}\\d{1,3})\\/(\\d{1,2})$", + "type": "string" + }, + "type": "array" + }, + "matches": { + "description": "The resource references an Egress policy should match on.", + "items": { + "properties": { + "apiGroup": { + "description": "API group for the resource being referenced.", + "type": "string" + }, + "kind": { + "description": "Type of resource being referenced.", + "type": "string" + }, + "name": { + "description": "Name of resource being referenced.", + "type": "string" + } + }, + "required": [ + "apiGroup", + "kind", + "name" + ], + "type": "object" + }, + "type": "array" + }, + "ports": { + "description": "Ports that the sources are allowed to direct external traffic to.", + "items": { + "properties": { + "number": { + "description": "Port number of this port.", + "maximum": 65535, + "minimum": 1, + "type": "integer" + }, + "protocol": { + "description": "Protocol served by this port.", + "type": "string" + } + }, + "required": [ + "number", + "protocol" + ], + "type": "object" + }, + "type": "array" + }, + "sources": { + "description": "Sources the egress policy is applicable to.", + "items": { + "properties": { + "kind": { + "description": "Kind of this source.", + "enum": [ + "ServiceAccount" + ], + "type": "string" + }, + "name": { + "description": "Name of this source.", + "type": "string" + }, + "namespace": { + "description": "Namespace of this source.", + "type": "string" + } + }, + "required": [ + "kind", + "name", + "namespace" + ], + "type": "object" + }, + "type": "array" + } + }, + "required": [ + "sources", + "ports" + ], + "title": "Egress", + "type": "object" +} \ No newline at end of file diff --git a/templates/oam/workloads/v1.2.1/egress.OSM.meshery.layer5.io_definition.json b/templates/oam/workloads/v1.2.1/egress.OSM.meshery.layer5.io_definition.json new file mode 100644 index 00000000..085784c1 --- /dev/null +++ b/templates/oam/workloads/v1.2.1/egress.OSM.meshery.layer5.io_definition.json @@ -0,0 +1,20 @@ +{ + "kind": "WorkloadDefinition", + "apiVersion": "core.oam.dev/v1alpha1", + "metadata": { + "name": "Egress.OSM", + "creationTimestamp": null + }, + "spec": { + "definitionRef": { + "name": "egress.OSM.meshery.layer5.io" + }, + "metadata": { + "@type": "pattern.meshery.io/mesh/workload", + "k8sAPIVersion": "policy.openservicemesh.io/v1alpha1", + "k8sKind": "Egress", + "meshName": "OPEN_SERVICE_MESH", + "meshVersion": "v1.2.1" + } + } +} \ No newline at end of file diff --git a/templates/oam/workloads/v1.2.1/httproutegroup.OSM.meshery.layer5.io.meshery.layer5io.schema.json b/templates/oam/workloads/v1.2.1/httproutegroup.OSM.meshery.layer5.io.meshery.layer5io.schema.json new file mode 100644 index 00000000..6951d46c --- /dev/null +++ b/templates/oam/workloads/v1.2.1/httproutegroup.OSM.meshery.layer5.io.meshery.layer5io.schema.json @@ -0,0 +1,60 @@ +{ + "properties": { + "matches": { + "description": "Match conditions of this route group.", + "items": { + "properties": { + "headers": { + "description": "Header match conditions of this route.", + "items": { + "additionalProperties": { + "type": "string" + }, + "description": "Header match condition of this route.", + "type": "object" + }, + "type": "array" + }, + "methods": { + "description": "The HTTP methods of this HTTP route.", + "items": { + "description": "The HTTP method of this HTTP route.", + "enum": [ + "*", + "GET", + "HEAD", + "PUT", + "POST", + "DELETE", + "CONNECT", + "OPTIONS", + "TRACE", + "PATCH" + ], + "type": "string" + }, + "type": "array" + }, + "name": { + "description": "Name of the HTTP route.", + "type": "string" + }, + "pathRegex": { + "description": "URI path regex of the HTTP route.", + "type": "string" + } + }, + "required": [ + "name" + ], + "type": "object" + }, + "type": "array" + } + }, + "required": [ + "matches" + ], + "title": "HTTP Route Group", + "type": "object" +} \ No newline at end of file diff --git a/templates/oam/workloads/v1.2.1/httproutegroup.OSM.meshery.layer5.io_definition.json b/templates/oam/workloads/v1.2.1/httproutegroup.OSM.meshery.layer5.io_definition.json new file mode 100644 index 00000000..81b2af86 --- /dev/null +++ b/templates/oam/workloads/v1.2.1/httproutegroup.OSM.meshery.layer5.io_definition.json @@ -0,0 +1,20 @@ +{ + "kind": "WorkloadDefinition", + "apiVersion": "core.oam.dev/v1alpha1", + "metadata": { + "name": "HTTPRouteGroup.OSM", + "creationTimestamp": null + }, + "spec": { + "definitionRef": { + "name": "httproutegroup.OSM.meshery.layer5.io" + }, + "metadata": { + "@type": "pattern.meshery.io/mesh/workload", + "k8sAPIVersion": "specs.smi-spec.io/v1alpha4", + "k8sKind": "HTTPRouteGroup", + "meshName": "OPEN_SERVICE_MESH", + "meshVersion": "v1.2.1" + } + } +} \ No newline at end of file diff --git a/templates/oam/workloads/v1.2.1/ingressbackend.OSM.meshery.layer5.io.meshery.layer5io.schema.json b/templates/oam/workloads/v1.2.1/ingressbackend.OSM.meshery.layer5.io.meshery.layer5io.schema.json new file mode 100644 index 00000000..f5535897 --- /dev/null +++ b/templates/oam/workloads/v1.2.1/ingressbackend.OSM.meshery.layer5.io.meshery.layer5io.schema.json @@ -0,0 +1,118 @@ +{ + "properties": { + "backends": { + "description": "Backends the IngressBackend policy is applicable to.", + "items": { + "properties": { + "name": { + "description": "Name of the backend.", + "type": "string" + }, + "port": { + "description": "Port of the backend.", + "properties": { + "number": { + "description": "Port number of this port.", + "maximum": 65535, + "minimum": 1, + "type": "integer" + }, + "protocol": { + "description": "Protocol served by this port.", + "type": "string" + } + }, + "required": [ + "number", + "protocol" + ], + "type": "object" + }, + "tls": { + "description": "TLS configuration for the backend.", + "properties": { + "skipClientCertValidation": { + "description": "Skip client certificate validation.", + "type": "boolean" + }, + "sniHosts": { + "description": "SNI hosts allowed by the backend.", + "items": { + "type": "string" + }, + "type": "array" + } + }, + "required": [ + "skipClientCertValidation" + ], + "type": "object" + } + }, + "required": [ + "name", + "port" + ], + "type": "object" + }, + "type": "array" + }, + "matches": { + "description": "The resource references an IngressBackend policy should match on.", + "items": { + "properties": { + "apiGroup": { + "description": "API group for the resource being referenced.", + "type": "string" + }, + "kind": { + "description": "Type of resource being referenced.", + "type": "string" + }, + "name": { + "description": "Name of resource being referenced.", + "type": "string" + } + }, + "required": [ + "apiGroup", + "kind", + "name" + ], + "type": "object" + }, + "type": "array" + }, + "sources": { + "description": "Sources the IngressBackend policy is applicable to.", + "items": { + "properties": { + "kind": { + "description": "Kind of this source.", + "type": "string" + }, + "name": { + "description": "Name of this source.", + "type": "string" + }, + "namespace": { + "description": "Namespace of this source.", + "type": "string" + } + }, + "required": [ + "kind", + "name" + ], + "type": "object" + }, + "type": "array" + } + }, + "required": [ + "backends", + "sources" + ], + "title": "Ingress Backend", + "type": "object" +} \ No newline at end of file diff --git a/templates/oam/workloads/v1.2.1/ingressbackend.OSM.meshery.layer5.io_definition.json b/templates/oam/workloads/v1.2.1/ingressbackend.OSM.meshery.layer5.io_definition.json new file mode 100644 index 00000000..1a398ef1 --- /dev/null +++ b/templates/oam/workloads/v1.2.1/ingressbackend.OSM.meshery.layer5.io_definition.json @@ -0,0 +1,20 @@ +{ + "kind": "WorkloadDefinition", + "apiVersion": "core.oam.dev/v1alpha1", + "metadata": { + "name": "IngressBackend.OSM", + "creationTimestamp": null + }, + "spec": { + "definitionRef": { + "name": "ingressbackend.OSM.meshery.layer5.io" + }, + "metadata": { + "@type": "pattern.meshery.io/mesh/workload", + "k8sAPIVersion": "policy.openservicemesh.io/v1alpha1", + "k8sKind": "IngressBackend", + "meshName": "OPEN_SERVICE_MESH", + "meshVersion": "v1.2.1" + } + } +} \ No newline at end of file diff --git a/templates/oam/workloads/v1.2.1/meshconfig.OSM.meshery.layer5.io.meshery.layer5io.schema.json b/templates/oam/workloads/v1.2.1/meshconfig.OSM.meshery.layer5.io.meshery.layer5io.schema.json new file mode 100644 index 00000000..e2f046f1 --- /dev/null +++ b/templates/oam/workloads/v1.2.1/meshconfig.OSM.meshery.layer5.io.meshery.layer5io.schema.json @@ -0,0 +1,328 @@ +{ + "properties": { + "certificate": { + "description": "Configuration for certificate management", + "properties": { + "certKeyBitSize": { + "description": "Sets the certificate key bit size for data plane certificates.", + "type": "integer" + }, + "ingressGateway": { + "description": "Configuration for the ingress gateway's certificate", + "properties": { + "secret": { + "description": "Secret reference to store the certificate in", + "properties": { + "name": { + "description": "Name of the secret", + "type": "string" + }, + "namespace": { + "description": "Namespace of the secret", + "type": "string" + } + }, + "required": [ + "name", + "namespace" + ], + "type": "object" + }, + "subjectAltNames": { + "description": "Subject Alternative Names secured by the certificate", + "items": { + "type": "string" + }, + "minItems": 1, + "type": "array" + }, + "validityDuration": { + "description": "Certificate validity duration, represented as a sequence of decimal numbers each with optional fraction and a unit suffix", + "type": "string" + } + }, + "required": [ + "subjectAltNames", + "validityDuration", + "secret" + ], + "type": "object" + }, + "serviceCertValidityDuration": { + "description": "Sets the service certificate validity duration, represented as a sequence of decimal numbers each with optional fraction and a unit suffix.", + "type": "string" + } + }, + "required": [ + "serviceCertValidityDuration", + "certKeyBitSize" + ], + "type": "object" + }, + "featureFlags": { + "description": "OSM feature flags", + "properties": { + "enableAsyncProxyServiceMapping": { + "type": "boolean" + }, + "enableEgressPolicy": { + "description": "DEPRECATED, do not use. Set 'taffic.enableEgress' to 'false' to use EgressPolicy API.", + "type": "boolean" + }, + "enableEnvoyActiveHealthChecks": { + "type": "boolean" + }, + "enableIngressBackendPolicy": { + "type": "boolean" + }, + "enableMulticlusterMode": { + "description": "DEPRECATED, no longer used", + "type": "boolean" + }, + "enableRetryPolicy": { + "type": "boolean" + }, + "enableSnapshotCacheMode": { + "type": "boolean" + }, + "enableWASMStats": { + "type": "boolean" + } + }, + "type": "object" + }, + "observability": { + "description": "Configuration for observing the service mesh, including metrics, logs, tracing etc,.", + "properties": { + "enableDebugServer": { + "description": "Enables a debug endpoint on the osm-controller pod to list information regarding the mesh such as proxy connections, certificates, and SMI policies.", + "type": "boolean" + }, + "osmLogLevel": { + "description": "Allows setting OSM control plane log level at runtime", + "type": "string" + }, + "tracing": { + "description": "Configuration for distributed tracing", + "properties": { + "address": { + "description": "Address of Jaeger tracing deployment, if tracing is enabled.", + "type": "string" + }, + "enable": { + "description": "Enables Jaeger tracing for the mesh.", + "type": "boolean" + }, + "endpoint": { + "description": "Endpoint for tracing data, if tracing is enabled.", + "type": "string" + }, + "port": { + "description": "Port on which tracing is enabled.", + "type": "integer" + } + }, + "type": "object" + } + }, + "type": "object" + }, + "sidecar": { + "description": "Configuration for Envoy sidecar", + "properties": { + "cipherSuites": { + "description": "A list of ciphers that listener supports when negotiating TLS 1.0-1.2. This setting has no effect when negotiating TLS 1.3. For valid cipher names, see the latest OpenSSL ciphers manual page. E.g. https://www.openssl.org/docs/man1.1.1/apps/ciphers.html.", + "items": { + "type": "string" + }, + "type": "array" + }, + "configResyncInterval": { + "description": "Resync interval for regular proxy broadcast updates", + "type": "string" + }, + "ecdhCurves": { + "description": "A list of ECDH curves that TLS connection supports. If not specified, the curves are [X25519, P-256] for non-FIPS build and P-256 for builds using BoringSSL FIPS.", + "items": { + "type": "string" + }, + "type": "array" + }, + "enablePrivilegedInitContainer": { + "description": "Enables privileged init containers for pods in mesh. When false, init containers only have NET_ADMIN.", + "type": "boolean" + }, + "envoyImage": { + "description": "Image for the Envoy sidecar", + "type": "string" + }, + "envoyWindowsImage": { + "description": "Image for the Envoy sidecar on Windows workers", + "type": "string" + }, + "initContainerImage": { + "description": "Image for the init container", + "type": "string" + }, + "localProxyMode": { + "default": "Localhost", + "description": "Sets the destination ip address the envoy proxy will use when connecting to the backend application. Acceptable values are [Localhost, PodIP]. The default value is Localhost", + "enum": [ + "Localhost", + "PodIP" + ], + "type": "string" + }, + "logLevel": { + "description": "Sets the logging verbosity of Envoy proxy sidecar, only applicable to newly created pods joining the mesh.", + "enum": [ + "trace", + "debug", + "info", + "warning", + "warn", + "error", + "critical", + "off" + ], + "type": "string" + }, + "maxDataPlaneConnections": { + "description": "Max allowed data plane sidecar connections", + "type": "integer" + }, + "resources": { + "properties": { + "limits": { + "additionalProperties": true, + "description": "Limits describes the maximum amount of compute resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/", + "type": "object" + }, + "requests": { + "additionalProperties": true, + "description": "Requests describes the minimum amount of compute resources required. If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, otherwise to an implementation-defined value. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/", + "type": "object" + } + }, + "type": "object" + }, + "tlsMaxProtocolVersion": { + "default": "TLSv1_3", + "description": "The maximum TLS protocol version that the sidecar supports. Valid TLS protocol versions are TLS_AUTO, TLSv1_0, TLSv1_1, TLSv1_2 and TLSv1_3.", + "enum": [ + "TLS_AUTO", + "TLSv1_0", + "TLSv1_1", + "TLSv1_2", + "TLSv1_3" + ], + "type": "string" + }, + "tlsMinProtocolVersion": { + "default": "TLSv1_2", + "description": "The minimum TLS protocol version that the sidecar supports. Valid TLS protocol versions are TLS_AUTO, TLSv1_0, TLSv1_1, TLSv1_2 and TLSv1_3.", + "enum": [ + "TLS_AUTO", + "TLSv1_0", + "TLSv1_1", + "TLSv1_2", + "TLSv1_3" + ], + "type": "string" + } + }, + "type": "object" + }, + "traffic": { + "description": "Configuration for traffic management", + "properties": { + "enableEgress": { + "description": "Enables egress in the mesh", + "type": "boolean" + }, + "enablePermissiveTrafficPolicyMode": { + "description": "True for allowing traffic to flow between client and service pods within the mesh without SMI traffic policies, i.e. no traffic policy enforcement in the mesh. If set to false, enables deny-all traffic policy in mesh i.e. an SMI Traffic Target is necessary for services to communicate.", + "type": "boolean" + }, + "inboundExternalAuthorization": { + "description": "Configures external authorization for inbound and ingress connections.", + "properties": { + "address": { + "description": "Target destination endpoint that will handle external authorization.", + "type": "string" + }, + "enable": { + "description": "Enables/disables the inbound external authorization policy if present.", + "type": "boolean" + }, + "failureModeAllow": { + "description": "Allows specifying if traffic should succeed or fail if the external authorization endpoint fails to respond.", + "type": "boolean" + }, + "port": { + "description": "Remote destination port for the external authorization endpoint.", + "maximum": 65535, + "minimum": 1, + "type": "integer" + }, + "statPrefix": { + "default": "inboundExtAuthz", + "description": "String prefix for inbound external authorization related metrics.", + "type": "string" + }, + "timeout": { + "default": "1s", + "description": "Defines the timeout to consider for the remote endpoint to reply in time.", + "type": "string" + } + }, + "type": "object" + }, + "inboundPortExclusionList": { + "description": "Global list of ports to exclude from inbound traffic interception by the sidecar proxy.", + "items": { + "maximum": 65535, + "minimum": 1, + "type": "integer" + }, + "type": "array" + }, + "networkInterfaceExclusionList": { + "description": "NetworkInterfaceExclusionList defines a global list of network interface names to exclude from inbound and outbound traffic interception by the sidecar proxy.", + "items": { + "type": "string" + }, + "type": "array" + }, + "outboundIPRangeExclusionList": { + "description": "Global list of IP address ranges to exclude from outbound traffic interception by the sidecar proxy.", + "items": { + "pattern": "((?:\\d{1,3}\\.){3}\\d{1,3})\\/(\\d{1,2})$", + "type": "string" + }, + "type": "array" + }, + "outboundIPRangeInclusionList": { + "description": "Global list of IP address ranges to include for outbound traffic interception by the sidecar proxy.", + "items": { + "pattern": "((?:\\d{1,3}\\.){3}\\d{1,3})\\/(\\d{1,2})$", + "type": "string" + }, + "type": "array" + }, + "outboundPortExclusionList": { + "description": "Global list of ports to exclude from outbound traffic interception by the sidecar proxy.", + "items": { + "maximum": 65535, + "minimum": 1, + "type": "integer" + }, + "type": "array" + } + }, + "type": "object" + } + }, + "title": "Mesh Config", + "type": "object" +} \ No newline at end of file diff --git a/templates/oam/workloads/v1.2.1/meshconfig.OSM.meshery.layer5.io_definition.json b/templates/oam/workloads/v1.2.1/meshconfig.OSM.meshery.layer5.io_definition.json new file mode 100644 index 00000000..2e674423 --- /dev/null +++ b/templates/oam/workloads/v1.2.1/meshconfig.OSM.meshery.layer5.io_definition.json @@ -0,0 +1,20 @@ +{ + "kind": "WorkloadDefinition", + "apiVersion": "core.oam.dev/v1alpha1", + "metadata": { + "name": "MeshConfig.OSM", + "creationTimestamp": null + }, + "spec": { + "definitionRef": { + "name": "meshconfig.OSM.meshery.layer5.io" + }, + "metadata": { + "@type": "pattern.meshery.io/mesh/workload", + "k8sAPIVersion": "config.openservicemesh.io/v1alpha2", + "k8sKind": "MeshConfig", + "meshName": "OPEN_SERVICE_MESH", + "meshVersion": "v1.2.1" + } + } +} \ No newline at end of file diff --git a/templates/oam/workloads/v1.2.1/meshrootcertificate.OSM.meshery.layer5.io.meshery.layer5io.schema.json b/templates/oam/workloads/v1.2.1/meshrootcertificate.OSM.meshery.layer5.io.meshery.layer5io.schema.json new file mode 100644 index 00000000..7b599d62 --- /dev/null +++ b/templates/oam/workloads/v1.2.1/meshrootcertificate.OSM.meshery.layer5.io.meshery.layer5io.schema.json @@ -0,0 +1,163 @@ +{ + "properties": { + "provider": { + "description": "Certificate provider used by the mesh control plane", + "oneOf": [ + { + "required": [ + "certManager" + ] + }, + { + "required": [ + "vault" + ] + }, + { + "required": [ + "tresor" + ] + } + ], + "properties": { + "certManager": { + "description": "Cert-manager provider configuration", + "properties": { + "issuerGroup": { + "description": "The group that the issuer belongs to", + "type": "string" + }, + "issuerKind": { + "description": "The kind of issuer resource", + "enum": [ + "ClusterIssuer", + "Issuer" + ], + "type": "string" + }, + "issuerName": { + "description": "The name of the Issuer or ClusterIssuer resource", + "type": "string" + } + }, + "required": [ + "issuerName", + "issuerKind", + "issuerGroup" + ], + "type": "object" + }, + "tresor": { + "description": "Tresor provider configuration", + "properties": { + "ca": { + "description": "The root certificate used by Tresor", + "properties": { + "secretRef": { + "description": "Reference to the kubernetes secret storing the root certificate", + "properties": { + "name": { + "description": "Name of the kubernetes secret", + "type": "string" + }, + "namespace": { + "description": "Namespace of the kubernetes secret", + "type": "string" + } + }, + "required": [ + "name", + "namespace" + ], + "type": "object" + } + }, + "required": [ + "secretRef" + ], + "type": "object" + } + }, + "required": [ + "ca" + ], + "type": "object" + }, + "vault": { + "description": "Vault provider configuration", + "properties": { + "host": { + "description": "Host name for the Vault server", + "type": "string" + }, + "port": { + "description": "Port for the Vault server", + "maximum": 65535, + "minimum": 1, + "type": "integer" + }, + "protocol": { + "description": "Protocol for the Vault connection", + "type": "string" + }, + "role": { + "description": "Role created on Vault server for the mesh control plane", + "type": "string" + }, + "token": { + "description": "Token used by the mesh control plane", + "properties": { + "secretKeyRef": { + "description": "Reference to the kubernetes secret storing the vault token", + "properties": { + "key": { + "description": "Kubernetes secret key", + "type": "string" + }, + "name": { + "description": "Name of the kubernetes secret", + "type": "string" + }, + "namespace": { + "description": "Namespace of the kubernetes secret", + "type": "string" + } + }, + "required": [ + "name", + "key", + "namespace" + ], + "type": "object" + } + }, + "required": [ + "secretKeyRef" + ], + "type": "object" + } + }, + "required": [ + "host", + "port", + "role", + "protocol", + "token" + ], + "type": "object" + } + }, + "type": "object" + }, + "trustDomain": { + "default": "cluster.local", + "description": "Trust Domain to use in common name for certificates, e.g. \"example.com\"", + "type": "string" + } + }, + "required": [ + "provider" + ], + "title": "Mesh Root Certificate", + "type": "object" +} \ No newline at end of file diff --git a/templates/oam/workloads/v1.2.1/meshrootcertificate.OSM.meshery.layer5.io_definition.json b/templates/oam/workloads/v1.2.1/meshrootcertificate.OSM.meshery.layer5.io_definition.json new file mode 100644 index 00000000..03bb69df --- /dev/null +++ b/templates/oam/workloads/v1.2.1/meshrootcertificate.OSM.meshery.layer5.io_definition.json @@ -0,0 +1,20 @@ +{ + "kind": "WorkloadDefinition", + "apiVersion": "core.oam.dev/v1alpha1", + "metadata": { + "name": "MeshRootCertificate.OSM", + "creationTimestamp": null + }, + "spec": { + "definitionRef": { + "name": "meshrootcertificate.OSM.meshery.layer5.io" + }, + "metadata": { + "@type": "pattern.meshery.io/mesh/workload", + "k8sAPIVersion": "config.openservicemesh.io/v1alpha2", + "k8sKind": "MeshRootCertificate", + "meshName": "OPEN_SERVICE_MESH", + "meshVersion": "v1.2.1" + } + } +} \ No newline at end of file diff --git a/templates/oam/workloads/v1.2.1/retry.OSM.meshery.layer5.io.meshery.layer5io.schema.json b/templates/oam/workloads/v1.2.1/retry.OSM.meshery.layer5.io.meshery.layer5io.schema.json new file mode 100644 index 00000000..5bb9667a --- /dev/null +++ b/templates/oam/workloads/v1.2.1/retry.OSM.meshery.layer5.io.meshery.layer5io.schema.json @@ -0,0 +1,88 @@ +{ + "properties": { + "destinations": { + "description": "Destinations that the Retry policy is applicable to.", + "items": { + "properties": { + "kind": { + "description": "Kind of this destination (must be a service).", + "type": "string" + }, + "name": { + "description": "Name of this destination.", + "type": "string" + }, + "namespace": { + "description": "Namespace of this destination.", + "type": "string" + } + }, + "required": [ + "kind", + "name", + "namespace" + ], + "type": "object" + }, + "type": "array" + }, + "retryPolicy": { + "description": "Retry policy that will be applied to the source and destination services", + "properties": { + "numRetries": { + "description": "Maximum number of retries to attempt.", + "type": "integer" + }, + "perTryTimeout": { + "description": "Time allowed for a retry before it's considered a failed attempt.", + "type": "string" + }, + "retryBackoffBaseInterval": { + "description": "Base interval for exponential retry backoff. Max interval will be 10 times the base interval.", + "type": "string" + }, + "retryOn": { + "description": "Policies to retry on (delimited by commas).", + "type": "string" + } + }, + "required": [ + "retryOn", + "perTryTimeout", + "numRetries", + "retryBackoffBaseInterval" + ], + "type": "object" + }, + "source": { + "description": "Source the Retry policy is applicable to.", + "properties": { + "kind": { + "description": "Kind of this source (must be a service account).", + "type": "string" + }, + "name": { + "description": "Name of this source.", + "type": "string" + }, + "namespace": { + "description": "Namespace of this source.", + "type": "string" + } + }, + "required": [ + "kind", + "name", + "namespace" + ], + "type": "object" + } + }, + "required": [ + "source", + "destinations", + "retryPolicy" + ], + "title": "Retry", + "type": "object" +} \ No newline at end of file diff --git a/templates/oam/workloads/v1.2.1/retry.OSM.meshery.layer5.io_definition.json b/templates/oam/workloads/v1.2.1/retry.OSM.meshery.layer5.io_definition.json new file mode 100644 index 00000000..83e09f19 --- /dev/null +++ b/templates/oam/workloads/v1.2.1/retry.OSM.meshery.layer5.io_definition.json @@ -0,0 +1,20 @@ +{ + "kind": "WorkloadDefinition", + "apiVersion": "core.oam.dev/v1alpha1", + "metadata": { + "name": "Retry.OSM", + "creationTimestamp": null + }, + "spec": { + "definitionRef": { + "name": "retry.OSM.meshery.layer5.io" + }, + "metadata": { + "@type": "pattern.meshery.io/mesh/workload", + "k8sAPIVersion": "policy.openservicemesh.io/v1alpha1", + "k8sKind": "Retry", + "meshName": "OPEN_SERVICE_MESH", + "meshVersion": "v1.2.1" + } + } +} \ No newline at end of file diff --git a/templates/oam/workloads/v1.2.1/tcproute.OSM.meshery.layer5.io.meshery.layer5io.schema.json b/templates/oam/workloads/v1.2.1/tcproute.OSM.meshery.layer5.io.meshery.layer5io.schema.json new file mode 100644 index 00000000..d0cc9bfe --- /dev/null +++ b/templates/oam/workloads/v1.2.1/tcproute.OSM.meshery.layer5.io.meshery.layer5io.schema.json @@ -0,0 +1,25 @@ +{ + "properties": { + "matches": { + "description": "Match conditions of this route.", + "properties": { + "ports": { + "description": "Port numbers to match TCP traffic.", + "items": { + "type": "integer" + }, + "type": "array" + } + }, + "required": [ + "ports" + ], + "type": "object" + } + }, + "required": [ + "matches" + ], + "title": "TCP Route", + "type": "object" +} \ No newline at end of file diff --git a/templates/oam/workloads/v1.2.1/tcproute.OSM.meshery.layer5.io_definition.json b/templates/oam/workloads/v1.2.1/tcproute.OSM.meshery.layer5.io_definition.json new file mode 100644 index 00000000..2bec2323 --- /dev/null +++ b/templates/oam/workloads/v1.2.1/tcproute.OSM.meshery.layer5.io_definition.json @@ -0,0 +1,20 @@ +{ + "kind": "WorkloadDefinition", + "apiVersion": "core.oam.dev/v1alpha1", + "metadata": { + "name": "TCPRoute.OSM", + "creationTimestamp": null + }, + "spec": { + "definitionRef": { + "name": "tcproute.OSM.meshery.layer5.io" + }, + "metadata": { + "@type": "pattern.meshery.io/mesh/workload", + "k8sAPIVersion": "specs.smi-spec.io/v1alpha4", + "k8sKind": "TCPRoute", + "meshName": "OPEN_SERVICE_MESH", + "meshVersion": "v1.2.1" + } + } +} \ No newline at end of file diff --git a/templates/oam/workloads/v1.2.1/trafficsplit.OSM.meshery.layer5.io.meshery.layer5io.schema.json b/templates/oam/workloads/v1.2.1/trafficsplit.OSM.meshery.layer5.io.meshery.layer5io.schema.json new file mode 100644 index 00000000..13f0a9a2 --- /dev/null +++ b/templates/oam/workloads/v1.2.1/trafficsplit.OSM.meshery.layer5.io.meshery.layer5io.schema.json @@ -0,0 +1,59 @@ +{ + "properties": { + "backends": { + "description": "The backend services of this split.", + "items": { + "properties": { + "service": { + "description": "Name of the Kubernetes service.", + "type": "string" + }, + "weight": { + "description": "Traffic weight value of this backend.", + "type": "number" + } + }, + "required": [ + "service", + "weight" + ], + "type": "object" + }, + "type": "array" + }, + "matches": { + "description": "The HTTP route groups that this traffic split should match.", + "items": { + "properties": { + "kind": { + "description": "Kind of the matching group.", + "enum": [ + "HTTPRouteGroup" + ], + "type": "string" + }, + "name": { + "description": "Name of the matching group.", + "type": "string" + } + }, + "required": [ + "kind", + "name" + ], + "type": "object" + }, + "type": "array" + }, + "service": { + "description": "The apex service of this split.", + "type": "string" + } + }, + "required": [ + "service", + "backends" + ], + "title": "Traffic Split", + "type": "object" +} \ No newline at end of file diff --git a/templates/oam/workloads/v1.2.1/trafficsplit.OSM.meshery.layer5.io_definition.json b/templates/oam/workloads/v1.2.1/trafficsplit.OSM.meshery.layer5.io_definition.json new file mode 100644 index 00000000..36abac2c --- /dev/null +++ b/templates/oam/workloads/v1.2.1/trafficsplit.OSM.meshery.layer5.io_definition.json @@ -0,0 +1,20 @@ +{ + "kind": "WorkloadDefinition", + "apiVersion": "core.oam.dev/v1alpha1", + "metadata": { + "name": "TrafficSplit.OSM", + "creationTimestamp": null + }, + "spec": { + "definitionRef": { + "name": "trafficsplit.OSM.meshery.layer5.io" + }, + "metadata": { + "@type": "pattern.meshery.io/mesh/workload", + "k8sAPIVersion": "split.smi-spec.io/v1alpha4", + "k8sKind": "TrafficSplit", + "meshName": "OPEN_SERVICE_MESH", + "meshVersion": "v1.2.1" + } + } +} \ No newline at end of file diff --git a/templates/oam/workloads/v1.2.1/traffictarget.OSM.meshery.layer5.io.meshery.layer5io.schema.json b/templates/oam/workloads/v1.2.1/traffictarget.OSM.meshery.layer5.io.meshery.layer5io.schema.json new file mode 100644 index 00000000..83a24559 --- /dev/null +++ b/templates/oam/workloads/v1.2.1/traffictarget.OSM.meshery.layer5.io.meshery.layer5io.schema.json @@ -0,0 +1,91 @@ +{ + "properties": { + "destination": { + "description": "The destination of this traffic target.", + "properties": { + "kind": { + "description": "Kind of the destination.", + "type": "string" + }, + "name": { + "description": "Name of the destination.", + "type": "string" + }, + "namespace": { + "description": "Namespace of the destination.", + "type": "string" + } + }, + "required": [ + "name", + "kind" + ], + "type": "object" + }, + "rules": { + "description": "Specifications of this traffic target.", + "items": { + "properties": { + "kind": { + "description": "Kind of this spec.", + "enum": [ + "HTTPRouteGroup", + "TCPRoute", + "UDPRoute" + ], + "type": "string" + }, + "matches": { + "description": "Match conditions of this spec.", + "items": { + "type": "string" + }, + "type": "array" + }, + "name": { + "description": "Name of this spec.", + "type": "string" + } + }, + "required": [ + "name", + "kind" + ], + "type": "object" + }, + "type": "array" + }, + "sources": { + "description": "Sources of this traffic target.", + "items": { + "properties": { + "kind": { + "description": "Kind of this source.", + "type": "string" + }, + "name": { + "description": "Name of this source.", + "type": "string" + }, + "namespace": { + "description": "Namespace of this source.", + "type": "string" + } + }, + "required": [ + "name", + "kind" + ], + "type": "object" + }, + "type": "array" + } + }, + "required": [ + "destination", + "rules", + "sources" + ], + "title": "Traffic Target", + "type": "object" +} \ No newline at end of file diff --git a/templates/oam/workloads/v1.2.1/traffictarget.OSM.meshery.layer5.io_definition.json b/templates/oam/workloads/v1.2.1/traffictarget.OSM.meshery.layer5.io_definition.json new file mode 100644 index 00000000..f14e113d --- /dev/null +++ b/templates/oam/workloads/v1.2.1/traffictarget.OSM.meshery.layer5.io_definition.json @@ -0,0 +1,20 @@ +{ + "kind": "WorkloadDefinition", + "apiVersion": "core.oam.dev/v1alpha1", + "metadata": { + "name": "TrafficTarget.OSM", + "creationTimestamp": null + }, + "spec": { + "definitionRef": { + "name": "traffictarget.OSM.meshery.layer5.io" + }, + "metadata": { + "@type": "pattern.meshery.io/mesh/workload", + "k8sAPIVersion": "access.smi-spec.io/v1alpha3", + "k8sKind": "TrafficTarget", + "meshName": "OPEN_SERVICE_MESH", + "meshVersion": "v1.2.1" + } + } +} \ No newline at end of file diff --git a/templates/oam/workloads/v1.2.1/upstreamtrafficsetting.OSM.meshery.layer5.io.meshery.layer5io.schema.json b/templates/oam/workloads/v1.2.1/upstreamtrafficsetting.OSM.meshery.layer5.io.meshery.layer5io.schema.json new file mode 100644 index 00000000..c07418c5 --- /dev/null +++ b/templates/oam/workloads/v1.2.1/upstreamtrafficsetting.OSM.meshery.layer5.io.meshery.layer5io.schema.json @@ -0,0 +1,772 @@ +{ + "properties": { + "connectionSettings": { + "description": "Connection settings for the upstream host.", + "properties": { + "http": { + "description": "HTTP connection settings.", + "properties": { + "maxPendingRequests": { + "description": "Maximum number of pending HTTP/1.1 requests allowed.", + "minimum": 0, + "type": "integer" + }, + "maxRequests": { + "description": "Maximum number of parallel HTTP requests allowed.", + "minimum": 0, + "type": "integer" + }, + "maxRequestsPerConnection": { + "description": "Maximum number of HTTP requests per connection allowed.", + "minimum": 0, + "type": "integer" + }, + "maxRetries": { + "description": "Maximum number of parallel retries allowed.", + "minimum": 0, + "type": "integer" + } + }, + "type": "object" + }, + "tcp": { + "description": "TCP connection settings.", + "properties": { + "connectTimeout": { + "description": "TCP connection timeout.", + "type": "string" + }, + "maxConnections": { + "description": "Maximum number of TCP connections.", + "minimum": 0, + "type": "integer" + } + }, + "type": "object" + } + }, + "type": "object" + }, + "host": { + "description": "Upstream host the policy is applicabe to.", + "type": "string" + }, + "httpRoutes": { + "description": "HTTPRoutes defines the list of HTTP routes settings for the upstream host. Settings are applied at a per route level.", + "items": { + "description": "HTTP route settings for the given path.", + "properties": { + "path": { + "description": "Path defines the HTTP path. This can be an RE2 regex value.", + "minLength": 1, + "type": "string" + }, + "rateLimit": { + "description": "Rate limiting policy applied per route.", + "properties": { + "global": { + "description": "Global rate limiting policy applied per route.", + "properties": { + "descriptors": { + "description": "List of rate limit descriptors to use in the rate limit service request.", + "items": { + "description": "Rate limit descriptor to use in the rate limit service request.", + "properties": { + "entries": { + "description": "List of rate limit descriptor entries for the descriptor.", + "items": { + "description": "Descriptor entry.", + "oneOf": [ + { + "required": [ + "genericKey" + ] + }, + { + "required": [ + "remoteAddress" + ] + }, + { + "required": [ + "requestHeader" + ] + }, + { + "required": [ + "headerValueMatch" + ] + } + ], + "properties": { + "genericKey": { + "description": "GenericKey (optional) defines a descriptor entry with a static key-value pair.", + "properties": { + "key": { + "description": "Key (optional) of the genericKey descriptor entry. Defaults to 'generic_key'.", + "minLength": 1, + "type": "string" + }, + "value": { + "description": "Value of the genericKey descriptor entry", + "minLength": 1, + "type": "string" + } + }, + "required": [ + "value" + ], + "type": "object" + }, + "headerValueMatch": { + "description": "HeaderValueMatch (optional) defines a descriptor entry that is generated when the request header matches the given HTTP header match criteria.", + "properties": { + "expectMatch": { + "description": "ExpectMatch (optional) defines whether the request must match the given match criteria for the descriptor entry to be generated. If set to false, a descriptor entry will be generated when the request does not match the match criteria. Defaults to true.", + "type": "boolean" + }, + "headers": { + "description": "List of HTTP header match criteria used to determine whether the descriptor entry should be generated for the request. A match will happen if all the specified headers are present in the request with the same values, or based on presence if the value field is not set.", + "items": { + "description": "Header match criteria.", + "oneOf": [ + { + "required": [ + "name", + "exact" + ] + }, + { + "required": [ + "name", + "prefix" + ] + }, + { + "required": [ + "name", + "suffix" + ] + }, + { + "required": [ + "name", + "regex" + ] + }, + { + "required": [ + "name", + "contains" + ] + }, + { + "required": [ + "name", + "present" + ] + } + ], + "properties": { + "contains": { + "description": "Contains (optional) value to match against the given header name.", + "minLength": 1, + "type": "string" + }, + "exact": { + "description": "Exact (optional) value to match against the given header name.", + "minLength": 1, + "type": "string" + }, + "name": { + "description": "Name of the header to match.", + "minLength": 1, + "type": "string" + }, + "prefix": { + "description": "Prefix (optional) value to match against the given header name.", + "minLength": 1, + "type": "string" + }, + "present": { + "description": "Present (optional) defines whether the request matches the criteria when the header is present. If set to false, header match will be performed based on whether the header is absent.", + "type": "boolean" + }, + "regex": { + "description": "Regex (optional) value to match against the given header name.", + "minLength": 1, + "type": "string" + }, + "suffix": { + "description": "Suffix (optional) value to match against the given header name.", + "minLength": 1, + "type": "string" + } + }, + "required": [ + "name" + ], + "type": "object" + }, + "minItems": 1, + "type": "array" + }, + "key": { + "description": "Key (optional) of the headerValueMatch descriptor entry. Defaults to 'header_match'.", + "type": "string" + }, + "value": { + "description": "Value of the headerValueMatch descriptor entry", + "minLength": 1, + "type": "string" + } + }, + "required": [ + "value", + "headers" + ], + "type": "object" + }, + "remoteAddress": { + "description": "RemoteAddress (optional) defines a descriptor entry with with key 'remote_address' and value equal to the client's IP address derived from the x-forwarded-for header.", + "type": "object" + }, + "requestHeader": { + "description": "RequestHeader (optional) defines a descriptor entry that is generated only when the request header matches the given header name. The value of the descriptor entry is derived from the value of the header present in the request.", + "properties": { + "key": { + "description": "Key of the requestHeader descriptor entry.", + "minLength": 1, + "type": "string" + }, + "name": { + "description": "Name of the header used to look up the descriptor entry's value.", + "minLength": 1, + "type": "string" + } + }, + "required": [ + "name", + "key" + ], + "type": "object" + } + }, + "type": "object" + }, + "minItems": 1, + "type": "array" + } + }, + "required": [ + "entries" + ], + "type": "object" + }, + "minItems": 1, + "type": "array" + } + }, + "required": [ + "descriptors" + ], + "type": "object" + }, + "local": { + "description": "Local rate limiting policy applied per route.", + "properties": { + "burst": { + "description": "Burst (optional) defines the number of requests above the baseline rate that are allowed in a short period of time.", + "type": "integer" + }, + "requests": { + "description": "Requests defines the number of requests allowed per unit of time before rate limiting occurs.", + "minimum": 1, + "type": "integer" + }, + "responseHeadersToAdd": { + "description": "ResponseHeadersToAdd (optional) defines the list of HTTP headers that should be added to each response for requests that have been rate limited.", + "items": { + "description": "Defines an HTTP header name/value pair.", + "properties": { + "name": { + "description": "Name defines the HTTP header name.", + "minLength": 1, + "type": "string" + }, + "value": { + "description": "Value defines the HTTP header value.", + "minLength": 1, + "type": "string" + } + }, + "required": [ + "name", + "value" + ], + "type": "object" + }, + "type": "array" + }, + "responseStatusCode": { + "description": "ResponseStatusCode (optional) defines the HTTP status code to use for responses to rate limited requests. Code must be in the 400-599 (inclusive) error range. If not specified, a default of 429 (Too Many Requests) is used.", + "maximum": 599, + "minimum": 400, + "type": "integer" + }, + "unit": { + "description": "Unit defines the period of time within which requests over the limit will be rate limited. Valid values are \"second\", \"minute\" and \"hour\".", + "enum": [ + "second", + "minute", + "hour" + ], + "type": "string" + } + }, + "type": "object" + } + }, + "type": "object" + } + }, + "type": "object" + }, + "type": "array" + }, + "rateLimit": { + "description": "Rate limiting policy.", + "properties": { + "global": { + "description": "Global rate limit policy responsible for rate limiting traffic to the upstream service.", + "properties": { + "http": { + "description": "Global rate limit policy for HTTP requests.", + "properties": { + "descriptors": { + "description": "List of rate limit descriptors to use in the rate limit service request.", + "items": { + "description": "Rate limit descriptor to use in the rate limit service request.", + "properties": { + "entries": { + "description": "List of rate limit descriptor entries for the descriptor.", + "items": { + "description": "Descriptor entry.", + "oneOf": [ + { + "required": [ + "genericKey" + ] + }, + { + "required": [ + "remoteAddress" + ] + }, + { + "required": [ + "requestHeader" + ] + }, + { + "required": [ + "headerValueMatch" + ] + } + ], + "properties": { + "genericKey": { + "description": "GenericKey (optional) defines a descriptor entry with a static key-value pair.", + "properties": { + "key": { + "description": "Key (optional) of the genericKey descriptor entry. Defaults to 'generic_key'.", + "minLength": 1, + "type": "string" + }, + "value": { + "description": "Value of the genericKey descriptor entry", + "minLength": 1, + "type": "string" + } + }, + "required": [ + "value" + ], + "type": "object" + }, + "headerValueMatch": { + "description": "HeaderValueMatch (optional) defines a descriptor entry that is generated when the request header matches the given HTTP header match criteria.", + "properties": { + "expectMatch": { + "description": "ExpectMatch (optional) defines whether the request must match the given match criteria for the descriptor entry to be generated. If set to false, a descriptor entry will be generated when the request does not match the match criteria. Defaults to true.", + "type": "boolean" + }, + "headers": { + "description": "List of HTTP header match criteria used to determine whether the descriptor entry should be generated for the request. A match will happen if all the specified headers are present in the request with the same values, or based on presence if the value field is not set.", + "items": { + "description": "Header match criteria.", + "oneOf": [ + { + "required": [ + "name", + "exact" + ] + }, + { + "required": [ + "name", + "prefix" + ] + }, + { + "required": [ + "name", + "suffix" + ] + }, + { + "required": [ + "name", + "regex" + ] + }, + { + "required": [ + "name", + "contains" + ] + }, + { + "required": [ + "name", + "present" + ] + } + ], + "properties": { + "contains": { + "description": "Contains (optional) value to match against the given header name.", + "minLength": 1, + "type": "string" + }, + "exact": { + "description": "Exact (optional) value to match against the given header name.", + "minLength": 1, + "type": "string" + }, + "name": { + "description": "Name of the header to match.", + "minLength": 1, + "type": "string" + }, + "prefix": { + "description": "Prefix (optional) value to match against the given header name.", + "minLength": 1, + "type": "string" + }, + "present": { + "description": "Present (optional) defines whether the request matches the criteria when the header is present. If set to false, header match will be performed based on whether the header is absent.", + "type": "boolean" + }, + "regex": { + "description": "Regex (optional) value to match against the given header name.", + "minLength": 1, + "type": "string" + }, + "suffix": { + "description": "Suffix (optional) value to match against the given header name.", + "minLength": 1, + "type": "string" + } + }, + "required": [ + "name" + ], + "type": "object" + }, + "minItems": 1, + "type": "array" + }, + "key": { + "description": "Key (optional) of the headerValueMatch descriptor entry. Defaults to 'header_match'.", + "type": "string" + }, + "value": { + "description": "Value of the headerValueMatch descriptor entry", + "minLength": 1, + "type": "string" + } + }, + "required": [ + "value", + "headers" + ], + "type": "object" + }, + "remoteAddress": { + "description": "RemoteAddress (optional) defines a descriptor entry with with key 'remote_address' and value equal to the client's IP address derived from the x-forwarded-for header.", + "type": "object" + }, + "requestHeader": { + "description": "RequestHeader (optional) defines a descriptor entry that is generated only when the request header matches the given header name. The value of the descriptor entry is derived from the value of the header present in the request.", + "properties": { + "key": { + "description": "Key of the requestHeader descriptor entry.", + "minLength": 1, + "type": "string" + }, + "name": { + "description": "Name of the header used to look up the descriptor entry's value.", + "minLength": 1, + "type": "string" + } + }, + "required": [ + "name", + "key" + ], + "type": "object" + } + }, + "type": "object" + }, + "minItems": 1, + "type": "array" + } + }, + "required": [ + "entries" + ], + "type": "object" + }, + "minItems": 1, + "type": "array" + }, + "domain": { + "description": "Domain defines a container for a set of rate limits. All domains known to the Ratelimit service must be globally unique. They serve as a way to have different rate limit configurations that don't conflict.", + "type": "string" + }, + "enableXRateLimitHeaders": { + "description": "EnableXRateLimitHeaders (optional) defines whether to include the headers X-RateLimit-Limit, X-RateLimit-Remaining, and X-RateLimit-Reset on responses to clients when the rate limit service is consulted for a request. Defaults to false.", + "type": "boolean" + }, + "failOpen": { + "description": "FailOpen (optional) defines whether to allow traffic in case of communication failure between rate limiting service and the proxy. Defaults to true.", + "type": "boolean" + }, + "rateLimitService": { + "description": "Rate limit service to use as a global rate limiter.", + "properties": { + "host": { + "description": "Hostname of the global rate limit service.", + "minLength": 1, + "type": "string" + }, + "port": { + "description": "Port of the global rate limit service.", + "maximum": 65535, + "minimum": 1, + "type": "integer" + } + }, + "required": [ + "host", + "port" + ], + "type": "object" + }, + "responseStatusCode": { + "description": "ResponseStatusCode (optional) defines the HTTP status code to use for responses to rate limited requests. Code must be in the 400-599 (inclusive) error range. If not specified, a default of 429 (Too Many Requests) is used.", + "maximum": 599, + "minimum": 400, + "type": "integer" + }, + "timeout": { + "description": "Timeout (optional) interval for calls to the rate limit service. Defaults to 20ms.", + "type": "string" + } + }, + "required": [ + "rateLimitService", + "domain" + ], + "type": "object" + }, + "tcp": { + "description": "Global rate limit policy for TCP connections.", + "properties": { + "descriptors": { + "description": "List of rate limit descriptors to use in the rate limit service request.", + "items": { + "description": "Rate limit descriptor to use in the rate limit service request.", + "properties": { + "entries": { + "description": "List of rate limit descriptor entries for the descriptor.", + "items": { + "description": "Descriptor entry.", + "properties": { + "key": { + "description": "Key of the descriptor entry.", + "type": "string" + }, + "value": { + "description": "Value of the descriptor entry.", + "type": "string" + } + }, + "required": [ + "key", + "value" + ], + "type": "object" + }, + "minItems": 1, + "type": "array" + } + }, + "required": [ + "entries" + ], + "type": "object" + }, + "minItems": 1, + "type": "array" + }, + "domain": { + "description": "Domain defines a container for a set of rate limits. All domains known to the Ratelimit service must be globally unique. They serve as a way to have different rate limit configurations that don't conflict.", + "type": "string" + }, + "failOpen": { + "description": "FailOpen (optional) defines whether to allow traffic in case of communication failure between rate limiting service and the proxy. Defaults to true.", + "type": "boolean" + }, + "rateLimitService": { + "description": "Rate limit service to use as a global rate limiter.", + "properties": { + "host": { + "description": "Hostname of the global rate limit service.", + "minLength": 1, + "type": "string" + }, + "port": { + "description": "Port of the global rate limit service.", + "maximum": 65535, + "minimum": 1, + "type": "integer" + } + }, + "required": [ + "host", + "port" + ], + "type": "object" + }, + "timeout": { + "description": "Timeout (optional) interval for calls to the rate limit service. Defaults to 20ms.", + "type": "string" + } + }, + "required": [ + "rateLimitService", + "domain", + "descriptors" + ], + "type": "object" + } + }, + "type": "object" + }, + "local": { + "description": "Local rate limit policy responsible for rate limiting traffic at the upstream service.", + "properties": { + "http": { + "description": "HTTP level local rate limiting to limit the number of requests per unit of time.", + "properties": { + "burst": { + "description": "Burst (optional) defines the number of requests above the baseline rate that are allowed in a short period of time.", + "type": "integer" + }, + "requests": { + "description": "Requests defines the number of requests allowed per unit of time before rate limiting occurs.", + "minimum": 1, + "type": "integer" + }, + "responseHeadersToAdd": { + "description": "ResponseHeadersToAdd (optional) defines the list of HTTP headers that should be added to each response for requests that have been rate limited.", + "items": { + "description": "Defines an HTTP header name/value pair.", + "properties": { + "name": { + "description": "Name defines the HTTP header name.", + "minLength": 1, + "type": "string" + }, + "value": { + "description": "Value defines the HTTP header value.", + "minLength": 1, + "type": "string" + } + }, + "required": [ + "name", + "value" + ], + "type": "object" + }, + "type": "array" + }, + "responseStatusCode": { + "description": "ResponseStatusCode (optional) defines the HTTP status code to use for responses to rate limited requests. Code must be in the 400-599 (inclusive) error range. If not specified, a default of 429 (Too Many Requests) is used.", + "maximum": 599, + "minimum": 400, + "type": "integer" + }, + "unit": { + "description": "Unit defines the period of time within which requests over the limit will be rate limited. Valid values are \"second\", \"minute\" and \"hour\".", + "enum": [ + "second", + "minute", + "hour" + ], + "type": "string" + } + }, + "type": "object" + }, + "tcp": { + "description": "TCP level local rate limiting to limit the number of connections per unit of time.", + "properties": { + "burst": { + "description": "Burst (optional) defines the number of connections above the baseline rate that are allowed in a short period of time.", + "type": "integer" + }, + "connections": { + "description": "Connections defines the number of connections allowed per unit of time before rate limiting occurs.", + "minimum": 1, + "type": "integer" + }, + "unit": { + "description": "Unit defines the period of time within which connections over the limit will be rate limited. Valid values are \"second\", \"minute\" and \"hour\".", + "enum": [ + "second", + "minute", + "hour" + ], + "type": "string" + } + }, + "type": "object" + } + }, + "type": "object" + } + }, + "type": "object" + } + }, + "required": [ + "host" + ], + "title": "Upstream Traffic Setting", + "type": "object" +} \ No newline at end of file diff --git a/templates/oam/workloads/v1.2.1/upstreamtrafficsetting.OSM.meshery.layer5.io_definition.json b/templates/oam/workloads/v1.2.1/upstreamtrafficsetting.OSM.meshery.layer5.io_definition.json new file mode 100644 index 00000000..3493969d --- /dev/null +++ b/templates/oam/workloads/v1.2.1/upstreamtrafficsetting.OSM.meshery.layer5.io_definition.json @@ -0,0 +1,20 @@ +{ + "kind": "WorkloadDefinition", + "apiVersion": "core.oam.dev/v1alpha1", + "metadata": { + "name": "UpstreamTrafficSetting.OSM", + "creationTimestamp": null + }, + "spec": { + "definitionRef": { + "name": "upstreamtrafficsetting.OSM.meshery.layer5.io" + }, + "metadata": { + "@type": "pattern.meshery.io/mesh/workload", + "k8sAPIVersion": "policy.openservicemesh.io/v1alpha1", + "k8sKind": "UpstreamTrafficSetting", + "meshName": "OPEN_SERVICE_MESH", + "meshVersion": "v1.2.1" + } + } +} \ No newline at end of file