diff --git a/.idea/istio-virtualservice-merger.iml b/.idea/istio-virtualservice-merger.iml
new file mode 100644
index 0000000..c956989
--- /dev/null
+++ b/.idea/istio-virtualservice-merger.iml
@@ -0,0 +1,8 @@
+
+
+
+
+
+
+
+
\ No newline at end of file
diff --git a/.idea/modules.xml b/.idea/modules.xml
new file mode 100644
index 0000000..fcaecb3
--- /dev/null
+++ b/.idea/modules.xml
@@ -0,0 +1,8 @@
+
+
+
+
+
+
+
+
\ No newline at end of file
diff --git a/.idea/workspace.xml b/.idea/workspace.xml
new file mode 100644
index 0000000..ca3bffa
--- /dev/null
+++ b/.idea/workspace.xml
@@ -0,0 +1,12 @@
+
+
+
+
+ 1652061092566
+
+
+ 1652061092566
+
+
+
+
\ No newline at end of file
diff --git a/config/crd/bases/istiomerger.monime.sl_virtualservicemerges.yaml b/config/crd/bases/istiomerger.monime.sl_virtualservicemerges.yaml
new file mode 100644
index 0000000..fb8098f
--- /dev/null
+++ b/config/crd/bases/istiomerger.monime.sl_virtualservicemerges.yaml
@@ -0,0 +1,1152 @@
+
+---
+apiVersion: apiextensions.k8s.io/v1
+kind: CustomResourceDefinition
+metadata:
+ annotations:
+ controller-gen.kubebuilder.io/version: v0.4.1
+ creationTimestamp: null
+ name: virtualservicemerges.istiomerger.monime.sl
+spec:
+ group: istiomerger.monime.sl
+ names:
+ kind: VirtualServiceMerge
+ listKind: VirtualServiceMergeList
+ plural: virtualservicemerges
+ singular: virtualservicemerge
+ scope: Namespaced
+ versions:
+ - name: v1alpha1
+ schema:
+ openAPIV3Schema:
+ properties:
+ apiVersion:
+ description: 'APIVersion defines the versioned schema of this representation
+ of an object. Servers should convert recognized schemas to the latest
+ internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
+ type: string
+ kind:
+ description: 'Kind is a string value representing the REST resource this
+ object represents. Servers may infer this from the endpoint the client
+ submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
+ type: string
+ metadata:
+ type: object
+ spec:
+ description: VirtualServiceMergeSpec defines the desired state of VirtualServiceMerge
+ properties:
+ patch:
+ description: "Configuration affecting traffic routing. \n \n "
+ properties:
+ export_to:
+ description: "A list of namespaces to which this virtual service
+ is exported. Exporting a virtual service allows it to be used
+ by sidecars and gateways defined in other namespaces. This feature
+ provides a mechanism for service owners and mesh administrators
+ to control the visibility of virtual services across namespace
+ boundaries. \n If no namespaces are specified then the virtual
+ service is exported to all namespaces by default. \n The value
+ \".\" is reserved and defines an export to the same namespace
+ that the virtual service is declared in. Similarly the value
+ \"*\" is reserved and defines an export to all namespaces."
+ items:
+ type: string
+ type: array
+ gateways:
+ description: The names of gateways and sidecars that should apply
+ these routes. Gateways in other namespaces may be referred to
+ by `/`; specifying a gateway
+ with no namespace qualifier is the same as specifying the VirtualService's
+ namespace. A single VirtualService is used for sidecars inside
+ the mesh as well as for one or more gateways. The selection
+ condition imposed by this field can be overridden using the
+ source field in the match conditions of protocol-specific routes.
+ The reserved word `mesh` is used to imply all the sidecars in
+ the mesh. When this field is omitted, the default gateway (`mesh`)
+ will be used, which would apply the rule to all sidecars in
+ the mesh. If a list of gateway names is provided, the rules
+ will apply only to the gateways. To apply the rules to both
+ gateways and sidecars, specify `mesh` as one of the gateway
+ names.
+ items:
+ type: string
+ type: array
+ hosts:
+ description: "The destination hosts to which traffic is being
+ sent. Could be a DNS name with wildcard prefix or an IP address.
+ \ Depending on the platform, short-names can also be used instead
+ of a FQDN (i.e. has no dots in the name). In such a scenario,
+ the FQDN of the host would be derived based on the underlying
+ platform. \n A single VirtualService can be used to describe
+ all the traffic properties of the corresponding hosts, including
+ those for multiple HTTP and TCP ports. Alternatively, the traffic
+ properties of a host can be defined using more than one VirtualService,
+ with certain caveats. Refer to the [Operations Guide](https://istio.io/docs/ops/best-practices/traffic-management/#split-virtual-services)
+ for details. \n *Note for Kubernetes users*: When short names
+ are used (e.g. \"reviews\" instead of \"reviews.default.svc.cluster.local\"),
+ Istio will interpret the short name based on the namespace of
+ the rule, not the service. A rule in the \"default\" namespace
+ containing a host \"reviews\" will be interpreted as \"reviews.default.svc.cluster.local\",
+ irrespective of the actual namespace associated with the reviews
+ service. _To avoid potential misconfigurations, it is recommended
+ to always use fully qualified domain names over short names._
+ \n The hosts field applies to both HTTP and TCP services. Service
+ inside the mesh, i.e., those found in the service registry,
+ must always be referred to using their alphanumeric names. IP
+ addresses are allowed only for services defined via the Gateway.
+ \n *Note*: It must be empty for a delegate VirtualService."
+ items:
+ type: string
+ type: array
+ http:
+ description: An ordered list of route rules for HTTP traffic.
+ HTTP routes will be applied to platform service ports named
+ 'http-*'/'http2-*'/'grpc-*', gateway ports with protocol HTTP/HTTP2/GRPC/
+ TLS-terminated-HTTPS and service entry ports using HTTP/HTTP2/GRPC
+ protocols. The first rule matching an incoming request is used.
+ items:
+ description: Describes match conditions and actions for routing
+ HTTP/1.1, HTTP2, and gRPC traffic. See VirtualService for
+ usage examples.
+ properties:
+ cors_policy:
+ description: Cross-Origin Resource Sharing policy (CORS).
+ Refer to [CORS](https://developer.mozilla.org/en-US/docs/Web/HTTP/CORS)
+ for further details about cross origin resource sharing.
+ properties:
+ allow_credentials:
+ description: Indicates whether the caller is allowed
+ to send the actual request (not the preflight) using
+ credentials. Translates to `Access-Control-Allow-Credentials`
+ header.
+ properties:
+ value:
+ description: The bool value.
+ type: boolean
+ type: object
+ allow_headers:
+ description: List of HTTP headers that can be used when
+ requesting the resource. Serialized to Access-Control-Allow-Headers
+ header.
+ items:
+ type: string
+ type: array
+ allow_methods:
+ description: List of HTTP methods allowed to access
+ the resource. The content will be serialized into
+ the Access-Control-Allow-Methods header.
+ items:
+ type: string
+ type: array
+ allow_origin:
+ description: The list of origins that are allowed to
+ perform CORS requests. The content will be serialized
+ into the Access-Control-Allow-Origin header. Wildcard
+ * will allow all origins. $hide_from_docs
+ items:
+ type: string
+ type: array
+ allow_origins:
+ description: String patterns that match allowed origins.
+ An origin is allowed if any of the string matchers
+ match. If a match is found, then the outgoing Access-Control-Allow-Origin
+ would be set to the origin as provided by the client.
+ items:
+ description: Describes how to match a given string
+ in HTTP headers. Match is case-sensitive.
+ type: object
+ type: array
+ expose_headers:
+ description: A list of HTTP headers that the browsers
+ are allowed to access. Serialized into Access-Control-Expose-Headers
+ header.
+ items:
+ type: string
+ type: array
+ max_age:
+ description: Specifies how long the results of a preflight
+ request can be cached. Translates to the `Access-Control-Max-Age`
+ header.
+ properties:
+ nanos:
+ description: Signed fractions of a second at nanosecond
+ resolution of the span of time. Durations less
+ than one second are represented with a 0 `seconds`
+ field and a positive or negative `nanos` field.
+ For durations of one second or more, a non-zero
+ value for the `nanos` field must be of the same
+ sign as the `seconds` field. Must be from -999,999,999
+ to +999,999,999 inclusive.
+ format: int32
+ type: integer
+ seconds:
+ description: 'Signed seconds of the span of time.
+ Must be from -315,576,000,000 to +315,576,000,000
+ inclusive. Note: these bounds are computed from:
+ 60 sec/min * 60 min/hr * 24 hr/day * 365.25 days/year
+ * 10000 years'
+ format: int64
+ type: integer
+ type: object
+ type: object
+ delegate:
+ description: "Delegate is used to specify the particular
+ VirtualService which can be used to define delegate HTTPRoute.
+ \n It can be set only when `Route` and `Redirect` are
+ empty, and the route rules of the delegate VirtualService
+ will be merged with that in the current one. \n **NOTE**:
+ \n 1. Only one level delegation is supported. 2. The delegate's
+ HTTPMatchRequest must be a strict subset of the root's,
+ \ otherwise there is a conflict and the HTTPRoute will
+ not take effect."
+ properties:
+ name:
+ description: Name specifies the name of the delegate
+ VirtualService.
+ type: string
+ namespace:
+ description: Namespace specifies the namespace where
+ the delegate VirtualService resides. By default, it
+ is same to the root's.
+ type: string
+ type: object
+ fault:
+ description: Fault injection policy to apply on HTTP traffic
+ at the client side. Note that timeouts or retries will
+ not be enabled when faults are enabled on the client side.
+ properties:
+ abort:
+ description: Abort Http request attempts and return
+ error codes back to downstream service, giving the
+ impression that the upstream service is faulty.
+ properties:
+ percentage:
+ description: Percentage of requests to be aborted
+ with the error code provided.
+ properties:
+ value:
+ type: number
+ type: object
+ type: object
+ delay:
+ description: Delay requests before forwarding, emulating
+ various failures such as network issues, overloaded
+ upstream service, etc.
+ properties:
+ percent:
+ description: Percentage of requests on which the
+ delay will be injected (0-100). Use of integer
+ `percent` value is deprecated. Use the double
+ `percentage` field instead.
+ format: int32
+ type: integer
+ percentage:
+ description: Percentage of requests on which the
+ delay will be injected.
+ properties:
+ value:
+ type: number
+ type: object
+ type: object
+ type: object
+ headers:
+ description: Header manipulation rules
+ properties:
+ request:
+ description: Header manipulation rules to apply before
+ forwarding a request to the destination service
+ properties:
+ add:
+ additionalProperties:
+ type: string
+ description: Append the given values to the headers
+ specified by keys (will create a comma-separated
+ list of values)
+ type: object
+ remove:
+ description: Remove the specified headers
+ items:
+ type: string
+ type: array
+ set:
+ additionalProperties:
+ type: string
+ description: Overwrite the headers specified by
+ key with the given values
+ type: object
+ type: object
+ response:
+ description: Header manipulation rules to apply before
+ returning a response to the caller
+ properties:
+ add:
+ additionalProperties:
+ type: string
+ description: Append the given values to the headers
+ specified by keys (will create a comma-separated
+ list of values)
+ type: object
+ remove:
+ description: Remove the specified headers
+ items:
+ type: string
+ type: array
+ set:
+ additionalProperties:
+ type: string
+ description: Overwrite the headers specified by
+ key with the given values
+ type: object
+ type: object
+ type: object
+ match:
+ description: Match conditions to be satisfied for the rule
+ to be activated. All conditions inside a single match
+ block have AND semantics, while the list of match blocks
+ have OR semantics. The rule is matched if any one of the
+ match blocks succeed.
+ items:
+ description: "HttpMatchRequest specifies a set of criterion
+ to be met in order for the rule to be applied to the
+ HTTP request. For example, the following restricts the
+ rule to match only requests where the URL path starts
+ with /ratings/v2/ and the request contains a custom
+ `end-user` header with value `jason`. \n {{}}
+ {{}}
+ ```yaml apiVersion: networking.istio.io/v1alpha3 kind:
+ VirtualService metadata: name: ratings-route spec:
+ \ hosts: - ratings.prod.svc.cluster.local http:
+ \ - match: - headers: end-user: exact:
+ jason uri: prefix: \"/ratings/v2/\" ignoreUriCase:
+ true route: - destination: host: ratings.prod.svc.cluster.local
+ ``` {{}} \n {{}}
+ ```yaml apiVersion: networking.istio.io/v1beta1 kind:
+ VirtualService metadata: name: ratings-route spec:
+ \ hosts: - ratings.prod.svc.cluster.local http:
+ \ - match: - headers: end-user: exact:
+ jason uri: prefix: \"/ratings/v2/\" ignoreUriCase:
+ true route: - destination: host: ratings.prod.svc.cluster.local
+ ``` {{}} {{}} \n HTTPMatchRequest CANNOT
+ be empty. **Note:** No regex string match can be set
+ when delegate VirtualService is specified."
+ properties:
+ authority:
+ description: "HTTP Authority values are case-sensitive
+ and formatted as follows: \n - `exact: \"value\"`
+ for exact string match \n - `prefix: \"value\"`
+ for prefix-based match \n - `regex: \"value\"` for
+ RE2 style regex-based match (https://github.com/google/re2/wiki/Syntax)."
+ type: object
+ gateways:
+ description: Names of gateways where the rule should
+ be applied. Gateway names in the top-level `gateways`
+ field of the VirtualService (if any) are overridden.
+ The gateway match is independent of sourceLabels.
+ items:
+ type: string
+ type: array
+ headers:
+ additionalProperties:
+ description: Describes how to match a given string
+ in HTTP headers. Match is case-sensitive.
+ type: object
+ description: "The header keys must be lowercase and
+ use hyphen as the separator, e.g. _x-request-id_.
+ \n Header values are case-sensitive and formatted
+ as follows: \n - `exact: \"value\"` for exact string
+ match \n - `prefix: \"value\"` for prefix-based
+ match \n - `regex: \"value\"` for RE2 style regex-based
+ match (https://github.com/google/re2/wiki/Syntax).
+ \n If the value is empty and only the name of header
+ is specfied, presence of the header is checked.
+ **Note:** The keys `uri`, `scheme`, `method`, and
+ `authority` will be ignored."
+ type: object
+ ignore_uri_case:
+ description: "Flag to specify whether the URI matching
+ should be case-insensitive. \n **Note:** The case
+ will be ignored only in the case of `exact` and
+ `prefix` URI matches."
+ type: boolean
+ method:
+ description: "HTTP Method values are case-sensitive
+ and formatted as follows: \n - `exact: \"value\"`
+ for exact string match \n - `prefix: \"value\"`
+ for prefix-based match \n - `regex: \"value\"` for
+ RE2 style regex-based match (https://github.com/google/re2/wiki/Syntax)."
+ type: object
+ name:
+ description: The name assigned to a match. The match's
+ name will be concatenated with the parent route's
+ name and will be logged in the access logs for requests
+ matching this route.
+ type: string
+ port:
+ description: Specifies the ports on the host that
+ is being addressed. Many services only expose a
+ single port or label ports with the protocols they
+ support, in these cases it is not required to explicitly
+ select the port.
+ format: int32
+ type: integer
+ query_params:
+ additionalProperties:
+ description: Describes how to match a given string
+ in HTTP headers. Match is case-sensitive.
+ type: object
+ description: "Query parameters for matching. \n Ex:
+ \n - For a query parameter like \"?key=true\", the
+ map key would be \"key\" and the string match
+ could be defined as `exact: \"true\"`. \n - For
+ a query parameter like \"?key\", the map key would
+ be \"key\" and the string match could be defined
+ as `exact: \"\"`. \n - For a query parameter like
+ \"?key=123\", the map key would be \"key\" and the
+ \ string match could be defined as `regex: \"\\d+$\"`.
+ Note that this configuration will only match values
+ like \"123\" but not \"a123\" or \"123a\". \n **Note:**
+ `prefix` matching is currently not supported."
+ type: object
+ scheme:
+ description: "URI Scheme values are case-sensitive
+ and formatted as follows: \n - `exact: \"value\"`
+ for exact string match \n - `prefix: \"value\"`
+ for prefix-based match \n - `regex: \"value\"` for
+ RE2 style regex-based match (https://github.com/google/re2/wiki/Syntax)."
+ type: object
+ source_labels:
+ additionalProperties:
+ type: string
+ description: One or more labels that constrain the
+ applicability of a rule to source (client) workloads
+ with the given labels. If the VirtualService has
+ a list of gateways specified in the top-level `gateways`
+ field, it must include the reserved gateway `mesh`
+ for this field to be applicable.
+ type: object
+ source_namespace:
+ description: Source namespace constraining the applicability
+ of a rule to workloads in that namespace. If the
+ VirtualService has a list of gateways specified
+ in the top-level `gateways` field, it must include
+ the reserved gateway `mesh` for this field to be
+ applicable.
+ type: string
+ uri:
+ description: "URI to match values are case-sensitive
+ and formatted as follows: \n - `exact: \"value\"`
+ for exact string match \n - `prefix: \"value\"`
+ for prefix-based match \n - `regex: \"value\"` for
+ RE2 style regex-based match (https://github.com/google/re2/wiki/Syntax).
+ \n **Note:** Case-insensitive matching could be
+ enabled via the `ignore_uri_case` flag."
+ type: object
+ without_headers:
+ additionalProperties:
+ description: Describes how to match a given string
+ in HTTP headers. Match is case-sensitive.
+ type: object
+ description: withoutHeader has the same syntax with
+ the header, but has opposite meaning. If a header
+ is matched with a matching rule among withoutHeader,
+ the traffic becomes not matched one.
+ type: object
+ type: object
+ type: array
+ mirror:
+ description: Mirror HTTP traffic to a another destination
+ in addition to forwarding the requests to the intended
+ destination. Mirrored traffic is on a best effort basis
+ where the sidecar/gateway will not wait for the mirrored
+ cluster to respond before returning the response from
+ the original destination. Statistics will be generated
+ for the mirrored destination.
+ properties:
+ host:
+ description: "The name of a service from the service
+ registry. Service names are looked up from the platform's
+ service registry (e.g., Kubernetes services, Consul
+ services, etc.) and from the hosts declared by [ServiceEntry](https://istio.io/docs/reference/config/networking/service-entry/#ServiceEntry).
+ Traffic forwarded to destinations that are not found
+ in either of the two, will be dropped. \n *Note for
+ Kubernetes users*: When short names are used (e.g.
+ \"reviews\" instead of \"reviews.default.svc.cluster.local\"),
+ Istio will interpret the short name based on the namespace
+ of the rule, not the service. A rule in the \"default\"
+ namespace containing a host \"reviews will be interpreted
+ as \"reviews.default.svc.cluster.local\", irrespective
+ of the actual namespace associated with the reviews
+ service. To avoid potential misconfiguration, it is
+ recommended to always use fully qualified domain names
+ over short names."
+ type: string
+ port:
+ description: Specifies the port on the host that is
+ being addressed. If a service exposes only a single
+ port it is not required to explicitly select the port.
+ properties:
+ number:
+ description: Valid port number
+ format: int32
+ type: integer
+ type: object
+ subset:
+ description: The name of a subset within the service.
+ Applicable only to services within the mesh. The subset
+ must be defined in a corresponding DestinationRule.
+ type: string
+ type: object
+ mirror_percent:
+ description: Percentage of the traffic to be mirrored by
+ the `mirror` field. Use of integer `mirror_percent` value
+ is deprecated. Use the double `mirror_percentage` field
+ instead $hide_from_docs
+ properties:
+ value:
+ description: The uint32 value.
+ format: int32
+ type: integer
+ type: object
+ mirror_percentage:
+ description: Percentage of the traffic to be mirrored by
+ the `mirror` field. If this field is absent, all the traffic
+ (100%) will be mirrored. Max value is 100.
+ properties:
+ value:
+ type: number
+ type: object
+ name:
+ description: The name assigned to the route for debugging
+ purposes. The route's name will be concatenated with the
+ match's name and will be logged in the access logs for
+ requests matching this route/match.
+ type: string
+ redirect:
+ description: A HTTP rule can either redirect or forward
+ (default) traffic. If traffic passthrough option is specified
+ in the rule, route/redirect will be ignored. The redirect
+ primitive can be used to send a HTTP 301 redirect to a
+ different URI or Authority.
+ properties:
+ authority:
+ description: On a redirect, overwrite the Authority/Host
+ portion of the URL with this value.
+ type: string
+ redirect_code:
+ description: On a redirect, Specifies the HTTP status
+ code to use in the redirect response. The default
+ response code is MOVED_PERMANENTLY (301).
+ format: int32
+ type: integer
+ scheme:
+ description: On a redirect, overwrite the scheme portion
+ of the URL with this value. For example, `http` or
+ `https`. If unset, the original scheme will be used.
+ If `derivePort` is set to `FROM_PROTOCOL_DEFAULT`,
+ this will impact the port used as well
+ type: string
+ uri:
+ description: On a redirect, overwrite the Path portion
+ of the URL with this value. Note that the entire path
+ will be replaced, irrespective of the request URI
+ being matched as an exact path or prefix.
+ type: string
+ type: object
+ retries:
+ description: Retry policy for HTTP requests.
+ properties:
+ attempts:
+ description: Number of retries to be allowed for a given
+ request. The interval between retries will be determined
+ automatically (25ms+). When request `timeout` of the
+ [HTTP route](https://istio.io/docs/reference/config/networking/virtual-service/#HTTPRoute)
+ or `per_try_timeout` is configured, the actual number
+ of retries attempted also depends on the specified
+ request `timeout` and `per_try_timeout` values.
+ format: int32
+ type: integer
+ per_try_timeout:
+ description: 'Timeout per attempt for a given request,
+ including the initial call and any retries. Format:
+ 1h/1m/1s/1ms. MUST BE >=1ms. Default is same value
+ as request `timeout` of the [HTTP route](https://istio.io/docs/reference/config/networking/virtual-service/#HTTPRoute),
+ which means no timeout.'
+ properties:
+ nanos:
+ description: Signed fractions of a second at nanosecond
+ resolution of the span of time. Durations less
+ than one second are represented with a 0 `seconds`
+ field and a positive or negative `nanos` field.
+ For durations of one second or more, a non-zero
+ value for the `nanos` field must be of the same
+ sign as the `seconds` field. Must be from -999,999,999
+ to +999,999,999 inclusive.
+ format: int32
+ type: integer
+ seconds:
+ description: 'Signed seconds of the span of time.
+ Must be from -315,576,000,000 to +315,576,000,000
+ inclusive. Note: these bounds are computed from:
+ 60 sec/min * 60 min/hr * 24 hr/day * 365.25 days/year
+ * 10000 years'
+ format: int64
+ type: integer
+ type: object
+ retry_on:
+ description: Specifies the conditions under which retry
+ takes place. One or more policies can be specified
+ using a ‘,’ delimited list. If retry_on specifies
+ a valid HTTP status, it will be added to retriable_status_codes
+ retry policy. See the [retry policies](https://www.envoyproxy.io/docs/envoy/latest/configuration/http/http_filters/router_filter#x-envoy-retry-on)
+ and [gRPC retry policies](https://www.envoyproxy.io/docs/envoy/latest/configuration/http/http_filters/router_filter#x-envoy-retry-grpc-on)
+ for more details.
+ type: string
+ retry_remote_localities:
+ description: Flag to specify whether the retries should
+ retry to other localities. See the [retry plugin configuration](https://www.envoyproxy.io/docs/envoy/latest/intro/arch_overview/http/http_connection_management#retry-plugin-configuration)
+ for more details.
+ properties:
+ value:
+ description: The bool value.
+ type: boolean
+ type: object
+ type: object
+ rewrite:
+ description: Rewrite HTTP URIs and Authority headers. Rewrite
+ cannot be used with Redirect primitive. Rewrite will be
+ performed before forwarding.
+ properties:
+ authority:
+ description: rewrite the Authority/Host header with
+ this value.
+ type: string
+ uri:
+ description: rewrite the path (or the prefix) portion
+ of the URI with this value. If the original URI was
+ matched based on prefix, the value provided in this
+ field will replace the corresponding matched prefix.
+ type: string
+ type: object
+ route:
+ description: A HTTP rule can either redirect or forward
+ (default) traffic. The forwarding target can be one of
+ several versions of a service (see glossary in beginning
+ of document). Weights associated with the service version
+ determine the proportion of traffic it receives.
+ items:
+ description: "Each routing rule is associated with one
+ or more service versions (see glossary in beginning
+ of document). Weights associated with the version determine
+ the proportion of traffic it receives. For example,
+ the following rule will route 25% of traffic for the
+ \"reviews\" service to instances with the \"v2\" tag
+ and the remaining traffic (i.e., 75%) to \"v1\". \n
+ {{}} {{}} ```yaml apiVersion: networking.istio.io/v1alpha3
+ kind: VirtualService metadata: name: reviews-route
+ spec: hosts: - reviews.prod.svc.cluster.local http:
+ \ - route: - destination: host: reviews.prod.svc.cluster.local
+ \ subset: v2 weight: 25 - destination:
+ \ host: reviews.prod.svc.cluster.local subset:
+ v1 weight: 75 ``` {{}} \n {{}} ```yaml apiVersion: networking.istio.io/v1beta1
+ kind: VirtualService metadata: name: reviews-route
+ spec: hosts: - reviews.prod.svc.cluster.local http:
+ \ - route: - destination: host: reviews.prod.svc.cluster.local
+ \ subset: v2 weight: 25 - destination:
+ \ host: reviews.prod.svc.cluster.local subset:
+ v1 weight: 75 ``` {{}} {{}} \n
+ And the associated DestinationRule \n {{}}
+ {{}}
+ ```yaml apiVersion: networking.istio.io/v1alpha3 kind:
+ DestinationRule metadata: name: reviews-destination
+ spec: host: reviews.prod.svc.cluster.local subsets:
+ \ - name: v1 labels: version: v1 - name:
+ v2 labels: version: v2 ``` {{}} \n {{}} ```yaml
+ apiVersion: networking.istio.io/v1beta1 kind: DestinationRule
+ metadata: name: reviews-destination spec: host:
+ reviews.prod.svc.cluster.local subsets: - name:
+ v1 labels: version: v1 - name: v2 labels:
+ \ version: v2 ``` {{}} {{}} \n Traffic
+ can also be split across two entirely different services
+ without having to define new subsets. For example, the
+ following rule forwards 25% of traffic to reviews.com
+ to dev.reviews.com \n {{}}
+ {{}}
+ ```yaml apiVersion: networking.istio.io/v1alpha3 kind:
+ VirtualService metadata: name: reviews-route-two-domains
+ spec: hosts: - reviews.com http: - route: -
+ destination: host: dev.reviews.com weight:
+ 25 - destination: host: reviews.com weight:
+ 75 ``` {{}} \n {{}}
+ ```yaml apiVersion: networking.istio.io/v1beta1 kind:
+ VirtualService metadata: name: reviews-route-two-domains
+ spec: hosts: - reviews.com http: - route: -
+ destination: host: dev.reviews.com weight:
+ 25 - destination: host: reviews.com weight:
+ 75 ``` {{}} {{}}"
+ properties:
+ destination:
+ description: Destination uniquely identifies the instances
+ of a service to which the request/connection should
+ be forwarded to.
+ properties:
+ host:
+ description: "The name of a service from the service
+ registry. Service names are looked up from the
+ platform's service registry (e.g., Kubernetes
+ services, Consul services, etc.) and from the
+ hosts declared by [ServiceEntry](https://istio.io/docs/reference/config/networking/service-entry/#ServiceEntry).
+ Traffic forwarded to destinations that are not
+ found in either of the two, will be dropped.
+ \n *Note for Kubernetes users*: When short names
+ are used (e.g. \"reviews\" instead of \"reviews.default.svc.cluster.local\"),
+ Istio will interpret the short name based on
+ the namespace of the rule, not the service.
+ A rule in the \"default\" namespace containing
+ a host \"reviews will be interpreted as \"reviews.default.svc.cluster.local\",
+ irrespective of the actual namespace associated
+ with the reviews service. To avoid potential
+ misconfiguration, it is recommended to always
+ use fully qualified domain names over short
+ names."
+ type: string
+ port:
+ description: Specifies the port on the host that
+ is being addressed. If a service exposes only
+ a single port it is not required to explicitly
+ select the port.
+ properties:
+ number:
+ description: Valid port number
+ format: int32
+ type: integer
+ type: object
+ subset:
+ description: The name of a subset within the service.
+ Applicable only to services within the mesh.
+ The subset must be defined in a corresponding
+ DestinationRule.
+ type: string
+ type: object
+ headers:
+ description: Header manipulation rules
+ properties:
+ request:
+ description: Header manipulation rules to apply
+ before forwarding a request to the destination
+ service
+ properties:
+ add:
+ additionalProperties:
+ type: string
+ description: Append the given values to the
+ headers specified by keys (will create a
+ comma-separated list of values)
+ type: object
+ remove:
+ description: Remove the specified headers
+ items:
+ type: string
+ type: array
+ set:
+ additionalProperties:
+ type: string
+ description: Overwrite the headers specified
+ by key with the given values
+ type: object
+ type: object
+ response:
+ description: Header manipulation rules to apply
+ before returning a response to the caller
+ properties:
+ add:
+ additionalProperties:
+ type: string
+ description: Append the given values to the
+ headers specified by keys (will create a
+ comma-separated list of values)
+ type: object
+ remove:
+ description: Remove the specified headers
+ items:
+ type: string
+ type: array
+ set:
+ additionalProperties:
+ type: string
+ description: Overwrite the headers specified
+ by key with the given values
+ type: object
+ type: object
+ type: object
+ weight:
+ description: The proportion of traffic to be forwarded
+ to the service version. (0-100). Sum of weights
+ across destinations SHOULD BE == 100. If there is
+ only one destination in a rule, the weight value
+ is assumed to be 100.
+ format: int32
+ type: integer
+ type: object
+ type: array
+ timeout:
+ description: Timeout for HTTP requests, default is disabled.
+ properties:
+ nanos:
+ description: Signed fractions of a second at nanosecond
+ resolution of the span of time. Durations less than
+ one second are represented with a 0 `seconds` field
+ and a positive or negative `nanos` field. For durations
+ of one second or more, a non-zero value for the `nanos`
+ field must be of the same sign as the `seconds` field.
+ Must be from -999,999,999 to +999,999,999 inclusive.
+ format: int32
+ type: integer
+ seconds:
+ description: 'Signed seconds of the span of time. Must
+ be from -315,576,000,000 to +315,576,000,000 inclusive.
+ Note: these bounds are computed from: 60 sec/min *
+ 60 min/hr * 24 hr/day * 365.25 days/year * 10000 years'
+ format: int64
+ type: integer
+ type: object
+ type: object
+ type: array
+ tcp:
+ description: An ordered list of route rules for opaque TCP traffic.
+ TCP routes will be applied to any port that is not a HTTP or
+ TLS port. The first rule matching an incoming request is used.
+ items:
+ description: "Describes match conditions and actions for routing
+ TCP traffic. The following routing rule forwards traffic arriving
+ at port 27017 for mongo.prod.svc.cluster.local to another
+ Mongo server on port 5555. \n {{}}
+ {{}} ```yaml
+ apiVersion: networking.istio.io/v1alpha3 kind: VirtualService
+ metadata: name: bookinfo-mongo spec: hosts: - mongo.prod.svc.cluster.local
+ \ tcp: - match: - port: 27017 route: - destination:
+ \ host: mongo.backup.svc.cluster.local port:
+ \ number: 5555 ``` {{}} \n {{}} ```yaml apiVersion: networking.istio.io/v1beta1
+ kind: VirtualService metadata: name: bookinfo-mongo spec:
+ \ hosts: - mongo.prod.svc.cluster.local tcp: - match:
+ \ - port: 27017 route: - destination: host:
+ mongo.backup.svc.cluster.local port: number:
+ 5555 ``` {{}} {{}}"
+ properties:
+ match:
+ description: Match conditions to be satisfied for the rule
+ to be activated. All conditions inside a single match
+ block have AND semantics, while the list of match blocks
+ have OR semantics. The rule is matched if any one of the
+ match blocks succeed.
+ items:
+ description: L4 connection match attributes. Note that
+ L4 connection matching support is incomplete.
+ properties:
+ destination_subnets:
+ description: IPv4 or IPv6 ip addresses of destination
+ with optional subnet. E.g., a.b.c.d/xx form or
+ just a.b.c.d.
+ items:
+ type: string
+ type: array
+ gateways:
+ description: Names of gateways where the rule should
+ be applied. Gateway names in the top-level `gateways`
+ field of the VirtualService (if any) are overridden.
+ The gateway match is independent of sourceLabels.
+ items:
+ type: string
+ type: array
+ port:
+ description: Specifies the port on the host that is
+ being addressed. Many services only expose a single
+ port or label ports with the protocols they support,
+ in these cases it is not required to explicitly
+ select the port.
+ format: int32
+ type: integer
+ source_labels:
+ additionalProperties:
+ type: string
+ description: One or more labels that constrain the
+ applicability of a rule to workloads with the given
+ labels. If the VirtualService has a list of gateways
+ specified in the top-level `gateways` field, it
+ should include the reserved gateway `mesh` in order
+ for this field to be applicable.
+ type: object
+ source_namespace:
+ description: Source namespace constraining the applicability
+ of a rule to workloads in that namespace. If the
+ VirtualService has a list of gateways specified
+ in the top-level `gateways` field, it must include
+ the reserved gateway `mesh` for this field to be
+ applicable.
+ type: string
+ source_subnet:
+ description: IPv4 or IPv6 ip address of source with
+ optional subnet. E.g., a.b.c.d/xx form or just a.b.c.d
+ $hide_from_docs
+ type: string
+ type: object
+ type: array
+ route:
+ description: The destination to which the connection should
+ be forwarded to.
+ items:
+ description: L4 routing rule weighted destination.
+ properties:
+ destination:
+ description: Destination uniquely identifies the instances
+ of a service to which the request/connection should
+ be forwarded to.
+ properties:
+ host:
+ description: "The name of a service from the service
+ registry. Service names are looked up from the
+ platform's service registry (e.g., Kubernetes
+ services, Consul services, etc.) and from the
+ hosts declared by [ServiceEntry](https://istio.io/docs/reference/config/networking/service-entry/#ServiceEntry).
+ Traffic forwarded to destinations that are not
+ found in either of the two, will be dropped.
+ \n *Note for Kubernetes users*: When short names
+ are used (e.g. \"reviews\" instead of \"reviews.default.svc.cluster.local\"),
+ Istio will interpret the short name based on
+ the namespace of the rule, not the service.
+ A rule in the \"default\" namespace containing
+ a host \"reviews will be interpreted as \"reviews.default.svc.cluster.local\",
+ irrespective of the actual namespace associated
+ with the reviews service. To avoid potential
+ misconfiguration, it is recommended to always
+ use fully qualified domain names over short
+ names."
+ type: string
+ port:
+ description: Specifies the port on the host that
+ is being addressed. If a service exposes only
+ a single port it is not required to explicitly
+ select the port.
+ properties:
+ number:
+ description: Valid port number
+ format: int32
+ type: integer
+ type: object
+ subset:
+ description: The name of a subset within the service.
+ Applicable only to services within the mesh.
+ The subset must be defined in a corresponding
+ DestinationRule.
+ type: string
+ type: object
+ weight:
+ description: The proportion of traffic to be forwarded
+ to the service version. If there is only one destination
+ in a rule, all traffic will be routed to it irrespective
+ of the weight.
+ format: int32
+ type: integer
+ type: object
+ type: array
+ type: object
+ type: array
+ tls:
+ description: 'An ordered list of route rule for non-terminated
+ TLS & HTTPS traffic. Routing is typically performed using the
+ SNI value presented by the ClientHello message. TLS routes will
+ be applied to platform service ports named ''https-*'', ''tls-*'',
+ unterminated gateway ports using HTTPS/TLS protocols (i.e. with
+ "passthrough" TLS mode) and service entry ports using HTTPS/TLS
+ protocols. The first rule matching an incoming request is used. NOTE:
+ Traffic ''https-*'' or ''tls-*'' ports without associated virtual
+ service will be treated as opaque TCP traffic.'
+ items:
+ description: "Describes match conditions and actions for routing
+ unterminated TLS traffic (TLS/HTTPS) The following routing
+ rule forwards unterminated TLS traffic arriving at port 443
+ of gateway called \"mygateway\" to internal services in the
+ mesh based on the SNI value. \n {{}}
+ {{}} ```yaml
+ apiVersion: networking.istio.io/v1alpha3 kind: VirtualService
+ metadata: name: bookinfo-sni spec: hosts: - \"*.bookinfo.com\"
+ \ gateways: - mygateway tls: - match: - port: 443
+ \ sniHosts: - login.bookinfo.com route: -
+ destination: host: login.prod.svc.cluster.local -
+ match: - port: 443 sniHosts: - reviews.bookinfo.com
+ \ route: - destination: host: reviews.prod.svc.cluster.local
+ ``` {{}} \n {{}}
+ ```yaml apiVersion: networking.istio.io/v1beta1 kind: VirtualService
+ metadata: name: bookinfo-sni spec: hosts: - \"*.bookinfo.com\"
+ \ gateways: - mygateway tls: - match: - port: 443
+ \ sniHosts: - login.bookinfo.com route: -
+ destination: host: login.prod.svc.cluster.local -
+ match: - port: 443 sniHosts: - reviews.bookinfo.com
+ \ route: - destination: host: reviews.prod.svc.cluster.local
+ ``` {{}} {{}}"
+ properties:
+ match:
+ description: Match conditions to be satisfied for the rule
+ to be activated. All conditions inside a single match
+ block have AND semantics, while the list of match blocks
+ have OR semantics. The rule is matched if any one of the
+ match blocks succeed.
+ items:
+ description: TLS connection match attributes.
+ properties:
+ destination_subnets:
+ description: IPv4 or IPv6 ip addresses of destination
+ with optional subnet. E.g., a.b.c.d/xx form or
+ just a.b.c.d.
+ items:
+ type: string
+ type: array
+ gateways:
+ description: Names of gateways where the rule should
+ be applied. Gateway names in the top-level `gateways`
+ field of the VirtualService (if any) are overridden.
+ The gateway match is independent of sourceLabels.
+ items:
+ type: string
+ type: array
+ port:
+ description: Specifies the port on the host that is
+ being addressed. Many services only expose a single
+ port or label ports with the protocols they support,
+ in these cases it is not required to explicitly
+ select the port.
+ format: int32
+ type: integer
+ sni_hosts:
+ description: SNI (server name indicator) to match
+ on. Wildcard prefixes can be used in the SNI value,
+ e.g., *.com will match foo.example.com as well as
+ example.com. An SNI value must be a subset (i.e.,
+ fall within the domain) of the corresponding virtual
+ serivce's hosts.
+ items:
+ type: string
+ type: array
+ source_labels:
+ additionalProperties:
+ type: string
+ description: One or more labels that constrain the
+ applicability of a rule to workloads with the given
+ labels. If the VirtualService has a list of gateways
+ specified in the top-level `gateways` field, it
+ should include the reserved gateway `mesh` in order
+ for this field to be applicable.
+ type: object
+ source_namespace:
+ description: Source namespace constraining the applicability
+ of a rule to workloads in that namespace. If the
+ VirtualService has a list of gateways specified
+ in the top-level `gateways` field, it must include
+ the reserved gateway `mesh` for this field to be
+ applicable.
+ type: string
+ type: object
+ type: array
+ route:
+ description: The destination to which the connection should
+ be forwarded to.
+ items:
+ description: L4 routing rule weighted destination.
+ properties:
+ destination:
+ description: Destination uniquely identifies the instances
+ of a service to which the request/connection should
+ be forwarded to.
+ properties:
+ host:
+ description: "The name of a service from the service
+ registry. Service names are looked up from the
+ platform's service registry (e.g., Kubernetes
+ services, Consul services, etc.) and from the
+ hosts declared by [ServiceEntry](https://istio.io/docs/reference/config/networking/service-entry/#ServiceEntry).
+ Traffic forwarded to destinations that are not
+ found in either of the two, will be dropped.
+ \n *Note for Kubernetes users*: When short names
+ are used (e.g. \"reviews\" instead of \"reviews.default.svc.cluster.local\"),
+ Istio will interpret the short name based on
+ the namespace of the rule, not the service.
+ A rule in the \"default\" namespace containing
+ a host \"reviews will be interpreted as \"reviews.default.svc.cluster.local\",
+ irrespective of the actual namespace associated
+ with the reviews service. To avoid potential
+ misconfiguration, it is recommended to always
+ use fully qualified domain names over short
+ names."
+ type: string
+ port:
+ description: Specifies the port on the host that
+ is being addressed. If a service exposes only
+ a single port it is not required to explicitly
+ select the port.
+ properties:
+ number:
+ description: Valid port number
+ format: int32
+ type: integer
+ type: object
+ subset:
+ description: The name of a subset within the service.
+ Applicable only to services within the mesh.
+ The subset must be defined in a corresponding
+ DestinationRule.
+ type: string
+ type: object
+ weight:
+ description: The proportion of traffic to be forwarded
+ to the service version. If there is only one destination
+ in a rule, all traffic will be routed to it irrespective
+ of the weight.
+ format: int32
+ type: integer
+ type: object
+ type: array
+ type: object
+ type: array
+ type: object
+ target:
+ description: Target defines the source resource to merged with
+ properties:
+ name:
+ type: string
+ namespace:
+ type: string
+ type: object
+ required:
+ - patch
+ - target
+ type: object
+ status:
+ description: VirtualServicePatchStatus defines the observed state of VirtualServiceMerge
+ properties:
+ HandledRevision:
+ description: INSERT ADDITIONAL STATUS FIELD - define observed state
+ of cluster
+ type: string
+ type: object
+ type: object
+ served: true
+ storage: true
+ subresources:
+ status: {}
+status:
+ acceptedNames:
+ kind: ""
+ plural: ""
+ conditions: []
+ storedVersions: []