traffic_target.proto

Package: smi.access.v1alpha1

Copyright 2018 Istio Authors

Licensed under the Apache License, Version 2.0 (the “License”); you may not use this file except in compliance with the License. You may obtain a copy of the License at

  http://www.apache.org/licenses/LICENSE-2.0

Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on an “AS IS” BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the specific language governing permissions and limitations under the License.

Types:

Source File: github.com/solo-io/supergloo/api/external/smi/access/v1alpha1/traffic_target.proto

TrafficTarget

TrafficTarget associates a set of traffic definitions (rules) with a service identity which is allocated to a group of pods. Access is controlled via referenced TrafficSpecs and by a list of source service identities. * If a pod which holds the referenced service identity makes a call to the destination on one of the defined routes then access will be allowed * Any pod which attempts to connect and is not in the defined list of sources will be denied * Any pod which is in the defined list, but attempts to connect on a route which is not in the list of the TrafficSpecs will be denied

"metadata": .core.solo.io.Metadata
"destination": .smi.access.v1alpha1.IdentityBindingSubject
"sources": []smi.access.v1alpha1.IdentityBindingSubject
"specs": []smi.access.v1alpha1.TrafficTargetSpec
Field Type Description Default
metadata .core.solo.io.Metadata Metadata contains the object metadata for this resource
destination .smi.access.v1alpha1.IdentityBindingSubject Selector is the pod or group of pods to allow ingress traffic
sources []smi.access.v1alpha1.IdentityBindingSubject Sources are the pod or group of pods to allow ingress traffic
specs []smi.access.v1alpha1.TrafficTargetSpec Rules are the traffic rules to allow (HTTPRoutes TCPRoute),

IdentityBindingSubject

"kind": string
"name": string
"namespace": string
"port": string
Field Type Description Default
kind string Kind is the type of Subject to allow ingress (ServiceAccount Group)
name string Name of the Subject, i.e. ServiceAccountName
namespace string Namespace where the Subject is deployed
port string Port defines a TCP port to apply the TrafficTarget to

TrafficTargetSpec

"kind": string
"name": string
"matches": []string
Field Type Description Default
kind string Kind is the kind of TrafficSpec to allow
name string Name of the TrafficSpec to use
matches []string Matches is a list of TrafficSpec routes to allow traffic for