public static final class DestinationRuleOuterClass.ClientTLSSettings.Builder extends com.google.protobuf.GeneratedMessageV3.Builder<DestinationRuleOuterClass.ClientTLSSettings.Builder> implements DestinationRuleOuterClass.ClientTLSSettingsOrBuilder
SSL/TLS related settings for upstream connections. See Envoy's [TLS
context](https://www.envoyproxy.io/docs/envoy/latest/api-v2/api/v2/auth/cert.proto.html)
for more details. These settings are common to both HTTP and TCP upstreams.
For example, the following rule configures a client to use mutual TLS
for connections to upstream database cluster.
{{<tabset category-name="example">}}
{{<tab name="v1alpha3" category-value="v1alpha3">}}
```yaml
apiVersion: networking.istio.io/v1alpha3
kind: DestinationRule
metadata:
name: db-mtls
spec:
host: mydbserver.prod.svc.cluster.local
trafficPolicy:
tls:
mode: MUTUAL
clientCertificate: /etc/certs/myclientcert.pem
privateKey: /etc/certs/client_private_key.pem
caCertificates: /etc/certs/rootcacerts.pem
```
{{</tab>}}
{{<tab name="v1beta1" category-value="v1beta1">}}
```yaml
apiVersion: networking.istio.io/v1beta1
kind: DestinationRule
metadata:
name: db-mtls
spec:
host: mydbserver.prod.svc.cluster.local
trafficPolicy:
tls:
mode: MUTUAL
clientCertificate: /etc/certs/myclientcert.pem
privateKey: /etc/certs/client_private_key.pem
caCertificates: /etc/certs/rootcacerts.pem
```
{{</tab>}}
{{</tabset>}}
The following rule configures a client to use TLS when talking to a
foreign service whose domain matches *.foo.com.
{{<tabset category-name="example">}}
{{<tab name="v1alpha3" category-value="v1alpha3">}}
```yaml
apiVersion: networking.istio.io/v1alpha3
kind: DestinationRule
metadata:
name: tls-foo
spec:
host: "*.foo.com"
trafficPolicy:
tls:
mode: SIMPLE
```
{{</tab>}}
{{<tab name="v1beta1" category-value="v1beta1">}}
```yaml
apiVersion: networking.istio.io/v1beta1
kind: DestinationRule
metadata:
name: tls-foo
spec:
host: "*.foo.com"
trafficPolicy:
tls:
mode: SIMPLE
```
{{</tab>}}
{{</tabset>}}
The following rule configures a client to use Istio mutual TLS when talking
to rating services.
{{<tabset category-name="example">}}
{{<tab name="v1alpha3" category-value="v1alpha3">}}
```yaml
apiVersion: networking.istio.io/v1alpha3
kind: DestinationRule
metadata:
name: ratings-istio-mtls
spec:
host: ratings.prod.svc.cluster.local
trafficPolicy:
tls:
mode: ISTIO_MUTUAL
```
{{</tab>}}
{{<tab name="v1beta1" category-value="v1beta1">}}
```yaml
apiVersion: networking.istio.io/v1beta1
kind: DestinationRule
metadata:
name: ratings-istio-mtls
spec:
host: ratings.prod.svc.cluster.local
trafficPolicy:
tls:
mode: ISTIO_MUTUAL
```
{{</tab>}}
{{</tabset>}}
Protobuf type istio.networking.v1alpha3.ClientTLSSettings| 限定符和类型 | 方法和说明 |
|---|---|
DestinationRuleOuterClass.ClientTLSSettings.Builder |
addAllSubjectAltNames(Iterable<String> values)
A list of alternate names to verify the subject identity in the
certificate.
|
DestinationRuleOuterClass.ClientTLSSettings.Builder |
addRepeatedField(com.google.protobuf.Descriptors.FieldDescriptor field,
Object value) |
DestinationRuleOuterClass.ClientTLSSettings.Builder |
addSubjectAltNames(String value)
A list of alternate names to verify the subject identity in the
certificate.
|
DestinationRuleOuterClass.ClientTLSSettings.Builder |
addSubjectAltNamesBytes(com.google.protobuf.ByteString value)
A list of alternate names to verify the subject identity in the
certificate.
|
DestinationRuleOuterClass.ClientTLSSettings |
build() |
DestinationRuleOuterClass.ClientTLSSettings |
buildPartial() |
DestinationRuleOuterClass.ClientTLSSettings.Builder |
clear() |
DestinationRuleOuterClass.ClientTLSSettings.Builder |
clearCaCertificates()
OPTIONAL: The path to the file containing certificate authority
certificates to use in verifying a presented server certificate.
|
DestinationRuleOuterClass.ClientTLSSettings.Builder |
clearClientCertificate()
REQUIRED if mode is `MUTUAL`.
|
DestinationRuleOuterClass.ClientTLSSettings.Builder |
clearCredentialName()
The name of the secret that holds the TLS certs for the
client including the CA certificates.
|
DestinationRuleOuterClass.ClientTLSSettings.Builder |
clearField(com.google.protobuf.Descriptors.FieldDescriptor field) |
DestinationRuleOuterClass.ClientTLSSettings.Builder |
clearMode()
Indicates whether connections to this port should be secured
using TLS.
|
DestinationRuleOuterClass.ClientTLSSettings.Builder |
clearOneof(com.google.protobuf.Descriptors.OneofDescriptor oneof) |
DestinationRuleOuterClass.ClientTLSSettings.Builder |
clearPrivateKey()
REQUIRED if mode is `MUTUAL`.
|
DestinationRuleOuterClass.ClientTLSSettings.Builder |
clearSni()
SNI string to present to the server during TLS handshake.
|
DestinationRuleOuterClass.ClientTLSSettings.Builder |
clearSubjectAltNames()
A list of alternate names to verify the subject identity in the
certificate.
|
DestinationRuleOuterClass.ClientTLSSettings.Builder |
clone() |
String |
getCaCertificates()
OPTIONAL: The path to the file containing certificate authority
certificates to use in verifying a presented server certificate.
|
com.google.protobuf.ByteString |
getCaCertificatesBytes()
OPTIONAL: The path to the file containing certificate authority
certificates to use in verifying a presented server certificate.
|
String |
getClientCertificate()
REQUIRED if mode is `MUTUAL`.
|
com.google.protobuf.ByteString |
getClientCertificateBytes()
REQUIRED if mode is `MUTUAL`.
|
String |
getCredentialName()
The name of the secret that holds the TLS certs for the
client including the CA certificates.
|
com.google.protobuf.ByteString |
getCredentialNameBytes()
The name of the secret that holds the TLS certs for the
client including the CA certificates.
|
DestinationRuleOuterClass.ClientTLSSettings |
getDefaultInstanceForType() |
static com.google.protobuf.Descriptors.Descriptor |
getDescriptor() |
com.google.protobuf.Descriptors.Descriptor |
getDescriptorForType() |
DestinationRuleOuterClass.ClientTLSSettings.TLSmode |
getMode()
Indicates whether connections to this port should be secured
using TLS.
|
int |
getModeValue()
Indicates whether connections to this port should be secured
using TLS.
|
String |
getPrivateKey()
REQUIRED if mode is `MUTUAL`.
|
com.google.protobuf.ByteString |
getPrivateKeyBytes()
REQUIRED if mode is `MUTUAL`.
|
String |
getSni()
SNI string to present to the server during TLS handshake.
|
com.google.protobuf.ByteString |
getSniBytes()
SNI string to present to the server during TLS handshake.
|
String |
getSubjectAltNames(int index)
A list of alternate names to verify the subject identity in the
certificate.
|
com.google.protobuf.ByteString |
getSubjectAltNamesBytes(int index)
A list of alternate names to verify the subject identity in the
certificate.
|
int |
getSubjectAltNamesCount()
A list of alternate names to verify the subject identity in the
certificate.
|
com.google.protobuf.ProtocolStringList |
getSubjectAltNamesList()
A list of alternate names to verify the subject identity in the
certificate.
|
protected com.google.protobuf.GeneratedMessageV3.FieldAccessorTable |
internalGetFieldAccessorTable() |
boolean |
isInitialized() |
DestinationRuleOuterClass.ClientTLSSettings.Builder |
mergeFrom(com.google.protobuf.CodedInputStream input,
com.google.protobuf.ExtensionRegistryLite extensionRegistry) |
DestinationRuleOuterClass.ClientTLSSettings.Builder |
mergeFrom(DestinationRuleOuterClass.ClientTLSSettings other) |
DestinationRuleOuterClass.ClientTLSSettings.Builder |
mergeFrom(com.google.protobuf.Message other) |
DestinationRuleOuterClass.ClientTLSSettings.Builder |
mergeUnknownFields(com.google.protobuf.UnknownFieldSet unknownFields) |
DestinationRuleOuterClass.ClientTLSSettings.Builder |
setCaCertificates(String value)
OPTIONAL: The path to the file containing certificate authority
certificates to use in verifying a presented server certificate.
|
DestinationRuleOuterClass.ClientTLSSettings.Builder |
setCaCertificatesBytes(com.google.protobuf.ByteString value)
OPTIONAL: The path to the file containing certificate authority
certificates to use in verifying a presented server certificate.
|
DestinationRuleOuterClass.ClientTLSSettings.Builder |
setClientCertificate(String value)
REQUIRED if mode is `MUTUAL`.
|
DestinationRuleOuterClass.ClientTLSSettings.Builder |
setClientCertificateBytes(com.google.protobuf.ByteString value)
REQUIRED if mode is `MUTUAL`.
|
DestinationRuleOuterClass.ClientTLSSettings.Builder |
setCredentialName(String value)
The name of the secret that holds the TLS certs for the
client including the CA certificates.
|
DestinationRuleOuterClass.ClientTLSSettings.Builder |
setCredentialNameBytes(com.google.protobuf.ByteString value)
The name of the secret that holds the TLS certs for the
client including the CA certificates.
|
DestinationRuleOuterClass.ClientTLSSettings.Builder |
setField(com.google.protobuf.Descriptors.FieldDescriptor field,
Object value) |
DestinationRuleOuterClass.ClientTLSSettings.Builder |
setMode(DestinationRuleOuterClass.ClientTLSSettings.TLSmode value)
Indicates whether connections to this port should be secured
using TLS.
|
DestinationRuleOuterClass.ClientTLSSettings.Builder |
setModeValue(int value)
Indicates whether connections to this port should be secured
using TLS.
|
DestinationRuleOuterClass.ClientTLSSettings.Builder |
setPrivateKey(String value)
REQUIRED if mode is `MUTUAL`.
|
DestinationRuleOuterClass.ClientTLSSettings.Builder |
setPrivateKeyBytes(com.google.protobuf.ByteString value)
REQUIRED if mode is `MUTUAL`.
|
DestinationRuleOuterClass.ClientTLSSettings.Builder |
setRepeatedField(com.google.protobuf.Descriptors.FieldDescriptor field,
int index,
Object value) |
DestinationRuleOuterClass.ClientTLSSettings.Builder |
setSni(String value)
SNI string to present to the server during TLS handshake.
|
DestinationRuleOuterClass.ClientTLSSettings.Builder |
setSniBytes(com.google.protobuf.ByteString value)
SNI string to present to the server during TLS handshake.
|
DestinationRuleOuterClass.ClientTLSSettings.Builder |
setSubjectAltNames(int index,
String value)
A list of alternate names to verify the subject identity in the
certificate.
|
DestinationRuleOuterClass.ClientTLSSettings.Builder |
setUnknownFields(com.google.protobuf.UnknownFieldSet unknownFields) |
getAllFields, getField, getFieldBuilder, getOneofFieldDescriptor, getParentForChildren, getRepeatedField, getRepeatedFieldBuilder, getRepeatedFieldCount, getUnknownFields, getUnknownFieldSetBuilder, hasField, hasOneof, internalGetMapField, internalGetMutableMapField, isClean, markClean, mergeUnknownLengthDelimitedField, mergeUnknownVarintField, newBuilderForField, onBuilt, onChanged, parseUnknownField, setUnknownFieldSetBuilder, setUnknownFieldsProto3findInitializationErrors, getInitializationErrorString, internalMergeFrom, mergeFrom, mergeFrom, mergeFrom, mergeFrom, mergeFrom, mergeFrom, mergeFrom, mergeFrom, mergeFrom, newUninitializedMessageException, toStringaddAll, addAll, mergeDelimitedFrom, mergeDelimitedFrom, mergeFrom, newUninitializedMessageExceptionpublic static final com.google.protobuf.Descriptors.Descriptor getDescriptor()
protected com.google.protobuf.GeneratedMessageV3.FieldAccessorTable internalGetFieldAccessorTable()
internalGetFieldAccessorTable 在类中 com.google.protobuf.GeneratedMessageV3.Builder<DestinationRuleOuterClass.ClientTLSSettings.Builder>public DestinationRuleOuterClass.ClientTLSSettings.Builder clear()
clear 在接口中 com.google.protobuf.Message.Builderclear 在接口中 com.google.protobuf.MessageLite.Builderclear 在类中 com.google.protobuf.GeneratedMessageV3.Builder<DestinationRuleOuterClass.ClientTLSSettings.Builder>public com.google.protobuf.Descriptors.Descriptor getDescriptorForType()
getDescriptorForType 在接口中 com.google.protobuf.Message.BuildergetDescriptorForType 在接口中 com.google.protobuf.MessageOrBuildergetDescriptorForType 在类中 com.google.protobuf.GeneratedMessageV3.Builder<DestinationRuleOuterClass.ClientTLSSettings.Builder>public DestinationRuleOuterClass.ClientTLSSettings getDefaultInstanceForType()
getDefaultInstanceForType 在接口中 com.google.protobuf.MessageLiteOrBuildergetDefaultInstanceForType 在接口中 com.google.protobuf.MessageOrBuilderpublic DestinationRuleOuterClass.ClientTLSSettings build()
build 在接口中 com.google.protobuf.Message.Builderbuild 在接口中 com.google.protobuf.MessageLite.Builderpublic DestinationRuleOuterClass.ClientTLSSettings buildPartial()
buildPartial 在接口中 com.google.protobuf.Message.BuilderbuildPartial 在接口中 com.google.protobuf.MessageLite.Builderpublic DestinationRuleOuterClass.ClientTLSSettings.Builder clone()
clone 在接口中 com.google.protobuf.Message.Builderclone 在接口中 com.google.protobuf.MessageLite.Builderclone 在类中 com.google.protobuf.GeneratedMessageV3.Builder<DestinationRuleOuterClass.ClientTLSSettings.Builder>public DestinationRuleOuterClass.ClientTLSSettings.Builder setField(com.google.protobuf.Descriptors.FieldDescriptor field, Object value)
setField 在接口中 com.google.protobuf.Message.BuildersetField 在类中 com.google.protobuf.GeneratedMessageV3.Builder<DestinationRuleOuterClass.ClientTLSSettings.Builder>public DestinationRuleOuterClass.ClientTLSSettings.Builder clearField(com.google.protobuf.Descriptors.FieldDescriptor field)
clearField 在接口中 com.google.protobuf.Message.BuilderclearField 在类中 com.google.protobuf.GeneratedMessageV3.Builder<DestinationRuleOuterClass.ClientTLSSettings.Builder>public DestinationRuleOuterClass.ClientTLSSettings.Builder clearOneof(com.google.protobuf.Descriptors.OneofDescriptor oneof)
clearOneof 在接口中 com.google.protobuf.Message.BuilderclearOneof 在类中 com.google.protobuf.GeneratedMessageV3.Builder<DestinationRuleOuterClass.ClientTLSSettings.Builder>public DestinationRuleOuterClass.ClientTLSSettings.Builder setRepeatedField(com.google.protobuf.Descriptors.FieldDescriptor field, int index, Object value)
setRepeatedField 在接口中 com.google.protobuf.Message.BuildersetRepeatedField 在类中 com.google.protobuf.GeneratedMessageV3.Builder<DestinationRuleOuterClass.ClientTLSSettings.Builder>public DestinationRuleOuterClass.ClientTLSSettings.Builder addRepeatedField(com.google.protobuf.Descriptors.FieldDescriptor field, Object value)
addRepeatedField 在接口中 com.google.protobuf.Message.BuilderaddRepeatedField 在类中 com.google.protobuf.GeneratedMessageV3.Builder<DestinationRuleOuterClass.ClientTLSSettings.Builder>public DestinationRuleOuterClass.ClientTLSSettings.Builder mergeFrom(com.google.protobuf.Message other)
mergeFrom 在接口中 com.google.protobuf.Message.BuildermergeFrom 在类中 com.google.protobuf.AbstractMessage.Builder<DestinationRuleOuterClass.ClientTLSSettings.Builder>public DestinationRuleOuterClass.ClientTLSSettings.Builder mergeFrom(DestinationRuleOuterClass.ClientTLSSettings other)
public final boolean isInitialized()
isInitialized 在接口中 com.google.protobuf.MessageLiteOrBuilderisInitialized 在类中 com.google.protobuf.GeneratedMessageV3.Builder<DestinationRuleOuterClass.ClientTLSSettings.Builder>public DestinationRuleOuterClass.ClientTLSSettings.Builder mergeFrom(com.google.protobuf.CodedInputStream input, com.google.protobuf.ExtensionRegistryLite extensionRegistry) throws IOException
mergeFrom 在接口中 com.google.protobuf.Message.BuildermergeFrom 在接口中 com.google.protobuf.MessageLite.BuildermergeFrom 在类中 com.google.protobuf.AbstractMessage.Builder<DestinationRuleOuterClass.ClientTLSSettings.Builder>IOExceptionpublic int getModeValue()
Indicates whether connections to this port should be secured using TLS. The value of this field determines how TLS is enforced.
.istio.networking.v1alpha3.ClientTLSSettings.TLSmode mode = 1 [(.google.api.field_behavior) = REQUIRED];getModeValue 在接口中 DestinationRuleOuterClass.ClientTLSSettingsOrBuilderpublic DestinationRuleOuterClass.ClientTLSSettings.Builder setModeValue(int value)
Indicates whether connections to this port should be secured using TLS. The value of this field determines how TLS is enforced.
.istio.networking.v1alpha3.ClientTLSSettings.TLSmode mode = 1 [(.google.api.field_behavior) = REQUIRED];value - The enum numeric value on the wire for mode to set.public DestinationRuleOuterClass.ClientTLSSettings.TLSmode getMode()
Indicates whether connections to this port should be secured using TLS. The value of this field determines how TLS is enforced.
.istio.networking.v1alpha3.ClientTLSSettings.TLSmode mode = 1 [(.google.api.field_behavior) = REQUIRED];getMode 在接口中 DestinationRuleOuterClass.ClientTLSSettingsOrBuilderpublic DestinationRuleOuterClass.ClientTLSSettings.Builder setMode(DestinationRuleOuterClass.ClientTLSSettings.TLSmode value)
Indicates whether connections to this port should be secured using TLS. The value of this field determines how TLS is enforced.
.istio.networking.v1alpha3.ClientTLSSettings.TLSmode mode = 1 [(.google.api.field_behavior) = REQUIRED];value - The mode to set.public DestinationRuleOuterClass.ClientTLSSettings.Builder clearMode()
Indicates whether connections to this port should be secured using TLS. The value of this field determines how TLS is enforced.
.istio.networking.v1alpha3.ClientTLSSettings.TLSmode mode = 1 [(.google.api.field_behavior) = REQUIRED];public String getClientCertificate()
REQUIRED if mode is `MUTUAL`. The path to the file holding the client-side TLS certificate to use. Should be empty if mode is `ISTIO_MUTUAL`.
string client_certificate = 2;getClientCertificate 在接口中 DestinationRuleOuterClass.ClientTLSSettingsOrBuilderpublic com.google.protobuf.ByteString getClientCertificateBytes()
REQUIRED if mode is `MUTUAL`. The path to the file holding the client-side TLS certificate to use. Should be empty if mode is `ISTIO_MUTUAL`.
string client_certificate = 2;getClientCertificateBytes 在接口中 DestinationRuleOuterClass.ClientTLSSettingsOrBuilderpublic DestinationRuleOuterClass.ClientTLSSettings.Builder setClientCertificate(String value)
REQUIRED if mode is `MUTUAL`. The path to the file holding the client-side TLS certificate to use. Should be empty if mode is `ISTIO_MUTUAL`.
string client_certificate = 2;value - The clientCertificate to set.public DestinationRuleOuterClass.ClientTLSSettings.Builder clearClientCertificate()
REQUIRED if mode is `MUTUAL`. The path to the file holding the client-side TLS certificate to use. Should be empty if mode is `ISTIO_MUTUAL`.
string client_certificate = 2;public DestinationRuleOuterClass.ClientTLSSettings.Builder setClientCertificateBytes(com.google.protobuf.ByteString value)
REQUIRED if mode is `MUTUAL`. The path to the file holding the client-side TLS certificate to use. Should be empty if mode is `ISTIO_MUTUAL`.
string client_certificate = 2;value - The bytes for clientCertificate to set.public String getPrivateKey()
REQUIRED if mode is `MUTUAL`. The path to the file holding the client's private key. Should be empty if mode is `ISTIO_MUTUAL`.
string private_key = 3;getPrivateKey 在接口中 DestinationRuleOuterClass.ClientTLSSettingsOrBuilderpublic com.google.protobuf.ByteString getPrivateKeyBytes()
REQUIRED if mode is `MUTUAL`. The path to the file holding the client's private key. Should be empty if mode is `ISTIO_MUTUAL`.
string private_key = 3;getPrivateKeyBytes 在接口中 DestinationRuleOuterClass.ClientTLSSettingsOrBuilderpublic DestinationRuleOuterClass.ClientTLSSettings.Builder setPrivateKey(String value)
REQUIRED if mode is `MUTUAL`. The path to the file holding the client's private key. Should be empty if mode is `ISTIO_MUTUAL`.
string private_key = 3;value - The privateKey to set.public DestinationRuleOuterClass.ClientTLSSettings.Builder clearPrivateKey()
REQUIRED if mode is `MUTUAL`. The path to the file holding the client's private key. Should be empty if mode is `ISTIO_MUTUAL`.
string private_key = 3;public DestinationRuleOuterClass.ClientTLSSettings.Builder setPrivateKeyBytes(com.google.protobuf.ByteString value)
REQUIRED if mode is `MUTUAL`. The path to the file holding the client's private key. Should be empty if mode is `ISTIO_MUTUAL`.
string private_key = 3;value - The bytes for privateKey to set.public String getCaCertificates()
OPTIONAL: The path to the file containing certificate authority certificates to use in verifying a presented server certificate. If omitted, the proxy will not verify the server's certificate. Should be empty if mode is `ISTIO_MUTUAL`.
string ca_certificates = 4;getCaCertificates 在接口中 DestinationRuleOuterClass.ClientTLSSettingsOrBuilderpublic com.google.protobuf.ByteString getCaCertificatesBytes()
OPTIONAL: The path to the file containing certificate authority certificates to use in verifying a presented server certificate. If omitted, the proxy will not verify the server's certificate. Should be empty if mode is `ISTIO_MUTUAL`.
string ca_certificates = 4;getCaCertificatesBytes 在接口中 DestinationRuleOuterClass.ClientTLSSettingsOrBuilderpublic DestinationRuleOuterClass.ClientTLSSettings.Builder setCaCertificates(String value)
OPTIONAL: The path to the file containing certificate authority certificates to use in verifying a presented server certificate. If omitted, the proxy will not verify the server's certificate. Should be empty if mode is `ISTIO_MUTUAL`.
string ca_certificates = 4;value - The caCertificates to set.public DestinationRuleOuterClass.ClientTLSSettings.Builder clearCaCertificates()
OPTIONAL: The path to the file containing certificate authority certificates to use in verifying a presented server certificate. If omitted, the proxy will not verify the server's certificate. Should be empty if mode is `ISTIO_MUTUAL`.
string ca_certificates = 4;public DestinationRuleOuterClass.ClientTLSSettings.Builder setCaCertificatesBytes(com.google.protobuf.ByteString value)
OPTIONAL: The path to the file containing certificate authority certificates to use in verifying a presented server certificate. If omitted, the proxy will not verify the server's certificate. Should be empty if mode is `ISTIO_MUTUAL`.
string ca_certificates = 4;value - The bytes for caCertificates to set.public String getCredentialName()
The name of the secret that holds the TLS certs for the client including the CA certificates. Secret must exist in the same namespace with the proxy using the certificates. The secret (of type `generic`)should contain the following keys and values: `key: <privateKey>`, `cert: <serverCert>`, `cacert: <CACertificate>`. Secret of type tls for client certificates along with ca.crt key for CA certificates is also supported. Only one of client certificates and CA certificate or credentialName can be specified. **NOTE:** This field is currently applicable only at gateways. Sidecars will continue to use the certificate paths.
string credential_name = 7;getCredentialName 在接口中 DestinationRuleOuterClass.ClientTLSSettingsOrBuilderpublic com.google.protobuf.ByteString getCredentialNameBytes()
The name of the secret that holds the TLS certs for the client including the CA certificates. Secret must exist in the same namespace with the proxy using the certificates. The secret (of type `generic`)should contain the following keys and values: `key: <privateKey>`, `cert: <serverCert>`, `cacert: <CACertificate>`. Secret of type tls for client certificates along with ca.crt key for CA certificates is also supported. Only one of client certificates and CA certificate or credentialName can be specified. **NOTE:** This field is currently applicable only at gateways. Sidecars will continue to use the certificate paths.
string credential_name = 7;getCredentialNameBytes 在接口中 DestinationRuleOuterClass.ClientTLSSettingsOrBuilderpublic DestinationRuleOuterClass.ClientTLSSettings.Builder setCredentialName(String value)
The name of the secret that holds the TLS certs for the client including the CA certificates. Secret must exist in the same namespace with the proxy using the certificates. The secret (of type `generic`)should contain the following keys and values: `key: <privateKey>`, `cert: <serverCert>`, `cacert: <CACertificate>`. Secret of type tls for client certificates along with ca.crt key for CA certificates is also supported. Only one of client certificates and CA certificate or credentialName can be specified. **NOTE:** This field is currently applicable only at gateways. Sidecars will continue to use the certificate paths.
string credential_name = 7;value - The credentialName to set.public DestinationRuleOuterClass.ClientTLSSettings.Builder clearCredentialName()
The name of the secret that holds the TLS certs for the client including the CA certificates. Secret must exist in the same namespace with the proxy using the certificates. The secret (of type `generic`)should contain the following keys and values: `key: <privateKey>`, `cert: <serverCert>`, `cacert: <CACertificate>`. Secret of type tls for client certificates along with ca.crt key for CA certificates is also supported. Only one of client certificates and CA certificate or credentialName can be specified. **NOTE:** This field is currently applicable only at gateways. Sidecars will continue to use the certificate paths.
string credential_name = 7;public DestinationRuleOuterClass.ClientTLSSettings.Builder setCredentialNameBytes(com.google.protobuf.ByteString value)
The name of the secret that holds the TLS certs for the client including the CA certificates. Secret must exist in the same namespace with the proxy using the certificates. The secret (of type `generic`)should contain the following keys and values: `key: <privateKey>`, `cert: <serverCert>`, `cacert: <CACertificate>`. Secret of type tls for client certificates along with ca.crt key for CA certificates is also supported. Only one of client certificates and CA certificate or credentialName can be specified. **NOTE:** This field is currently applicable only at gateways. Sidecars will continue to use the certificate paths.
string credential_name = 7;value - The bytes for credentialName to set.public com.google.protobuf.ProtocolStringList getSubjectAltNamesList()
A list of alternate names to verify the subject identity in the certificate. If specified, the proxy will verify that the server certificate's subject alt name matches one of the specified values. If specified, this list overrides the value of subject_alt_names from the ServiceEntry.
repeated string subject_alt_names = 5;getSubjectAltNamesList 在接口中 DestinationRuleOuterClass.ClientTLSSettingsOrBuilderpublic int getSubjectAltNamesCount()
A list of alternate names to verify the subject identity in the certificate. If specified, the proxy will verify that the server certificate's subject alt name matches one of the specified values. If specified, this list overrides the value of subject_alt_names from the ServiceEntry.
repeated string subject_alt_names = 5;getSubjectAltNamesCount 在接口中 DestinationRuleOuterClass.ClientTLSSettingsOrBuilderpublic String getSubjectAltNames(int index)
A list of alternate names to verify the subject identity in the certificate. If specified, the proxy will verify that the server certificate's subject alt name matches one of the specified values. If specified, this list overrides the value of subject_alt_names from the ServiceEntry.
repeated string subject_alt_names = 5;getSubjectAltNames 在接口中 DestinationRuleOuterClass.ClientTLSSettingsOrBuilderindex - The index of the element to return.public com.google.protobuf.ByteString getSubjectAltNamesBytes(int index)
A list of alternate names to verify the subject identity in the certificate. If specified, the proxy will verify that the server certificate's subject alt name matches one of the specified values. If specified, this list overrides the value of subject_alt_names from the ServiceEntry.
repeated string subject_alt_names = 5;getSubjectAltNamesBytes 在接口中 DestinationRuleOuterClass.ClientTLSSettingsOrBuilderindex - The index of the value to return.public DestinationRuleOuterClass.ClientTLSSettings.Builder setSubjectAltNames(int index, String value)
A list of alternate names to verify the subject identity in the certificate. If specified, the proxy will verify that the server certificate's subject alt name matches one of the specified values. If specified, this list overrides the value of subject_alt_names from the ServiceEntry.
repeated string subject_alt_names = 5;index - The index to set the value at.value - The subjectAltNames to set.public DestinationRuleOuterClass.ClientTLSSettings.Builder addSubjectAltNames(String value)
A list of alternate names to verify the subject identity in the certificate. If specified, the proxy will verify that the server certificate's subject alt name matches one of the specified values. If specified, this list overrides the value of subject_alt_names from the ServiceEntry.
repeated string subject_alt_names = 5;value - The subjectAltNames to add.public DestinationRuleOuterClass.ClientTLSSettings.Builder addAllSubjectAltNames(Iterable<String> values)
A list of alternate names to verify the subject identity in the certificate. If specified, the proxy will verify that the server certificate's subject alt name matches one of the specified values. If specified, this list overrides the value of subject_alt_names from the ServiceEntry.
repeated string subject_alt_names = 5;values - The subjectAltNames to add.public DestinationRuleOuterClass.ClientTLSSettings.Builder clearSubjectAltNames()
A list of alternate names to verify the subject identity in the certificate. If specified, the proxy will verify that the server certificate's subject alt name matches one of the specified values. If specified, this list overrides the value of subject_alt_names from the ServiceEntry.
repeated string subject_alt_names = 5;public DestinationRuleOuterClass.ClientTLSSettings.Builder addSubjectAltNamesBytes(com.google.protobuf.ByteString value)
A list of alternate names to verify the subject identity in the certificate. If specified, the proxy will verify that the server certificate's subject alt name matches one of the specified values. If specified, this list overrides the value of subject_alt_names from the ServiceEntry.
repeated string subject_alt_names = 5;value - The bytes of the subjectAltNames to add.public String getSni()
SNI string to present to the server during TLS handshake.
string sni = 6;getSni 在接口中 DestinationRuleOuterClass.ClientTLSSettingsOrBuilderpublic com.google.protobuf.ByteString getSniBytes()
SNI string to present to the server during TLS handshake.
string sni = 6;getSniBytes 在接口中 DestinationRuleOuterClass.ClientTLSSettingsOrBuilderpublic DestinationRuleOuterClass.ClientTLSSettings.Builder setSni(String value)
SNI string to present to the server during TLS handshake.
string sni = 6;value - The sni to set.public DestinationRuleOuterClass.ClientTLSSettings.Builder clearSni()
SNI string to present to the server during TLS handshake.
string sni = 6;public DestinationRuleOuterClass.ClientTLSSettings.Builder setSniBytes(com.google.protobuf.ByteString value)
SNI string to present to the server during TLS handshake.
string sni = 6;value - The bytes for sni to set.public final DestinationRuleOuterClass.ClientTLSSettings.Builder setUnknownFields(com.google.protobuf.UnknownFieldSet unknownFields)
setUnknownFields 在接口中 com.google.protobuf.Message.BuildersetUnknownFields 在类中 com.google.protobuf.GeneratedMessageV3.Builder<DestinationRuleOuterClass.ClientTLSSettings.Builder>public final DestinationRuleOuterClass.ClientTLSSettings.Builder mergeUnknownFields(com.google.protobuf.UnknownFieldSet unknownFields)
mergeUnknownFields 在接口中 com.google.protobuf.Message.BuildermergeUnknownFields 在类中 com.google.protobuf.GeneratedMessageV3.Builder<DestinationRuleOuterClass.ClientTLSSettings.Builder>Copyright © 2018–2023 Alibaba Group. All rights reserved.