public static final class DestinationRuleOuterClass.ClientTLSSettings extends com.google.protobuf.GeneratedMessageV3 implements DestinationRuleOuterClass.ClientTLSSettingsOrBuilder
SSL/TLS related settings for upstream connections. See Envoy's [TLS
context](https://www.envoyproxy.io/docs/envoy/latest/api-v2/api/v2/auth/cert.proto.html)
for more details. These settings are common to both HTTP and TCP upstreams.
For example, the following rule configures a client to use mutual TLS
for connections to upstream database cluster.
{{<tabset category-name="example">}}
{{<tab name="v1alpha3" category-value="v1alpha3">}}
```yaml
apiVersion: networking.istio.io/v1alpha3
kind: DestinationRule
metadata:
name: db-mtls
spec:
host: mydbserver.prod.svc.cluster.local
trafficPolicy:
tls:
mode: MUTUAL
clientCertificate: /etc/certs/myclientcert.pem
privateKey: /etc/certs/client_private_key.pem
caCertificates: /etc/certs/rootcacerts.pem
```
{{</tab>}}
{{<tab name="v1beta1" category-value="v1beta1">}}
```yaml
apiVersion: networking.istio.io/v1beta1
kind: DestinationRule
metadata:
name: db-mtls
spec:
host: mydbserver.prod.svc.cluster.local
trafficPolicy:
tls:
mode: MUTUAL
clientCertificate: /etc/certs/myclientcert.pem
privateKey: /etc/certs/client_private_key.pem
caCertificates: /etc/certs/rootcacerts.pem
```
{{</tab>}}
{{</tabset>}}
The following rule configures a client to use TLS when talking to a
foreign service whose domain matches *.foo.com.
{{<tabset category-name="example">}}
{{<tab name="v1alpha3" category-value="v1alpha3">}}
```yaml
apiVersion: networking.istio.io/v1alpha3
kind: DestinationRule
metadata:
name: tls-foo
spec:
host: "*.foo.com"
trafficPolicy:
tls:
mode: SIMPLE
```
{{</tab>}}
{{<tab name="v1beta1" category-value="v1beta1">}}
```yaml
apiVersion: networking.istio.io/v1beta1
kind: DestinationRule
metadata:
name: tls-foo
spec:
host: "*.foo.com"
trafficPolicy:
tls:
mode: SIMPLE
```
{{</tab>}}
{{</tabset>}}
The following rule configures a client to use Istio mutual TLS when talking
to rating services.
{{<tabset category-name="example">}}
{{<tab name="v1alpha3" category-value="v1alpha3">}}
```yaml
apiVersion: networking.istio.io/v1alpha3
kind: DestinationRule
metadata:
name: ratings-istio-mtls
spec:
host: ratings.prod.svc.cluster.local
trafficPolicy:
tls:
mode: ISTIO_MUTUAL
```
{{</tab>}}
{{<tab name="v1beta1" category-value="v1beta1">}}
```yaml
apiVersion: networking.istio.io/v1beta1
kind: DestinationRule
metadata:
name: ratings-istio-mtls
spec:
host: ratings.prod.svc.cluster.local
trafficPolicy:
tls:
mode: ISTIO_MUTUAL
```
{{</tab>}}
{{</tabset>}}
Protobuf type istio.networking.v1alpha3.ClientTLSSettings| 限定符和类型 | 类和说明 |
|---|---|
static class |
DestinationRuleOuterClass.ClientTLSSettings.Builder
SSL/TLS related settings for upstream connections.
|
static class |
DestinationRuleOuterClass.ClientTLSSettings.TLSmode
TLS connection mode
Protobuf enum
istio.networking.v1alpha3.ClientTLSSettings.TLSmode |
com.google.protobuf.GeneratedMessageV3.BuilderParent, com.google.protobuf.GeneratedMessageV3.ExtendableBuilder<MessageType extends com.google.protobuf.GeneratedMessageV3.ExtendableMessage,BuilderType extends com.google.protobuf.GeneratedMessageV3.ExtendableBuilder<MessageType,BuilderType>>, com.google.protobuf.GeneratedMessageV3.ExtendableMessage<MessageType extends com.google.protobuf.GeneratedMessageV3.ExtendableMessage>, com.google.protobuf.GeneratedMessageV3.ExtendableMessageOrBuilder<MessageType extends com.google.protobuf.GeneratedMessageV3.ExtendableMessage>, com.google.protobuf.GeneratedMessageV3.FieldAccessorTable, com.google.protobuf.GeneratedMessageV3.UnusedPrivateParameter| 限定符和类型 | 字段和说明 |
|---|---|
static int |
CA_CERTIFICATES_FIELD_NUMBER |
static int |
CLIENT_CERTIFICATE_FIELD_NUMBER |
static int |
CREDENTIAL_NAME_FIELD_NUMBER |
static int |
MODE_FIELD_NUMBER |
static int |
PRIVATE_KEY_FIELD_NUMBER |
static int |
SNI_FIELD_NUMBER |
static int |
SUBJECT_ALT_NAMES_FIELD_NUMBER |
| 限定符和类型 | 方法和说明 |
|---|---|
boolean |
equals(Object obj) |
String |
getCaCertificates()
OPTIONAL: The path to the file containing certificate authority
certificates to use in verifying a presented server certificate.
|
com.google.protobuf.ByteString |
getCaCertificatesBytes()
OPTIONAL: The path to the file containing certificate authority
certificates to use in verifying a presented server certificate.
|
String |
getClientCertificate()
REQUIRED if mode is `MUTUAL`.
|
com.google.protobuf.ByteString |
getClientCertificateBytes()
REQUIRED if mode is `MUTUAL`.
|
String |
getCredentialName()
The name of the secret that holds the TLS certs for the
client including the CA certificates.
|
com.google.protobuf.ByteString |
getCredentialNameBytes()
The name of the secret that holds the TLS certs for the
client including the CA certificates.
|
static DestinationRuleOuterClass.ClientTLSSettings |
getDefaultInstance() |
DestinationRuleOuterClass.ClientTLSSettings |
getDefaultInstanceForType() |
static com.google.protobuf.Descriptors.Descriptor |
getDescriptor() |
DestinationRuleOuterClass.ClientTLSSettings.TLSmode |
getMode()
Indicates whether connections to this port should be secured
using TLS.
|
int |
getModeValue()
Indicates whether connections to this port should be secured
using TLS.
|
com.google.protobuf.Parser<DestinationRuleOuterClass.ClientTLSSettings> |
getParserForType() |
String |
getPrivateKey()
REQUIRED if mode is `MUTUAL`.
|
com.google.protobuf.ByteString |
getPrivateKeyBytes()
REQUIRED if mode is `MUTUAL`.
|
int |
getSerializedSize() |
String |
getSni()
SNI string to present to the server during TLS handshake.
|
com.google.protobuf.ByteString |
getSniBytes()
SNI string to present to the server during TLS handshake.
|
String |
getSubjectAltNames(int index)
A list of alternate names to verify the subject identity in the
certificate.
|
com.google.protobuf.ByteString |
getSubjectAltNamesBytes(int index)
A list of alternate names to verify the subject identity in the
certificate.
|
int |
getSubjectAltNamesCount()
A list of alternate names to verify the subject identity in the
certificate.
|
com.google.protobuf.ProtocolStringList |
getSubjectAltNamesList()
A list of alternate names to verify the subject identity in the
certificate.
|
com.google.protobuf.UnknownFieldSet |
getUnknownFields() |
int |
hashCode() |
protected com.google.protobuf.GeneratedMessageV3.FieldAccessorTable |
internalGetFieldAccessorTable() |
boolean |
isInitialized() |
static DestinationRuleOuterClass.ClientTLSSettings.Builder |
newBuilder() |
static DestinationRuleOuterClass.ClientTLSSettings.Builder |
newBuilder(DestinationRuleOuterClass.ClientTLSSettings prototype) |
DestinationRuleOuterClass.ClientTLSSettings.Builder |
newBuilderForType() |
protected DestinationRuleOuterClass.ClientTLSSettings.Builder |
newBuilderForType(com.google.protobuf.GeneratedMessageV3.BuilderParent parent) |
protected Object |
newInstance(com.google.protobuf.GeneratedMessageV3.UnusedPrivateParameter unused) |
static DestinationRuleOuterClass.ClientTLSSettings |
parseDelimitedFrom(InputStream input) |
static DestinationRuleOuterClass.ClientTLSSettings |
parseDelimitedFrom(InputStream input,
com.google.protobuf.ExtensionRegistryLite extensionRegistry) |
static DestinationRuleOuterClass.ClientTLSSettings |
parseFrom(byte[] data) |
static DestinationRuleOuterClass.ClientTLSSettings |
parseFrom(byte[] data,
com.google.protobuf.ExtensionRegistryLite extensionRegistry) |
static DestinationRuleOuterClass.ClientTLSSettings |
parseFrom(ByteBuffer data) |
static DestinationRuleOuterClass.ClientTLSSettings |
parseFrom(ByteBuffer data,
com.google.protobuf.ExtensionRegistryLite extensionRegistry) |
static DestinationRuleOuterClass.ClientTLSSettings |
parseFrom(com.google.protobuf.ByteString data) |
static DestinationRuleOuterClass.ClientTLSSettings |
parseFrom(com.google.protobuf.ByteString data,
com.google.protobuf.ExtensionRegistryLite extensionRegistry) |
static DestinationRuleOuterClass.ClientTLSSettings |
parseFrom(com.google.protobuf.CodedInputStream input) |
static DestinationRuleOuterClass.ClientTLSSettings |
parseFrom(com.google.protobuf.CodedInputStream input,
com.google.protobuf.ExtensionRegistryLite extensionRegistry) |
static DestinationRuleOuterClass.ClientTLSSettings |
parseFrom(InputStream input) |
static DestinationRuleOuterClass.ClientTLSSettings |
parseFrom(InputStream input,
com.google.protobuf.ExtensionRegistryLite extensionRegistry) |
static com.google.protobuf.Parser<DestinationRuleOuterClass.ClientTLSSettings> |
parser() |
DestinationRuleOuterClass.ClientTLSSettings.Builder |
toBuilder() |
void |
writeTo(com.google.protobuf.CodedOutputStream output) |
canUseUnsafe, computeStringSize, computeStringSizeNoTag, emptyBooleanList, emptyDoubleList, emptyFloatList, emptyIntList, emptyLongList, getAllFields, getDescriptorForType, getField, getOneofFieldDescriptor, getRepeatedField, getRepeatedFieldCount, hasField, hasOneof, internalGetMapField, isStringEmpty, makeExtensionsImmutable, mergeFromAndMakeImmutableInternal, mutableCopy, mutableCopy, mutableCopy, mutableCopy, mutableCopy, newBooleanList, newBuilderForType, newDoubleList, newFloatList, newIntList, newLongList, parseDelimitedWithIOException, parseDelimitedWithIOException, parseUnknownField, parseUnknownFieldProto3, parseWithIOException, parseWithIOException, parseWithIOException, parseWithIOException, serializeBooleanMapTo, serializeIntegerMapTo, serializeLongMapTo, serializeStringMapTo, writeReplace, writeString, writeStringNoTagfindInitializationErrors, getInitializationErrorString, hashBoolean, hashEnum, hashEnumList, hashFields, hashLong, toStringaddAll, addAll, checkByteStringIsUtf8, toByteArray, toByteString, writeDelimitedTo, writeTopublic static final int MODE_FIELD_NUMBER
public static final int CLIENT_CERTIFICATE_FIELD_NUMBER
public static final int PRIVATE_KEY_FIELD_NUMBER
public static final int CA_CERTIFICATES_FIELD_NUMBER
public static final int CREDENTIAL_NAME_FIELD_NUMBER
public static final int SUBJECT_ALT_NAMES_FIELD_NUMBER
public static final int SNI_FIELD_NUMBER
protected Object newInstance(com.google.protobuf.GeneratedMessageV3.UnusedPrivateParameter unused)
newInstance 在类中 com.google.protobuf.GeneratedMessageV3public final com.google.protobuf.UnknownFieldSet getUnknownFields()
getUnknownFields 在接口中 com.google.protobuf.MessageOrBuildergetUnknownFields 在类中 com.google.protobuf.GeneratedMessageV3public static final com.google.protobuf.Descriptors.Descriptor getDescriptor()
protected com.google.protobuf.GeneratedMessageV3.FieldAccessorTable internalGetFieldAccessorTable()
internalGetFieldAccessorTable 在类中 com.google.protobuf.GeneratedMessageV3public int getModeValue()
Indicates whether connections to this port should be secured using TLS. The value of this field determines how TLS is enforced.
.istio.networking.v1alpha3.ClientTLSSettings.TLSmode mode = 1 [(.google.api.field_behavior) = REQUIRED];getModeValue 在接口中 DestinationRuleOuterClass.ClientTLSSettingsOrBuilderpublic DestinationRuleOuterClass.ClientTLSSettings.TLSmode getMode()
Indicates whether connections to this port should be secured using TLS. The value of this field determines how TLS is enforced.
.istio.networking.v1alpha3.ClientTLSSettings.TLSmode mode = 1 [(.google.api.field_behavior) = REQUIRED];getMode 在接口中 DestinationRuleOuterClass.ClientTLSSettingsOrBuilderpublic String getClientCertificate()
REQUIRED if mode is `MUTUAL`. The path to the file holding the client-side TLS certificate to use. Should be empty if mode is `ISTIO_MUTUAL`.
string client_certificate = 2;getClientCertificate 在接口中 DestinationRuleOuterClass.ClientTLSSettingsOrBuilderpublic com.google.protobuf.ByteString getClientCertificateBytes()
REQUIRED if mode is `MUTUAL`. The path to the file holding the client-side TLS certificate to use. Should be empty if mode is `ISTIO_MUTUAL`.
string client_certificate = 2;getClientCertificateBytes 在接口中 DestinationRuleOuterClass.ClientTLSSettingsOrBuilderpublic String getPrivateKey()
REQUIRED if mode is `MUTUAL`. The path to the file holding the client's private key. Should be empty if mode is `ISTIO_MUTUAL`.
string private_key = 3;getPrivateKey 在接口中 DestinationRuleOuterClass.ClientTLSSettingsOrBuilderpublic com.google.protobuf.ByteString getPrivateKeyBytes()
REQUIRED if mode is `MUTUAL`. The path to the file holding the client's private key. Should be empty if mode is `ISTIO_MUTUAL`.
string private_key = 3;getPrivateKeyBytes 在接口中 DestinationRuleOuterClass.ClientTLSSettingsOrBuilderpublic String getCaCertificates()
OPTIONAL: The path to the file containing certificate authority certificates to use in verifying a presented server certificate. If omitted, the proxy will not verify the server's certificate. Should be empty if mode is `ISTIO_MUTUAL`.
string ca_certificates = 4;getCaCertificates 在接口中 DestinationRuleOuterClass.ClientTLSSettingsOrBuilderpublic com.google.protobuf.ByteString getCaCertificatesBytes()
OPTIONAL: The path to the file containing certificate authority certificates to use in verifying a presented server certificate. If omitted, the proxy will not verify the server's certificate. Should be empty if mode is `ISTIO_MUTUAL`.
string ca_certificates = 4;getCaCertificatesBytes 在接口中 DestinationRuleOuterClass.ClientTLSSettingsOrBuilderpublic String getCredentialName()
The name of the secret that holds the TLS certs for the client including the CA certificates. Secret must exist in the same namespace with the proxy using the certificates. The secret (of type `generic`)should contain the following keys and values: `key: <privateKey>`, `cert: <serverCert>`, `cacert: <CACertificate>`. Secret of type tls for client certificates along with ca.crt key for CA certificates is also supported. Only one of client certificates and CA certificate or credentialName can be specified. **NOTE:** This field is currently applicable only at gateways. Sidecars will continue to use the certificate paths.
string credential_name = 7;getCredentialName 在接口中 DestinationRuleOuterClass.ClientTLSSettingsOrBuilderpublic com.google.protobuf.ByteString getCredentialNameBytes()
The name of the secret that holds the TLS certs for the client including the CA certificates. Secret must exist in the same namespace with the proxy using the certificates. The secret (of type `generic`)should contain the following keys and values: `key: <privateKey>`, `cert: <serverCert>`, `cacert: <CACertificate>`. Secret of type tls for client certificates along with ca.crt key for CA certificates is also supported. Only one of client certificates and CA certificate or credentialName can be specified. **NOTE:** This field is currently applicable only at gateways. Sidecars will continue to use the certificate paths.
string credential_name = 7;getCredentialNameBytes 在接口中 DestinationRuleOuterClass.ClientTLSSettingsOrBuilderpublic com.google.protobuf.ProtocolStringList getSubjectAltNamesList()
A list of alternate names to verify the subject identity in the certificate. If specified, the proxy will verify that the server certificate's subject alt name matches one of the specified values. If specified, this list overrides the value of subject_alt_names from the ServiceEntry.
repeated string subject_alt_names = 5;getSubjectAltNamesList 在接口中 DestinationRuleOuterClass.ClientTLSSettingsOrBuilderpublic int getSubjectAltNamesCount()
A list of alternate names to verify the subject identity in the certificate. If specified, the proxy will verify that the server certificate's subject alt name matches one of the specified values. If specified, this list overrides the value of subject_alt_names from the ServiceEntry.
repeated string subject_alt_names = 5;getSubjectAltNamesCount 在接口中 DestinationRuleOuterClass.ClientTLSSettingsOrBuilderpublic String getSubjectAltNames(int index)
A list of alternate names to verify the subject identity in the certificate. If specified, the proxy will verify that the server certificate's subject alt name matches one of the specified values. If specified, this list overrides the value of subject_alt_names from the ServiceEntry.
repeated string subject_alt_names = 5;getSubjectAltNames 在接口中 DestinationRuleOuterClass.ClientTLSSettingsOrBuilderindex - The index of the element to return.public com.google.protobuf.ByteString getSubjectAltNamesBytes(int index)
A list of alternate names to verify the subject identity in the certificate. If specified, the proxy will verify that the server certificate's subject alt name matches one of the specified values. If specified, this list overrides the value of subject_alt_names from the ServiceEntry.
repeated string subject_alt_names = 5;getSubjectAltNamesBytes 在接口中 DestinationRuleOuterClass.ClientTLSSettingsOrBuilderindex - The index of the value to return.public String getSni()
SNI string to present to the server during TLS handshake.
string sni = 6;getSni 在接口中 DestinationRuleOuterClass.ClientTLSSettingsOrBuilderpublic com.google.protobuf.ByteString getSniBytes()
SNI string to present to the server during TLS handshake.
string sni = 6;getSniBytes 在接口中 DestinationRuleOuterClass.ClientTLSSettingsOrBuilderpublic final boolean isInitialized()
isInitialized 在接口中 com.google.protobuf.MessageLiteOrBuilderisInitialized 在类中 com.google.protobuf.GeneratedMessageV3public void writeTo(com.google.protobuf.CodedOutputStream output)
throws IOException
writeTo 在接口中 com.google.protobuf.MessageLitewriteTo 在类中 com.google.protobuf.GeneratedMessageV3IOExceptionpublic int getSerializedSize()
getSerializedSize 在接口中 com.google.protobuf.MessageLitegetSerializedSize 在类中 com.google.protobuf.GeneratedMessageV3public boolean equals(Object obj)
equals 在接口中 com.google.protobuf.Messageequals 在类中 com.google.protobuf.AbstractMessagepublic int hashCode()
hashCode 在接口中 com.google.protobuf.MessagehashCode 在类中 com.google.protobuf.AbstractMessagepublic static DestinationRuleOuterClass.ClientTLSSettings parseFrom(ByteBuffer data) throws com.google.protobuf.InvalidProtocolBufferException
com.google.protobuf.InvalidProtocolBufferExceptionpublic static DestinationRuleOuterClass.ClientTLSSettings parseFrom(ByteBuffer data, com.google.protobuf.ExtensionRegistryLite extensionRegistry) throws com.google.protobuf.InvalidProtocolBufferException
com.google.protobuf.InvalidProtocolBufferExceptionpublic static DestinationRuleOuterClass.ClientTLSSettings parseFrom(com.google.protobuf.ByteString data) throws com.google.protobuf.InvalidProtocolBufferException
com.google.protobuf.InvalidProtocolBufferExceptionpublic static DestinationRuleOuterClass.ClientTLSSettings parseFrom(com.google.protobuf.ByteString data, com.google.protobuf.ExtensionRegistryLite extensionRegistry) throws com.google.protobuf.InvalidProtocolBufferException
com.google.protobuf.InvalidProtocolBufferExceptionpublic static DestinationRuleOuterClass.ClientTLSSettings parseFrom(byte[] data) throws com.google.protobuf.InvalidProtocolBufferException
com.google.protobuf.InvalidProtocolBufferExceptionpublic static DestinationRuleOuterClass.ClientTLSSettings parseFrom(byte[] data, com.google.protobuf.ExtensionRegistryLite extensionRegistry) throws com.google.protobuf.InvalidProtocolBufferException
com.google.protobuf.InvalidProtocolBufferExceptionpublic static DestinationRuleOuterClass.ClientTLSSettings parseFrom(InputStream input) throws IOException
IOExceptionpublic static DestinationRuleOuterClass.ClientTLSSettings parseFrom(InputStream input, com.google.protobuf.ExtensionRegistryLite extensionRegistry) throws IOException
IOExceptionpublic static DestinationRuleOuterClass.ClientTLSSettings parseDelimitedFrom(InputStream input) throws IOException
IOExceptionpublic static DestinationRuleOuterClass.ClientTLSSettings parseDelimitedFrom(InputStream input, com.google.protobuf.ExtensionRegistryLite extensionRegistry) throws IOException
IOExceptionpublic static DestinationRuleOuterClass.ClientTLSSettings parseFrom(com.google.protobuf.CodedInputStream input) throws IOException
IOExceptionpublic static DestinationRuleOuterClass.ClientTLSSettings parseFrom(com.google.protobuf.CodedInputStream input, com.google.protobuf.ExtensionRegistryLite extensionRegistry) throws IOException
IOExceptionpublic DestinationRuleOuterClass.ClientTLSSettings.Builder newBuilderForType()
newBuilderForType 在接口中 com.google.protobuf.MessagenewBuilderForType 在接口中 com.google.protobuf.MessageLitepublic static DestinationRuleOuterClass.ClientTLSSettings.Builder newBuilder()
public static DestinationRuleOuterClass.ClientTLSSettings.Builder newBuilder(DestinationRuleOuterClass.ClientTLSSettings prototype)
public DestinationRuleOuterClass.ClientTLSSettings.Builder toBuilder()
toBuilder 在接口中 com.google.protobuf.MessagetoBuilder 在接口中 com.google.protobuf.MessageLiteprotected DestinationRuleOuterClass.ClientTLSSettings.Builder newBuilderForType(com.google.protobuf.GeneratedMessageV3.BuilderParent parent)
newBuilderForType 在类中 com.google.protobuf.GeneratedMessageV3public static DestinationRuleOuterClass.ClientTLSSettings getDefaultInstance()
public static com.google.protobuf.Parser<DestinationRuleOuterClass.ClientTLSSettings> parser()
public com.google.protobuf.Parser<DestinationRuleOuterClass.ClientTLSSettings> getParserForType()
getParserForType 在接口中 com.google.protobuf.MessagegetParserForType 在接口中 com.google.protobuf.MessageLitegetParserForType 在类中 com.google.protobuf.GeneratedMessageV3public DestinationRuleOuterClass.ClientTLSSettings getDefaultInstanceForType()
getDefaultInstanceForType 在接口中 com.google.protobuf.MessageLiteOrBuildergetDefaultInstanceForType 在接口中 com.google.protobuf.MessageOrBuilderCopyright © 2018–2023 Alibaba Group. All rights reserved.