Istio从入门到精通—— 流量治理的原理 —— VirutalService —— TLSMatchAttributes

流量治理的原理 —— VirutalService —— TLSMatchAttributes

https://istio.io/latest/docs/reference/config/networking/virtual-service/#TLSMatchAttributes

TLS connection match attributes.

Field	Type	Description	Required
sniHosts	string[]	SNI (server name indicator) to match on. Wildcard prefixes can be used in the SNI value, e.g., *.com will match foo.example.com as well as example.com. An SNI value must be a subset (i.e., fall within the domain) of the corresponding virtual service’s hosts. SNI (服务器名称指示符) 要匹配。SNI 值可以使用通配符前缀，例如，*.com 将匹配 foo.example.com 以及 example.com。SNI 值必须是相应虚拟服务的主机的子集（即，属于该 domain）。	Yes
destinationSubnets	string[]	IPv4 or IPv6 ip addresses of destination with optional subnet. E.g., a.b.c.d/xx form or just a.b.c.d. IPv4 或 IPv6 目的地的 IP 地址及其可选子网。例如，a.b.c.d/xx 形式或只是 a.b.c.d。	No
port	uint32	Specifies the port on the host that is being addressed. Many services only expose a single port or label ports with the protocols they support, in these cases it is not required to explicitly select the port. 指定正在被访问的主机上的端口。许多服务只暴露一个端口，或者用它们所支持的协议来标记端口，在这些情况下，不需要显式地选择端口。	No
sourceLabels	map<string, string>	One or more labels that constrain the applicability of a rule to workloads with the given labels. If the VirtualService has a list of gateways specified in the top-level gateways field, it should include the reserved gateway mesh in order for this field to be applicable. 一个或多个标签，用于限制规则对具有给定标签的工作负载的适用性。如果 VirtualService 在顶级 gateways 字段中指定了网关列表，则应包含保留的网关 mesh，以便此字段适用。	No
gateways	string[]	Names of gateways where the rule should be applied. Gateway names in the top-level gateways field of the VirtualService (if any) are overridden. The gateway match is independent of sourceLabels. 需要指定哪些网关应该应用这个规则。将覆盖 VirtualService (如果有的话)的顶级网关字段中的网关名称。网关匹配独立于 source 标签。	No
sourceNamespace	string	Source namespace constraining the applicability of a rule to workloads in that namespace. If the VirtualService has a list of gateways specified in the top-level gateways field, it must include the reserved gateway mesh for this field to be applicable. source namespace 限制规则在该 namespace 中的工作负载的适用性。如果 VirtualService 在顶级 gateways 字段中指定了一个网关列表，则必须包括此字段适用的保留网关 mesh。	No