Istio从入门到精通—— 流量治理的原理 —— VirutalService —— TLSMatchAttributes
流量治理的原理 —— VirutalService —— TLSMatchAttributes
https://istio.io/latest/docs/reference/config/networking/virtual-service/#TLSMatchAttributes
TLS connection match attributes.
| Field | Type | Description | Required |
|---|---|---|---|
| sniHosts | string[] |
SNI (server name indicator) to match on. Wildcard prefixes can be used in the SNI value, e.g., *.com will match foo.example.com as well as example.com. An SNI value must be a subset (i.e., fall within the domain) of the corresponding virtual service’s hosts. SNI (服务器名称指示符) 要匹配。SNI 值可以使用通配符前缀,例如,*.com 将匹配 foo.example.com 以及 example.com。SNI 值必须是相应虚拟服务的主机的子集(即,属于该 domain)。 |
Yes |
| destinationSubnets | string[] |
IPv4 or IPv6 ip addresses of destination with optional subnet. E.g., a.b.c.d/xx form or just a.b.c.d. IPv4 或 IPv6 目的地的 IP 地址及其可选子网。例如,a.b.c.d/xx 形式或只是 a.b.c.d。 |
No |
| port | uint32 |
Specifies the port on the host that is being addressed. Many services only expose a single port or label ports with the protocols they support, in these cases it is not required to explicitly select the port. 指定正在被访问的主机上的端口。许多服务只暴露一个端口,或者用它们所支持的协议来标记端口,在这些情况下,不需要显式地选择端口。 |
No |
| sourceLabels | map<string, string> |
One or more labels that constrain the applicability of a rule to workloads with the given labels. If the VirtualService has a list of gateways specified in the top-level gateways field, it should include the reserved gateway mesh in order for this field to be applicable. 一个或多个标签,用于限制规则对具有给定标签的工作负载的适用性。如果 VirtualService 在顶级 gateways 字段中指定了网关列表,则应包含保留的网关 mesh,以便此字段适用。 |
No |
| gateways | string[] |
Names of gateways where the rule should be applied. Gateway names in the top-level gateways field of the VirtualService (if any) are overridden. The gateway match is independent of sourceLabels. 需要指定哪些网关应该应用这个规则。将覆盖 VirtualService (如果有的话)的顶级网关字段中的网关名称。网关匹配独立于 source 标签。 |
No |
| sourceNamespace | string |
Source namespace constraining the applicability of a rule to workloads in that namespace. If the VirtualService has a list of gateways specified in the top-level gateways field, it must include the reserved gateway mesh for this field to be applicable. source namespace 限制规则在该 namespace 中的工作负载的适用性。如果 VirtualService 在顶级 gateways 字段中指定了一个网关列表,则必须包括此字段适用的保留网关 mesh。 |
No |
