程序包 istio.networking.v1alpha3

类 DestinationRuleOuterClass.ClientTLSSettings.Builder

  • 所有已实现的接口:
    com.google.protobuf.Message.Builder, com.google.protobuf.MessageLite.Builder, com.google.protobuf.MessageLiteOrBuilder, com.google.protobuf.MessageOrBuilder, DestinationRuleOuterClass.ClientTLSSettingsOrBuilder, java.lang.Cloneable
    封闭类:
    DestinationRuleOuterClass.ClientTLSSettings
    public static final class DestinationRuleOuterClass.ClientTLSSettings.Builder
extends com.google.protobuf.GeneratedMessageV3.Builder<DestinationRuleOuterClass.ClientTLSSettings.Builder>
implements DestinationRuleOuterClass.ClientTLSSettingsOrBuilder
     SSL/TLS related settings for upstream connections. See Envoy's [TLS
 context](https://www.envoyproxy.io/docs/envoy/latest/api-v2/api/v2/auth/cert.proto.html)
 for more details. These settings are common to both HTTP and TCP upstreams.
 For example, the following rule configures a client to use mutual TLS
 for connections to upstream database cluster.
 {{<tabset category-name="example">}}
 {{<tab name="v1alpha3" category-value="v1alpha3">}}
 ```yaml
 apiVersion: networking.istio.io/v1alpha3
 kind: DestinationRule
 metadata:
   name: db-mtls
 spec:
   host: mydbserver.prod.svc.cluster.local
   trafficPolicy:
     tls:
       mode: MUTUAL
       clientCertificate: /etc/certs/myclientcert.pem
       privateKey: /etc/certs/client_private_key.pem
       caCertificates: /etc/certs/rootcacerts.pem
 ```
 {{</tab>}}
 {{<tab name="v1beta1" category-value="v1beta1">}}
 ```yaml
 apiVersion: networking.istio.io/v1beta1
 kind: DestinationRule
 metadata:
   name: db-mtls
 spec:
   host: mydbserver.prod.svc.cluster.local
   trafficPolicy:
     tls:
       mode: MUTUAL
       clientCertificate: /etc/certs/myclientcert.pem
       privateKey: /etc/certs/client_private_key.pem
       caCertificates: /etc/certs/rootcacerts.pem
 ```
 {{</tab>}}
 {{</tabset>}}
 The following rule configures a client to use TLS when talking to a
 foreign service whose domain matches *.foo.com.
 {{<tabset category-name="example">}}
 {{<tab name="v1alpha3" category-value="v1alpha3">}}
 ```yaml
 apiVersion: networking.istio.io/v1alpha3
 kind: DestinationRule
 metadata:
   name: tls-foo
 spec:
   host: "*.foo.com"
   trafficPolicy:
     tls:
       mode: SIMPLE
 ```
 {{</tab>}}
 {{<tab name="v1beta1" category-value="v1beta1">}}
 ```yaml
 apiVersion: networking.istio.io/v1beta1
 kind: DestinationRule
 metadata:
   name: tls-foo
 spec:
   host: "*.foo.com"
   trafficPolicy:
     tls:
       mode: SIMPLE
 ```
 {{</tab>}}
 {{</tabset>}}
 The following rule configures a client to use Istio mutual TLS when talking
 to rating services.
 {{<tabset category-name="example">}}
 {{<tab name="v1alpha3" category-value="v1alpha3">}}
 ```yaml
 apiVersion: networking.istio.io/v1alpha3
 kind: DestinationRule
 metadata:
   name: ratings-istio-mtls
 spec:
   host: ratings.prod.svc.cluster.local
   trafficPolicy:
     tls:
       mode: ISTIO_MUTUAL
 ```
 {{</tab>}}
 {{<tab name="v1beta1" category-value="v1beta1">}}
 ```yaml
 apiVersion: networking.istio.io/v1beta1
 kind: DestinationRule
 metadata:
   name: ratings-istio-mtls
 spec:
   host: ratings.prod.svc.cluster.local
   trafficPolicy:
     tls:
       mode: ISTIO_MUTUAL
 ```
 {{</tab>}}
 {{</tabset>}}
    Protobuf type istio.networking.v1alpha3.ClientTLSSettings

    • 字段详细资料

      • bitField0_

        private int bitField0_

      • mode_

        private int mode_

      • clientCertificate_

        private java.lang.Object clientCertificate_

      • privateKey_

        private java.lang.Object privateKey_

      • caCertificates_

        private java.lang.Object caCertificates_

      • credentialName_

        private java.lang.Object credentialName_

      • subjectAltNames_

        private com.google.protobuf.LazyStringList subjectAltNames_

      • sni_

        private java.lang.Object sni_

    • 构造器详细资料

      • Builder

        private Builder()

      • Builder

        private Builder​(com.google.protobuf.GeneratedMessageV3.BuilderParent parent)

    • 方法详细资料

      • getDescriptor

        public static final com.google.protobuf.Descriptors.Descriptor getDescriptor()

      • internalGetFieldAccessorTable

        protected com.google.protobuf.GeneratedMessageV3.FieldAccessorTable internalGetFieldAccessorTable()
        指定者:
        internalGetFieldAccessorTable 在类中 com.google.protobuf.GeneratedMessageV3.Builder<DestinationRuleOuterClass.ClientTLSSettings.Builder>

      • getDescriptorForType

        public com.google.protobuf.Descriptors.Descriptor getDescriptorForType()
        指定者:
        getDescriptorForType 在接口中 com.google.protobuf.Message.Builder
        指定者:
        getDescriptorForType 在接口中 com.google.protobuf.MessageOrBuilder
        覆盖:
        getDescriptorForType 在类中 com.google.protobuf.GeneratedMessageV3.Builder<DestinationRuleOuterClass.ClientTLSSettings.Builder>

      • getDefaultInstanceForType

        public DestinationRuleOuterClass.ClientTLSSettings getDefaultInstanceForType()
        指定者:
        getDefaultInstanceForType 在接口中 com.google.protobuf.MessageLiteOrBuilder
        指定者:
        getDefaultInstanceForType 在接口中 com.google.protobuf.MessageOrBuilder

      • buildPartial

        public DestinationRuleOuterClass.ClientTLSSettings buildPartial()
        指定者:
        buildPartial 在接口中 com.google.protobuf.Message.Builder
        指定者:
        buildPartial 在接口中 com.google.protobuf.MessageLite.Builder

      • isInitialized

        public final boolean isInitialized()
        指定者:
        isInitialized 在接口中 com.google.protobuf.MessageLiteOrBuilder
        覆盖:
        isInitialized 在类中 com.google.protobuf.GeneratedMessageV3.Builder<DestinationRuleOuterClass.ClientTLSSettings.Builder>

      • mergeFrom

        public DestinationRuleOuterClass.ClientTLSSettings.Builder mergeFrom​(com.google.protobuf.CodedInputStream input,
                                                                     com.google.protobuf.ExtensionRegistryLite extensionRegistry)
                                                              throws java.io.IOException
        指定者:
        mergeFrom 在接口中 com.google.protobuf.Message.Builder
        指定者:
        mergeFrom 在接口中 com.google.protobuf.MessageLite.Builder
        覆盖:
        mergeFrom 在类中 com.google.protobuf.AbstractMessage.Builder<DestinationRuleOuterClass.ClientTLSSettings.Builder>
        抛出:
        java.io.IOException

      • getModeValue

        public int getModeValue()
         Indicates whether connections to this port should be secured
 using TLS. The value of this field determines how TLS is enforced.
        .istio.networking.v1alpha3.ClientTLSSettings.TLSmode mode = 1 [(.google.api.field_behavior) = REQUIRED];
        指定者:
        getModeValue 在接口中 DestinationRuleOuterClass.ClientTLSSettingsOrBuilder
        返回:
        The enum numeric value on the wire for mode.

      • setModeValue

        public DestinationRuleOuterClass.ClientTLSSettings.Builder setModeValue​(int value)
         Indicates whether connections to this port should be secured
 using TLS. The value of this field determines how TLS is enforced.
        .istio.networking.v1alpha3.ClientTLSSettings.TLSmode mode = 1 [(.google.api.field_behavior) = REQUIRED];
        参数:
        value - The enum numeric value on the wire for mode to set.
        返回:
        This builder for chaining.

      • clearMode

        public DestinationRuleOuterClass.ClientTLSSettings.Builder clearMode()
         Indicates whether connections to this port should be secured
 using TLS. The value of this field determines how TLS is enforced.
        .istio.networking.v1alpha3.ClientTLSSettings.TLSmode mode = 1 [(.google.api.field_behavior) = REQUIRED];
        返回:
        This builder for chaining.

      • getClientCertificate

        public java.lang.String getClientCertificate()
         REQUIRED if mode is `MUTUAL`. The path to the file holding the
 client-side TLS certificate to use.
 Should be empty if mode is `ISTIO_MUTUAL`.
        string client_certificate = 2;
        指定者:
        getClientCertificate 在接口中 DestinationRuleOuterClass.ClientTLSSettingsOrBuilder
        返回:
        The clientCertificate.

      • getClientCertificateBytes

        public com.google.protobuf.ByteString getClientCertificateBytes()
         REQUIRED if mode is `MUTUAL`. The path to the file holding the
 client-side TLS certificate to use.
 Should be empty if mode is `ISTIO_MUTUAL`.
        string client_certificate = 2;
        指定者:
        getClientCertificateBytes 在接口中 DestinationRuleOuterClass.ClientTLSSettingsOrBuilder
        返回:
        The bytes for clientCertificate.

      • setClientCertificate

        public DestinationRuleOuterClass.ClientTLSSettings.Builder setClientCertificate​(java.lang.String value)
         REQUIRED if mode is `MUTUAL`. The path to the file holding the
 client-side TLS certificate to use.
 Should be empty if mode is `ISTIO_MUTUAL`.
        string client_certificate = 2;
        参数:
        value - The clientCertificate to set.
        返回:
        This builder for chaining.

      • clearClientCertificate

        public DestinationRuleOuterClass.ClientTLSSettings.Builder clearClientCertificate()
         REQUIRED if mode is `MUTUAL`. The path to the file holding the
 client-side TLS certificate to use.
 Should be empty if mode is `ISTIO_MUTUAL`.
        string client_certificate = 2;
        返回:
        This builder for chaining.

      • setClientCertificateBytes

        public DestinationRuleOuterClass.ClientTLSSettings.Builder setClientCertificateBytes​(com.google.protobuf.ByteString value)
         REQUIRED if mode is `MUTUAL`. The path to the file holding the
 client-side TLS certificate to use.
 Should be empty if mode is `ISTIO_MUTUAL`.
        string client_certificate = 2;
        参数:
        value - The bytes for clientCertificate to set.
        返回:
        This builder for chaining.

      • getPrivateKey

        public java.lang.String getPrivateKey()
         REQUIRED if mode is `MUTUAL`. The path to the file holding the
 client's private key.
 Should be empty if mode is `ISTIO_MUTUAL`.
        string private_key = 3;
        指定者:
        getPrivateKey 在接口中 DestinationRuleOuterClass.ClientTLSSettingsOrBuilder
        返回:
        The privateKey.

      • getPrivateKeyBytes

        public com.google.protobuf.ByteString getPrivateKeyBytes()
         REQUIRED if mode is `MUTUAL`. The path to the file holding the
 client's private key.
 Should be empty if mode is `ISTIO_MUTUAL`.
        string private_key = 3;
        指定者:
        getPrivateKeyBytes 在接口中 DestinationRuleOuterClass.ClientTLSSettingsOrBuilder
        返回:
        The bytes for privateKey.

      • setPrivateKey

        public DestinationRuleOuterClass.ClientTLSSettings.Builder setPrivateKey​(java.lang.String value)
         REQUIRED if mode is `MUTUAL`. The path to the file holding the
 client's private key.
 Should be empty if mode is `ISTIO_MUTUAL`.
        string private_key = 3;
        参数:
        value - The privateKey to set.
        返回:
        This builder for chaining.

      • clearPrivateKey

        public DestinationRuleOuterClass.ClientTLSSettings.Builder clearPrivateKey()
         REQUIRED if mode is `MUTUAL`. The path to the file holding the
 client's private key.
 Should be empty if mode is `ISTIO_MUTUAL`.
        string private_key = 3;
        返回:
        This builder for chaining.

      • setPrivateKeyBytes

        public DestinationRuleOuterClass.ClientTLSSettings.Builder setPrivateKeyBytes​(com.google.protobuf.ByteString value)
         REQUIRED if mode is `MUTUAL`. The path to the file holding the
 client's private key.
 Should be empty if mode is `ISTIO_MUTUAL`.
        string private_key = 3;
        参数:
        value - The bytes for privateKey to set.
        返回:
        This builder for chaining.

      • getCaCertificates

        public java.lang.String getCaCertificates()
         OPTIONAL: The path to the file containing certificate authority
 certificates to use in verifying a presented server certificate. If
 omitted, the proxy will not verify the server's certificate.
 Should be empty if mode is `ISTIO_MUTUAL`.
        string ca_certificates = 4;
        指定者:
        getCaCertificates 在接口中 DestinationRuleOuterClass.ClientTLSSettingsOrBuilder
        返回:
        The caCertificates.

      • getCaCertificatesBytes

        public com.google.protobuf.ByteString getCaCertificatesBytes()
         OPTIONAL: The path to the file containing certificate authority
 certificates to use in verifying a presented server certificate. If
 omitted, the proxy will not verify the server's certificate.
 Should be empty if mode is `ISTIO_MUTUAL`.
        string ca_certificates = 4;
        指定者:
        getCaCertificatesBytes 在接口中 DestinationRuleOuterClass.ClientTLSSettingsOrBuilder
        返回:
        The bytes for caCertificates.

      • setCaCertificates

        public DestinationRuleOuterClass.ClientTLSSettings.Builder setCaCertificates​(java.lang.String value)
         OPTIONAL: The path to the file containing certificate authority
 certificates to use in verifying a presented server certificate. If
 omitted, the proxy will not verify the server's certificate.
 Should be empty if mode is `ISTIO_MUTUAL`.
        string ca_certificates = 4;
        参数:
        value - The caCertificates to set.
        返回:
        This builder for chaining.

      • clearCaCertificates

        public DestinationRuleOuterClass.ClientTLSSettings.Builder clearCaCertificates()
         OPTIONAL: The path to the file containing certificate authority
 certificates to use in verifying a presented server certificate. If
 omitted, the proxy will not verify the server's certificate.
 Should be empty if mode is `ISTIO_MUTUAL`.
        string ca_certificates = 4;
        返回:
        This builder for chaining.

      • setCaCertificatesBytes

        public DestinationRuleOuterClass.ClientTLSSettings.Builder setCaCertificatesBytes​(com.google.protobuf.ByteString value)
         OPTIONAL: The path to the file containing certificate authority
 certificates to use in verifying a presented server certificate. If
 omitted, the proxy will not verify the server's certificate.
 Should be empty if mode is `ISTIO_MUTUAL`.
        string ca_certificates = 4;
        参数:
        value - The bytes for caCertificates to set.
        返回:
        This builder for chaining.

      • getCredentialName

        public java.lang.String getCredentialName()
         The name of the secret that holds the TLS certs for the
 client including the CA certificates. Secret must exist in the
 same namespace with the proxy using the certificates.
 The secret (of type `generic`)should contain the
 following keys and values: `key: <privateKey>`,
 `cert: <serverCert>`, `cacert: <CACertificate>`.
 Secret of type tls for client certificates along with
 ca.crt key for CA certificates is also supported.
 Only one of client certificates and CA certificate
 or credentialName can be specified.
 **NOTE:** This field is currently applicable only at gateways.
 Sidecars will continue to use the certificate paths.
        string credential_name = 7;
        指定者:
        getCredentialName 在接口中 DestinationRuleOuterClass.ClientTLSSettingsOrBuilder
        返回:
        The credentialName.

      • getCredentialNameBytes

        public com.google.protobuf.ByteString getCredentialNameBytes()
         The name of the secret that holds the TLS certs for the
 client including the CA certificates. Secret must exist in the
 same namespace with the proxy using the certificates.
 The secret (of type `generic`)should contain the
 following keys and values: `key: <privateKey>`,
 `cert: <serverCert>`, `cacert: <CACertificate>`.
 Secret of type tls for client certificates along with
 ca.crt key for CA certificates is also supported.
 Only one of client certificates and CA certificate
 or credentialName can be specified.
 **NOTE:** This field is currently applicable only at gateways.
 Sidecars will continue to use the certificate paths.
        string credential_name = 7;
        指定者:
        getCredentialNameBytes 在接口中 DestinationRuleOuterClass.ClientTLSSettingsOrBuilder
        返回:
        The bytes for credentialName.

      • setCredentialName

        public DestinationRuleOuterClass.ClientTLSSettings.Builder setCredentialName​(java.lang.String value)
         The name of the secret that holds the TLS certs for the
 client including the CA certificates. Secret must exist in the
 same namespace with the proxy using the certificates.
 The secret (of type `generic`)should contain the
 following keys and values: `key: <privateKey>`,
 `cert: <serverCert>`, `cacert: <CACertificate>`.
 Secret of type tls for client certificates along with
 ca.crt key for CA certificates is also supported.
 Only one of client certificates and CA certificate
 or credentialName can be specified.
 **NOTE:** This field is currently applicable only at gateways.
 Sidecars will continue to use the certificate paths.
        string credential_name = 7;
        参数:
        value - The credentialName to set.
        返回:
        This builder for chaining.

      • clearCredentialName

        public DestinationRuleOuterClass.ClientTLSSettings.Builder clearCredentialName()
         The name of the secret that holds the TLS certs for the
 client including the CA certificates. Secret must exist in the
 same namespace with the proxy using the certificates.
 The secret (of type `generic`)should contain the
 following keys and values: `key: <privateKey>`,
 `cert: <serverCert>`, `cacert: <CACertificate>`.
 Secret of type tls for client certificates along with
 ca.crt key for CA certificates is also supported.
 Only one of client certificates and CA certificate
 or credentialName can be specified.
 **NOTE:** This field is currently applicable only at gateways.
 Sidecars will continue to use the certificate paths.
        string credential_name = 7;
        返回:
        This builder for chaining.

      • setCredentialNameBytes

        public DestinationRuleOuterClass.ClientTLSSettings.Builder setCredentialNameBytes​(com.google.protobuf.ByteString value)
         The name of the secret that holds the TLS certs for the
 client including the CA certificates. Secret must exist in the
 same namespace with the proxy using the certificates.
 The secret (of type `generic`)should contain the
 following keys and values: `key: <privateKey>`,
 `cert: <serverCert>`, `cacert: <CACertificate>`.
 Secret of type tls for client certificates along with
 ca.crt key for CA certificates is also supported.
 Only one of client certificates and CA certificate
 or credentialName can be specified.
 **NOTE:** This field is currently applicable only at gateways.
 Sidecars will continue to use the certificate paths.
        string credential_name = 7;
        参数:
        value - The bytes for credentialName to set.
        返回:
        This builder for chaining.

      • ensureSubjectAltNamesIsMutable

        private void ensureSubjectAltNamesIsMutable()

      • getSubjectAltNamesList

        public com.google.protobuf.ProtocolStringList getSubjectAltNamesList()
         A list of alternate names to verify the subject identity in the
 certificate. If specified, the proxy will verify that the server
 certificate's subject alt name matches one of the specified values.
 If specified, this list overrides the value of subject_alt_names
 from the ServiceEntry.
        repeated string subject_alt_names = 5;
        指定者:
        getSubjectAltNamesList 在接口中 DestinationRuleOuterClass.ClientTLSSettingsOrBuilder
        返回:
        A list containing the subjectAltNames.

      • getSubjectAltNamesCount

        public int getSubjectAltNamesCount()
         A list of alternate names to verify the subject identity in the
 certificate. If specified, the proxy will verify that the server
 certificate's subject alt name matches one of the specified values.
 If specified, this list overrides the value of subject_alt_names
 from the ServiceEntry.
        repeated string subject_alt_names = 5;
        指定者:
        getSubjectAltNamesCount 在接口中 DestinationRuleOuterClass.ClientTLSSettingsOrBuilder
        返回:
        The count of subjectAltNames.

      • getSubjectAltNames

        public java.lang.String getSubjectAltNames​(int index)
         A list of alternate names to verify the subject identity in the
 certificate. If specified, the proxy will verify that the server
 certificate's subject alt name matches one of the specified values.
 If specified, this list overrides the value of subject_alt_names
 from the ServiceEntry.
        repeated string subject_alt_names = 5;
        指定者:
        getSubjectAltNames 在接口中 DestinationRuleOuterClass.ClientTLSSettingsOrBuilder
        参数:
        index - The index of the element to return.
        返回:
        The subjectAltNames at the given index.

      • getSubjectAltNamesBytes

        public com.google.protobuf.ByteString getSubjectAltNamesBytes​(int index)
         A list of alternate names to verify the subject identity in the
 certificate. If specified, the proxy will verify that the server
 certificate's subject alt name matches one of the specified values.
 If specified, this list overrides the value of subject_alt_names
 from the ServiceEntry.
        repeated string subject_alt_names = 5;
        指定者:
        getSubjectAltNamesBytes 在接口中 DestinationRuleOuterClass.ClientTLSSettingsOrBuilder
        参数:
        index - The index of the value to return.
        返回:
        The bytes of the subjectAltNames at the given index.

      • setSubjectAltNames

        public DestinationRuleOuterClass.ClientTLSSettings.Builder setSubjectAltNames​(int index,
                                                                              java.lang.String value)
         A list of alternate names to verify the subject identity in the
 certificate. If specified, the proxy will verify that the server
 certificate's subject alt name matches one of the specified values.
 If specified, this list overrides the value of subject_alt_names
 from the ServiceEntry.
        repeated string subject_alt_names = 5;
        参数:
        index - The index to set the value at.
        value - The subjectAltNames to set.
        返回:
        This builder for chaining.

      • addSubjectAltNames

        public DestinationRuleOuterClass.ClientTLSSettings.Builder addSubjectAltNames​(java.lang.String value)
         A list of alternate names to verify the subject identity in the
 certificate. If specified, the proxy will verify that the server
 certificate's subject alt name matches one of the specified values.
 If specified, this list overrides the value of subject_alt_names
 from the ServiceEntry.
        repeated string subject_alt_names = 5;
        参数:
        value - The subjectAltNames to add.
        返回:
        This builder for chaining.

      • addAllSubjectAltNames

        public DestinationRuleOuterClass.ClientTLSSettings.Builder addAllSubjectAltNames​(java.lang.Iterable<java.lang.String> values)
         A list of alternate names to verify the subject identity in the
 certificate. If specified, the proxy will verify that the server
 certificate's subject alt name matches one of the specified values.
 If specified, this list overrides the value of subject_alt_names
 from the ServiceEntry.
        repeated string subject_alt_names = 5;
        参数:
        values - The subjectAltNames to add.
        返回:
        This builder for chaining.

      • clearSubjectAltNames

        public DestinationRuleOuterClass.ClientTLSSettings.Builder clearSubjectAltNames()
         A list of alternate names to verify the subject identity in the
 certificate. If specified, the proxy will verify that the server
 certificate's subject alt name matches one of the specified values.
 If specified, this list overrides the value of subject_alt_names
 from the ServiceEntry.
        repeated string subject_alt_names = 5;
        返回:
        This builder for chaining.

      • addSubjectAltNamesBytes

        public DestinationRuleOuterClass.ClientTLSSettings.Builder addSubjectAltNamesBytes​(com.google.protobuf.ByteString value)
         A list of alternate names to verify the subject identity in the
 certificate. If specified, the proxy will verify that the server
 certificate's subject alt name matches one of the specified values.
 If specified, this list overrides the value of subject_alt_names
 from the ServiceEntry.
        repeated string subject_alt_names = 5;
        参数:
        value - The bytes of the subjectAltNames to add.
        返回:
        This builder for chaining.

      • setSniBytes

        public DestinationRuleOuterClass.ClientTLSSettings.Builder setSniBytes​(com.google.protobuf.ByteString value)
         SNI string to present to the server during TLS handshake.
        string sni = 6;
        参数:
        value - The bytes for sni to set.
        返回:
        This builder for chaining.