程序包 istio.networking.v1alpha3

类 DestinationRuleOuterClass.ClientTLSSettings

  • 所有已实现的接口:
    com.google.protobuf.Message, com.google.protobuf.MessageLite, com.google.protobuf.MessageLiteOrBuilder, com.google.protobuf.MessageOrBuilder, DestinationRuleOuterClass.ClientTLSSettingsOrBuilder, java.io.Serializable
    封闭类:
    DestinationRuleOuterClass
    public static final class DestinationRuleOuterClass.ClientTLSSettings
extends com.google.protobuf.GeneratedMessageV3
implements DestinationRuleOuterClass.ClientTLSSettingsOrBuilder
     SSL/TLS related settings for upstream connections. See Envoy's [TLS
 context](https://www.envoyproxy.io/docs/envoy/latest/api-v2/api/v2/auth/cert.proto.html)
 for more details. These settings are common to both HTTP and TCP upstreams.
 For example, the following rule configures a client to use mutual TLS
 for connections to upstream database cluster.
 {{<tabset category-name="example">}}
 {{<tab name="v1alpha3" category-value="v1alpha3">}}
 ```yaml
 apiVersion: networking.istio.io/v1alpha3
 kind: DestinationRule
 metadata:
   name: db-mtls
 spec:
   host: mydbserver.prod.svc.cluster.local
   trafficPolicy:
     tls:
       mode: MUTUAL
       clientCertificate: /etc/certs/myclientcert.pem
       privateKey: /etc/certs/client_private_key.pem
       caCertificates: /etc/certs/rootcacerts.pem
 ```
 {{</tab>}}
 {{<tab name="v1beta1" category-value="v1beta1">}}
 ```yaml
 apiVersion: networking.istio.io/v1beta1
 kind: DestinationRule
 metadata:
   name: db-mtls
 spec:
   host: mydbserver.prod.svc.cluster.local
   trafficPolicy:
     tls:
       mode: MUTUAL
       clientCertificate: /etc/certs/myclientcert.pem
       privateKey: /etc/certs/client_private_key.pem
       caCertificates: /etc/certs/rootcacerts.pem
 ```
 {{</tab>}}
 {{</tabset>}}
 The following rule configures a client to use TLS when talking to a
 foreign service whose domain matches *.foo.com.
 {{<tabset category-name="example">}}
 {{<tab name="v1alpha3" category-value="v1alpha3">}}
 ```yaml
 apiVersion: networking.istio.io/v1alpha3
 kind: DestinationRule
 metadata:
   name: tls-foo
 spec:
   host: "*.foo.com"
   trafficPolicy:
     tls:
       mode: SIMPLE
 ```
 {{</tab>}}
 {{<tab name="v1beta1" category-value="v1beta1">}}
 ```yaml
 apiVersion: networking.istio.io/v1beta1
 kind: DestinationRule
 metadata:
   name: tls-foo
 spec:
   host: "*.foo.com"
   trafficPolicy:
     tls:
       mode: SIMPLE
 ```
 {{</tab>}}
 {{</tabset>}}
 The following rule configures a client to use Istio mutual TLS when talking
 to rating services.
 {{<tabset category-name="example">}}
 {{<tab name="v1alpha3" category-value="v1alpha3">}}
 ```yaml
 apiVersion: networking.istio.io/v1alpha3
 kind: DestinationRule
 metadata:
   name: ratings-istio-mtls
 spec:
   host: ratings.prod.svc.cluster.local
   trafficPolicy:
     tls:
       mode: ISTIO_MUTUAL
 ```
 {{</tab>}}
 {{<tab name="v1beta1" category-value="v1beta1">}}
 ```yaml
 apiVersion: networking.istio.io/v1beta1
 kind: DestinationRule
 metadata:
   name: ratings-istio-mtls
 spec:
   host: ratings.prod.svc.cluster.local
   trafficPolicy:
     tls:
       mode: ISTIO_MUTUAL
 ```
 {{</tab>}}
 {{</tabset>}}
    Protobuf type istio.networking.v1alpha3.ClientTLSSettings
    另请参阅:
    序列化表格

    • 字段详细资料

      • serialVersionUID

        private static final long serialVersionUID
        另请参阅:
        常量字段值

      • MODE_FIELD_NUMBER

        public static final int MODE_FIELD_NUMBER
        另请参阅:
        常量字段值

      • mode_

        private int mode_

      • CLIENT_CERTIFICATE_FIELD_NUMBER

        public static final int CLIENT_CERTIFICATE_FIELD_NUMBER
        另请参阅:
        常量字段值

      • clientCertificate_

        private volatile java.lang.Object clientCertificate_

      • PRIVATE_KEY_FIELD_NUMBER

        public static final int PRIVATE_KEY_FIELD_NUMBER
        另请参阅:
        常量字段值

      • privateKey_

        private volatile java.lang.Object privateKey_

      • CA_CERTIFICATES_FIELD_NUMBER

        public static final int CA_CERTIFICATES_FIELD_NUMBER
        另请参阅:
        常量字段值

      • caCertificates_

        private volatile java.lang.Object caCertificates_

      • CREDENTIAL_NAME_FIELD_NUMBER

        public static final int CREDENTIAL_NAME_FIELD_NUMBER
        另请参阅:
        常量字段值

      • credentialName_

        private volatile java.lang.Object credentialName_

      • SUBJECT_ALT_NAMES_FIELD_NUMBER

        public static final int SUBJECT_ALT_NAMES_FIELD_NUMBER
        另请参阅:
        常量字段值

      • subjectAltNames_

        private com.google.protobuf.LazyStringList subjectAltNames_

      • SNI_FIELD_NUMBER

        public static final int SNI_FIELD_NUMBER
        另请参阅:
        常量字段值

      • sni_

        private volatile java.lang.Object sni_

      • memoizedIsInitialized

        private byte memoizedIsInitialized

    • 构造器详细资料

      • ClientTLSSettings

        private ClientTLSSettings​(com.google.protobuf.GeneratedMessageV3.Builder<?> builder)

      • ClientTLSSettings

        private ClientTLSSettings()

    • 方法详细资料

      • newInstance

        protected java.lang.Object newInstance​(com.google.protobuf.GeneratedMessageV3.UnusedPrivateParameter unused)
        覆盖:
        newInstance 在类中 com.google.protobuf.GeneratedMessageV3

      • getUnknownFields

        public final com.google.protobuf.UnknownFieldSet getUnknownFields()
        指定者:
        getUnknownFields 在接口中 com.google.protobuf.MessageOrBuilder
        覆盖:
        getUnknownFields 在类中 com.google.protobuf.GeneratedMessageV3

      • getDescriptor

        public static final com.google.protobuf.Descriptors.Descriptor getDescriptor()

      • internalGetFieldAccessorTable

        protected com.google.protobuf.GeneratedMessageV3.FieldAccessorTable internalGetFieldAccessorTable()
        指定者:
        internalGetFieldAccessorTable 在类中 com.google.protobuf.GeneratedMessageV3

      • getModeValue

        public int getModeValue()
         Indicates whether connections to this port should be secured
 using TLS. The value of this field determines how TLS is enforced.
        .istio.networking.v1alpha3.ClientTLSSettings.TLSmode mode = 1 [(.google.api.field_behavior) = REQUIRED];
        指定者:
        getModeValue 在接口中 DestinationRuleOuterClass.ClientTLSSettingsOrBuilder
        返回:
        The enum numeric value on the wire for mode.

      • getClientCertificate

        public java.lang.String getClientCertificate()
         REQUIRED if mode is `MUTUAL`. The path to the file holding the
 client-side TLS certificate to use.
 Should be empty if mode is `ISTIO_MUTUAL`.
        string client_certificate = 2;
        指定者:
        getClientCertificate 在接口中 DestinationRuleOuterClass.ClientTLSSettingsOrBuilder
        返回:
        The clientCertificate.

      • getClientCertificateBytes

        public com.google.protobuf.ByteString getClientCertificateBytes()
         REQUIRED if mode is `MUTUAL`. The path to the file holding the
 client-side TLS certificate to use.
 Should be empty if mode is `ISTIO_MUTUAL`.
        string client_certificate = 2;
        指定者:
        getClientCertificateBytes 在接口中 DestinationRuleOuterClass.ClientTLSSettingsOrBuilder
        返回:
        The bytes for clientCertificate.

      • getPrivateKey

        public java.lang.String getPrivateKey()
         REQUIRED if mode is `MUTUAL`. The path to the file holding the
 client's private key.
 Should be empty if mode is `ISTIO_MUTUAL`.
        string private_key = 3;
        指定者:
        getPrivateKey 在接口中 DestinationRuleOuterClass.ClientTLSSettingsOrBuilder
        返回:
        The privateKey.

      • getPrivateKeyBytes

        public com.google.protobuf.ByteString getPrivateKeyBytes()
         REQUIRED if mode is `MUTUAL`. The path to the file holding the
 client's private key.
 Should be empty if mode is `ISTIO_MUTUAL`.
        string private_key = 3;
        指定者:
        getPrivateKeyBytes 在接口中 DestinationRuleOuterClass.ClientTLSSettingsOrBuilder
        返回:
        The bytes for privateKey.

      • getCaCertificates

        public java.lang.String getCaCertificates()
         OPTIONAL: The path to the file containing certificate authority
 certificates to use in verifying a presented server certificate. If
 omitted, the proxy will not verify the server's certificate.
 Should be empty if mode is `ISTIO_MUTUAL`.
        string ca_certificates = 4;
        指定者:
        getCaCertificates 在接口中 DestinationRuleOuterClass.ClientTLSSettingsOrBuilder
        返回:
        The caCertificates.

      • getCaCertificatesBytes

        public com.google.protobuf.ByteString getCaCertificatesBytes()
         OPTIONAL: The path to the file containing certificate authority
 certificates to use in verifying a presented server certificate. If
 omitted, the proxy will not verify the server's certificate.
 Should be empty if mode is `ISTIO_MUTUAL`.
        string ca_certificates = 4;
        指定者:
        getCaCertificatesBytes 在接口中 DestinationRuleOuterClass.ClientTLSSettingsOrBuilder
        返回:
        The bytes for caCertificates.

      • getCredentialName

        public java.lang.String getCredentialName()
         The name of the secret that holds the TLS certs for the
 client including the CA certificates. Secret must exist in the
 same namespace with the proxy using the certificates.
 The secret (of type `generic`)should contain the
 following keys and values: `key: <privateKey>`,
 `cert: <serverCert>`, `cacert: <CACertificate>`.
 Secret of type tls for client certificates along with
 ca.crt key for CA certificates is also supported.
 Only one of client certificates and CA certificate
 or credentialName can be specified.
 **NOTE:** This field is currently applicable only at gateways.
 Sidecars will continue to use the certificate paths.
        string credential_name = 7;
        指定者:
        getCredentialName 在接口中 DestinationRuleOuterClass.ClientTLSSettingsOrBuilder
        返回:
        The credentialName.

      • getCredentialNameBytes

        public com.google.protobuf.ByteString getCredentialNameBytes()
         The name of the secret that holds the TLS certs for the
 client including the CA certificates. Secret must exist in the
 same namespace with the proxy using the certificates.
 The secret (of type `generic`)should contain the
 following keys and values: `key: <privateKey>`,
 `cert: <serverCert>`, `cacert: <CACertificate>`.
 Secret of type tls for client certificates along with
 ca.crt key for CA certificates is also supported.
 Only one of client certificates and CA certificate
 or credentialName can be specified.
 **NOTE:** This field is currently applicable only at gateways.
 Sidecars will continue to use the certificate paths.
        string credential_name = 7;
        指定者:
        getCredentialNameBytes 在接口中 DestinationRuleOuterClass.ClientTLSSettingsOrBuilder
        返回:
        The bytes for credentialName.

      • getSubjectAltNamesList

        public com.google.protobuf.ProtocolStringList getSubjectAltNamesList()
         A list of alternate names to verify the subject identity in the
 certificate. If specified, the proxy will verify that the server
 certificate's subject alt name matches one of the specified values.
 If specified, this list overrides the value of subject_alt_names
 from the ServiceEntry.
        repeated string subject_alt_names = 5;
        指定者:
        getSubjectAltNamesList 在接口中 DestinationRuleOuterClass.ClientTLSSettingsOrBuilder
        返回:
        A list containing the subjectAltNames.

      • getSubjectAltNamesCount

        public int getSubjectAltNamesCount()
         A list of alternate names to verify the subject identity in the
 certificate. If specified, the proxy will verify that the server
 certificate's subject alt name matches one of the specified values.
 If specified, this list overrides the value of subject_alt_names
 from the ServiceEntry.
        repeated string subject_alt_names = 5;
        指定者:
        getSubjectAltNamesCount 在接口中 DestinationRuleOuterClass.ClientTLSSettingsOrBuilder
        返回:
        The count of subjectAltNames.

      • getSubjectAltNames

        public java.lang.String getSubjectAltNames​(int index)
         A list of alternate names to verify the subject identity in the
 certificate. If specified, the proxy will verify that the server
 certificate's subject alt name matches one of the specified values.
 If specified, this list overrides the value of subject_alt_names
 from the ServiceEntry.
        repeated string subject_alt_names = 5;
        指定者:
        getSubjectAltNames 在接口中 DestinationRuleOuterClass.ClientTLSSettingsOrBuilder
        参数:
        index - The index of the element to return.
        返回:
        The subjectAltNames at the given index.

      • getSubjectAltNamesBytes

        public com.google.protobuf.ByteString getSubjectAltNamesBytes​(int index)
         A list of alternate names to verify the subject identity in the
 certificate. If specified, the proxy will verify that the server
 certificate's subject alt name matches one of the specified values.
 If specified, this list overrides the value of subject_alt_names
 from the ServiceEntry.
        repeated string subject_alt_names = 5;
        指定者:
        getSubjectAltNamesBytes 在接口中 DestinationRuleOuterClass.ClientTLSSettingsOrBuilder
        参数:
        index - The index of the value to return.
        返回:
        The bytes of the subjectAltNames at the given index.

      • isInitialized

        public final boolean isInitialized()
        指定者:
        isInitialized 在接口中 com.google.protobuf.MessageLiteOrBuilder
        覆盖:
        isInitialized 在类中 com.google.protobuf.GeneratedMessageV3

      • writeTo

        public void writeTo​(com.google.protobuf.CodedOutputStream output)
             throws java.io.IOException
        指定者:
        writeTo 在接口中 com.google.protobuf.MessageLite
        覆盖:
        writeTo 在类中 com.google.protobuf.GeneratedMessageV3
        抛出:
        java.io.IOException

      • getSerializedSize

        public int getSerializedSize()
        指定者:
        getSerializedSize 在接口中 com.google.protobuf.MessageLite
        覆盖:
        getSerializedSize 在类中 com.google.protobuf.GeneratedMessageV3

      • equals

        public boolean equals​(java.lang.Object obj)
        指定者:
        equals 在接口中 com.google.protobuf.Message
        覆盖:
        equals 在类中 com.google.protobuf.AbstractMessage

      • hashCode

        public int hashCode()
        指定者:
        hashCode 在接口中 com.google.protobuf.Message
        覆盖:
        hashCode 在类中 com.google.protobuf.AbstractMessage

      • parseFrom

        public static DestinationRuleOuterClass.ClientTLSSettings parseFrom​(java.nio.ByteBuffer data)
                                                             throws com.google.protobuf.InvalidProtocolBufferException
        抛出:
        com.google.protobuf.InvalidProtocolBufferException

      • parseFrom

        public static DestinationRuleOuterClass.ClientTLSSettings parseFrom​(java.nio.ByteBuffer data,
                                                                    com.google.protobuf.ExtensionRegistryLite extensionRegistry)
                                                             throws com.google.protobuf.InvalidProtocolBufferException
        抛出:
        com.google.protobuf.InvalidProtocolBufferException

      • parseFrom

        public static DestinationRuleOuterClass.ClientTLSSettings parseFrom​(com.google.protobuf.ByteString data)
                                                             throws com.google.protobuf.InvalidProtocolBufferException
        抛出:
        com.google.protobuf.InvalidProtocolBufferException

      • parseFrom

        public static DestinationRuleOuterClass.ClientTLSSettings parseFrom​(com.google.protobuf.ByteString data,
                                                                    com.google.protobuf.ExtensionRegistryLite extensionRegistry)
                                                             throws com.google.protobuf.InvalidProtocolBufferException
        抛出:
        com.google.protobuf.InvalidProtocolBufferException

      • parseFrom

        public static DestinationRuleOuterClass.ClientTLSSettings parseFrom​(byte[] data)
                                                             throws com.google.protobuf.InvalidProtocolBufferException
        抛出:
        com.google.protobuf.InvalidProtocolBufferException

      • parseFrom

        public static DestinationRuleOuterClass.ClientTLSSettings parseFrom​(byte[] data,
                                                                    com.google.protobuf.ExtensionRegistryLite extensionRegistry)
                                                             throws com.google.protobuf.InvalidProtocolBufferException
        抛出:
        com.google.protobuf.InvalidProtocolBufferException

      • parseFrom

        public static DestinationRuleOuterClass.ClientTLSSettings parseFrom​(java.io.InputStream input,
                                                                    com.google.protobuf.ExtensionRegistryLite extensionRegistry)
                                                             throws java.io.IOException
        抛出:
        java.io.IOException

      • parseDelimitedFrom

        public static DestinationRuleOuterClass.ClientTLSSettings parseDelimitedFrom​(java.io.InputStream input,
                                                                             com.google.protobuf.ExtensionRegistryLite extensionRegistry)
                                                                      throws java.io.IOException
        抛出:
        java.io.IOException

      • parseFrom

        public static DestinationRuleOuterClass.ClientTLSSettings parseFrom​(com.google.protobuf.CodedInputStream input,
                                                                    com.google.protobuf.ExtensionRegistryLite extensionRegistry)
                                                             throws java.io.IOException
        抛出:
        java.io.IOException

      • getParserForType

        public com.google.protobuf.Parser<DestinationRuleOuterClass.ClientTLSSettings> getParserForType()
        指定者:
        getParserForType 在接口中 com.google.protobuf.Message
        指定者:
        getParserForType 在接口中 com.google.protobuf.MessageLite
        覆盖:
        getParserForType 在类中 com.google.protobuf.GeneratedMessageV3

      • getDefaultInstanceForType

        public DestinationRuleOuterClass.ClientTLSSettings getDefaultInstanceForType()
        指定者:
        getDefaultInstanceForType 在接口中 com.google.protobuf.MessageLiteOrBuilder
        指定者:
        getDefaultInstanceForType 在接口中 com.google.protobuf.MessageOrBuilder