1// Code generated by protoc-gen-gogo. DO NOT EDIT. 2// source: networking/v1alpha3/service_entry.proto 3 4// `ServiceEntry` enables adding additional entries into Istio's 5// internal service registry, so that auto-discovered services in the 6// mesh can access/route to these manually specified services. A 7// service entry describes the properties of a service (DNS name, 8// VIPs, ports, protocols, endpoints). These services could be 9// external to the mesh (e.g., web APIs) or mesh-internal services 10// that are not part of the platform's service registry (e.g., a set 11// of VMs talking to services in Kubernetes). In addition, the 12// endpoints of a service entry can also be dynamically selected by 13// using the `workloadSelector` field. These endpoints can be VM 14// workloads declared using the `WorkloadEntry` object or Kubernetes 15// pods. The ability to select both pods and VMs under a single 16// service allows for migration of services from VMs to Kubernetes 17// without having to change the existing DNS names associated with the 18// services. 19// 20// The following example declares a few external APIs accessed by internal 21// applications over HTTPS. The sidecar inspects the SNI value in the 22// ClientHello message to route to the appropriate external service. 23// 24// {{<tabset category-name="example">}} 25// {{<tab name="v1alpha3" category-value="v1alpha3">}} 26// ```yaml 27// apiVersion: networking.istio.io/v1alpha3 28// kind: ServiceEntry 29// metadata: 30// name: external-svc-https 31// spec: 32// hosts: 33// - api.dropboxapi.com 34// - www.googleapis.com 35// - api.facebook.com 36// location: MESH_EXTERNAL 37// ports: 38// - number: 443 39// name: https 40// protocol: TLS 41// resolution: DNS 42// ``` 43// {{</tab>}} 44// 45// {{<tab name="v1beta1" category-value="v1beta1">}} 46// ```yaml 47// apiVersion: networking.istio.io/v1beta1 48// kind: ServiceEntry 49// metadata: 50// name: external-svc-https 51// spec: 52// hosts: 53// - api.dropboxapi.com 54// - www.googleapis.com 55// - api.facebook.com 56// location: MESH_EXTERNAL 57// ports: 58// - number: 443 59// name: https 60// protocol: TLS 61// resolution: DNS 62// ``` 63// {{</tab>}} 64// {{</tabset>}} 65// 66// The following configuration adds a set of MongoDB instances running on 67// unmanaged VMs to Istio's registry, so that these services can be treated 68// as any other service in the mesh. The associated DestinationRule is used 69// to initiate mTLS connections to the database instances. 70// 71// {{<tabset category-name="example">}} 72// {{<tab name="v1alpha3" category-value="v1alpha3">}} 73// ```yaml 74// apiVersion: networking.istio.io/v1alpha3 75// kind: ServiceEntry 76// metadata: 77// name: external-svc-mongocluster 78// spec: 79// hosts: 80// - mymongodb.somedomain # not used 81// addresses: 82// - 192.192.192.192/24 # VIPs 83// ports: 84// - number: 27018 85// name: mongodb 86// protocol: MONGO 87// location: MESH_INTERNAL 88// resolution: STATIC 89// endpoints: 90// - address: 2.2.2.2 91// - address: 3.3.3.3 92// ``` 93// {{</tab>}} 94// 95// {{<tab name="v1beta1" category-value="v1beta1">}} 96// ```yaml 97// apiVersion: networking.istio.io/v1beta1 98// kind: ServiceEntry 99// metadata: 100// name: external-svc-mongocluster 101// spec: 102// hosts: 103// - mymongodb.somedomain # not used 104// addresses: 105// - 192.192.192.192/24 # VIPs 106// ports: 107// - number: 27018 108// name: mongodb 109// protocol: MONGO 110// location: MESH_INTERNAL 111// resolution: STATIC 112// endpoints: 113// - address: 2.2.2.2 114// - address: 3.3.3.3 115// ``` 116// {{</tab>}} 117// {{</tabset>}} 118// 119// and the associated DestinationRule 120// 121// {{<tabset category-name="example">}} 122// {{<tab name="v1alpha3" category-value="v1alpha3">}} 123// ```yaml 124// apiVersion: networking.istio.io/v1alpha3 125// kind: DestinationRule 126// metadata: 127// name: mtls-mongocluster 128// spec: 129// host: mymongodb.somedomain 130// trafficPolicy: 131// tls: 132// mode: MUTUAL 133// clientCertificate: /etc/certs/myclientcert.pem 134// privateKey: /etc/certs/client_private_key.pem 135// caCertificates: /etc/certs/rootcacerts.pem 136// ``` 137// {{</tab>}} 138// 139// {{<tab name="v1beta1" category-value="v1beta1">}} 140// ```yaml 141// apiVersion: networking.istio.io/v1beta1 142// kind: DestinationRule 143// metadata: 144// name: mtls-mongocluster 145// spec: 146// host: mymongodb.somedomain 147// trafficPolicy: 148// tls: 149// mode: MUTUAL 150// clientCertificate: /etc/certs/myclientcert.pem 151// privateKey: /etc/certs/client_private_key.pem 152// caCertificates: /etc/certs/rootcacerts.pem 153// ``` 154// {{</tab>}} 155// {{</tabset>}} 156// 157// The following example uses a combination of service entry and TLS 158// routing in a virtual service to steer traffic based on the SNI value to 159// an internal egress firewall. 160// 161// {{<tabset category-name="example">}} 162// {{<tab name="v1alpha3" category-value="v1alpha3">}} 163// ```yaml 164// apiVersion: networking.istio.io/v1alpha3 165// kind: ServiceEntry 166// metadata: 167// name: external-svc-redirect 168// spec: 169// hosts: 170// - wikipedia.org 171// - "*.wikipedia.org" 172// location: MESH_EXTERNAL 173// ports: 174// - number: 443 175// name: https 176// protocol: TLS 177// resolution: NONE 178// ``` 179// {{</tab>}} 180// 181// {{<tab name="v1beta1" category-value="v1beta1">}} 182// ```yaml 183// apiVersion: networking.istio.io/v1beta1 184// kind: ServiceEntry 185// metadata: 186// name: external-svc-redirect 187// spec: 188// hosts: 189// - wikipedia.org 190// - "*.wikipedia.org" 191// location: MESH_EXTERNAL 192// ports: 193// - number: 443 194// name: https 195// protocol: TLS 196// resolution: NONE 197// ``` 198// {{</tab>}} 199// {{</tabset>}} 200// 201// And the associated VirtualService to route based on the SNI value. 202// 203// {{<tabset category-name="example">}} 204// {{<tab name="v1alpha3" category-value="v1alpha3">}} 205// ```yaml 206// apiVersion: networking.istio.io/v1alpha3 207// kind: VirtualService 208// metadata: 209// name: tls-routing 210// spec: 211// hosts: 212// - wikipedia.org 213// - "*.wikipedia.org" 214// tls: 215// - match: 216// - sniHosts: 217// - wikipedia.org 218// - "*.wikipedia.org" 219// route: 220// - destination: 221// host: internal-egress-firewall.ns1.svc.cluster.local 222// ``` 223// {{</tab>}} 224// 225// {{<tab name="v1beta1" category-value="v1beta1">}} 226// ```yaml 227// apiVersion: networking.istio.io/v1beta1 228// kind: VirtualService 229// metadata: 230// name: tls-routing 231// spec: 232// hosts: 233// - wikipedia.org 234// - "*.wikipedia.org" 235// tls: 236// - match: 237// - sniHosts: 238// - wikipedia.org 239// - "*.wikipedia.org" 240// route: 241// - destination: 242// host: internal-egress-firewall.ns1.svc.cluster.local 243// ``` 244// {{</tab>}} 245// {{</tabset>}} 246// 247// The virtual service with TLS match serves to override the default SNI 248// match. In the absence of a virtual service, traffic will be forwarded to 249// the wikipedia domains. 250// 251// The following example demonstrates the use of a dedicated egress gateway 252// through which all external service traffic is forwarded. 253// The 'exportTo' field allows for control over the visibility of a service 254// declaration to other namespaces in the mesh. By default, a service is exported 255// to all namespaces. The following example restricts the visibility to the 256// current namespace, represented by ".", so that it cannot be used by other 257// namespaces. 258// 259// {{<tabset category-name="example">}} 260// {{<tab name="v1alpha3" category-value="v1alpha3">}} 261// ```yaml 262// apiVersion: networking.istio.io/v1alpha3 263// kind: ServiceEntry 264// metadata: 265// name: external-svc-httpbin 266// namespace : egress 267// spec: 268// hosts: 269// - httpbin.com 270// exportTo: 271// - "." 272// location: MESH_EXTERNAL 273// ports: 274// - number: 80 275// name: http 276// protocol: HTTP 277// resolution: DNS 278// ``` 279// {{</tab>}} 280// 281// {{<tab name="v1beta1" category-value="v1beta1">}} 282// ```yaml 283// apiVersion: networking.istio.io/v1beta1 284// kind: ServiceEntry 285// metadata: 286// name: external-svc-httpbin 287// namespace : egress 288// spec: 289// hosts: 290// - httpbin.com 291// exportTo: 292// - "." 293// location: MESH_EXTERNAL 294// ports: 295// - number: 80 296// name: http 297// protocol: HTTP 298// resolution: DNS 299// ``` 300// {{</tab>}} 301// {{</tabset>}} 302// 303// Define a gateway to handle all egress traffic. 304// 305// {{<tabset category-name="example">}} 306// {{<tab name="v1alpha3" category-value="v1alpha3">}} 307// ```yaml 308// apiVersion: networking.istio.io/v1alpha3 309// kind: Gateway 310// metadata: 311// name: istio-egressgateway 312// namespace: istio-system 313// spec: 314// selector: 315// istio: egressgateway 316// servers: 317// - port: 318// number: 80 319// name: http 320// protocol: HTTP 321// hosts: 322// - "*" 323// ``` 324// {{</tab>}} 325// 326// {{<tab name="v1beta1" category-value="v1beta1">}} 327// ```yaml 328// apiVersion: networking.istio.io/v1beta1 329// kind: Gateway 330// metadata: 331// name: istio-egressgateway 332// namespace: istio-system 333// spec: 334// selector: 335// istio: egressgateway 336// servers: 337// - port: 338// number: 80 339// name: http 340// protocol: HTTP 341// hosts: 342// - "*" 343// ``` 344// {{</tab>}} 345// {{</tabset>}} 346// 347// And the associated `VirtualService` to route from the sidecar to the 348// gateway service (`istio-egressgateway.istio-system.svc.cluster.local`), as 349// well as route from the gateway to the external service. Note that the 350// virtual service is exported to all namespaces enabling them to route traffic 351// through the gateway to the external service. Forcing traffic to go through 352// a managed middle proxy like this is a common practice. 353// 354// {{<tabset category-name="example">}} 355// {{<tab name="v1alpha3" category-value="v1alpha3">}} 356// ```yaml 357// apiVersion: networking.istio.io/v1alpha3 358// kind: VirtualService 359// metadata: 360// name: gateway-routing 361// namespace: egress 362// spec: 363// hosts: 364// - httpbin.com 365// exportTo: 366// - "*" 367// gateways: 368// - mesh 369// - istio-egressgateway 370// http: 371// - match: 372// - port: 80 373// gateways: 374// - mesh 375// route: 376// - destination: 377// host: istio-egressgateway.istio-system.svc.cluster.local 378// - match: 379// - port: 80 380// gateways: 381// - istio-egressgateway 382// route: 383// - destination: 384// host: httpbin.com 385// ``` 386// {{</tab>}} 387// 388// {{<tab name="v1beta1" category-value="v1beta1">}} 389// ```yaml 390// apiVersion: networking.istio.io/v1beta1 391// kind: VirtualService 392// metadata: 393// name: gateway-routing 394// namespace: egress 395// spec: 396// hosts: 397// - httpbin.com 398// exportTo: 399// - "*" 400// gateways: 401// - mesh 402// - istio-egressgateway 403// http: 404// - match: 405// - port: 80 406// gateways: 407// - mesh 408// route: 409// - destination: 410// host: istio-egressgateway.istio-system.svc.cluster.local 411// - match: 412// - port: 80 413// gateways: 414// - istio-egressgateway 415// route: 416// - destination: 417// host: httpbin.com 418// ``` 419// {{</tab>}} 420// {{</tabset>}} 421// 422// The following example demonstrates the use of wildcards in the hosts for 423// external services. If the connection has to be routed to the IP address 424// requested by the application (i.e. application resolves DNS and attempts 425// to connect to a specific IP), the discovery mode must be set to `NONE`. 426// 427// {{<tabset category-name="example">}} 428// {{<tab name="v1alpha3" category-value="v1alpha3">}} 429// ```yaml 430// apiVersion: networking.istio.io/v1alpha3 431// kind: ServiceEntry 432// metadata: 433// name: external-svc-wildcard-example 434// spec: 435// hosts: 436// - "*.bar.com" 437// location: MESH_EXTERNAL 438// ports: 439// - number: 80 440// name: http 441// protocol: HTTP 442// resolution: NONE 443// ``` 444// {{</tab>}} 445// 446// {{<tab name="v1beta1" category-value="v1beta1">}} 447// ```yaml 448// apiVersion: networking.istio.io/v1beta1 449// kind: ServiceEntry 450// metadata: 451// name: external-svc-wildcard-example 452// spec: 453// hosts: 454// - "*.bar.com" 455// location: MESH_EXTERNAL 456// ports: 457// - number: 80 458// name: http 459// protocol: HTTP 460// resolution: NONE 461// ``` 462// {{</tab>}} 463// {{</tabset>}} 464// 465// The following example demonstrates a service that is available via a 466// Unix Domain Socket on the host of the client. The resolution must be 467// set to STATIC to use Unix address endpoints. 468// 469// {{<tabset category-name="example">}} 470// {{<tab name="v1alpha3" category-value="v1alpha3">}} 471// ```yaml 472// apiVersion: networking.istio.io/v1alpha3 473// kind: ServiceEntry 474// metadata: 475// name: unix-domain-socket-example 476// spec: 477// hosts: 478// - "example.unix.local" 479// location: MESH_EXTERNAL 480// ports: 481// - number: 80 482// name: http 483// protocol: HTTP 484// resolution: STATIC 485// endpoints: 486// - address: unix:///var/run/example/socket 487// ``` 488// {{</tab>}} 489// 490// {{<tab name="v1beta1" category-value="v1beta1">}} 491// ```yaml 492// apiVersion: networking.istio.io/v1beta1 493// kind: ServiceEntry 494// metadata: 495// name: unix-domain-socket-example 496// spec: 497// hosts: 498// - "example.unix.local" 499// location: MESH_EXTERNAL 500// ports: 501// - number: 80 502// name: http 503// protocol: HTTP 504// resolution: STATIC 505// endpoints: 506// - address: unix:///var/run/example/socket 507// ``` 508// {{</tab>}} 509// {{</tabset>}} 510// 511// For HTTP-based services, it is possible to create a `VirtualService` 512// backed by multiple DNS addressable endpoints. In such a scenario, the 513// application can use the `HTTP_PROXY` environment variable to transparently 514// reroute API calls for the `VirtualService` to a chosen backend. For 515// example, the following configuration creates a non-existent external 516// service called foo.bar.com backed by three domains: us.foo.bar.com:8080, 517// uk.foo.bar.com:9080, and in.foo.bar.com:7080 518// 519// {{<tabset category-name="example">}} 520// {{<tab name="v1alpha3" category-value="v1alpha3">}} 521// ```yaml 522// apiVersion: networking.istio.io/v1alpha3 523// kind: ServiceEntry 524// metadata: 525// name: external-svc-dns 526// spec: 527// hosts: 528// - foo.bar.com 529// location: MESH_EXTERNAL 530// ports: 531// - number: 80 532// name: http 533// protocol: HTTP 534// resolution: DNS 535// endpoints: 536// - address: us.foo.bar.com 537// ports: 538// http: 8080 539// - address: uk.foo.bar.com 540// ports: 541// http: 9080 542// - address: in.foo.bar.com 543// ports: 544// http: 7080 545// ``` 546// {{</tab>}} 547// 548// {{<tab name="v1beta1" category-value="v1beta1">}} 549// ```yaml 550// apiVersion: networking.istio.io/v1beta1 551// kind: ServiceEntry 552// metadata: 553// name: external-svc-dns 554// spec: 555// hosts: 556// - foo.bar.com 557// location: MESH_EXTERNAL 558// ports: 559// - number: 80 560// name: http 561// protocol: HTTP 562// resolution: DNS 563// endpoints: 564// - address: us.foo.bar.com 565// ports: 566// https: 8080 567// - address: uk.foo.bar.com 568// ports: 569// https: 9080 570// - address: in.foo.bar.com 571// ports: 572// https: 7080 573// ``` 574// {{</tab>}} 575// {{</tabset>}} 576// 577// With `HTTP_PROXY=http://localhost/`, calls from the application to 578// `http://foo.bar.com` will be load balanced across the three domains 579// specified above. In other words, a call to `http://foo.bar.com/baz` would 580// be translated to `http://uk.foo.bar.com/baz`. 581// 582// The following example illustrates the usage of a `ServiceEntry` 583// containing a subject alternate name 584// whose format conforms to the [SPIFFE standard](https://github.com/spiffe/spiffe/blob/master/standards/SPIFFE-ID.md): 585// 586// {{<tabset category-name="example">}} 587// {{<tab name="v1alpha3" category-value="v1alpha3">}} 588// ```yaml 589// apiVersion: networking.istio.io/v1alpha3 590// kind: ServiceEntry 591// metadata: 592// name: httpbin 593// namespace : httpbin-ns 594// spec: 595// hosts: 596// - httpbin.com 597// location: MESH_INTERNAL 598// ports: 599// - number: 80 600// name: http 601// protocol: HTTP 602// resolution: STATIC 603// endpoints: 604// - address: 2.2.2.2 605// - address: 3.3.3.3 606// subjectAltNames: 607// - "spiffe://cluster.local/ns/httpbin-ns/sa/httpbin-service-account" 608// ``` 609// {{</tab>}} 610// 611// {{<tab name="v1beta1" category-value="v1beta1">}} 612// ```yaml 613// apiVersion: networking.istio.io/v1beta1 614// kind: ServiceEntry 615// metadata: 616// name: httpbin 617// namespace : httpbin-ns 618// spec: 619// hosts: 620// - httpbin.com 621// location: MESH_INTERNAL 622// ports: 623// - number: 80 624// name: http 625// protocol: HTTP 626// resolution: STATIC 627// endpoints: 628// - address: 2.2.2.2 629// - address: 3.3.3.3 630// subjectAltNames: 631// - "spiffe://cluster.local/ns/httpbin-ns/sa/httpbin-service-account" 632// ``` 633// {{</tab>}} 634// {{</tabset>}} 635// 636// The following example demonstrates the use of `ServiceEntry` with a 637// `workloadSelector` to handle the migration of a service 638// `details.bookinfo.com` from VMs to Kubernetes. The service has two 639// VM-based instances with sidecars as well as a set of Kubernetes 640// pods managed by a standard deployment object. Consumers of this 641// service in the mesh will be automatically load balanced across the 642// VMs and Kubernetes. VM for the `details.bookinfo.com` 643// service. This VM has sidecar installed and bootstrapped using the 644// `details-legacy` service account. The sidecar receives HTTP traffic 645// on port 80 (wrapped in istio mutual TLS) and forwards it to the 646// application on the localhost on the same port. 647// 648// {{<tabset category-name="example">}} 649// {{<tab name="v1alpha3" category-value="v1alpha3">}} 650// ```yaml 651// apiVersion: networking.istio.io/v1alpha3 652// kind: WorkloadEntry 653// metadata: 654// name: details-vm-1 655// spec: 656// serviceAccount: details 657// address: 2.2.2.2 658// labels: 659// app: details 660// instance-id: vm1 661// --- 662// apiVersion: networking.istio.io/v1alpha3 663// kind: WorkloadEntry 664// metadata: 665// name: details-vm-2 666// spec: 667// serviceAccount: details 668// address: 3.3.3.3 669// labels: 670// app: details 671// instance-id: vm2 672// ``` 673// {{</tab>}} 674// 675// {{<tab name="v1beta1" category-value="v1beta1">}} 676// ```yaml 677// apiVersion: networking.istio.io/v1beta1 678// kind: WorkloadEntry 679// metadata: 680// name: details-vm-1 681// spec: 682// serviceAccount: details 683// address: 2.2.2.2 684// labels: 685// app: details 686// instance-id: vm1 687// --- 688// apiVersion: networking.istio.io/v1beta1 689// kind: WorkloadEntry 690// metadata: 691// name: details-vm-2 692// spec: 693// serviceAccount: details 694// address: 3.3.3.3 695// labels: 696// app: details 697// instance-id: vm2 698// ``` 699// {{</tab>}} 700// {{</tabset>}} 701// 702// Assuming there is also a Kubernetes deployment with pod labels 703// `app: details` using the same service account `details`, the 704// following service entry declares a service spanning both VMs and 705// Kubernetes: 706// 707// {{<tabset category-name="example">}} 708// {{<tab name="v1alpha3" category-value="v1alpha3">}} 709// ```yaml 710// apiVersion: networking.istio.io/v1alpha3 711// kind: ServiceEntry 712// metadata: 713// name: details-svc 714// spec: 715// hosts: 716// - details.bookinfo.com 717// location: MESH_INTERNAL 718// ports: 719// - number: 80 720// name: http 721// protocol: HTTP 722// resolution: STATIC 723// workloadSelector: 724// labels: 725// app: details 726// ``` 727// {{</tab>}} 728// 729// {{<tab name="v1beta1" category-value="v1beta1">}} 730// ```yaml 731// apiVersion: networking.istio.io/v1beta1 732// kind: ServiceEntry 733// metadata: 734// name: details-svc 735// spec: 736// hosts: 737// - details.bookinfo.com 738// location: MESH_INTERNAL 739// ports: 740// - number: 80 741// name: http 742// protocol: HTTP 743// resolution: STATIC 744// workloadSelector: 745// labels: 746// app: details 747// ``` 748// {{</tab>}} 749// {{</tabset>}} 750 751package v1alpha3 752 753import ( 754 fmt "fmt" 755 proto "github.com/gogo/protobuf/proto" 756 io "io" 757 _ "istio.io/gogo-genproto/googleapis/google/api" 758 math "math" 759 math_bits "math/bits" 760) 761 762// Reference imports to suppress errors if they are not otherwise used. 763var _ = proto.Marshal 764var _ = fmt.Errorf 765var _ = math.Inf 766 767// This is a compile-time assertion to ensure that this generated file 768// is compatible with the proto package it is being compiled against. 769// A compilation error at this line likely means your copy of the 770// proto package needs to be updated. 771const _ = proto.GoGoProtoPackageIsVersion3 // please upgrade the proto package 772 773// Location specifies whether the service is part of Istio mesh or 774// outside the mesh. Location determines the behavior of several 775// features, such as service-to-service mTLS authentication, policy 776// enforcement, etc. When communicating with services outside the mesh, 777// Istio's mTLS authentication is disabled, and policy enforcement is 778// performed on the client-side as opposed to server-side. 779type ServiceEntry_Location int32 780 781const ( 782 // Signifies that the service is external to the mesh. Typically used 783 // to indicate external services consumed through APIs. 784 ServiceEntry_MESH_EXTERNAL ServiceEntry_Location = 0 785 // Signifies that the service is part of the mesh. Typically used to 786 // indicate services added explicitly as part of expanding the service 787 // mesh to include unmanaged infrastructure (e.g., VMs added to a 788 // Kubernetes based service mesh). 789 ServiceEntry_MESH_INTERNAL ServiceEntry_Location = 1 790) 791 792var ServiceEntry_Location_name = map[int32]string{ 793 0: "MESH_EXTERNAL", 794 1: "MESH_INTERNAL", 795} 796 797var ServiceEntry_Location_value = map[string]int32{ 798 "MESH_EXTERNAL": 0, 799 "MESH_INTERNAL": 1, 800} 801 802func (x ServiceEntry_Location) String() string { 803 return proto.EnumName(ServiceEntry_Location_name, int32(x)) 804} 805 806func (ServiceEntry_Location) EnumDescriptor() ([]byte, []int) { 807 return fileDescriptor_9220e0fa673c4bf8, []int{0, 0} 808} 809 810// Resolution determines how the proxy will resolve the IP addresses of 811// the network endpoints associated with the service, so that it can 812// route to one of them. The resolution mode specified here has no impact 813// on how the application resolves the IP address associated with the 814// service. The application may still have to use DNS to resolve the 815// service to an IP so that the outbound traffic can be captured by the 816// Proxy. Alternatively, for HTTP services, the application could 817// directly communicate with the proxy (e.g., by setting HTTP_PROXY) to 818// talk to these services. 819type ServiceEntry_Resolution int32 820 821const ( 822 // Assume that incoming connections have already been resolved (to a 823 // specific destination IP address). Such connections are typically 824 // routed via the proxy using mechanisms such as IP table REDIRECT/ 825 // eBPF. After performing any routing related transformations, the 826 // proxy will forward the connection to the IP address to which the 827 // connection was bound. 828 ServiceEntry_NONE ServiceEntry_Resolution = 0 829 // Use the static IP addresses specified in endpoints (see below) as the 830 // backing instances associated with the service. 831 ServiceEntry_STATIC ServiceEntry_Resolution = 1 832 // Attempt to resolve the IP address by querying the ambient DNS, 833 // during request processing. If no endpoints are specified, the proxy 834 // will resolve the DNS address specified in the hosts field, if 835 // wildcards are not used. If endpoints are specified, the DNS 836 // addresses specified in the endpoints will be resolved to determine 837 // the destination IP address. DNS resolution cannot be used with Unix 838 // domain socket endpoints. 839 ServiceEntry_DNS ServiceEntry_Resolution = 2 840) 841 842var ServiceEntry_Resolution_name = map[int32]string{ 843 0: "NONE", 844 1: "STATIC", 845 2: "DNS", 846} 847 848var ServiceEntry_Resolution_value = map[string]int32{ 849 "NONE": 0, 850 "STATIC": 1, 851 "DNS": 2, 852} 853 854func (x ServiceEntry_Resolution) String() string { 855 return proto.EnumName(ServiceEntry_Resolution_name, int32(x)) 856} 857 858func (ServiceEntry_Resolution) EnumDescriptor() ([]byte, []int) { 859 return fileDescriptor_9220e0fa673c4bf8, []int{0, 1} 860} 861 862// ServiceEntry enables adding additional entries into Istio's internal 863// service registry. 864// 865// <!-- crd generation tags 866// +cue-gen:ServiceEntry:groupName:networking.istio.io 867// +cue-gen:ServiceEntry:version:v1alpha3 868// +cue-gen:ServiceEntry:storageVersion 869// +cue-gen:ServiceEntry:annotations:helm.sh/resource-policy=keep 870// +cue-gen:ServiceEntry:labels:app=istio-pilot,chart=istio,heritage=Tiller,release=istio 871// +cue-gen:ServiceEntry:subresource:status 872// +cue-gen:ServiceEntry:scope:Namespaced 873// +cue-gen:ServiceEntry:resource:categories=istio-io,networking-istio-io,shortNames=se,plural=serviceentries 874// +cue-gen:ServiceEntry:printerColumn:name=Hosts,type=string,JSONPath=.spec.hosts,description="The hosts associated with the ServiceEntry" 875// +cue-gen:ServiceEntry:printerColumn:name=Location,type=string,JSONPath=.spec.location,description="Whether the service is external to the 876// mesh or part of the mesh (MESH_EXTERNAL or MESH_INTERNAL)" 877// +cue-gen:ServiceEntry:printerColumn:name=Resolution,type=string,JSONPath=.spec.resolution,description="Service discovery mode for the hosts 878// (NONE, STATIC, or DNS)" 879// +cue-gen:ServiceEntry:printerColumn:name=Age,type=date,JSONPath=.metadata.creationTimestamp,description="CreationTimestamp is a timestamp 880// representing the server time when this object was created. It is not guaranteed to be set in happens-before order across separate operations. 881// Clients may not set this value. It is represented in RFC3339 form and is in UTC. 882// Populated by the system. Read-only. Null for lists. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#metadata" 883// +cue-gen:ServiceEntry:preserveUnknownFields:false 884// --> 885// 886// <!-- go code generation tags 887// +kubetype-gen 888// +kubetype-gen:groupVersion=networking.istio.io/v1alpha3 889// +genclient 890// +k8s:deepcopy-gen=true 891// --> 892type ServiceEntry struct { 893 // The hosts associated with the ServiceEntry. Could be a DNS 894 // name with wildcard prefix. 895 // 896 // 1. The hosts field is used to select matching hosts in VirtualServices and DestinationRules. 897 // 2. For HTTP traffic the HTTP Host/Authority header will be matched against the hosts field. 898 // 3. For HTTPs or TLS traffic containing Server Name Indication (SNI), the SNI value 899 // will be matched against the hosts field. 900 // 901 // **NOTE 1:** When resolution is set to type DNS and no endpoints 902 // are specified, the host field will be used as the DNS name of the 903 // endpoint to route traffic to. 904 // 905 // **NOTE 2:** If the hostname matches with the name of a service 906 // from another service registry such as Kubernetes that also 907 // supplies its own set of endpoints, the ServiceEntry will be 908 // treated as a decorator of the existing Kubernetes 909 // service. Properties in the service entry will be added to the 910 // Kubernetes service if applicable. Currently, the only the 911 // following additional properties will be considered by `istiod`: 912 // 913 // 1. subjectAltNames: In addition to verifying the SANs of the 914 // service accounts associated with the pods of the service, the 915 // SANs specified here will also be verified. 916 // 917 Hosts []string `protobuf:"bytes,1,rep,name=hosts,proto3" json:"hosts,omitempty"` 918 // The virtual IP addresses associated with the service. Could be CIDR 919 // prefix. For HTTP traffic, generated route configurations will include http route 920 // domains for both the `addresses` and `hosts` field values and the destination will 921 // be identified based on the HTTP Host/Authority header. 922 // If one or more IP addresses are specified, 923 // the incoming traffic will be identified as belonging to this service 924 // if the destination IP matches the IP/CIDRs specified in the addresses 925 // field. If the Addresses field is empty, traffic will be identified 926 // solely based on the destination port. In such scenarios, the port on 927 // which the service is being accessed must not be shared by any other 928 // service in the mesh. In other words, the sidecar will behave as a 929 // simple TCP proxy, forwarding incoming traffic on a specified port to 930 // the specified destination endpoint IP/host. Unix domain socket 931 // addresses are not supported in this field. 932 Addresses []string `protobuf:"bytes,2,rep,name=addresses,proto3" json:"addresses,omitempty"` 933 // The ports associated with the external service. If the 934 // Endpoints are Unix domain socket addresses, there must be exactly one 935 // port. 936 Ports []*Port `protobuf:"bytes,3,rep,name=ports,proto3" json:"ports,omitempty"` 937 // Specify whether the service should be considered external to the mesh 938 // or part of the mesh. 939 Location ServiceEntry_Location `protobuf:"varint,4,opt,name=location,proto3,enum=istio.networking.v1alpha3.ServiceEntry_Location" json:"location,omitempty"` 940 // Service discovery mode for the hosts. Care must be taken 941 // when setting the resolution mode to NONE for a TCP port without 942 // accompanying IP addresses. In such cases, traffic to any IP on 943 // said port will be allowed (i.e. `0.0.0.0:<port>`). 944 Resolution ServiceEntry_Resolution `protobuf:"varint,5,opt,name=resolution,proto3,enum=istio.networking.v1alpha3.ServiceEntry_Resolution" json:"resolution,omitempty"` 945 // One or more endpoints associated with the service. Only one of 946 // `endpoints` or `workloadSelector` can be specified. 947 Endpoints []*WorkloadEntry `protobuf:"bytes,6,rep,name=endpoints,proto3" json:"endpoints,omitempty"` 948 // Applicable only for MESH_INTERNAL services. Only one of 949 // `endpoints` or `workloadSelector` can be specified. Selects one 950 // or more Kubernetes pods or VM workloads (specified using 951 // `WorkloadEntry`) based on their labels. The `WorkloadEntry` object 952 // representing the VMs should be defined in the same namespace as 953 // the ServiceEntry. 954 WorkloadSelector *WorkloadSelector `protobuf:"bytes,9,opt,name=workload_selector,json=workloadSelector,proto3" json:"workload_selector,omitempty"` 955 // A list of namespaces to which this service is exported. Exporting a service 956 // allows it to be used by sidecars, gateways and virtual services defined in 957 // other namespaces. This feature provides a mechanism for service owners 958 // and mesh administrators to control the visibility of services across 959 // namespace boundaries. 960 // 961 // If no namespaces are specified then the service is exported to all 962 // namespaces by default. 963 // 964 // The value "." is reserved and defines an export to the same namespace that 965 // the service is declared in. Similarly the value "*" is reserved and 966 // defines an export to all namespaces. 967 // 968 // For a Kubernetes Service, the equivalent effect can be achieved by setting 969 // the annotation "networking.istio.io/exportTo" to a comma-separated list 970 // of namespace names. 971 // 972 // NOTE: in the current release, the `exportTo` value is restricted to 973 // "." or "*" (i.e., the current namespace or all namespaces). 974 ExportTo []string `protobuf:"bytes,7,rep,name=export_to,json=exportTo,proto3" json:"export_to,omitempty"` 975 // If specified, the proxy will verify that the server certificate's 976 // subject alternate name matches one of the specified values. 977 // 978 // NOTE: When using the workloadEntry with workloadSelectors, the 979 // service account specified in the workloadEntry will also be used 980 // to derive the additional subject alternate names that should be 981 // verified. 982 SubjectAltNames []string `protobuf:"bytes,8,rep,name=subject_alt_names,json=subjectAltNames,proto3" json:"subject_alt_names,omitempty"` 983 XXX_NoUnkeyedLiteral struct{} `json:"-"` 984 XXX_unrecognized []byte `json:"-"` 985 XXX_sizecache int32 `json:"-"` 986} 987 988func (m *ServiceEntry) Reset() { *m = ServiceEntry{} } 989func (m *ServiceEntry) String() string { return proto.CompactTextString(m) } 990func (*ServiceEntry) ProtoMessage() {} 991func (*ServiceEntry) Descriptor() ([]byte, []int) { 992 return fileDescriptor_9220e0fa673c4bf8, []int{0} 993} 994func (m *ServiceEntry) XXX_Unmarshal(b []byte) error { 995 return m.Unmarshal(b) 996} 997func (m *ServiceEntry) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) { 998 if deterministic { 999 return xxx_messageInfo_ServiceEntry.Marshal(b, m, deterministic) 1000 } else { 1001 b = b[:cap(b)] 1002 n, err := m.MarshalToSizedBuffer(b) 1003 if err != nil { 1004 return nil, err 1005 } 1006 return b[:n], nil 1007 } 1008} 1009func (m *ServiceEntry) XXX_Merge(src proto.Message) { 1010 xxx_messageInfo_ServiceEntry.Merge(m, src) 1011} 1012func (m *ServiceEntry) XXX_Size() int { 1013 return m.Size() 1014} 1015func (m *ServiceEntry) XXX_DiscardUnknown() { 1016 xxx_messageInfo_ServiceEntry.DiscardUnknown(m) 1017} 1018 1019var xxx_messageInfo_ServiceEntry proto.InternalMessageInfo 1020 1021func (m *ServiceEntry) GetHosts() []string { 1022 if m != nil { 1023 return m.Hosts 1024 } 1025 return nil 1026} 1027 1028func (m *ServiceEntry) GetAddresses() []string { 1029 if m != nil { 1030 return m.Addresses 1031 } 1032 return nil 1033} 1034 1035func (m *ServiceEntry) GetPorts() []*Port { 1036 if m != nil { 1037 return m.Ports 1038 } 1039 return nil 1040} 1041 1042func (m *ServiceEntry) GetLocation() ServiceEntry_Location { 1043 if m != nil { 1044 return m.Location 1045 } 1046 return ServiceEntry_MESH_EXTERNAL 1047} 1048 1049func (m *ServiceEntry) GetResolution() ServiceEntry_Resolution { 1050 if m != nil { 1051 return m.Resolution 1052 } 1053 return ServiceEntry_NONE 1054} 1055 1056func (m *ServiceEntry) GetEndpoints() []*WorkloadEntry { 1057 if m != nil { 1058 return m.Endpoints 1059 } 1060 return nil 1061} 1062 1063func (m *ServiceEntry) GetWorkloadSelector() *WorkloadSelector { 1064 if m != nil { 1065 return m.WorkloadSelector 1066 } 1067 return nil 1068} 1069 1070func (m *ServiceEntry) GetExportTo() []string { 1071 if m != nil { 1072 return m.ExportTo 1073 } 1074 return nil 1075} 1076 1077func (m *ServiceEntry) GetSubjectAltNames() []string { 1078 if m != nil { 1079 return m.SubjectAltNames 1080 } 1081 return nil 1082} 1083 1084func init() { 1085 proto.RegisterEnum("istio.networking.v1alpha3.ServiceEntry_Location", ServiceEntry_Location_name, ServiceEntry_Location_value) 1086 proto.RegisterEnum("istio.networking.v1alpha3.ServiceEntry_Resolution", ServiceEntry_Resolution_name, ServiceEntry_Resolution_value) 1087 proto.RegisterType((*ServiceEntry)(nil), "istio.networking.v1alpha3.ServiceEntry") 1088} 1089 1090func init() { 1091 proto.RegisterFile("networking/v1alpha3/service_entry.proto", fileDescriptor_9220e0fa673c4bf8) 1092} 1093 1094var fileDescriptor_9220e0fa673c4bf8 = []byte{ 1095 // 469 bytes of a gzipped FileDescriptorProto 1096 0x1f, 0x8b, 0x08, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02, 0xff, 0x8c, 0x93, 0xcb, 0x6e, 0xd3, 0x40, 1097 0x14, 0x86, 0xeb, 0xdc, 0x1a, 0x9f, 0x72, 0x71, 0x66, 0xe5, 0x16, 0x94, 0x9a, 0x6c, 0xb0, 0xa8, 1098 0xe4, 0x94, 0x74, 0xc7, 0x2e, 0x05, 0x23, 0x2a, 0x05, 0x83, 0xec, 0x48, 0xad, 0xd8, 0x58, 0x13, 1099 0x7b, 0x48, 0x06, 0x8c, 0x8f, 0x35, 0x33, 0x4d, 0xe8, 0x1b, 0xb2, 0xe4, 0x11, 0xaa, 0x3c, 0x03, 1100 0x0f, 0x80, 0x7c, 0xc9, 0x45, 0x28, 0x44, 0xdd, 0xfe, 0xf3, 0xff, 0x9f, 0xcf, 0xf9, 0x67, 0x0c, 1101 0x2f, 0x53, 0xa6, 0x16, 0x28, 0xbe, 0xf3, 0x74, 0xda, 0x9f, 0xbf, 0xa6, 0x49, 0x36, 0xa3, 0x17, 1102 0x7d, 0xc9, 0xc4, 0x9c, 0x47, 0x2c, 0x64, 0xa9, 0x12, 0x77, 0x4e, 0x26, 0x50, 0x21, 0x39, 0xe6, 1103 0x52, 0x71, 0x74, 0x36, 0x76, 0x67, 0x65, 0x3f, 0x39, 0x9d, 0x22, 0x4e, 0x13, 0xd6, 0xa7, 0x19, 1104 0xef, 0x7f, 0xe5, 0x2c, 0x89, 0xc3, 0x09, 0x9b, 0xd1, 0x39, 0x47, 0x51, 0x66, 0x4f, 0x5e, 0xec, 1105 0xfa, 0xc8, 0x94, 0x2a, 0xb6, 0xa0, 0x77, 0xfb, 0x2c, 0x92, 0xc7, 0x2c, 0xa2, 0x2b, 0x8a, 0xbd, 1106 0xcb, 0x92, 0x0b, 0x09, 0xd2, 0x78, 0x7b, 0xd6, 0xde, 0x9f, 0x06, 0x3c, 0x0a, 0xca, 0x1d, 0xdc, 1107 0x5c, 0x26, 0xc7, 0xd0, 0x9c, 0xa1, 0x54, 0xd2, 0xd4, 0xac, 0xba, 0xad, 0x5f, 0xd6, 0xef, 0x87, 1108 0x35, 0xbf, 0x54, 0xc8, 0x73, 0xd0, 0x69, 0x1c, 0x0b, 0x26, 0x25, 0x93, 0x66, 0x2d, 0x3f, 0xf6, 1109 0x37, 0x02, 0x79, 0x03, 0xcd, 0x0c, 0x85, 0x92, 0x66, 0xdd, 0xaa, 0xdb, 0x47, 0x83, 0x53, 0xe7, 1110 0xbf, 0x2d, 0x38, 0x9f, 0x51, 0xa8, 0x8a, 0x5c, 0x44, 0xc8, 0x08, 0xda, 0x09, 0x46, 0x54, 0x71, 1111 0x4c, 0xcd, 0x86, 0xa5, 0xd9, 0x4f, 0x06, 0xe7, 0x7b, 0xe2, 0xdb, 0xf3, 0x3a, 0xa3, 0x2a, 0xe7, 1112 0xaf, 0x09, 0xe4, 0x1a, 0x40, 0x30, 0x89, 0xc9, 0x6d, 0xc1, 0x6b, 0x16, 0xbc, 0xc1, 0x43, 0x79, 1113 0xfe, 0x3a, 0x59, 0x4e, 0xb8, 0x85, 0x22, 0xef, 0x41, 0x67, 0x69, 0x9c, 0x21, 0x4f, 0x95, 0x34, 1114 0x5b, 0xc5, 0x9a, 0xf6, 0x1e, 0xee, 0x75, 0x55, 0x78, 0x01, 0xf6, 0x37, 0x51, 0x72, 0x03, 0x9d, 1115 0xf5, 0x65, 0x48, 0x96, 0xb0, 0x48, 0xa1, 0x30, 0x75, 0x4b, 0xb3, 0x8f, 0x06, 0x67, 0x0f, 0xe0, 1116 0x05, 0x55, 0xc4, 0x37, 0x16, 0xff, 0x28, 0xe4, 0x19, 0xe8, 0xec, 0x67, 0xde, 0x69, 0xa8, 0xd0, 1117 0x3c, 0x2c, 0xae, 0xa8, 0x5d, 0x0a, 0x63, 0x24, 0xaf, 0xa0, 0x23, 0x6f, 0x27, 0xdf, 0x58, 0xa4, 1118 0x42, 0x9a, 0xa8, 0x30, 0xa5, 0x3f, 0x98, 0x34, 0xdb, 0x85, 0xe9, 0x69, 0x75, 0x30, 0x4c, 0x94, 1119 0x97, 0xcb, 0xbd, 0x73, 0x68, 0xaf, 0x9a, 0x25, 0x1d, 0x78, 0xfc, 0xd1, 0x0d, 0x3e, 0x84, 0xee, 1120 0xcd, 0xd8, 0xf5, 0xbd, 0xe1, 0xc8, 0x38, 0x58, 0x4b, 0x57, 0x5e, 0x25, 0x69, 0xbd, 0x33, 0x80, 1121 0x4d, 0x77, 0xa4, 0x0d, 0x0d, 0xef, 0x93, 0xe7, 0x1a, 0x07, 0x04, 0xa0, 0x15, 0x8c, 0x87, 0xe3, 1122 0xab, 0xb7, 0x86, 0x46, 0x0e, 0xa1, 0xfe, 0xce, 0x0b, 0x8c, 0xda, 0xa5, 0xf3, 0x6b, 0xd9, 0xd5, 1123 0x7e, 0x2f, 0xbb, 0xda, 0xfd, 0xb2, 0xab, 0x7d, 0xb1, 0xca, 0x9d, 0x39, 0x16, 0xff, 0xc5, 0x8e, 1124 0xb7, 0x3b, 0x69, 0x15, 0xaf, 0xf5, 0xe2, 0x6f, 0x00, 0x00, 0x00, 0xff, 0xff, 0x2c, 0xdf, 0x82, 1125 0x4a, 0x84, 0x03, 0x00, 0x00, 1126} 1127 1128func (m *ServiceEntry) Marshal() (dAtA []byte, err error) { 1129 size := m.Size() 1130 dAtA = make([]byte, size) 1131 n, err := m.MarshalToSizedBuffer(dAtA[:size]) 1132 if err != nil { 1133 return nil, err 1134 } 1135 return dAtA[:n], nil 1136} 1137 1138func (m *ServiceEntry) MarshalTo(dAtA []byte) (int, error) { 1139 size := m.Size() 1140 return m.MarshalToSizedBuffer(dAtA[:size]) 1141} 1142 1143func (m *ServiceEntry) MarshalToSizedBuffer(dAtA []byte) (int, error) { 1144 i := len(dAtA) 1145 _ = i 1146 var l int 1147 _ = l 1148 if m.XXX_unrecognized != nil { 1149 i -= len(m.XXX_unrecognized) 1150 copy(dAtA[i:], m.XXX_unrecognized) 1151 } 1152 if m.WorkloadSelector != nil { 1153 { 1154 size, err := m.WorkloadSelector.MarshalToSizedBuffer(dAtA[:i]) 1155 if err != nil { 1156 return 0, err 1157 } 1158 i -= size 1159 i = encodeVarintServiceEntry(dAtA, i, uint64(size)) 1160 } 1161 i-- 1162 dAtA[i] = 0x4a 1163 } 1164 if len(m.SubjectAltNames) > 0 { 1165 for iNdEx := len(m.SubjectAltNames) - 1; iNdEx >= 0; iNdEx-- { 1166 i -= len(m.SubjectAltNames[iNdEx]) 1167 copy(dAtA[i:], m.SubjectAltNames[iNdEx]) 1168 i = encodeVarintServiceEntry(dAtA, i, uint64(len(m.SubjectAltNames[iNdEx]))) 1169 i-- 1170 dAtA[i] = 0x42 1171 } 1172 } 1173 if len(m.ExportTo) > 0 { 1174 for iNdEx := len(m.ExportTo) - 1; iNdEx >= 0; iNdEx-- { 1175 i -= len(m.ExportTo[iNdEx]) 1176 copy(dAtA[i:], m.ExportTo[iNdEx]) 1177 i = encodeVarintServiceEntry(dAtA, i, uint64(len(m.ExportTo[iNdEx]))) 1178 i-- 1179 dAtA[i] = 0x3a 1180 } 1181 } 1182 if len(m.Endpoints) > 0 { 1183 for iNdEx := len(m.Endpoints) - 1; iNdEx >= 0; iNdEx-- { 1184 { 1185 size, err := m.Endpoints[iNdEx].MarshalToSizedBuffer(dAtA[:i]) 1186 if err != nil { 1187 return 0, err 1188 } 1189 i -= size 1190 i = encodeVarintServiceEntry(dAtA, i, uint64(size)) 1191 } 1192 i-- 1193 dAtA[i] = 0x32 1194 } 1195 } 1196 if m.Resolution != 0 { 1197 i = encodeVarintServiceEntry(dAtA, i, uint64(m.Resolution)) 1198 i-- 1199 dAtA[i] = 0x28 1200 } 1201 if m.Location != 0 { 1202 i = encodeVarintServiceEntry(dAtA, i, uint64(m.Location)) 1203 i-- 1204 dAtA[i] = 0x20 1205 } 1206 if len(m.Ports) > 0 { 1207 for iNdEx := len(m.Ports) - 1; iNdEx >= 0; iNdEx-- { 1208 { 1209 size, err := m.Ports[iNdEx].MarshalToSizedBuffer(dAtA[:i]) 1210 if err != nil { 1211 return 0, err 1212 } 1213 i -= size 1214 i = encodeVarintServiceEntry(dAtA, i, uint64(size)) 1215 } 1216 i-- 1217 dAtA[i] = 0x1a 1218 } 1219 } 1220 if len(m.Addresses) > 0 { 1221 for iNdEx := len(m.Addresses) - 1; iNdEx >= 0; iNdEx-- { 1222 i -= len(m.Addresses[iNdEx]) 1223 copy(dAtA[i:], m.Addresses[iNdEx]) 1224 i = encodeVarintServiceEntry(dAtA, i, uint64(len(m.Addresses[iNdEx]))) 1225 i-- 1226 dAtA[i] = 0x12 1227 } 1228 } 1229 if len(m.Hosts) > 0 { 1230 for iNdEx := len(m.Hosts) - 1; iNdEx >= 0; iNdEx-- { 1231 i -= len(m.Hosts[iNdEx]) 1232 copy(dAtA[i:], m.Hosts[iNdEx]) 1233 i = encodeVarintServiceEntry(dAtA, i, uint64(len(m.Hosts[iNdEx]))) 1234 i-- 1235 dAtA[i] = 0xa 1236 } 1237 } 1238 return len(dAtA) - i, nil 1239} 1240 1241func encodeVarintServiceEntry(dAtA []byte, offset int, v uint64) int { 1242 offset -= sovServiceEntry(v) 1243 base := offset 1244 for v >= 1<<7 { 1245 dAtA[offset] = uint8(v&0x7f | 0x80) 1246 v >>= 7 1247 offset++ 1248 } 1249 dAtA[offset] = uint8(v) 1250 return base 1251} 1252func (m *ServiceEntry) Size() (n int) { 1253 if m == nil { 1254 return 0 1255 } 1256 var l int 1257 _ = l 1258 if len(m.Hosts) > 0 { 1259 for _, s := range m.Hosts { 1260 l = len(s) 1261 n += 1 + l + sovServiceEntry(uint64(l)) 1262 } 1263 } 1264 if len(m.Addresses) > 0 { 1265 for _, s := range m.Addresses { 1266 l = len(s) 1267 n += 1 + l + sovServiceEntry(uint64(l)) 1268 } 1269 } 1270 if len(m.Ports) > 0 { 1271 for _, e := range m.Ports { 1272 l = e.Size() 1273 n += 1 + l + sovServiceEntry(uint64(l)) 1274 } 1275 } 1276 if m.Location != 0 { 1277 n += 1 + sovServiceEntry(uint64(m.Location)) 1278 } 1279 if m.Resolution != 0 { 1280 n += 1 + sovServiceEntry(uint64(m.Resolution)) 1281 } 1282 if len(m.Endpoints) > 0 { 1283 for _, e := range m.Endpoints { 1284 l = e.Size() 1285 n += 1 + l + sovServiceEntry(uint64(l)) 1286 } 1287 } 1288 if len(m.ExportTo) > 0 { 1289 for _, s := range m.ExportTo { 1290 l = len(s) 1291 n += 1 + l + sovServiceEntry(uint64(l)) 1292 } 1293 } 1294 if len(m.SubjectAltNames) > 0 { 1295 for _, s := range m.SubjectAltNames { 1296 l = len(s) 1297 n += 1 + l + sovServiceEntry(uint64(l)) 1298 } 1299 } 1300 if m.WorkloadSelector != nil { 1301 l = m.WorkloadSelector.Size() 1302 n += 1 + l + sovServiceEntry(uint64(l)) 1303 } 1304 if m.XXX_unrecognized != nil { 1305 n += len(m.XXX_unrecognized) 1306 } 1307 return n 1308} 1309 1310func sovServiceEntry(x uint64) (n int) { 1311 return (math_bits.Len64(x|1) + 6) / 7 1312} 1313func sozServiceEntry(x uint64) (n int) { 1314 return sovServiceEntry(uint64((x << 1) ^ uint64((int64(x) >> 63)))) 1315} 1316func (m *ServiceEntry) Unmarshal(dAtA []byte) error { 1317 l := len(dAtA) 1318 iNdEx := 0 1319 for iNdEx < l { 1320 preIndex := iNdEx 1321 var wire uint64 1322 for shift := uint(0); ; shift += 7 { 1323 if shift >= 64 { 1324 return ErrIntOverflowServiceEntry 1325 } 1326 if iNdEx >= l { 1327 return io.ErrUnexpectedEOF 1328 } 1329 b := dAtA[iNdEx] 1330 iNdEx++ 1331 wire |= uint64(b&0x7F) << shift 1332 if b < 0x80 { 1333 break 1334 } 1335 } 1336 fieldNum := int32(wire >> 3) 1337 wireType := int(wire & 0x7) 1338 if wireType == 4 { 1339 return fmt.Errorf("proto: ServiceEntry: wiretype end group for non-group") 1340 } 1341 if fieldNum <= 0 { 1342 return fmt.Errorf("proto: ServiceEntry: illegal tag %d (wire type %d)", fieldNum, wire) 1343 } 1344 switch fieldNum { 1345 case 1: 1346 if wireType != 2 { 1347 return fmt.Errorf("proto: wrong wireType = %d for field Hosts", wireType) 1348 } 1349 var stringLen uint64 1350 for shift := uint(0); ; shift += 7 { 1351 if shift >= 64 { 1352 return ErrIntOverflowServiceEntry 1353 } 1354 if iNdEx >= l { 1355 return io.ErrUnexpectedEOF 1356 } 1357 b := dAtA[iNdEx] 1358 iNdEx++ 1359 stringLen |= uint64(b&0x7F) << shift 1360 if b < 0x80 { 1361 break 1362 } 1363 } 1364 intStringLen := int(stringLen) 1365 if intStringLen < 0 { 1366 return ErrInvalidLengthServiceEntry 1367 } 1368 postIndex := iNdEx + intStringLen 1369 if postIndex < 0 { 1370 return ErrInvalidLengthServiceEntry 1371 } 1372 if postIndex > l { 1373 return io.ErrUnexpectedEOF 1374 } 1375 m.Hosts = append(m.Hosts, string(dAtA[iNdEx:postIndex])) 1376 iNdEx = postIndex 1377 case 2: 1378 if wireType != 2 { 1379 return fmt.Errorf("proto: wrong wireType = %d for field Addresses", wireType) 1380 } 1381 var stringLen uint64 1382 for shift := uint(0); ; shift += 7 { 1383 if shift >= 64 { 1384 return ErrIntOverflowServiceEntry 1385 } 1386 if iNdEx >= l { 1387 return io.ErrUnexpectedEOF 1388 } 1389 b := dAtA[iNdEx] 1390 iNdEx++ 1391 stringLen |= uint64(b&0x7F) << shift 1392 if b < 0x80 { 1393 break 1394 } 1395 } 1396 intStringLen := int(stringLen) 1397 if intStringLen < 0 { 1398 return ErrInvalidLengthServiceEntry 1399 } 1400 postIndex := iNdEx + intStringLen 1401 if postIndex < 0 { 1402 return ErrInvalidLengthServiceEntry 1403 } 1404 if postIndex > l { 1405 return io.ErrUnexpectedEOF 1406 } 1407 m.Addresses = append(m.Addresses, string(dAtA[iNdEx:postIndex])) 1408 iNdEx = postIndex 1409 case 3: 1410 if wireType != 2 { 1411 return fmt.Errorf("proto: wrong wireType = %d for field Ports", wireType) 1412 } 1413 var msglen int 1414 for shift := uint(0); ; shift += 7 { 1415 if shift >= 64 { 1416 return ErrIntOverflowServiceEntry 1417 } 1418 if iNdEx >= l { 1419 return io.ErrUnexpectedEOF 1420 } 1421 b := dAtA[iNdEx] 1422 iNdEx++ 1423 msglen |= int(b&0x7F) << shift 1424 if b < 0x80 { 1425 break 1426 } 1427 } 1428 if msglen < 0 { 1429 return ErrInvalidLengthServiceEntry 1430 } 1431 postIndex := iNdEx + msglen 1432 if postIndex < 0 { 1433 return ErrInvalidLengthServiceEntry 1434 } 1435 if postIndex > l { 1436 return io.ErrUnexpectedEOF 1437 } 1438 m.Ports = append(m.Ports, &Port{}) 1439 if err := m.Ports[len(m.Ports)-1].Unmarshal(dAtA[iNdEx:postIndex]); err != nil { 1440 return err 1441 } 1442 iNdEx = postIndex 1443 case 4: 1444 if wireType != 0 { 1445 return fmt.Errorf("proto: wrong wireType = %d for field Location", wireType) 1446 } 1447 m.Location = 0 1448 for shift := uint(0); ; shift += 7 { 1449 if shift >= 64 { 1450 return ErrIntOverflowServiceEntry 1451 } 1452 if iNdEx >= l { 1453 return io.ErrUnexpectedEOF 1454 } 1455 b := dAtA[iNdEx] 1456 iNdEx++ 1457 m.Location |= ServiceEntry_Location(b&0x7F) << shift 1458 if b < 0x80 { 1459 break 1460 } 1461 } 1462 case 5: 1463 if wireType != 0 { 1464 return fmt.Errorf("proto: wrong wireType = %d for field Resolution", wireType) 1465 } 1466 m.Resolution = 0 1467 for shift := uint(0); ; shift += 7 { 1468 if shift >= 64 { 1469 return ErrIntOverflowServiceEntry 1470 } 1471 if iNdEx >= l { 1472 return io.ErrUnexpectedEOF 1473 } 1474 b := dAtA[iNdEx] 1475 iNdEx++ 1476 m.Resolution |= ServiceEntry_Resolution(b&0x7F) << shift 1477 if b < 0x80 { 1478 break 1479 } 1480 } 1481 case 6: 1482 if wireType != 2 { 1483 return fmt.Errorf("proto: wrong wireType = %d for field Endpoints", wireType) 1484 } 1485 var msglen int 1486 for shift := uint(0); ; shift += 7 { 1487 if shift >= 64 { 1488 return ErrIntOverflowServiceEntry 1489 } 1490 if iNdEx >= l { 1491 return io.ErrUnexpectedEOF 1492 } 1493 b := dAtA[iNdEx] 1494 iNdEx++ 1495 msglen |= int(b&0x7F) << shift 1496 if b < 0x80 { 1497 break 1498 } 1499 } 1500 if msglen < 0 { 1501 return ErrInvalidLengthServiceEntry 1502 } 1503 postIndex := iNdEx + msglen 1504 if postIndex < 0 { 1505 return ErrInvalidLengthServiceEntry 1506 } 1507 if postIndex > l { 1508 return io.ErrUnexpectedEOF 1509 } 1510 m.Endpoints = append(m.Endpoints, &WorkloadEntry{}) 1511 if err := m.Endpoints[len(m.Endpoints)-1].Unmarshal(dAtA[iNdEx:postIndex]); err != nil { 1512 return err 1513 } 1514 iNdEx = postIndex 1515 case 7: 1516 if wireType != 2 { 1517 return fmt.Errorf("proto: wrong wireType = %d for field ExportTo", wireType) 1518 } 1519 var stringLen uint64 1520 for shift := uint(0); ; shift += 7 { 1521 if shift >= 64 { 1522 return ErrIntOverflowServiceEntry 1523 } 1524 if iNdEx >= l { 1525 return io.ErrUnexpectedEOF 1526 } 1527 b := dAtA[iNdEx] 1528 iNdEx++ 1529 stringLen |= uint64(b&0x7F) << shift 1530 if b < 0x80 { 1531 break 1532 } 1533 } 1534 intStringLen := int(stringLen) 1535 if intStringLen < 0 { 1536 return ErrInvalidLengthServiceEntry 1537 } 1538 postIndex := iNdEx + intStringLen 1539 if postIndex < 0 { 1540 return ErrInvalidLengthServiceEntry 1541 } 1542 if postIndex > l { 1543 return io.ErrUnexpectedEOF 1544 } 1545 m.ExportTo = append(m.ExportTo, string(dAtA[iNdEx:postIndex])) 1546 iNdEx = postIndex 1547 case 8: 1548 if wireType != 2 { 1549 return fmt.Errorf("proto: wrong wireType = %d for field SubjectAltNames", wireType) 1550 } 1551 var stringLen uint64 1552 for shift := uint(0); ; shift += 7 { 1553 if shift >= 64 { 1554 return ErrIntOverflowServiceEntry 1555 } 1556 if iNdEx >= l { 1557 return io.ErrUnexpectedEOF 1558 } 1559 b := dAtA[iNdEx] 1560 iNdEx++ 1561 stringLen |= uint64(b&0x7F) << shift 1562 if b < 0x80 { 1563 break 1564 } 1565 } 1566 intStringLen := int(stringLen) 1567 if intStringLen < 0 { 1568 return ErrInvalidLengthServiceEntry 1569 } 1570 postIndex := iNdEx + intStringLen 1571 if postIndex < 0 { 1572 return ErrInvalidLengthServiceEntry 1573 } 1574 if postIndex > l { 1575 return io.ErrUnexpectedEOF 1576 } 1577 m.SubjectAltNames = append(m.SubjectAltNames, string(dAtA[iNdEx:postIndex])) 1578 iNdEx = postIndex 1579 case 9: 1580 if wireType != 2 { 1581 return fmt.Errorf("proto: wrong wireType = %d for field WorkloadSelector", wireType) 1582 } 1583 var msglen int 1584 for shift := uint(0); ; shift += 7 { 1585 if shift >= 64 { 1586 return ErrIntOverflowServiceEntry 1587 } 1588 if iNdEx >= l { 1589 return io.ErrUnexpectedEOF 1590 } 1591 b := dAtA[iNdEx] 1592 iNdEx++ 1593 msglen |= int(b&0x7F) << shift 1594 if b < 0x80 { 1595 break 1596 } 1597 } 1598 if msglen < 0 { 1599 return ErrInvalidLengthServiceEntry 1600 } 1601 postIndex := iNdEx + msglen 1602 if postIndex < 0 { 1603 return ErrInvalidLengthServiceEntry 1604 } 1605 if postIndex > l { 1606 return io.ErrUnexpectedEOF 1607 } 1608 if m.WorkloadSelector == nil { 1609 m.WorkloadSelector = &WorkloadSelector{} 1610 } 1611 if err := m.WorkloadSelector.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { 1612 return err 1613 } 1614 iNdEx = postIndex 1615 default: 1616 iNdEx = preIndex 1617 skippy, err := skipServiceEntry(dAtA[iNdEx:]) 1618 if err != nil { 1619 return err 1620 } 1621 if skippy < 0 { 1622 return ErrInvalidLengthServiceEntry 1623 } 1624 if (iNdEx + skippy) < 0 { 1625 return ErrInvalidLengthServiceEntry 1626 } 1627 if (iNdEx + skippy) > l { 1628 return io.ErrUnexpectedEOF 1629 } 1630 m.XXX_unrecognized = append(m.XXX_unrecognized, dAtA[iNdEx:iNdEx+skippy]...) 1631 iNdEx += skippy 1632 } 1633 } 1634 1635 if iNdEx > l { 1636 return io.ErrUnexpectedEOF 1637 } 1638 return nil 1639} 1640func skipServiceEntry(dAtA []byte) (n int, err error) { 1641 l := len(dAtA) 1642 iNdEx := 0 1643 for iNdEx < l { 1644 var wire uint64 1645 for shift := uint(0); ; shift += 7 { 1646 if shift >= 64 { 1647 return 0, ErrIntOverflowServiceEntry 1648 } 1649 if iNdEx >= l { 1650 return 0, io.ErrUnexpectedEOF 1651 } 1652 b := dAtA[iNdEx] 1653 iNdEx++ 1654 wire |= (uint64(b) & 0x7F) << shift 1655 if b < 0x80 { 1656 break 1657 } 1658 } 1659 wireType := int(wire & 0x7) 1660 switch wireType { 1661 case 0: 1662 for shift := uint(0); ; shift += 7 { 1663 if shift >= 64 { 1664 return 0, ErrIntOverflowServiceEntry 1665 } 1666 if iNdEx >= l { 1667 return 0, io.ErrUnexpectedEOF 1668 } 1669 iNdEx++ 1670 if dAtA[iNdEx-1] < 0x80 { 1671 break 1672 } 1673 } 1674 return iNdEx, nil 1675 case 1: 1676 iNdEx += 8 1677 return iNdEx, nil 1678 case 2: 1679 var length int 1680 for shift := uint(0); ; shift += 7 { 1681 if shift >= 64 { 1682 return 0, ErrIntOverflowServiceEntry 1683 } 1684 if iNdEx >= l { 1685 return 0, io.ErrUnexpectedEOF 1686 } 1687 b := dAtA[iNdEx] 1688 iNdEx++ 1689 length |= (int(b) & 0x7F) << shift 1690 if b < 0x80 { 1691 break 1692 } 1693 } 1694 if length < 0 { 1695 return 0, ErrInvalidLengthServiceEntry 1696 } 1697 iNdEx += length 1698 if iNdEx < 0 { 1699 return 0, ErrInvalidLengthServiceEntry 1700 } 1701 return iNdEx, nil 1702 case 3: 1703 for { 1704 var innerWire uint64 1705 var start int = iNdEx 1706 for shift := uint(0); ; shift += 7 { 1707 if shift >= 64 { 1708 return 0, ErrIntOverflowServiceEntry 1709 } 1710 if iNdEx >= l { 1711 return 0, io.ErrUnexpectedEOF 1712 } 1713 b := dAtA[iNdEx] 1714 iNdEx++ 1715 innerWire |= (uint64(b) & 0x7F) << shift 1716 if b < 0x80 { 1717 break 1718 } 1719 } 1720 innerWireType := int(innerWire & 0x7) 1721 if innerWireType == 4 { 1722 break 1723 } 1724 next, err := skipServiceEntry(dAtA[start:]) 1725 if err != nil { 1726 return 0, err 1727 } 1728 iNdEx = start + next 1729 if iNdEx < 0 { 1730 return 0, ErrInvalidLengthServiceEntry 1731 } 1732 } 1733 return iNdEx, nil 1734 case 4: 1735 return iNdEx, nil 1736 case 5: 1737 iNdEx += 4 1738 return iNdEx, nil 1739 default: 1740 return 0, fmt.Errorf("proto: illegal wireType %d", wireType) 1741 } 1742 } 1743 panic("unreachable") 1744} 1745 1746var ( 1747 ErrInvalidLengthServiceEntry = fmt.Errorf("proto: negative length found during unmarshaling") 1748 ErrIntOverflowServiceEntry = fmt.Errorf("proto: integer overflow") 1749) 1750