1// Code generated by protoc-gen-gogo. DO NOT EDIT. 2// source: networking/v1beta1/service_entry.proto 3 4// `ServiceEntry` enables adding additional entries into Istio's 5// internal service registry, so that auto-discovered services in the 6// mesh can access/route to these manually specified services. A 7// service entry describes the properties of a service (DNS name, 8// VIPs, ports, protocols, endpoints). These services could be 9// external to the mesh (e.g., web APIs) or mesh-internal services 10// that are not part of the platform's service registry (e.g., a set 11// of VMs talking to services in Kubernetes). In addition, the 12// endpoints of a service entry can also be dynamically selected by 13// using the `workloadSelector` field. These endpoints can be VM 14// workloads declared using the `WorkloadEntry` object or Kubernetes 15// pods. The ability to select both pods and VMs under a single 16// service allows for migration of services from VMs to Kubernetes 17// without having to change the existing DNS names associated with the 18// services. 19// 20// The following example declares a few external APIs accessed by internal 21// applications over HTTPS. The sidecar inspects the SNI value in the 22// ClientHello message to route to the appropriate external service. 23// 24// {{<tabset category-name="example">}} 25// {{<tab name="v1alpha3" category-value="v1alpha3">}} 26// ```yaml 27// apiVersion: networking.istio.io/v1alpha3 28// kind: ServiceEntry 29// metadata: 30// name: external-svc-https 31// spec: 32// hosts: 33// - api.dropboxapi.com 34// - www.googleapis.com 35// - api.facebook.com 36// location: MESH_EXTERNAL 37// ports: 38// - number: 443 39// name: https 40// protocol: TLS 41// resolution: DNS 42// ``` 43// {{</tab>}} 44// 45// {{<tab name="v1beta1" category-value="v1beta1">}} 46// ```yaml 47// apiVersion: networking.istio.io/v1beta1 48// kind: ServiceEntry 49// metadata: 50// name: external-svc-https 51// spec: 52// hosts: 53// - api.dropboxapi.com 54// - www.googleapis.com 55// - api.facebook.com 56// location: MESH_EXTERNAL 57// ports: 58// - number: 443 59// name: https 60// protocol: TLS 61// resolution: DNS 62// ``` 63// {{</tab>}} 64// {{</tabset>}} 65// 66// The following configuration adds a set of MongoDB instances running on 67// unmanaged VMs to Istio's registry, so that these services can be treated 68// as any other service in the mesh. The associated DestinationRule is used 69// to initiate mTLS connections to the database instances. 70// 71// {{<tabset category-name="example">}} 72// {{<tab name="v1alpha3" category-value="v1alpha3">}} 73// ```yaml 74// apiVersion: networking.istio.io/v1alpha3 75// kind: ServiceEntry 76// metadata: 77// name: external-svc-mongocluster 78// spec: 79// hosts: 80// - mymongodb.somedomain # not used 81// addresses: 82// - 192.192.192.192/24 # VIPs 83// ports: 84// - number: 27018 85// name: mongodb 86// protocol: MONGO 87// location: MESH_INTERNAL 88// resolution: STATIC 89// endpoints: 90// - address: 2.2.2.2 91// - address: 3.3.3.3 92// ``` 93// {{</tab>}} 94// 95// {{<tab name="v1beta1" category-value="v1beta1">}} 96// ```yaml 97// apiVersion: networking.istio.io/v1beta1 98// kind: ServiceEntry 99// metadata: 100// name: external-svc-mongocluster 101// spec: 102// hosts: 103// - mymongodb.somedomain # not used 104// addresses: 105// - 192.192.192.192/24 # VIPs 106// ports: 107// - number: 27018 108// name: mongodb 109// protocol: MONGO 110// location: MESH_INTERNAL 111// resolution: STATIC 112// endpoints: 113// - address: 2.2.2.2 114// - address: 3.3.3.3 115// ``` 116// {{</tab>}} 117// {{</tabset>}} 118// 119// and the associated DestinationRule 120// 121// {{<tabset category-name="example">}} 122// {{<tab name="v1alpha3" category-value="v1alpha3">}} 123// ```yaml 124// apiVersion: networking.istio.io/v1alpha3 125// kind: DestinationRule 126// metadata: 127// name: mtls-mongocluster 128// spec: 129// host: mymongodb.somedomain 130// trafficPolicy: 131// tls: 132// mode: MUTUAL 133// clientCertificate: /etc/certs/myclientcert.pem 134// privateKey: /etc/certs/client_private_key.pem 135// caCertificates: /etc/certs/rootcacerts.pem 136// ``` 137// {{</tab>}} 138// 139// {{<tab name="v1beta1" category-value="v1beta1">}} 140// ```yaml 141// apiVersion: networking.istio.io/v1beta1 142// kind: DestinationRule 143// metadata: 144// name: mtls-mongocluster 145// spec: 146// host: mymongodb.somedomain 147// trafficPolicy: 148// tls: 149// mode: MUTUAL 150// clientCertificate: /etc/certs/myclientcert.pem 151// privateKey: /etc/certs/client_private_key.pem 152// caCertificates: /etc/certs/rootcacerts.pem 153// ``` 154// {{</tab>}} 155// {{</tabset>}} 156// 157// The following example uses a combination of service entry and TLS 158// routing in a virtual service to steer traffic based on the SNI value to 159// an internal egress firewall. 160// 161// {{<tabset category-name="example">}} 162// {{<tab name="v1alpha3" category-value="v1alpha3">}} 163// ```yaml 164// apiVersion: networking.istio.io/v1alpha3 165// kind: ServiceEntry 166// metadata: 167// name: external-svc-redirect 168// spec: 169// hosts: 170// - wikipedia.org 171// - "*.wikipedia.org" 172// location: MESH_EXTERNAL 173// ports: 174// - number: 443 175// name: https 176// protocol: TLS 177// resolution: NONE 178// ``` 179// {{</tab>}} 180// 181// {{<tab name="v1beta1" category-value="v1beta1">}} 182// ```yaml 183// apiVersion: networking.istio.io/v1beta1 184// kind: ServiceEntry 185// metadata: 186// name: external-svc-redirect 187// spec: 188// hosts: 189// - wikipedia.org 190// - "*.wikipedia.org" 191// location: MESH_EXTERNAL 192// ports: 193// - number: 443 194// name: https 195// protocol: TLS 196// resolution: NONE 197// ``` 198// {{</tab>}} 199// {{</tabset>}} 200// 201// And the associated VirtualService to route based on the SNI value. 202// 203// {{<tabset category-name="example">}} 204// {{<tab name="v1alpha3" category-value="v1alpha3">}} 205// ```yaml 206// apiVersion: networking.istio.io/v1alpha3 207// kind: VirtualService 208// metadata: 209// name: tls-routing 210// spec: 211// hosts: 212// - wikipedia.org 213// - "*.wikipedia.org" 214// tls: 215// - match: 216// - sniHosts: 217// - wikipedia.org 218// - "*.wikipedia.org" 219// route: 220// - destination: 221// host: internal-egress-firewall.ns1.svc.cluster.local 222// ``` 223// {{</tab>}} 224// 225// {{<tab name="v1beta1" category-value="v1beta1">}} 226// ```yaml 227// apiVersion: networking.istio.io/v1beta1 228// kind: VirtualService 229// metadata: 230// name: tls-routing 231// spec: 232// hosts: 233// - wikipedia.org 234// - "*.wikipedia.org" 235// tls: 236// - match: 237// - sniHosts: 238// - wikipedia.org 239// - "*.wikipedia.org" 240// route: 241// - destination: 242// host: internal-egress-firewall.ns1.svc.cluster.local 243// ``` 244// {{</tab>}} 245// {{</tabset>}} 246// 247// The virtual service with TLS match serves to override the default SNI 248// match. In the absence of a virtual service, traffic will be forwarded to 249// the wikipedia domains. 250// 251// The following example demonstrates the use of a dedicated egress gateway 252// through which all external service traffic is forwarded. 253// The 'exportTo' field allows for control over the visibility of a service 254// declaration to other namespaces in the mesh. By default, a service is exported 255// to all namespaces. The following example restricts the visibility to the 256// current namespace, represented by ".", so that it cannot be used by other 257// namespaces. 258// 259// {{<tabset category-name="example">}} 260// {{<tab name="v1alpha3" category-value="v1alpha3">}} 261// ```yaml 262// apiVersion: networking.istio.io/v1alpha3 263// kind: ServiceEntry 264// metadata: 265// name: external-svc-httpbin 266// namespace : egress 267// spec: 268// hosts: 269// - httpbin.com 270// exportTo: 271// - "." 272// location: MESH_EXTERNAL 273// ports: 274// - number: 80 275// name: http 276// protocol: HTTP 277// resolution: DNS 278// ``` 279// {{</tab>}} 280// 281// {{<tab name="v1beta1" category-value="v1beta1">}} 282// ```yaml 283// apiVersion: networking.istio.io/v1beta1 284// kind: ServiceEntry 285// metadata: 286// name: external-svc-httpbin 287// namespace : egress 288// spec: 289// hosts: 290// - httpbin.com 291// exportTo: 292// - "." 293// location: MESH_EXTERNAL 294// ports: 295// - number: 80 296// name: http 297// protocol: HTTP 298// resolution: DNS 299// ``` 300// {{</tab>}} 301// {{</tabset>}} 302// 303// Define a gateway to handle all egress traffic. 304// 305// {{<tabset category-name="example">}} 306// {{<tab name="v1alpha3" category-value="v1alpha3">}} 307// ```yaml 308// apiVersion: networking.istio.io/v1alpha3 309// kind: Gateway 310// metadata: 311// name: istio-egressgateway 312// namespace: istio-system 313// spec: 314// selector: 315// istio: egressgateway 316// servers: 317// - port: 318// number: 80 319// name: http 320// protocol: HTTP 321// hosts: 322// - "*" 323// ``` 324// {{</tab>}} 325// 326// {{<tab name="v1beta1" category-value="v1beta1">}} 327// ```yaml 328// apiVersion: networking.istio.io/v1beta1 329// kind: Gateway 330// metadata: 331// name: istio-egressgateway 332// namespace: istio-system 333// spec: 334// selector: 335// istio: egressgateway 336// servers: 337// - port: 338// number: 80 339// name: http 340// protocol: HTTP 341// hosts: 342// - "*" 343// ``` 344// {{</tab>}} 345// {{</tabset>}} 346// 347// And the associated `VirtualService` to route from the sidecar to the 348// gateway service (`istio-egressgateway.istio-system.svc.cluster.local`), as 349// well as route from the gateway to the external service. Note that the 350// virtual service is exported to all namespaces enabling them to route traffic 351// through the gateway to the external service. Forcing traffic to go through 352// a managed middle proxy like this is a common practice. 353// 354// {{<tabset category-name="example">}} 355// {{<tab name="v1alpha3" category-value="v1alpha3">}} 356// ```yaml 357// apiVersion: networking.istio.io/v1alpha3 358// kind: VirtualService 359// metadata: 360// name: gateway-routing 361// namespace: egress 362// spec: 363// hosts: 364// - httpbin.com 365// exportTo: 366// - "*" 367// gateways: 368// - mesh 369// - istio-egressgateway 370// http: 371// - match: 372// - port: 80 373// gateways: 374// - mesh 375// route: 376// - destination: 377// host: istio-egressgateway.istio-system.svc.cluster.local 378// - match: 379// - port: 80 380// gateways: 381// - istio-egressgateway 382// route: 383// - destination: 384// host: httpbin.com 385// ``` 386// {{</tab>}} 387// 388// {{<tab name="v1beta1" category-value="v1beta1">}} 389// ```yaml 390// apiVersion: networking.istio.io/v1beta1 391// kind: VirtualService 392// metadata: 393// name: gateway-routing 394// namespace: egress 395// spec: 396// hosts: 397// - httpbin.com 398// exportTo: 399// - "*" 400// gateways: 401// - mesh 402// - istio-egressgateway 403// http: 404// - match: 405// - port: 80 406// gateways: 407// - mesh 408// route: 409// - destination: 410// host: istio-egressgateway.istio-system.svc.cluster.local 411// - match: 412// - port: 80 413// gateways: 414// - istio-egressgateway 415// route: 416// - destination: 417// host: httpbin.com 418// ``` 419// {{</tab>}} 420// {{</tabset>}} 421// 422// The following example demonstrates the use of wildcards in the hosts for 423// external services. If the connection has to be routed to the IP address 424// requested by the application (i.e. application resolves DNS and attempts 425// to connect to a specific IP), the discovery mode must be set to `NONE`. 426// 427// {{<tabset category-name="example">}} 428// {{<tab name="v1alpha3" category-value="v1alpha3">}} 429// ```yaml 430// apiVersion: networking.istio.io/v1alpha3 431// kind: ServiceEntry 432// metadata: 433// name: external-svc-wildcard-example 434// spec: 435// hosts: 436// - "*.bar.com" 437// location: MESH_EXTERNAL 438// ports: 439// - number: 80 440// name: http 441// protocol: HTTP 442// resolution: NONE 443// ``` 444// {{</tab>}} 445// 446// {{<tab name="v1beta1" category-value="v1beta1">}} 447// ```yaml 448// apiVersion: networking.istio.io/v1beta1 449// kind: ServiceEntry 450// metadata: 451// name: external-svc-wildcard-example 452// spec: 453// hosts: 454// - "*.bar.com" 455// location: MESH_EXTERNAL 456// ports: 457// - number: 80 458// name: http 459// protocol: HTTP 460// resolution: NONE 461// ``` 462// {{</tab>}} 463// {{</tabset>}} 464// 465// The following example demonstrates a service that is available via a 466// Unix Domain Socket on the host of the client. The resolution must be 467// set to STATIC to use Unix address endpoints. 468// 469// {{<tabset category-name="example">}} 470// {{<tab name="v1alpha3" category-value="v1alpha3">}} 471// ```yaml 472// apiVersion: networking.istio.io/v1alpha3 473// kind: ServiceEntry 474// metadata: 475// name: unix-domain-socket-example 476// spec: 477// hosts: 478// - "example.unix.local" 479// location: MESH_EXTERNAL 480// ports: 481// - number: 80 482// name: http 483// protocol: HTTP 484// resolution: STATIC 485// endpoints: 486// - address: unix:///var/run/example/socket 487// ``` 488// {{</tab>}} 489// 490// {{<tab name="v1beta1" category-value="v1beta1">}} 491// ```yaml 492// apiVersion: networking.istio.io/v1beta1 493// kind: ServiceEntry 494// metadata: 495// name: unix-domain-socket-example 496// spec: 497// hosts: 498// - "example.unix.local" 499// location: MESH_EXTERNAL 500// ports: 501// - number: 80 502// name: http 503// protocol: HTTP 504// resolution: STATIC 505// endpoints: 506// - address: unix:///var/run/example/socket 507// ``` 508// {{</tab>}} 509// {{</tabset>}} 510// 511// For HTTP-based services, it is possible to create a `VirtualService` 512// backed by multiple DNS addressable endpoints. In such a scenario, the 513// application can use the `HTTP_PROXY` environment variable to transparently 514// reroute API calls for the `VirtualService` to a chosen backend. For 515// example, the following configuration creates a non-existent external 516// service called foo.bar.com backed by three domains: us.foo.bar.com:8080, 517// uk.foo.bar.com:9080, and in.foo.bar.com:7080 518// 519// {{<tabset category-name="example">}} 520// {{<tab name="v1alpha3" category-value="v1alpha3">}} 521// ```yaml 522// apiVersion: networking.istio.io/v1alpha3 523// kind: ServiceEntry 524// metadata: 525// name: external-svc-dns 526// spec: 527// hosts: 528// - foo.bar.com 529// location: MESH_EXTERNAL 530// ports: 531// - number: 80 532// name: http 533// protocol: HTTP 534// resolution: DNS 535// endpoints: 536// - address: us.foo.bar.com 537// ports: 538// http: 8080 539// - address: uk.foo.bar.com 540// ports: 541// http: 9080 542// - address: in.foo.bar.com 543// ports: 544// http: 7080 545// ``` 546// {{</tab>}} 547// 548// {{<tab name="v1beta1" category-value="v1beta1">}} 549// ```yaml 550// apiVersion: networking.istio.io/v1beta1 551// kind: ServiceEntry 552// metadata: 553// name: external-svc-dns 554// spec: 555// hosts: 556// - foo.bar.com 557// location: MESH_EXTERNAL 558// ports: 559// - number: 80 560// name: http 561// protocol: HTTP 562// resolution: DNS 563// endpoints: 564// - address: us.foo.bar.com 565// ports: 566// http: 8080 567// - address: uk.foo.bar.com 568// ports: 569// http: 9080 570// - address: in.foo.bar.com 571// ports: 572// http: 7080 573// ``` 574// {{</tab>}} 575// {{</tabset>}} 576// 577// With `HTTP_PROXY=http://localhost/`, calls from the application to 578// `http://foo.bar.com` will be load balanced across the three domains 579// specified above. In other words, a call to `http://foo.bar.com/baz` would 580// be translated to `http://uk.foo.bar.com/baz`. 581// 582// The following example illustrates the usage of a `ServiceEntry` 583// containing a subject alternate name 584// whose format conforms to the [SPIFFE standard](https://github.com/spiffe/spiffe/blob/master/standards/SPIFFE-ID.md): 585// 586// {{<tabset category-name="example">}} 587// {{<tab name="v1alpha3" category-value="v1alpha3">}} 588// ```yaml 589// apiVersion: networking.istio.io/v1alpha3 590// kind: ServiceEntry 591// metadata: 592// name: httpbin 593// namespace : httpbin-ns 594// spec: 595// hosts: 596// - httpbin.com 597// location: MESH_INTERNAL 598// ports: 599// - number: 80 600// name: http 601// protocol: HTTP 602// resolution: STATIC 603// endpoints: 604// - address: 2.2.2.2 605// - address: 3.3.3.3 606// subjectAltNames: 607// - "spiffe://cluster.local/ns/httpbin-ns/sa/httpbin-service-account" 608// ``` 609// {{</tab>}} 610// 611// {{<tab name="v1beta1" category-value="v1beta1">}} 612// ```yaml 613// apiVersion: networking.istio.io/v1beta1 614// kind: ServiceEntry 615// metadata: 616// name: httpbin 617// namespace : httpbin-ns 618// spec: 619// hosts: 620// - httpbin.com 621// location: MESH_INTERNAL 622// ports: 623// - number: 80 624// name: http 625// protocol: HTTP 626// resolution: STATIC 627// endpoints: 628// - address: 2.2.2.2 629// - address: 3.3.3.3 630// subjectAltNames: 631// - "spiffe://cluster.local/ns/httpbin-ns/sa/httpbin-service-account" 632// ``` 633// {{</tab>}} 634// {{</tabset>}} 635// 636// The following example demonstrates the use of `ServiceEntry` with a 637// `workloadSelector` to handle the migration of a service 638// `details.bookinfo.com` from VMs to Kubernetes. The service has two 639// VM-based instances with sidecars as well as a set of Kubernetes 640// pods managed by a standard deployment object. Consumers of this 641// service in the mesh will be automatically load balanced across the 642// VMs and Kubernetes. VM for the `details.bookinfo.com` 643// service. This VM has sidecar installed and bootstrapped using the 644// `details-legacy` service account. The sidecar receives HTTP traffic 645// on port 80 (wrapped in istio mutual TLS) and forwards it to the 646// application on the localhost on the same port. 647// 648// {{<tabset category-name="example">}} 649// {{<tab name="v1alpha3" category-value="v1alpha3">}} 650// ```yaml 651// apiVersion: networking.istio.io/v1alpha3 652// kind: WorkloadEntry 653// metadata: 654// name: details-vm-1 655// spec: 656// serviceAccount: details 657// address: 2.2.2.2 658// labels: 659// app: details 660// instance-id: vm1 661// --- 662// apiVersion: networking.istio.io/v1alpha3 663// kind: WorkloadEntry 664// metadata: 665// name: details-vm-2 666// spec: 667// serviceAccount: details 668// address: 3.3.3.3 669// labels: 670// app: details 671// instance-id: vm2 672// ``` 673// {{</tab>}} 674// 675// {{<tab name="v1beta1" category-value="v1beta1">}} 676// ```yaml 677// apiVersion: networking.istio.io/v1beta1 678// kind: WorkloadEntry 679// metadata: 680// name: details-vm-1 681// spec: 682// serviceAccount: details 683// address: 2.2.2.2 684// labels: 685// app: details 686// instance-id: vm1 687// --- 688// apiVersion: networking.istio.io/v1beta1 689// kind: WorkloadEntry 690// metadata: 691// name: details-vm-2 692// spec: 693// serviceAccount: details 694// address: 3.3.3.3 695// labels: 696// app: details 697// instance-id: vm2 698// ``` 699// {{</tab>}} 700// {{</tabset>}} 701// 702// Assuming there is also a Kubernetes deployment with pod labels 703// `app: details` using the same service account `details`, the 704// following service entry declares a service spanning both VMs and 705// Kubernetes: 706// 707// {{<tabset category-name="example">}} 708// {{<tab name="v1alpha3" category-value="v1alpha3">}} 709// ```yaml 710// apiVersion: networking.istio.io/v1alpha3 711// kind: ServiceEntry 712// metadata: 713// name: details-svc 714// spec: 715// hosts: 716// - details.bookinfo.com 717// location: MESH_INTERNAL 718// ports: 719// - number: 80 720// name: http 721// protocol: HTTP 722// resolution: STATIC 723// workloadSelector: 724// labels: 725// app: details 726// ``` 727// {{</tab>}} 728// 729// {{<tab name="v1beta1" category-value="v1beta1">}} 730// ```yaml 731// apiVersion: networking.istio.io/v1beta1 732// kind: ServiceEntry 733// metadata: 734// name: details-svc 735// spec: 736// hosts: 737// - details.bookinfo.com 738// location: MESH_INTERNAL 739// ports: 740// - number: 80 741// name: http 742// protocol: HTTP 743// resolution: STATIC 744// workloadSelector: 745// labels: 746// app: details 747// ``` 748// {{</tab>}} 749// {{</tabset>}} 750 751package v1beta1 752 753import ( 754 fmt "fmt" 755 proto "github.com/gogo/protobuf/proto" 756 io "io" 757 _ "istio.io/gogo-genproto/googleapis/google/api" 758 math "math" 759 math_bits "math/bits" 760) 761 762// Reference imports to suppress errors if they are not otherwise used. 763var _ = proto.Marshal 764var _ = fmt.Errorf 765var _ = math.Inf 766 767// This is a compile-time assertion to ensure that this generated file 768// is compatible with the proto package it is being compiled against. 769// A compilation error at this line likely means your copy of the 770// proto package needs to be updated. 771const _ = proto.GoGoProtoPackageIsVersion3 // please upgrade the proto package 772 773// Location specifies whether the service is part of Istio mesh or 774// outside the mesh. Location determines the behavior of several 775// features, such as service-to-service mTLS authentication, policy 776// enforcement, etc. When communicating with services outside the mesh, 777// Istio's mTLS authentication is disabled, and policy enforcement is 778// performed on the client-side as opposed to server-side. 779type ServiceEntry_Location int32 780 781const ( 782 // Signifies that the service is external to the mesh. Typically used 783 // to indicate external services consumed through APIs. 784 ServiceEntry_MESH_EXTERNAL ServiceEntry_Location = 0 785 // Signifies that the service is part of the mesh. Typically used to 786 // indicate services added explicitly as part of expanding the service 787 // mesh to include unmanaged infrastructure (e.g., VMs added to a 788 // Kubernetes based service mesh). 789 ServiceEntry_MESH_INTERNAL ServiceEntry_Location = 1 790) 791 792var ServiceEntry_Location_name = map[int32]string{ 793 0: "MESH_EXTERNAL", 794 1: "MESH_INTERNAL", 795} 796 797var ServiceEntry_Location_value = map[string]int32{ 798 "MESH_EXTERNAL": 0, 799 "MESH_INTERNAL": 1, 800} 801 802func (x ServiceEntry_Location) String() string { 803 return proto.EnumName(ServiceEntry_Location_name, int32(x)) 804} 805 806func (ServiceEntry_Location) EnumDescriptor() ([]byte, []int) { 807 return fileDescriptor_be685d9fa1e5ca12, []int{0, 0} 808} 809 810// Resolution determines how the proxy will resolve the IP addresses of 811// the network endpoints associated with the service, so that it can 812// route to one of them. The resolution mode specified here has no impact 813// on how the application resolves the IP address associated with the 814// service. The application may still have to use DNS to resolve the 815// service to an IP so that the outbound traffic can be captured by the 816// Proxy. Alternatively, for HTTP services, the application could 817// directly communicate with the proxy (e.g., by setting HTTP_PROXY) to 818// talk to these services. 819type ServiceEntry_Resolution int32 820 821const ( 822 // Assume that incoming connections have already been resolved (to a 823 // specific destination IP address). Such connections are typically 824 // routed via the proxy using mechanisms such as IP table REDIRECT/ 825 // eBPF. After performing any routing related transformations, the 826 // proxy will forward the connection to the IP address to which the 827 // connection was bound. 828 ServiceEntry_NONE ServiceEntry_Resolution = 0 829 // Use the static IP addresses specified in endpoints (see below) as the 830 // backing instances associated with the service. 831 ServiceEntry_STATIC ServiceEntry_Resolution = 1 832 // Attempt to resolve the IP address by querying the ambient DNS, 833 // during request processing. If no endpoints are specified, the proxy 834 // will resolve the DNS address specified in the hosts field, if 835 // wildcards are not used. If endpoints are specified, the DNS 836 // addresses specified in the endpoints will be resolved to determine 837 // the destination IP address. DNS resolution cannot be used with Unix 838 // domain socket endpoints. 839 ServiceEntry_DNS ServiceEntry_Resolution = 2 840) 841 842var ServiceEntry_Resolution_name = map[int32]string{ 843 0: "NONE", 844 1: "STATIC", 845 2: "DNS", 846} 847 848var ServiceEntry_Resolution_value = map[string]int32{ 849 "NONE": 0, 850 "STATIC": 1, 851 "DNS": 2, 852} 853 854func (x ServiceEntry_Resolution) String() string { 855 return proto.EnumName(ServiceEntry_Resolution_name, int32(x)) 856} 857 858func (ServiceEntry_Resolution) EnumDescriptor() ([]byte, []int) { 859 return fileDescriptor_be685d9fa1e5ca12, []int{0, 1} 860} 861 862// ServiceEntry enables adding additional entries into Istio's internal 863// service registry. 864// 865// <!-- crd generation tags 866// +cue-gen:ServiceEntry:groupName:networking.istio.io 867// +cue-gen:ServiceEntry:version:v1beta1 868// +cue-gen:ServiceEntry:annotations:helm.sh/resource-policy=keep 869// +cue-gen:ServiceEntry:labels:app=istio-pilot,chart=istio,heritage=Tiller,release=istio 870// +cue-gen:ServiceEntry:subresource:status 871// +cue-gen:ServiceEntry:scope:Namespaced 872// +cue-gen:ServiceEntry:resource:categories=istio-io,networking-istio-io,shortNames=se,plural=serviceentries 873// +cue-gen:ServiceEntry:printerColumn:name=Hosts,type=string,JSONPath=.spec.hosts,description="The hosts associated with the ServiceEntry" 874// +cue-gen:ServiceEntry:printerColumn:name=Location,type=string,JSONPath=.spec.location,description="Whether the service is external to the 875// mesh or part of the mesh (MESH_EXTERNAL or MESH_INTERNAL)" 876// +cue-gen:ServiceEntry:printerColumn:name=Resolution,type=string,JSONPath=.spec.resolution,description="Service discovery mode for the hosts 877// (NONE, STATIC, or DNS)" 878// +cue-gen:ServiceEntry:printerColumn:name=Age,type=date,JSONPath=.metadata.creationTimestamp,description="CreationTimestamp is a timestamp 879// representing the server time when this object was created. It is not guaranteed to be set in happens-before order across separate operations. 880// Clients may not set this value. It is represented in RFC3339 form and is in UTC. 881// Populated by the system. Read-only. Null for lists. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#metadata" 882// +cue-gen:ServiceEntry:preserveUnknownFields:false 883// --> 884// 885// <!-- go code generation tags 886// +kubetype-gen 887// +kubetype-gen:groupVersion=networking.istio.io/v1beta1 888// +genclient 889// +k8s:deepcopy-gen=true 890// --> 891type ServiceEntry struct { 892 // The hosts associated with the ServiceEntry. Could be a DNS 893 // name with wildcard prefix. 894 // 895 // 1. The hosts field is used to select matching hosts in VirtualServices and DestinationRules. 896 // 2. For HTTP traffic the HTTP Host/Authority header will be matched against the hosts field. 897 // 3. For HTTPs or TLS traffic containing Server Name Indication (SNI), the SNI value 898 // will be matched against the hosts field. 899 // 900 // **NOTE 1:** When resolution is set to type DNS and no endpoints 901 // are specified, the host field will be used as the DNS name of the 902 // endpoint to route traffic to. 903 // 904 // **NOTE 2:** If the hostname matches with the name of a service 905 // from another service registry such as Kubernetes that also 906 // supplies its own set of endpoints, the ServiceEntry will be 907 // treated as a decorator of the existing Kubernetes 908 // service. Properties in the service entry will be added to the 909 // Kubernetes service if applicable. Currently, the only the 910 // following additional properties will be considered by `istiod`: 911 // 912 // 1. subjectAltNames: In addition to verifying the SANs of the 913 // service accounts associated with the pods of the service, the 914 // SANs specified here will also be verified. 915 // 916 Hosts []string `protobuf:"bytes,1,rep,name=hosts,proto3" json:"hosts,omitempty"` 917 // The virtual IP addresses associated with the service. Could be CIDR 918 // prefix. For HTTP traffic, generated route configurations will include http route 919 // domains for both the `addresses` and `hosts` field values and the destination will 920 // be identified based on the HTTP Host/Authority header. 921 // If one or more IP addresses are specified, 922 // the incoming traffic will be identified as belonging to this service 923 // if the destination IP matches the IP/CIDRs specified in the addresses 924 // field. If the Addresses field is empty, traffic will be identified 925 // solely based on the destination port. In such scenarios, the port on 926 // which the service is being accessed must not be shared by any other 927 // service in the mesh. In other words, the sidecar will behave as a 928 // simple TCP proxy, forwarding incoming traffic on a specified port to 929 // the specified destination endpoint IP/host. Unix domain socket 930 // addresses are not supported in this field. 931 Addresses []string `protobuf:"bytes,2,rep,name=addresses,proto3" json:"addresses,omitempty"` 932 // The ports associated with the external service. If the 933 // Endpoints are Unix domain socket addresses, there must be exactly one 934 // port. 935 Ports []*Port `protobuf:"bytes,3,rep,name=ports,proto3" json:"ports,omitempty"` 936 // Specify whether the service should be considered external to the mesh 937 // or part of the mesh. 938 Location ServiceEntry_Location `protobuf:"varint,4,opt,name=location,proto3,enum=istio.networking.v1beta1.ServiceEntry_Location" json:"location,omitempty"` 939 // Service discovery mode for the hosts. Care must be taken 940 // when setting the resolution mode to NONE for a TCP port without 941 // accompanying IP addresses. In such cases, traffic to any IP on 942 // said port will be allowed (i.e. `0.0.0.0:<port>`). 943 Resolution ServiceEntry_Resolution `protobuf:"varint,5,opt,name=resolution,proto3,enum=istio.networking.v1beta1.ServiceEntry_Resolution" json:"resolution,omitempty"` 944 // One or more endpoints associated with the service. Only one of 945 // `endpoints` or `workloadSelector` can be specified. 946 Endpoints []*WorkloadEntry `protobuf:"bytes,6,rep,name=endpoints,proto3" json:"endpoints,omitempty"` 947 // Applicable only for MESH_INTERNAL services. Only one of 948 // `endpoints` or `workloadSelector` can be specified. Selects one 949 // or more Kubernetes pods or VM workloads (specified using 950 // `WorkloadEntry`) based on their labels. The `WorkloadEntry` object 951 // representing the VMs should be defined in the same namespace as 952 // the ServiceEntry. 953 WorkloadSelector *WorkloadSelector `protobuf:"bytes,9,opt,name=workload_selector,json=workloadSelector,proto3" json:"workload_selector,omitempty"` 954 // A list of namespaces to which this service is exported. Exporting a service 955 // allows it to be used by sidecars, gateways and virtual services defined in 956 // other namespaces. This feature provides a mechanism for service owners 957 // and mesh administrators to control the visibility of services across 958 // namespace boundaries. 959 // 960 // If no namespaces are specified then the service is exported to all 961 // namespaces by default. 962 // 963 // The value "." is reserved and defines an export to the same namespace that 964 // the service is declared in. Similarly the value "*" is reserved and 965 // defines an export to all namespaces. 966 // 967 // For a Kubernetes Service, the equivalent effect can be achieved by setting 968 // the annotation "networking.istio.io/exportTo" to a comma-separated list 969 // of namespace names. 970 // 971 // NOTE: in the current release, the `exportTo` value is restricted to 972 // "." or "*" (i.e., the current namespace or all namespaces). 973 ExportTo []string `protobuf:"bytes,7,rep,name=export_to,json=exportTo,proto3" json:"export_to,omitempty"` 974 // If specified, the proxy will verify that the server certificate's 975 // subject alternate name matches one of the specified values. 976 // 977 // NOTE: When using the workloadEntry with workloadSelectors, the 978 // service account specified in the workloadEntry will also be used 979 // to derive the additional subject alternate names that should be 980 // verified. 981 SubjectAltNames []string `protobuf:"bytes,8,rep,name=subject_alt_names,json=subjectAltNames,proto3" json:"subject_alt_names,omitempty"` 982 XXX_NoUnkeyedLiteral struct{} `json:"-"` 983 XXX_unrecognized []byte `json:"-"` 984 XXX_sizecache int32 `json:"-"` 985} 986 987func (m *ServiceEntry) Reset() { *m = ServiceEntry{} } 988func (m *ServiceEntry) String() string { return proto.CompactTextString(m) } 989func (*ServiceEntry) ProtoMessage() {} 990func (*ServiceEntry) Descriptor() ([]byte, []int) { 991 return fileDescriptor_be685d9fa1e5ca12, []int{0} 992} 993func (m *ServiceEntry) XXX_Unmarshal(b []byte) error { 994 return m.Unmarshal(b) 995} 996func (m *ServiceEntry) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) { 997 if deterministic { 998 return xxx_messageInfo_ServiceEntry.Marshal(b, m, deterministic) 999 } else { 1000 b = b[:cap(b)] 1001 n, err := m.MarshalToSizedBuffer(b) 1002 if err != nil { 1003 return nil, err 1004 } 1005 return b[:n], nil 1006 } 1007} 1008func (m *ServiceEntry) XXX_Merge(src proto.Message) { 1009 xxx_messageInfo_ServiceEntry.Merge(m, src) 1010} 1011func (m *ServiceEntry) XXX_Size() int { 1012 return m.Size() 1013} 1014func (m *ServiceEntry) XXX_DiscardUnknown() { 1015 xxx_messageInfo_ServiceEntry.DiscardUnknown(m) 1016} 1017 1018var xxx_messageInfo_ServiceEntry proto.InternalMessageInfo 1019 1020func (m *ServiceEntry) GetHosts() []string { 1021 if m != nil { 1022 return m.Hosts 1023 } 1024 return nil 1025} 1026 1027func (m *ServiceEntry) GetAddresses() []string { 1028 if m != nil { 1029 return m.Addresses 1030 } 1031 return nil 1032} 1033 1034func (m *ServiceEntry) GetPorts() []*Port { 1035 if m != nil { 1036 return m.Ports 1037 } 1038 return nil 1039} 1040 1041func (m *ServiceEntry) GetLocation() ServiceEntry_Location { 1042 if m != nil { 1043 return m.Location 1044 } 1045 return ServiceEntry_MESH_EXTERNAL 1046} 1047 1048func (m *ServiceEntry) GetResolution() ServiceEntry_Resolution { 1049 if m != nil { 1050 return m.Resolution 1051 } 1052 return ServiceEntry_NONE 1053} 1054 1055func (m *ServiceEntry) GetEndpoints() []*WorkloadEntry { 1056 if m != nil { 1057 return m.Endpoints 1058 } 1059 return nil 1060} 1061 1062func (m *ServiceEntry) GetWorkloadSelector() *WorkloadSelector { 1063 if m != nil { 1064 return m.WorkloadSelector 1065 } 1066 return nil 1067} 1068 1069func (m *ServiceEntry) GetExportTo() []string { 1070 if m != nil { 1071 return m.ExportTo 1072 } 1073 return nil 1074} 1075 1076func (m *ServiceEntry) GetSubjectAltNames() []string { 1077 if m != nil { 1078 return m.SubjectAltNames 1079 } 1080 return nil 1081} 1082 1083func init() { 1084 proto.RegisterEnum("istio.networking.v1beta1.ServiceEntry_Location", ServiceEntry_Location_name, ServiceEntry_Location_value) 1085 proto.RegisterEnum("istio.networking.v1beta1.ServiceEntry_Resolution", ServiceEntry_Resolution_name, ServiceEntry_Resolution_value) 1086 proto.RegisterType((*ServiceEntry)(nil), "istio.networking.v1beta1.ServiceEntry") 1087} 1088 1089func init() { 1090 proto.RegisterFile("networking/v1beta1/service_entry.proto", fileDescriptor_be685d9fa1e5ca12) 1091} 1092 1093var fileDescriptor_be685d9fa1e5ca12 = []byte{ 1094 // 469 bytes of a gzipped FileDescriptorProto 1095 0x1f, 0x8b, 0x08, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02, 0xff, 0x8c, 0x93, 0xcd, 0x6e, 0xd3, 0x40, 1096 0x14, 0x85, 0xeb, 0x38, 0x49, 0xed, 0x5b, 0x7e, 0x9c, 0x59, 0x99, 0x82, 0x52, 0x2b, 0x0b, 0x1a, 1097 0x15, 0x61, 0x93, 0xb0, 0x62, 0x99, 0x82, 0x25, 0x2a, 0x8a, 0x41, 0x76, 0x44, 0x11, 0x1b, 0x6b, 1098 0x62, 0x0f, 0xe9, 0x80, 0xf1, 0x8d, 0x66, 0xa6, 0x09, 0x7d, 0x43, 0x96, 0x3c, 0x42, 0x95, 0x17, 1099 0xe0, 0x15, 0x90, 0x7f, 0x9a, 0x44, 0xd0, 0x40, 0x97, 0x3e, 0x73, 0xce, 0xe7, 0x3b, 0x67, 0x66, 1100 0xe0, 0x71, 0xce, 0xd4, 0x02, 0xc5, 0x57, 0x9e, 0x4f, 0xbd, 0xf9, 0x60, 0xc2, 0x14, 0x1d, 0x78, 1101 0x92, 0x89, 0x39, 0x4f, 0x58, 0xcc, 0x72, 0x25, 0x2e, 0xdd, 0x99, 0x40, 0x85, 0xc4, 0xe6, 0x52, 1102 0x71, 0x74, 0xd7, 0x6e, 0xb7, 0x76, 0xef, 0x1f, 0x4c, 0x11, 0xa7, 0x19, 0xf3, 0xe8, 0x8c, 0x7b, 1103 0x9f, 0x39, 0xcb, 0xd2, 0x78, 0xc2, 0xce, 0xe9, 0x9c, 0xa3, 0xa8, 0xa2, 0xfb, 0xce, 0x0d, 0xbf, 1104 0x98, 0x52, 0xc5, 0x16, 0xf4, 0xf2, 0x1f, 0x0e, 0xc9, 0x53, 0x96, 0xd0, 0x6b, 0xc6, 0xe1, 0x0d, 1105 0x8e, 0xe2, 0x3b, 0x43, 0x9a, 0x6e, 0xce, 0xd9, 0xfb, 0xd5, 0x84, 0x3b, 0x51, 0x35, 0xbf, 0x5f, 1106 0xc8, 0xe4, 0x01, 0xb4, 0xce, 0x51, 0x2a, 0x69, 0x6b, 0x8e, 0xde, 0x37, 0x8f, 0xf5, 0xab, 0x51, 1107 0x23, 0xac, 0x14, 0xf2, 0x08, 0x4c, 0x9a, 0xa6, 0x82, 0x49, 0xc9, 0xa4, 0xdd, 0x28, 0x96, 0xc3, 1108 0xb5, 0x40, 0x5e, 0x40, 0x6b, 0x86, 0x42, 0x49, 0x5b, 0x77, 0xf4, 0xfe, 0xde, 0xb0, 0xeb, 0x6e, 1109 0x6b, 0xc0, 0x7d, 0x8f, 0x42, 0xd5, 0xe0, 0x32, 0x41, 0xde, 0x80, 0x91, 0x61, 0x42, 0x15, 0xc7, 1110 0xdc, 0x6e, 0x3a, 0x5a, 0xff, 0xde, 0xd0, 0xdb, 0x9e, 0xde, 0x9c, 0xd6, 0x3d, 0xad, 0x63, 0xe1, 1111 0x0a, 0x40, 0x3e, 0x00, 0x08, 0x26, 0x31, 0xbb, 0x28, 0x71, 0xad, 0x12, 0x37, 0xb8, 0x25, 0x2e, 1112 0x5c, 0x05, 0xab, 0xf9, 0x36, 0x48, 0xc4, 0x07, 0x93, 0xe5, 0xe9, 0x0c, 0x79, 0xae, 0xa4, 0xdd, 1113 0x2e, 0xf7, 0x78, 0xb8, 0x1d, 0x7b, 0x56, 0x97, 0x5d, 0x72, 0xc3, 0x75, 0x92, 0x9c, 0x41, 0x67, 1114 0x75, 0x10, 0x92, 0x65, 0x2c, 0x51, 0x28, 0x6c, 0xd3, 0xd1, 0xfa, 0x7b, 0xc3, 0xa3, 0xff, 0xe3, 1115 0xa2, 0x3a, 0x11, 0x5a, 0x8b, 0x3f, 0x14, 0xf2, 0x10, 0x4c, 0xf6, 0xbd, 0xe8, 0x33, 0x56, 0x68, 1116 0xef, 0x96, 0xa7, 0x63, 0x54, 0xc2, 0x18, 0xc9, 0x11, 0x74, 0xe4, 0xc5, 0xe4, 0x0b, 0x4b, 0x54, 1117 0x4c, 0x33, 0x15, 0xe7, 0xf4, 0x1b, 0x93, 0xb6, 0x51, 0x9a, 0xee, 0xd7, 0x0b, 0xa3, 0x4c, 0x05, 1118 0x85, 0xdc, 0x7b, 0x06, 0xc6, 0x75, 0xad, 0xa4, 0x03, 0x77, 0xdf, 0xfa, 0xd1, 0xeb, 0xd8, 0xff, 1119 0x38, 0xf6, 0xc3, 0x60, 0x74, 0x6a, 0xed, 0xac, 0xa4, 0x93, 0xa0, 0x96, 0xb4, 0xde, 0x13, 0x80, 1120 0x75, 0x73, 0xc4, 0x80, 0x66, 0xf0, 0x2e, 0xf0, 0xad, 0x1d, 0x02, 0xd0, 0x8e, 0xc6, 0xa3, 0xf1, 1121 0xc9, 0x4b, 0x4b, 0x23, 0xbb, 0xa0, 0xbf, 0x0a, 0x22, 0xab, 0x71, 0xfc, 0xf4, 0xc7, 0xb2, 0xab, 1122 0xfd, 0x5c, 0x76, 0xb5, 0xab, 0x65, 0x57, 0xfb, 0x74, 0x50, 0x6d, 0x99, 0x63, 0xf9, 0x1e, 0xfe, 1123 0xbe, 0xb5, 0x93, 0x76, 0x79, 0x4f, 0x9f, 0xff, 0x0e, 0x00, 0x00, 0xff, 0xff, 0x58, 0x68, 0x3f, 1124 0x07, 0x79, 0x03, 0x00, 0x00, 1125} 1126 1127func (m *ServiceEntry) Marshal() (dAtA []byte, err error) { 1128 size := m.Size() 1129 dAtA = make([]byte, size) 1130 n, err := m.MarshalToSizedBuffer(dAtA[:size]) 1131 if err != nil { 1132 return nil, err 1133 } 1134 return dAtA[:n], nil 1135} 1136 1137func (m *ServiceEntry) MarshalTo(dAtA []byte) (int, error) { 1138 size := m.Size() 1139 return m.MarshalToSizedBuffer(dAtA[:size]) 1140} 1141 1142func (m *ServiceEntry) MarshalToSizedBuffer(dAtA []byte) (int, error) { 1143 i := len(dAtA) 1144 _ = i 1145 var l int 1146 _ = l 1147 if m.XXX_unrecognized != nil { 1148 i -= len(m.XXX_unrecognized) 1149 copy(dAtA[i:], m.XXX_unrecognized) 1150 } 1151 if m.WorkloadSelector != nil { 1152 { 1153 size, err := m.WorkloadSelector.MarshalToSizedBuffer(dAtA[:i]) 1154 if err != nil { 1155 return 0, err 1156 } 1157 i -= size 1158 i = encodeVarintServiceEntry(dAtA, i, uint64(size)) 1159 } 1160 i-- 1161 dAtA[i] = 0x4a 1162 } 1163 if len(m.SubjectAltNames) > 0 { 1164 for iNdEx := len(m.SubjectAltNames) - 1; iNdEx >= 0; iNdEx-- { 1165 i -= len(m.SubjectAltNames[iNdEx]) 1166 copy(dAtA[i:], m.SubjectAltNames[iNdEx]) 1167 i = encodeVarintServiceEntry(dAtA, i, uint64(len(m.SubjectAltNames[iNdEx]))) 1168 i-- 1169 dAtA[i] = 0x42 1170 } 1171 } 1172 if len(m.ExportTo) > 0 { 1173 for iNdEx := len(m.ExportTo) - 1; iNdEx >= 0; iNdEx-- { 1174 i -= len(m.ExportTo[iNdEx]) 1175 copy(dAtA[i:], m.ExportTo[iNdEx]) 1176 i = encodeVarintServiceEntry(dAtA, i, uint64(len(m.ExportTo[iNdEx]))) 1177 i-- 1178 dAtA[i] = 0x3a 1179 } 1180 } 1181 if len(m.Endpoints) > 0 { 1182 for iNdEx := len(m.Endpoints) - 1; iNdEx >= 0; iNdEx-- { 1183 { 1184 size, err := m.Endpoints[iNdEx].MarshalToSizedBuffer(dAtA[:i]) 1185 if err != nil { 1186 return 0, err 1187 } 1188 i -= size 1189 i = encodeVarintServiceEntry(dAtA, i, uint64(size)) 1190 } 1191 i-- 1192 dAtA[i] = 0x32 1193 } 1194 } 1195 if m.Resolution != 0 { 1196 i = encodeVarintServiceEntry(dAtA, i, uint64(m.Resolution)) 1197 i-- 1198 dAtA[i] = 0x28 1199 } 1200 if m.Location != 0 { 1201 i = encodeVarintServiceEntry(dAtA, i, uint64(m.Location)) 1202 i-- 1203 dAtA[i] = 0x20 1204 } 1205 if len(m.Ports) > 0 { 1206 for iNdEx := len(m.Ports) - 1; iNdEx >= 0; iNdEx-- { 1207 { 1208 size, err := m.Ports[iNdEx].MarshalToSizedBuffer(dAtA[:i]) 1209 if err != nil { 1210 return 0, err 1211 } 1212 i -= size 1213 i = encodeVarintServiceEntry(dAtA, i, uint64(size)) 1214 } 1215 i-- 1216 dAtA[i] = 0x1a 1217 } 1218 } 1219 if len(m.Addresses) > 0 { 1220 for iNdEx := len(m.Addresses) - 1; iNdEx >= 0; iNdEx-- { 1221 i -= len(m.Addresses[iNdEx]) 1222 copy(dAtA[i:], m.Addresses[iNdEx]) 1223 i = encodeVarintServiceEntry(dAtA, i, uint64(len(m.Addresses[iNdEx]))) 1224 i-- 1225 dAtA[i] = 0x12 1226 } 1227 } 1228 if len(m.Hosts) > 0 { 1229 for iNdEx := len(m.Hosts) - 1; iNdEx >= 0; iNdEx-- { 1230 i -= len(m.Hosts[iNdEx]) 1231 copy(dAtA[i:], m.Hosts[iNdEx]) 1232 i = encodeVarintServiceEntry(dAtA, i, uint64(len(m.Hosts[iNdEx]))) 1233 i-- 1234 dAtA[i] = 0xa 1235 } 1236 } 1237 return len(dAtA) - i, nil 1238} 1239 1240func encodeVarintServiceEntry(dAtA []byte, offset int, v uint64) int { 1241 offset -= sovServiceEntry(v) 1242 base := offset 1243 for v >= 1<<7 { 1244 dAtA[offset] = uint8(v&0x7f | 0x80) 1245 v >>= 7 1246 offset++ 1247 } 1248 dAtA[offset] = uint8(v) 1249 return base 1250} 1251func (m *ServiceEntry) Size() (n int) { 1252 if m == nil { 1253 return 0 1254 } 1255 var l int 1256 _ = l 1257 if len(m.Hosts) > 0 { 1258 for _, s := range m.Hosts { 1259 l = len(s) 1260 n += 1 + l + sovServiceEntry(uint64(l)) 1261 } 1262 } 1263 if len(m.Addresses) > 0 { 1264 for _, s := range m.Addresses { 1265 l = len(s) 1266 n += 1 + l + sovServiceEntry(uint64(l)) 1267 } 1268 } 1269 if len(m.Ports) > 0 { 1270 for _, e := range m.Ports { 1271 l = e.Size() 1272 n += 1 + l + sovServiceEntry(uint64(l)) 1273 } 1274 } 1275 if m.Location != 0 { 1276 n += 1 + sovServiceEntry(uint64(m.Location)) 1277 } 1278 if m.Resolution != 0 { 1279 n += 1 + sovServiceEntry(uint64(m.Resolution)) 1280 } 1281 if len(m.Endpoints) > 0 { 1282 for _, e := range m.Endpoints { 1283 l = e.Size() 1284 n += 1 + l + sovServiceEntry(uint64(l)) 1285 } 1286 } 1287 if len(m.ExportTo) > 0 { 1288 for _, s := range m.ExportTo { 1289 l = len(s) 1290 n += 1 + l + sovServiceEntry(uint64(l)) 1291 } 1292 } 1293 if len(m.SubjectAltNames) > 0 { 1294 for _, s := range m.SubjectAltNames { 1295 l = len(s) 1296 n += 1 + l + sovServiceEntry(uint64(l)) 1297 } 1298 } 1299 if m.WorkloadSelector != nil { 1300 l = m.WorkloadSelector.Size() 1301 n += 1 + l + sovServiceEntry(uint64(l)) 1302 } 1303 if m.XXX_unrecognized != nil { 1304 n += len(m.XXX_unrecognized) 1305 } 1306 return n 1307} 1308 1309func sovServiceEntry(x uint64) (n int) { 1310 return (math_bits.Len64(x|1) + 6) / 7 1311} 1312func sozServiceEntry(x uint64) (n int) { 1313 return sovServiceEntry(uint64((x << 1) ^ uint64((int64(x) >> 63)))) 1314} 1315func (m *ServiceEntry) Unmarshal(dAtA []byte) error { 1316 l := len(dAtA) 1317 iNdEx := 0 1318 for iNdEx < l { 1319 preIndex := iNdEx 1320 var wire uint64 1321 for shift := uint(0); ; shift += 7 { 1322 if shift >= 64 { 1323 return ErrIntOverflowServiceEntry 1324 } 1325 if iNdEx >= l { 1326 return io.ErrUnexpectedEOF 1327 } 1328 b := dAtA[iNdEx] 1329 iNdEx++ 1330 wire |= uint64(b&0x7F) << shift 1331 if b < 0x80 { 1332 break 1333 } 1334 } 1335 fieldNum := int32(wire >> 3) 1336 wireType := int(wire & 0x7) 1337 if wireType == 4 { 1338 return fmt.Errorf("proto: ServiceEntry: wiretype end group for non-group") 1339 } 1340 if fieldNum <= 0 { 1341 return fmt.Errorf("proto: ServiceEntry: illegal tag %d (wire type %d)", fieldNum, wire) 1342 } 1343 switch fieldNum { 1344 case 1: 1345 if wireType != 2 { 1346 return fmt.Errorf("proto: wrong wireType = %d for field Hosts", wireType) 1347 } 1348 var stringLen uint64 1349 for shift := uint(0); ; shift += 7 { 1350 if shift >= 64 { 1351 return ErrIntOverflowServiceEntry 1352 } 1353 if iNdEx >= l { 1354 return io.ErrUnexpectedEOF 1355 } 1356 b := dAtA[iNdEx] 1357 iNdEx++ 1358 stringLen |= uint64(b&0x7F) << shift 1359 if b < 0x80 { 1360 break 1361 } 1362 } 1363 intStringLen := int(stringLen) 1364 if intStringLen < 0 { 1365 return ErrInvalidLengthServiceEntry 1366 } 1367 postIndex := iNdEx + intStringLen 1368 if postIndex < 0 { 1369 return ErrInvalidLengthServiceEntry 1370 } 1371 if postIndex > l { 1372 return io.ErrUnexpectedEOF 1373 } 1374 m.Hosts = append(m.Hosts, string(dAtA[iNdEx:postIndex])) 1375 iNdEx = postIndex 1376 case 2: 1377 if wireType != 2 { 1378 return fmt.Errorf("proto: wrong wireType = %d for field Addresses", wireType) 1379 } 1380 var stringLen uint64 1381 for shift := uint(0); ; shift += 7 { 1382 if shift >= 64 { 1383 return ErrIntOverflowServiceEntry 1384 } 1385 if iNdEx >= l { 1386 return io.ErrUnexpectedEOF 1387 } 1388 b := dAtA[iNdEx] 1389 iNdEx++ 1390 stringLen |= uint64(b&0x7F) << shift 1391 if b < 0x80 { 1392 break 1393 } 1394 } 1395 intStringLen := int(stringLen) 1396 if intStringLen < 0 { 1397 return ErrInvalidLengthServiceEntry 1398 } 1399 postIndex := iNdEx + intStringLen 1400 if postIndex < 0 { 1401 return ErrInvalidLengthServiceEntry 1402 } 1403 if postIndex > l { 1404 return io.ErrUnexpectedEOF 1405 } 1406 m.Addresses = append(m.Addresses, string(dAtA[iNdEx:postIndex])) 1407 iNdEx = postIndex 1408 case 3: 1409 if wireType != 2 { 1410 return fmt.Errorf("proto: wrong wireType = %d for field Ports", wireType) 1411 } 1412 var msglen int 1413 for shift := uint(0); ; shift += 7 { 1414 if shift >= 64 { 1415 return ErrIntOverflowServiceEntry 1416 } 1417 if iNdEx >= l { 1418 return io.ErrUnexpectedEOF 1419 } 1420 b := dAtA[iNdEx] 1421 iNdEx++ 1422 msglen |= int(b&0x7F) << shift 1423 if b < 0x80 { 1424 break 1425 } 1426 } 1427 if msglen < 0 { 1428 return ErrInvalidLengthServiceEntry 1429 } 1430 postIndex := iNdEx + msglen 1431 if postIndex < 0 { 1432 return ErrInvalidLengthServiceEntry 1433 } 1434 if postIndex > l { 1435 return io.ErrUnexpectedEOF 1436 } 1437 m.Ports = append(m.Ports, &Port{}) 1438 if err := m.Ports[len(m.Ports)-1].Unmarshal(dAtA[iNdEx:postIndex]); err != nil { 1439 return err 1440 } 1441 iNdEx = postIndex 1442 case 4: 1443 if wireType != 0 { 1444 return fmt.Errorf("proto: wrong wireType = %d for field Location", wireType) 1445 } 1446 m.Location = 0 1447 for shift := uint(0); ; shift += 7 { 1448 if shift >= 64 { 1449 return ErrIntOverflowServiceEntry 1450 } 1451 if iNdEx >= l { 1452 return io.ErrUnexpectedEOF 1453 } 1454 b := dAtA[iNdEx] 1455 iNdEx++ 1456 m.Location |= ServiceEntry_Location(b&0x7F) << shift 1457 if b < 0x80 { 1458 break 1459 } 1460 } 1461 case 5: 1462 if wireType != 0 { 1463 return fmt.Errorf("proto: wrong wireType = %d for field Resolution", wireType) 1464 } 1465 m.Resolution = 0 1466 for shift := uint(0); ; shift += 7 { 1467 if shift >= 64 { 1468 return ErrIntOverflowServiceEntry 1469 } 1470 if iNdEx >= l { 1471 return io.ErrUnexpectedEOF 1472 } 1473 b := dAtA[iNdEx] 1474 iNdEx++ 1475 m.Resolution |= ServiceEntry_Resolution(b&0x7F) << shift 1476 if b < 0x80 { 1477 break 1478 } 1479 } 1480 case 6: 1481 if wireType != 2 { 1482 return fmt.Errorf("proto: wrong wireType = %d for field Endpoints", wireType) 1483 } 1484 var msglen int 1485 for shift := uint(0); ; shift += 7 { 1486 if shift >= 64 { 1487 return ErrIntOverflowServiceEntry 1488 } 1489 if iNdEx >= l { 1490 return io.ErrUnexpectedEOF 1491 } 1492 b := dAtA[iNdEx] 1493 iNdEx++ 1494 msglen |= int(b&0x7F) << shift 1495 if b < 0x80 { 1496 break 1497 } 1498 } 1499 if msglen < 0 { 1500 return ErrInvalidLengthServiceEntry 1501 } 1502 postIndex := iNdEx + msglen 1503 if postIndex < 0 { 1504 return ErrInvalidLengthServiceEntry 1505 } 1506 if postIndex > l { 1507 return io.ErrUnexpectedEOF 1508 } 1509 m.Endpoints = append(m.Endpoints, &WorkloadEntry{}) 1510 if err := m.Endpoints[len(m.Endpoints)-1].Unmarshal(dAtA[iNdEx:postIndex]); err != nil { 1511 return err 1512 } 1513 iNdEx = postIndex 1514 case 7: 1515 if wireType != 2 { 1516 return fmt.Errorf("proto: wrong wireType = %d for field ExportTo", wireType) 1517 } 1518 var stringLen uint64 1519 for shift := uint(0); ; shift += 7 { 1520 if shift >= 64 { 1521 return ErrIntOverflowServiceEntry 1522 } 1523 if iNdEx >= l { 1524 return io.ErrUnexpectedEOF 1525 } 1526 b := dAtA[iNdEx] 1527 iNdEx++ 1528 stringLen |= uint64(b&0x7F) << shift 1529 if b < 0x80 { 1530 break 1531 } 1532 } 1533 intStringLen := int(stringLen) 1534 if intStringLen < 0 { 1535 return ErrInvalidLengthServiceEntry 1536 } 1537 postIndex := iNdEx + intStringLen 1538 if postIndex < 0 { 1539 return ErrInvalidLengthServiceEntry 1540 } 1541 if postIndex > l { 1542 return io.ErrUnexpectedEOF 1543 } 1544 m.ExportTo = append(m.ExportTo, string(dAtA[iNdEx:postIndex])) 1545 iNdEx = postIndex 1546 case 8: 1547 if wireType != 2 { 1548 return fmt.Errorf("proto: wrong wireType = %d for field SubjectAltNames", wireType) 1549 } 1550 var stringLen uint64 1551 for shift := uint(0); ; shift += 7 { 1552 if shift >= 64 { 1553 return ErrIntOverflowServiceEntry 1554 } 1555 if iNdEx >= l { 1556 return io.ErrUnexpectedEOF 1557 } 1558 b := dAtA[iNdEx] 1559 iNdEx++ 1560 stringLen |= uint64(b&0x7F) << shift 1561 if b < 0x80 { 1562 break 1563 } 1564 } 1565 intStringLen := int(stringLen) 1566 if intStringLen < 0 { 1567 return ErrInvalidLengthServiceEntry 1568 } 1569 postIndex := iNdEx + intStringLen 1570 if postIndex < 0 { 1571 return ErrInvalidLengthServiceEntry 1572 } 1573 if postIndex > l { 1574 return io.ErrUnexpectedEOF 1575 } 1576 m.SubjectAltNames = append(m.SubjectAltNames, string(dAtA[iNdEx:postIndex])) 1577 iNdEx = postIndex 1578 case 9: 1579 if wireType != 2 { 1580 return fmt.Errorf("proto: wrong wireType = %d for field WorkloadSelector", wireType) 1581 } 1582 var msglen int 1583 for shift := uint(0); ; shift += 7 { 1584 if shift >= 64 { 1585 return ErrIntOverflowServiceEntry 1586 } 1587 if iNdEx >= l { 1588 return io.ErrUnexpectedEOF 1589 } 1590 b := dAtA[iNdEx] 1591 iNdEx++ 1592 msglen |= int(b&0x7F) << shift 1593 if b < 0x80 { 1594 break 1595 } 1596 } 1597 if msglen < 0 { 1598 return ErrInvalidLengthServiceEntry 1599 } 1600 postIndex := iNdEx + msglen 1601 if postIndex < 0 { 1602 return ErrInvalidLengthServiceEntry 1603 } 1604 if postIndex > l { 1605 return io.ErrUnexpectedEOF 1606 } 1607 if m.WorkloadSelector == nil { 1608 m.WorkloadSelector = &WorkloadSelector{} 1609 } 1610 if err := m.WorkloadSelector.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { 1611 return err 1612 } 1613 iNdEx = postIndex 1614 default: 1615 iNdEx = preIndex 1616 skippy, err := skipServiceEntry(dAtA[iNdEx:]) 1617 if err != nil { 1618 return err 1619 } 1620 if skippy < 0 { 1621 return ErrInvalidLengthServiceEntry 1622 } 1623 if (iNdEx + skippy) < 0 { 1624 return ErrInvalidLengthServiceEntry 1625 } 1626 if (iNdEx + skippy) > l { 1627 return io.ErrUnexpectedEOF 1628 } 1629 m.XXX_unrecognized = append(m.XXX_unrecognized, dAtA[iNdEx:iNdEx+skippy]...) 1630 iNdEx += skippy 1631 } 1632 } 1633 1634 if iNdEx > l { 1635 return io.ErrUnexpectedEOF 1636 } 1637 return nil 1638} 1639func skipServiceEntry(dAtA []byte) (n int, err error) { 1640 l := len(dAtA) 1641 iNdEx := 0 1642 for iNdEx < l { 1643 var wire uint64 1644 for shift := uint(0); ; shift += 7 { 1645 if shift >= 64 { 1646 return 0, ErrIntOverflowServiceEntry 1647 } 1648 if iNdEx >= l { 1649 return 0, io.ErrUnexpectedEOF 1650 } 1651 b := dAtA[iNdEx] 1652 iNdEx++ 1653 wire |= (uint64(b) & 0x7F) << shift 1654 if b < 0x80 { 1655 break 1656 } 1657 } 1658 wireType := int(wire & 0x7) 1659 switch wireType { 1660 case 0: 1661 for shift := uint(0); ; shift += 7 { 1662 if shift >= 64 { 1663 return 0, ErrIntOverflowServiceEntry 1664 } 1665 if iNdEx >= l { 1666 return 0, io.ErrUnexpectedEOF 1667 } 1668 iNdEx++ 1669 if dAtA[iNdEx-1] < 0x80 { 1670 break 1671 } 1672 } 1673 return iNdEx, nil 1674 case 1: 1675 iNdEx += 8 1676 return iNdEx, nil 1677 case 2: 1678 var length int 1679 for shift := uint(0); ; shift += 7 { 1680 if shift >= 64 { 1681 return 0, ErrIntOverflowServiceEntry 1682 } 1683 if iNdEx >= l { 1684 return 0, io.ErrUnexpectedEOF 1685 } 1686 b := dAtA[iNdEx] 1687 iNdEx++ 1688 length |= (int(b) & 0x7F) << shift 1689 if b < 0x80 { 1690 break 1691 } 1692 } 1693 if length < 0 { 1694 return 0, ErrInvalidLengthServiceEntry 1695 } 1696 iNdEx += length 1697 if iNdEx < 0 { 1698 return 0, ErrInvalidLengthServiceEntry 1699 } 1700 return iNdEx, nil 1701 case 3: 1702 for { 1703 var innerWire uint64 1704 var start int = iNdEx 1705 for shift := uint(0); ; shift += 7 { 1706 if shift >= 64 { 1707 return 0, ErrIntOverflowServiceEntry 1708 } 1709 if iNdEx >= l { 1710 return 0, io.ErrUnexpectedEOF 1711 } 1712 b := dAtA[iNdEx] 1713 iNdEx++ 1714 innerWire |= (uint64(b) & 0x7F) << shift 1715 if b < 0x80 { 1716 break 1717 } 1718 } 1719 innerWireType := int(innerWire & 0x7) 1720 if innerWireType == 4 { 1721 break 1722 } 1723 next, err := skipServiceEntry(dAtA[start:]) 1724 if err != nil { 1725 return 0, err 1726 } 1727 iNdEx = start + next 1728 if iNdEx < 0 { 1729 return 0, ErrInvalidLengthServiceEntry 1730 } 1731 } 1732 return iNdEx, nil 1733 case 4: 1734 return iNdEx, nil 1735 case 5: 1736 iNdEx += 4 1737 return iNdEx, nil 1738 default: 1739 return 0, fmt.Errorf("proto: illegal wireType %d", wireType) 1740 } 1741 } 1742 panic("unreachable") 1743} 1744 1745var ( 1746 ErrInvalidLengthServiceEntry = fmt.Errorf("proto: negative length found during unmarshaling") 1747 ErrIntOverflowServiceEntry = fmt.Errorf("proto: integer overflow") 1748) 1749