Istio · Schema
Istio Gateway
A Gateway describes a load balancer operating at the edge of the mesh receiving incoming or outgoing HTTP/TCP connections. The specification describes a set of ports that should be exposed, the type of protocol to use, SNI configuration for the load balancer, etc.
CNCFKubernetesMicroservicesOpen SourceService Mesh
Properties
| Name | Type | Description |
|---|---|---|
| selector | object | One or more labels that indicate a specific set of pods/VMs on which this gateway configuration should be applied. By default workloads are searched across all namespaces. |
| servers | array | A list of server specifications. |
JSON Schema
{
"$schema": "https://json-schema.org/draft/2020-12/schema",
"$id": "https://github.com/api-evangelist/istio/blob/main/json-schema/gateway.json",
"title": "Istio Gateway",
"description": "A Gateway describes a load balancer operating at the edge of the mesh receiving incoming or outgoing HTTP/TCP connections. The specification describes a set of ports that should be exposed, the type of protocol to use, SNI configuration for the load balancer, etc.",
"type": "object",
"properties": {
"selector": {
"type": "object",
"additionalProperties": {
"type": "string"
},
"description": "One or more labels that indicate a specific set of pods/VMs on which this gateway configuration should be applied. By default workloads are searched across all namespaces."
},
"servers": {
"type": "array",
"items": {
"$ref": "#/$defs/Server"
},
"description": "A list of server specifications."
}
},
"required": ["selector", "servers"],
"$defs": {
"Server": {
"type": "object",
"properties": {
"port": {
"type": "object",
"description": "The port on which the proxy should listen for incoming connections.",
"properties": {
"number": {
"type": "integer",
"description": "A valid non-negative integer port number."
},
"protocol": {
"type": "string",
"description": "The protocol exposed on the port. Must be one of HTTP, HTTPS, GRPC, HTTP2, MONGO, TCP, TLS."
},
"name": {
"type": "string",
"description": "Label assigned to the port."
},
"targetPort": {
"type": "integer",
"description": "The port number on the endpoint where traffic will be received."
}
},
"required": ["number", "protocol", "name"]
},
"bind": {
"type": "string",
"description": "The IP address or Unix domain socket to which the listener should be bound."
},
"hosts": {
"type": "array",
"items": {
"type": "string"
},
"description": "One or more hosts exposed by this gateway. Supports namespace/dnsName format for restricting to specific namespaces."
},
"tls": {
"type": "object",
"description": "Set of TLS related options that govern the server's behavior.",
"properties": {
"httpsRedirect": {
"type": "boolean",
"description": "If true, the load balancer will send a 301 redirect for all HTTP connections."
},
"mode": {
"type": "string",
"enum": ["PASSTHROUGH", "SIMPLE", "MUTUAL", "AUTO_PASSTHROUGH", "ISTIO_MUTUAL", "OPTIONAL_MUTUAL"],
"description": "Controls whether a TLS connection is terminated at the gateway or passed through."
},
"serverCertificate": {
"type": "string",
"description": "Path to the file holding the server-side TLS certificate."
},
"privateKey": {
"type": "string",
"description": "Path to the file holding the server's private key."
},
"caCertificates": {
"type": "string",
"description": "Path to a file containing certificate authority certificates for verifying client certificates."
},
"credentialName": {
"type": "string",
"description": "The name of the secret that holds the TLS certs."
},
"subjectAltNames": {
"type": "array",
"items": {
"type": "string"
},
"description": "A list of alternate names to verify the subject identity in the certificate."
},
"minProtocolVersion": {
"type": "string",
"enum": ["TLS_AUTO", "TLSV1_0", "TLSV1_1", "TLSV1_2", "TLSV1_3"],
"description": "Minimum TLS protocol version."
},
"maxProtocolVersion": {
"type": "string",
"enum": ["TLS_AUTO", "TLSV1_0", "TLSV1_1", "TLSV1_2", "TLSV1_3"],
"description": "Maximum TLS protocol version."
},
"cipherSuites": {
"type": "array",
"items": {
"type": "string"
},
"description": "List of cipher suites to use for TLS connections."
}
}
},
"name": {
"type": "string",
"description": "An optional name of the server, used for identifying the server in VirtualService host matching."
}
},
"required": ["port", "hosts"]
}
}
}