openapi: 3.1.0 info: title: Kuma API description: Kuma API version: v1alpha1 x-ref-schema-name: DataplaneOverview security: - BasicAuth: [] - BearerAuth: [] - {} paths: /: get: operationId: index summary: The index endpoint description: The index endpoint, some common metadata tags: - System responses: '200': $ref: '#/components/responses/IndexResponse' '400': $ref: '#/components/responses/BadRequest' '500': $ref: '#/components/responses/Internal' /_resources: get: operationId: get-resource-type-description summary: A list of all resources that exist description: Returns a Global Insight object tags: - System responses: '200': $ref: '#/components/responses/ResourceTypeDescriptionListResponse' '400': $ref: '#/components/responses/BadRequest' '500': $ref: '#/components/responses/Internal' /global-insight: get: operationId: get-global-insight description: Returns a Global Insight object summary: Get Global Insight tags: - GlobalInsight responses: '200': $ref: '#/components/responses/GlobalInsightResponse' '400': $ref: '#/components/responses/BadRequest' '500': $ref: '#/components/responses/Internal' /meshes/{mesh}/{resourceType}/{resourceName}/_rules: get: operationId: inspect-dataplanes-rules summary: Returns rules matching this dataplane description: Returns rules matching this dataplane tags: - Inspect parameters: - in: path name: mesh example: default schema: type: string required: true description: The mesh the policy is part of - in: path name: resourceType example: dataplanes required: true schema: type: string enum: - dataplanes - meshgateways description: The type of resource (only some resources support rules api) - in: path name: resourceName example: my-dp schema: type: string required: true description: The name of the resource responses: '200': $ref: '#/components/responses/InspectRulesResponse' '400': $ref: '#/components/responses/BadRequest' '500': $ref: '#/components/responses/Internal' /meshes/{mesh}/dataplanes/{name}/_config: get: operationId: get-dataplanes-xds-config summary: >- Get a proxy XDS config on a CP, this endpoint is only available on zone CPs. description: >- Returns the [xds](https://www.envoyproxy.io/docs/envoy/latest/api-docs/xds_protocol) configuration of the proxy. parameters: - in: path name: mesh required: true description: The mesh of the DPP to get the diff for. schema: type: string - in: path name: name required: true description: The name of the DPP within the mesh to get the diff for. schema: type: string - in: query name: shadow description: > When computing XDS config the CP take into account policies with 'kuma.io/effect: shadow' label schema: type: boolean default: false - in: query name: include description: > An array of extra fields to include in the response. When `include=diff` the server computes a diff in JSONPatch format between the current proxy XDS config and the config returned in the 'xds' field. schema: type: array items: type: string enum: - diff responses: '200': $ref: '#/components/responses/GetDataplaneXDSConfigResponse' '400': $ref: '#/components/responses/BadRequest' '500': $ref: '#/components/responses/Internal' /meshes/{mesh}/dataplanes/{name}/_layout: get: operationId: get-dataplanes-layout summary: Get networking layout for this dataplane description: >- Returns detailed dataplane networking layout with most important information on dataplane and list of its inbounds and outbounds parameters: - in: path name: mesh required: true description: The mesh of the DPP to get the layout for. schema: type: string - in: path name: name required: true description: The name of the DPP within the mesh to get the layout for. schema: type: string responses: '200': $ref: '#/components/responses/DataplaneNetworkingLayoutResponse' '400': $ref: '#/components/responses/BadRequest' '500': $ref: '#/components/responses/Internal' /meshes/{mesh}/dataplanes/{name}/_policies: get: operationId: get-proxy-policy-conf summary: Get proxy policies for this dataplane description: >- Returns proxy level policy configuration derived from combining all proxy policies selecting this dataplane parameters: - in: path name: mesh required: true description: The mesh of the DPP to get the diff for. schema: type: string - in: path name: name required: true description: The name of the DPP within the mesh to get the diff for. schema: type: string responses: '200': $ref: '#/components/responses/ProxyPolicyConfResponse' '400': $ref: '#/components/responses/BadRequest' '500': $ref: '#/components/responses/Internal' /meshes/{mesh}/dataplanes/{name}/_inbounds/{inbound-kri}/_policies: get: operationId: get-inbound-policy-conf summary: Get policies for this inbound description: >- Returns inbound policy configuration derived from combining all policies selecting this dataplane parameters: - in: path name: mesh required: true description: The mesh of the DPP to get the policies for. schema: type: string - in: path name: name required: true description: The name of the DPP within the mesh to get the policies for. schema: type: string - in: path name: inbound-kri required: true description: The name of the Inbound from DPP to get the policies for. schema: type: string responses: '200': $ref: '#/components/responses/InboundPolicyConfResponse' '400': $ref: '#/components/responses/BadRequest' '500': $ref: '#/components/responses/Internal' /meshes/{mesh}/dataplanes/{name}/_outbounds/{kri}/_policies: get: operationId: get-outbound-policy-conf summary: Get policies for this outbound description: >- Returns outbound policy configuration derived from combining all policies selecting this dataplane parameters: - in: path name: mesh required: true description: The mesh of the DPP to get the policies for. schema: type: string - in: path name: name required: true description: The name of the DPP within the mesh to get the policies for. schema: type: string - in: path name: kri required: true description: The KRI of the Outbound to get the policies for. schema: type: string responses: '200': $ref: '#/components/responses/OutboundPolicyConfResponse' '400': $ref: '#/components/responses/BadRequest' '500': $ref: '#/components/responses/Internal' /meshes/{mesh}/dataplanes/{name}/_outbounds/{kri}/_routes: get: operationId: get-outbound-routes summary: Get routes configuration for this outbound description: >- Returns routes configuration derived from combining all routes on this outbound parameters: - in: path name: mesh required: true description: The mesh of the DPP to get the policies for. schema: type: string - in: path name: name required: true description: The name of the DPP within the mesh to get the policies for. schema: type: string - in: path name: kri required: true description: The KRI of the Outbound to get the routes for. schema: type: string responses: '200': $ref: '#/components/responses/RoutesListResponse' '400': $ref: '#/components/responses/BadRequest' '500': $ref: '#/components/responses/Internal' /meshes/{mesh}/dataplanes/{name}/_outbounds/{outbound-kri}/_routes/{route-kri}/_policies: get: operationId: get-route-policy-conf summary: Get policies for this route description: >- Returns route policy configuration derived from combining all policies selecting this dataplane parameters: - in: path name: mesh required: true description: The mesh of the DPP to get the policies for. schema: type: string - in: path name: name required: true description: The name of the DPP within the mesh to get the policies for. schema: type: string - in: path name: outbound-kri required: true description: The KRI of the Outbound to get the routes for. schema: type: string - in: path name: route-kri required: true description: The KRI of the Route to get the configuration for. schema: type: string responses: '200': $ref: '#/components/responses/RoutePolicyConfResponse' '400': $ref: '#/components/responses/BadRequest' '500': $ref: '#/components/responses/Internal' /meshes/{mesh}/{policyType}/{policyName}/_resources/dataplanes: get: operationId: inspect-resources summary: Returns resources matched by this policy description: >- Returns resources matched by this policy. In the case of `targetRef` policies we'll match using the top level `targetRef` tags: - Inspect parameters: - in: path name: mesh example: default schema: type: string required: true description: The mesh the policy is part of - in: path name: policyType example: meshretries schema: type: string required: true description: The type of the policy - in: path name: policyName example: retry-all schema: type: string required: true description: The type of the policy - in: query name: size schema: type: integer required: false description: The max number of items to return - in: query name: offset schema: type: integer required: false description: The offset of result - in: query name: name schema: type: string required: false description: A sub string to filter resources by name responses: '200': $ref: '#/components/responses/InspectDataplanesForPolicyResponse' '400': $ref: '#/components/responses/BadRequest' '500': $ref: '#/components/responses/Internal' /meshes/{mesh}/meshservices/{name}/_dataplanes: get: operationId: inspect-meshservices-dataplanes summary: Returns dataplanes matched by a MeshService description: Returns dataplanes matched by a MeshService tags: - Inspect parameters: - in: path name: mesh example: default schema: type: string required: true description: The mesh the service is part of - in: path name: name example: redis schema: type: string required: true description: The name of the service - in: query name: size schema: type: integer required: false description: The max number of items to return - in: query name: offset schema: type: integer required: false description: The offset of result - in: query name: name schema: type: string required: false description: A sub string to filter resources by name responses: '200': $ref: '#/components/responses/InspectDataplanesForPolicyResponse' '400': $ref: '#/components/responses/BadRequest' '500': $ref: '#/components/responses/Internal' /meshes/{mesh}/{serviceType}/{serviceName}/_hostnames: get: operationId: inspect-hostnames summary: Returns hostnames for service description: Returns hostnames for a service tags: - Inspect parameters: - in: path name: mesh example: default schema: type: string required: true description: The mesh the service is part of - in: path name: serviceType example: meshservices schema: type: string enum: - meshservices - meshmultizoneservices - meshexternalservices required: true description: The type of the service - in: path name: serviceName example: redis schema: type: string required: true description: The name of the service responses: '200': $ref: '#/components/responses/InspectHostnamesResponse' '400': $ref: '#/components/responses/BadRequest' '404': $ref: '#/components/responses/NotFound' '500': $ref: '#/components/responses/Internal' /_kri/{kri}: get: operationId: getByKri summary: Returns a resource by KRI tags: - KRI parameters: - in: path name: kri schema: type: string required: true description: KRI of the resource responses: '200': description: The resource content: application/json: schema: oneOf: - $ref: '#/components/schemas/DataplaneItem' - $ref: '#/components/schemas/MeshItem' - $ref: '#/components/schemas/MeshAccessLogItem' - $ref: '#/components/schemas/MeshCircuitBreakerItem' - $ref: '#/components/schemas/MeshFaultInjectionItem' - $ref: '#/components/schemas/MeshGatewayItem' - $ref: '#/components/schemas/MeshHTTPRouteItem' - $ref: '#/components/schemas/MeshHealthCheckItem' - $ref: '#/components/schemas/MeshLoadBalancingStrategyItem' - $ref: '#/components/schemas/MeshMetricItem' - $ref: '#/components/schemas/MeshPassthroughItem' - $ref: '#/components/schemas/MeshProxyPatchItem' - $ref: '#/components/schemas/MeshRateLimitItem' - $ref: '#/components/schemas/MeshRetryItem' - $ref: '#/components/schemas/MeshTCPRouteItem' - $ref: '#/components/schemas/MeshTLSItem' - $ref: '#/components/schemas/MeshTimeoutItem' - $ref: '#/components/schemas/MeshTraceItem' - $ref: '#/components/schemas/MeshTrafficPermissionItem' - $ref: '#/components/schemas/ZoneEgressItem' - $ref: '#/components/schemas/ZoneIngressItem' '400': $ref: '#/components/responses/BadRequest' '404': $ref: '#/components/responses/NotFound' /meshes/{mesh}/meshaccesslogs/{name}: get: operationId: getMeshAccessLog summary: Returns MeshAccessLog entity tags: - MeshAccessLog parameters: - in: path name: mesh schema: type: string required: true description: name of the mesh - in: path name: name schema: type: string required: true description: name of the MeshAccessLog responses: '200': $ref: '#/components/responses/MeshAccessLogItem' '404': $ref: '#/components/responses/NotFound' put: operationId: putMeshAccessLog summary: Creates or Updates MeshAccessLog entity tags: - MeshAccessLog parameters: - in: path name: mesh schema: type: string required: true description: name of the mesh - in: path name: name schema: type: string required: true description: name of the MeshAccessLog requestBody: description: Put request required: true content: application/json: schema: $ref: '#/components/schemas/MeshAccessLogItem' responses: '200': $ref: '#/components/responses/MeshAccessLogCreateOrUpdateSuccessResponse' '201': $ref: '#/components/responses/MeshAccessLogCreateOrUpdateSuccessResponse' delete: operationId: deleteMeshAccessLog summary: Deletes MeshAccessLog entity tags: - MeshAccessLog parameters: - in: path name: mesh schema: type: string required: true description: name of the mesh - in: path name: name schema: type: string required: true description: name of the MeshAccessLog responses: '200': $ref: '#/components/responses/MeshAccessLogDeleteSuccessResponse' '404': $ref: '#/components/responses/NotFound' /meshes/{mesh}/meshaccesslogs: get: operationId: getMeshAccessLogList summary: Returns a list of MeshAccessLog in the mesh. tags: - MeshAccessLog parameters: - in: query name: offset description: offset in the list of entities required: false schema: type: integer example: 0 - in: query name: size description: the number of items per page required: false schema: type: integer default: 100 maximum: 1000 minimum: 1 - in: query name: filter description: filter by labels when multiple filters are present, they are ANDed required: false schema: type: object properties: key: type: string value: type: string example: label.k8s.kuma.io/namespace: my-ns - in: path name: mesh schema: type: string required: true description: name of the mesh responses: '200': $ref: '#/components/responses/MeshAccessLogList' /meshes/{mesh}/meshcircuitbreakers/{name}: get: operationId: getMeshCircuitBreaker summary: Returns MeshCircuitBreaker entity tags: - MeshCircuitBreaker parameters: - in: path name: mesh schema: type: string required: true description: name of the mesh - in: path name: name schema: type: string required: true description: name of the MeshCircuitBreaker responses: '200': $ref: '#/components/responses/MeshCircuitBreakerItem' '404': $ref: '#/components/responses/NotFound' put: operationId: putMeshCircuitBreaker summary: Creates or Updates MeshCircuitBreaker entity tags: - MeshCircuitBreaker parameters: - in: path name: mesh schema: type: string required: true description: name of the mesh - in: path name: name schema: type: string required: true description: name of the MeshCircuitBreaker requestBody: description: Put request required: true content: application/json: schema: $ref: '#/components/schemas/MeshCircuitBreakerItem' responses: '200': $ref: >- #/components/responses/MeshCircuitBreakerCreateOrUpdateSuccessResponse '201': $ref: >- #/components/responses/MeshCircuitBreakerCreateOrUpdateSuccessResponse delete: operationId: deleteMeshCircuitBreaker summary: Deletes MeshCircuitBreaker entity tags: - MeshCircuitBreaker parameters: - in: path name: mesh schema: type: string required: true description: name of the mesh - in: path name: name schema: type: string required: true description: name of the MeshCircuitBreaker responses: '200': $ref: '#/components/responses/MeshCircuitBreakerDeleteSuccessResponse' '404': $ref: '#/components/responses/NotFound' /meshes/{mesh}/meshcircuitbreakers: get: operationId: getMeshCircuitBreakerList summary: Returns a list of MeshCircuitBreaker in the mesh. tags: - MeshCircuitBreaker parameters: - in: query name: offset description: offset in the list of entities required: false schema: type: integer example: 0 - in: query name: size description: the number of items per page required: false schema: type: integer default: 100 maximum: 1000 minimum: 1 - in: query name: filter description: filter by labels when multiple filters are present, they are ANDed required: false schema: type: object properties: key: type: string value: type: string example: label.k8s.kuma.io/namespace: my-ns - in: path name: mesh schema: type: string required: true description: name of the mesh responses: '200': $ref: '#/components/responses/MeshCircuitBreakerList' /meshes/{mesh}/meshfaultinjections/{name}: get: operationId: getMeshFaultInjection summary: Returns MeshFaultInjection entity tags: - MeshFaultInjection parameters: - in: path name: mesh schema: type: string required: true description: name of the mesh - in: path name: name schema: type: string required: true description: name of the MeshFaultInjection responses: '200': $ref: '#/components/responses/MeshFaultInjectionItem' '404': $ref: '#/components/responses/NotFound' put: operationId: putMeshFaultInjection summary: Creates or Updates MeshFaultInjection entity tags: - MeshFaultInjection parameters: - in: path name: mesh schema: type: string required: true description: name of the mesh - in: path name: name schema: type: string required: true description: name of the MeshFaultInjection requestBody: description: Put request required: true content: application/json: schema: $ref: '#/components/schemas/MeshFaultInjectionItem' responses: '200': $ref: >- #/components/responses/MeshFaultInjectionCreateOrUpdateSuccessResponse '201': $ref: >- #/components/responses/MeshFaultInjectionCreateOrUpdateSuccessResponse delete: operationId: deleteMeshFaultInjection summary: Deletes MeshFaultInjection entity tags: - MeshFaultInjection parameters: - in: path name: mesh schema: type: string required: true description: name of the mesh - in: path name: name schema: type: string required: true description: name of the MeshFaultInjection responses: '200': $ref: '#/components/responses/MeshFaultInjectionDeleteSuccessResponse' '404': $ref: '#/components/responses/NotFound' /meshes/{mesh}/meshfaultinjections: get: operationId: getMeshFaultInjectionList summary: Returns a list of MeshFaultInjection in the mesh. tags: - MeshFaultInjection parameters: - in: query name: offset description: offset in the list of entities required: false schema: type: integer example: 0 - in: query name: size description: the number of items per page required: false schema: type: integer default: 100 maximum: 1000 minimum: 1 - in: query name: filter description: filter by labels when multiple filters are present, they are ANDed required: false schema: type: object properties: key: type: string value: type: string example: label.k8s.kuma.io/namespace: my-ns - in: path name: mesh schema: type: string required: true description: name of the mesh responses: '200': $ref: '#/components/responses/MeshFaultInjectionList' /meshes/{mesh}/meshhealthchecks/{name}: get: operationId: getMeshHealthCheck summary: Returns MeshHealthCheck entity tags: - MeshHealthCheck parameters: - in: path name: mesh schema: type: string required: true description: name of the mesh - in: path name: name schema: type: string required: true description: name of the MeshHealthCheck responses: '200': $ref: '#/components/responses/MeshHealthCheckItem' '404': $ref: '#/components/responses/NotFound' put: operationId: putMeshHealthCheck summary: Creates or Updates MeshHealthCheck entity tags: - MeshHealthCheck parameters: - in: path name: mesh schema: type: string required: true description: name of the mesh - in: path name: name schema: type: string required: true description: name of the MeshHealthCheck requestBody: description: Put request required: true content: application/json: schema: $ref: '#/components/schemas/MeshHealthCheckItem' responses: '200': $ref: '#/components/responses/MeshHealthCheckCreateOrUpdateSuccessResponse' '201': $ref: '#/components/responses/MeshHealthCheckCreateOrUpdateSuccessResponse' delete: operationId: deleteMeshHealthCheck summary: Deletes MeshHealthCheck entity tags: - MeshHealthCheck parameters: - in: path name: mesh schema: type: string required: true description: name of the mesh - in: path name: name schema: type: string required: true description: name of the MeshHealthCheck responses: '200': $ref: '#/components/responses/MeshHealthCheckDeleteSuccessResponse' '404': $ref: '#/components/responses/NotFound' /meshes/{mesh}/meshhealthchecks: get: operationId: getMeshHealthCheckList summary: Returns a list of MeshHealthCheck in the mesh. tags: - MeshHealthCheck parameters: - in: query name: offset description: offset in the list of entities required: false schema: type: integer example: 0 - in: query name: size description: the number of items per page required: false schema: type: integer default: 100 maximum: 1000 minimum: 1 - in: query name: filter description: filter by labels when multiple filters are present, they are ANDed required: false schema: type: object properties: key: type: string value: type: string example: label.k8s.kuma.io/namespace: my-ns - in: path name: mesh schema: type: string required: true description: name of the mesh responses: '200': $ref: '#/components/responses/MeshHealthCheckList' /meshes/{mesh}/meshhttproutes/{name}: get: operationId: getMeshHTTPRoute summary: Returns MeshHTTPRoute entity tags: - MeshHTTPRoute parameters: - in: path name: mesh schema: type: string required: true description: name of the mesh - in: path name: name schema: type: string required: true description: name of the MeshHTTPRoute responses: '200': $ref: '#/components/responses/MeshHTTPRouteItem' '404': $ref: '#/components/responses/NotFound' put: operationId: putMeshHTTPRoute summary: Creates or Updates MeshHTTPRoute entity tags: - MeshHTTPRoute parameters: - in: path name: mesh schema: type: string required: true description: name of the mesh - in: path name: name schema: type: string required: true description: name of the MeshHTTPRoute requestBody: description: Put request required: true content: application/json: schema: $ref: '#/components/schemas/MeshHTTPRouteItem' responses: '200': $ref: '#/components/responses/MeshHTTPRouteCreateOrUpdateSuccessResponse' '201': $ref: '#/components/responses/MeshHTTPRouteCreateOrUpdateSuccessResponse' delete: operationId: deleteMeshHTTPRoute summary: Deletes MeshHTTPRoute entity tags: - MeshHTTPRoute parameters: - in: path name: mesh schema: type: string required: true description: name of the mesh - in: path name: name schema: type: string required: true description: name of the MeshHTTPRoute responses: '200': $ref: '#/components/responses/MeshHTTPRouteDeleteSuccessResponse' '404': $ref: '#/components/responses/NotFound' /meshes/{mesh}/meshhttproutes: get: operationId: getMeshHTTPRouteList summary: Returns a list of MeshHTTPRoute in the mesh. tags: - MeshHTTPRoute parameters: - in: query name: offset description: offset in the list of entities required: false schema: type: integer example: 0 - in: query name: size description: the number of items per page required: false schema: type: integer default: 100 maximum: 1000 minimum: 1 - in: query name: filter description: filter by labels when multiple filters are present, they are ANDed required: false schema: type: object properties: key: type: string value: type: string example: label.k8s.kuma.io/namespace: my-ns - in: path name: mesh schema: type: string required: true description: name of the mesh responses: '200': $ref: '#/components/responses/MeshHTTPRouteList' /meshes/{mesh}/meshloadbalancingstrategies/{name}: get: operationId: getMeshLoadBalancingStrategy summary: Returns MeshLoadBalancingStrategy entity tags: - MeshLoadBalancingStrategy parameters: - in: path name: mesh schema: type: string required: true description: name of the mesh - in: path name: name schema: type: string required: true description: name of the MeshLoadBalancingStrategy responses: '200': $ref: '#/components/responses/MeshLoadBalancingStrategyItem' '404': $ref: '#/components/responses/NotFound' put: operationId: putMeshLoadBalancingStrategy summary: Creates or Updates MeshLoadBalancingStrategy entity tags: - MeshLoadBalancingStrategy parameters: - in: path name: mesh schema: type: string required: true description: name of the mesh - in: path name: name schema: type: string required: true description: name of the MeshLoadBalancingStrategy requestBody: description: Put request required: true content: application/json: schema: $ref: '#/components/schemas/MeshLoadBalancingStrategyItem' responses: '200': $ref: >- #/components/responses/MeshLoadBalancingStrategyCreateOrUpdateSuccessResponse '201': $ref: >- #/components/responses/MeshLoadBalancingStrategyCreateOrUpdateSuccessResponse delete: operationId: deleteMeshLoadBalancingStrategy summary: Deletes MeshLoadBalancingStrategy entity tags: - MeshLoadBalancingStrategy parameters: - in: path name: mesh schema: type: string required: true description: name of the mesh - in: path name: name schema: type: string required: true description: name of the MeshLoadBalancingStrategy responses: '200': $ref: >- #/components/responses/MeshLoadBalancingStrategyDeleteSuccessResponse '404': $ref: '#/components/responses/NotFound' /meshes/{mesh}/meshloadbalancingstrategies: get: operationId: getMeshLoadBalancingStrategyList summary: Returns a list of MeshLoadBalancingStrategy in the mesh. tags: - MeshLoadBalancingStrategy parameters: - in: query name: offset description: offset in the list of entities required: false schema: type: integer example: 0 - in: query name: size description: the number of items per page required: false schema: type: integer default: 100 maximum: 1000 minimum: 1 - in: query name: filter description: filter by labels when multiple filters are present, they are ANDed required: false schema: type: object properties: key: type: string value: type: string example: label.k8s.kuma.io/namespace: my-ns - in: path name: mesh schema: type: string required: true description: name of the mesh responses: '200': $ref: '#/components/responses/MeshLoadBalancingStrategyList' /meshes/{mesh}/meshmetrics/{name}: get: operationId: getMeshMetric summary: Returns MeshMetric entity tags: - MeshMetric parameters: - in: path name: mesh schema: type: string required: true description: name of the mesh - in: path name: name schema: type: string required: true description: name of the MeshMetric responses: '200': $ref: '#/components/responses/MeshMetricItem' '404': $ref: '#/components/responses/NotFound' put: operationId: putMeshMetric summary: Creates or Updates MeshMetric entity tags: - MeshMetric parameters: - in: path name: mesh schema: type: string required: true description: name of the mesh - in: path name: name schema: type: string required: true description: name of the MeshMetric requestBody: description: Put request required: true content: application/json: schema: $ref: '#/components/schemas/MeshMetricItem' responses: '200': $ref: '#/components/responses/MeshMetricCreateOrUpdateSuccessResponse' '201': $ref: '#/components/responses/MeshMetricCreateOrUpdateSuccessResponse' delete: operationId: deleteMeshMetric summary: Deletes MeshMetric entity tags: - MeshMetric parameters: - in: path name: mesh schema: type: string required: true description: name of the mesh - in: path name: name schema: type: string required: true description: name of the MeshMetric responses: '200': $ref: '#/components/responses/MeshMetricDeleteSuccessResponse' '404': $ref: '#/components/responses/NotFound' /meshes/{mesh}/meshmetrics: get: operationId: getMeshMetricList summary: Returns a list of MeshMetric in the mesh. tags: - MeshMetric parameters: - in: query name: offset description: offset in the list of entities required: false schema: type: integer example: 0 - in: query name: size description: the number of items per page required: false schema: type: integer default: 100 maximum: 1000 minimum: 1 - in: query name: filter description: filter by labels when multiple filters are present, they are ANDed required: false schema: type: object properties: key: type: string value: type: string example: label.k8s.kuma.io/namespace: my-ns - in: path name: mesh schema: type: string required: true description: name of the mesh responses: '200': $ref: '#/components/responses/MeshMetricList' /meshes/{mesh}/meshpassthroughs/{name}: get: operationId: getMeshPassthrough summary: Returns MeshPassthrough entity tags: - MeshPassthrough parameters: - in: path name: mesh schema: type: string required: true description: name of the mesh - in: path name: name schema: type: string required: true description: name of the MeshPassthrough responses: '200': $ref: '#/components/responses/MeshPassthroughItem' '404': $ref: '#/components/responses/NotFound' put: operationId: putMeshPassthrough summary: Creates or Updates MeshPassthrough entity tags: - MeshPassthrough parameters: - in: path name: mesh schema: type: string required: true description: name of the mesh - in: path name: name schema: type: string required: true description: name of the MeshPassthrough requestBody: description: Put request required: true content: application/json: schema: $ref: '#/components/schemas/MeshPassthroughItem' responses: '200': $ref: '#/components/responses/MeshPassthroughCreateOrUpdateSuccessResponse' '201': $ref: '#/components/responses/MeshPassthroughCreateOrUpdateSuccessResponse' delete: operationId: deleteMeshPassthrough summary: Deletes MeshPassthrough entity tags: - MeshPassthrough parameters: - in: path name: mesh schema: type: string required: true description: name of the mesh - in: path name: name schema: type: string required: true description: name of the MeshPassthrough responses: '200': $ref: '#/components/responses/MeshPassthroughDeleteSuccessResponse' '404': $ref: '#/components/responses/NotFound' /meshes/{mesh}/meshpassthroughs: get: operationId: getMeshPassthroughList summary: Returns a list of MeshPassthrough in the mesh. tags: - MeshPassthrough parameters: - in: query name: offset description: offset in the list of entities required: false schema: type: integer example: 0 - in: query name: size description: the number of items per page required: false schema: type: integer default: 100 maximum: 1000 minimum: 1 - in: query name: filter description: filter by labels when multiple filters are present, they are ANDed required: false schema: type: object properties: key: type: string value: type: string example: label.k8s.kuma.io/namespace: my-ns - in: path name: mesh schema: type: string required: true description: name of the mesh responses: '200': $ref: '#/components/responses/MeshPassthroughList' /meshes/{mesh}/meshproxypatches/{name}: get: operationId: getMeshProxyPatch summary: Returns MeshProxyPatch entity tags: - MeshProxyPatch parameters: - in: path name: mesh schema: type: string required: true description: name of the mesh - in: path name: name schema: type: string required: true description: name of the MeshProxyPatch responses: '200': $ref: '#/components/responses/MeshProxyPatchItem' '404': $ref: '#/components/responses/NotFound' put: operationId: putMeshProxyPatch summary: Creates or Updates MeshProxyPatch entity tags: - MeshProxyPatch parameters: - in: path name: mesh schema: type: string required: true description: name of the mesh - in: path name: name schema: type: string required: true description: name of the MeshProxyPatch requestBody: description: Put request required: true content: application/json: schema: $ref: '#/components/schemas/MeshProxyPatchItem' responses: '200': $ref: '#/components/responses/MeshProxyPatchCreateOrUpdateSuccessResponse' '201': $ref: '#/components/responses/MeshProxyPatchCreateOrUpdateSuccessResponse' delete: operationId: deleteMeshProxyPatch summary: Deletes MeshProxyPatch entity tags: - MeshProxyPatch parameters: - in: path name: mesh schema: type: string required: true description: name of the mesh - in: path name: name schema: type: string required: true description: name of the MeshProxyPatch responses: '200': $ref: '#/components/responses/MeshProxyPatchDeleteSuccessResponse' '404': $ref: '#/components/responses/NotFound' /meshes/{mesh}/meshproxypatches: get: operationId: getMeshProxyPatchList summary: Returns a list of MeshProxyPatch in the mesh. tags: - MeshProxyPatch parameters: - in: query name: offset description: offset in the list of entities required: false schema: type: integer example: 0 - in: query name: size description: the number of items per page required: false schema: type: integer default: 100 maximum: 1000 minimum: 1 - in: query name: filter description: filter by labels when multiple filters are present, they are ANDed required: false schema: type: object properties: key: type: string value: type: string example: label.k8s.kuma.io/namespace: my-ns - in: path name: mesh schema: type: string required: true description: name of the mesh responses: '200': $ref: '#/components/responses/MeshProxyPatchList' /meshes/{mesh}/meshratelimits/{name}: get: operationId: getMeshRateLimit summary: Returns MeshRateLimit entity tags: - MeshRateLimit parameters: - in: path name: mesh schema: type: string required: true description: name of the mesh - in: path name: name schema: type: string required: true description: name of the MeshRateLimit responses: '200': $ref: '#/components/responses/MeshRateLimitItem' '404': $ref: '#/components/responses/NotFound' put: operationId: putMeshRateLimit summary: Creates or Updates MeshRateLimit entity tags: - MeshRateLimit parameters: - in: path name: mesh schema: type: string required: true description: name of the mesh - in: path name: name schema: type: string required: true description: name of the MeshRateLimit requestBody: description: Put request required: true content: application/json: schema: $ref: '#/components/schemas/MeshRateLimitItem' responses: '200': $ref: '#/components/responses/MeshRateLimitCreateOrUpdateSuccessResponse' '201': $ref: '#/components/responses/MeshRateLimitCreateOrUpdateSuccessResponse' delete: operationId: deleteMeshRateLimit summary: Deletes MeshRateLimit entity tags: - MeshRateLimit parameters: - in: path name: mesh schema: type: string required: true description: name of the mesh - in: path name: name schema: type: string required: true description: name of the MeshRateLimit responses: '200': $ref: '#/components/responses/MeshRateLimitDeleteSuccessResponse' '404': $ref: '#/components/responses/NotFound' /meshes/{mesh}/meshratelimits: get: operationId: getMeshRateLimitList summary: Returns a list of MeshRateLimit in the mesh. tags: - MeshRateLimit parameters: - in: query name: offset description: offset in the list of entities required: false schema: type: integer example: 0 - in: query name: size description: the number of items per page required: false schema: type: integer default: 100 maximum: 1000 minimum: 1 - in: query name: filter description: filter by labels when multiple filters are present, they are ANDed required: false schema: type: object properties: key: type: string value: type: string example: label.k8s.kuma.io/namespace: my-ns - in: path name: mesh schema: type: string required: true description: name of the mesh responses: '200': $ref: '#/components/responses/MeshRateLimitList' /meshes/{mesh}/meshretries/{name}: get: operationId: getMeshRetry summary: Returns MeshRetry entity tags: - MeshRetry parameters: - in: path name: mesh schema: type: string required: true description: name of the mesh - in: path name: name schema: type: string required: true description: name of the MeshRetry responses: '200': $ref: '#/components/responses/MeshRetryItem' '404': $ref: '#/components/responses/NotFound' put: operationId: putMeshRetry summary: Creates or Updates MeshRetry entity tags: - MeshRetry parameters: - in: path name: mesh schema: type: string required: true description: name of the mesh - in: path name: name schema: type: string required: true description: name of the MeshRetry requestBody: description: Put request required: true content: application/json: schema: $ref: '#/components/schemas/MeshRetryItem' responses: '200': $ref: '#/components/responses/MeshRetryCreateOrUpdateSuccessResponse' '201': $ref: '#/components/responses/MeshRetryCreateOrUpdateSuccessResponse' delete: operationId: deleteMeshRetry summary: Deletes MeshRetry entity tags: - MeshRetry parameters: - in: path name: mesh schema: type: string required: true description: name of the mesh - in: path name: name schema: type: string required: true description: name of the MeshRetry responses: '200': $ref: '#/components/responses/MeshRetryDeleteSuccessResponse' '404': $ref: '#/components/responses/NotFound' /meshes/{mesh}/meshretries: get: operationId: getMeshRetryList summary: Returns a list of MeshRetry in the mesh. tags: - MeshRetry parameters: - in: query name: offset description: offset in the list of entities required: false schema: type: integer example: 0 - in: query name: size description: the number of items per page required: false schema: type: integer default: 100 maximum: 1000 minimum: 1 - in: query name: filter description: filter by labels when multiple filters are present, they are ANDed required: false schema: type: object properties: key: type: string value: type: string example: label.k8s.kuma.io/namespace: my-ns - in: path name: mesh schema: type: string required: true description: name of the mesh responses: '200': $ref: '#/components/responses/MeshRetryList' /meshes/{mesh}/meshtcproutes/{name}: get: operationId: getMeshTCPRoute summary: Returns MeshTCPRoute entity tags: - MeshTCPRoute parameters: - in: path name: mesh schema: type: string required: true description: name of the mesh - in: path name: name schema: type: string required: true description: name of the MeshTCPRoute responses: '200': $ref: '#/components/responses/MeshTCPRouteItem' '404': $ref: '#/components/responses/NotFound' put: operationId: putMeshTCPRoute summary: Creates or Updates MeshTCPRoute entity tags: - MeshTCPRoute parameters: - in: path name: mesh schema: type: string required: true description: name of the mesh - in: path name: name schema: type: string required: true description: name of the MeshTCPRoute requestBody: description: Put request required: true content: application/json: schema: $ref: '#/components/schemas/MeshTCPRouteItem' responses: '200': $ref: '#/components/responses/MeshTCPRouteCreateOrUpdateSuccessResponse' '201': $ref: '#/components/responses/MeshTCPRouteCreateOrUpdateSuccessResponse' delete: operationId: deleteMeshTCPRoute summary: Deletes MeshTCPRoute entity tags: - MeshTCPRoute parameters: - in: path name: mesh schema: type: string required: true description: name of the mesh - in: path name: name schema: type: string required: true description: name of the MeshTCPRoute responses: '200': $ref: '#/components/responses/MeshTCPRouteDeleteSuccessResponse' '404': $ref: '#/components/responses/NotFound' /meshes/{mesh}/meshtcproutes: get: operationId: getMeshTCPRouteList summary: Returns a list of MeshTCPRoute in the mesh. tags: - MeshTCPRoute parameters: - in: query name: offset description: offset in the list of entities required: false schema: type: integer example: 0 - in: query name: size description: the number of items per page required: false schema: type: integer default: 100 maximum: 1000 minimum: 1 - in: query name: filter description: filter by labels when multiple filters are present, they are ANDed required: false schema: type: object properties: key: type: string value: type: string example: label.k8s.kuma.io/namespace: my-ns - in: path name: mesh schema: type: string required: true description: name of the mesh responses: '200': $ref: '#/components/responses/MeshTCPRouteList' /meshes/{mesh}/meshtimeouts/{name}: get: operationId: getMeshTimeout summary: Returns MeshTimeout entity tags: - MeshTimeout parameters: - in: path name: mesh schema: type: string required: true description: name of the mesh - in: path name: name schema: type: string required: true description: name of the MeshTimeout responses: '200': $ref: '#/components/responses/MeshTimeoutItem' '404': $ref: '#/components/responses/NotFound' put: operationId: putMeshTimeout summary: Creates or Updates MeshTimeout entity tags: - MeshTimeout parameters: - in: path name: mesh schema: type: string required: true description: name of the mesh - in: path name: name schema: type: string required: true description: name of the MeshTimeout requestBody: description: Put request required: true content: application/json: schema: $ref: '#/components/schemas/MeshTimeoutItem' responses: '200': $ref: '#/components/responses/MeshTimeoutCreateOrUpdateSuccessResponse' '201': $ref: '#/components/responses/MeshTimeoutCreateOrUpdateSuccessResponse' delete: operationId: deleteMeshTimeout summary: Deletes MeshTimeout entity tags: - MeshTimeout parameters: - in: path name: mesh schema: type: string required: true description: name of the mesh - in: path name: name schema: type: string required: true description: name of the MeshTimeout responses: '200': $ref: '#/components/responses/MeshTimeoutDeleteSuccessResponse' '404': $ref: '#/components/responses/NotFound' /meshes/{mesh}/meshtimeouts: get: operationId: getMeshTimeoutList summary: Returns a list of MeshTimeout in the mesh. tags: - MeshTimeout parameters: - in: query name: offset description: offset in the list of entities required: false schema: type: integer example: 0 - in: query name: size description: the number of items per page required: false schema: type: integer default: 100 maximum: 1000 minimum: 1 - in: query name: filter description: filter by labels when multiple filters are present, they are ANDed required: false schema: type: object properties: key: type: string value: type: string example: label.k8s.kuma.io/namespace: my-ns - in: path name: mesh schema: type: string required: true description: name of the mesh responses: '200': $ref: '#/components/responses/MeshTimeoutList' /meshes/{mesh}/meshtlses/{name}: get: operationId: getMeshTLS summary: Returns MeshTLS entity tags: - MeshTLS parameters: - in: path name: mesh schema: type: string required: true description: name of the mesh - in: path name: name schema: type: string required: true description: name of the MeshTLS responses: '200': $ref: '#/components/responses/MeshTLSItem' '404': $ref: '#/components/responses/NotFound' put: operationId: putMeshTLS summary: Creates or Updates MeshTLS entity tags: - MeshTLS parameters: - in: path name: mesh schema: type: string required: true description: name of the mesh - in: path name: name schema: type: string required: true description: name of the MeshTLS requestBody: description: Put request required: true content: application/json: schema: $ref: '#/components/schemas/MeshTLSItem' responses: '200': $ref: '#/components/responses/MeshTLSCreateOrUpdateSuccessResponse' '201': $ref: '#/components/responses/MeshTLSCreateOrUpdateSuccessResponse' delete: operationId: deleteMeshTLS summary: Deletes MeshTLS entity tags: - MeshTLS parameters: - in: path name: mesh schema: type: string required: true description: name of the mesh - in: path name: name schema: type: string required: true description: name of the MeshTLS responses: '200': $ref: '#/components/responses/MeshTLSDeleteSuccessResponse' '404': $ref: '#/components/responses/NotFound' /meshes/{mesh}/meshtlses: get: operationId: getMeshTLSList summary: Returns a list of MeshTLS in the mesh. tags: - MeshTLS parameters: - in: query name: offset description: offset in the list of entities required: false schema: type: integer example: 0 - in: query name: size description: the number of items per page required: false schema: type: integer default: 100 maximum: 1000 minimum: 1 - in: query name: filter description: filter by labels when multiple filters are present, they are ANDed required: false schema: type: object properties: key: type: string value: type: string example: label.k8s.kuma.io/namespace: my-ns - in: path name: mesh schema: type: string required: true description: name of the mesh responses: '200': $ref: '#/components/responses/MeshTLSList' /meshes/{mesh}/meshtraces/{name}: get: operationId: getMeshTrace summary: Returns MeshTrace entity tags: - MeshTrace parameters: - in: path name: mesh schema: type: string required: true description: name of the mesh - in: path name: name schema: type: string required: true description: name of the MeshTrace responses: '200': $ref: '#/components/responses/MeshTraceItem' '404': $ref: '#/components/responses/NotFound' put: operationId: putMeshTrace summary: Creates or Updates MeshTrace entity tags: - MeshTrace parameters: - in: path name: mesh schema: type: string required: true description: name of the mesh - in: path name: name schema: type: string required: true description: name of the MeshTrace requestBody: description: Put request required: true content: application/json: schema: $ref: '#/components/schemas/MeshTraceItem' responses: '200': $ref: '#/components/responses/MeshTraceCreateOrUpdateSuccessResponse' '201': $ref: '#/components/responses/MeshTraceCreateOrUpdateSuccessResponse' delete: operationId: deleteMeshTrace summary: Deletes MeshTrace entity tags: - MeshTrace parameters: - in: path name: mesh schema: type: string required: true description: name of the mesh - in: path name: name schema: type: string required: true description: name of the MeshTrace responses: '200': $ref: '#/components/responses/MeshTraceDeleteSuccessResponse' '404': $ref: '#/components/responses/NotFound' /meshes/{mesh}/meshtraces: get: operationId: getMeshTraceList summary: Returns a list of MeshTrace in the mesh. tags: - MeshTrace parameters: - in: query name: offset description: offset in the list of entities required: false schema: type: integer example: 0 - in: query name: size description: the number of items per page required: false schema: type: integer default: 100 maximum: 1000 minimum: 1 - in: query name: filter description: filter by labels when multiple filters are present, they are ANDed required: false schema: type: object properties: key: type: string value: type: string example: label.k8s.kuma.io/namespace: my-ns - in: path name: mesh schema: type: string required: true description: name of the mesh responses: '200': $ref: '#/components/responses/MeshTraceList' /meshes/{mesh}/meshtrafficpermissions/{name}: get: operationId: getMeshTrafficPermission summary: Returns MeshTrafficPermission entity tags: - MeshTrafficPermission parameters: - in: path name: mesh schema: type: string required: true description: name of the mesh - in: path name: name schema: type: string required: true description: name of the MeshTrafficPermission responses: '200': $ref: '#/components/responses/MeshTrafficPermissionItem' '404': $ref: '#/components/responses/NotFound' put: operationId: putMeshTrafficPermission summary: Creates or Updates MeshTrafficPermission entity tags: - MeshTrafficPermission parameters: - in: path name: mesh schema: type: string required: true description: name of the mesh - in: path name: name schema: type: string required: true description: name of the MeshTrafficPermission requestBody: description: Put request required: true content: application/json: schema: $ref: '#/components/schemas/MeshTrafficPermissionItem' responses: '200': $ref: >- #/components/responses/MeshTrafficPermissionCreateOrUpdateSuccessResponse '201': $ref: >- #/components/responses/MeshTrafficPermissionCreateOrUpdateSuccessResponse delete: operationId: deleteMeshTrafficPermission summary: Deletes MeshTrafficPermission entity tags: - MeshTrafficPermission parameters: - in: path name: mesh schema: type: string required: true description: name of the mesh - in: path name: name schema: type: string required: true description: name of the MeshTrafficPermission responses: '200': $ref: '#/components/responses/MeshTrafficPermissionDeleteSuccessResponse' '404': $ref: '#/components/responses/NotFound' /meshes/{mesh}/meshtrafficpermissions: get: operationId: getMeshTrafficPermissionList summary: Returns a list of MeshTrafficPermission in the mesh. tags: - MeshTrafficPermission parameters: - in: query name: offset description: offset in the list of entities required: false schema: type: integer example: 0 - in: query name: size description: the number of items per page required: false schema: type: integer default: 100 maximum: 1000 minimum: 1 - in: query name: filter description: filter by labels when multiple filters are present, they are ANDed required: false schema: type: object properties: key: type: string value: type: string example: label.k8s.kuma.io/namespace: my-ns - in: path name: mesh schema: type: string required: true description: name of the mesh responses: '200': $ref: '#/components/responses/MeshTrafficPermissionList' /meshes/{mesh}/dataplanes: get: operationId: getDataplaneList parameters: - description: offset in the list of entities example: 0 in: query name: offset required: false schema: type: integer - description: the number of items per page in: query name: size required: false schema: default: 100 maximum: 1000 minimum: 1 type: integer - description: filter by labels when multiple filters are present, they are ANDed example: label.k8s.kuma.io/namespace: my-ns in: query name: filter required: false schema: properties: key: type: string value: type: string type: object - description: name of the mesh in: path name: mesh required: true schema: type: string responses: '200': $ref: '#/components/responses/DataplaneList' summary: Returns a list of Dataplane in the mesh. tags: - Dataplane /meshes/{mesh}/dataplanes/{name}: delete: operationId: deleteDataplane parameters: - description: name of the mesh in: path name: mesh required: true schema: type: string - description: name of the Dataplane in: path name: name required: true schema: type: string responses: '200': $ref: '#/components/responses/DataplaneDeleteSuccessResponse' '404': $ref: '#/components/responses/NotFound' summary: Deletes Dataplane entity tags: - Dataplane get: operationId: getDataplane parameters: - description: name of the mesh in: path name: mesh required: true schema: type: string - description: name of the Dataplane in: path name: name required: true schema: type: string responses: '200': $ref: '#/components/responses/DataplaneItem' '404': $ref: '#/components/responses/NotFound' summary: Returns Dataplane entity tags: - Dataplane put: operationId: putDataplane parameters: - description: name of the mesh in: path name: mesh required: true schema: type: string - description: name of the Dataplane in: path name: name required: true schema: type: string requestBody: content: application/json: schema: $ref: '#/components/schemas/DataplaneItem' description: Put request required: true responses: '200': $ref: '#/components/responses/DataplaneCreateOrUpdateSuccessResponse' '201': $ref: '#/components/responses/DataplaneCreateOrUpdateSuccessResponse' summary: Creates or Updates Dataplane entity tags: - Dataplane /meshes/{mesh}/dataplanes/{name}/_overview: get: operationId: getDataplaneOverview parameters: - in: path name: mesh required: true description: The mesh of the DPP to get the diff for. schema: type: string - in: path name: name required: true description: The name of the DPP within the mesh to get the diff for. schema: type: string responses: '200': $ref: '#/components/responses/GetDataplaneOverviewResponse' '400': $ref: '#/components/responses/BadRequest' '500': $ref: '#/components/responses/Internal' /meshes/{mesh}/dataplanes/_overview: get: operationId: getDataplaneOverviewList parameters: - in: path name: mesh required: true description: The mesh of the DPP to get the diff for. schema: type: string responses: '200': $ref: '#/components/responses/GetDataplaneOverviewListResponse' '400': $ref: '#/components/responses/BadRequest' '500': $ref: '#/components/responses/Internal' /meshes: get: operationId: getMeshList parameters: - description: offset in the list of entities example: 0 in: query name: offset required: false schema: type: integer - description: the number of items per page in: query name: size required: false schema: default: 100 maximum: 1000 minimum: 1 type: integer - description: filter by labels when multiple filters are present, they are ANDed example: label.k8s.kuma.io/namespace: my-ns in: query name: filter required: false schema: properties: key: type: string value: type: string type: object responses: '200': $ref: '#/components/responses/MeshList' summary: Returns a list of Mesh in the mesh. tags: - Mesh /meshes/{name}: delete: operationId: deleteMesh parameters: - description: name of the Mesh in: path name: name required: true schema: type: string responses: '200': $ref: '#/components/responses/MeshDeleteSuccessResponse' '404': $ref: '#/components/responses/NotFound' summary: Deletes Mesh entity tags: - Mesh get: operationId: getMesh parameters: - description: name of the Mesh in: path name: name required: true schema: type: string responses: '200': $ref: '#/components/responses/MeshItem' '404': $ref: '#/components/responses/NotFound' summary: Returns Mesh entity tags: - Mesh put: operationId: putMesh parameters: - description: name of the Mesh in: path name: name required: true schema: type: string requestBody: content: application/json: schema: $ref: '#/components/schemas/MeshItem' description: Put request required: true responses: '200': $ref: '#/components/responses/MeshCreateOrUpdateSuccessResponse' '201': $ref: '#/components/responses/MeshCreateOrUpdateSuccessResponse' summary: Creates or Updates Mesh entity tags: - Mesh /meshes/{mesh}/meshgateways: get: operationId: getMeshGatewayList parameters: - description: offset in the list of entities example: 0 in: query name: offset required: false schema: type: integer - description: the number of items per page in: query name: size required: false schema: default: 100 maximum: 1000 minimum: 1 type: integer - description: filter by labels when multiple filters are present, they are ANDed example: label.k8s.kuma.io/namespace: my-ns in: query name: filter required: false schema: properties: key: type: string value: type: string type: object - description: name of the mesh in: path name: mesh required: true schema: type: string responses: '200': $ref: '#/components/responses/MeshGatewayList' summary: Returns a list of MeshGateway in the mesh. tags: - MeshGateway /meshes/{mesh}/meshgateways/{name}: delete: operationId: deleteMeshGateway parameters: - description: name of the mesh in: path name: mesh required: true schema: type: string - description: name of the MeshGateway in: path name: name required: true schema: type: string responses: '200': $ref: '#/components/responses/MeshGatewayDeleteSuccessResponse' '404': $ref: '#/components/responses/NotFound' summary: Deletes MeshGateway entity tags: - MeshGateway get: operationId: getMeshGateway parameters: - description: name of the mesh in: path name: mesh required: true schema: type: string - description: name of the MeshGateway in: path name: name required: true schema: type: string responses: '200': $ref: '#/components/responses/MeshGatewayItem' '404': $ref: '#/components/responses/NotFound' summary: Returns MeshGateway entity tags: - MeshGateway put: operationId: putMeshGateway parameters: - description: name of the mesh in: path name: mesh required: true schema: type: string - description: name of the MeshGateway in: path name: name required: true schema: type: string requestBody: content: application/json: schema: $ref: '#/components/schemas/MeshGatewayItem' description: Put request required: true responses: '200': $ref: '#/components/responses/MeshGatewayCreateOrUpdateSuccessResponse' '201': $ref: '#/components/responses/MeshGatewayCreateOrUpdateSuccessResponse' summary: Creates or Updates MeshGateway entity tags: - MeshGateway /meshes/{mesh}/secrets: get: operationId: getSecretList parameters: - description: offset in the list of entities example: 0 in: query name: offset required: false schema: type: integer - description: the number of items per page in: query name: size required: false schema: default: 100 maximum: 1000 minimum: 1 type: integer - description: filter by labels when multiple filters are present, they are ANDed example: label.k8s.kuma.io/namespace: my-ns in: query name: filter required: false schema: properties: key: type: string value: type: string type: object - description: name of the mesh in: path name: mesh required: true schema: type: string responses: '200': $ref: '#/components/responses/SecretList' summary: Returns a list of Secret in the mesh. tags: - Secret /meshes/{mesh}/secrets/{name}: delete: operationId: deleteSecret parameters: - description: name of the mesh in: path name: mesh required: true schema: type: string - description: name of the Secret in: path name: name required: true schema: type: string responses: '200': $ref: '#/components/responses/SecretDeleteSuccessResponse' '404': $ref: '#/components/responses/NotFound' summary: Deletes Secret entity tags: - Secret get: operationId: getSecret parameters: - description: name of the mesh in: path name: mesh required: true schema: type: string - description: name of the Secret in: path name: name required: true schema: type: string responses: '200': $ref: '#/components/responses/SecretItem' '404': $ref: '#/components/responses/NotFound' summary: Returns Secret entity tags: - Secret put: operationId: putSecret parameters: - description: name of the mesh in: path name: mesh required: true schema: type: string - description: name of the Secret in: path name: name required: true schema: type: string requestBody: content: application/json: schema: $ref: '#/components/schemas/SecretItem' description: Put request required: true responses: '200': $ref: '#/components/responses/SecretCreateOrUpdateSuccessResponse' '201': $ref: '#/components/responses/SecretCreateOrUpdateSuccessResponse' summary: Creates or Updates Secret entity tags: - Secret /zoneegresses: get: operationId: getZoneEgressList parameters: - description: offset in the list of entities example: 0 in: query name: offset required: false schema: type: integer - description: the number of items per page in: query name: size required: false schema: default: 100 maximum: 1000 minimum: 1 type: integer - description: filter by labels when multiple filters are present, they are ANDed example: label.k8s.kuma.io/namespace: my-ns in: query name: filter required: false schema: properties: key: type: string value: type: string type: object responses: '200': $ref: '#/components/responses/ZoneEgressList' summary: Returns a list of ZoneEgress in the mesh. tags: - ZoneEgress /zoneegresses/{name}: delete: operationId: deleteZoneEgress parameters: - description: name of the ZoneEgress in: path name: name required: true schema: type: string responses: '200': $ref: '#/components/responses/ZoneEgressDeleteSuccessResponse' '404': $ref: '#/components/responses/NotFound' summary: Deletes ZoneEgress entity tags: - ZoneEgress get: operationId: getZoneEgress parameters: - description: name of the ZoneEgress in: path name: name required: true schema: type: string responses: '200': $ref: '#/components/responses/ZoneEgressItem' '404': $ref: '#/components/responses/NotFound' summary: Returns ZoneEgress entity tags: - ZoneEgress put: operationId: putZoneEgress parameters: - description: name of the ZoneEgress in: path name: name required: true schema: type: string requestBody: content: application/json: schema: $ref: '#/components/schemas/ZoneEgressItem' description: Put request required: true responses: '200': $ref: '#/components/responses/ZoneEgressCreateOrUpdateSuccessResponse' '201': $ref: '#/components/responses/ZoneEgressCreateOrUpdateSuccessResponse' summary: Creates or Updates ZoneEgress entity tags: - ZoneEgress /zoneingresses: get: operationId: getZoneIngressList parameters: - description: offset in the list of entities example: 0 in: query name: offset required: false schema: type: integer - description: the number of items per page in: query name: size required: false schema: default: 100 maximum: 1000 minimum: 1 type: integer - description: filter by labels when multiple filters are present, they are ANDed example: label.k8s.kuma.io/namespace: my-ns in: query name: filter required: false schema: properties: key: type: string value: type: string type: object responses: '200': $ref: '#/components/responses/ZoneIngressList' summary: Returns a list of ZoneIngress in the mesh. tags: - ZoneIngress /zoneingresses/{name}: delete: operationId: deleteZoneIngress parameters: - description: name of the ZoneIngress in: path name: name required: true schema: type: string responses: '200': $ref: '#/components/responses/ZoneIngressDeleteSuccessResponse' '404': $ref: '#/components/responses/NotFound' summary: Deletes ZoneIngress entity tags: - ZoneIngress get: operationId: getZoneIngress parameters: - description: name of the ZoneIngress in: path name: name required: true schema: type: string responses: '200': $ref: '#/components/responses/ZoneIngressItem' '404': $ref: '#/components/responses/NotFound' summary: Returns ZoneIngress entity tags: - ZoneIngress put: operationId: putZoneIngress parameters: - description: name of the ZoneIngress in: path name: name required: true schema: type: string requestBody: content: application/json: schema: $ref: '#/components/schemas/ZoneIngressItem' description: Put request required: true responses: '200': $ref: '#/components/responses/ZoneIngressCreateOrUpdateSuccessResponse' '201': $ref: '#/components/responses/ZoneIngressCreateOrUpdateSuccessResponse' summary: Creates or Updates ZoneIngress entity tags: - ZoneIngress /hostnamegenerators/{name}: get: operationId: getHostnameGenerator summary: Returns HostnameGenerator entity tags: - HostnameGenerator parameters: - in: path name: name schema: type: string required: true description: name of the HostnameGenerator responses: '200': $ref: '#/components/responses/HostnameGeneratorItem' '404': $ref: '#/components/responses/NotFound' put: operationId: putHostnameGenerator summary: Creates or Updates HostnameGenerator entity tags: - HostnameGenerator parameters: - in: path name: name schema: type: string required: true description: name of the HostnameGenerator requestBody: description: Put request required: true content: application/json: schema: $ref: '#/components/schemas/HostnameGeneratorItem' responses: '200': $ref: >- #/components/responses/HostnameGeneratorCreateOrUpdateSuccessResponse '201': $ref: >- #/components/responses/HostnameGeneratorCreateOrUpdateSuccessResponse delete: operationId: deleteHostnameGenerator summary: Deletes HostnameGenerator entity tags: - HostnameGenerator parameters: - in: path name: name schema: type: string required: true description: name of the HostnameGenerator responses: '200': $ref: '#/components/responses/HostnameGeneratorDeleteSuccessResponse' '404': $ref: '#/components/responses/NotFound' /hostnamegenerators: get: operationId: getHostnameGeneratorList summary: Returns a list of HostnameGenerator in the mesh. tags: - HostnameGenerator parameters: - in: query name: offset description: offset in the list of entities required: false schema: type: integer example: 0 - in: query name: size description: the number of items per page required: false schema: type: integer default: 100 maximum: 1000 minimum: 1 - in: query name: filter description: filter by labels when multiple filters are present, they are ANDed required: false schema: type: object properties: key: type: string value: type: string example: label.k8s.kuma.io/namespace: my-ns responses: '200': $ref: '#/components/responses/HostnameGeneratorList' /meshes/{mesh}/meshexternalservices/{name}: get: operationId: getMeshExternalService summary: Returns MeshExternalService entity tags: - MeshExternalService parameters: - in: path name: mesh schema: type: string required: true description: name of the mesh - in: path name: name schema: type: string required: true description: name of the MeshExternalService responses: '200': $ref: '#/components/responses/MeshExternalServiceItem' '404': $ref: '#/components/responses/NotFound' put: operationId: putMeshExternalService summary: Creates or Updates MeshExternalService entity tags: - MeshExternalService parameters: - in: path name: mesh schema: type: string required: true description: name of the mesh - in: path name: name schema: type: string required: true description: name of the MeshExternalService requestBody: description: Put request required: true content: application/json: schema: $ref: '#/components/schemas/MeshExternalServiceItem' responses: '200': $ref: >- #/components/responses/MeshExternalServiceCreateOrUpdateSuccessResponse '201': $ref: >- #/components/responses/MeshExternalServiceCreateOrUpdateSuccessResponse delete: operationId: deleteMeshExternalService summary: Deletes MeshExternalService entity tags: - MeshExternalService parameters: - in: path name: mesh schema: type: string required: true description: name of the mesh - in: path name: name schema: type: string required: true description: name of the MeshExternalService responses: '200': $ref: '#/components/responses/MeshExternalServiceDeleteSuccessResponse' '404': $ref: '#/components/responses/NotFound' /meshes/{mesh}/meshexternalservices: get: operationId: getMeshExternalServiceList summary: Returns a list of MeshExternalService in the mesh. tags: - MeshExternalService parameters: - in: query name: offset description: offset in the list of entities required: false schema: type: integer example: 0 - in: query name: size description: the number of items per page required: false schema: type: integer default: 100 maximum: 1000 minimum: 1 - in: query name: filter description: filter by labels when multiple filters are present, they are ANDed required: false schema: type: object properties: key: type: string value: type: string example: label.k8s.kuma.io/namespace: my-ns - in: path name: mesh schema: type: string required: true description: name of the mesh responses: '200': $ref: '#/components/responses/MeshExternalServiceList' /meshes/{mesh}/meshidentities/{name}: get: operationId: getMeshIdentity summary: Returns MeshIdentity entity tags: - MeshIdentity parameters: - in: path name: mesh schema: type: string required: true description: name of the mesh - in: path name: name schema: type: string required: true description: name of the MeshIdentity responses: '200': $ref: '#/components/responses/MeshIdentityItem' '404': $ref: '#/components/responses/NotFound' put: operationId: putMeshIdentity summary: Creates or Updates MeshIdentity entity tags: - MeshIdentity parameters: - in: path name: mesh schema: type: string required: true description: name of the mesh - in: path name: name schema: type: string required: true description: name of the MeshIdentity requestBody: description: Put request required: true content: application/json: schema: $ref: '#/components/schemas/MeshIdentityItem' responses: '200': $ref: '#/components/responses/MeshIdentityCreateOrUpdateSuccessResponse' '201': $ref: '#/components/responses/MeshIdentityCreateOrUpdateSuccessResponse' delete: operationId: deleteMeshIdentity summary: Deletes MeshIdentity entity tags: - MeshIdentity parameters: - in: path name: mesh schema: type: string required: true description: name of the mesh - in: path name: name schema: type: string required: true description: name of the MeshIdentity responses: '200': $ref: '#/components/responses/MeshIdentityDeleteSuccessResponse' '404': $ref: '#/components/responses/NotFound' /meshes/{mesh}/meshidentities: get: operationId: getMeshIdentityList summary: Returns a list of MeshIdentity in the mesh. tags: - MeshIdentity parameters: - in: query name: offset description: offset in the list of entities required: false schema: type: integer example: 0 - in: query name: size description: the number of items per page required: false schema: type: integer default: 100 maximum: 1000 minimum: 1 - in: query name: filter description: filter by labels when multiple filters are present, they are ANDed required: false schema: type: object properties: key: type: string value: type: string example: label.k8s.kuma.io/namespace: my-ns - in: path name: mesh schema: type: string required: true description: name of the mesh responses: '200': $ref: '#/components/responses/MeshIdentityList' /meshes/{mesh}/meshmultizoneservices/{name}: get: operationId: getMeshMultiZoneService summary: Returns MeshMultiZoneService entity tags: - MeshMultiZoneService parameters: - in: path name: mesh schema: type: string required: true description: name of the mesh - in: path name: name schema: type: string required: true description: name of the MeshMultiZoneService responses: '200': $ref: '#/components/responses/MeshMultiZoneServiceItem' '404': $ref: '#/components/responses/NotFound' put: operationId: putMeshMultiZoneService summary: Creates or Updates MeshMultiZoneService entity tags: - MeshMultiZoneService parameters: - in: path name: mesh schema: type: string required: true description: name of the mesh - in: path name: name schema: type: string required: true description: name of the MeshMultiZoneService requestBody: description: Put request required: true content: application/json: schema: $ref: '#/components/schemas/MeshMultiZoneServiceItem' responses: '200': $ref: >- #/components/responses/MeshMultiZoneServiceCreateOrUpdateSuccessResponse '201': $ref: >- #/components/responses/MeshMultiZoneServiceCreateOrUpdateSuccessResponse delete: operationId: deleteMeshMultiZoneService summary: Deletes MeshMultiZoneService entity tags: - MeshMultiZoneService parameters: - in: path name: mesh schema: type: string required: true description: name of the mesh - in: path name: name schema: type: string required: true description: name of the MeshMultiZoneService responses: '200': $ref: '#/components/responses/MeshMultiZoneServiceDeleteSuccessResponse' '404': $ref: '#/components/responses/NotFound' /meshes/{mesh}/meshmultizoneservices: get: operationId: getMeshMultiZoneServiceList summary: Returns a list of MeshMultiZoneService in the mesh. tags: - MeshMultiZoneService parameters: - in: query name: offset description: offset in the list of entities required: false schema: type: integer example: 0 - in: query name: size description: the number of items per page required: false schema: type: integer default: 100 maximum: 1000 minimum: 1 - in: query name: filter description: filter by labels when multiple filters are present, they are ANDed required: false schema: type: object properties: key: type: string value: type: string example: label.k8s.kuma.io/namespace: my-ns - in: path name: mesh schema: type: string required: true description: name of the mesh responses: '200': $ref: '#/components/responses/MeshMultiZoneServiceList' /meshes/{mesh}/meshopentelemetrybackends/{name}: get: operationId: getMeshOpenTelemetryBackend summary: Returns MeshOpenTelemetryBackend entity tags: - MeshOpenTelemetryBackend parameters: - in: path name: mesh schema: type: string required: true description: name of the mesh - in: path name: name schema: type: string required: true description: name of the MeshOpenTelemetryBackend responses: '200': $ref: '#/components/responses/MeshOpenTelemetryBackendItem' '404': $ref: '#/components/responses/NotFound' put: operationId: putMeshOpenTelemetryBackend summary: Creates or Updates MeshOpenTelemetryBackend entity tags: - MeshOpenTelemetryBackend parameters: - in: path name: mesh schema: type: string required: true description: name of the mesh - in: path name: name schema: type: string required: true description: name of the MeshOpenTelemetryBackend requestBody: description: Put request required: true content: application/json: schema: $ref: '#/components/schemas/MeshOpenTelemetryBackendItem' responses: '200': $ref: >- #/components/responses/MeshOpenTelemetryBackendCreateOrUpdateSuccessResponse '201': $ref: >- #/components/responses/MeshOpenTelemetryBackendCreateOrUpdateSuccessResponse delete: operationId: deleteMeshOpenTelemetryBackend summary: Deletes MeshOpenTelemetryBackend entity tags: - MeshOpenTelemetryBackend parameters: - in: path name: mesh schema: type: string required: true description: name of the mesh - in: path name: name schema: type: string required: true description: name of the MeshOpenTelemetryBackend responses: '200': $ref: '#/components/responses/MeshOpenTelemetryBackendDeleteSuccessResponse' '404': $ref: '#/components/responses/NotFound' /meshes/{mesh}/meshopentelemetrybackends: get: operationId: getMeshOpenTelemetryBackendList summary: Returns a list of MeshOpenTelemetryBackend in the mesh. tags: - MeshOpenTelemetryBackend parameters: - in: query name: offset description: offset in the list of entities required: false schema: type: integer example: 0 - in: query name: size description: the number of items per page required: false schema: type: integer default: 100 maximum: 1000 minimum: 1 - in: query name: filter description: filter by labels when multiple filters are present, they are ANDed required: false schema: type: object properties: key: type: string value: type: string example: label.k8s.kuma.io/namespace: my-ns - in: path name: mesh schema: type: string required: true description: name of the mesh responses: '200': $ref: '#/components/responses/MeshOpenTelemetryBackendList' /meshes/{mesh}/meshservices/{name}: get: operationId: getMeshService summary: Returns MeshService entity tags: - MeshService parameters: - in: path name: mesh schema: type: string required: true description: name of the mesh - in: path name: name schema: type: string required: true description: name of the MeshService responses: '200': $ref: '#/components/responses/MeshServiceItem' '404': $ref: '#/components/responses/NotFound' put: operationId: putMeshService summary: Creates or Updates MeshService entity tags: - MeshService parameters: - in: path name: mesh schema: type: string required: true description: name of the mesh - in: path name: name schema: type: string required: true description: name of the MeshService requestBody: description: Put request required: true content: application/json: schema: $ref: '#/components/schemas/MeshServiceItem' responses: '200': $ref: '#/components/responses/MeshServiceCreateOrUpdateSuccessResponse' '201': $ref: '#/components/responses/MeshServiceCreateOrUpdateSuccessResponse' delete: operationId: deleteMeshService summary: Deletes MeshService entity tags: - MeshService parameters: - in: path name: mesh schema: type: string required: true description: name of the mesh - in: path name: name schema: type: string required: true description: name of the MeshService responses: '200': $ref: '#/components/responses/MeshServiceDeleteSuccessResponse' '404': $ref: '#/components/responses/NotFound' /meshes/{mesh}/meshservices: get: operationId: getMeshServiceList summary: Returns a list of MeshService in the mesh. tags: - MeshService parameters: - in: query name: offset description: offset in the list of entities required: false schema: type: integer example: 0 - in: query name: size description: the number of items per page required: false schema: type: integer default: 100 maximum: 1000 minimum: 1 - in: query name: filter description: filter by labels when multiple filters are present, they are ANDed required: false schema: type: object properties: key: type: string value: type: string example: label.k8s.kuma.io/namespace: my-ns - in: path name: mesh schema: type: string required: true description: name of the mesh responses: '200': $ref: '#/components/responses/MeshServiceList' /meshes/{mesh}/meshtrusts/{name}: get: operationId: getMeshTrust summary: Returns MeshTrust entity tags: - MeshTrust parameters: - in: path name: mesh schema: type: string required: true description: name of the mesh - in: path name: name schema: type: string required: true description: name of the MeshTrust responses: '200': $ref: '#/components/responses/MeshTrustItem' '404': $ref: '#/components/responses/NotFound' put: operationId: putMeshTrust summary: Creates or Updates MeshTrust entity tags: - MeshTrust parameters: - in: path name: mesh schema: type: string required: true description: name of the mesh - in: path name: name schema: type: string required: true description: name of the MeshTrust requestBody: description: Put request required: true content: application/json: schema: $ref: '#/components/schemas/MeshTrustItem' responses: '200': $ref: '#/components/responses/MeshTrustCreateOrUpdateSuccessResponse' '201': $ref: '#/components/responses/MeshTrustCreateOrUpdateSuccessResponse' delete: operationId: deleteMeshTrust summary: Deletes MeshTrust entity tags: - MeshTrust parameters: - in: path name: mesh schema: type: string required: true description: name of the mesh - in: path name: name schema: type: string required: true description: name of the MeshTrust responses: '200': $ref: '#/components/responses/MeshTrustDeleteSuccessResponse' '404': $ref: '#/components/responses/NotFound' /meshes/{mesh}/meshtrusts: get: operationId: getMeshTrustList summary: Returns a list of MeshTrust in the mesh. tags: - MeshTrust parameters: - in: query name: offset description: offset in the list of entities required: false schema: type: integer example: 0 - in: query name: size description: the number of items per page required: false schema: type: integer default: 100 maximum: 1000 minimum: 1 - in: query name: filter description: filter by labels when multiple filters are present, they are ANDed required: false schema: type: object properties: key: type: string value: type: string example: label.k8s.kuma.io/namespace: my-ns - in: path name: mesh schema: type: string required: true description: name of the mesh responses: '200': $ref: '#/components/responses/MeshTrustList' /meshes/{mesh}/meshzoneaddresses/{name}: get: operationId: getMeshZoneAddress summary: Returns MeshZoneAddress entity tags: - MeshZoneAddress parameters: - in: path name: mesh schema: type: string required: true description: name of the mesh - in: path name: name schema: type: string required: true description: name of the MeshZoneAddress responses: '200': $ref: '#/components/responses/MeshZoneAddressItem' '404': $ref: '#/components/responses/NotFound' put: operationId: putMeshZoneAddress summary: Creates or Updates MeshZoneAddress entity tags: - MeshZoneAddress parameters: - in: path name: mesh schema: type: string required: true description: name of the mesh - in: path name: name schema: type: string required: true description: name of the MeshZoneAddress requestBody: description: Put request required: true content: application/json: schema: $ref: '#/components/schemas/MeshZoneAddressItem' responses: '200': $ref: '#/components/responses/MeshZoneAddressCreateOrUpdateSuccessResponse' '201': $ref: '#/components/responses/MeshZoneAddressCreateOrUpdateSuccessResponse' delete: operationId: deleteMeshZoneAddress summary: Deletes MeshZoneAddress entity tags: - MeshZoneAddress parameters: - in: path name: mesh schema: type: string required: true description: name of the mesh - in: path name: name schema: type: string required: true description: name of the MeshZoneAddress responses: '200': $ref: '#/components/responses/MeshZoneAddressDeleteSuccessResponse' '404': $ref: '#/components/responses/NotFound' /meshes/{mesh}/meshzoneaddresses: get: operationId: getMeshZoneAddressList summary: Returns a list of MeshZoneAddress in the mesh. tags: - MeshZoneAddress parameters: - in: query name: offset description: offset in the list of entities required: false schema: type: integer example: 0 - in: query name: size description: the number of items per page required: false schema: type: integer default: 100 maximum: 1000 minimum: 1 - in: query name: filter description: filter by labels when multiple filters are present, they are ANDed required: false schema: type: object properties: key: type: string value: type: string example: label.k8s.kuma.io/namespace: my-ns - in: path name: mesh schema: type: string required: true description: name of the mesh responses: '200': $ref: '#/components/responses/MeshZoneAddressList' /meshes/{mesh}/workloads/{name}: get: operationId: getWorkload summary: Returns Workload entity tags: - Workload parameters: - in: path name: mesh schema: type: string required: true description: name of the mesh - in: path name: name schema: type: string required: true description: name of the Workload responses: '200': $ref: '#/components/responses/WorkloadItem' '404': $ref: '#/components/responses/NotFound' put: operationId: putWorkload summary: Creates or Updates Workload entity tags: - Workload parameters: - in: path name: mesh schema: type: string required: true description: name of the mesh - in: path name: name schema: type: string required: true description: name of the Workload requestBody: description: Put request required: true content: application/json: schema: $ref: '#/components/schemas/WorkloadItem' responses: '200': $ref: '#/components/responses/WorkloadCreateOrUpdateSuccessResponse' '201': $ref: '#/components/responses/WorkloadCreateOrUpdateSuccessResponse' delete: operationId: deleteWorkload summary: Deletes Workload entity tags: - Workload parameters: - in: path name: mesh schema: type: string required: true description: name of the mesh - in: path name: name schema: type: string required: true description: name of the Workload responses: '200': $ref: '#/components/responses/WorkloadDeleteSuccessResponse' '404': $ref: '#/components/responses/NotFound' /meshes/{mesh}/workloads: get: operationId: getWorkloadList summary: Returns a list of Workload in the mesh. tags: - Workload parameters: - in: query name: offset description: offset in the list of entities required: false schema: type: integer example: 0 - in: query name: size description: the number of items per page required: false schema: type: integer default: 100 maximum: 1000 minimum: 1 - in: query name: filter description: filter by labels when multiple filters are present, they are ANDed required: false schema: type: object properties: key: type: string value: type: string example: label.k8s.kuma.io/namespace: my-ns - in: path name: mesh schema: type: string required: true description: name of the mesh responses: '200': $ref: '#/components/responses/WorkloadList' components: securitySchemes: BasicAuth: type: http scheme: basic BearerAuth: type: http scheme: bearer schemas: Index: type: object title: Index description: Some metadata about the service required: - hostname - product - version - instanceId - clusterId - gui properties: hostname: type: string product: type: string description: The product line (Kuma for OSS, different for other distributions) version: type: string description: The semantic version of the server running instanceId: type: string description: A unique id to identify the instance requested clusterId: type: string description: A unique id to identify the cluster being connected to gui: type: string description: The path to the GUI basedOnKuma: type: string description: >- In case of an alternative distribution of Kuma the Kuma version this release is based on ResourceTypeDescriptionList: type: object title: ResourceTypeDescriptionList description: A list of all resources install required: - resources properties: resources: type: array items: $ref: '#/components/schemas/ResourceTypeDescription' InspectDataplanesForPolicy: type: object title: InspectDataplanesForPolicy description: A list of proxies required: - total - items properties: total: type: integer example: 200 next: type: string items: type: array items: $ref: '#/components/schemas/Meta' DataplaneXDSConfig: type: object title: DataplaneXDSConfig required: - xds properties: xds: description: The raw XDS config as an inline JSON object type: object diff: description: > Contains a diff in a JSONPatch format between the XDS config returned in 'xds' and the current proxy XDS config. By default, the field is empty. To include the diff in the response, use the `include=diff` query parameter. type: array items: $ref: '#/components/schemas/JsonPatchItem' InspectRules: type: object title: InspectRules description: A list of rules for a dataplane required: - rules - resource - httpMatches properties: resource: $ref: '#/components/schemas/Meta' rules: type: array items: $ref: '#/components/schemas/InspectRule' httpMatches: type: array items: $ref: '#/components/schemas/HttpMatch' BaseStatus: type: object title: Status required: - online - total properties: online: type: integer example: 10 total: type: integer example: 30 FullStatus: allOf: - $ref: '#/components/schemas/BaseStatus' - type: object required: - offline - partiallyDegraded properties: offline: type: integer example: 15 partiallyDegraded: type: integer example: 5 ServicesStats: type: object title: ServicesStats description: Services statistics required: - total - internal - external - gatewayBuiltin - gatewayDelegated properties: internal: description: Internal services statistics allOf: - $ref: '#/components/schemas/FullStatus' external: type: object description: External services statistics required: - total properties: total: type: integer example: 5 gatewayBuiltin: description: Builtin Gateway services statistics allOf: - $ref: '#/components/schemas/FullStatus' gatewayDelegated: description: Delegated Gateway services statistics allOf: - $ref: '#/components/schemas/FullStatus' ZonesStats: type: object title: Zones Stats description: Zone statistics required: - controlPlanes - zoneEgresses - zoneIngresses properties: controlPlanes: description: Control Planes statistics allOf: - $ref: '#/components/schemas/BaseStatus' zoneEgresses: description: Zone Egresses statistics allOf: - $ref: '#/components/schemas/BaseStatus' zoneIngresses: description: Zone Ingresses statistics allOf: - $ref: '#/components/schemas/BaseStatus' DataplanesStats: type: object title: Dataplanes Stats description: Dataplanes statistics required: - standard - gatewayBuiltin - gatewayDelegated properties: standard: description: Standard dataplane proxy statistics allOf: - $ref: '#/components/schemas/FullStatus' gatewayBuiltin: description: Builtin Gateway dataplane proxy statistics allOf: - $ref: '#/components/schemas/FullStatus' gatewayDelegated: description: Delegated Gateway dataplane proxy statistics allOf: - $ref: '#/components/schemas/FullStatus' PoliciesStats: type: object title: Policies Stats description: Policies statistics required: - total properties: total: type: integer description: Number of policies example: 30 ResourceStats: type: object title: Resource Stats description: Resource statistics required: - total properties: total: type: integer description: Number of resources example: 30 MeshesStats: type: object title: Meshes Stats description: Mesh statistics required: - total properties: total: type: integer description: Number of meshes example: 3 GlobalInsightBase: type: object title: GlobalInsightBase description: Global Insight contains statistics for all main resources required: - createdAt - services - zones - dataplanes - policies - meshes - resources properties: createdAt: type: string description: Time of Global Insight creation format: date-time example: '2023-01-11T02:30:42.227Z' services: description: Mesh services statistics allOf: - $ref: '#/components/schemas/ServicesStats' zones: description: Zones statistics allOf: - $ref: '#/components/schemas/ZonesStats' dataplanes: description: Dataplane proxy statistics allOf: - $ref: '#/components/schemas/DataplanesStats' policies: description: Policies statistics allOf: - $ref: '#/components/schemas/PoliciesStats' meshes: description: Mesh statistics allOf: - $ref: '#/components/schemas/MeshesStats' resources: type: object additionalProperties: $ref: '#/components/schemas/ResourceStats' description: A map of resource names to their corresponding statistics InspectHostnames: type: object title: InspectHostnames description: A list of hostnames required: - total - items properties: total: type: integer example: 200 items: type: array items: $ref: '#/components/schemas/InspectHostname' InspectHostname: type: object title: InspectHostname description: An supported hostname along with the zones it exists in required: - hostname - zones properties: hostname: type: string description: Generated hostname example: redis.redis-system.svc.east.mesh.local zones: type: array items: $ref: '#/components/schemas/InspectHostnameZone' InspectHostnameZone: type: object title: InspectHostnameZone description: A name of the zone in which the hostname is available required: - name properties: name: type: string example: east DataplaneNetworkingLayout: type: object title: DataplaneLayout description: >- Dataplane networking layout. It contains the most important information about the dataplane and lists the available inbounds, outbounds, and zone proxy listeners required: - kri - labels - inbounds - outbounds - listeners properties: kri: type: string example: kri_dp_default_default_kuma-demo_demo-app-75ff54499c-ttwd7_http-port labels: type: object additionalProperties: type: string example: k8s.kuma.io/namespace: kuma-demo kuma.io/display-name: demo-app kuma.io/mesh: default kuma.io/origin: zone inbounds: type: array items: $ref: '#/components/schemas/DataplaneInbound' outbounds: type: array items: $ref: '#/components/schemas/DataplaneOutbound' listeners: type: array items: $ref: '#/components/schemas/DataplaneListener' spiffeId: type: string description: SPIFFE ID of the dataplane's workload identity certificate InvalidParameters: type: object title: Invalid Parameters required: - field - reason - source properties: field: type: string description: The name of the field that caused the error. reason: type: string description: | A short, human-readable description of the problem. _Should_ be provided as "Sentence case" for direct use in a UI. rule: type: string description: > May be provided as a hint to the user to help understand the type of failure. Additional guidance may be provided in additional fields, i.e. `choices`. choices: type: array description: > Optional field to provide a list of valid choices for the field that caused the error. items: type: string source: type: string description: | The location of the field that caused the error. enum: - body - query - header - path Error: type: object title: Error description: > Standard error. Follows the [AIP #193 - Errors](https://kong-aip.netlify.app/aip/193/) specification. x-examples: Example 1: status: 404 title: Not Found type: https://kongapi.info/konnect/not-found instance: portal:trace:2287285207635123011 detail: The requested document was not found required: - status - title - instance - type - detail properties: status: type: integer description: The HTTP status code. example: 404 title: type: string description: > A short, human-readable summary of the problem. It **should not** change between occurrences of a problem, except for localization. Should be provided as "Sentence case" for potential direct use in a UI example: Not Found type: type: string description: > A unique identifier for this error. When dereferenced it must provide human-readable documentation for the problem. example: Not Found instance: type: string example: portal:trace:2287285207635123011 description: > Used to return the correlation ID back to the user, in the format `:trace:`. detail: type: string example: The requested team was not found description: > A human readable explanation specific to this occurrence of the problem. This field may contain request/entity data to help the user understand what went wrong. Enclose variable values in square brackets. _Should_ be provided as "Sentence case" for direct use in a UI invalid_parameters: type: array description: > All 400 errors **MUST** return an `invalid_parameters` key in the response. Used to indicate which fields have invalid values when validated. items: $ref: '#/components/schemas/InvalidParameters' PolicyDescription: type: object required: - hasToTargetRef - hasFromTargetRef - hasRulesTargetRef - isTargetRef - isFromAsRules description: information about a policy properties: isTargetRef: description: whether this policy uses targetRef matching type: boolean hasToTargetRef: description: indicates that this policy can be used as an outbound policy type: boolean hasFromTargetRef: description: indicates that this policy can be used as an inbound policy type: boolean hasRulesTargetRef: description: indicates that the policy has a rules targetRef field for matching type: boolean isFromAsRules: description: >- If set to `true`, performs a backward compatibility conversion from the deprecated 'from' array to the new 'rules' array. This ensures older policies remain functional under the updated schema. type: boolean ResourceTypeDescription: description: >- Description of a resource type, this is useful for dynamically generated clients and the gui type: object required: - name - scope - readOnly - path - singularDisplayName - pluralDisplayName - includeInFederation - shortName properties: name: description: the name of the resource type type: string scope: type: string enum: - Global - Mesh readOnly: type: boolean path: description: >- the path to use for accessing this resource. If scope is `Global` then it will be `/` otherwise it will be `/meshes/` type: string singularDisplayName: type: string pluralDisplayName: type: string shortName: description: the short name of the resource type used in KRIs and kubectl type: string includeInFederation: description: >- description resources of this type should be included in federetion-with-policies export profile (especially useful for moving from non-federated to federated or migrating to a new global). type: boolean policy: $ref: '#/components/schemas/PolicyDescription' Meta: type: object required: - type - mesh - name - labels properties: type: type: string example: Dataplane description: the type of this resource mesh: type: string example: default description: the mesh this resource is part of name: type: string example: my-resource description: the name of the resource kri: type: string readOnly: true x-go-name: KRI example: kri_mtp_default_zone-east_kuma-demo_mypolicy1_ description: Kuma Resource Identifier (KRI) of the given resource labels: type: object additionalProperties: type: string example: k8s.kuma.io/namespace: kuma-system kuma.io/display-name: mtp kuma.io/mesh: default kuma.io/origin: zone description: > Labels of the resource. Note: certain system labels are immutable after creation: - `kuma.io/origin`: Resource origin (zone/global). Immutable. - `kuma.io/zone`: Zone where resource originated. Immutable. - `kuma.io/display-name`: Display name for the resource. Immutable. ProxyRule: description: a rule that affects the entire proxy type: object required: - conf - origin properties: conf: description: The actual conf generated type: object additionalProperties: true x-go-type: interface{} origin: type: array items: $ref: '#/components/schemas/Meta' RuleMatcher: type: object required: - key - value - not description: A matcher to select which traffic this conf applies to properties: key: type: string description: the key to match against example: kuma.io/service value: type: string description: the value for the key to match against example: my-cool-service not: type: boolean description: whether we check on the absence of this key:value pair Rule: type: object required: - matchers - conf - origin properties: matchers: type: array items: $ref: '#/components/schemas/RuleMatcher' conf: description: The actual conf generated type: object additionalProperties: true x-go-type: interface{} origin: type: array items: $ref: '#/components/schemas/Meta' ResourceRuleOrigin: type: object properties: resourceMeta: $ref: '#/components/schemas/Meta' ruleIndex: description: index of the to-item in the policy type: integer ResourceRule: type: object required: - resourceMeta - conf - origin properties: resourceMeta: $ref: '#/components/schemas/Meta' resourceSectionName: type: string conf: description: The actual conf generated type: array items: type: object additionalProperties: true x-go-type: interface{} origin: type: array description: >- The list of policies that contributed to the 'conf'. The order is important as it reflects in what order confs were merged to get the resulting 'conf'. items: $ref: '#/components/schemas/ResourceRuleOrigin' Inbound: type: object required: - tags - port properties: name: type: string tags: type: object additionalProperties: type: string x-go-type: map[string]string port: type: integer FromRule: type: object required: - rules - inbound properties: inbound: $ref: '#/components/schemas/Inbound' rules: type: array items: $ref: '#/components/schemas/Rule' InboundRule: type: object required: - conf - origin properties: conf: description: >- The final computed configuration for the data plane proxy, derived by merging all policies whose 'targetRef' field matches the proxy. The merging process follows [RFC 7396 (JSON Merge Patch)](https://datatracker.ietf.org/doc/html/rfc7396), with the order of merging influenced by factors such as where the policy was applied (e.g., custom namespace, system, or global control plane), policy role, and targetRef specificity. type: array items: type: object additionalProperties: true x-go-type: interface{} origin: type: array description: >- The list of policies that contributed to the 'conf'. The order is important as it reflects in what order confs were merged to get the resulting 'conf'. items: $ref: '#/components/schemas/ResourceRuleOrigin' InboundRulesEntry: type: object required: - inbound - rules properties: inbound: $ref: '#/components/schemas/Inbound' rules: type: array description: >- The 'rules' field is an array to allow for future expansion when 'matches' conditions are added. Currently, it contains a single item. items: $ref: '#/components/schemas/InboundRule' InspectRule: type: object required: - type properties: type: type: string example: MeshRetry description: the type of the policy proxyRule: $ref: '#/components/schemas/ProxyRule' toRules: type: array description: >- a set of rules for the outbounds of this proxy. The field is not set when 'meshService.mode' on Mesh is set to 'Exclusive'. items: $ref: '#/components/schemas/Rule' toResourceRules: type: array description: >- a set of rules for the outbounds produced by real resources (i.e MeshService, MeshExternalService, MeshMultiZoneService). items: $ref: '#/components/schemas/ResourceRule' fromRules: type: array description: a set of rules for each inbound of this proxy items: $ref: '#/components/schemas/FromRule' inboundRules: type: array description: >- a set of rules for each inbound port of the proxy. When the policy descriptor has 'isFromAsRules' set to true, this field supersedes 'fromRules' and should be used instead. items: $ref: '#/components/schemas/InboundRulesEntry' warnings: type: array description: a set of warnings to show in policy matching example: - Mesh is not Mtls enabled this policy will have no effect items: type: string HttpMatch: type: object required: - hash - match properties: hash: type: string match: type: object x-go-type: interface{} JsonPatchItem: type: object required: - op - path - value properties: op: type: string description: Operation to be performed. enum: - add - remove - test path: type: string description: >- A JSON Pointer path indicating the part of the document to operate on. value: description: The value to be used within the operations. DataplaneInbound: type: object required: - kri - port - protocol - proxyResourceName properties: kri: type: string port: type: integer x-go-type: int32 protocol: type: string proxyResourceName: type: string DataplaneOutbound: type: object required: - kri - port - protocol - proxyResourceName properties: kri: type: string port: type: integer x-go-type: int32 protocol: type: string proxyResourceName: type: string DataplaneListener: type: object required: - kri - type - port - proxyResourceName properties: kri: type: string type: type: string enum: - ZoneIngress - ZoneEgress port: type: integer x-go-type: int32 proxyResourceName: type: string PolicyOrigin: type: object required: - kri description: >- The list of policies KRI that contributed to the 'conf'. The order is important as it reflects in what order confs were merged to get the resulting 'conf'. properties: kri: type: string PolicyConf: type: object required: - kind - conf - origins properties: kind: type: string conf: description: >- The final computed configuration for the data plane proxy, derived by merging all policies whose 'targetRef' field matches the proxy. The merging process follows [RFC 7396 (JSON Merge Patch)](https://datatracker.ietf.org/doc/html/rfc7396), with the order of merging influenced by factors such as where the policy was applied (e.g., custom namespace, system, or global control plane), policy role, and targetRef specificity. type: object additionalProperties: true x-go-type: interface{} origins: type: array description: >- The list of policies KRI that contributed to the 'conf'. The order is important as it reflects in what order confs were merged to get the resulting 'conf'. items: $ref: '#/components/schemas/PolicyOrigin' PoliciesList: type: object required: - policies properties: policies: type: array description: >- The final computed configuration, derived by merging all policies whose 'targetRef' field matches the proxy. The merging process follows [RFC 7396 (JSON Merge Patch)](https://datatracker.ietf.org/doc/html/rfc7396), with the order of merging influenced by factors such as where the policy was applied (e.g., custom namespace, system, or global control plane), policy role, and targetRef specificity. items: $ref: '#/components/schemas/PolicyConf' PolicyRule: type: object required: - conf properties: conf: description: >- The final computed configuration for the data plane proxy, derived by merging all policies whose 'targetRef' field matches the proxy. The merging process follows [RFC 7396 (JSON Merge Patch)](https://datatracker.ietf.org/doc/html/rfc7396), with the order of merging influenced by factors such as where the policy was applied (e.g., custom namespace, system, or global control plane), policy role, and targetRef specificity. type: object additionalProperties: true x-go-type: interface{} kri: type: string InboundPolicyConf: type: object required: - kind - rules - origins properties: kind: type: string rules: type: array items: $ref: '#/components/schemas/PolicyRule' origins: type: array description: >- The list of policies KRI that contributed to the 'conf'. The order is important as it reflects in what order confs were merged to get the resulting 'conf'. items: $ref: '#/components/schemas/PolicyOrigin' InboundPoliciesList: type: object required: - policies properties: policies: type: array description: >- The final computed configuration, derived by merging all policies whose 'targetRef' field matches the proxy. The merging process follows [RFC 7396 (JSON Merge Patch)](https://datatracker.ietf.org/doc/html/rfc7396), with the order of merging influenced by factors such as where the policy was applied (e.g., custom namespace, system, or global control plane), policy role, and targetRef specificity. items: $ref: '#/components/schemas/InboundPolicyConf' RouteRules: type: object required: - kri - conf - matches properties: kri: type: string matches: type: array description: List of matches for which this rule will apply items: type: object additionalProperties: true x-go-type: interface{} conf: description: >- The final computed configuration for the data plane proxy, derived by merging all policies whose 'targetRef' field matches the proxy. The merging process follows [RFC 7396 (JSON Merge Patch)](https://datatracker.ietf.org/doc/html/rfc7396), with the order of merging influenced by factors such as where the policy was applied (e.g., custom namespace, system, or global control plane), policy role, and targetRef specificity. type: object additionalProperties: true x-go-type: interface{} RouteConf: type: object required: - kind - rules - origins properties: kind: type: string rules: type: array description: Computed list of routing rules items: $ref: '#/components/schemas/RouteRules' origins: type: array description: >- The list of policies KRI that contributed to the 'conf'. The order is important as it reflects in what order confs were merged to get the resulting 'conf'. items: $ref: '#/components/schemas/PolicyOrigin' RoutesList: type: object required: - routes properties: routes: type: array description: Computed list of routes items: $ref: '#/components/schemas/RouteConf' NotFoundError: allOf: - $ref: '#/components/schemas/Error' - type: object properties: status: type: integer enum: - 404 example: 404 description: | The HTTP status code for NotFoundError MUST be 404. title: type: string example: Not Found type: type: string example: https://httpstatuses.com/404 detail: type: string example: The requested resource was not found PrometheusMetricsBackendConfig: description: >- PrometheusMetricsBackendConfig defines configuration of Prometheus backend properties: aggregate: description: >- Map with the configuration of applications which metrics are going to be scrapped by kuma-dp. items: description: >- PrometheusAggregateMetricsConfig defines endpoints that should be scrapped by kuma-dp for prometheus metrics. properties: address: description: >- Address on which a service expose HTTP endpoint with Prometheus metrics. type: string enabled: description: >- If false then the application won't be scrapped. If nil, then it is treated as true and kuma-dp scrapes metrics from the service. type: boolean name: description: Name which identify given configuration. type: string path: description: >- Path on which a service expose HTTP endpoint with Prometheus metrics. type: string port: description: >- Port on which a service expose HTTP endpoint with Prometheus metrics. type: integer type: object type: array envoy: description: Configuration of Envoy's metrics. properties: filterRegex: description: >- FilterRegex value that is going to be passed to Envoy for filtering Envoy metrics. type: string usedOnly: description: >- If true then return metrics that Envoy has updated (counters incremented at least once, gauges changed at least once, and histograms added to at least once). If nil, then it is treated as false. type: boolean type: object path: description: >- Path on which a dataplane should expose HTTP endpoint with Prometheus metrics. type: string port: description: >- Port on which a dataplane should expose HTTP endpoint with Prometheus metrics. type: integer skipMTLS: description: >- If true then endpoints for scraping metrics won't require mTLS even if mTLS is enabled in Mesh. If nil, then it is treated as false. type: boolean tags: additionalProperties: type: string description: >- Tags associated with an application this dataplane is deployed next to, e.g. service=web, version=1.0. `service` tag is mandatory. type: object tls: description: Configuration of TLS for prometheus listener. properties: mode: description: >- mode defines how configured is the TLS for Prometheus. Supported values, delegated, disabled, activeMTLSBackend. Default to `activeMTLSBackend`. oneOf: - type: string - type: integer type: object type: object DataplaneItem: properties: labels: additionalProperties: type: string type: object mesh: type: string metrics: description: >- Configuration for metrics that should be collected and exposed by the data plane proxy. Settings defined here will override their respective defaults defined at a Mesh level. properties: conf: oneOf: - $ref: '#/components/schemas/PrometheusMetricsBackendConfig' type: object name: description: >- Name of the backend, can be then used in Mesh.metrics.enabledBackend type: string type: description: Type of the backend (Kuma ships with 'prometheus') type: string type: object name: type: string networking: description: >- Networking describes inbound and outbound interfaces of the data plane proxy. properties: address: description: >- IP on which the data plane proxy is accessible to the control plane and other data plane proxies in the same network. This can also be a hostname, in which case the control plane will periodically resolve it. type: string admin: description: >- Admin describes configuration related to Envoy Admin API. Due to security, all the Envoy Admin endpoints are exposed only on localhost. Additionally, Envoy will expose `/ready` endpoint on `networking.address` for health checking systems to be able to check the state of Envoy. The rest of the endpoints exposed on `networking.address` are always protected by mTLS and only meant to be consumed internally by the control plane. properties: port: description: Port on which Envoy Admin API server will be listening type: integer type: object advertisedAddress: description: >- In some situations, a data plane proxy resides in a private network (e.g. Docker) and is not reachable via `address` to other data plane proxies. `advertisedAddress` is configured with a routable address for such data plane proxy so that other proxies in the mesh can connect to it over `advertisedAddress` and not via address. Envoy still binds to the `address`, not `advertisedAddress`. type: string gateway: description: >- Gateway describes a configuration of the gateway of the data plane proxy. properties: tags: additionalProperties: type: string description: >- Tags associated with a gateway of this data plane to, e.g. `kuma.io/service=gateway`, `env=prod`. `kuma.io/service` tag is mandatory. type: object type: description: >- Type of gateway this data plane proxy manages. There are two types: `DELEGATED` and `BUILTIN`. Defaults to `DELEGATED`. A `DELEGATED` gateway is an independently deployed proxy (e.g., Kong, Contour, etc) that receives inbound traffic that is not proxied by Kuma, and it sends outbound traffic into the data plane proxy. The `BUILTIN` gateway type causes the data plane proxy itself to be configured as a gateway. See https://kuma.io/docs/latest/explore/gateway/ for more information. oneOf: - type: string - type: integer type: object inbound: description: >- Inbound describes a list of inbound interfaces of the data plane proxy. Inbound describes a service implemented by the data plane proxy. All incoming traffic to a data plane proxy is going through inbound listeners. For every defined Inbound there is a corresponding Envoy Listener. items: description: >- Inbound describes a service implemented by the data plane proxy. properties: address: description: |- Address on which inbound listener will be exposed. Defaults to `networking.address`. type: string health: description: >- Health describes the status of an inbound. If 'health' is nil we consider data plane proxy as healthy. Unhealthy data plane proxies are excluded from Endpoints Discovery Service (EDS). On Kubernetes, it is filled automatically by the control plane if Pod has readiness probe configured. On Universal, it can be set by the external health checking system, but the most common way is to use service probes. See https://kuma.io/docs/latest/documentation/health for more information. properties: ready: description: >- Ready indicates if the data plane proxy is ready to serve the traffic. type: boolean type: object name: description: >- Name adds another way of referencing this port, usable with MeshService type: string port: description: >- Port of the inbound interface that will forward requests to the service. When transparent proxying is used, it is a port on which the service is listening to. When transparent proxying is not used, Envoy will bind to this port. type: integer protocol: description: Protocol of the service (tcp, http, grpc, etc). type: string serviceAddress: description: >- Address of the service that requests will be forwarded to. Defaults to 'inbound.address', since Kuma DP should be deployed next to the service. type: string servicePort: description: |- Port of the service that requests will be forwarded to. Defaults to the same value as `port`. type: integer serviceProbe: description: >- ServiceProbe defines parameters for probing the service next to sidecar. When service probe is defined, Envoy will periodically health check the application next to it and report the status to the control plane. On Kubernetes, Kuma deployments rely on Kubernetes probes so this is not used. See https://kuma.io/docs/latest/documentation/health for more information. properties: healthyThreshold: description: >- Number of consecutive healthy checks before considering a host healthy. format: uint32 type: integer interval: description: Interval between consecutive health checks. properties: nanos: type: integer seconds: type: integer type: object tcp: description: >- Tcp checker tries to establish tcp connection with destination properties: {} type: object timeout: description: Maximum time to wait for a health check response. properties: nanos: type: integer seconds: type: integer type: object unhealthyThreshold: description: >- Number of consecutive unhealthy checks before considering a host unhealthy. format: uint32 type: integer type: object state: description: State describes the current state of the listener. oneOf: - type: string - type: integer tags: additionalProperties: type: string description: >- Tags associated with an application this data plane proxy is deployed next to, e.g. `kuma.io/service=web`, `version=1.0`. You can then reference these tags in policies like MeshTrafficPermission. `kuma.io/service` tag is mandatory. type: object type: object type: array listeners: description: >- Listeners describes zone proxy listeners embedded in this Dataplane. Listeners may coexist with inbounds and gateways. items: description: >- Listener describes a zone proxy listener (ZoneIngress or ZoneEgress) embedded in a regular Dataplane. properties: address: description: Address on which the listener will be exposed. type: string name: description: >- Name uniquely identifies this listener within the Dataplane and is used to reference it via sectionName in policies. Optional: if unset, the port value is used as the name (as a string). type: string port: description: Port on which the listener will be exposed. type: integer state: description: >- State describes the current health state of the listener. The control plane sets this based on the readiness of the underlying pod and sidecar container. oneOf: - type: string - type: integer type: description: >- Type determines the role of this listener: ZoneIngress for inbound cross-zone traffic or ZoneEgress for outbound external traffic. oneOf: - type: string - type: integer type: object type: array outbound: description: >- Outbound describes a list of services consumed by the data plane proxy. For every defined Outbound, there is a corresponding Envoy Listener. items: description: Outbound describes a service consumed by the data plane proxy. properties: address: description: >- IP on which the consumed service will be available to this data plane proxy. On Kubernetes, it's usually ClusterIP of a Service or PodIP of a Headless Service. Defaults to 127.0.0.1 type: string backendRef: description: |- BackendRef is a way to target MeshService. Experimental. Do not use on production yet. properties: kind: description: >- Kind is a type of the object to target. Allowed: MeshService type: string labels: additionalProperties: type: string description: >- Labels to select a single object. If no object is selected then outbound is not created. If multiple objects are selected then the oldest one is used. type: object name: description: Name of the targeted object type: string port: description: >- Port of the targeted object. Required when kind is MeshService. type: integer type: object port: description: >- Port on which the consumed service will be available to this data plane proxy. When transparent proxying is not used, Envoy will bind to this port. type: integer tags: additionalProperties: type: string description: >- Tags of consumed data plane proxies. `kuma.io/service` tag is required. These tags can then be referenced in `destinations` section of policies like TrafficRoute or in `to` section in policies like MeshAccessLog. It is recommended to only use `kuma.io/service`. If you need to consume specific data plane proxy of a service (for example: `version=v2`) the better practice is to use TrafficRoute. type: object type: object type: array transparentProxying: description: >- TransparentProxying describes the configuration for transparent proxying. It is used by default on Kubernetes. properties: directAccessServices: description: >- List of services that will be accessed directly via IP:PORT Use `*` to indicate direct access to every service in the Mesh. Using `*` to directly access every service is a resource-intensive operation, use it only if needed. items: type: string type: array ipFamilyMode: description: >- The IP family mode to enable for. Can be "IPv4" or "DualStack". oneOf: - type: string - type: integer reachableBackends: description: >- Reachable backend via transparent proxy when running with MeshExternalService, MeshService and MeshMultiZoneService. Setting an explicit list of refs can dramatically improve the performance of the mesh. If not specified, all services in the mesh are reachable. properties: refs: items: properties: kind: description: "Type of the backend: MeshService or MeshExternalService\n\n\t+required" type: string labels: additionalProperties: type: string description: "Labels used to select backends\n\n\t+optional" type: object name: description: "Name of the backend.\n\n\t+optional" type: string namespace: description: "Namespace of the backend. Might be empty\n\n\t+optional" type: string port: description: "Port of the backend.\n\n\t+optional" format: uint32 type: integer type: object type: array type: object reachableServices: description: >- List of reachable services (represented by the value of `kuma.io/service`) via transparent proxying. Setting an explicit list can dramatically improve the performance of the mesh. If not specified, all services in the mesh are reachable. items: type: string type: array redirectPortInbound: description: >- Port on which all inbound traffic is being transparently redirected. type: integer redirectPortOutbound: description: >- Port on which all outbound traffic is being transparently redirected. type: integer type: object type: object probes: description: >- Probes describe a list of endpoints that will be exposed without mTLS. This is useful to expose the health endpoints of the application so the orchestration system (e.g. Kubernetes) can still health check the application. See https://kuma.io/docs/latest/policies/service-health-probes/#virtual-probes for more information. Deprecated: this feature will be removed for Universal; on Kubernetes, it's not needed anymore. properties: endpoints: description: List of endpoints to expose without mTLS. items: properties: inboundPath: description: >- Inbound path is a path of the application from which we expose the endpoint. It is recommended to be as specific as possible. type: string inboundPort: description: >- Inbound port is a port of the application from which we expose the endpoint. type: integer path: description: >- Path is a path on which we expose inbound path on the probes port. type: string type: object type: array port: description: >- Port on which the probe endpoints will be exposed. This cannot overlap with any other ports. type: integer type: object type: type: string required: - type - name - mesh type: object FileLoggingBackendConfig: description: >- FileLoggingBackendConfig defines configuration for file based access logs properties: path: description: Path to a file that logs will be written to type: string type: object TcpLoggingBackendConfig: description: TcpLoggingBackendConfig defines configuration for TCP based access logs properties: address: description: Address to TCP service that will receive logs type: string type: object DataSource_File: properties: file: description: |- Data source is a path to a file. Deprecated, use other sources of a data. type: string type: object DataSource_Inline: properties: inline: description: Data source is inline bytes. format: byte type: string type: object DataSource_InlineString: properties: inlineString: description: Data source is inline string type: string type: object DataSource_Secret: properties: secret: description: Data source is a secret with given Secret key. type: string type: object ProvidedCertificateAuthorityConfig: properties: cert: oneOf: - $ref: '#/components/schemas/DataSource_File' - $ref: '#/components/schemas/DataSource_Inline' - $ref: '#/components/schemas/DataSource_InlineString' - $ref: '#/components/schemas/DataSource_Secret' key: oneOf: - $ref: '#/components/schemas/DataSource_File' - $ref: '#/components/schemas/DataSource_Inline' - $ref: '#/components/schemas/DataSource_InlineString' - $ref: '#/components/schemas/DataSource_Secret' type: object BuiltinCertificateAuthorityConfig: properties: caCert: properties: expiration: type: string rsaBits: format: uint32 type: integer type: object type: object DatadogTracingBackendConfig: properties: address: description: Address of datadog collector. type: string port: description: Port of datadog collector type: integer splitService: description: >- Determines if datadog service name should be split based on traffic direction and destination. For example, with `splitService: true` and a `backend` service that communicates with a couple of databases, you would get service names like `backend_INBOUND`, `backend_OUTBOUND_db1`, and `backend_OUTBOUND_db2` in Datadog. Default: false type: boolean type: object ZipkinTracingBackendConfig: properties: apiVersion: description: >- Version of the API. values: httpJson, httpJsonV1, httpProto. Default: httpJson see https://www.envoyproxy.io/docs/envoy/latest/api-v3/config/trace/v3/trace.proto#envoy-v3-api-enum-config-trace-v3-zipkinconfig-collectorendpointversion type: string sharedSpanContext: description: >- Determines whether client and server spans will share the same span context. Default: true. https://www.envoyproxy.io/docs/envoy/latest/api-v3/config/trace/v3/zipkin.proto#config-trace-v3-zipkinconfig type: boolean traceId128bit: description: 'Generate 128bit traces. Default: false' type: boolean url: description: Address of Zipkin collector. type: string type: object MeshItem: properties: constraints: description: Constraints that applies to the mesh and its entities properties: dataplaneProxy: description: >- DataplaneProxyMembership defines a set of requirements for data plane proxies to be a member of the mesh. properties: requirements: description: >- Requirements defines a set of requirements that data plane proxies must fulfill in order to join the mesh. A data plane proxy must fulfill at least one requirement in order to join the mesh. Empty list of allowed requirements means that any proxy that is not explicitly denied can join. items: description: >- Rules defines a set of rules for data plane proxies to be member of the mesh. properties: tags: additionalProperties: type: string description: >- Tags defines set of required tags. You can specify '*' in value to require non empty value of tag type: object type: object type: array restrictions: description: >- Restrictions defines a set of restrictions that data plane proxies cannot fulfill in order to join the mesh. A data plane proxy cannot fulfill any requirement in order to join the mesh. Restrictions takes precedence over requirements. items: description: >- Rules defines a set of rules for data plane proxies to be member of the mesh. properties: tags: additionalProperties: type: string description: >- Tags defines set of required tags. You can specify '*' in value to require non empty value of tag type: object type: object type: array type: object type: object labels: additionalProperties: type: string type: object logging: description: |- Logging settings. +optional properties: backends: description: List of available logging backends items: description: LoggingBackend defines logging backend available to mesh. properties: conf: oneOf: - $ref: '#/components/schemas/FileLoggingBackendConfig' - $ref: '#/components/schemas/TcpLoggingBackendConfig' type: object format: description: >- Format of access logs. Placeholders available on https://www.envoyproxy.io/docs/envoy/latest/configuration/observability/access_log type: string name: description: >- Name of the backend, can be then used in Mesh.logging.defaultBackend or in TrafficLogging type: string type: description: Type of the backend (Kuma ships with 'tcp' and 'file') type: string type: object type: array defaultBackend: description: Name of the default backend type: string type: object meshServices: properties: mode: oneOf: - type: string - type: integer type: object metrics: description: >- Configuration for metrics collected and exposed by dataplanes. Settings defined here become defaults for every dataplane in a given Mesh. Additionally, it is also possible to further customize this configuration for each dataplane individually using Dataplane resource. +optional properties: backends: description: List of available Metrics backends items: description: MetricsBackend defines metric backends properties: conf: oneOf: - $ref: '#/components/schemas/PrometheusMetricsBackendConfig' type: object name: description: >- Name of the backend, can be then used in Mesh.metrics.enabledBackend type: string type: description: Type of the backend (Kuma ships with 'prometheus') type: string type: object type: array enabledBackend: description: Name of the enabled backend type: string type: object mtls: description: |- mTLS settings. +optional properties: backends: description: List of available Certificate Authority backends items: description: >- CertificateAuthorityBackend defines Certificate Authority backend properties: conf: oneOf: - $ref: >- #/components/schemas/ProvidedCertificateAuthorityConfig - $ref: '#/components/schemas/BuiltinCertificateAuthorityConfig' type: object dpCert: description: Dataplane certificate settings properties: requestTimeout: description: >- Timeout on request to CA for DP certificate generation and retrieval properties: nanos: type: integer seconds: type: integer type: object rotation: description: Rotation settings properties: expiration: description: >- Time after which generated certificate for Dataplane will expire type: string type: object type: object mode: description: >- Mode defines the behaviour of inbound listeners with regard to traffic encryption oneOf: - type: string - type: integer name: description: Name of the backend type: string rootChain: properties: requestTimeout: description: >- Timeout on request for to CA for root certificate chain. If not specified, defaults to 10s. properties: nanos: type: integer seconds: type: integer type: object type: object type: description: >- Type of the backend. Has to be one of the loaded plugins (Kuma ships with builtin and provided) type: string type: object type: array enabledBackend: description: Name of the enabled backend type: string skipValidation: description: If enabled, skips CA validation. type: boolean type: object name: type: string networking: description: Networking settings of the mesh properties: outbound: description: Outbound settings properties: passthrough: description: Control the passthrough cluster type: boolean type: object type: object routing: description: Routing settings of the mesh properties: defaultForbidMeshExternalServiceAccess: description: |- If true, blocks traffic to MeshExternalServices. Default: false type: boolean localityAwareLoadBalancing: description: Enable the Locality Aware Load Balancing type: boolean zoneEgress: description: >- Enable routing traffic to services in other zone or external services through ZoneEgress. Default: false type: boolean type: object skipCreatingInitialPolicies: description: >- List of policies to skip creating by default when the mesh is created. e.g. TrafficPermission, MeshRetry, etc. An '*' can be used to skip all policies. items: type: string type: array tracing: description: |- Tracing settings. +optional properties: backends: description: List of available tracing backends items: description: TracingBackend defines tracing backend available to mesh. properties: conf: oneOf: - $ref: '#/components/schemas/DatadogTracingBackendConfig' - $ref: '#/components/schemas/ZipkinTracingBackendConfig' type: object name: description: >- Name of the backend, can be then used in Mesh.tracing.defaultBackend or in TrafficTrace type: string sampling: description: >- Percentage of traces that will be sent to the backend (range 0.0 - 100.0). Empty value defaults to 100.0% type: number type: description: Type of the backend (Kuma ships with 'zipkin') type: string type: object type: array defaultBackend: description: Name of the default backend type: string type: object type: type: string required: - type - name type: object MeshAccessLogItem: type: object description: >- MeshAccessLog configures access logging for traffic between services in the mesh. It allows you to capture and export request/response logs to various backends (file, TCP, or OpenTelemetry) for monitoring, debugging, and auditing purposes. required: - type - name - spec properties: type: description: the type of the resource type: string enum: - MeshAccessLog mesh: description: >- Mesh is the name of the Kuma mesh this resource belongs to. It may be omitted for cluster-scoped resources. type: string default: default kri: description: >- A unique identifier for this resource instance used by internal tooling and integrations. Typically derived from resource attributes and may be used for cross-references or indexing type: string readOnly: true example: kri_mal_default_zone-east_kuma-demo_mypolicy1_ name: description: Name of the Kuma resource type: string labels: additionalProperties: type: string description: The labels to help identity resources type: object spec: description: Spec is the specification of the Kuma MeshAccessLog resource. properties: from: description: >- From list makes a match between clients and corresponding configurations items: properties: default: description: >- Default is a configuration specific to the group of clients referenced in 'targetRef' properties: backends: items: properties: file: description: >- FileBackend defines configuration for file based access logs properties: format: description: >- Format of access logs. Placeholders available on https://www.envoyproxy.io/docs/envoy/latest/configuration/observability/access_log/usage#command-operators properties: json: example: - key: start_time value: '%START_TIME%' - key: bytes_received value: '%BYTES_RECEIVED%' items: properties: key: type: string value: type: string required: - key - value type: object type: array omitEmptyValues: default: false type: boolean plain: example: >- [%START_TIME%] %KUMA_MESH% %UPSTREAM_HOST% type: string type: enum: - Plain - Json type: string required: - type type: object path: description: Path to a file that logs will be written to example: /tmp/access.log minLength: 1 type: string required: - path type: object openTelemetry: description: Defines an OpenTelemetry logging backend. properties: attributes: description: >- Attributes can contain placeholders available on https://www.envoyproxy.io/docs/envoy/latest/configuration/observability/access_log/usage#command-operators example: - key: mesh value: '%KUMA_MESH%' items: properties: key: type: string value: type: string required: - key - value type: object type: array backendRef: description: >- BackendRef is a reference to a MeshOpenTelemetryBackend resource that defines the collector endpoint. Mutually exclusive with Endpoint. properties: kind: description: Kind of the backend resource. enum: - MeshOpenTelemetryBackend type: string labels: additionalProperties: type: string description: >- Labels to match the referenced resource. Use for cross-zone references where KDS adds a hash suffix to metadata.name. Mutually exclusive with Name. When multiple resources match, the oldest by creation time wins. type: object name: description: >- Name of the referenced resource (metadata.name). Use for same-cluster references. Mutually exclusive with Labels. type: string required: - kind type: object body: description: >- Body is a raw string or an OTLP any value as described at https://github.com/open-telemetry/opentelemetry-specification/blob/main/specification/logs/data-model.md#field-body It can contain placeholders available on https://www.envoyproxy.io/docs/envoy/latest/configuration/observability/access_log/usage#command-operators example: kvlistValue: values: - key: mesh value: stringValue: '%KUMA_MESH%' x-kubernetes-preserve-unknown-fields: true endpoint: default: '' description: >- Endpoint of OpenTelemetry collector. An empty port defaults to 4317. Deprecated: use BackendRef instead. example: otel-collector:4317 type: string type: object tcp: description: TCPBackend defines a TCP logging backend. properties: address: description: Address of the TCP logging backend example: 127.0.0.1:5000 minLength: 1 type: string format: description: >- Format of access logs. Placeholders available on https://www.envoyproxy.io/docs/envoy/latest/configuration/observability/access_log/usage#command-operators properties: json: example: - key: start_time value: '%START_TIME%' - key: bytes_received value: '%BYTES_RECEIVED%' items: properties: key: type: string value: type: string required: - key - value type: object type: array omitEmptyValues: default: false type: boolean plain: example: >- [%START_TIME%] %KUMA_MESH% %UPSTREAM_HOST% type: string type: enum: - Plain - Json type: string required: - type type: object required: - address type: object type: enum: - Tcp - File - OpenTelemetry type: string required: - type type: object type: array type: object targetRef: description: >- TargetRef is a reference to the resource that represents a group of clients. properties: kind: description: Kind of the referenced resource enum: - Mesh - MeshSubset - MeshGateway - MeshService - MeshExternalService - MeshMultiZoneService - MeshServiceSubset - MeshHTTPRoute - Dataplane type: string labels: additionalProperties: type: string description: >- Labels are used to select group of MeshServices that match labels. Either Labels or Name and Namespace can be used. type: object mesh: description: >- Mesh is reserved for future use to identify cross mesh resources. type: string name: description: >- Name of the referenced resource. Can only be used with kinds: `MeshService`, `MeshServiceSubset` and `MeshGatewayRoute` type: string namespace: description: >- Namespace specifies the namespace of target resource. If empty only resources in policy namespace will be targeted. type: string proxyTypes: description: >- ProxyTypes specifies the data plane types that are subject to the policy. When not specified, all data plane types are targeted by the policy. items: enum: - Sidecar - Gateway type: string type: array sectionName: description: >- SectionName is used to target specific section of resource. For example, you can target port from MeshService.ports[] by its name. Only traffic to this port will be affected. type: string tags: additionalProperties: type: string description: >- Tags used to select a subset of proxies by tags. Can only be used with kinds `MeshSubset` and `MeshServiceSubset` type: object required: - kind type: object required: - default - targetRef type: object type: array rules: description: >- Rules defines inbound access log configurations. Currently limited to selecting all inbound traffic, as L7 matching is not yet implemented. items: properties: default: description: >- Default contains configuration of the inbound access logging properties: backends: items: properties: file: description: >- FileBackend defines configuration for file based access logs properties: format: description: >- Format of access logs. Placeholders available on https://www.envoyproxy.io/docs/envoy/latest/configuration/observability/access_log/usage#command-operators properties: json: example: - key: start_time value: '%START_TIME%' - key: bytes_received value: '%BYTES_RECEIVED%' items: properties: key: type: string value: type: string required: - key - value type: object type: array omitEmptyValues: default: false type: boolean plain: example: >- [%START_TIME%] %KUMA_MESH% %UPSTREAM_HOST% type: string type: enum: - Plain - Json type: string required: - type type: object path: description: Path to a file that logs will be written to example: /tmp/access.log minLength: 1 type: string required: - path type: object openTelemetry: description: Defines an OpenTelemetry logging backend. properties: attributes: description: >- Attributes can contain placeholders available on https://www.envoyproxy.io/docs/envoy/latest/configuration/observability/access_log/usage#command-operators example: - key: mesh value: '%KUMA_MESH%' items: properties: key: type: string value: type: string required: - key - value type: object type: array backendRef: description: >- BackendRef is a reference to a MeshOpenTelemetryBackend resource that defines the collector endpoint. Mutually exclusive with Endpoint. properties: kind: description: Kind of the backend resource. enum: - MeshOpenTelemetryBackend type: string labels: additionalProperties: type: string description: >- Labels to match the referenced resource. Use for cross-zone references where KDS adds a hash suffix to metadata.name. Mutually exclusive with Name. When multiple resources match, the oldest by creation time wins. type: object name: description: >- Name of the referenced resource (metadata.name). Use for same-cluster references. Mutually exclusive with Labels. type: string required: - kind type: object body: description: >- Body is a raw string or an OTLP any value as described at https://github.com/open-telemetry/opentelemetry-specification/blob/main/specification/logs/data-model.md#field-body It can contain placeholders available on https://www.envoyproxy.io/docs/envoy/latest/configuration/observability/access_log/usage#command-operators example: kvlistValue: values: - key: mesh value: stringValue: '%KUMA_MESH%' x-kubernetes-preserve-unknown-fields: true endpoint: default: '' description: >- Endpoint of OpenTelemetry collector. An empty port defaults to 4317. Deprecated: use BackendRef instead. example: otel-collector:4317 type: string type: object tcp: description: TCPBackend defines a TCP logging backend. properties: address: description: Address of the TCP logging backend example: 127.0.0.1:5000 minLength: 1 type: string format: description: >- Format of access logs. Placeholders available on https://www.envoyproxy.io/docs/envoy/latest/configuration/observability/access_log/usage#command-operators properties: json: example: - key: start_time value: '%START_TIME%' - key: bytes_received value: '%BYTES_RECEIVED%' items: properties: key: type: string value: type: string required: - key - value type: object type: array omitEmptyValues: default: false type: boolean plain: example: >- [%START_TIME%] %KUMA_MESH% %UPSTREAM_HOST% type: string type: enum: - Plain - Json type: string required: - type type: object required: - address type: object type: enum: - Tcp - File - OpenTelemetry type: string required: - type type: object type: array type: object required: - default type: object type: array targetRef: description: >- TargetRef is a reference to the resource the policy takes an effect on. The resource could be either a real store object or virtual resource defined in-place. properties: kind: description: Kind of the referenced resource enum: - Mesh - MeshSubset - MeshGateway - MeshService - MeshExternalService - MeshMultiZoneService - MeshServiceSubset - MeshHTTPRoute - Dataplane type: string labels: additionalProperties: type: string description: >- Labels are used to select group of MeshServices that match labels. Either Labels or Name and Namespace can be used. type: object mesh: description: >- Mesh is reserved for future use to identify cross mesh resources. type: string name: description: >- Name of the referenced resource. Can only be used with kinds: `MeshService`, `MeshServiceSubset` and `MeshGatewayRoute` type: string namespace: description: >- Namespace specifies the namespace of target resource. If empty only resources in policy namespace will be targeted. type: string proxyTypes: description: >- ProxyTypes specifies the data plane types that are subject to the policy. When not specified, all data plane types are targeted by the policy. items: enum: - Sidecar - Gateway type: string type: array sectionName: description: >- SectionName is used to target specific section of resource. For example, you can target port from MeshService.ports[] by its name. Only traffic to this port will be affected. type: string tags: additionalProperties: type: string description: >- Tags used to select a subset of proxies by tags. Can only be used with kinds `MeshSubset` and `MeshServiceSubset` type: object required: - kind type: object to: description: >- To list makes a match between the consumed services and corresponding configurations items: properties: default: description: >- Default is a configuration specific to the group of destinations referenced in 'targetRef' properties: backends: items: properties: file: description: >- FileBackend defines configuration for file based access logs properties: format: description: >- Format of access logs. Placeholders available on https://www.envoyproxy.io/docs/envoy/latest/configuration/observability/access_log/usage#command-operators properties: json: example: - key: start_time value: '%START_TIME%' - key: bytes_received value: '%BYTES_RECEIVED%' items: properties: key: type: string value: type: string required: - key - value type: object type: array omitEmptyValues: default: false type: boolean plain: example: >- [%START_TIME%] %KUMA_MESH% %UPSTREAM_HOST% type: string type: enum: - Plain - Json type: string required: - type type: object path: description: Path to a file that logs will be written to example: /tmp/access.log minLength: 1 type: string required: - path type: object openTelemetry: description: Defines an OpenTelemetry logging backend. properties: attributes: description: >- Attributes can contain placeholders available on https://www.envoyproxy.io/docs/envoy/latest/configuration/observability/access_log/usage#command-operators example: - key: mesh value: '%KUMA_MESH%' items: properties: key: type: string value: type: string required: - key - value type: object type: array backendRef: description: >- BackendRef is a reference to a MeshOpenTelemetryBackend resource that defines the collector endpoint. Mutually exclusive with Endpoint. properties: kind: description: Kind of the backend resource. enum: - MeshOpenTelemetryBackend type: string labels: additionalProperties: type: string description: >- Labels to match the referenced resource. Use for cross-zone references where KDS adds a hash suffix to metadata.name. Mutually exclusive with Name. When multiple resources match, the oldest by creation time wins. type: object name: description: >- Name of the referenced resource (metadata.name). Use for same-cluster references. Mutually exclusive with Labels. type: string required: - kind type: object body: description: >- Body is a raw string or an OTLP any value as described at https://github.com/open-telemetry/opentelemetry-specification/blob/main/specification/logs/data-model.md#field-body It can contain placeholders available on https://www.envoyproxy.io/docs/envoy/latest/configuration/observability/access_log/usage#command-operators example: kvlistValue: values: - key: mesh value: stringValue: '%KUMA_MESH%' x-kubernetes-preserve-unknown-fields: true endpoint: default: '' description: >- Endpoint of OpenTelemetry collector. An empty port defaults to 4317. Deprecated: use BackendRef instead. example: otel-collector:4317 type: string type: object tcp: description: TCPBackend defines a TCP logging backend. properties: address: description: Address of the TCP logging backend example: 127.0.0.1:5000 minLength: 1 type: string format: description: >- Format of access logs. Placeholders available on https://www.envoyproxy.io/docs/envoy/latest/configuration/observability/access_log/usage#command-operators properties: json: example: - key: start_time value: '%START_TIME%' - key: bytes_received value: '%BYTES_RECEIVED%' items: properties: key: type: string value: type: string required: - key - value type: object type: array omitEmptyValues: default: false type: boolean plain: example: >- [%START_TIME%] %KUMA_MESH% %UPSTREAM_HOST% type: string type: enum: - Plain - Json type: string required: - type type: object required: - address type: object type: enum: - Tcp - File - OpenTelemetry type: string required: - type type: object type: array type: object targetRef: description: >- TargetRef is a reference to the resource that represents a group of destinations. properties: kind: description: Kind of the referenced resource enum: - Mesh - MeshSubset - MeshGateway - MeshService - MeshExternalService - MeshMultiZoneService - MeshServiceSubset - MeshHTTPRoute - Dataplane type: string labels: additionalProperties: type: string description: >- Labels are used to select group of MeshServices that match labels. Either Labels or Name and Namespace can be used. type: object mesh: description: >- Mesh is reserved for future use to identify cross mesh resources. type: string name: description: >- Name of the referenced resource. Can only be used with kinds: `MeshService`, `MeshServiceSubset` and `MeshGatewayRoute` type: string namespace: description: >- Namespace specifies the namespace of target resource. If empty only resources in policy namespace will be targeted. type: string proxyTypes: description: >- ProxyTypes specifies the data plane types that are subject to the policy. When not specified, all data plane types are targeted by the policy. items: enum: - Sidecar - Gateway type: string type: array sectionName: description: >- SectionName is used to target specific section of resource. For example, you can target port from MeshService.ports[] by its name. Only traffic to this port will be affected. type: string tags: additionalProperties: type: string description: >- Tags used to select a subset of proxies by tags. Can only be used with kinds `MeshSubset` and `MeshServiceSubset` type: object required: - kind type: object required: - default - targetRef type: object type: array type: object creationTime: readOnly: true type: string description: Time at which the resource was created format: date-time example: '0001-01-01T00:00:00Z' modificationTime: readOnly: true type: string description: Time at which the resource was updated format: date-time example: '0001-01-01T00:00:00Z' status: description: Status is the current status of the Kuma MeshAccessLog resource. properties: conditions: items: properties: message: description: >- message is a human readable message indicating details about the transition. This may be an empty string. maxLength: 32768 type: string reason: description: >- reason contains a programmatic identifier indicating the reason for the condition's last transition. Producers of specific condition types may define expected values and meanings for this field, and whether the values are considered a guaranteed API. The value should be a CamelCase string. This field may not be empty. maxLength: 1024 minLength: 1 pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$ type: string status: description: status of the condition, one of True, False, Unknown. enum: - 'True' - 'False' - Unknown type: string type: description: >- type of condition in CamelCase or in foo.example.com/CamelCase. maxLength: 316 pattern: >- ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$ type: string required: - message - reason - status - type type: object type: array type: object readOnly: true MeshCircuitBreakerItem: type: object description: >- MeshCircuitBreaker protects services from cascading failures by limiting connections and detecting unhealthy instances. It provides connection limits to prevent overload and outlier detection to temporarily remove failing endpoints from the load balancing pool. required: - type - name - spec properties: type: description: the type of the resource type: string enum: - MeshCircuitBreaker mesh: description: >- Mesh is the name of the Kuma mesh this resource belongs to. It may be omitted for cluster-scoped resources. type: string default: default kri: description: >- A unique identifier for this resource instance used by internal tooling and integrations. Typically derived from resource attributes and may be used for cross-references or indexing type: string readOnly: true example: kri_mcb_default_zone-east_kuma-demo_mypolicy1_ name: description: Name of the Kuma resource type: string labels: additionalProperties: type: string description: The labels to help identity resources type: object spec: description: Spec is the specification of the Kuma MeshCircuitBreaker resource. properties: from: description: >- From list makes a match between clients and corresponding configurations items: properties: default: description: >- Default is a configuration specific to the group of destinations referenced in 'targetRef' properties: connectionLimits: description: >- ConnectionLimits contains configuration of each circuit breaking limit, which when exceeded makes the circuit breaker to become open (no traffic is allowed like no current is allowed in the circuits when physical circuit breaker ir open) properties: maxConnectionPools: description: >- The maximum number of connection pools per cluster that are concurrently supported at once. Set this for clusters which create a large number of connection pools. format: int32 type: integer maxConnections: description: >- The maximum number of connections allowed to be made to the upstream cluster. format: int32 type: integer maxPendingRequests: description: >- The maximum number of pending requests that are allowed to the upstream cluster. This limit is applied as a connection limit for non-HTTP traffic. format: int32 type: integer maxRequests: description: >- The maximum number of parallel requests that are allowed to be made to the upstream cluster. This limit does not apply to non-HTTP traffic. format: int32 type: integer maxRetries: description: >- The maximum number of parallel retries that will be allowed to the upstream cluster. format: int32 type: integer type: object outlierDetection: description: >- OutlierDetection contains the configuration of the process of dynamically determining whether some number of hosts in an upstream cluster are performing unlike the others and removing them from the healthy load balancing set. Performance might be along different axes such as consecutive failures, temporal success rate, temporal latency, etc. Outlier detection is a form of passive health checking. properties: baseEjectionTime: description: >- The base time that a host is ejected for. The real time is equal to the base time multiplied by the number of times the host has been ejected. type: string detectors: description: >- Contains configuration for supported outlier detectors properties: failurePercentage: description: >- Failure Percentage based outlier detection functions similarly to success rate detection, in that it relies on success rate data from each host in a cluster. However, rather than compare those values to the mean success rate of the cluster as a whole, they are compared to a flat user-configured threshold. This threshold is configured via the outlierDetection.failurePercentageThreshold field. The other configuration fields for failure percentage based detection are similar to the fields for success rate detection. As with success rate detection, detection will not be performed for a host if its request volume over the aggregation interval is less than the outlierDetection.detectors.failurePercentage.requestVolume value. Detection also will not be performed for a cluster if the number of hosts with the minimum required request volume in an interval is less than the outlierDetection.detectors.failurePercentage.minimumHosts value. properties: minimumHosts: description: >- The minimum number of hosts in a cluster in order to perform failure percentage-based ejection. If the total number of hosts in the cluster is less than this value, failure percentage-based ejection will not be performed. format: int32 type: integer requestVolume: description: >- The minimum number of total requests that must be collected in one interval (as defined by the interval duration above) to perform failure percentage-based ejection for this host. If the volume is lower than this setting, failure percentage-based ejection will not be performed for this host. format: int32 type: integer threshold: description: >- The failure percentage to use when determining failure percentage-based outlier detection. If the failure percentage of a given host is greater than or equal to this value, it will be ejected. format: int32 type: integer type: object gatewayFailures: description: >- In the default mode (outlierDetection.splitExternalLocalOriginErrors is false) this detection type takes into account a subset of 5xx errors, called "gateway errors" (502, 503 or 504 status code) and local origin failures, such as timeout, TCP reset etc. In split mode (outlierDetection.splitExternalLocalOriginErrors is true) this detection type takes into account a subset of 5xx errors, called "gateway errors" (502, 503 or 504 status code) and is supported only by the http router. properties: consecutive: description: >- The number of consecutive gateway failures (502, 503, 504 status codes) before a consecutive gateway failure ejection occurs. format: int32 type: integer type: object localOriginFailures: description: >- This detection type is enabled only when outlierDetection.splitExternalLocalOriginErrors is true and takes into account only locally originated errors (timeout, reset, etc). If Envoy repeatedly cannot connect to an upstream host or communication with the upstream host is repeatedly interrupted, it will be ejected. Various locally originated problems are detected: timeout, TCP reset, ICMP errors, etc. This detection type is supported by http router and tcp proxy. properties: consecutive: description: >- The number of consecutive locally originated failures before ejection occurs. Parameter takes effect only when splitExternalAndLocalErrors is set to true. format: int32 type: integer type: object successRate: description: >- Success Rate based outlier detection aggregates success rate data from every host in a cluster. Then at given intervals ejects hosts based on statistical outlier detection. Success Rate outlier detection will not be calculated for a host if its request volume over the aggregation interval is less than the outlierDetection.detectors.successRate.requestVolume value. Moreover, detection will not be performed for a cluster if the number of hosts with the minimum required request volume in an interval is less than the outlierDetection.detectors.successRate.minimumHosts value. In the default configuration mode (outlierDetection.splitExternalLocalOriginErrors is false) this detection type takes into account all types of errors: locally and externally originated. In split mode (outlierDetection.splitExternalLocalOriginErrors is true), locally originated errors and externally originated (transaction) errors are counted and treated separately. properties: minimumHosts: description: >- The number of hosts in a cluster that must have enough request volume to detect success rate outliers. If the number of hosts is less than this setting, outlier detection via success rate statistics is not performed for any host in the cluster. format: int32 type: integer requestVolume: description: >- The minimum number of total requests that must be collected in one interval (as defined by the interval duration configured in outlierDetection section) to include this host in success rate based outlier detection. If the volume is lower than this setting, outlier detection via success rate statistics is not performed for that host. format: int32 type: integer standardDeviationFactor: anyOf: - type: integer - type: string description: >- This factor is used to determine the ejection threshold for success rate outlier ejection. The ejection threshold is the difference between the mean success rate, and the product of this factor and the standard deviation of the mean success rate: mean - (standard_deviation * success_rate_standard_deviation_factor). Either int or decimal represented as string. x-kubernetes-int-or-string: true type: object totalFailures: description: >- In the default mode (outlierDetection.splitExternalAndLocalErrors is false) this detection type takes into account all generated errors: locally originated and externally originated (transaction) errors. In split mode (outlierDetection.splitExternalLocalOriginErrors is true) this detection type takes into account only externally originated (transaction) errors, ignoring locally originated errors. If an upstream host is an HTTP-server, only 5xx types of error are taken into account (see Consecutive Gateway Failure for exceptions). Properly formatted responses, even when they carry an operational error (like index not found, access denied) are not taken into account. properties: consecutive: description: >- The number of consecutive server-side error responses (for HTTP traffic, 5xx responses; for TCP traffic, connection failures; for Redis, failure to respond PONG; etc.) before a consecutive total failure ejection occurs. format: int32 type: integer type: object type: object disabled: description: >- When set to true, outlierDetection configuration won't take any effect type: boolean healthyPanicThreshold: anyOf: - type: integer - type: string description: >- Allows to configure panic threshold for Envoy cluster. If not specified, the default is 50%. To disable panic mode, set to 0%. Either int or decimal represented as string. x-kubernetes-int-or-string: true interval: description: >- The time interval between ejection analysis sweeps. This can result in both new ejections and hosts being returned to service. type: string maxEjectionPercent: description: >- The maximum % of an upstream cluster that can be ejected due to outlier detection. Defaults to 10% but will eject at least one host regardless of the value. format: int32 type: integer splitExternalAndLocalErrors: description: >- Determines whether to distinguish local origin failures from external errors. If set to true the following configuration parameters are taken into account: detectors.localOriginFailures.consecutive type: boolean type: object type: object targetRef: description: >- TargetRef is a reference to the resource that represents a group of destinations. properties: kind: description: Kind of the referenced resource enum: - Mesh - MeshSubset - MeshGateway - MeshService - MeshExternalService - MeshMultiZoneService - MeshServiceSubset - MeshHTTPRoute - Dataplane type: string labels: additionalProperties: type: string description: >- Labels are used to select group of MeshServices that match labels. Either Labels or Name and Namespace can be used. type: object mesh: description: >- Mesh is reserved for future use to identify cross mesh resources. type: string name: description: >- Name of the referenced resource. Can only be used with kinds: `MeshService`, `MeshServiceSubset` and `MeshGatewayRoute` type: string namespace: description: >- Namespace specifies the namespace of target resource. If empty only resources in policy namespace will be targeted. type: string proxyTypes: description: >- ProxyTypes specifies the data plane types that are subject to the policy. When not specified, all data plane types are targeted by the policy. items: enum: - Sidecar - Gateway type: string type: array sectionName: description: >- SectionName is used to target specific section of resource. For example, you can target port from MeshService.ports[] by its name. Only traffic to this port will be affected. type: string tags: additionalProperties: type: string description: >- Tags used to select a subset of proxies by tags. Can only be used with kinds `MeshSubset` and `MeshServiceSubset` type: object required: - kind type: object required: - targetRef type: object type: array rules: description: >- Rules defines inbound circuit breaker configurations. Currently limited to selecting all inbound traffic, as L7 matching is not yet implemented. items: properties: default: description: >- Default contains configuration of the inbound circuit breaker properties: connectionLimits: description: >- ConnectionLimits contains configuration of each circuit breaking limit, which when exceeded makes the circuit breaker to become open (no traffic is allowed like no current is allowed in the circuits when physical circuit breaker ir open) properties: maxConnectionPools: description: >- The maximum number of connection pools per cluster that are concurrently supported at once. Set this for clusters which create a large number of connection pools. format: int32 type: integer maxConnections: description: >- The maximum number of connections allowed to be made to the upstream cluster. format: int32 type: integer maxPendingRequests: description: >- The maximum number of pending requests that are allowed to the upstream cluster. This limit is applied as a connection limit for non-HTTP traffic. format: int32 type: integer maxRequests: description: >- The maximum number of parallel requests that are allowed to be made to the upstream cluster. This limit does not apply to non-HTTP traffic. format: int32 type: integer maxRetries: description: >- The maximum number of parallel retries that will be allowed to the upstream cluster. format: int32 type: integer type: object outlierDetection: description: >- OutlierDetection contains the configuration of the process of dynamically determining whether some number of hosts in an upstream cluster are performing unlike the others and removing them from the healthy load balancing set. Performance might be along different axes such as consecutive failures, temporal success rate, temporal latency, etc. Outlier detection is a form of passive health checking. properties: baseEjectionTime: description: >- The base time that a host is ejected for. The real time is equal to the base time multiplied by the number of times the host has been ejected. type: string detectors: description: >- Contains configuration for supported outlier detectors properties: failurePercentage: description: >- Failure Percentage based outlier detection functions similarly to success rate detection, in that it relies on success rate data from each host in a cluster. However, rather than compare those values to the mean success rate of the cluster as a whole, they are compared to a flat user-configured threshold. This threshold is configured via the outlierDetection.failurePercentageThreshold field. The other configuration fields for failure percentage based detection are similar to the fields for success rate detection. As with success rate detection, detection will not be performed for a host if its request volume over the aggregation interval is less than the outlierDetection.detectors.failurePercentage.requestVolume value. Detection also will not be performed for a cluster if the number of hosts with the minimum required request volume in an interval is less than the outlierDetection.detectors.failurePercentage.minimumHosts value. properties: minimumHosts: description: >- The minimum number of hosts in a cluster in order to perform failure percentage-based ejection. If the total number of hosts in the cluster is less than this value, failure percentage-based ejection will not be performed. format: int32 type: integer requestVolume: description: >- The minimum number of total requests that must be collected in one interval (as defined by the interval duration above) to perform failure percentage-based ejection for this host. If the volume is lower than this setting, failure percentage-based ejection will not be performed for this host. format: int32 type: integer threshold: description: >- The failure percentage to use when determining failure percentage-based outlier detection. If the failure percentage of a given host is greater than or equal to this value, it will be ejected. format: int32 type: integer type: object gatewayFailures: description: >- In the default mode (outlierDetection.splitExternalLocalOriginErrors is false) this detection type takes into account a subset of 5xx errors, called "gateway errors" (502, 503 or 504 status code) and local origin failures, such as timeout, TCP reset etc. In split mode (outlierDetection.splitExternalLocalOriginErrors is true) this detection type takes into account a subset of 5xx errors, called "gateway errors" (502, 503 or 504 status code) and is supported only by the http router. properties: consecutive: description: >- The number of consecutive gateway failures (502, 503, 504 status codes) before a consecutive gateway failure ejection occurs. format: int32 type: integer type: object localOriginFailures: description: >- This detection type is enabled only when outlierDetection.splitExternalLocalOriginErrors is true and takes into account only locally originated errors (timeout, reset, etc). If Envoy repeatedly cannot connect to an upstream host or communication with the upstream host is repeatedly interrupted, it will be ejected. Various locally originated problems are detected: timeout, TCP reset, ICMP errors, etc. This detection type is supported by http router and tcp proxy. properties: consecutive: description: >- The number of consecutive locally originated failures before ejection occurs. Parameter takes effect only when splitExternalAndLocalErrors is set to true. format: int32 type: integer type: object successRate: description: >- Success Rate based outlier detection aggregates success rate data from every host in a cluster. Then at given intervals ejects hosts based on statistical outlier detection. Success Rate outlier detection will not be calculated for a host if its request volume over the aggregation interval is less than the outlierDetection.detectors.successRate.requestVolume value. Moreover, detection will not be performed for a cluster if the number of hosts with the minimum required request volume in an interval is less than the outlierDetection.detectors.successRate.minimumHosts value. In the default configuration mode (outlierDetection.splitExternalLocalOriginErrors is false) this detection type takes into account all types of errors: locally and externally originated. In split mode (outlierDetection.splitExternalLocalOriginErrors is true), locally originated errors and externally originated (transaction) errors are counted and treated separately. properties: minimumHosts: description: >- The number of hosts in a cluster that must have enough request volume to detect success rate outliers. If the number of hosts is less than this setting, outlier detection via success rate statistics is not performed for any host in the cluster. format: int32 type: integer requestVolume: description: >- The minimum number of total requests that must be collected in one interval (as defined by the interval duration configured in outlierDetection section) to include this host in success rate based outlier detection. If the volume is lower than this setting, outlier detection via success rate statistics is not performed for that host. format: int32 type: integer standardDeviationFactor: anyOf: - type: integer - type: string description: >- This factor is used to determine the ejection threshold for success rate outlier ejection. The ejection threshold is the difference between the mean success rate, and the product of this factor and the standard deviation of the mean success rate: mean - (standard_deviation * success_rate_standard_deviation_factor). Either int or decimal represented as string. x-kubernetes-int-or-string: true type: object totalFailures: description: >- In the default mode (outlierDetection.splitExternalAndLocalErrors is false) this detection type takes into account all generated errors: locally originated and externally originated (transaction) errors. In split mode (outlierDetection.splitExternalLocalOriginErrors is true) this detection type takes into account only externally originated (transaction) errors, ignoring locally originated errors. If an upstream host is an HTTP-server, only 5xx types of error are taken into account (see Consecutive Gateway Failure for exceptions). Properly formatted responses, even when they carry an operational error (like index not found, access denied) are not taken into account. properties: consecutive: description: >- The number of consecutive server-side error responses (for HTTP traffic, 5xx responses; for TCP traffic, connection failures; for Redis, failure to respond PONG; etc.) before a consecutive total failure ejection occurs. format: int32 type: integer type: object type: object disabled: description: >- When set to true, outlierDetection configuration won't take any effect type: boolean healthyPanicThreshold: anyOf: - type: integer - type: string description: >- Allows to configure panic threshold for Envoy cluster. If not specified, the default is 50%. To disable panic mode, set to 0%. Either int or decimal represented as string. x-kubernetes-int-or-string: true interval: description: >- The time interval between ejection analysis sweeps. This can result in both new ejections and hosts being returned to service. type: string maxEjectionPercent: description: >- The maximum % of an upstream cluster that can be ejected due to outlier detection. Defaults to 10% but will eject at least one host regardless of the value. format: int32 type: integer splitExternalAndLocalErrors: description: >- Determines whether to distinguish local origin failures from external errors. If set to true the following configuration parameters are taken into account: detectors.localOriginFailures.consecutive type: boolean type: object type: object type: object type: array targetRef: description: >- TargetRef is a reference to the resource the policy takes an effect on. The resource could be either a real store object or virtual resource defined in place. properties: kind: description: Kind of the referenced resource enum: - Mesh - MeshSubset - MeshGateway - MeshService - MeshExternalService - MeshMultiZoneService - MeshServiceSubset - MeshHTTPRoute - Dataplane type: string labels: additionalProperties: type: string description: >- Labels are used to select group of MeshServices that match labels. Either Labels or Name and Namespace can be used. type: object mesh: description: >- Mesh is reserved for future use to identify cross mesh resources. type: string name: description: >- Name of the referenced resource. Can only be used with kinds: `MeshService`, `MeshServiceSubset` and `MeshGatewayRoute` type: string namespace: description: >- Namespace specifies the namespace of target resource. If empty only resources in policy namespace will be targeted. type: string proxyTypes: description: >- ProxyTypes specifies the data plane types that are subject to the policy. When not specified, all data plane types are targeted by the policy. items: enum: - Sidecar - Gateway type: string type: array sectionName: description: >- SectionName is used to target specific section of resource. For example, you can target port from MeshService.ports[] by its name. Only traffic to this port will be affected. type: string tags: additionalProperties: type: string description: >- Tags used to select a subset of proxies by tags. Can only be used with kinds `MeshSubset` and `MeshServiceSubset` type: object required: - kind type: object to: description: >- To list makes a match between the consumed services and corresponding configurations items: properties: default: description: >- Default is a configuration specific to the group of destinations referenced in 'targetRef' properties: connectionLimits: description: >- ConnectionLimits contains configuration of each circuit breaking limit, which when exceeded makes the circuit breaker to become open (no traffic is allowed like no current is allowed in the circuits when physical circuit breaker ir open) properties: maxConnectionPools: description: >- The maximum number of connection pools per cluster that are concurrently supported at once. Set this for clusters which create a large number of connection pools. format: int32 type: integer maxConnections: description: >- The maximum number of connections allowed to be made to the upstream cluster. format: int32 type: integer maxPendingRequests: description: >- The maximum number of pending requests that are allowed to the upstream cluster. This limit is applied as a connection limit for non-HTTP traffic. format: int32 type: integer maxRequests: description: >- The maximum number of parallel requests that are allowed to be made to the upstream cluster. This limit does not apply to non-HTTP traffic. format: int32 type: integer maxRetries: description: >- The maximum number of parallel retries that will be allowed to the upstream cluster. format: int32 type: integer type: object outlierDetection: description: >- OutlierDetection contains the configuration of the process of dynamically determining whether some number of hosts in an upstream cluster are performing unlike the others and removing them from the healthy load balancing set. Performance might be along different axes such as consecutive failures, temporal success rate, temporal latency, etc. Outlier detection is a form of passive health checking. properties: baseEjectionTime: description: >- The base time that a host is ejected for. The real time is equal to the base time multiplied by the number of times the host has been ejected. type: string detectors: description: >- Contains configuration for supported outlier detectors properties: failurePercentage: description: >- Failure Percentage based outlier detection functions similarly to success rate detection, in that it relies on success rate data from each host in a cluster. However, rather than compare those values to the mean success rate of the cluster as a whole, they are compared to a flat user-configured threshold. This threshold is configured via the outlierDetection.failurePercentageThreshold field. The other configuration fields for failure percentage based detection are similar to the fields for success rate detection. As with success rate detection, detection will not be performed for a host if its request volume over the aggregation interval is less than the outlierDetection.detectors.failurePercentage.requestVolume value. Detection also will not be performed for a cluster if the number of hosts with the minimum required request volume in an interval is less than the outlierDetection.detectors.failurePercentage.minimumHosts value. properties: minimumHosts: description: >- The minimum number of hosts in a cluster in order to perform failure percentage-based ejection. If the total number of hosts in the cluster is less than this value, failure percentage-based ejection will not be performed. format: int32 type: integer requestVolume: description: >- The minimum number of total requests that must be collected in one interval (as defined by the interval duration above) to perform failure percentage-based ejection for this host. If the volume is lower than this setting, failure percentage-based ejection will not be performed for this host. format: int32 type: integer threshold: description: >- The failure percentage to use when determining failure percentage-based outlier detection. If the failure percentage of a given host is greater than or equal to this value, it will be ejected. format: int32 type: integer type: object gatewayFailures: description: >- In the default mode (outlierDetection.splitExternalLocalOriginErrors is false) this detection type takes into account a subset of 5xx errors, called "gateway errors" (502, 503 or 504 status code) and local origin failures, such as timeout, TCP reset etc. In split mode (outlierDetection.splitExternalLocalOriginErrors is true) this detection type takes into account a subset of 5xx errors, called "gateway errors" (502, 503 or 504 status code) and is supported only by the http router. properties: consecutive: description: >- The number of consecutive gateway failures (502, 503, 504 status codes) before a consecutive gateway failure ejection occurs. format: int32 type: integer type: object localOriginFailures: description: >- This detection type is enabled only when outlierDetection.splitExternalLocalOriginErrors is true and takes into account only locally originated errors (timeout, reset, etc). If Envoy repeatedly cannot connect to an upstream host or communication with the upstream host is repeatedly interrupted, it will be ejected. Various locally originated problems are detected: timeout, TCP reset, ICMP errors, etc. This detection type is supported by http router and tcp proxy. properties: consecutive: description: >- The number of consecutive locally originated failures before ejection occurs. Parameter takes effect only when splitExternalAndLocalErrors is set to true. format: int32 type: integer type: object successRate: description: >- Success Rate based outlier detection aggregates success rate data from every host in a cluster. Then at given intervals ejects hosts based on statistical outlier detection. Success Rate outlier detection will not be calculated for a host if its request volume over the aggregation interval is less than the outlierDetection.detectors.successRate.requestVolume value. Moreover, detection will not be performed for a cluster if the number of hosts with the minimum required request volume in an interval is less than the outlierDetection.detectors.successRate.minimumHosts value. In the default configuration mode (outlierDetection.splitExternalLocalOriginErrors is false) this detection type takes into account all types of errors: locally and externally originated. In split mode (outlierDetection.splitExternalLocalOriginErrors is true), locally originated errors and externally originated (transaction) errors are counted and treated separately. properties: minimumHosts: description: >- The number of hosts in a cluster that must have enough request volume to detect success rate outliers. If the number of hosts is less than this setting, outlier detection via success rate statistics is not performed for any host in the cluster. format: int32 type: integer requestVolume: description: >- The minimum number of total requests that must be collected in one interval (as defined by the interval duration configured in outlierDetection section) to include this host in success rate based outlier detection. If the volume is lower than this setting, outlier detection via success rate statistics is not performed for that host. format: int32 type: integer standardDeviationFactor: anyOf: - type: integer - type: string description: >- This factor is used to determine the ejection threshold for success rate outlier ejection. The ejection threshold is the difference between the mean success rate, and the product of this factor and the standard deviation of the mean success rate: mean - (standard_deviation * success_rate_standard_deviation_factor). Either int or decimal represented as string. x-kubernetes-int-or-string: true type: object totalFailures: description: >- In the default mode (outlierDetection.splitExternalAndLocalErrors is false) this detection type takes into account all generated errors: locally originated and externally originated (transaction) errors. In split mode (outlierDetection.splitExternalLocalOriginErrors is true) this detection type takes into account only externally originated (transaction) errors, ignoring locally originated errors. If an upstream host is an HTTP-server, only 5xx types of error are taken into account (see Consecutive Gateway Failure for exceptions). Properly formatted responses, even when they carry an operational error (like index not found, access denied) are not taken into account. properties: consecutive: description: >- The number of consecutive server-side error responses (for HTTP traffic, 5xx responses; for TCP traffic, connection failures; for Redis, failure to respond PONG; etc.) before a consecutive total failure ejection occurs. format: int32 type: integer type: object type: object disabled: description: >- When set to true, outlierDetection configuration won't take any effect type: boolean healthyPanicThreshold: anyOf: - type: integer - type: string description: >- Allows to configure panic threshold for Envoy cluster. If not specified, the default is 50%. To disable panic mode, set to 0%. Either int or decimal represented as string. x-kubernetes-int-or-string: true interval: description: >- The time interval between ejection analysis sweeps. This can result in both new ejections and hosts being returned to service. type: string maxEjectionPercent: description: >- The maximum % of an upstream cluster that can be ejected due to outlier detection. Defaults to 10% but will eject at least one host regardless of the value. format: int32 type: integer splitExternalAndLocalErrors: description: >- Determines whether to distinguish local origin failures from external errors. If set to true the following configuration parameters are taken into account: detectors.localOriginFailures.consecutive type: boolean type: object type: object targetRef: description: >- TargetRef is a reference to the resource that represents a group of destinations. properties: kind: description: Kind of the referenced resource enum: - Mesh - MeshSubset - MeshGateway - MeshService - MeshExternalService - MeshMultiZoneService - MeshServiceSubset - MeshHTTPRoute - Dataplane type: string labels: additionalProperties: type: string description: >- Labels are used to select group of MeshServices that match labels. Either Labels or Name and Namespace can be used. type: object mesh: description: >- Mesh is reserved for future use to identify cross mesh resources. type: string name: description: >- Name of the referenced resource. Can only be used with kinds: `MeshService`, `MeshServiceSubset` and `MeshGatewayRoute` type: string namespace: description: >- Namespace specifies the namespace of target resource. If empty only resources in policy namespace will be targeted. type: string proxyTypes: description: >- ProxyTypes specifies the data plane types that are subject to the policy. When not specified, all data plane types are targeted by the policy. items: enum: - Sidecar - Gateway type: string type: array sectionName: description: >- SectionName is used to target specific section of resource. For example, you can target port from MeshService.ports[] by its name. Only traffic to this port will be affected. type: string tags: additionalProperties: type: string description: >- Tags used to select a subset of proxies by tags. Can only be used with kinds `MeshSubset` and `MeshServiceSubset` type: object required: - kind type: object required: - targetRef type: object type: array type: object creationTime: readOnly: true type: string description: Time at which the resource was created format: date-time example: '0001-01-01T00:00:00Z' modificationTime: readOnly: true type: string description: Time at which the resource was updated format: date-time example: '0001-01-01T00:00:00Z' MeshFaultInjectionItem: type: object description: >- MeshFaultInjection allows you to test the resiliency of your services by injecting faults like delays, connection aborts, and response bandwidth limits into the traffic. This is useful for chaos testing and validating that your applications handle failures gracefully. required: - type - name - spec properties: type: description: the type of the resource type: string enum: - MeshFaultInjection mesh: description: >- Mesh is the name of the Kuma mesh this resource belongs to. It may be omitted for cluster-scoped resources. type: string default: default kri: description: >- A unique identifier for this resource instance used by internal tooling and integrations. Typically derived from resource attributes and may be used for cross-references or indexing type: string readOnly: true example: kri_mfi_default_zone-east_kuma-demo_mypolicy1_ name: description: Name of the Kuma resource type: string labels: additionalProperties: type: string description: The labels to help identity resources type: object spec: description: Spec is the specification of the Kuma MeshFaultInjection resource. properties: from: description: >- From list makes a match between clients and corresponding configurations items: properties: default: description: >- Default is a configuration specific to the group of destinations referenced in 'targetRef' properties: http: description: >- Http allows to define list of Http faults between dataplanes. items: description: >- FaultInjection defines the configuration of faults between dataplanes. properties: abort: description: >- Abort defines a configuration of not delivering requests to destination service and replacing the responses from destination dataplane by predefined status code properties: httpStatus: description: >- HTTP status code which will be returned to source side format: int32 type: integer percentage: anyOf: - type: integer - type: string description: >- Percentage of requests on which abort will be injected, has to be either int or decimal represented as string. x-kubernetes-int-or-string: true required: - httpStatus - percentage type: object delay: description: >- Delay defines configuration of delaying a response from a destination properties: percentage: anyOf: - type: integer - type: string description: >- Percentage of requests on which delay will be injected, has to be either int or decimal represented as string. x-kubernetes-int-or-string: true value: description: >- The duration during which the response will be delayed type: string required: - percentage - value type: object responseBandwidth: description: >- ResponseBandwidth defines a configuration to limit the speed of responding to the requests properties: limit: description: >- Limit is represented by value measure in Gbps, Mbps, kbps, e.g. 10kbps type: string percentage: anyOf: - type: integer - type: string description: >- Percentage of requests on which response bandwidth limit will be either int or decimal represented as string. x-kubernetes-int-or-string: true required: - limit - percentage type: object type: object type: array type: object targetRef: description: >- TargetRef is a reference to the resource that represents a group of destinations. properties: kind: description: Kind of the referenced resource enum: - Mesh - MeshSubset - MeshGateway - MeshService - MeshExternalService - MeshMultiZoneService - MeshServiceSubset - MeshHTTPRoute - Dataplane type: string labels: additionalProperties: type: string description: >- Labels are used to select group of MeshServices that match labels. Either Labels or Name and Namespace can be used. type: object mesh: description: >- Mesh is reserved for future use to identify cross mesh resources. type: string name: description: >- Name of the referenced resource. Can only be used with kinds: `MeshService`, `MeshServiceSubset` and `MeshGatewayRoute` type: string namespace: description: >- Namespace specifies the namespace of target resource. If empty only resources in policy namespace will be targeted. type: string proxyTypes: description: >- ProxyTypes specifies the data plane types that are subject to the policy. When not specified, all data plane types are targeted by the policy. items: enum: - Sidecar - Gateway type: string type: array sectionName: description: >- SectionName is used to target specific section of resource. For example, you can target port from MeshService.ports[] by its name. Only traffic to this port will be affected. type: string tags: additionalProperties: type: string description: >- Tags used to select a subset of proxies by tags. Can only be used with kinds `MeshSubset` and `MeshServiceSubset` type: object required: - kind type: object required: - targetRef type: object type: array rules: description: Rules defines inbound fault injection configuration items: properties: default: description: Default defines fault configuration properties: http: description: >- Http allows to define list of Http faults between dataplanes. items: description: >- FaultInjection defines the configuration of faults between dataplanes. properties: abort: description: >- Abort defines a configuration of not delivering requests to destination service and replacing the responses from destination dataplane by predefined status code properties: httpStatus: description: >- HTTP status code which will be returned to source side format: int32 type: integer percentage: anyOf: - type: integer - type: string description: >- Percentage of requests on which abort will be injected, has to be either int or decimal represented as string. x-kubernetes-int-or-string: true required: - httpStatus - percentage type: object delay: description: >- Delay defines configuration of delaying a response from a destination properties: percentage: anyOf: - type: integer - type: string description: >- Percentage of requests on which delay will be injected, has to be either int or decimal represented as string. x-kubernetes-int-or-string: true value: description: >- The duration during which the response will be delayed type: string required: - percentage - value type: object responseBandwidth: description: >- ResponseBandwidth defines a configuration to limit the speed of responding to the requests properties: limit: description: >- Limit is represented by value measure in Gbps, Mbps, kbps, e.g. 10kbps type: string percentage: anyOf: - type: integer - type: string description: >- Percentage of requests on which response bandwidth limit will be either int or decimal represented as string. x-kubernetes-int-or-string: true required: - limit - percentage type: object type: object type: array type: object matches: description: >- Matches defines list of matches for which fault injection will be applied items: properties: spiffeID: description: >- SpiffeID defines a matcher configuration for SpiffeID matching properties: type: description: >- Type defines how to match incoming traffic by SpiffeID. `Exact` or `Prefix` are allowed. enum: - Exact - Prefix type: string value: description: >- Value is SpiffeId of a client that needs to match for the configuration to be applied type: string required: - type - value type: object type: object type: array required: - default type: object type: array targetRef: description: >- TargetRef is a reference to the resource the policy takes an effect on. The resource could be either a real store object or virtual resource defined inplace. properties: kind: description: Kind of the referenced resource enum: - Mesh - MeshSubset - MeshGateway - MeshService - MeshExternalService - MeshMultiZoneService - MeshServiceSubset - MeshHTTPRoute - Dataplane type: string labels: additionalProperties: type: string description: >- Labels are used to select group of MeshServices that match labels. Either Labels or Name and Namespace can be used. type: object mesh: description: >- Mesh is reserved for future use to identify cross mesh resources. type: string name: description: >- Name of the referenced resource. Can only be used with kinds: `MeshService`, `MeshServiceSubset` and `MeshGatewayRoute` type: string namespace: description: >- Namespace specifies the namespace of target resource. If empty only resources in policy namespace will be targeted. type: string proxyTypes: description: >- ProxyTypes specifies the data plane types that are subject to the policy. When not specified, all data plane types are targeted by the policy. items: enum: - Sidecar - Gateway type: string type: array sectionName: description: >- SectionName is used to target specific section of resource. For example, you can target port from MeshService.ports[] by its name. Only traffic to this port will be affected. type: string tags: additionalProperties: type: string description: >- Tags used to select a subset of proxies by tags. Can only be used with kinds `MeshSubset` and `MeshServiceSubset` type: object required: - kind type: object to: description: >- To list makes a match between clients and corresponding configurations items: properties: default: description: >- Default is a configuration specific to the group of destinations referenced in 'targetRef' properties: http: description: >- Http allows to define list of Http faults between dataplanes. items: description: >- FaultInjection defines the configuration of faults between dataplanes. properties: abort: description: >- Abort defines a configuration of not delivering requests to destination service and replacing the responses from destination dataplane by predefined status code properties: httpStatus: description: >- HTTP status code which will be returned to source side format: int32 type: integer percentage: anyOf: - type: integer - type: string description: >- Percentage of requests on which abort will be injected, has to be either int or decimal represented as string. x-kubernetes-int-or-string: true required: - httpStatus - percentage type: object delay: description: >- Delay defines configuration of delaying a response from a destination properties: percentage: anyOf: - type: integer - type: string description: >- Percentage of requests on which delay will be injected, has to be either int or decimal represented as string. x-kubernetes-int-or-string: true value: description: >- The duration during which the response will be delayed type: string required: - percentage - value type: object responseBandwidth: description: >- ResponseBandwidth defines a configuration to limit the speed of responding to the requests properties: limit: description: >- Limit is represented by value measure in Gbps, Mbps, kbps, e.g. 10kbps type: string percentage: anyOf: - type: integer - type: string description: >- Percentage of requests on which response bandwidth limit will be either int or decimal represented as string. x-kubernetes-int-or-string: true required: - limit - percentage type: object type: object type: array type: object targetRef: description: >- TargetRef is a reference to the resource that represents a group of destinations. properties: kind: description: Kind of the referenced resource enum: - Mesh - MeshSubset - MeshGateway - MeshService - MeshExternalService - MeshMultiZoneService - MeshServiceSubset - MeshHTTPRoute - Dataplane type: string labels: additionalProperties: type: string description: >- Labels are used to select group of MeshServices that match labels. Either Labels or Name and Namespace can be used. type: object mesh: description: >- Mesh is reserved for future use to identify cross mesh resources. type: string name: description: >- Name of the referenced resource. Can only be used with kinds: `MeshService`, `MeshServiceSubset` and `MeshGatewayRoute` type: string namespace: description: >- Namespace specifies the namespace of target resource. If empty only resources in policy namespace will be targeted. type: string proxyTypes: description: >- ProxyTypes specifies the data plane types that are subject to the policy. When not specified, all data plane types are targeted by the policy. items: enum: - Sidecar - Gateway type: string type: array sectionName: description: >- SectionName is used to target specific section of resource. For example, you can target port from MeshService.ports[] by its name. Only traffic to this port will be affected. type: string tags: additionalProperties: type: string description: >- Tags used to select a subset of proxies by tags. Can only be used with kinds `MeshSubset` and `MeshServiceSubset` type: object required: - kind type: object required: - targetRef type: object type: array type: object creationTime: readOnly: true type: string description: Time at which the resource was created format: date-time example: '0001-01-01T00:00:00Z' modificationTime: readOnly: true type: string description: Time at which the resource was updated format: date-time example: '0001-01-01T00:00:00Z' MeshGatewayItem: properties: conf: description: The desired configuration of the MeshGateway. properties: listeners: description: >- Listeners define logical endpoints that are bound on this MeshGateway's address(es). items: properties: crossMesh: description: >- CrossMesh enables traffic to flow to this listener only from other meshes. type: boolean hostname: description: >- Hostname specifies the virtual hostname to match for protocol types that define this concept. When unspecified, "", or `*`, all hostnames are matched. This field can be omitted for protocols that don't require hostname based matching. type: string port: description: |- Port is the network port. Multiple listeners may use the same port, subject to the Listener compatibility rules. type: integer protocol: description: >- Protocol specifies the network protocol this listener expects to receive. oneOf: - type: string - type: integer resources: description: >- Resources is used to specify listener-specific resource settings. properties: connectionLimit: type: integer type: object tags: additionalProperties: type: string description: >- Tags specifies a unique combination of tags that routes can use to match themselves to this listener. When matching routes to listeners, the control plane constructs a set of matching tags for each listener by forming the union of the gateway tags and the listener tags. A route will be attached to the listener if all of the route's tags are preset in the matching tags type: object tls: description: |- TLS is the TLS configuration for the Listener. This field is required if the Protocol field is "HTTPS" or "TLS" and ignored otherwise. properties: certificates: description: >- Certificates is an array of datasources that contain TLS certificates and private keys. Each datasource must contain a sequence of PEM-encoded objects. The server certificate and private key are required, but additional certificates are allowed and will be added to the certificate chain. The server certificate must be the first certificate in the datasource. When multiple certificate datasources are configured, they must have different key types. In practice, this means that one datasource should contain an RSA key and certificate, and the other an ECDSA key and certificate. items: oneOf: - $ref: '#/components/schemas/DataSource_File' - $ref: '#/components/schemas/DataSource_Inline' - $ref: '#/components/schemas/DataSource_InlineString' - $ref: '#/components/schemas/DataSource_Secret' type: array mode: description: >- Mode defines the TLS behavior for the TLS session initiated by the client. oneOf: - type: string - type: integer options: description: >- Options should eventually configure how TLS is configured. This is where cipher suite and version configuration can be specified, client certificates enforced, and so on. properties: {} type: object type: object type: object type: array type: object labels: additionalProperties: type: string type: object mesh: type: string name: type: string selectors: description: |- Selectors is a list of selectors that are used to match builtin gateway dataplanes that will receive this MeshGateway configuration. items: description: Selector defines structure for selecting tags for given dataplane properties: match: additionalProperties: type: string description: Tags to match, can be used for both source and destinations type: object type: object type: array tags: additionalProperties: type: string description: >- Tags is the set of tags common to all of the gateway's listeners. This field must not include a `kuma.io/service` tag (the service is always defined on the dataplanes). type: object type: type: string required: - type - name - mesh type: object MeshHTTPRouteItem: type: object description: >- NOTICE: This policy defines its own `GetDefault` method so that it can have the given structure for deserialization but still use the generic policy merging machinery. // MeshHTTPRoute configures how HTTP requests are routed between services in the mesh. It enables advanced traffic management including path-based routing, header matching, request/response modification, redirects, URL rewrites, traffic mirroring, and weighted load balancing across service endpoints. required: - type - name - spec properties: type: description: the type of the resource type: string enum: - MeshHTTPRoute mesh: description: >- Mesh is the name of the Kuma mesh this resource belongs to. It may be omitted for cluster-scoped resources. type: string default: default kri: description: >- A unique identifier for this resource instance used by internal tooling and integrations. Typically derived from resource attributes and may be used for cross-references or indexing type: string readOnly: true example: kri_mhttpr_default_zone-east_kuma-demo_mypolicy1_ name: description: Name of the Kuma resource type: string labels: additionalProperties: type: string description: The labels to help identity resources type: object spec: description: Spec is the specification of the Kuma MeshHTTPRoute resource. properties: targetRef: description: >- TargetRef is a reference to the resource the policy takes an effect on. The resource could be either a real store object or virtual resource defined inplace. properties: kind: description: Kind of the referenced resource enum: - Mesh - MeshSubset - MeshGateway - MeshService - MeshExternalService - MeshMultiZoneService - MeshServiceSubset - MeshHTTPRoute - Dataplane type: string labels: additionalProperties: type: string description: >- Labels are used to select group of MeshServices that match labels. Either Labels or Name and Namespace can be used. type: object mesh: description: >- Mesh is reserved for future use to identify cross mesh resources. type: string name: description: >- Name of the referenced resource. Can only be used with kinds: `MeshService`, `MeshServiceSubset` and `MeshGatewayRoute` type: string namespace: description: >- Namespace specifies the namespace of target resource. If empty only resources in policy namespace will be targeted. type: string proxyTypes: description: >- ProxyTypes specifies the data plane types that are subject to the policy. When not specified, all data plane types are targeted by the policy. items: enum: - Sidecar - Gateway type: string type: array sectionName: description: >- SectionName is used to target specific section of resource. For example, you can target port from MeshService.ports[] by its name. Only traffic to this port will be affected. type: string tags: additionalProperties: type: string description: >- Tags used to select a subset of proxies by tags. Can only be used with kinds `MeshSubset` and `MeshServiceSubset` type: object required: - kind type: object to: description: >- To matches destination services of requests and holds configuration. items: properties: hostnames: description: >- Hostnames is only valid when targeting MeshGateway and limits the effects of the rules to requests to this hostname. Given hostnames must intersect with the hostname of the listeners the route attaches to. items: type: string type: array rules: description: >- Rules contains the routing rules applies to a combination of top-level targetRef and the targetRef in this entry. items: properties: default: description: >- Default holds routing rules that can be merged with rules from other policies. properties: backendRefs: items: description: BackendRef defines where to forward traffic. properties: kind: description: Kind of the referenced resource enum: - Mesh - MeshSubset - MeshGateway - MeshService - MeshExternalService - MeshMultiZoneService - MeshServiceSubset - MeshHTTPRoute - Dataplane type: string labels: additionalProperties: type: string description: >- Labels are used to select group of MeshServices that match labels. Either Labels or Name and Namespace can be used. type: object mesh: description: >- Mesh is reserved for future use to identify cross mesh resources. type: string name: description: >- Name of the referenced resource. Can only be used with kinds: `MeshService`, `MeshServiceSubset` and `MeshGatewayRoute` type: string namespace: description: >- Namespace specifies the namespace of target resource. If empty only resources in policy namespace will be targeted. type: string port: description: >- Port is only supported when this ref refers to a real MeshService object format: int32 type: integer proxyTypes: description: >- ProxyTypes specifies the data plane types that are subject to the policy. When not specified, all data plane types are targeted by the policy. items: enum: - Sidecar - Gateway type: string type: array sectionName: description: >- SectionName is used to target specific section of resource. For example, you can target port from MeshService.ports[] by its name. Only traffic to this port will be affected. type: string tags: additionalProperties: type: string description: >- Tags used to select a subset of proxies by tags. Can only be used with kinds `MeshSubset` and `MeshServiceSubset` type: object weight: default: 1 minimum: 0 type: integer required: - kind type: object type: array filters: items: properties: requestHeaderModifier: description: >- Only one action is supported per header name. Configuration to set or add multiple values for a header must use RFC 7230 header value formatting, separating each value with a comma. properties: add: items: properties: name: maxLength: 256 minLength: 1 pattern: ^[a-z0-9!#$%&'*+\-.^_\x60|~]+$ type: string value: type: string required: - name - value type: object maxItems: 16 type: array x-kubernetes-list-map-keys: - name x-kubernetes-list-type: map remove: items: type: string maxItems: 16 type: array set: items: properties: name: maxLength: 256 minLength: 1 pattern: ^[a-z0-9!#$%&'*+\-.^_\x60|~]+$ type: string value: type: string required: - name - value type: object maxItems: 16 type: array x-kubernetes-list-map-keys: - name x-kubernetes-list-type: map type: object requestMirror: properties: backendRef: description: >- BackendRef defines where to forward traffic. properties: kind: description: Kind of the referenced resource enum: - Mesh - MeshSubset - MeshGateway - MeshService - MeshExternalService - MeshMultiZoneService - MeshServiceSubset - MeshHTTPRoute - Dataplane type: string labels: additionalProperties: type: string description: >- Labels are used to select group of MeshServices that match labels. Either Labels or Name and Namespace can be used. type: object mesh: description: >- Mesh is reserved for future use to identify cross mesh resources. type: string name: description: >- Name of the referenced resource. Can only be used with kinds: `MeshService`, `MeshServiceSubset` and `MeshGatewayRoute` type: string namespace: description: >- Namespace specifies the namespace of target resource. If empty only resources in policy namespace will be targeted. type: string port: description: >- Port is only supported when this ref refers to a real MeshService object format: int32 type: integer proxyTypes: description: >- ProxyTypes specifies the data plane types that are subject to the policy. When not specified, all data plane types are targeted by the policy. items: enum: - Sidecar - Gateway type: string type: array sectionName: description: >- SectionName is used to target specific section of resource. For example, you can target port from MeshService.ports[] by its name. Only traffic to this port will be affected. type: string tags: additionalProperties: type: string description: >- Tags used to select a subset of proxies by tags. Can only be used with kinds `MeshSubset` and `MeshServiceSubset` type: object weight: default: 1 minimum: 0 type: integer required: - kind type: object percentage: anyOf: - type: integer - type: string description: >- Percentage of requests to mirror. If not specified, all requests to the target cluster will be mirrored. x-kubernetes-int-or-string: true required: - backendRef type: object requestRedirect: properties: hostname: description: >- PreciseHostname is the fully qualified domain name of a network host. This matches the RFC 1123 definition of a hostname with 1 notable exception that numeric IP addresses are not allowed. Note that as per RFC1035 and RFC1123, a *label* must consist of lower case alphanumeric characters or '-', and must start and end with an alphanumeric character. No other punctuation is allowed. maxLength: 253 minLength: 1 pattern: >- ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$ type: string path: description: >- Path defines parameters used to modify the path of the incoming request. The modified path is then used to construct the location header. When empty, the request path is used as-is. properties: replaceFullPath: type: string replacePrefixMatch: type: string type: enum: - ReplaceFullPath - ReplacePrefixMatch type: string required: - type type: object port: description: >- Port is the port to be used in the value of the `Location` header in the response. When empty, port (if specified) of the request is used. format: int32 maximum: 65535 minimum: 1 type: integer scheme: enum: - http - https type: string statusCode: default: 302 description: >- StatusCode is the HTTP status code to be used in response. enum: - 301 - 302 - 303 - 307 - 308 type: integer type: object responseHeaderModifier: description: >- Only one action is supported per header name. Configuration to set or add multiple values for a header must use RFC 7230 header value formatting, separating each value with a comma. properties: add: items: properties: name: maxLength: 256 minLength: 1 pattern: ^[a-z0-9!#$%&'*+\-.^_\x60|~]+$ type: string value: type: string required: - name - value type: object maxItems: 16 type: array x-kubernetes-list-map-keys: - name x-kubernetes-list-type: map remove: items: type: string maxItems: 16 type: array set: items: properties: name: maxLength: 256 minLength: 1 pattern: ^[a-z0-9!#$%&'*+\-.^_\x60|~]+$ type: string value: type: string required: - name - value type: object maxItems: 16 type: array x-kubernetes-list-map-keys: - name x-kubernetes-list-type: map type: object type: enum: - RequestHeaderModifier - ResponseHeaderModifier - RequestRedirect - URLRewrite - RequestMirror type: string urlRewrite: properties: hostToBackendHostname: description: >- HostToBackendHostname rewrites the hostname to the hostname of the upstream host. This option is only available when targeting MeshGateways. type: boolean hostname: description: >- Hostname is the value to be used to replace the host header value during forwarding. maxLength: 253 minLength: 1 pattern: >- ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$ type: string path: description: Path defines a path rewrite. properties: replaceFullPath: type: string replacePrefixMatch: type: string type: enum: - ReplaceFullPath - ReplacePrefixMatch type: string required: - type type: object type: object required: - type type: object type: array type: object matches: description: >- Matches describes how to match HTTP requests this rule should be applied to. items: properties: headers: items: description: >- HeaderMatch describes how to select an HTTP route by matching HTTP request headers. properties: name: description: >- Name is the name of the HTTP Header to be matched. Name MUST be lower case as they will be handled with case insensitivity (See https://tools.ietf.org/html/rfc7230#section-3.2). maxLength: 256 minLength: 1 pattern: ^[a-z0-9!#$%&'*+\-.^_\x60|~]+$ type: string type: default: Exact description: >- Type specifies how to match against the value of the header. enum: - Exact - Present - RegularExpression - Absent - Prefix type: string value: description: >- Value is the value of HTTP Header to be matched. type: string required: - name type: object type: array method: enum: - CONNECT - DELETE - GET - HEAD - OPTIONS - PATCH - POST - PUT - TRACE type: string path: properties: type: enum: - Exact - PathPrefix - RegularExpression type: string value: description: >- Exact or prefix matches must be an absolute path. A prefix matches only if separated by a slash or the entire path. minLength: 1 type: string required: - type - value type: object queryParams: description: >- QueryParams matches based on HTTP URL query parameters. Multiple matches are ANDed together such that all listed matches must succeed. items: properties: name: minLength: 1 type: string type: enum: - Exact - RegularExpression type: string value: type: string required: - name - type - value type: object type: array type: object minItems: 1 type: array required: - default - matches type: object type: array targetRef: description: >- TargetRef is a reference to the resource that represents a group of request destinations. properties: kind: description: Kind of the referenced resource enum: - Mesh - MeshSubset - MeshGateway - MeshService - MeshExternalService - MeshMultiZoneService - MeshServiceSubset - MeshHTTPRoute - Dataplane type: string labels: additionalProperties: type: string description: >- Labels are used to select group of MeshServices that match labels. Either Labels or Name and Namespace can be used. type: object mesh: description: >- Mesh is reserved for future use to identify cross mesh resources. type: string name: description: >- Name of the referenced resource. Can only be used with kinds: `MeshService`, `MeshServiceSubset` and `MeshGatewayRoute` type: string namespace: description: >- Namespace specifies the namespace of target resource. If empty only resources in policy namespace will be targeted. type: string proxyTypes: description: >- ProxyTypes specifies the data plane types that are subject to the policy. When not specified, all data plane types are targeted by the policy. items: enum: - Sidecar - Gateway type: string type: array sectionName: description: >- SectionName is used to target specific section of resource. For example, you can target port from MeshService.ports[] by its name. Only traffic to this port will be affected. type: string tags: additionalProperties: type: string description: >- Tags used to select a subset of proxies by tags. Can only be used with kinds `MeshSubset` and `MeshServiceSubset` type: object required: - kind type: object required: - rules - targetRef type: object type: array type: object creationTime: readOnly: true type: string description: Time at which the resource was created format: date-time example: '0001-01-01T00:00:00Z' modificationTime: readOnly: true type: string description: Time at which the resource was updated format: date-time example: '0001-01-01T00:00:00Z' MeshHealthCheckItem: type: object description: >- MeshHealthCheck enables active health checking of services in the mesh. It periodically probes service endpoints using TCP, HTTP, or gRPC health checks to detect and remove unhealthy instances from the load balancing pool, improving overall service reliability. required: - type - name - spec properties: type: description: the type of the resource type: string enum: - MeshHealthCheck mesh: description: >- Mesh is the name of the Kuma mesh this resource belongs to. It may be omitted for cluster-scoped resources. type: string default: default kri: description: >- A unique identifier for this resource instance used by internal tooling and integrations. Typically derived from resource attributes and may be used for cross-references or indexing type: string readOnly: true example: kri_mhc_default_zone-east_kuma-demo_mypolicy1_ name: description: Name of the Kuma resource type: string labels: additionalProperties: type: string description: The labels to help identity resources type: object spec: description: Spec is the specification of the Kuma MeshHealthCheck resource. properties: targetRef: description: >- TargetRef is a reference to the resource the policy takes an effect on. The resource could be either a real store object or virtual resource defined inplace. properties: kind: description: Kind of the referenced resource enum: - Mesh - MeshSubset - MeshGateway - MeshService - MeshExternalService - MeshMultiZoneService - MeshServiceSubset - MeshHTTPRoute - Dataplane type: string labels: additionalProperties: type: string description: >- Labels are used to select group of MeshServices that match labels. Either Labels or Name and Namespace can be used. type: object mesh: description: >- Mesh is reserved for future use to identify cross mesh resources. type: string name: description: >- Name of the referenced resource. Can only be used with kinds: `MeshService`, `MeshServiceSubset` and `MeshGatewayRoute` type: string namespace: description: >- Namespace specifies the namespace of target resource. If empty only resources in policy namespace will be targeted. type: string proxyTypes: description: >- ProxyTypes specifies the data plane types that are subject to the policy. When not specified, all data plane types are targeted by the policy. items: enum: - Sidecar - Gateway type: string type: array sectionName: description: >- SectionName is used to target specific section of resource. For example, you can target port from MeshService.ports[] by its name. Only traffic to this port will be affected. type: string tags: additionalProperties: type: string description: >- Tags used to select a subset of proxies by tags. Can only be used with kinds `MeshSubset` and `MeshServiceSubset` type: object required: - kind type: object to: description: >- To list makes a match between the consumed services and corresponding configurations items: properties: default: description: >- Default is a configuration specific to the group of destinations referenced in 'targetRef' properties: alwaysLogHealthCheckFailures: description: >- If set to true, health check failure events will always be logged. If set to false, only the initial health check failure event will be logged. The default value is false. type: boolean eventLogPath: description: >- Specifies the path to the file where Envoy can log health check events. If empty, no event log will be written. type: string failTrafficOnPanic: description: >- If set to true, Envoy will not consider any hosts when the cluster is in 'panic mode'. Instead, the cluster will fail all requests as if all hosts are unhealthy. This can help avoid potentially overwhelming a failing service. type: boolean grpc: description: >- GrpcHealthCheck defines gRPC configuration which will instruct the service the health check will be made for is a gRPC service. properties: authority: description: >- The value of the :authority header in the gRPC health check request, by default name of the cluster this health check is associated with type: string disabled: description: If true the GrpcHealthCheck is disabled type: boolean serviceName: description: >- Service name parameter which will be sent to gRPC service type: string type: object healthyPanicThreshold: anyOf: - type: integer - type: string description: >- Allows to configure panic threshold for Envoy cluster. If not specified, the default is 50%. To disable panic mode, set to 0%. Either int or decimal represented as string. Deprecated: the setting has been moved to MeshCircuitBreaker policy, please use MeshCircuitBreaker policy instead. x-kubernetes-int-or-string: true healthyThreshold: description: >- Number of consecutive healthy checks before considering a host healthy. If not specified then the default value is 1 format: int32 type: integer http: description: >- HttpHealthCheck defines HTTP configuration which will instruct the service the health check will be made for is an HTTP service. properties: disabled: description: If true the HttpHealthCheck is disabled type: boolean expectedStatuses: description: >- List of HTTP response statuses which are considered healthy items: format: int32 type: integer type: array path: description: >- The HTTP path which will be requested during the health check (ie. /health) If not specified then the default value is "/" type: string requestHeadersToAdd: description: >- The list of HTTP headers which should be added to each health check request properties: add: items: properties: name: maxLength: 256 minLength: 1 pattern: ^[a-z0-9!#$%&'*+\-.^_\x60|~]+$ type: string value: type: string required: - name - value type: object maxItems: 16 type: array x-kubernetes-list-map-keys: - name x-kubernetes-list-type: map set: items: properties: name: maxLength: 256 minLength: 1 pattern: ^[a-z0-9!#$%&'*+\-.^_\x60|~]+$ type: string value: type: string required: - name - value type: object maxItems: 16 type: array x-kubernetes-list-map-keys: - name x-kubernetes-list-type: map type: object type: object initialJitter: description: >- If specified, Envoy will start health checking after a random time in ms between 0 and initialJitter. This only applies to the first health check. type: string interval: description: |- Interval between consecutive health checks. If not specified then the default value is 1m type: string intervalJitter: description: >- If specified, during every interval Envoy will add IntervalJitter to the wait time. type: string intervalJitterPercent: description: >- If specified, during every interval Envoy will add IntervalJitter * IntervalJitterPercent / 100 to the wait time. If IntervalJitter and IntervalJitterPercent are both set, both of them will be used to increase the wait time. format: int32 type: integer noTrafficInterval: description: >- The "no traffic interval" is a special health check interval that is used when a cluster has never had traffic routed to it. This lower interval allows cluster information to be kept up to date, without sending a potentially large amount of active health checking traffic for no reason. Once a cluster has been used for traffic routing, Envoy will shift back to using the standard health check interval that is defined. Note that this interval takes precedence over any other. The default value for "no traffic interval" is 60 seconds. type: string reuseConnection: description: >- Reuse health check connection between health checks. Default is true. type: boolean tcp: description: >- TcpHealthCheck defines configuration for specifying bytes to send and expected response during the health check properties: disabled: description: If true the TcpHealthCheck is disabled type: boolean receive: description: >- List of Base64 encoded blocks of strings expected as a response. When checking the response, "fuzzy" matching is performed such that each block must be found, and in the order specified, but not necessarily contiguous. If not provided or empty, checks will be performed as "connect only" and be marked as successful when TCP connection is successfully established. items: type: string type: array send: description: >- Base64 encoded content of the message which will be sent during the health check to the target type: string type: object timeout: description: |- Maximum time to wait for a health check response. If not specified then the default value is 15s type: string unhealthyThreshold: description: >- Number of consecutive unhealthy checks before considering a host unhealthy. If not specified then the default value is 5 format: int32 type: integer type: object targetRef: description: >- TargetRef is a reference to the resource that represents a group of destinations. properties: kind: description: Kind of the referenced resource enum: - Mesh - MeshSubset - MeshGateway - MeshService - MeshExternalService - MeshMultiZoneService - MeshServiceSubset - MeshHTTPRoute - Dataplane type: string labels: additionalProperties: type: string description: >- Labels are used to select group of MeshServices that match labels. Either Labels or Name and Namespace can be used. type: object mesh: description: >- Mesh is reserved for future use to identify cross mesh resources. type: string name: description: >- Name of the referenced resource. Can only be used with kinds: `MeshService`, `MeshServiceSubset` and `MeshGatewayRoute` type: string namespace: description: >- Namespace specifies the namespace of target resource. If empty only resources in policy namespace will be targeted. type: string proxyTypes: description: >- ProxyTypes specifies the data plane types that are subject to the policy. When not specified, all data plane types are targeted by the policy. items: enum: - Sidecar - Gateway type: string type: array sectionName: description: >- SectionName is used to target specific section of resource. For example, you can target port from MeshService.ports[] by its name. Only traffic to this port will be affected. type: string tags: additionalProperties: type: string description: >- Tags used to select a subset of proxies by tags. Can only be used with kinds `MeshSubset` and `MeshServiceSubset` type: object required: - kind type: object required: - targetRef type: object type: array type: object creationTime: readOnly: true type: string description: Time at which the resource was created format: date-time example: '0001-01-01T00:00:00Z' modificationTime: readOnly: true type: string description: Time at which the resource was updated format: date-time example: '0001-01-01T00:00:00Z' MeshLoadBalancingStrategyItem: type: object description: >- MeshLoadBalancingStrategy configures how traffic is distributed across service instances. It supports multiple load balancing algorithms (round-robin, least request, ring hash, random, maglev), locality-aware routing to prefer nearby instances, and cross-zone failover strategies for high availability. required: - type - name - spec properties: type: description: the type of the resource type: string enum: - MeshLoadBalancingStrategy mesh: description: >- Mesh is the name of the Kuma mesh this resource belongs to. It may be omitted for cluster-scoped resources. type: string default: default kri: description: >- A unique identifier for this resource instance used by internal tooling and integrations. Typically derived from resource attributes and may be used for cross-references or indexing type: string readOnly: true example: kri_mlbs_default_zone-east_kuma-demo_mypolicy1_ name: description: Name of the Kuma resource type: string labels: additionalProperties: type: string description: The labels to help identity resources type: object spec: description: >- Spec is the specification of the Kuma MeshLoadBalancingStrategy resource. properties: targetRef: description: >- TargetRef is a reference to the resource the policy takes an effect on. The resource could be either a real store object or virtual resource defined inplace. properties: kind: description: Kind of the referenced resource enum: - Mesh - MeshSubset - MeshGateway - MeshService - MeshExternalService - MeshMultiZoneService - MeshServiceSubset - MeshHTTPRoute - Dataplane type: string labels: additionalProperties: type: string description: >- Labels are used to select group of MeshServices that match labels. Either Labels or Name and Namespace can be used. type: object mesh: description: >- Mesh is reserved for future use to identify cross mesh resources. type: string name: description: >- Name of the referenced resource. Can only be used with kinds: `MeshService`, `MeshServiceSubset` and `MeshGatewayRoute` type: string namespace: description: >- Namespace specifies the namespace of target resource. If empty only resources in policy namespace will be targeted. type: string proxyTypes: description: >- ProxyTypes specifies the data plane types that are subject to the policy. When not specified, all data plane types are targeted by the policy. items: enum: - Sidecar - Gateway type: string type: array sectionName: description: >- SectionName is used to target specific section of resource. For example, you can target port from MeshService.ports[] by its name. Only traffic to this port will be affected. type: string tags: additionalProperties: type: string description: >- Tags used to select a subset of proxies by tags. Can only be used with kinds `MeshSubset` and `MeshServiceSubset` type: object required: - kind type: object to: description: >- To list makes a match between the consumed services and corresponding configurations items: properties: default: description: >- Default is a configuration specific to the group of destinations referenced in 'targetRef' properties: hashPolicies: description: >- HashPolicies specify a list of request/connection properties that are used to calculate a hash. These hash policies are executed in the specified order. If a hash policy has the “terminal” attribute set to true, and there is already a hash generated, the hash is returned immediately, ignoring the rest of the hash policy list. items: properties: connection: properties: sourceIP: description: Hash on source IP address. type: boolean type: object cookie: properties: name: description: >- The name of the cookie that will be used to obtain the hash key. minLength: 1 type: string path: description: The name of the path for the cookie. type: string ttl: description: >- If specified, a cookie with the TTL will be generated if the cookie is not present. type: string required: - name type: object filterState: properties: key: description: >- The name of the Object in the per-request filterState, which is an Envoy::Hashable object. If there is no data associated with the key, or the stored object is not Envoy::Hashable, no hash will be produced. minLength: 1 type: string required: - key type: object header: properties: name: description: >- The name of the request header that will be used to obtain the hash key. minLength: 1 type: string required: - name type: object queryParameter: properties: name: description: >- The name of the URL query parameter that will be used to obtain the hash key. If the parameter is not present, no hash will be produced. Query parameter names are case-sensitive. minLength: 1 type: string required: - name type: object terminal: description: >- Terminal is a flag that short-circuits the hash computing. This field provides a ‘fallback’ style of configuration: “if a terminal policy doesn’t work, fallback to rest of the policy list”, it saves time when the terminal policy works. If true, and there is already a hash computed, ignore rest of the list of hash polices. type: boolean type: enum: - Header - Cookie - Connection - SourceIP - QueryParameter - FilterState type: string required: - type type: object type: array loadBalancer: description: >- LoadBalancer allows to specify load balancing algorithm. properties: leastRequest: description: >- LeastRequest selects N random available hosts as specified in 'choiceCount' (2 by default) and picks the host which has the fewest active requests properties: activeRequestBias: anyOf: - type: integer - type: string description: >- ActiveRequestBias refers to dynamic weights applied when hosts have varying load balancing weights. A higher value here aggressively reduces the weight of endpoints that are currently handling active requests. In essence, the higher the ActiveRequestBias value, the more forcefully it reduces the load balancing weight of endpoints that are actively serving requests. x-kubernetes-int-or-string: true choiceCount: description: >- ChoiceCount is the number of random healthy hosts from which the host with the fewest active requests will be chosen. Defaults to 2 so that Envoy performs two-choice selection if the field is not set. format: int32 minimum: 2 type: integer type: object maglev: description: >- Maglev implements consistent hashing to upstream hosts. Maglev can be used as a drop in replacement for the ring hash load balancer any place in which consistent hashing is desired. properties: hashPolicies: description: >- HashPolicies specify a list of request/connection properties that are used to calculate a hash. These hash policies are executed in the specified order. If a hash policy has the “terminal” attribute set to true, and there is already a hash generated, the hash is returned immediately, ignoring the rest of the hash policy list. items: properties: connection: properties: sourceIP: description: Hash on source IP address. type: boolean type: object cookie: properties: name: description: >- The name of the cookie that will be used to obtain the hash key. minLength: 1 type: string path: description: The name of the path for the cookie. type: string ttl: description: >- If specified, a cookie with the TTL will be generated if the cookie is not present. type: string required: - name type: object filterState: properties: key: description: >- The name of the Object in the per-request filterState, which is an Envoy::Hashable object. If there is no data associated with the key, or the stored object is not Envoy::Hashable, no hash will be produced. minLength: 1 type: string required: - key type: object header: properties: name: description: >- The name of the request header that will be used to obtain the hash key. minLength: 1 type: string required: - name type: object queryParameter: properties: name: description: >- The name of the URL query parameter that will be used to obtain the hash key. If the parameter is not present, no hash will be produced. Query parameter names are case-sensitive. minLength: 1 type: string required: - name type: object terminal: description: >- Terminal is a flag that short-circuits the hash computing. This field provides a ‘fallback’ style of configuration: “if a terminal policy doesn’t work, fallback to rest of the policy list”, it saves time when the terminal policy works. If true, and there is already a hash computed, ignore rest of the list of hash polices. type: boolean type: enum: - Header - Cookie - Connection - SourceIP - QueryParameter - FilterState type: string required: - type type: object type: array tableSize: description: >- The table size for Maglev hashing. Maglev aims for “minimal disruption” rather than an absolute guarantee. Minimal disruption means that when the set of upstream hosts change, a connection will likely be sent to the same upstream as it was before. Increasing the table size reduces the amount of disruption. The table size must be prime number limited to 5000011. If it is not specified, the default is 65537. format: int32 maximum: 5000011 minimum: 1 type: integer type: object random: description: >- Random selects a random available host. The random load balancer generally performs better than round-robin if no health checking policy is configured. Random selection avoids bias towards the host in the set that comes after a failed host. type: object ringHash: description: >- RingHash implements consistent hashing to upstream hosts. Each host is mapped onto a circle (the “ring”) by hashing its address; each request is then routed to a host by hashing some property of the request, and finding the nearest corresponding host clockwise around the ring. properties: hashFunction: description: >- HashFunction is a function used to hash hosts onto the ketama ring. The value defaults to XX_HASH. Available values – XX_HASH, MURMUR_HASH_2. enum: - XXHash - MurmurHash2 type: string hashPolicies: description: >- HashPolicies specify a list of request/connection properties that are used to calculate a hash. These hash policies are executed in the specified order. If a hash policy has the “terminal” attribute set to true, and there is already a hash generated, the hash is returned immediately, ignoring the rest of the hash policy list. items: properties: connection: properties: sourceIP: description: Hash on source IP address. type: boolean type: object cookie: properties: name: description: >- The name of the cookie that will be used to obtain the hash key. minLength: 1 type: string path: description: The name of the path for the cookie. type: string ttl: description: >- If specified, a cookie with the TTL will be generated if the cookie is not present. type: string required: - name type: object filterState: properties: key: description: >- The name of the Object in the per-request filterState, which is an Envoy::Hashable object. If there is no data associated with the key, or the stored object is not Envoy::Hashable, no hash will be produced. minLength: 1 type: string required: - key type: object header: properties: name: description: >- The name of the request header that will be used to obtain the hash key. minLength: 1 type: string required: - name type: object queryParameter: properties: name: description: >- The name of the URL query parameter that will be used to obtain the hash key. If the parameter is not present, no hash will be produced. Query parameter names are case-sensitive. minLength: 1 type: string required: - name type: object terminal: description: >- Terminal is a flag that short-circuits the hash computing. This field provides a ‘fallback’ style of configuration: “if a terminal policy doesn’t work, fallback to rest of the policy list”, it saves time when the terminal policy works. If true, and there is already a hash computed, ignore rest of the list of hash polices. type: boolean type: enum: - Header - Cookie - Connection - SourceIP - QueryParameter - FilterState type: string required: - type type: object type: array maxRingSize: description: >- Maximum hash ring size. Defaults to 8M entries, and limited to 8M entries, but can be lowered to further constrain resource use. format: int32 maximum: 8000000 minimum: 1 type: integer minRingSize: description: >- Minimum hash ring size. The larger the ring is (that is, the more hashes there are for each provided host) the better the request distribution will reflect the desired weights. Defaults to 1024 entries, and limited to 8M entries. format: int32 maximum: 8000000 minimum: 1 type: integer type: object roundRobin: description: >- RoundRobin is a load balancing algorithm that distributes requests across available upstream hosts in round-robin order. type: object type: enum: - RoundRobin - LeastRequest - RingHash - Random - Maglev type: string required: - type type: object localityAwareness: description: >- LocalityAwareness contains configuration for locality aware load balancing. properties: crossZone: description: >- CrossZone defines locality aware load balancing priorities when dataplane proxies inside local zone are unavailable properties: failover: description: >- Failover defines list of load balancing rules in order of priority items: properties: from: description: >- From defines the list of zones to which the rule applies properties: zones: items: type: string type: array required: - zones type: object to: description: >- To defines to which zones the traffic should be load balanced properties: type: description: >- Type defines how target zones will be picked from available zones enum: - None - Only - Any - AnyExcept type: string zones: items: type: string type: array required: - type type: object required: - to type: object type: array failoverThreshold: description: >- FailoverThreshold defines the percentage of live destination dataplane proxies below which load balancing to the next priority starts. Example: If you configure failoverThreshold to 70, and you have deployed 10 destination dataplane proxies. Load balancing to next priority will start when number of live destination dataplane proxies drops below 7. Default 50 properties: percentage: anyOf: - type: integer - type: string x-kubernetes-int-or-string: true required: - percentage type: object type: object disabled: description: >- Disabled allows to disable locality-aware load balancing. When disabled requests are distributed across all endpoints regardless of locality. type: boolean localZone: description: >- LocalZone defines locality aware load balancing priorities between dataplane proxies inside a zone properties: affinityTags: description: >- AffinityTags list of tags for local zone load balancing. items: properties: key: description: >- Key defines tag for which affinity is configured type: string weight: description: >- Weight of the tag used for load balancing. The bigger the weight the bigger the priority. Percentage of local traffic load balanced to tag is computed by dividing weight by sum of weights from all tags. For example with two affinity tags first with weight 80 and second with weight 20, then 80% of traffic will be redirected to the first tag, and 20% of traffic will be redirected to second one. Setting weights is not mandatory. When weights are not set control plane will compute default weight based on list order. Default: If you do not specify weight we will adjust them so that 90% traffic goes to first tag, 9% to next, and 1% to third and so on. format: int32 type: integer required: - key type: object type: array type: object type: object type: object targetRef: description: >- TargetRef is a reference to the resource that represents a group of destinations. properties: kind: description: Kind of the referenced resource enum: - Mesh - MeshSubset - MeshGateway - MeshService - MeshExternalService - MeshMultiZoneService - MeshServiceSubset - MeshHTTPRoute - Dataplane type: string labels: additionalProperties: type: string description: >- Labels are used to select group of MeshServices that match labels. Either Labels or Name and Namespace can be used. type: object mesh: description: >- Mesh is reserved for future use to identify cross mesh resources. type: string name: description: >- Name of the referenced resource. Can only be used with kinds: `MeshService`, `MeshServiceSubset` and `MeshGatewayRoute` type: string namespace: description: >- Namespace specifies the namespace of target resource. If empty only resources in policy namespace will be targeted. type: string proxyTypes: description: >- ProxyTypes specifies the data plane types that are subject to the policy. When not specified, all data plane types are targeted by the policy. items: enum: - Sidecar - Gateway type: string type: array sectionName: description: >- SectionName is used to target specific section of resource. For example, you can target port from MeshService.ports[] by its name. Only traffic to this port will be affected. type: string tags: additionalProperties: type: string description: >- Tags used to select a subset of proxies by tags. Can only be used with kinds `MeshSubset` and `MeshServiceSubset` type: object required: - kind type: object required: - targetRef type: object type: array type: object creationTime: readOnly: true type: string description: Time at which the resource was created format: date-time example: '0001-01-01T00:00:00Z' modificationTime: readOnly: true type: string description: Time at which the resource was updated format: date-time example: '0001-01-01T00:00:00Z' MeshMetricItem: type: object description: >- MeshMetric enables collection and export of service mesh metrics. It configures sidecar and application metrics scraping, allows customization of which metrics are published, and supports exporting to Prometheus or OpenTelemetry backends for monitoring and observability. required: - type - name - spec properties: type: description: the type of the resource type: string enum: - MeshMetric mesh: description: >- Mesh is the name of the Kuma mesh this resource belongs to. It may be omitted for cluster-scoped resources. type: string default: default kri: description: >- A unique identifier for this resource instance used by internal tooling and integrations. Typically derived from resource attributes and may be used for cross-references or indexing type: string readOnly: true example: kri_mm_default_zone-east_kuma-demo_mypolicy1_ name: description: Name of the Kuma resource type: string labels: additionalProperties: type: string description: The labels to help identity resources type: object spec: description: Spec is the specification of the Kuma MeshMetric resource. properties: default: description: MeshMetric configuration. properties: applications: description: >- Applications is a list of application that Dataplane Proxy will scrape items: properties: address: description: Address on which an application listens. type: string name: description: Name of the application to scrape type: string path: default: /metrics description: >- Path on which an application expose HTTP endpoint with metrics. type: string port: description: >- Port on which an application expose HTTP endpoint with metrics. format: int32 type: integer required: - port type: object type: array backends: description: Backends list that will be used to collect metrics. items: properties: openTelemetry: description: OpenTelemetry backend configuration properties: backendRef: description: >- BackendRef is a reference to a MeshOpenTelemetryBackend resource that defines the collector endpoint. Mutually exclusive with Endpoint. properties: kind: description: Kind of the backend resource. enum: - MeshOpenTelemetryBackend type: string labels: additionalProperties: type: string description: >- Labels to match the referenced resource. Use for cross-zone references where KDS adds a hash suffix to metadata.name. Mutually exclusive with Name. When multiple resources match, the oldest by creation time wins. type: object name: description: >- Name of the referenced resource (metadata.name). Use for same-cluster references. Mutually exclusive with Labels. type: string required: - kind type: object endpoint: default: '' description: |- Endpoint for OpenTelemetry collector. Deprecated: use BackendRef instead. type: string refreshInterval: description: >- RefreshInterval defines how frequent metrics should be pushed to collector type: string type: object prometheus: description: Prometheus backend configuration. properties: clientId: description: >- ClientId of the Prometheus backend. Needed when using MADS for DP discovery. type: string path: default: /metrics description: >- Path on which a dataplane should expose HTTP endpoint with Prometheus metrics. type: string port: default: 5670 description: >- Port on which a dataplane should expose HTTP endpoint with Prometheus metrics. format: int32 type: integer tls: description: Configuration of TLS for prometheus listener. properties: mode: default: Disabled description: Configuration of TLS for Prometheus listener. enum: - Disabled - ProvidedTLS - ActiveMTLSBackend type: string type: object type: object type: description: >- Type of the backend that will be used to collect metrics. At the moment only Prometheus backend is available. enum: - Prometheus - OpenTelemetry type: string required: - type type: object type: array sidecar: description: Sidecar metrics collection configuration properties: includeUnused: description: >- IncludeUnused if false will scrape only metrics that has been by sidecar (counters incremented at least once, gauges changed at least once, and histograms added to at least once). If true will scrape all metrics (even the ones with zeros). If not specified then the default value is false. type: boolean profiles: description: >- Profiles allows to customize which metrics are published. properties: appendProfiles: description: >- AppendProfiles allows to combine the metrics from multiple predefined profiles. items: properties: name: description: >- Name of the predefined profile, one of: all, basic, none enum: - All - Basic - None type: string required: - name type: object type: array exclude: description: >- Exclude makes it possible to exclude groups of metrics from a resulting profile. Exclude is subordinate to Include. items: properties: match: description: >- Match is the value used to match using particular Type type: string type: description: >- Type defined the type of selector, one of: prefix, regex, exact enum: - Prefix - Regex - Exact - Contains type: string required: - match - type type: object type: array include: description: >- Include makes it possible to include additional metrics in a selected profiles. Include takes precedence over Exclude. items: properties: match: description: >- Match is the value used to match using particular Type type: string type: description: >- Type defined the type of selector, one of: prefix, regex, exact enum: - Prefix - Regex - Exact - Contains type: string required: - match - type type: object type: array type: object type: object type: object targetRef: description: >- TargetRef is a reference to the resource the policy takes an effect on. The resource could be either a real store object or virtual resource defined in-place. properties: kind: description: Kind of the referenced resource enum: - Mesh - MeshSubset - MeshGateway - MeshService - MeshExternalService - MeshMultiZoneService - MeshServiceSubset - MeshHTTPRoute - Dataplane type: string labels: additionalProperties: type: string description: >- Labels are used to select group of MeshServices that match labels. Either Labels or Name and Namespace can be used. type: object mesh: description: >- Mesh is reserved for future use to identify cross mesh resources. type: string name: description: >- Name of the referenced resource. Can only be used with kinds: `MeshService`, `MeshServiceSubset` and `MeshGatewayRoute` type: string namespace: description: >- Namespace specifies the namespace of target resource. If empty only resources in policy namespace will be targeted. type: string proxyTypes: description: >- ProxyTypes specifies the data plane types that are subject to the policy. When not specified, all data plane types are targeted by the policy. items: enum: - Sidecar - Gateway type: string type: array sectionName: description: >- SectionName is used to target specific section of resource. For example, you can target port from MeshService.ports[] by its name. Only traffic to this port will be affected. type: string tags: additionalProperties: type: string description: >- Tags used to select a subset of proxies by tags. Can only be used with kinds `MeshSubset` and `MeshServiceSubset` type: object required: - kind type: object type: object creationTime: readOnly: true type: string description: Time at which the resource was created format: date-time example: '0001-01-01T00:00:00Z' modificationTime: readOnly: true type: string description: Time at which the resource was updated format: date-time example: '0001-01-01T00:00:00Z' status: description: Status is the current status of the Kuma MeshMetric resource. properties: conditions: items: properties: message: description: >- message is a human readable message indicating details about the transition. This may be an empty string. maxLength: 32768 type: string reason: description: >- reason contains a programmatic identifier indicating the reason for the condition's last transition. Producers of specific condition types may define expected values and meanings for this field, and whether the values are considered a guaranteed API. The value should be a CamelCase string. This field may not be empty. maxLength: 1024 minLength: 1 pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$ type: string status: description: status of the condition, one of True, False, Unknown. enum: - 'True' - 'False' - Unknown type: string type: description: >- type of condition in CamelCase or in foo.example.com/CamelCase. maxLength: 316 pattern: >- ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$ type: string required: - message - reason - status - type type: object type: array type: object readOnly: true MeshPassthroughItem: type: object description: >- MeshPassthrough controls how traffic to external services (outside the mesh) is handled by the sidecar proxy. It allows you to configure passthrough mode to permit, deny, or selectively allow traffic to specific external destinations based on domain names, IPs, or CIDR ranges. required: - type - name - spec properties: type: description: the type of the resource type: string enum: - MeshPassthrough mesh: description: >- Mesh is the name of the Kuma mesh this resource belongs to. It may be omitted for cluster-scoped resources. type: string default: default kri: description: >- A unique identifier for this resource instance used by internal tooling and integrations. Typically derived from resource attributes and may be used for cross-references or indexing type: string readOnly: true example: kri_mp_default_zone-east_kuma-demo_mypolicy1_ name: description: Name of the Kuma resource type: string labels: additionalProperties: type: string description: The labels to help identity resources type: object spec: description: Spec is the specification of the Kuma MeshPassthrough resource. properties: default: description: MeshPassthrough configuration. properties: appendMatch: description: >- AppendMatch is a list of destinations that should be allowed through the sidecar. items: properties: port: description: Port defines the port to which a user makes a request. format: int32 type: integer protocol: default: tcp description: >- Protocol defines the communication protocol. Possible values: `tcp`, `tls`, `grpc`, `http`, `http2`, `mysql`. enum: - tcp - tls - grpc - http - http2 - mysql type: string type: description: >- Type of the match, one of `Domain`, `IP` or `CIDR` is available. enum: - Domain - IP - CIDR type: string value: description: Value for the specified Type. type: string required: - type - value type: object type: array passthroughMode: description: >- Defines the passthrough behavior. Possible values: `All`, `None`, `Matched` When `All` or `None` `appendMatch` has no effect. If not specified then the default value is "Matched". enum: - All - Matched - None type: string type: object targetRef: description: >- TargetRef is a reference to the resource the policy takes an effect on. The resource could be either a real store object or virtual resource defined in-place. properties: kind: description: Kind of the referenced resource enum: - Mesh - MeshSubset - MeshGateway - MeshService - MeshExternalService - MeshMultiZoneService - MeshServiceSubset - MeshHTTPRoute - Dataplane type: string labels: additionalProperties: type: string description: >- Labels are used to select group of MeshServices that match labels. Either Labels or Name and Namespace can be used. type: object mesh: description: >- Mesh is reserved for future use to identify cross mesh resources. type: string name: description: >- Name of the referenced resource. Can only be used with kinds: `MeshService`, `MeshServiceSubset` and `MeshGatewayRoute` type: string namespace: description: >- Namespace specifies the namespace of target resource. If empty only resources in policy namespace will be targeted. type: string proxyTypes: description: >- ProxyTypes specifies the data plane types that are subject to the policy. When not specified, all data plane types are targeted by the policy. items: enum: - Sidecar - Gateway type: string type: array sectionName: description: >- SectionName is used to target specific section of resource. For example, you can target port from MeshService.ports[] by its name. Only traffic to this port will be affected. type: string tags: additionalProperties: type: string description: >- Tags used to select a subset of proxies by tags. Can only be used with kinds `MeshSubset` and `MeshServiceSubset` type: object required: - kind type: object type: object creationTime: readOnly: true type: string description: Time at which the resource was created format: date-time example: '0001-01-01T00:00:00Z' modificationTime: readOnly: true type: string description: Time at which the resource was updated format: date-time example: '0001-01-01T00:00:00Z' MeshProxyPatchItem: type: object description: >- MeshProxyPatch provides advanced customization of the Envoy proxy configuration generated by Kuma. It allows you to add, remove, or modify Envoy resources (clusters, listeners, filters, virtual hosts) using YAML patches or JSON patches for fine-grained control beyond standard policies. required: - type - name - spec properties: type: description: the type of the resource type: string enum: - MeshProxyPatch mesh: description: >- Mesh is the name of the Kuma mesh this resource belongs to. It may be omitted for cluster-scoped resources. type: string default: default kri: description: >- A unique identifier for this resource instance used by internal tooling and integrations. Typically derived from resource attributes and may be used for cross-references or indexing type: string readOnly: true example: kri_mpp_default_zone-east_kuma-demo_mypolicy1_ name: description: Name of the Kuma resource type: string labels: additionalProperties: type: string description: The labels to help identity resources type: object spec: description: Spec is the specification of the Kuma MeshProxyPatch resource. properties: default: description: |- Default is a configuration specific to the group of destinations referenced in 'targetRef'. properties: appendModifications: description: >- AppendModifications is a list of modifications applied on the selected proxy. items: properties: cluster: description: Cluster is a modification of Envoy's Cluster resource. properties: jsonPatches: description: >- JsonPatches specifies list of jsonpatches to apply to on Envoy's Cluster resource items: description: >- JsonPatchBlock is one json patch operation block. properties: from: description: >- From is a jsonpatch from string, used by move and copy operations. type: string op: description: Op is a jsonpatch operation string. enum: - add - remove - replace - move - copy type: string path: description: Path is a jsonpatch path string. type: string value: description: >- Value must be a valid json value used by replace and add operations. x-kubernetes-preserve-unknown-fields: true required: - op - path type: object type: array match: description: >- Match is a set of conditions that have to be matched for modification operation to happen. properties: name: description: Name of the cluster to match. type: string origin: description: >- Origin is the name of the component or plugin that generated the resource. Here is the list of well-known origins: inbound - resources generated for handling incoming traffic. outbound - resources generated for handling outgoing traffic. transparent - resources generated for transparent proxy functionality. prometheus - resources generated when Prometheus metrics are enabled. direct-access - resources generated for Direct Access functionality. ingress - resources generated for Zone Ingress. egress - resources generated for Zone Egress. gateway - resources generated for MeshGateway. The list is not complete, because policy plugins can introduce new resources. For example MeshTrace plugin can create Cluster with "mesh-trace" origin. type: string type: object operation: description: Operation to execute on matched cluster. enum: - Add - Remove - Patch type: string value: description: >- Value of xDS resource in YAML format to add or patch. type: string required: - operation type: object httpFilter: description: >- HTTPFilter is a modification of Envoy HTTP Filter available in HTTP Connection Manager in a Listener resource. properties: jsonPatches: description: >- JsonPatches specifies list of jsonpatches to apply to on Envoy's HTTP Filter available in HTTP Connection Manager in a Listener resource. items: description: >- JsonPatchBlock is one json patch operation block. properties: from: description: >- From is a jsonpatch from string, used by move and copy operations. type: string op: description: Op is a jsonpatch operation string. enum: - add - remove - replace - move - copy type: string path: description: Path is a jsonpatch path string. type: string value: description: >- Value must be a valid json value used by replace and add operations. x-kubernetes-preserve-unknown-fields: true required: - op - path type: object type: array match: description: >- Match is a set of conditions that have to be matched for modification operation to happen. properties: listenerName: description: Name of the listener to match. type: string listenerTags: additionalProperties: type: string description: >- Listener tags available in Listener#Metadata#FilterMetadata[io.kuma.tags] type: object name: description: >- Name of the HTTP filter. For example "envoy.filters.http.local_ratelimit" type: string origin: description: >- Origin is the name of the component or plugin that generated the resource. Here is the list of well-known origins: inbound - resources generated for handling incoming traffic. outbound - resources generated for handling outgoing traffic. transparent - resources generated for transparent proxy functionality. prometheus - resources generated when Prometheus metrics are enabled. direct-access - resources generated for Direct Access functionality. ingress - resources generated for Zone Ingress. egress - resources generated for Zone Egress. gateway - resources generated for MeshGateway. The list is not complete, because policy plugins can introduce new resources. For example MeshTrace plugin can create Cluster with "mesh-trace" origin. type: string type: object operation: description: Operation to execute on matched listener. enum: - Remove - Patch - AddFirst - AddBefore - AddAfter - AddLast type: string value: description: >- Value of xDS resource in YAML format to add or patch. type: string required: - operation type: object listener: description: >- Listener is a modification of Envoy's Listener resource. properties: jsonPatches: description: >- JsonPatches specifies list of jsonpatches to apply to on Envoy's Listener resource items: description: >- JsonPatchBlock is one json patch operation block. properties: from: description: >- From is a jsonpatch from string, used by move and copy operations. type: string op: description: Op is a jsonpatch operation string. enum: - add - remove - replace - move - copy type: string path: description: Path is a jsonpatch path string. type: string value: description: >- Value must be a valid json value used by replace and add operations. x-kubernetes-preserve-unknown-fields: true required: - op - path type: object type: array match: description: >- Match is a set of conditions that have to be matched for modification operation to happen. properties: name: description: Name of the listener to match. type: string origin: description: >- Origin is the name of the component or plugin that generated the resource. Here is the list of well-known origins: inbound - resources generated for handling incoming traffic. outbound - resources generated for handling outgoing traffic. transparent - resources generated for transparent proxy functionality. prometheus - resources generated when Prometheus metrics are enabled. direct-access - resources generated for Direct Access functionality. ingress - resources generated for Zone Ingress. egress - resources generated for Zone Egress. gateway - resources generated for MeshGateway. The list is not complete, because policy plugins can introduce new resources. For example MeshTrace plugin can create Cluster with "mesh-trace" origin. type: string tags: additionalProperties: type: string description: >- Tags available in Listener#Metadata#FilterMetadata[io.kuma.tags] type: object type: object operation: description: Operation to execute on matched listener. enum: - Add - Remove - Patch type: string value: description: >- Value of xDS resource in YAML format to add or patch. type: string required: - operation type: object networkFilter: description: >- NetworkFilter is a modification of Envoy Listener's filter. properties: jsonPatches: description: >- JsonPatches specifies list of jsonpatches to apply to on Envoy Listener's filter. items: description: >- JsonPatchBlock is one json patch operation block. properties: from: description: >- From is a jsonpatch from string, used by move and copy operations. type: string op: description: Op is a jsonpatch operation string. enum: - add - remove - replace - move - copy type: string path: description: Path is a jsonpatch path string. type: string value: description: >- Value must be a valid json value used by replace and add operations. x-kubernetes-preserve-unknown-fields: true required: - op - path type: object type: array match: description: >- Match is a set of conditions that have to be matched for modification operation to happen. properties: listenerName: description: Name of the listener to match. type: string listenerTags: additionalProperties: type: string description: >- Listener tags available in Listener#Metadata#FilterMetadata[io.kuma.tags] type: object name: description: >- Name of the network filter. For example "envoy.filters.network.ratelimit" type: string origin: description: >- Origin is the name of the component or plugin that generated the resource. Here is the list of well-known origins: inbound - resources generated for handling incoming traffic. outbound - resources generated for handling outgoing traffic. transparent - resources generated for transparent proxy functionality. prometheus - resources generated when Prometheus metrics are enabled. direct-access - resources generated for Direct Access functionality. ingress - resources generated for Zone Ingress. egress - resources generated for Zone Egress. gateway - resources generated for MeshGateway. The list is not complete, because policy plugins can introduce new resources. For example MeshTrace plugin can create Cluster with "mesh-trace" origin. type: string type: object operation: description: Operation to execute on matched listener. enum: - Remove - Patch - AddFirst - AddBefore - AddAfter - AddLast type: string value: description: >- Value of xDS resource in YAML format to add or patch. type: string required: - operation type: object virtualHost: description: >- VirtualHost is a modification of Envoy's VirtualHost referenced in HTTP Connection Manager in a Listener resource. properties: jsonPatches: description: >- JsonPatches specifies list of jsonpatches to apply to on Envoy's VirtualHost resource items: description: >- JsonPatchBlock is one json patch operation block. properties: from: description: >- From is a jsonpatch from string, used by move and copy operations. type: string op: description: Op is a jsonpatch operation string. enum: - add - remove - replace - move - copy type: string path: description: Path is a jsonpatch path string. type: string value: description: >- Value must be a valid json value used by replace and add operations. x-kubernetes-preserve-unknown-fields: true required: - op - path type: object type: array match: description: >- Match is a set of conditions that have to be matched for modification operation to happen. properties: name: description: Name of the VirtualHost to match. type: string origin: description: >- Origin is the name of the component or plugin that generated the resource. Here is the list of well-known origins: inbound - resources generated for handling incoming traffic. outbound - resources generated for handling outgoing traffic. transparent - resources generated for transparent proxy functionality. prometheus - resources generated when Prometheus metrics are enabled. direct-access - resources generated for Direct Access functionality. ingress - resources generated for Zone Ingress. egress - resources generated for Zone Egress. gateway - resources generated for MeshGateway. The list is not complete, because policy plugins can introduce new resources. For example MeshTrace plugin can create Cluster with "mesh-trace" origin. type: string routeConfigurationName: description: >- Name of the RouteConfiguration resource to match. type: string type: object operation: description: Operation to execute on matched listener. enum: - Add - Remove - Patch type: string value: description: >- Value of xDS resource in YAML format to add or patch. type: string required: - match - operation type: object type: object type: array type: object targetRef: description: >- TargetRef is a reference to the resource the policy takes an effect on. The resource could be either a real store object or virtual resource defined inplace. properties: kind: description: Kind of the referenced resource enum: - Mesh - MeshSubset - MeshGateway - MeshService - MeshExternalService - MeshMultiZoneService - MeshServiceSubset - MeshHTTPRoute - Dataplane type: string labels: additionalProperties: type: string description: >- Labels are used to select group of MeshServices that match labels. Either Labels or Name and Namespace can be used. type: object mesh: description: >- Mesh is reserved for future use to identify cross mesh resources. type: string name: description: >- Name of the referenced resource. Can only be used with kinds: `MeshService`, `MeshServiceSubset` and `MeshGatewayRoute` type: string namespace: description: >- Namespace specifies the namespace of target resource. If empty only resources in policy namespace will be targeted. type: string proxyTypes: description: >- ProxyTypes specifies the data plane types that are subject to the policy. When not specified, all data plane types are targeted by the policy. items: enum: - Sidecar - Gateway type: string type: array sectionName: description: >- SectionName is used to target specific section of resource. For example, you can target port from MeshService.ports[] by its name. Only traffic to this port will be affected. type: string tags: additionalProperties: type: string description: >- Tags used to select a subset of proxies by tags. Can only be used with kinds `MeshSubset` and `MeshServiceSubset` type: object required: - kind type: object required: - default type: object creationTime: readOnly: true type: string description: Time at which the resource was created format: date-time example: '0001-01-01T00:00:00Z' modificationTime: readOnly: true type: string description: Time at which the resource was updated format: date-time example: '0001-01-01T00:00:00Z' MeshRateLimitItem: type: object description: >- MeshRateLimit protects services from being overwhelmed by limiting the rate of incoming requests or connections. It supports local rate limiting for both HTTP (requests per interval) and TCP (connections per interval) traffic with customizable response codes and headers for rate-limited requests. required: - type - name - spec properties: type: description: the type of the resource type: string enum: - MeshRateLimit mesh: description: >- Mesh is the name of the Kuma mesh this resource belongs to. It may be omitted for cluster-scoped resources. type: string default: default kri: description: >- A unique identifier for this resource instance used by internal tooling and integrations. Typically derived from resource attributes and may be used for cross-references or indexing type: string readOnly: true example: kri_mrl_default_zone-east_kuma-demo_mypolicy1_ name: description: Name of the Kuma resource type: string labels: additionalProperties: type: string description: The labels to help identity resources type: object spec: description: Spec is the specification of the Kuma MeshRateLimit resource. properties: from: description: >- From list makes a match between clients and corresponding configurations items: properties: default: description: >- Default is a configuration specific to the group of clients referenced in 'targetRef' properties: local: description: >- LocalConf defines local http or/and tcp rate limit configuration properties: http: description: >- LocalHTTP defines configuration of local HTTP rate limiting https://www.envoyproxy.io/docs/envoy/latest/configuration/http/http_filters/local_rate_limit_filter properties: disabled: description: Define if rate limiting should be disabled. type: boolean onRateLimit: description: >- Describes the actions to take on a rate limit event properties: headers: description: >- The Headers to be added to the HTTP response on a rate limit event properties: add: items: properties: name: maxLength: 256 minLength: 1 pattern: ^[a-z0-9!#$%&'*+\-.^_\x60|~]+$ type: string value: type: string required: - name - value type: object maxItems: 16 type: array x-kubernetes-list-map-keys: - name x-kubernetes-list-type: map set: items: properties: name: maxLength: 256 minLength: 1 pattern: ^[a-z0-9!#$%&'*+\-.^_\x60|~]+$ type: string value: type: string required: - name - value type: object maxItems: 16 type: array x-kubernetes-list-map-keys: - name x-kubernetes-list-type: map type: object status: description: >- The HTTP status code to be set on a rate limit event format: int32 type: integer type: object requestRate: description: >- Defines how many requests are allowed per interval. properties: interval: description: >- The interval the number of units is accounted for. type: string num: description: >- Number of units per interval (depending on usage it can be a number of requests, or a number of connections). format: int32 type: integer required: - interval - num type: object type: object tcp: description: >- LocalTCP defines confguration of local TCP rate limiting https://www.envoyproxy.io/docs/envoy/latest/configuration/listeners/network_filters/local_rate_limit_filter properties: connectionRate: description: >- Defines how many connections are allowed per interval. properties: interval: description: >- The interval the number of units is accounted for. type: string num: description: >- Number of units per interval (depending on usage it can be a number of requests, or a number of connections). format: int32 type: integer required: - interval - num type: object disabled: description: |- Define if rate limiting should be disabled. Default: false type: boolean type: object type: object type: object targetRef: description: >- TargetRef is a reference to the resource that represents a group of clients. properties: kind: description: Kind of the referenced resource enum: - Mesh - MeshSubset - MeshGateway - MeshService - MeshExternalService - MeshMultiZoneService - MeshServiceSubset - MeshHTTPRoute - Dataplane type: string labels: additionalProperties: type: string description: >- Labels are used to select group of MeshServices that match labels. Either Labels or Name and Namespace can be used. type: object mesh: description: >- Mesh is reserved for future use to identify cross mesh resources. type: string name: description: >- Name of the referenced resource. Can only be used with kinds: `MeshService`, `MeshServiceSubset` and `MeshGatewayRoute` type: string namespace: description: >- Namespace specifies the namespace of target resource. If empty only resources in policy namespace will be targeted. type: string proxyTypes: description: >- ProxyTypes specifies the data plane types that are subject to the policy. When not specified, all data plane types are targeted by the policy. items: enum: - Sidecar - Gateway type: string type: array sectionName: description: >- SectionName is used to target specific section of resource. For example, you can target port from MeshService.ports[] by its name. Only traffic to this port will be affected. type: string tags: additionalProperties: type: string description: >- Tags used to select a subset of proxies by tags. Can only be used with kinds `MeshSubset` and `MeshServiceSubset` type: object required: - kind type: object required: - targetRef type: object type: array rules: description: >- Rules defines inbound rate limiting configurations. Currently limited to selecting all inbound traffic, as L7 matching is not yet implemented. items: properties: default: description: Default contains configuration of the inbound rate limits properties: local: description: >- LocalConf defines local http or/and tcp rate limit configuration properties: http: description: >- LocalHTTP defines configuration of local HTTP rate limiting https://www.envoyproxy.io/docs/envoy/latest/configuration/http/http_filters/local_rate_limit_filter properties: disabled: description: Define if rate limiting should be disabled. type: boolean onRateLimit: description: >- Describes the actions to take on a rate limit event properties: headers: description: >- The Headers to be added to the HTTP response on a rate limit event properties: add: items: properties: name: maxLength: 256 minLength: 1 pattern: ^[a-z0-9!#$%&'*+\-.^_\x60|~]+$ type: string value: type: string required: - name - value type: object maxItems: 16 type: array x-kubernetes-list-map-keys: - name x-kubernetes-list-type: map set: items: properties: name: maxLength: 256 minLength: 1 pattern: ^[a-z0-9!#$%&'*+\-.^_\x60|~]+$ type: string value: type: string required: - name - value type: object maxItems: 16 type: array x-kubernetes-list-map-keys: - name x-kubernetes-list-type: map type: object status: description: >- The HTTP status code to be set on a rate limit event format: int32 type: integer type: object requestRate: description: >- Defines how many requests are allowed per interval. properties: interval: description: >- The interval the number of units is accounted for. type: string num: description: >- Number of units per interval (depending on usage it can be a number of requests, or a number of connections). format: int32 type: integer required: - interval - num type: object type: object tcp: description: >- LocalTCP defines confguration of local TCP rate limiting https://www.envoyproxy.io/docs/envoy/latest/configuration/listeners/network_filters/local_rate_limit_filter properties: connectionRate: description: >- Defines how many connections are allowed per interval. properties: interval: description: >- The interval the number of units is accounted for. type: string num: description: >- Number of units per interval (depending on usage it can be a number of requests, or a number of connections). format: int32 type: integer required: - interval - num type: object disabled: description: |- Define if rate limiting should be disabled. Default: false type: boolean type: object type: object type: object type: object type: array targetRef: description: >- TargetRef is a reference to the resource the policy takes an effect on. The resource could be either a real store object or virtual resource defined inplace. properties: kind: description: Kind of the referenced resource enum: - Mesh - MeshSubset - MeshGateway - MeshService - MeshExternalService - MeshMultiZoneService - MeshServiceSubset - MeshHTTPRoute - Dataplane type: string labels: additionalProperties: type: string description: >- Labels are used to select group of MeshServices that match labels. Either Labels or Name and Namespace can be used. type: object mesh: description: >- Mesh is reserved for future use to identify cross mesh resources. type: string name: description: >- Name of the referenced resource. Can only be used with kinds: `MeshService`, `MeshServiceSubset` and `MeshGatewayRoute` type: string namespace: description: >- Namespace specifies the namespace of target resource. If empty only resources in policy namespace will be targeted. type: string proxyTypes: description: >- ProxyTypes specifies the data plane types that are subject to the policy. When not specified, all data plane types are targeted by the policy. items: enum: - Sidecar - Gateway type: string type: array sectionName: description: >- SectionName is used to target specific section of resource. For example, you can target port from MeshService.ports[] by its name. Only traffic to this port will be affected. type: string tags: additionalProperties: type: string description: >- Tags used to select a subset of proxies by tags. Can only be used with kinds `MeshSubset` and `MeshServiceSubset` type: object required: - kind type: object to: description: >- To list makes a match between clients and corresponding configurations items: properties: default: description: >- Default is a configuration specific to the group of clients referenced in 'targetRef' properties: local: description: >- LocalConf defines local http or/and tcp rate limit configuration properties: http: description: >- LocalHTTP defines configuration of local HTTP rate limiting https://www.envoyproxy.io/docs/envoy/latest/configuration/http/http_filters/local_rate_limit_filter properties: disabled: description: Define if rate limiting should be disabled. type: boolean onRateLimit: description: >- Describes the actions to take on a rate limit event properties: headers: description: >- The Headers to be added to the HTTP response on a rate limit event properties: add: items: properties: name: maxLength: 256 minLength: 1 pattern: ^[a-z0-9!#$%&'*+\-.^_\x60|~]+$ type: string value: type: string required: - name - value type: object maxItems: 16 type: array x-kubernetes-list-map-keys: - name x-kubernetes-list-type: map set: items: properties: name: maxLength: 256 minLength: 1 pattern: ^[a-z0-9!#$%&'*+\-.^_\x60|~]+$ type: string value: type: string required: - name - value type: object maxItems: 16 type: array x-kubernetes-list-map-keys: - name x-kubernetes-list-type: map type: object status: description: >- The HTTP status code to be set on a rate limit event format: int32 type: integer type: object requestRate: description: >- Defines how many requests are allowed per interval. properties: interval: description: >- The interval the number of units is accounted for. type: string num: description: >- Number of units per interval (depending on usage it can be a number of requests, or a number of connections). format: int32 type: integer required: - interval - num type: object type: object tcp: description: >- LocalTCP defines confguration of local TCP rate limiting https://www.envoyproxy.io/docs/envoy/latest/configuration/listeners/network_filters/local_rate_limit_filter properties: connectionRate: description: >- Defines how many connections are allowed per interval. properties: interval: description: >- The interval the number of units is accounted for. type: string num: description: >- Number of units per interval (depending on usage it can be a number of requests, or a number of connections). format: int32 type: integer required: - interval - num type: object disabled: description: |- Define if rate limiting should be disabled. Default: false type: boolean type: object type: object type: object targetRef: description: >- TargetRef is a reference to the resource that represents a group of clients. properties: kind: description: Kind of the referenced resource enum: - Mesh - MeshSubset - MeshGateway - MeshService - MeshExternalService - MeshMultiZoneService - MeshServiceSubset - MeshHTTPRoute - Dataplane type: string labels: additionalProperties: type: string description: >- Labels are used to select group of MeshServices that match labels. Either Labels or Name and Namespace can be used. type: object mesh: description: >- Mesh is reserved for future use to identify cross mesh resources. type: string name: description: >- Name of the referenced resource. Can only be used with kinds: `MeshService`, `MeshServiceSubset` and `MeshGatewayRoute` type: string namespace: description: >- Namespace specifies the namespace of target resource. If empty only resources in policy namespace will be targeted. type: string proxyTypes: description: >- ProxyTypes specifies the data plane types that are subject to the policy. When not specified, all data plane types are targeted by the policy. items: enum: - Sidecar - Gateway type: string type: array sectionName: description: >- SectionName is used to target specific section of resource. For example, you can target port from MeshService.ports[] by its name. Only traffic to this port will be affected. type: string tags: additionalProperties: type: string description: >- Tags used to select a subset of proxies by tags. Can only be used with kinds `MeshSubset` and `MeshServiceSubset` type: object required: - kind type: object required: - targetRef type: object type: array type: object creationTime: readOnly: true type: string description: Time at which the resource was created format: date-time example: '0001-01-01T00:00:00Z' modificationTime: readOnly: true type: string description: Time at which the resource was updated format: date-time example: '0001-01-01T00:00:00Z' MeshRetryItem: type: object description: >- MeshRetry configures automatic retry behavior for failed requests to improve service reliability. It supports configurable retry conditions, limits, timeouts, and backoff strategies for HTTP, gRPC, and TCP traffic, helping services recover from transient failures. required: - type - name - spec properties: type: description: the type of the resource type: string enum: - MeshRetry mesh: description: >- Mesh is the name of the Kuma mesh this resource belongs to. It may be omitted for cluster-scoped resources. type: string default: default kri: description: >- A unique identifier for this resource instance used by internal tooling and integrations. Typically derived from resource attributes and may be used for cross-references or indexing type: string readOnly: true example: kri_mr_default_zone-east_kuma-demo_mypolicy1_ name: description: Name of the Kuma resource type: string labels: additionalProperties: type: string description: The labels to help identity resources type: object spec: description: Spec is the specification of the Kuma MeshRetry resource. properties: targetRef: description: >- TargetRef is a reference to the resource the policy takes an effect on. The resource could be either a real store object or virtual resource defined inplace. properties: kind: description: Kind of the referenced resource enum: - Mesh - MeshSubset - MeshGateway - MeshService - MeshExternalService - MeshMultiZoneService - MeshServiceSubset - MeshHTTPRoute - Dataplane type: string labels: additionalProperties: type: string description: >- Labels are used to select group of MeshServices that match labels. Either Labels or Name and Namespace can be used. type: object mesh: description: >- Mesh is reserved for future use to identify cross mesh resources. type: string name: description: >- Name of the referenced resource. Can only be used with kinds: `MeshService`, `MeshServiceSubset` and `MeshGatewayRoute` type: string namespace: description: >- Namespace specifies the namespace of target resource. If empty only resources in policy namespace will be targeted. type: string proxyTypes: description: >- ProxyTypes specifies the data plane types that are subject to the policy. When not specified, all data plane types are targeted by the policy. items: enum: - Sidecar - Gateway type: string type: array sectionName: description: >- SectionName is used to target specific section of resource. For example, you can target port from MeshService.ports[] by its name. Only traffic to this port will be affected. type: string tags: additionalProperties: type: string description: >- Tags used to select a subset of proxies by tags. Can only be used with kinds `MeshSubset` and `MeshServiceSubset` type: object required: - kind type: object to: description: >- To list makes a match between the consumed services and corresponding configurations items: properties: default: description: >- Default is a configuration specific to the group of destinations referenced in 'targetRef' properties: grpc: description: >- GRPC defines a configuration of retries for GRPC traffic properties: backOff: description: >- BackOff is a configuration of durations which will be used in an exponential backoff strategy between retries. properties: baseInterval: description: >- BaseInterval is an amount of time which should be taken between retries. Must be greater than zero. Values less than 1 ms are rounded up to 1 ms. If not specified then the default value is "25ms". type: string maxInterval: description: >- MaxInterval is a maximal amount of time which will be taken between retries. Default is 10 times the "BaseInterval". type: string type: object numRetries: description: >- NumRetries is the number of attempts that will be made on failed (and retriable) requests. If not set, the default value is 1. format: int32 type: integer perTryTimeout: description: >- PerTryTimeout is the maximum amount of time each retry attempt can take before it times out. If not set, the global request timeout for the route will be used. Setting this value to 0 will disable the per-try timeout. type: string rateLimitedBackOff: description: >- RateLimitedBackOff is a configuration of backoff which will be used when the upstream returns one of the headers configured. properties: maxInterval: description: >- MaxInterval is a maximal amount of time which will be taken between retries. If not specified then the default value is "300s". type: string resetHeaders: description: >- ResetHeaders specifies the list of headers (like Retry-After or X-RateLimit-Reset) to match against the response. Headers are tried in order, and matched case-insensitive. The first header to be parsed successfully is used. If no headers match the default exponential BackOff is used instead. items: properties: format: description: The format of the reset header. enum: - Seconds - UnixTimestamp type: string name: description: The Name of the reset header. maxLength: 256 minLength: 1 pattern: ^[a-z0-9!#$%&'*+\-.^_\x60|~]+$ type: string required: - format - name type: object type: array type: object retryOn: description: >- RetryOn is a list of conditions which will cause a retry. example: - Canceled - DeadlineExceeded - Internal - ResourceExhausted - Unavailable items: enum: - Canceled - DeadlineExceeded - Internal - ResourceExhausted - Unavailable type: string type: array type: object http: description: >- HTTP defines a configuration of retries for HTTP traffic properties: backOff: description: >- BackOff is a configuration of durations which will be used in exponential backoff strategy between retries. properties: baseInterval: description: >- BaseInterval is an amount of time which should be taken between retries. Must be greater than zero. Values less than 1 ms are rounded up to 1 ms. If not specified then the default value is "25ms". type: string maxInterval: description: >- MaxInterval is a maximal amount of time which will be taken between retries. Default is 10 times the "BaseInterval". type: string type: object hostSelection: description: >- HostSelection is a list of predicates that dictate how hosts should be selected when requests are retried. items: properties: predicate: description: Type is requested predicate mode. enum: - OmitPreviousHosts - OmitHostsWithTags - OmitPreviousPriorities type: string tags: additionalProperties: type: string description: >- Tags is a map of metadata to match against for selecting the omitted hosts. Required if Type is OmitHostsWithTags type: object updateFrequency: default: 2 description: >- UpdateFrequency is how often the priority load should be updated based on previously attempted priorities. Used for OmitPreviousPriorities. format: int32 type: integer required: - predicate type: object type: array hostSelectionMaxAttempts: description: >- HostSelectionMaxAttempts is the maximum number of times host selection will be reattempted before giving up, at which point the host that was last selected will be routed to. If unspecified, this will default to retrying once. format: int64 type: integer numRetries: description: >- NumRetries is the number of attempts that will be made on failed (and retriable) requests. If not set, the default value is 1. format: int32 type: integer perTryTimeout: description: >- PerTryTimeout is the amount of time after which retry attempt should time out. If left unspecified, the global route timeout for the request will be used. Consequently, when using a 5xx based retry policy, a request that times out will not be retried as the total timeout budget would have been exhausted. Setting this timeout to 0 will disable it. type: string rateLimitedBackOff: description: >- RateLimitedBackOff is a configuration of backoff which will be used when the upstream returns one of the headers configured. properties: maxInterval: description: >- MaxInterval is a maximal amount of time which will be taken between retries. If not specified then the default value is "300s". type: string resetHeaders: description: >- ResetHeaders specifies the list of headers (like Retry-After or X-RateLimit-Reset) to match against the response. Headers are tried in order, and matched case-insensitive. The first header to be parsed successfully is used. If no headers match the default exponential BackOff is used instead. items: properties: format: description: The format of the reset header. enum: - Seconds - UnixTimestamp type: string name: description: The Name of the reset header. maxLength: 256 minLength: 1 pattern: ^[a-z0-9!#$%&'*+\-.^_\x60|~]+$ type: string required: - format - name type: object type: array type: object retriableRequestHeaders: description: >- RetriableRequestHeaders is an HTTP headers which must be present in the request for retries to be attempted. items: description: >- HeaderMatch describes how to select an HTTP route by matching HTTP request headers. properties: name: description: >- Name is the name of the HTTP Header to be matched. Name MUST be lower case as they will be handled with case insensitivity (See https://tools.ietf.org/html/rfc7230#section-3.2). maxLength: 256 minLength: 1 pattern: ^[a-z0-9!#$%&'*+\-.^_\x60|~]+$ type: string type: default: Exact description: >- Type specifies how to match against the value of the header. enum: - Exact - Present - RegularExpression - Absent - Prefix type: string value: description: >- Value is the value of HTTP Header to be matched. type: string required: - name type: object type: array retriableResponseHeaders: description: >- RetriableResponseHeaders is an HTTP response headers that trigger a retry if present in the response. A retry will be triggered if any of the header matches the upstream response headers. items: description: >- HeaderMatch describes how to select an HTTP route by matching HTTP request headers. properties: name: description: >- Name is the name of the HTTP Header to be matched. Name MUST be lower case as they will be handled with case insensitivity (See https://tools.ietf.org/html/rfc7230#section-3.2). maxLength: 256 minLength: 1 pattern: ^[a-z0-9!#$%&'*+\-.^_\x60|~]+$ type: string type: default: Exact description: >- Type specifies how to match against the value of the header. enum: - Exact - Present - RegularExpression - Absent - Prefix type: string value: description: >- Value is the value of HTTP Header to be matched. type: string required: - name type: object type: array retryOn: description: >- RetryOn is a list of conditions which will cause a retry. Available values are: [5XX, GatewayError, Reset, Retriable4xx, ConnectFailure, EnvoyRatelimited, RefusedStream, Http3PostConnectFailure, HttpMethodConnect, HttpMethodDelete, HttpMethodGet, HttpMethodHead, HttpMethodOptions, HttpMethodPatch, HttpMethodPost, HttpMethodPut, HttpMethodTrace]. Also, any HTTP status code (500, 503, etc.). example: - 5XX - GatewayError - Reset - Retriable4xx - ConnectFailure - EnvoyRatelimited - RefusedStream - Http3PostConnectFailure - HttpMethodConnect - HttpMethodDelete - HttpMethodGet - HttpMethodHead - HttpMethodOptions - HttpMethodPatch - HttpMethodPost - HttpMethodPut - HttpMethodTrace - '500' - '503' items: type: string type: array type: object tcp: description: TCP defines a configuration of retries for TCP traffic properties: maxConnectAttempt: description: >- MaxConnectAttempt is a maximal amount of TCP connection attempts which will be made before giving up format: int32 type: integer type: object type: object targetRef: description: >- TargetRef is a reference to the resource that represents a group of destinations. properties: kind: description: Kind of the referenced resource enum: - Mesh - MeshSubset - MeshGateway - MeshService - MeshExternalService - MeshMultiZoneService - MeshServiceSubset - MeshHTTPRoute - Dataplane type: string labels: additionalProperties: type: string description: >- Labels are used to select group of MeshServices that match labels. Either Labels or Name and Namespace can be used. type: object mesh: description: >- Mesh is reserved for future use to identify cross mesh resources. type: string name: description: >- Name of the referenced resource. Can only be used with kinds: `MeshService`, `MeshServiceSubset` and `MeshGatewayRoute` type: string namespace: description: >- Namespace specifies the namespace of target resource. If empty only resources in policy namespace will be targeted. type: string proxyTypes: description: >- ProxyTypes specifies the data plane types that are subject to the policy. When not specified, all data plane types are targeted by the policy. items: enum: - Sidecar - Gateway type: string type: array sectionName: description: >- SectionName is used to target specific section of resource. For example, you can target port from MeshService.ports[] by its name. Only traffic to this port will be affected. type: string tags: additionalProperties: type: string description: >- Tags used to select a subset of proxies by tags. Can only be used with kinds `MeshSubset` and `MeshServiceSubset` type: object required: - kind type: object required: - targetRef type: object type: array type: object creationTime: readOnly: true type: string description: Time at which the resource was created format: date-time example: '0001-01-01T00:00:00Z' modificationTime: readOnly: true type: string description: Time at which the resource was updated format: date-time example: '0001-01-01T00:00:00Z' MeshTCPRouteItem: type: object description: >- NOTICE: This policy defines its own `GetDefault` method so that it can have the given structure for deserialization but still use the generic policy merging machinery. // MeshTCPRoute configures routing for TCP traffic between services in the mesh. It enables traffic splitting and weighted load balancing across different backend endpoints, useful for canary deployments, blue-green deployments, and gradual traffic migration for TCP-based services. required: - type - name - spec properties: type: description: the type of the resource type: string enum: - MeshTCPRoute mesh: description: >- Mesh is the name of the Kuma mesh this resource belongs to. It may be omitted for cluster-scoped resources. type: string default: default kri: description: >- A unique identifier for this resource instance used by internal tooling and integrations. Typically derived from resource attributes and may be used for cross-references or indexing type: string readOnly: true example: kri_mtcpr_default_zone-east_kuma-demo_mypolicy1_ name: description: Name of the Kuma resource type: string labels: additionalProperties: type: string description: The labels to help identity resources type: object spec: description: Spec is the specification of the Kuma MeshTCPRoute resource. properties: targetRef: description: >- TargetRef is a reference to the resource the policy takes an effect on. The resource could be either a real store object or virtual resource defined in-place. properties: kind: description: Kind of the referenced resource enum: - Mesh - MeshSubset - MeshGateway - MeshService - MeshExternalService - MeshMultiZoneService - MeshServiceSubset - MeshHTTPRoute - Dataplane type: string labels: additionalProperties: type: string description: >- Labels are used to select group of MeshServices that match labels. Either Labels or Name and Namespace can be used. type: object mesh: description: >- Mesh is reserved for future use to identify cross mesh resources. type: string name: description: >- Name of the referenced resource. Can only be used with kinds: `MeshService`, `MeshServiceSubset` and `MeshGatewayRoute` type: string namespace: description: >- Namespace specifies the namespace of target resource. If empty only resources in policy namespace will be targeted. type: string proxyTypes: description: >- ProxyTypes specifies the data plane types that are subject to the policy. When not specified, all data plane types are targeted by the policy. items: enum: - Sidecar - Gateway type: string type: array sectionName: description: >- SectionName is used to target specific section of resource. For example, you can target port from MeshService.ports[] by its name. Only traffic to this port will be affected. type: string tags: additionalProperties: type: string description: >- Tags used to select a subset of proxies by tags. Can only be used with kinds `MeshSubset` and `MeshServiceSubset` type: object required: - kind type: object to: description: >- To list makes a match between the consumed services and corresponding configurations items: properties: rules: description: >- Rules contains the routing rules applies to a combination of top-level targetRef and the targetRef in this entry. items: properties: default: description: >- Default holds routing rules that can be merged with rules from other policies. properties: backendRefs: items: description: BackendRef defines where to forward traffic. properties: kind: description: Kind of the referenced resource enum: - Mesh - MeshSubset - MeshGateway - MeshService - MeshExternalService - MeshMultiZoneService - MeshServiceSubset - MeshHTTPRoute - Dataplane type: string labels: additionalProperties: type: string description: >- Labels are used to select group of MeshServices that match labels. Either Labels or Name and Namespace can be used. type: object mesh: description: >- Mesh is reserved for future use to identify cross mesh resources. type: string name: description: >- Name of the referenced resource. Can only be used with kinds: `MeshService`, `MeshServiceSubset` and `MeshGatewayRoute` type: string namespace: description: >- Namespace specifies the namespace of target resource. If empty only resources in policy namespace will be targeted. type: string port: description: >- Port is only supported when this ref refers to a real MeshService object format: int32 type: integer proxyTypes: description: >- ProxyTypes specifies the data plane types that are subject to the policy. When not specified, all data plane types are targeted by the policy. items: enum: - Sidecar - Gateway type: string type: array sectionName: description: >- SectionName is used to target specific section of resource. For example, you can target port from MeshService.ports[] by its name. Only traffic to this port will be affected. type: string tags: additionalProperties: type: string description: >- Tags used to select a subset of proxies by tags. Can only be used with kinds `MeshSubset` and `MeshServiceSubset` type: object weight: default: 1 minimum: 0 type: integer required: - kind type: object type: array type: object required: - default type: object maxItems: 1 type: array targetRef: description: >- TargetRef is a reference to the resource that represents a group of destinations. properties: kind: description: Kind of the referenced resource enum: - Mesh - MeshSubset - MeshGateway - MeshService - MeshExternalService - MeshMultiZoneService - MeshServiceSubset - MeshHTTPRoute - Dataplane type: string labels: additionalProperties: type: string description: >- Labels are used to select group of MeshServices that match labels. Either Labels or Name and Namespace can be used. type: object mesh: description: >- Mesh is reserved for future use to identify cross mesh resources. type: string name: description: >- Name of the referenced resource. Can only be used with kinds: `MeshService`, `MeshServiceSubset` and `MeshGatewayRoute` type: string namespace: description: >- Namespace specifies the namespace of target resource. If empty only resources in policy namespace will be targeted. type: string proxyTypes: description: >- ProxyTypes specifies the data plane types that are subject to the policy. When not specified, all data plane types are targeted by the policy. items: enum: - Sidecar - Gateway type: string type: array sectionName: description: >- SectionName is used to target specific section of resource. For example, you can target port from MeshService.ports[] by its name. Only traffic to this port will be affected. type: string tags: additionalProperties: type: string description: >- Tags used to select a subset of proxies by tags. Can only be used with kinds `MeshSubset` and `MeshServiceSubset` type: object required: - kind type: object required: - rules - targetRef type: object minItems: 1 type: array type: object creationTime: readOnly: true type: string description: Time at which the resource was created format: date-time example: '0001-01-01T00:00:00Z' modificationTime: readOnly: true type: string description: Time at which the resource was updated format: date-time example: '0001-01-01T00:00:00Z' MeshTLSItem: type: object description: >- MeshTLS configures TLS and mutual TLS (mTLS) settings for secure communication between services in the mesh. It allows you to enforce encryption, configure TLS versions and cipher suites, and control whether mTLS is required (strict mode) or optional (permissive mode) for inbound traffic. required: - type - name - spec properties: type: description: the type of the resource type: string enum: - MeshTLS mesh: description: >- Mesh is the name of the Kuma mesh this resource belongs to. It may be omitted for cluster-scoped resources. type: string default: default kri: description: >- A unique identifier for this resource instance used by internal tooling and integrations. Typically derived from resource attributes and may be used for cross-references or indexing type: string readOnly: true example: kri_mtls_default_zone-east_kuma-demo_mypolicy1_ name: description: Name of the Kuma resource type: string labels: additionalProperties: type: string description: The labels to help identity resources type: object spec: description: Spec is the specification of the Kuma MeshTLS resource. properties: from: description: >- From list makes a match between clients and corresponding configurations items: properties: default: description: >- Default is a configuration specific to the group of clients referenced in 'targetRef' properties: mode: description: >- Mode defines the behavior of inbound listeners with regard to traffic encryption. enum: - Permissive - Strict type: string tlsCiphers: description: >- TlsCiphers section for providing ciphers specification. items: enum: - ECDHE-ECDSA-AES128-GCM-SHA256 - ECDHE-ECDSA-AES256-GCM-SHA384 - ECDHE-ECDSA-CHACHA20-POLY1305 - ECDHE-RSA-AES128-GCM-SHA256 - ECDHE-RSA-AES256-GCM-SHA384 - ECDHE-RSA-CHACHA20-POLY1305 type: string type: array tlsVersion: description: Version section for providing version specification. properties: max: default: TLSAuto description: >- Max defines maximum supported version. One of `TLSAuto`, `TLS10`, `TLS11`, `TLS12`, `TLS13`. enum: - TLSAuto - TLS10 - TLS11 - TLS12 - TLS13 type: string min: default: TLSAuto description: >- Min defines minimum supported version. One of `TLSAuto`, `TLS10`, `TLS11`, `TLS12`, `TLS13`. enum: - TLSAuto - TLS10 - TLS11 - TLS12 - TLS13 type: string type: object type: object targetRef: description: >- TargetRef is a reference to the resource that represents a group of clients. properties: kind: description: Kind of the referenced resource enum: - Mesh - MeshSubset - MeshGateway - MeshService - MeshExternalService - MeshMultiZoneService - MeshServiceSubset - MeshHTTPRoute - Dataplane type: string labels: additionalProperties: type: string description: >- Labels are used to select group of MeshServices that match labels. Either Labels or Name and Namespace can be used. type: object mesh: description: >- Mesh is reserved for future use to identify cross mesh resources. type: string name: description: >- Name of the referenced resource. Can only be used with kinds: `MeshService`, `MeshServiceSubset` and `MeshGatewayRoute` type: string namespace: description: >- Namespace specifies the namespace of target resource. If empty only resources in policy namespace will be targeted. type: string proxyTypes: description: >- ProxyTypes specifies the data plane types that are subject to the policy. When not specified, all data plane types are targeted by the policy. items: enum: - Sidecar - Gateway type: string type: array sectionName: description: >- SectionName is used to target specific section of resource. For example, you can target port from MeshService.ports[] by its name. Only traffic to this port will be affected. type: string tags: additionalProperties: type: string description: >- Tags used to select a subset of proxies by tags. Can only be used with kinds `MeshSubset` and `MeshServiceSubset` type: object required: - kind type: object required: - targetRef type: object type: array rules: description: >- Rules defines inbound tls configurations. Currently limited to selecting all inbound traffic, as L7 matching is not yet implemented. items: properties: default: description: Default contains configuration of the inbound tls properties: mode: description: >- Mode defines the behavior of inbound listeners with regard to traffic encryption. enum: - Permissive - Strict type: string tlsCiphers: description: >- TlsCiphers section for providing ciphers specification. items: enum: - ECDHE-ECDSA-AES128-GCM-SHA256 - ECDHE-ECDSA-AES256-GCM-SHA384 - ECDHE-ECDSA-CHACHA20-POLY1305 - ECDHE-RSA-AES128-GCM-SHA256 - ECDHE-RSA-AES256-GCM-SHA384 - ECDHE-RSA-CHACHA20-POLY1305 type: string type: array tlsVersion: description: Version section for providing version specification. properties: max: default: TLSAuto description: >- Max defines maximum supported version. One of `TLSAuto`, `TLS10`, `TLS11`, `TLS12`, `TLS13`. enum: - TLSAuto - TLS10 - TLS11 - TLS12 - TLS13 type: string min: default: TLSAuto description: >- Min defines minimum supported version. One of `TLSAuto`, `TLS10`, `TLS11`, `TLS12`, `TLS13`. enum: - TLSAuto - TLS10 - TLS11 - TLS12 - TLS13 type: string type: object type: object type: object type: array targetRef: description: >- TargetRef is a reference to the resource the policy takes an effect on. The resource could be either a real store object or virtual resource defined in-place. properties: kind: description: Kind of the referenced resource enum: - Mesh - MeshSubset - MeshGateway - MeshService - MeshExternalService - MeshMultiZoneService - MeshServiceSubset - MeshHTTPRoute - Dataplane type: string labels: additionalProperties: type: string description: >- Labels are used to select group of MeshServices that match labels. Either Labels or Name and Namespace can be used. type: object mesh: description: >- Mesh is reserved for future use to identify cross mesh resources. type: string name: description: >- Name of the referenced resource. Can only be used with kinds: `MeshService`, `MeshServiceSubset` and `MeshGatewayRoute` type: string namespace: description: >- Namespace specifies the namespace of target resource. If empty only resources in policy namespace will be targeted. type: string proxyTypes: description: >- ProxyTypes specifies the data plane types that are subject to the policy. When not specified, all data plane types are targeted by the policy. items: enum: - Sidecar - Gateway type: string type: array sectionName: description: >- SectionName is used to target specific section of resource. For example, you can target port from MeshService.ports[] by its name. Only traffic to this port will be affected. type: string tags: additionalProperties: type: string description: >- Tags used to select a subset of proxies by tags. Can only be used with kinds `MeshSubset` and `MeshServiceSubset` type: object required: - kind type: object type: object creationTime: readOnly: true type: string description: Time at which the resource was created format: date-time example: '0001-01-01T00:00:00Z' modificationTime: readOnly: true type: string description: Time at which the resource was updated format: date-time example: '0001-01-01T00:00:00Z' MeshTimeoutItem: type: object description: >- MeshTimeout configures timeout limits for service-to-service communication to prevent requests from hanging indefinitely. It supports connection timeouts, idle timeouts, and HTTP-specific timeouts (request, stream, headers) to ensure timely failure detection and improve service responsiveness. required: - type - name - spec properties: type: description: the type of the resource type: string enum: - MeshTimeout mesh: description: >- Mesh is the name of the Kuma mesh this resource belongs to. It may be omitted for cluster-scoped resources. type: string default: default kri: description: >- A unique identifier for this resource instance used by internal tooling and integrations. Typically derived from resource attributes and may be used for cross-references or indexing type: string readOnly: true example: kri_mt_default_zone-east_kuma-demo_mypolicy1_ name: description: Name of the Kuma resource type: string labels: additionalProperties: type: string description: The labels to help identity resources type: object spec: description: Spec is the specification of the Kuma MeshTimeout resource. properties: from: description: >- From list makes a match between clients and corresponding configurations items: properties: default: description: >- Default is a configuration specific to the group of clients referenced in 'targetRef' properties: connectionTimeout: description: >- ConnectionTimeout specifies the amount of time proxy will wait for an TCP connection to be established. Default value is 5 seconds. Cannot be set to 0. type: string http: description: Http provides configuration for HTTP specific timeouts properties: maxConnectionDuration: description: >- MaxConnectionDuration is the time after which a connection will be drained and/or closed, starting from when it was first established. Setting this timeout to 0 will disable it. Disabled by default. type: string maxStreamDuration: description: >- MaxStreamDuration is the maximum time that a stream’s lifetime will span. Setting this timeout to 0 will disable it. Disabled by default. type: string requestHeadersTimeout: description: >- RequestHeadersTimeout The amount of time that proxy will wait for the request headers to be received. The timer is activated when the first byte of the headers is received, and is disarmed when the last byte of the headers has been received. If not specified or set to 0, this timeout is disabled. Disabled by default. type: string requestTimeout: description: >- RequestTimeout The amount of time that proxy will wait for the entire request to be received. The timer is activated when the request is initiated, and is disarmed when the last byte of the request is sent, OR when the response is initiated. Setting this timeout to 0 will disable it. Default is 15s. type: string streamIdleTimeout: description: >- StreamIdleTimeout is the amount of time that proxy will allow a stream to exist with no activity. Setting this timeout to 0 will disable it. Default is 30m type: string type: object idleTimeout: description: >- IdleTimeout is defined as the period in which there are no bytes sent or received on connection Setting this timeout to 0 will disable it. Be cautious when disabling it because it can lead to connection leaking. Default value is 1h. type: string type: object targetRef: description: >- TargetRef is a reference to the resource that represents a group of clients. properties: kind: description: Kind of the referenced resource enum: - Mesh - MeshSubset - MeshGateway - MeshService - MeshExternalService - MeshMultiZoneService - MeshServiceSubset - MeshHTTPRoute - Dataplane type: string labels: additionalProperties: type: string description: >- Labels are used to select group of MeshServices that match labels. Either Labels or Name and Namespace can be used. type: object mesh: description: >- Mesh is reserved for future use to identify cross mesh resources. type: string name: description: >- Name of the referenced resource. Can only be used with kinds: `MeshService`, `MeshServiceSubset` and `MeshGatewayRoute` type: string namespace: description: >- Namespace specifies the namespace of target resource. If empty only resources in policy namespace will be targeted. type: string proxyTypes: description: >- ProxyTypes specifies the data plane types that are subject to the policy. When not specified, all data plane types are targeted by the policy. items: enum: - Sidecar - Gateway type: string type: array sectionName: description: >- SectionName is used to target specific section of resource. For example, you can target port from MeshService.ports[] by its name. Only traffic to this port will be affected. type: string tags: additionalProperties: type: string description: >- Tags used to select a subset of proxies by tags. Can only be used with kinds `MeshSubset` and `MeshServiceSubset` type: object required: - kind type: object required: - targetRef type: object type: array rules: description: >- Rules defines inbound timeout configurations. Currently limited to exactly one rule containing default timeouts that apply to all inbound traffic, as L7 matching is not yet implemented. items: properties: default: description: Default contains configuration of the inbound timeouts properties: connectionTimeout: description: >- ConnectionTimeout specifies the amount of time proxy will wait for an TCP connection to be established. Default value is 5 seconds. Cannot be set to 0. type: string http: description: Http provides configuration for HTTP specific timeouts properties: maxConnectionDuration: description: >- MaxConnectionDuration is the time after which a connection will be drained and/or closed, starting from when it was first established. Setting this timeout to 0 will disable it. Disabled by default. type: string maxStreamDuration: description: >- MaxStreamDuration is the maximum time that a stream’s lifetime will span. Setting this timeout to 0 will disable it. Disabled by default. type: string requestHeadersTimeout: description: >- RequestHeadersTimeout The amount of time that proxy will wait for the request headers to be received. The timer is activated when the first byte of the headers is received, and is disarmed when the last byte of the headers has been received. If not specified or set to 0, this timeout is disabled. Disabled by default. type: string requestTimeout: description: >- RequestTimeout The amount of time that proxy will wait for the entire request to be received. The timer is activated when the request is initiated, and is disarmed when the last byte of the request is sent, OR when the response is initiated. Setting this timeout to 0 will disable it. Default is 15s. type: string streamIdleTimeout: description: >- StreamIdleTimeout is the amount of time that proxy will allow a stream to exist with no activity. Setting this timeout to 0 will disable it. Default is 30m type: string type: object idleTimeout: description: >- IdleTimeout is defined as the period in which there are no bytes sent or received on connection Setting this timeout to 0 will disable it. Be cautious when disabling it because it can lead to connection leaking. Default value is 1h. type: string type: object type: object type: array targetRef: description: >- TargetRef is a reference to the resource the policy takes an effect on. The resource could be either a real store object or virtual resource defined inplace. properties: kind: description: Kind of the referenced resource enum: - Mesh - MeshSubset - MeshGateway - MeshService - MeshExternalService - MeshMultiZoneService - MeshServiceSubset - MeshHTTPRoute - Dataplane type: string labels: additionalProperties: type: string description: >- Labels are used to select group of MeshServices that match labels. Either Labels or Name and Namespace can be used. type: object mesh: description: >- Mesh is reserved for future use to identify cross mesh resources. type: string name: description: >- Name of the referenced resource. Can only be used with kinds: `MeshService`, `MeshServiceSubset` and `MeshGatewayRoute` type: string namespace: description: >- Namespace specifies the namespace of target resource. If empty only resources in policy namespace will be targeted. type: string proxyTypes: description: >- ProxyTypes specifies the data plane types that are subject to the policy. When not specified, all data plane types are targeted by the policy. items: enum: - Sidecar - Gateway type: string type: array sectionName: description: >- SectionName is used to target specific section of resource. For example, you can target port from MeshService.ports[] by its name. Only traffic to this port will be affected. type: string tags: additionalProperties: type: string description: >- Tags used to select a subset of proxies by tags. Can only be used with kinds `MeshSubset` and `MeshServiceSubset` type: object required: - kind type: object to: description: >- To list makes a match between the consumed services and corresponding configurations items: properties: default: description: >- Default is a configuration specific to the group of destinations referenced in 'targetRef' properties: connectionTimeout: description: >- ConnectionTimeout specifies the amount of time proxy will wait for an TCP connection to be established. Default value is 5 seconds. Cannot be set to 0. type: string http: description: Http provides configuration for HTTP specific timeouts properties: maxConnectionDuration: description: >- MaxConnectionDuration is the time after which a connection will be drained and/or closed, starting from when it was first established. Setting this timeout to 0 will disable it. Disabled by default. type: string maxStreamDuration: description: >- MaxStreamDuration is the maximum time that a stream’s lifetime will span. Setting this timeout to 0 will disable it. Disabled by default. type: string requestHeadersTimeout: description: >- RequestHeadersTimeout The amount of time that proxy will wait for the request headers to be received. The timer is activated when the first byte of the headers is received, and is disarmed when the last byte of the headers has been received. If not specified or set to 0, this timeout is disabled. Disabled by default. type: string requestTimeout: description: >- RequestTimeout The amount of time that proxy will wait for the entire request to be received. The timer is activated when the request is initiated, and is disarmed when the last byte of the request is sent, OR when the response is initiated. Setting this timeout to 0 will disable it. Default is 15s. type: string streamIdleTimeout: description: >- StreamIdleTimeout is the amount of time that proxy will allow a stream to exist with no activity. Setting this timeout to 0 will disable it. Default is 30m type: string type: object idleTimeout: description: >- IdleTimeout is defined as the period in which there are no bytes sent or received on connection Setting this timeout to 0 will disable it. Be cautious when disabling it because it can lead to connection leaking. Default value is 1h. type: string type: object targetRef: description: >- TargetRef is a reference to the resource that represents a group of destinations. properties: kind: description: Kind of the referenced resource enum: - Mesh - MeshSubset - MeshGateway - MeshService - MeshExternalService - MeshMultiZoneService - MeshServiceSubset - MeshHTTPRoute - Dataplane type: string labels: additionalProperties: type: string description: >- Labels are used to select group of MeshServices that match labels. Either Labels or Name and Namespace can be used. type: object mesh: description: >- Mesh is reserved for future use to identify cross mesh resources. type: string name: description: >- Name of the referenced resource. Can only be used with kinds: `MeshService`, `MeshServiceSubset` and `MeshGatewayRoute` type: string namespace: description: >- Namespace specifies the namespace of target resource. If empty only resources in policy namespace will be targeted. type: string proxyTypes: description: >- ProxyTypes specifies the data plane types that are subject to the policy. When not specified, all data plane types are targeted by the policy. items: enum: - Sidecar - Gateway type: string type: array sectionName: description: >- SectionName is used to target specific section of resource. For example, you can target port from MeshService.ports[] by its name. Only traffic to this port will be affected. type: string tags: additionalProperties: type: string description: >- Tags used to select a subset of proxies by tags. Can only be used with kinds `MeshSubset` and `MeshServiceSubset` type: object required: - kind type: object required: - targetRef type: object type: array type: object creationTime: readOnly: true type: string description: Time at which the resource was created format: date-time example: '0001-01-01T00:00:00Z' modificationTime: readOnly: true type: string description: Time at which the resource was updated format: date-time example: '0001-01-01T00:00:00Z' MeshTraceItem: type: object description: >- MeshTrace enables distributed tracing to track requests as they flow through multiple services in the mesh. It supports exporting trace data to backends like Zipkin, Datadog, and OpenTelemetry, with configurable sampling rates and custom tags for detailed observability and debugging of service interactions. required: - type - name - spec properties: type: description: the type of the resource type: string enum: - MeshTrace mesh: description: >- Mesh is the name of the Kuma mesh this resource belongs to. It may be omitted for cluster-scoped resources. type: string default: default kri: description: >- A unique identifier for this resource instance used by internal tooling and integrations. Typically derived from resource attributes and may be used for cross-references or indexing type: string readOnly: true example: kri_mtr_default_zone-east_kuma-demo_mypolicy1_ name: description: Name of the Kuma resource type: string labels: additionalProperties: type: string description: The labels to help identity resources type: object spec: description: Spec is the specification of the Kuma MeshTrace resource. properties: default: description: MeshTrace configuration. properties: backends: description: >- A one element array of backend definition. Envoy allows configuring only 1 backend, so the natural way of representing that would be just one object. Unfortunately due to the reasons explained in MADR 009-tracing-policy this has to be a one element array for now. items: description: Only one of zipkin, datadog or openTelemetry can be used. properties: datadog: description: Datadog backend configuration. properties: splitService: default: false description: >- Determines if datadog service name should be split based on traffic direction and destination. For example, with `splitService: true` and a `backend` service that communicates with a couple of databases, you would get service names like `backend_INBOUND`, `backend_OUTBOUND_db1`, and `backend_OUTBOUND_db2` in Datadog. type: boolean url: description: >- Address of Datadog collector, only host and port are allowed (no paths, fragments etc.) type: string required: - url type: object openTelemetry: description: OpenTelemetry backend configuration. properties: backendRef: description: >- BackendRef is a reference to a MeshOpenTelemetryBackend resource that defines the collector endpoint. Mutually exclusive with Endpoint. properties: kind: description: Kind of the backend resource. enum: - MeshOpenTelemetryBackend type: string labels: additionalProperties: type: string description: >- Labels to match the referenced resource. Use for cross-zone references where KDS adds a hash suffix to metadata.name. Mutually exclusive with Name. When multiple resources match, the oldest by creation time wins. type: object name: description: >- Name of the referenced resource (metadata.name). Use for same-cluster references. Mutually exclusive with Labels. type: string required: - kind type: object endpoint: default: '' description: |- Address of OpenTelemetry collector. Deprecated: use BackendRef instead. example: otel-collector:4317 type: string type: object type: enum: - Zipkin - Datadog - OpenTelemetry type: string zipkin: description: Zipkin backend configuration. properties: apiVersion: default: httpJson description: >- Version of the API. https://github.com/envoyproxy/envoy/blob/v1.22.0/api/envoy/config/trace/v3/zipkin.proto#L66 enum: - httpJson - httpProto type: string sharedSpanContext: default: true description: >- Determines whether client and server spans will share the same span context. https://github.com/envoyproxy/envoy/blob/v1.22.0/api/envoy/config/trace/v3/zipkin.proto#L63 type: boolean traceId128bit: default: false description: Generate 128bit traces. type: boolean url: description: Address of Zipkin collector. type: string required: - url type: object required: - type type: object maxItems: 1 type: array sampling: description: >- Sampling configuration. Sampling is the process by which a decision is made on whether to process/export a span or not. properties: client: anyOf: - type: integer - type: string description: >- Target percentage of requests that will be force traced if the 'x-client-trace-id' header is set. Mirror of client_sampling in Envoy https://github.com/envoyproxy/envoy/blob/v1.22.0/api/envoy/config/filter/network/http_connection_manager/v2/http_connection_manager.proto#L127-L133 Either int or decimal represented as string. If not specified then the default value is 100. x-kubernetes-int-or-string: true overall: anyOf: - type: integer - type: string description: >- Target percentage of requests will be traced after all other sampling checks have been applied (client, force tracing, random sampling). This field functions as an upper limit on the total configured sampling rate. For instance, setting client to 100 but overall to 1 will result in only 1% of client requests with the appropriate headers to be force traced. Mirror of overall_sampling in Envoy https://github.com/envoyproxy/envoy/blob/v1.22.0/api/envoy/config/filter/network/http_connection_manager/v2/http_connection_manager.proto#L142-L150 Either int or decimal represented as string. If not specified then the default value is 100. x-kubernetes-int-or-string: true random: anyOf: - type: integer - type: string description: >- Target percentage of requests that will be randomly selected for trace generation, if not requested by the client or not forced. Mirror of random_sampling in Envoy https://github.com/envoyproxy/envoy/blob/v1.22.0/api/envoy/config/filter/network/http_connection_manager/v2/http_connection_manager.proto#L135-L140 Either int or decimal represented as string. If not specified then the default value is 100. x-kubernetes-int-or-string: true type: object tags: description: >- Custom tags configuration. You can add custom tags to traces based on headers or literal values. items: description: |- Custom tags configuration. Only one of literal or header can be used. properties: header: description: Tag taken from a header. properties: default: description: >- Default value to use if header is missing. If the default is missing and there is no value the tag will not be included. type: string name: description: Name of the header. type: string required: - name type: object literal: description: Tag taken from literal value. type: string name: description: Name of the tag. type: string required: - name type: object type: array type: object targetRef: description: >- TargetRef is a reference to the resource the policy takes an effect on. The resource could be either a real store object or virtual resource defined inplace. properties: kind: description: Kind of the referenced resource enum: - Mesh - MeshSubset - MeshGateway - MeshService - MeshExternalService - MeshMultiZoneService - MeshServiceSubset - MeshHTTPRoute - Dataplane type: string labels: additionalProperties: type: string description: >- Labels are used to select group of MeshServices that match labels. Either Labels or Name and Namespace can be used. type: object mesh: description: >- Mesh is reserved for future use to identify cross mesh resources. type: string name: description: >- Name of the referenced resource. Can only be used with kinds: `MeshService`, `MeshServiceSubset` and `MeshGatewayRoute` type: string namespace: description: >- Namespace specifies the namespace of target resource. If empty only resources in policy namespace will be targeted. type: string proxyTypes: description: >- ProxyTypes specifies the data plane types that are subject to the policy. When not specified, all data plane types are targeted by the policy. items: enum: - Sidecar - Gateway type: string type: array sectionName: description: >- SectionName is used to target specific section of resource. For example, you can target port from MeshService.ports[] by its name. Only traffic to this port will be affected. type: string tags: additionalProperties: type: string description: >- Tags used to select a subset of proxies by tags. Can only be used with kinds `MeshSubset` and `MeshServiceSubset` type: object required: - kind type: object type: object creationTime: readOnly: true type: string description: Time at which the resource was created format: date-time example: '0001-01-01T00:00:00Z' modificationTime: readOnly: true type: string description: Time at which the resource was updated format: date-time example: '0001-01-01T00:00:00Z' status: description: Status is the current status of the Kuma MeshTrace resource. properties: conditions: items: properties: message: description: >- message is a human readable message indicating details about the transition. This may be an empty string. maxLength: 32768 type: string reason: description: >- reason contains a programmatic identifier indicating the reason for the condition's last transition. Producers of specific condition types may define expected values and meanings for this field, and whether the values are considered a guaranteed API. The value should be a CamelCase string. This field may not be empty. maxLength: 1024 minLength: 1 pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$ type: string status: description: status of the condition, one of True, False, Unknown. enum: - 'True' - 'False' - Unknown type: string type: description: >- type of condition in CamelCase or in foo.example.com/CamelCase. maxLength: 316 pattern: >- ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$ type: string required: - message - reason - status - type type: object type: array type: object readOnly: true MeshTrafficPermissionItem: type: object description: >- MeshTrafficPermission controls which services are allowed to communicate with each other in the mesh. It provides fine-grained access control by allowing you to define allow/deny rules based on service identity, enabling zero-trust security and supporting shadow mode for testing permission changes before enforcement. required: - type - name - spec properties: type: description: the type of the resource type: string enum: - MeshTrafficPermission mesh: description: >- Mesh is the name of the Kuma mesh this resource belongs to. It may be omitted for cluster-scoped resources. type: string default: default kri: description: >- A unique identifier for this resource instance used by internal tooling and integrations. Typically derived from resource attributes and may be used for cross-references or indexing type: string readOnly: true example: kri_mtp_default_zone-east_kuma-demo_mypolicy1_ name: description: Name of the Kuma resource type: string labels: additionalProperties: type: string description: The labels to help identity resources type: object spec: description: >- Spec is the specification of the Kuma MeshTrafficPermission resource. properties: from: description: >- From list makes a match between clients and corresponding configurations items: properties: default: description: >- Default is a configuration specific to the group of clients referenced in 'targetRef' properties: action: description: >- Action defines a behavior for the specified group of clients: enum: - Allow - Deny - AllowWithShadowDeny type: string type: object targetRef: description: >- TargetRef is a reference to the resource that represents a group of clients. properties: kind: description: Kind of the referenced resource enum: - Mesh - MeshSubset - MeshGateway - MeshService - MeshExternalService - MeshMultiZoneService - MeshServiceSubset - MeshHTTPRoute - Dataplane type: string labels: additionalProperties: type: string description: >- Labels are used to select group of MeshServices that match labels. Either Labels or Name and Namespace can be used. type: object mesh: description: >- Mesh is reserved for future use to identify cross mesh resources. type: string name: description: >- Name of the referenced resource. Can only be used with kinds: `MeshService`, `MeshServiceSubset` and `MeshGatewayRoute` type: string namespace: description: >- Namespace specifies the namespace of target resource. If empty only resources in policy namespace will be targeted. type: string proxyTypes: description: >- ProxyTypes specifies the data plane types that are subject to the policy. When not specified, all data plane types are targeted by the policy. items: enum: - Sidecar - Gateway type: string type: array sectionName: description: >- SectionName is used to target specific section of resource. For example, you can target port from MeshService.ports[] by its name. Only traffic to this port will be affected. type: string tags: additionalProperties: type: string description: >- Tags used to select a subset of proxies by tags. Can only be used with kinds `MeshSubset` and `MeshServiceSubset` type: object required: - kind type: object required: - targetRef type: object type: array rules: description: Rules defines inbound permissions configuration items: properties: default: properties: allow: description: >- Allow definees a list of matches for which access will be allowed items: properties: spiffeID: description: >- SpiffeID defines a matcher configuration for SpiffeID matching properties: type: description: >- Type defines how to match incoming traffic by SpiffeID. `Exact` or `Prefix` are allowed. enum: - Exact - Prefix type: string value: description: >- Value is SpiffeId of a client that needs to match for the configuration to be applied type: string required: - type - value type: object type: object type: array allowWithShadowDeny: description: >- AllowWithShadowDeny defines a list of matches for which access will be allowed but emits logs as if requests are denied items: properties: spiffeID: description: >- SpiffeID defines a matcher configuration for SpiffeID matching properties: type: description: >- Type defines how to match incoming traffic by SpiffeID. `Exact` or `Prefix` are allowed. enum: - Exact - Prefix type: string value: description: >- Value is SpiffeId of a client that needs to match for the configuration to be applied type: string required: - type - value type: object type: object type: array deny: description: >- Deny defines a list of matches for which access will be denied items: properties: spiffeID: description: >- SpiffeID defines a matcher configuration for SpiffeID matching properties: type: description: >- Type defines how to match incoming traffic by SpiffeID. `Exact` or `Prefix` are allowed. enum: - Exact - Prefix type: string value: description: >- Value is SpiffeId of a client that needs to match for the configuration to be applied type: string required: - type - value type: object type: object type: array type: object required: - default type: object type: array targetRef: description: >- TargetRef is a reference to the resource the policy takes an effect on. The resource could be either a real store object or virtual resource defined inplace. properties: kind: description: Kind of the referenced resource enum: - Mesh - MeshSubset - MeshGateway - MeshService - MeshExternalService - MeshMultiZoneService - MeshServiceSubset - MeshHTTPRoute - Dataplane type: string labels: additionalProperties: type: string description: >- Labels are used to select group of MeshServices that match labels. Either Labels or Name and Namespace can be used. type: object mesh: description: >- Mesh is reserved for future use to identify cross mesh resources. type: string name: description: >- Name of the referenced resource. Can only be used with kinds: `MeshService`, `MeshServiceSubset` and `MeshGatewayRoute` type: string namespace: description: >- Namespace specifies the namespace of target resource. If empty only resources in policy namespace will be targeted. type: string proxyTypes: description: >- ProxyTypes specifies the data plane types that are subject to the policy. When not specified, all data plane types are targeted by the policy. items: enum: - Sidecar - Gateway type: string type: array sectionName: description: >- SectionName is used to target specific section of resource. For example, you can target port from MeshService.ports[] by its name. Only traffic to this port will be affected. type: string tags: additionalProperties: type: string description: >- Tags used to select a subset of proxies by tags. Can only be used with kinds `MeshSubset` and `MeshServiceSubset` type: object required: - kind type: object type: object creationTime: readOnly: true type: string description: Time at which the resource was created format: date-time example: '0001-01-01T00:00:00Z' modificationTime: readOnly: true type: string description: Time at which the resource was updated format: date-time example: '0001-01-01T00:00:00Z' ZoneEgressItem: properties: labels: additionalProperties: type: string type: object name: type: string networking: description: Networking defines the address and port of the Egress to listen on. properties: address: description: Address on which inbound listener will be exposed type: string admin: description: Admin contains configuration related to Envoy Admin API properties: port: description: Port on which Envoy Admin API server will be listening type: integer type: object port: description: >- Port of the inbound interface that will forward requests to the service. type: integer type: object type: type: string zone: description: |- Zone field contains Zone name where egress is serving, field will be automatically set by Global Kuma CP type: string required: - type - name type: object ZoneIngressItem: properties: availableServices: description: |- AvailableService contains tags that represent unique subset of endpoints items: properties: externalService: description: instance of external service available from the zone type: boolean instances: description: number of instances available for given tags type: integer mesh: description: mesh of the instances available for given tags type: string tags: additionalProperties: type: string description: tags of the service type: object type: object type: array labels: additionalProperties: type: string type: object name: type: string networking: description: >- Networking defines the address and port of the Ingress to listen on. Additionally publicly advertised address and port could be specified. properties: address: description: Address on which inbound listener will be exposed type: string admin: description: Admin contains configuration related to Envoy Admin API properties: port: description: Port on which Envoy Admin API server will be listening type: integer type: object advertisedAddress: description: |- AdvertisedAddress defines IP or DNS name on which ZoneIngress is accessible to other Kuma clusters. type: string advertisedPort: description: >- AdvertisedPort defines port on which ZoneIngress is accessible to other Kuma clusters. type: integer port: description: >- Port of the inbound interface that will forward requests to the service. type: integer type: object type: type: string zone: description: >- Zone field contains Zone name where ingress is serving, field will be automatically set by Global Kuma CP type: string required: - type - name type: object DataplaneOverviewWithMeta: allOf: - $ref: '#/components/schemas/Meta' - $ref: '#/components/schemas/DataplaneOverview' DataplaneOverview: description: DataplaneOverview defines the projected state of a Dataplane. properties: dataplane: properties: metrics: description: >- Configuration for metrics that should be collected and exposed by the data plane proxy. Settings defined here will override their respective defaults defined at a Mesh level. properties: conf: oneOf: - $ref: '#/components/schemas/PrometheusMetricsBackendConfig' type: object name: description: >- Name of the backend, can be then used in Mesh.metrics.enabledBackend type: string type: description: Type of the backend (Kuma ships with 'prometheus') type: string type: object networking: description: >- Networking describes inbound and outbound interfaces of the data plane proxy. properties: address: description: >- IP on which the data plane proxy is accessible to the control plane and other data plane proxies in the same network. This can also be a hostname, in which case the control plane will periodically resolve it. type: string admin: description: >- Admin describes configuration related to Envoy Admin API. Due to security, all the Envoy Admin endpoints are exposed only on localhost. Additionally, Envoy will expose `/ready` endpoint on `networking.address` for health checking systems to be able to check the state of Envoy. The rest of the endpoints exposed on `networking.address` are always protected by mTLS and only meant to be consumed internally by the control plane. properties: port: description: Port on which Envoy Admin API server will be listening type: integer type: object advertisedAddress: description: >- In some situations, a data plane proxy resides in a private network (e.g. Docker) and is not reachable via `address` to other data plane proxies. `advertisedAddress` is configured with a routable address for such data plane proxy so that other proxies in the mesh can connect to it over `advertisedAddress` and not via address. Envoy still binds to the `address`, not `advertisedAddress`. type: string gateway: description: >- Gateway describes a configuration of the gateway of the data plane proxy. properties: tags: additionalProperties: type: string description: >- Tags associated with a gateway of this data plane to, e.g. `kuma.io/service=gateway`, `env=prod`. `kuma.io/service` tag is mandatory. type: object type: description: >- Type of gateway this data plane proxy manages. There are two types: `DELEGATED` and `BUILTIN`. Defaults to `DELEGATED`. A `DELEGATED` gateway is an independently deployed proxy (e.g., Kong, Contour, etc) that receives inbound traffic that is not proxied by Kuma, and it sends outbound traffic into the data plane proxy. The `BUILTIN` gateway type causes the data plane proxy itself to be configured as a gateway. See https://kuma.io/docs/latest/explore/gateway/ for more information. oneOf: - type: string - type: integer type: object inbound: description: >- Inbound describes a list of inbound interfaces of the data plane proxy. Inbound describes a service implemented by the data plane proxy. All incoming traffic to a data plane proxy is going through inbound listeners. For every defined Inbound there is a corresponding Envoy Listener. items: description: >- Inbound describes a service implemented by the data plane proxy. properties: address: description: |- Address on which inbound listener will be exposed. Defaults to `networking.address`. type: string health: description: >- Health describes the status of an inbound. If 'health' is nil we consider data plane proxy as healthy. Unhealthy data plane proxies are excluded from Endpoints Discovery Service (EDS). On Kubernetes, it is filled automatically by the control plane if Pod has readiness probe configured. On Universal, it can be set by the external health checking system, but the most common way is to use service probes. See https://kuma.io/docs/latest/documentation/health for more information. properties: ready: description: >- Ready indicates if the data plane proxy is ready to serve the traffic. type: boolean type: object name: description: >- Name adds another way of referencing this port, usable with MeshService type: string port: description: >- Port of the inbound interface that will forward requests to the service. When transparent proxying is used, it is a port on which the service is listening to. When transparent proxying is not used, Envoy will bind to this port. type: integer protocol: description: Protocol of the service (tcp, http, grpc, etc). type: string serviceAddress: description: >- Address of the service that requests will be forwarded to. Defaults to 'inbound.address', since Kuma DP should be deployed next to the service. type: string servicePort: description: >- Port of the service that requests will be forwarded to. Defaults to the same value as `port`. type: integer serviceProbe: description: >- ServiceProbe defines parameters for probing the service next to sidecar. When service probe is defined, Envoy will periodically health check the application next to it and report the status to the control plane. On Kubernetes, Kuma deployments rely on Kubernetes probes so this is not used. See https://kuma.io/docs/latest/documentation/health for more information. properties: healthyThreshold: description: >- Number of consecutive healthy checks before considering a host healthy. format: uint32 type: integer interval: description: Interval between consecutive health checks. properties: nanos: type: integer seconds: type: integer type: object tcp: description: >- Tcp checker tries to establish tcp connection with destination properties: {} type: object timeout: description: Maximum time to wait for a health check response. properties: nanos: type: integer seconds: type: integer type: object unhealthyThreshold: description: >- Number of consecutive unhealthy checks before considering a host unhealthy. format: uint32 type: integer type: object state: description: State describes the current state of the listener. oneOf: - type: string - type: integer tags: additionalProperties: type: string description: >- Tags associated with an application this data plane proxy is deployed next to, e.g. `kuma.io/service=web`, `version=1.0`. You can then reference these tags in policies like MeshTrafficPermission. `kuma.io/service` tag is mandatory. type: object type: object type: array listeners: description: >- Listeners describes zone proxy listeners embedded in this Dataplane. Listeners may coexist with inbounds and gateways. items: description: >- Listener describes a zone proxy listener (ZoneIngress or ZoneEgress) embedded in a regular Dataplane. properties: address: description: Address on which the listener will be exposed. type: string name: description: >- Name uniquely identifies this listener within the Dataplane and is used to reference it via sectionName in policies. Optional: if unset, the port value is used as the name (as a string). type: string port: description: Port on which the listener will be exposed. type: integer state: description: >- State describes the current health state of the listener. The control plane sets this based on the readiness of the underlying pod and sidecar container. oneOf: - type: string - type: integer type: description: >- Type determines the role of this listener: ZoneIngress for inbound cross-zone traffic or ZoneEgress for outbound external traffic. oneOf: - type: string - type: integer type: object type: array outbound: description: >- Outbound describes a list of services consumed by the data plane proxy. For every defined Outbound, there is a corresponding Envoy Listener. items: description: >- Outbound describes a service consumed by the data plane proxy. properties: address: description: >- IP on which the consumed service will be available to this data plane proxy. On Kubernetes, it's usually ClusterIP of a Service or PodIP of a Headless Service. Defaults to 127.0.0.1 type: string backendRef: description: |- BackendRef is a way to target MeshService. Experimental. Do not use on production yet. properties: kind: description: >- Kind is a type of the object to target. Allowed: MeshService type: string labels: additionalProperties: type: string description: >- Labels to select a single object. If no object is selected then outbound is not created. If multiple objects are selected then the oldest one is used. type: object name: description: Name of the targeted object type: string port: description: >- Port of the targeted object. Required when kind is MeshService. type: integer type: object port: description: >- Port on which the consumed service will be available to this data plane proxy. When transparent proxying is not used, Envoy will bind to this port. type: integer tags: additionalProperties: type: string description: >- Tags of consumed data plane proxies. `kuma.io/service` tag is required. These tags can then be referenced in `destinations` section of policies like TrafficRoute or in `to` section in policies like MeshAccessLog. It is recommended to only use `kuma.io/service`. If you need to consume specific data plane proxy of a service (for example: `version=v2`) the better practice is to use TrafficRoute. type: object type: object type: array transparentProxying: description: >- TransparentProxying describes the configuration for transparent proxying. It is used by default on Kubernetes. properties: directAccessServices: description: >- List of services that will be accessed directly via IP:PORT Use `*` to indicate direct access to every service in the Mesh. Using `*` to directly access every service is a resource-intensive operation, use it only if needed. items: type: string type: array ipFamilyMode: description: >- The IP family mode to enable for. Can be "IPv4" or "DualStack". oneOf: - type: string - type: integer reachableBackends: description: >- Reachable backend via transparent proxy when running with MeshExternalService, MeshService and MeshMultiZoneService. Setting an explicit list of refs can dramatically improve the performance of the mesh. If not specified, all services in the mesh are reachable. properties: refs: items: properties: kind: description: "Type of the backend: MeshService or MeshExternalService\n\n\t+required" type: string labels: additionalProperties: type: string description: "Labels used to select backends\n\n\t+optional" type: object name: description: "Name of the backend.\n\n\t+optional" type: string namespace: description: "Namespace of the backend. Might be empty\n\n\t+optional" type: string port: description: "Port of the backend.\n\n\t+optional" format: uint32 type: integer type: object type: array type: object reachableServices: description: >- List of reachable services (represented by the value of `kuma.io/service`) via transparent proxying. Setting an explicit list can dramatically improve the performance of the mesh. If not specified, all services in the mesh are reachable. items: type: string type: array redirectPortInbound: description: >- Port on which all inbound traffic is being transparently redirected. type: integer redirectPortOutbound: description: >- Port on which all outbound traffic is being transparently redirected. type: integer type: object type: object probes: description: >- Probes describe a list of endpoints that will be exposed without mTLS. This is useful to expose the health endpoints of the application so the orchestration system (e.g. Kubernetes) can still health check the application. See https://kuma.io/docs/latest/policies/service-health-probes/#virtual-probes for more information. Deprecated: this feature will be removed for Universal; on Kubernetes, it's not needed anymore. properties: endpoints: description: List of endpoints to expose without mTLS. items: properties: inboundPath: description: >- Inbound path is a path of the application from which we expose the endpoint. It is recommended to be as specific as possible. type: string inboundPort: description: >- Inbound port is a port of the application from which we expose the endpoint. type: integer path: description: >- Path is a path on which we expose inbound path on the probes port. type: string type: object type: array port: description: >- Port on which the probe endpoints will be exposed. This cannot overlap with any other ports. type: integer type: object type: object dataplaneInsight: properties: mTLS: description: Insights about mTLS for Dataplane. properties: certificateExpirationTime: description: >- Expiration time of the last certificate that was generated for a Dataplane. properties: nanos: type: integer seconds: type: integer type: object certificateRegenerations: description: Number of certificate regenerations for a Dataplane. type: integer issuedBackend: description: Backend that was used to generate current certificate type: string lastCertificateRegeneration: description: Time on which the last certificate was generated. properties: nanos: type: integer seconds: type: integer type: object supportedBackends: description: Supported backends (CA). items: type: string type: array type: object metadata: properties: {} type: object openTelemetry: description: Insights about OTel runtime resolution for this Dataplane. properties: backends: items: properties: logs: properties: blockedReasons: items: type: string type: array enabled: type: boolean envAllowed: type: boolean envInputPresent: type: boolean missingFields: items: type: string type: array overrideKinds: items: type: string type: array state: type: string type: object metrics: properties: blockedReasons: items: type: string type: array enabled: type: boolean envAllowed: type: boolean envInputPresent: type: boolean missingFields: items: type: string type: array overrideKinds: items: type: string type: array state: type: string type: object name: type: string traces: properties: blockedReasons: items: type: string type: array enabled: type: boolean envAllowed: type: boolean envInputPresent: type: boolean missingFields: items: type: string type: array overrideKinds: items: type: string type: array state: type: string type: object type: object type: array type: object subscriptions: description: List of ADS subscriptions created by a given Dataplane. items: description: >- DiscoverySubscription describes a single ADS subscription created by a Dataplane to the Control Plane. properties: connectTime: description: >- Time when a given Dataplane connected to the Control Plane. properties: nanos: type: integer seconds: type: integer type: object controlPlaneInstanceId: description: Control Plane instance that handled given subscription. type: string disconnectTime: description: >- Time when a given Dataplane disconnected from the Control Plane. properties: nanos: type: integer seconds: type: integer type: object generation: description: >- Generation is an integer number which is periodically increased by the status sink type: integer id: description: Unique id per ADS subscription. type: string status: description: Status of the ADS subscription. properties: cds: description: CDS defines all CDS stats. properties: responsesAcknowledged: description: Number of xDS responses ACKed by the Dataplane. type: integer responsesRejected: description: Number of xDS responses NACKed by the Dataplane. type: integer responsesSent: description: Number of xDS responses sent to the Dataplane. type: integer type: object eds: description: EDS defines all EDS stats. properties: responsesAcknowledged: description: Number of xDS responses ACKed by the Dataplane. type: integer responsesRejected: description: Number of xDS responses NACKed by the Dataplane. type: integer responsesSent: description: Number of xDS responses sent to the Dataplane. type: integer type: object lastUpdateTime: description: >- Time when status of a given ADS subscription was most recently updated. properties: nanos: type: integer seconds: type: integer type: object lds: description: LDS defines all LDS stats. properties: responsesAcknowledged: description: Number of xDS responses ACKed by the Dataplane. type: integer responsesRejected: description: Number of xDS responses NACKed by the Dataplane. type: integer responsesSent: description: Number of xDS responses sent to the Dataplane. type: integer type: object rds: description: RDS defines all RDS stats. properties: responsesAcknowledged: description: Number of xDS responses ACKed by the Dataplane. type: integer responsesRejected: description: Number of xDS responses NACKed by the Dataplane. type: integer responsesSent: description: Number of xDS responses sent to the Dataplane. type: integer type: object total: description: Total defines an aggregate over individual xDS stats. properties: responsesAcknowledged: description: Number of xDS responses ACKed by the Dataplane. type: integer responsesRejected: description: Number of xDS responses NACKed by the Dataplane. type: integer responsesSent: description: Number of xDS responses sent to the Dataplane. type: integer type: object type: object version: description: Version of Envoy and Kuma dataplane properties: dependencies: additionalProperties: type: string description: Versions of other dependencies, i.e. CoreDNS type: object envoy: description: Version of Envoy properties: build: description: Full build tag of Envoy version type: string kumaDpCompatible: description: >- True iff Envoy version is compatible with Kuma DP version type: boolean version: description: Version number of Envoy type: string type: object kumaDp: description: Version of Kuma Dataplane properties: buildDate: description: Build date of Kuma Dataplane version type: string gitCommit: description: Git commit of Kuma Dataplane version type: string gitTag: description: Git tag of Kuma Dataplane version type: string kumaCpCompatible: description: >- True iff Kuma DP version is compatible with Kuma CP version type: boolean version: description: Version number of Kuma Dataplane type: string type: object type: object type: object type: array type: object type: object SecretItem: properties: data: description: Value of the secret format: byte type: string labels: additionalProperties: type: string type: object mesh: type: string name: type: string type: type: string required: - type - name - mesh type: object HostnameGeneratorItem: type: object description: >- HostnameGenerator automatically generates DNS hostnames for services in the mesh based on customizable templates. It provides a consistent naming scheme for service discovery by creating predictable hostnames from service labels and metadata, supporting both MeshService, MeshExternalService, and MeshMultiZoneService resources. required: - type - name - spec properties: type: description: the type of the resource type: string enum: - HostnameGenerator kri: description: >- A unique identifier for this resource instance used by internal tooling and integrations. Typically derived from resource attributes and may be used for cross-references or indexing type: string readOnly: true example: kri_hg___kuma-system_myresource1_ name: description: Name of the Kuma resource type: string labels: additionalProperties: type: string description: The labels to help identity resources type: object spec: description: Spec is the specification of the Kuma HostnameGenerator resource. properties: extension: description: Extension struct for a plugin configuration properties: config: description: Config freeform configuration for the extension. x-kubernetes-preserve-unknown-fields: true type: description: Type of the extension. type: string required: - type type: object selector: properties: meshExternalService: properties: matchLabels: additionalProperties: type: string type: object type: object meshMultiZoneService: properties: matchLabels: additionalProperties: type: string type: object type: object meshService: properties: matchLabels: additionalProperties: type: string type: object type: object type: object template: type: string required: - template type: object creationTime: readOnly: true type: string description: Time at which the resource was created format: date-time example: '0001-01-01T00:00:00Z' modificationTime: readOnly: true type: string description: Time at which the resource was updated format: date-time example: '0001-01-01T00:00:00Z' MeshExternalServiceItem: type: object description: >- MeshExternalService represents external services (outside the mesh) that mesh services can communicate with securely. It enables mesh services to reach external APIs, databases, or third-party services by defining endpoints, ports, protocols, and optional TLS configuration for secure outbound connections with hostname-based routing support. required: - type - name - spec properties: type: description: the type of the resource type: string enum: - MeshExternalService mesh: description: >- Mesh is the name of the Kuma mesh this resource belongs to. It may be omitted for cluster-scoped resources. type: string default: default kri: description: >- A unique identifier for this resource instance used by internal tooling and integrations. Typically derived from resource attributes and may be used for cross-references or indexing type: string readOnly: true example: kri_extsvc_default_zone-east_kuma-system_myresource1_ name: description: Name of the Kuma resource type: string labels: additionalProperties: type: string description: The labels to help identity resources type: object spec: description: Spec is the specification of the Kuma MeshExternalService resource. properties: endpoints: description: Endpoints defines a list of destinations to send traffic to. items: properties: address: description: >- Address defines an address to which a user want to send a request. Is possible to provide `domain`, `ip`. example: example.com minLength: 1 type: string port: description: Port of the endpoint format: int32 maximum: 65535 minimum: 1 type: integer priority: description: >- Priority maps to Envoy's priority levels to enable endpoint failover. Lower values have higher priority (0 is the default/primary). When the primary endpoints become unhealthy, traffic fails over to the next priority level. format: int32 maximum: 128 minimum: 0 type: integer required: - address - port type: object type: array extension: description: >- Extension struct for a plugin configuration, in the presence of an extension `endpoints` and `tls` are not required anymore - it's up to the extension to validate them independently. properties: config: description: Config freeform configuration for the extension. x-kubernetes-preserve-unknown-fields: true type: description: Type of the extension. type: string required: - type type: object match: description: Match defines traffic that should be routed through the sidecar. properties: port: description: Port defines a port to which a user does request. format: int32 maximum: 65535 minimum: 1 type: integer protocol: default: tcp description: >- Protocol defines a protocol of the communication. Possible values: `tcp`, `grpc`, `http`, `http2`. enum: - tcp - grpc - http - http2 type: string type: default: HostnameGenerator description: >- Type of the match, only `HostnameGenerator` is available at the moment. enum: - HostnameGenerator type: string required: - port type: object tls: description: >- Tls provides a TLS configuration when proxy is resposible for a TLS origination properties: allowRenegotiation: default: false description: >- AllowRenegotiation defines if TLS sessions will allow renegotiation. Setting this to true is not recommended for security reasons. type: boolean enabled: default: false description: Enabled defines if proxy should originate TLS. type: boolean verification: description: Verification section for providing TLS verification details. properties: caCert: description: CaCert defines a certificate of CA. properties: inline: description: Data source is inline bytes. format: byte type: string inlineString: description: Data source is inline string` type: string secret: description: Data source is a secret with given Secret key. type: string type: object clientCert: description: ClientCert defines a certificate of a client. properties: inline: description: Data source is inline bytes. format: byte type: string inlineString: description: Data source is inline string` type: string secret: description: Data source is a secret with given Secret key. type: string type: object clientKey: description: ClientKey defines a client private key. properties: inline: description: Data source is inline bytes. format: byte type: string inlineString: description: Data source is inline string` type: string secret: description: Data source is a secret with given Secret key. type: string type: object mode: default: Secured description: >- Mode defines if proxy should skip verification, one of `SkipSAN`, `SkipCA`, `Secured`, `SkipAll`. Default `Secured`. enum: - SkipSAN - SkipCA - Secured - SkipAll type: string serverName: description: >- ServerName overrides the default Server Name Indicator set by Kuma. type: string subjectAltNames: description: >- SubjectAltNames list of names to verify in the certificate. items: properties: type: default: Exact description: >- Type specifies matching type, one of `Exact`, `Prefix`. Default: `Exact` enum: - Exact - Prefix type: string value: description: Value to match. type: string required: - value type: object type: array type: object version: description: Version section for providing version specification. properties: max: default: TLSAuto description: >- Max defines maximum supported version. One of `TLSAuto`, `TLS10`, `TLS11`, `TLS12`, `TLS13`. enum: - TLSAuto - TLS10 - TLS11 - TLS12 - TLS13 type: string min: default: TLSAuto description: >- Min defines minimum supported version. One of `TLSAuto`, `TLS10`, `TLS11`, `TLS12`, `TLS13`. enum: - TLSAuto - TLS10 - TLS11 - TLS12 - TLS13 type: string type: object type: object required: - match type: object creationTime: readOnly: true type: string description: Time at which the resource was created format: date-time example: '0001-01-01T00:00:00Z' modificationTime: readOnly: true type: string description: Time at which the resource was updated format: date-time example: '0001-01-01T00:00:00Z' status: description: >- Status is the current status of the Kuma MeshExternalService resource. properties: addresses: description: Addresses section for generated domains items: properties: hostname: type: string hostnameGeneratorRef: properties: coreName: type: string required: - coreName type: object origin: type: string type: object type: array hostnameGenerators: items: properties: conditions: description: Conditions is an array of hostname generator conditions. items: properties: message: description: >- message is a human readable message indicating details about the transition. This may be an empty string. maxLength: 32768 type: string reason: description: >- reason contains a programmatic identifier indicating the reason for the condition's last transition. Producers of specific condition types may define expected values and meanings for this field, and whether the values are considered a guaranteed API. The value should be a CamelCase string. This field may not be empty. maxLength: 1024 minLength: 1 pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$ type: string status: description: >- status of the condition, one of True, False, Unknown. enum: - 'True' - 'False' - Unknown type: string type: description: >- type of condition in CamelCase or in foo.example.com/CamelCase. maxLength: 316 pattern: >- ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$ type: string required: - message - reason - status - type type: object type: array x-kubernetes-list-map-keys: - type x-kubernetes-list-type: map hostnameGeneratorRef: properties: coreName: type: string required: - coreName type: object required: - hostnameGeneratorRef type: object type: array vip: description: Vip section for allocated IP properties: ip: description: >- Value allocated IP for a provided domain with `HostnameGenerator` type in a match section. type: string type: object type: object readOnly: true MeshIdentityItem: type: object description: >- MeshIdentity manages service identity and certificate provisioning for workloads in the mesh. It configures how services obtain their identity certificates, supporting multiple providers including bundled certificates (self-signed or user-provided CA), SPIRE integration, and custom SPIFFE ID configuration for secure service-to-service authentication. required: - type - name - spec properties: type: description: the type of the resource type: string enum: - MeshIdentity mesh: description: >- Mesh is the name of the Kuma mesh this resource belongs to. It may be omitted for cluster-scoped resources. type: string default: default kri: description: >- A unique identifier for this resource instance used by internal tooling and integrations. Typically derived from resource attributes and may be used for cross-references or indexing type: string readOnly: true example: kri_mid_default_zone-east_kuma-system_myresource1_ name: description: Name of the Kuma resource type: string labels: additionalProperties: type: string description: The labels to help identity resources type: object spec: description: Spec is the specification of the Kuma MeshIdentity resource. properties: provider: properties: bundled: description: >- Bundled provides information about certificates that are generated by the control plane, either autogenerated or provided by the user. properties: autogenerate: description: >- Autogenerate configures the control plane to use self-signed certificates. properties: enabled: type: boolean type: object ca: description: CA has configuration related to the CA properties: certificate: description: >- Certificate allows the user to specify a custom certificate. properties: envVar: properties: name: type: string required: - name type: object file: properties: path: type: string required: - path type: object insecureInline: properties: value: type: string required: - value type: object secretRef: properties: kind: enum: - Secret type: string name: type: string required: - kind - name type: object type: enum: - File - Secret - EnvVar - InsecureInline type: string required: - type type: object privateKey: description: >- PrivateKey allows the user to specify a custom private key. properties: envVar: properties: name: type: string required: - name type: object file: properties: path: type: string required: - path type: object insecureInline: properties: value: type: string required: - value type: object secretRef: properties: kind: enum: - Secret type: string name: type: string required: - kind - name type: object type: enum: - File - Secret - EnvVar - InsecureInline type: string required: - type type: object type: object certificateParameters: description: >- CertificateParameters allows users to define certificate generation parameters. properties: expiry: type: string type: object insecureAllowSelfSigned: description: >- InsecureAllowSelfSigned allows users to enable the use of self-signed certificates. type: boolean meshTrustCreation: description: >- MeshTrustCreation defines whether a MeshTrust resource should be automatically created from an existing MeshIdentity. If not defined, the control plane automatically generates a MeshTrust. enum: - Enabled - Disabled type: string type: object extension: description: Extension indicates that custom provider is used. properties: config: description: Config is a freeform configuration for the extension. x-kubernetes-preserve-unknown-fields: true name: description: Name is the name of the extension provider. type: string required: - name type: object spire: description: Spire indicates that SPIRE is used for certificate delivery. properties: agent: description: Spire agent configuration properties: timeout: description: >- Connection timeout to the socket exposed by Spire agent Default 1 second. type: string type: object type: object type: description: Type specifies the type of certificate provider. enum: - Bundled - Spire - Extension type: string required: - type type: object selector: properties: dataplane: properties: matchLabels: additionalProperties: type: string type: object type: object type: object spiffeID: properties: path: type: string trustDomain: type: string type: object type: object creationTime: readOnly: true type: string description: Time at which the resource was created format: date-time example: '0001-01-01T00:00:00Z' modificationTime: readOnly: true type: string description: Time at which the resource was updated format: date-time example: '0001-01-01T00:00:00Z' status: description: Status is the current status of the Kuma MeshIdentity resource. properties: conditions: description: Conditions is an array of hostname generator conditions. items: properties: message: description: >- message is a human readable message indicating details about the transition. This may be an empty string. maxLength: 32768 type: string reason: description: >- reason contains a programmatic identifier indicating the reason for the condition's last transition. Producers of specific condition types may define expected values and meanings for this field, and whether the values are considered a guaranteed API. The value should be a CamelCase string. This field may not be empty. maxLength: 1024 minLength: 1 pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$ type: string status: description: status of the condition, one of True, False, Unknown. enum: - 'True' - 'False' - Unknown type: string type: description: >- type of condition in CamelCase or in foo.example.com/CamelCase. maxLength: 316 pattern: >- ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$ type: string required: - message - reason - status - type type: object type: array x-kubernetes-list-map-keys: - type x-kubernetes-list-type: map type: object readOnly: true MeshMultiZoneServiceItem: type: object description: >- MeshMultiZoneService provides global load balancing and service discovery across multiple zones in a multi-zone mesh deployment. It aggregates MeshServices from different zones by label selectors, creating a unified service endpoint with automatic VIP assignment and hostname generation for cross-zone communication and failover. MeshMultizoneServices are only created on global required: - type - name - spec properties: type: description: the type of the resource type: string enum: - MeshMultiZoneService mesh: description: >- Mesh is the name of the Kuma mesh this resource belongs to. It may be omitted for cluster-scoped resources. type: string default: default kri: description: >- A unique identifier for this resource instance used by internal tooling and integrations. Typically derived from resource attributes and may be used for cross-references or indexing type: string readOnly: true example: kri_mzsvc_default_zone-east_kuma-demo_myresource1_ name: description: Name of the Kuma resource type: string labels: additionalProperties: type: string description: The labels to help identity resources type: object spec: description: Spec is the specification of the Kuma MeshMultiZoneService resource. properties: ports: description: Ports is a list of ports from selected MeshServices items: properties: appProtocol: default: tcp description: Protocol identifies a protocol supported by a service. type: string name: type: string port: format: int32 type: integer required: - port type: object minItems: 1 type: array selector: description: Selector is a way to select multiple MeshServices properties: meshService: description: MeshService selects MeshServices properties: matchLabels: additionalProperties: type: string type: object type: object required: - meshService type: object required: - ports - selector type: object creationTime: readOnly: true type: string description: Time at which the resource was created format: date-time example: '0001-01-01T00:00:00Z' modificationTime: readOnly: true type: string description: Time at which the resource was updated format: date-time example: '0001-01-01T00:00:00Z' status: description: >- Status is the current status of the Kuma MeshMultiZoneService resource. properties: addresses: description: Addresses is a list of addresses generated by HostnameGenerator items: properties: hostname: type: string hostnameGeneratorRef: properties: coreName: type: string required: - coreName type: object origin: type: string type: object type: array conditions: description: Conditions is an array of current conditions items: properties: message: description: >- message is a human readable message indicating details about the transition. This may be an empty string. maxLength: 32768 type: string reason: description: >- reason contains a programmatic identifier indicating the reason for the condition's last transition. Producers of specific condition types may define expected values and meanings for this field, and whether the values are considered a guaranteed API. The value should be a CamelCase string. This field may not be empty. maxLength: 1024 minLength: 1 pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$ type: string status: description: status of the condition, one of True, False, Unknown. enum: - 'True' - 'False' - Unknown type: string type: description: >- type of condition in CamelCase or in foo.example.com/CamelCase. maxLength: 316 pattern: >- ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$ type: string required: - message - reason - status - type type: object type: array hostnameGenerators: description: Status of hostnames generator applied on this resource items: properties: conditions: description: Conditions is an array of hostname generator conditions. items: properties: message: description: >- message is a human readable message indicating details about the transition. This may be an empty string. maxLength: 32768 type: string reason: description: >- reason contains a programmatic identifier indicating the reason for the condition's last transition. Producers of specific condition types may define expected values and meanings for this field, and whether the values are considered a guaranteed API. The value should be a CamelCase string. This field may not be empty. maxLength: 1024 minLength: 1 pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$ type: string status: description: >- status of the condition, one of True, False, Unknown. enum: - 'True' - 'False' - Unknown type: string type: description: >- type of condition in CamelCase or in foo.example.com/CamelCase. maxLength: 316 pattern: >- ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$ type: string required: - message - reason - status - type type: object type: array x-kubernetes-list-map-keys: - type x-kubernetes-list-type: map hostnameGeneratorRef: properties: coreName: type: string required: - coreName type: object required: - hostnameGeneratorRef type: object type: array meshServices: description: MeshServices is a list of matched MeshServices items: properties: mesh: type: string name: description: Name is a core name of MeshService type: string namespace: type: string zone: type: string required: - mesh - name - namespace - zone type: object type: array vips: description: VIPs is a list of assigned Kuma VIPs. items: properties: ip: type: string type: object type: array type: object readOnly: true MeshOpenTelemetryBackendItem: type: object description: >- MeshOpenTelemetryBackend defines a shared OTel collector endpoint for observability policies. An empty spec is valid and represents the node-local default flow (kuma-dp resolves the address at runtime using HOST_IP or 127.0.0.1). required: - type - name - spec properties: type: description: the type of the resource type: string enum: - MeshOpenTelemetryBackend mesh: description: >- Mesh is the name of the Kuma mesh this resource belongs to. It may be omitted for cluster-scoped resources. type: string default: default kri: description: >- A unique identifier for this resource instance used by internal tooling and integrations. Typically derived from resource attributes and may be used for cross-references or indexing type: string readOnly: true example: kri_motb_default_zone-east_kuma-system_myresource1_ name: description: Name of the Kuma resource type: string labels: additionalProperties: type: string description: The labels to help identity resources type: object spec: description: >- Spec is the specification of the Kuma MeshOpenTelemetryBackend resource. properties: endpoint: description: >- Endpoint optionally defines the OTel collector address and port. When omitted, the CP defaults port to 4317 and leaves address empty; kuma-dp resolves the address at runtime using HOST_IP or 127.0.0.1. properties: address: description: >- Address of the OTel collector (hostname or IP). When omitted, kuma-dp resolves it at runtime using HOST_IP or 127.0.0.1. type: string path: description: >- Path is an optional base path prefix for HTTP endpoints. The CP appends signal-specific suffixes (/v1/traces, /v1/metrics, /v1/logs). Non-empty value is rejected by validation when protocol is grpc. type: string port: description: Port of the OTel collector. Defaults to 4317 when omitted. format: int32 type: integer type: object env: description: >- Env controls whether standard OTEL exporter env vars participate in the final exporter config for this backend. properties: allowSignalOverrides: description: >- AllowSignalOverrides controls whether signal-specific OTEL env vars such as `OTEL_EXPORTER_OTLP_TRACES_*` may diverge from the shared config. type: boolean mode: default: Optional description: >- Mode controls whether OTEL env vars are ignored, allowed, or required. enum: - Disabled - Optional - Required type: string precedence: default: EnvFirst description: >- Precedence controls whether explicit backend fields or env vars win when both are present for the same field. enum: - ExplicitFirst - EnvFirst type: string type: object protocol: description: >- Protocol selects gRPC or HTTP transport for the collector connection. Defaults to grpc when omitted. enum: - grpc - http type: string type: object creationTime: readOnly: true type: string description: Time at which the resource was created format: date-time example: '0001-01-01T00:00:00Z' modificationTime: readOnly: true type: string description: Time at which the resource was updated format: date-time example: '0001-01-01T00:00:00Z' status: description: >- Status is the current status of the Kuma MeshOpenTelemetryBackend resource. properties: conditions: items: properties: message: description: >- message is a human readable message indicating details about the transition. This may be an empty string. maxLength: 32768 type: string reason: description: >- reason contains a programmatic identifier indicating the reason for the condition's last transition. Producers of specific condition types may define expected values and meanings for this field, and whether the values are considered a guaranteed API. The value should be a CamelCase string. This field may not be empty. maxLength: 1024 minLength: 1 pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$ type: string status: description: status of the condition, one of True, False, Unknown. enum: - 'True' - 'False' - Unknown type: string type: description: >- type of condition in CamelCase or in foo.example.com/CamelCase. maxLength: 316 pattern: >- ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$ type: string required: - message - reason - status - type type: object type: array type: object readOnly: true MeshServiceItem: type: object description: >- MeshService represents a service in the mesh with its connectivity and health information. It defines service endpoints by selecting data plane proxies through labels or direct references, configures service ports and protocols, tracks service availability and health status, and provides automatic VIP assignment and hostname generation for service discovery. required: - type - name - spec properties: type: description: the type of the resource type: string enum: - MeshService mesh: description: >- Mesh is the name of the Kuma mesh this resource belongs to. It may be omitted for cluster-scoped resources. type: string default: default kri: description: >- A unique identifier for this resource instance used by internal tooling and integrations. Typically derived from resource attributes and may be used for cross-references or indexing type: string readOnly: true example: kri_msvc_default_zone-east_kuma-demo_myresource1_ name: description: Name of the Kuma resource type: string labels: additionalProperties: type: string description: The labels to help identity resources type: object spec: description: Spec is the specification of the Kuma MeshService resource. properties: identities: items: properties: type: enum: - ServiceTag - SpiffeID type: string value: type: string required: - type - value type: object type: array ports: items: properties: appProtocol: default: tcp description: Protocol identifies a protocol supported by a service. type: string name: type: string port: format: int32 type: integer targetPort: anyOf: - type: integer - type: string x-kubernetes-int-or-string: true required: - port type: object type: array x-kubernetes-list-map-keys: - port - appProtocol x-kubernetes-list-type: map selector: properties: dataplaneLabels: properties: matchLabels: additionalProperties: type: string type: object type: object dataplaneRef: properties: name: type: string type: object dataplaneTags: additionalProperties: type: string type: object type: object state: default: Unavailable description: >- State of MeshService. Available if there is at least one healthy endpoint. Otherwise, Unavailable. It's used for cross zone communication to check if we should send traffic to it, when MeshService is aggregated into MeshMultiZoneService. enum: - Available - Unavailable type: string type: object creationTime: readOnly: true type: string description: Time at which the resource was created format: date-time example: '0001-01-01T00:00:00Z' modificationTime: readOnly: true type: string description: Time at which the resource was updated format: date-time example: '0001-01-01T00:00:00Z' status: description: Status is the current status of the Kuma MeshService resource. properties: addresses: items: properties: hostname: type: string hostnameGeneratorRef: properties: coreName: type: string required: - coreName type: object origin: type: string type: object type: array dataplaneProxies: description: Data plane proxies statistics selected by this MeshService. properties: connected: description: >- Number of data plane proxies connected to the zone control plane type: integer healthy: description: >- Number of data plane proxies with all healthy inbounds selected by this MeshService. type: integer total: description: Total number of data plane proxies. type: integer type: object hostnameGenerators: items: properties: conditions: description: Conditions is an array of hostname generator conditions. items: properties: message: description: >- message is a human readable message indicating details about the transition. This may be an empty string. maxLength: 32768 type: string reason: description: >- reason contains a programmatic identifier indicating the reason for the condition's last transition. Producers of specific condition types may define expected values and meanings for this field, and whether the values are considered a guaranteed API. The value should be a CamelCase string. This field may not be empty. maxLength: 1024 minLength: 1 pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$ type: string status: description: >- status of the condition, one of True, False, Unknown. enum: - 'True' - 'False' - Unknown type: string type: description: >- type of condition in CamelCase or in foo.example.com/CamelCase. maxLength: 316 pattern: >- ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$ type: string required: - message - reason - status - type type: object type: array x-kubernetes-list-map-keys: - type x-kubernetes-list-type: map hostnameGeneratorRef: properties: coreName: type: string required: - coreName type: object required: - hostnameGeneratorRef type: object type: array tls: properties: status: enum: - Ready - NotReady type: string type: object vips: items: properties: ip: type: string type: object type: array type: object readOnly: true MeshTrustItem: type: object description: >- MeshTrust defines trusted Certificate Authority (CA) bundles for a trust domain in the mesh. It establishes trust relationships for service-to-service mTLS authentication by specifying which CA certificates are trusted to verify service identities, supporting PEM-encoded CA bundles and enabling secure cross-service communication within the trust domain. required: - type - name - spec properties: type: description: the type of the resource type: string enum: - MeshTrust mesh: description: >- Mesh is the name of the Kuma mesh this resource belongs to. It may be omitted for cluster-scoped resources. type: string default: default kri: description: >- A unique identifier for this resource instance used by internal tooling and integrations. Typically derived from resource attributes and may be used for cross-references or indexing type: string readOnly: true example: kri_mtrust_default_zone-east_kuma-system_myresource1_ name: description: Name of the Kuma resource type: string labels: additionalProperties: type: string description: The labels to help identity resources type: object spec: description: Spec is the specification of the Kuma MeshTrust resource. properties: caBundles: description: >- CABundles contains a list of CA bundles supported by this TrustDomain. At least one CA bundle must be specified. items: properties: pem: description: >- Pem contains the PEM-encoded CA bundle if the Type is set to a PEM-based format. properties: value: description: Value holds the PEM-encoded CA bundle as a string. type: string required: - value type: object type: description: Type specifies the format or source type of the CA bundle. enum: - Pem type: string required: - type type: object minItems: 1 type: array origin: description: >- Origin specifies whether the resource was created from a MeshIdentity. Deprecated: use Status.Origin instead properties: kri: description: Resource identifier type: string type: object trustDomain: description: TrustDomain is the trust domain associated with this resource. maxLength: 253 type: string required: - caBundles - trustDomain type: object creationTime: readOnly: true type: string description: Time at which the resource was created format: date-time example: '0001-01-01T00:00:00Z' modificationTime: readOnly: true type: string description: Time at which the resource was updated format: date-time example: '0001-01-01T00:00:00Z' status: description: Status is the current status of the Kuma MeshTrust resource. properties: origin: description: >- Origin specifies whether the resource was created from a MeshIdentity. properties: kri: description: Resource identifier type: string type: object type: object readOnly: true MeshZoneAddressItem: type: object description: >- MeshZoneAddress holds the public address and port for a mesh-scoped zone ingress proxy. required: - type - name - spec properties: type: description: the type of the resource type: string enum: - MeshZoneAddress mesh: description: >- Mesh is the name of the Kuma mesh this resource belongs to. It may be omitted for cluster-scoped resources. type: string default: default kri: description: >- A unique identifier for this resource instance used by internal tooling and integrations. Typically derived from resource attributes and may be used for cross-references or indexing type: string readOnly: true example: kri_mza_default_zone-east_kuma-demo_myresource1_ name: description: Name of the Kuma resource type: string labels: additionalProperties: type: string description: The labels to help identity resources type: object spec: description: Spec is the specification of the Kuma MeshZoneAddress resource. properties: address: description: Address is the publicly reachable address of the zone ingress. minLength: 1 type: string port: description: Port is the publicly reachable port of the zone ingress. format: int32 maximum: 65535 minimum: 1 type: integer required: - address - port type: object creationTime: readOnly: true type: string description: Time at which the resource was created format: date-time example: '0001-01-01T00:00:00Z' modificationTime: readOnly: true type: string description: Time at which the resource was updated format: date-time example: '0001-01-01T00:00:00Z' WorkloadItem: type: object description: >- Workload represents a logical grouping of data plane proxies in the mesh, providing visibility into their operational status. It tracks statistics about the data plane proxies that belong to a workload, including the number of connected, healthy, and total proxies, enabling monitoring and health assessment of your workload deployments. Workloads is also the primary way data-planes are grouped together in metrics and traces. required: - type - name - spec properties: type: description: the type of the resource type: string enum: - Workload mesh: description: >- Mesh is the name of the Kuma mesh this resource belongs to. It may be omitted for cluster-scoped resources. type: string default: default kri: description: >- A unique identifier for this resource instance used by internal tooling and integrations. Typically derived from resource attributes and may be used for cross-references or indexing type: string readOnly: true example: kri_wl_default_zone-east_kuma-demo_myresource1_ name: description: Name of the Kuma resource type: string labels: additionalProperties: type: string description: The labels to help identity resources type: object spec: description: Spec is the specification of the Kuma Workload resource. type: object creationTime: readOnly: true type: string description: Time at which the resource was created format: date-time example: '0001-01-01T00:00:00Z' modificationTime: readOnly: true type: string description: Time at which the resource was updated format: date-time example: '0001-01-01T00:00:00Z' status: description: Status is the current status of the Kuma Workload resource. properties: dataplaneProxies: description: >- DataplaneProxies defines statistics of data plane proxies that are part of this workload properties: connected: description: Connected defines number of connected data plane proxies format: int32 type: integer healthy: description: >- Healthy defines number of healthy data plane proxies for this workload format: int32 type: integer total: description: >- Total defines total number of data plane proxies for this workload format: int32 type: integer required: - connected - healthy - total type: object type: object readOnly: true responses: IndexResponse: description: A response for the index endpoint content: application/json: schema: $ref: '#/components/schemas/Index' ResourceTypeDescriptionListResponse: description: A response containing a list of all resources installed in Kuma content: application/json: schema: $ref: '#/components/schemas/ResourceTypeDescriptionList' GlobalInsightResponse: description: A response containing global insight. content: application/json: schema: $ref: '#/components/schemas/GlobalInsightBase' examples: Single control plane response: $ref: '#/components/examples/GlobalInsightExample' InspectDataplanesForPolicyResponse: description: A response containing dataplanes that match a policy. content: application/json: schema: $ref: '#/components/schemas/InspectDataplanesForPolicy' examples: ResponseForDataplane: $ref: '#/components/examples/InspectDataplanesForPolicyExample' GetDataplaneXDSConfigResponse: description: Successfully retrieved proxy XDS config. content: application/json: schema: $ref: '#/components/schemas/DataplaneXDSConfig' InspectRulesResponse: description: A response containing policies that match a resource content: application/json: schema: $ref: '#/components/schemas/InspectRules' InspectHostnamesResponse: description: A response containing hostnames that match a service. content: application/json: schema: $ref: '#/components/schemas/InspectHostnames' examples: ResponseForHostnames: $ref: '#/components/examples/InspectHostnamesExample' DataplaneNetworkingLayoutResponse: description: A response containing dataplane networking layout. content: application/json: schema: $ref: '#/components/schemas/DataplaneNetworkingLayout' ProxyPolicyConfResponse: description: A response containing policies configuration for selected dataplane content: application/json: schema: $ref: '#/components/schemas/PoliciesList' InboundPolicyConfResponse: description: A response containing policies configuration for selected inbound content: application/json: schema: $ref: '#/components/schemas/InboundPoliciesList' OutboundPolicyConfResponse: description: A response containing policies configuration for selected outbound content: application/json: schema: $ref: '#/components/schemas/PoliciesList' RoutesListResponse: description: A response containing routes configuration for selected outbound content: application/json: schema: $ref: '#/components/schemas/RoutesList' RoutePolicyConfResponse: description: A response containing policies configuration for selected route content: application/json: schema: $ref: '#/components/schemas/PoliciesList' BadRequest: description: Bad Request content: application/problem+json: schema: $ref: '#/components/schemas/Error' Internal: description: Internal Server Error content: application/problem+json: schema: $ref: '#/components/schemas/Error' NotFound: description: Not Found content: application/problem+json: schema: $ref: '#/components/schemas/NotFoundError' MeshAccessLogItem: description: Successful response content: application/json: schema: $ref: '#/components/schemas/MeshAccessLogItem' MeshAccessLogList: description: List content: application/json: schema: type: object properties: items: type: array items: $ref: '#/components/schemas/MeshAccessLogItem' total: type: number description: The total number of entities next: type: string description: URL to the next page MeshAccessLogCreateOrUpdateSuccessResponse: description: Successful response content: application/json: schema: type: object properties: warnings: type: array readOnly: true description: > warnings is a list of warning messages to return to the requesting Kuma API clients. Warning messages describe a problem the client making the API request should correct or be aware of. items: type: string MeshAccessLogDeleteSuccessResponse: description: Successful response content: application/json: schema: type: object MeshCircuitBreakerItem: description: Successful response content: application/json: schema: $ref: '#/components/schemas/MeshCircuitBreakerItem' MeshCircuitBreakerList: description: List content: application/json: schema: type: object properties: items: type: array items: $ref: '#/components/schemas/MeshCircuitBreakerItem' total: type: number description: The total number of entities next: type: string description: URL to the next page MeshCircuitBreakerCreateOrUpdateSuccessResponse: description: Successful response content: application/json: schema: type: object properties: warnings: type: array readOnly: true description: > warnings is a list of warning messages to return to the requesting Kuma API clients. Warning messages describe a problem the client making the API request should correct or be aware of. items: type: string MeshCircuitBreakerDeleteSuccessResponse: description: Successful response content: application/json: schema: type: object MeshFaultInjectionItem: description: Successful response content: application/json: schema: $ref: '#/components/schemas/MeshFaultInjectionItem' MeshFaultInjectionList: description: List content: application/json: schema: type: object properties: items: type: array items: $ref: '#/components/schemas/MeshFaultInjectionItem' total: type: number description: The total number of entities next: type: string description: URL to the next page MeshFaultInjectionCreateOrUpdateSuccessResponse: description: Successful response content: application/json: schema: type: object properties: warnings: type: array readOnly: true description: > warnings is a list of warning messages to return to the requesting Kuma API clients. Warning messages describe a problem the client making the API request should correct or be aware of. items: type: string MeshFaultInjectionDeleteSuccessResponse: description: Successful response content: application/json: schema: type: object MeshHealthCheckItem: description: Successful response content: application/json: schema: $ref: '#/components/schemas/MeshHealthCheckItem' MeshHealthCheckList: description: List content: application/json: schema: type: object properties: items: type: array items: $ref: '#/components/schemas/MeshHealthCheckItem' total: type: number description: The total number of entities next: type: string description: URL to the next page MeshHealthCheckCreateOrUpdateSuccessResponse: description: Successful response content: application/json: schema: type: object properties: warnings: type: array readOnly: true description: > warnings is a list of warning messages to return to the requesting Kuma API clients. Warning messages describe a problem the client making the API request should correct or be aware of. items: type: string MeshHealthCheckDeleteSuccessResponse: description: Successful response content: application/json: schema: type: object MeshHTTPRouteItem: description: Successful response content: application/json: schema: $ref: '#/components/schemas/MeshHTTPRouteItem' MeshHTTPRouteList: description: List content: application/json: schema: type: object properties: items: type: array items: $ref: '#/components/schemas/MeshHTTPRouteItem' total: type: number description: The total number of entities next: type: string description: URL to the next page MeshHTTPRouteCreateOrUpdateSuccessResponse: description: Successful response content: application/json: schema: type: object properties: warnings: type: array readOnly: true description: > warnings is a list of warning messages to return to the requesting Kuma API clients. Warning messages describe a problem the client making the API request should correct or be aware of. items: type: string MeshHTTPRouteDeleteSuccessResponse: description: Successful response content: application/json: schema: type: object MeshLoadBalancingStrategyItem: description: Successful response content: application/json: schema: $ref: '#/components/schemas/MeshLoadBalancingStrategyItem' MeshLoadBalancingStrategyList: description: List content: application/json: schema: type: object properties: items: type: array items: $ref: '#/components/schemas/MeshLoadBalancingStrategyItem' total: type: number description: The total number of entities next: type: string description: URL to the next page MeshLoadBalancingStrategyCreateOrUpdateSuccessResponse: description: Successful response content: application/json: schema: type: object properties: warnings: type: array readOnly: true description: > warnings is a list of warning messages to return to the requesting Kuma API clients. Warning messages describe a problem the client making the API request should correct or be aware of. items: type: string MeshLoadBalancingStrategyDeleteSuccessResponse: description: Successful response content: application/json: schema: type: object MeshMetricItem: description: Successful response content: application/json: schema: $ref: '#/components/schemas/MeshMetricItem' MeshMetricList: description: List content: application/json: schema: type: object properties: items: type: array items: $ref: '#/components/schemas/MeshMetricItem' total: type: number description: The total number of entities next: type: string description: URL to the next page MeshMetricCreateOrUpdateSuccessResponse: description: Successful response content: application/json: schema: type: object properties: warnings: type: array readOnly: true description: > warnings is a list of warning messages to return to the requesting Kuma API clients. Warning messages describe a problem the client making the API request should correct or be aware of. items: type: string MeshMetricDeleteSuccessResponse: description: Successful response content: application/json: schema: type: object MeshPassthroughItem: description: Successful response content: application/json: schema: $ref: '#/components/schemas/MeshPassthroughItem' MeshPassthroughList: description: List content: application/json: schema: type: object properties: items: type: array items: $ref: '#/components/schemas/MeshPassthroughItem' total: type: number description: The total number of entities next: type: string description: URL to the next page MeshPassthroughCreateOrUpdateSuccessResponse: description: Successful response content: application/json: schema: type: object properties: warnings: type: array readOnly: true description: > warnings is a list of warning messages to return to the requesting Kuma API clients. Warning messages describe a problem the client making the API request should correct or be aware of. items: type: string MeshPassthroughDeleteSuccessResponse: description: Successful response content: application/json: schema: type: object MeshProxyPatchItem: description: Successful response content: application/json: schema: $ref: '#/components/schemas/MeshProxyPatchItem' MeshProxyPatchList: description: List content: application/json: schema: type: object properties: items: type: array items: $ref: '#/components/schemas/MeshProxyPatchItem' total: type: number description: The total number of entities next: type: string description: URL to the next page MeshProxyPatchCreateOrUpdateSuccessResponse: description: Successful response content: application/json: schema: type: object properties: warnings: type: array readOnly: true description: > warnings is a list of warning messages to return to the requesting Kuma API clients. Warning messages describe a problem the client making the API request should correct or be aware of. items: type: string MeshProxyPatchDeleteSuccessResponse: description: Successful response content: application/json: schema: type: object MeshRateLimitItem: description: Successful response content: application/json: schema: $ref: '#/components/schemas/MeshRateLimitItem' MeshRateLimitList: description: List content: application/json: schema: type: object properties: items: type: array items: $ref: '#/components/schemas/MeshRateLimitItem' total: type: number description: The total number of entities next: type: string description: URL to the next page MeshRateLimitCreateOrUpdateSuccessResponse: description: Successful response content: application/json: schema: type: object properties: warnings: type: array readOnly: true description: > warnings is a list of warning messages to return to the requesting Kuma API clients. Warning messages describe a problem the client making the API request should correct or be aware of. items: type: string MeshRateLimitDeleteSuccessResponse: description: Successful response content: application/json: schema: type: object MeshRetryItem: description: Successful response content: application/json: schema: $ref: '#/components/schemas/MeshRetryItem' MeshRetryList: description: List content: application/json: schema: type: object properties: items: type: array items: $ref: '#/components/schemas/MeshRetryItem' total: type: number description: The total number of entities next: type: string description: URL to the next page MeshRetryCreateOrUpdateSuccessResponse: description: Successful response content: application/json: schema: type: object properties: warnings: type: array readOnly: true description: > warnings is a list of warning messages to return to the requesting Kuma API clients. Warning messages describe a problem the client making the API request should correct or be aware of. items: type: string MeshRetryDeleteSuccessResponse: description: Successful response content: application/json: schema: type: object MeshTCPRouteItem: description: Successful response content: application/json: schema: $ref: '#/components/schemas/MeshTCPRouteItem' MeshTCPRouteList: description: List content: application/json: schema: type: object properties: items: type: array items: $ref: '#/components/schemas/MeshTCPRouteItem' total: type: number description: The total number of entities next: type: string description: URL to the next page MeshTCPRouteCreateOrUpdateSuccessResponse: description: Successful response content: application/json: schema: type: object properties: warnings: type: array readOnly: true description: > warnings is a list of warning messages to return to the requesting Kuma API clients. Warning messages describe a problem the client making the API request should correct or be aware of. items: type: string MeshTCPRouteDeleteSuccessResponse: description: Successful response content: application/json: schema: type: object MeshTimeoutItem: description: Successful response content: application/json: schema: $ref: '#/components/schemas/MeshTimeoutItem' MeshTimeoutList: description: List content: application/json: schema: type: object properties: items: type: array items: $ref: '#/components/schemas/MeshTimeoutItem' total: type: number description: The total number of entities next: type: string description: URL to the next page MeshTimeoutCreateOrUpdateSuccessResponse: description: Successful response content: application/json: schema: type: object properties: warnings: type: array readOnly: true description: > warnings is a list of warning messages to return to the requesting Kuma API clients. Warning messages describe a problem the client making the API request should correct or be aware of. items: type: string MeshTimeoutDeleteSuccessResponse: description: Successful response content: application/json: schema: type: object MeshTLSItem: description: Successful response content: application/json: schema: $ref: '#/components/schemas/MeshTLSItem' MeshTLSList: description: List content: application/json: schema: type: object properties: items: type: array items: $ref: '#/components/schemas/MeshTLSItem' total: type: number description: The total number of entities next: type: string description: URL to the next page MeshTLSCreateOrUpdateSuccessResponse: description: Successful response content: application/json: schema: type: object properties: warnings: type: array readOnly: true description: > warnings is a list of warning messages to return to the requesting Kuma API clients. Warning messages describe a problem the client making the API request should correct or be aware of. items: type: string MeshTLSDeleteSuccessResponse: description: Successful response content: application/json: schema: type: object MeshTraceItem: description: Successful response content: application/json: schema: $ref: '#/components/schemas/MeshTraceItem' MeshTraceList: description: List content: application/json: schema: type: object properties: items: type: array items: $ref: '#/components/schemas/MeshTraceItem' total: type: number description: The total number of entities next: type: string description: URL to the next page MeshTraceCreateOrUpdateSuccessResponse: description: Successful response content: application/json: schema: type: object properties: warnings: type: array readOnly: true description: > warnings is a list of warning messages to return to the requesting Kuma API clients. Warning messages describe a problem the client making the API request should correct or be aware of. items: type: string MeshTraceDeleteSuccessResponse: description: Successful response content: application/json: schema: type: object MeshTrafficPermissionItem: description: Successful response content: application/json: schema: $ref: '#/components/schemas/MeshTrafficPermissionItem' MeshTrafficPermissionList: description: List content: application/json: schema: type: object properties: items: type: array items: $ref: '#/components/schemas/MeshTrafficPermissionItem' total: type: number description: The total number of entities next: type: string description: URL to the next page MeshTrafficPermissionCreateOrUpdateSuccessResponse: description: Successful response content: application/json: schema: type: object properties: warnings: type: array readOnly: true description: > warnings is a list of warning messages to return to the requesting Kuma API clients. Warning messages describe a problem the client making the API request should correct or be aware of. items: type: string MeshTrafficPermissionDeleteSuccessResponse: description: Successful response content: application/json: schema: type: object DataplaneCreateOrUpdateSuccessResponse: content: application/json: schema: properties: warnings: description: > warnings is a list of warning messages to return to the requesting Kuma API clients. Warning messages describe a problem the client making the API request should correct or be aware of. items: type: string readOnly: true type: array type: object description: Successful response DataplaneDeleteSuccessResponse: content: application/json: schema: type: object description: Successful response DataplaneItem: content: application/json: schema: $ref: '#/components/schemas/DataplaneItem' description: Successful response DataplaneList: content: application/json: schema: properties: items: items: $ref: '#/components/schemas/DataplaneItem' type: array next: description: URL to the next page type: string total: description: The total number of entities type: number type: object description: List GetDataplaneOverviewResponse: description: A response containing the overview of a dataplane. content: application/json: schema: $ref: '#/components/schemas/DataplaneOverviewWithMeta' GetDataplaneOverviewListResponse: description: A response containing the overview of a dataplane. content: application/json: schema: type: object properties: total: type: integer example: 200 next: type: string items: type: array items: $ref: '#/components/schemas/DataplaneOverviewWithMeta' MeshCreateOrUpdateSuccessResponse: content: application/json: schema: properties: warnings: description: > warnings is a list of warning messages to return to the requesting Kuma API clients. Warning messages describe a problem the client making the API request should correct or be aware of. items: type: string readOnly: true type: array type: object description: Successful response MeshDeleteSuccessResponse: content: application/json: schema: type: object description: Successful response MeshItem: content: application/json: schema: $ref: '#/components/schemas/MeshItem' description: Successful response MeshList: content: application/json: schema: properties: items: items: $ref: '#/components/schemas/MeshItem' type: array next: description: URL to the next page type: string total: description: The total number of entities type: number type: object description: List MeshGatewayCreateOrUpdateSuccessResponse: content: application/json: schema: properties: warnings: description: > warnings is a list of warning messages to return to the requesting Kuma API clients. Warning messages describe a problem the client making the API request should correct or be aware of. items: type: string readOnly: true type: array type: object description: Successful response MeshGatewayDeleteSuccessResponse: content: application/json: schema: type: object description: Successful response MeshGatewayItem: content: application/json: schema: $ref: '#/components/schemas/MeshGatewayItem' description: Successful response MeshGatewayList: content: application/json: schema: properties: items: items: $ref: '#/components/schemas/MeshGatewayItem' type: array next: description: URL to the next page type: string total: description: The total number of entities type: number type: object description: List SecretCreateOrUpdateSuccessResponse: content: application/json: schema: properties: warnings: description: > warnings is a list of warning messages to return to the requesting Kuma API clients. Warning messages describe a problem the client making the API request should correct or be aware of. items: type: string readOnly: true type: array type: object description: Successful response SecretDeleteSuccessResponse: content: application/json: schema: type: object description: Successful response SecretItem: content: application/json: schema: $ref: '#/components/schemas/SecretItem' description: Successful response SecretList: content: application/json: schema: properties: items: items: $ref: '#/components/schemas/SecretItem' type: array next: description: URL to the next page type: string total: description: The total number of entities type: number type: object description: List ZoneEgressCreateOrUpdateSuccessResponse: content: application/json: schema: properties: warnings: description: > warnings is a list of warning messages to return to the requesting Kuma API clients. Warning messages describe a problem the client making the API request should correct or be aware of. items: type: string readOnly: true type: array type: object description: Successful response ZoneEgressDeleteSuccessResponse: content: application/json: schema: type: object description: Successful response ZoneEgressItem: content: application/json: schema: $ref: '#/components/schemas/ZoneEgressItem' description: Successful response ZoneEgressList: content: application/json: schema: properties: items: items: $ref: '#/components/schemas/ZoneEgressItem' type: array next: description: URL to the next page type: string total: description: The total number of entities type: number type: object description: List ZoneIngressCreateOrUpdateSuccessResponse: content: application/json: schema: properties: warnings: description: > warnings is a list of warning messages to return to the requesting Kuma API clients. Warning messages describe a problem the client making the API request should correct or be aware of. items: type: string readOnly: true type: array type: object description: Successful response ZoneIngressDeleteSuccessResponse: content: application/json: schema: type: object description: Successful response ZoneIngressItem: content: application/json: schema: $ref: '#/components/schemas/ZoneIngressItem' description: Successful response ZoneIngressList: content: application/json: schema: properties: items: items: $ref: '#/components/schemas/ZoneIngressItem' type: array next: description: URL to the next page type: string total: description: The total number of entities type: number type: object description: List HostnameGeneratorItem: description: Successful response content: application/json: schema: $ref: '#/components/schemas/HostnameGeneratorItem' HostnameGeneratorList: description: List content: application/json: schema: type: object properties: items: type: array items: $ref: '#/components/schemas/HostnameGeneratorItem' total: type: number description: The total number of entities next: type: string description: URL to the next page HostnameGeneratorCreateOrUpdateSuccessResponse: description: Successful response content: application/json: schema: type: object properties: warnings: type: array readOnly: true description: > warnings is a list of warning messages to return to the requesting Kuma API clients. Warning messages describe a problem the client making the API request should correct or be aware of. items: type: string HostnameGeneratorDeleteSuccessResponse: description: Successful response content: application/json: schema: type: object MeshExternalServiceItem: description: Successful response content: application/json: schema: $ref: '#/components/schemas/MeshExternalServiceItem' MeshExternalServiceList: description: List content: application/json: schema: type: object properties: items: type: array items: $ref: '#/components/schemas/MeshExternalServiceItem' total: type: number description: The total number of entities next: type: string description: URL to the next page MeshExternalServiceCreateOrUpdateSuccessResponse: description: Successful response content: application/json: schema: type: object properties: warnings: type: array readOnly: true description: > warnings is a list of warning messages to return to the requesting Kuma API clients. Warning messages describe a problem the client making the API request should correct or be aware of. items: type: string MeshExternalServiceDeleteSuccessResponse: description: Successful response content: application/json: schema: type: object MeshIdentityItem: description: Successful response content: application/json: schema: $ref: '#/components/schemas/MeshIdentityItem' MeshIdentityList: description: List content: application/json: schema: type: object properties: items: type: array items: $ref: '#/components/schemas/MeshIdentityItem' total: type: number description: The total number of entities next: type: string description: URL to the next page MeshIdentityCreateOrUpdateSuccessResponse: description: Successful response content: application/json: schema: type: object properties: warnings: type: array readOnly: true description: > warnings is a list of warning messages to return to the requesting Kuma API clients. Warning messages describe a problem the client making the API request should correct or be aware of. items: type: string MeshIdentityDeleteSuccessResponse: description: Successful response content: application/json: schema: type: object MeshMultiZoneServiceItem: description: Successful response content: application/json: schema: $ref: '#/components/schemas/MeshMultiZoneServiceItem' MeshMultiZoneServiceList: description: List content: application/json: schema: type: object properties: items: type: array items: $ref: '#/components/schemas/MeshMultiZoneServiceItem' total: type: number description: The total number of entities next: type: string description: URL to the next page MeshMultiZoneServiceCreateOrUpdateSuccessResponse: description: Successful response content: application/json: schema: type: object properties: warnings: type: array readOnly: true description: > warnings is a list of warning messages to return to the requesting Kuma API clients. Warning messages describe a problem the client making the API request should correct or be aware of. items: type: string MeshMultiZoneServiceDeleteSuccessResponse: description: Successful response content: application/json: schema: type: object MeshOpenTelemetryBackendItem: description: Successful response content: application/json: schema: $ref: '#/components/schemas/MeshOpenTelemetryBackendItem' MeshOpenTelemetryBackendList: description: List content: application/json: schema: type: object properties: items: type: array items: $ref: '#/components/schemas/MeshOpenTelemetryBackendItem' total: type: number description: The total number of entities next: type: string description: URL to the next page MeshOpenTelemetryBackendCreateOrUpdateSuccessResponse: description: Successful response content: application/json: schema: type: object properties: warnings: type: array readOnly: true description: > warnings is a list of warning messages to return to the requesting Kuma API clients. Warning messages describe a problem the client making the API request should correct or be aware of. items: type: string MeshOpenTelemetryBackendDeleteSuccessResponse: description: Successful response content: application/json: schema: type: object MeshServiceItem: description: Successful response content: application/json: schema: $ref: '#/components/schemas/MeshServiceItem' MeshServiceList: description: List content: application/json: schema: type: object properties: items: type: array items: $ref: '#/components/schemas/MeshServiceItem' total: type: number description: The total number of entities next: type: string description: URL to the next page MeshServiceCreateOrUpdateSuccessResponse: description: Successful response content: application/json: schema: type: object properties: warnings: type: array readOnly: true description: > warnings is a list of warning messages to return to the requesting Kuma API clients. Warning messages describe a problem the client making the API request should correct or be aware of. items: type: string MeshServiceDeleteSuccessResponse: description: Successful response content: application/json: schema: type: object MeshTrustItem: description: Successful response content: application/json: schema: $ref: '#/components/schemas/MeshTrustItem' MeshTrustList: description: List content: application/json: schema: type: object properties: items: type: array items: $ref: '#/components/schemas/MeshTrustItem' total: type: number description: The total number of entities next: type: string description: URL to the next page MeshTrustCreateOrUpdateSuccessResponse: description: Successful response content: application/json: schema: type: object properties: warnings: type: array readOnly: true description: > warnings is a list of warning messages to return to the requesting Kuma API clients. Warning messages describe a problem the client making the API request should correct or be aware of. items: type: string MeshTrustDeleteSuccessResponse: description: Successful response content: application/json: schema: type: object MeshZoneAddressItem: description: Successful response content: application/json: schema: $ref: '#/components/schemas/MeshZoneAddressItem' MeshZoneAddressList: description: List content: application/json: schema: type: object properties: items: type: array items: $ref: '#/components/schemas/MeshZoneAddressItem' total: type: number description: The total number of entities next: type: string description: URL to the next page MeshZoneAddressCreateOrUpdateSuccessResponse: description: Successful response content: application/json: schema: type: object properties: warnings: type: array readOnly: true description: > warnings is a list of warning messages to return to the requesting Kuma API clients. Warning messages describe a problem the client making the API request should correct or be aware of. items: type: string MeshZoneAddressDeleteSuccessResponse: description: Successful response content: application/json: schema: type: object WorkloadItem: description: Successful response content: application/json: schema: $ref: '#/components/schemas/WorkloadItem' WorkloadList: description: List content: application/json: schema: type: object properties: items: type: array items: $ref: '#/components/schemas/WorkloadItem' total: type: number description: The total number of entities next: type: string description: URL to the next page WorkloadCreateOrUpdateSuccessResponse: description: Successful response content: application/json: schema: type: object properties: warnings: type: array readOnly: true description: > warnings is a list of warning messages to return to the requesting Kuma API clients. Warning messages describe a problem the client making the API request should correct or be aware of. items: type: string WorkloadDeleteSuccessResponse: description: Successful response content: application/json: schema: type: object examples: GlobalInsightExample: value: createdAt: '2023-01-11T02:30:42.227Z' services: total: 5 internal: total: 4 online: 2 offline: 1 partiallyDegraded: 1 external: total: 1 gatewayDelegated: total: 4 online: 2 offline: 1 partiallyDegraded: 1 gatewayBuiltin: total: 4 online: 2 offline: 1 partiallyDegraded: 1 internalByStatus: total: 4 online: 2 offline: 1 partiallyDegraded: 1 zones: controlPlanes: online: 1 total: 1 zoneEgresses: online: 1 total: 1 zoneIngresses: online: 1 total: 1 dataplanes: standard: total: 4 online: 2 offline: 1 partiallyDegraded: 1 gatewayBuiltin: total: 4 online: 2 offline: 1 partiallyDegraded: 1 gatewayDelegated: total: 4 online: 2 offline: 1 partiallyDegraded: 1 policies: total: 100 meshes: total: 3 resources: MeshTrafficPermission: total: 42 MeshService: total: 84 InspectDataplanesForPolicyExample: value: total: 100 next: >- http://localhost:5681/meshes/default/meshretries/_resources/dataplanes?offset=100 items: - type: Dataplane mesh: default name: dp-1 labels: k8s.kuma.io/namespace: kuma-system - type: Dataplane mesh: default name: dp-2 labels: k8s.kuma.io/namespace: kuma-system InspectHostnamesExample: value: total: 100 items: - hostname: redis.redis-system.svc.east.mesh.local zones: - name: east - name: west