Class ServerTLSSettings
Namespace: Neon.Kube.Resources.Istio
Assembly: Neon.Kube.Resources.dll
Syntax
public class ServerTLSSettingsConstructors
ServerTLSSettings()
Initializes a new instance of the ServerTLSSettings class.
Declaration
public ServerTLSSettings()Properties
CaCertificates
The path to a file containing certificate authority certificates to use in verifying a presented client side certificate.
Declaration
[JsonProperty(PropertyName = "caCertificates", Required = Required.Default, DefaultValueHandling = DefaultValueHandling.IgnoreAndPopulate)]
public string CaCertificates { get; set; }Property Value
| Type | Description |
|---|---|
| string |
Remarks
CipherSuites
If specified, only support the specified cipher list. Otherwise default to the default cipher list supported by Envoy.
Declaration
[JsonProperty(PropertyName = "cipherSuites", Required = Required.Default, DefaultValueHandling = DefaultValueHandling.IgnoreAndPopulate)]
public List<string> CipherSuites { get; set; }Property Value
| Type | Description |
|---|---|
| List<string> |
CredentialName
For gateways running on Kubernetes, the name of the secret that holds the TLS certs including the CA certificates. Applicable only on Kubernetes. The secret (of type generic) should contain the following keys and values: key: privateKey and cert: serverCert. For mutual TLS, cacert: CACertificate can be provided in the same secret or a separate secret named secret-cacert. Secret of type TLS for server certificates along with ca.crt key for CA certificates is also supported. Only one of server certificates and CA certificate or credentialName can be specified.
Declaration
[JsonProperty(PropertyName = "credentialName", Required = Required.Default, DefaultValueHandling = DefaultValueHandling.IgnoreAndPopulate)]
public string CredentialName { get; set; }Property Value
| Type | Description |
|---|---|
| string |
HttpsRedirect
If set to true, the load balancer will send a 301 redirect for all http connections, asking the clients to use HTTPS.
Declaration
[JsonProperty(PropertyName = "httpsRedirect", Required = Required.Default, DefaultValueHandling = DefaultValueHandling.IgnoreAndPopulate)]
public bool? HttpsRedirect { get; set; }Property Value
| Type | Description |
|---|---|
| bool? |
MaxProtocolVersion
Minimum TLS protocol version.
Declaration
[JsonProperty(PropertyName = "maxProtocolVersion", Required = Required.Default, DefaultValueHandling = DefaultValueHandling.IgnoreAndPopulate)]
[JsonConverter(typeof(JsonStringEnumMemberConverter))]
public TLSProtocol? MaxProtocolVersion { get; set; }Property Value
| Type | Description |
|---|---|
| TLSProtocol? |
MinProtocolVersion
Minimum TLS protocol version.
Declaration
[JsonProperty(PropertyName = "minProtocolVersion", Required = Required.Default, DefaultValueHandling = DefaultValueHandling.IgnoreAndPopulate)]
[JsonConverter(typeof(JsonStringEnumMemberConverter))]
public TLSProtocol? MinProtocolVersion { get; set; }Property Value
| Type | Description |
|---|---|
| TLSProtocol? |
Mode
Indicates whether connections to this port should be secured using TLS. The value of this field determines how TLS is enforced.
Declaration
[JsonProperty(PropertyName = "mode", Required = Required.Default, DefaultValueHandling = DefaultValueHandling.IgnoreAndPopulate)]
[JsonConverter(typeof(JsonStringEnumMemberConverter))]
public TLSMode? Mode { get; set; }Property Value
| Type | Description |
|---|---|
| TLSMode? |
PrivateKey
The path to the file holding the server’s private key.
Declaration
[JsonProperty(PropertyName = "privateKey", Required = Required.Default, DefaultValueHandling = DefaultValueHandling.IgnoreAndPopulate)]
public string PrivateKey { get; set; }Property Value
| Type | Description |
|---|---|
| string |
Remarks
ServerCertificate
The path to the file holding the server-side TLS certificate to use.
Declaration
[JsonProperty(PropertyName = "serverCertificate", Required = Required.Default, DefaultValueHandling = DefaultValueHandling.IgnoreAndPopulate)]
public string ServerCertificate { get; set; }Property Value
| Type | Description |
|---|---|
| string |
Remarks
SubjectAltNames
A list of alternate names to verify the subject identity in the certificate presented by the client.
Declaration
[JsonProperty(PropertyName = "subjectAltNames", Required = Required.Default, DefaultValueHandling = DefaultValueHandling.IgnoreAndPopulate)]
public List<string> SubjectAltNames { get; set; }Property Value
| Type | Description |
|---|---|
| List<string> |
VerifyCertificateHash
An optional list of hex-encoded SHA-256 hashes of the authorized client certificates. Both simple and colon separated formats are acceptable. Note: When both verifycertificatehash and verifycertificatespki are specified, a hash matching either value will result in the certificate being accepted.
Declaration
[JsonProperty(PropertyName = "verifyCertificateHash", Required = Required.Default, DefaultValueHandling = DefaultValueHandling.IgnoreAndPopulate)]
public List<string> VerifyCertificateHash { get; set; }Property Value
| Type | Description |
|---|---|
| List<string> |
VerifyCertificateSpki
An optional list of base64-encoded SHA-256 hashes of the SKPIs of authorized client certificates. Note: When both verifycertificatehash and verifycertificatespki are specified, a hash matching either value will result in the certificate being accepted.
Declaration
[JsonProperty(PropertyName = "verifyCertificateSpki", Required = Required.Default, DefaultValueHandling = DefaultValueHandling.IgnoreAndPopulate)]
public List<string> VerifyCertificateSpki { get; set; }Property Value
| Type | Description |
|---|---|
| List<string> |
Methods
Validate()
Validate the object.
Declaration
public virtual void Validate()Exceptions
| Type | Condition |
|---|---|
| ValidationException | Thrown if validation fails. |