Class V1ServiceEntrySpec
ServiceEntry enables adding additional entries into Istio’s internal service registry.
Namespace: Neon.Kube.Resources.Istio
Assembly: Neon.Kube.Resources.dll
Syntax
public class V1ServiceEntrySpecConstructors
V1ServiceEntrySpec()
Constructor.
Declaration
public V1ServiceEntrySpec()Properties
Addresses
The virtual IP addresses associated with the service. Could be CIDR prefix. For HTTP traffic, generated route configurations will include http route domains for both the addresses and hosts field values and the destination will be identified based on the HTTP Host/Authority header. If one or more IP addresses are specified, the incoming traffic will be identified as belonging to this service if the destination IP matches the IP/CIDRs specified in the addresses field. If the Addresses field is empty, traffic will be identified solely based on the destination port. In such scenarios, the port on which the service is being accessed must not be shared by any other service in the mesh. In other words, the sidecar will behave as a simple TCP proxy, forwarding incoming traffic on a specified port to the specified destination endpoint IP/host. Unix domain socket addresses are not supported in this field.
Declaration
[JsonProperty(PropertyName = "addresses", Required = Required.Default, DefaultValueHandling = DefaultValueHandling.IgnoreAndPopulate)]
public List<string> Addresses { get; set; }Property Value
| Type | Description |
|---|---|
| List<string> |
Endpoints
One or more endpoints associated with the service. Only one of endpoints or workloadSelector can be specified.
Declaration
[JsonProperty(PropertyName = "endpoints", Required = Required.Default, DefaultValueHandling = DefaultValueHandling.IgnoreAndPopulate)]
public List<WorkloadEntry> Endpoints { get; set; }Property Value
| Type | Description |
|---|---|
| List<WorkloadEntry> |
ExportTo
A list of namespaces to which this service is exported. Exporting a service allows it to be used by sidecars, gateways and virtual services defined in other namespaces. This feature provides a mechanism for service owners and mesh administrators to control the visibility of services across namespace boundaries.
If no namespaces are specified then the service is exported to all namespaces by default.
The value “.” is reserved and defines an export to the same namespace that the service is declared in. Similarly the value “*” is reserved and defines an export to all namespaces.
For a Kubernetes Service, the equivalent effect can be achieved by setting the annotation “networking.istio.io/exportTo” to a comma-separated list of namespace names.
Declaration
[JsonProperty(PropertyName = "exportTo", Required = Required.Default, DefaultValueHandling = DefaultValueHandling.IgnoreAndPopulate)]
public List<string> ExportTo { get; set; }Property Value
| Type | Description |
|---|---|
| List<string> |
Hosts
The destination hosts.
Declaration
[JsonProperty(PropertyName = "hosts", Required = Required.Always, DefaultValueHandling = DefaultValueHandling.IgnoreAndPopulate)]
public List<string> Hosts { get; set; }Property Value
| Type | Description |
|---|---|
| List<string> |
Remarks
The hosts associated with the ServiceEntry. Could be a DNS name with wildcard prefix.
1. The hosts field is used to select matching hosts in VirtualServices and DestinationRules. 2. For HTTP traffic the HTTP Host/Authority header will be matched against the hosts field. 3. For HTTPs or TLS traffic containing Server Name Indication(SNI), the SNI value will be matched against the hosts field.
note
When resolution is set to type DNS and no endpoints are specified, the host field will be used as the DNS name of the endpoint to route traffic to.
note
If the hostname matches with the name of a service from another service registry such as Kubernetes that also supplies its own set of endpoints, the ServiceEntry will be treated as a decorator of the existing Kubernetes service. Properties in the service entry will be added to the Kubernetes service if applicable. Currently, only the following additional properties will be considered by istiod: 1. subjectAltNames: In addition to verifying the SANs of the service accounts associated with the pods of the service, the SANs specified here will also be verified.
Location
Specify whether the service should be considered external to the mesh or part of the mesh.
Declaration
[JsonProperty(PropertyName = "location", Required = Required.Default, DefaultValueHandling = DefaultValueHandling.IgnoreAndPopulate)]
[JsonConverter(typeof(JsonStringEnumMemberConverter))]
public Location? Location { get; set; }Property Value
| Type | Description |
|---|---|
| Location? |
Ports
The ports associated with the external service. If the Endpoints are Unix domain socket addresses, there must be exactly one port.
Declaration
[JsonProperty(PropertyName = "ports", Required = Required.Always, DefaultValueHandling = DefaultValueHandling.IgnoreAndPopulate)]
public List<Port> Ports { get; set; }Property Value
| Type | Description |
|---|---|
| List<Port> |
Resolution
Service discovery mode for the hosts. Care must be taken when setting the resolution mode to NONE for a TCP port without accompanying IP addresses. In such cases, traffic to any IP on said port will be allowed (i.e. 0.0.0.0:PORT).
Declaration
[JsonProperty(PropertyName = "resolution", Required = Required.Always, DefaultValueHandling = DefaultValueHandling.IgnoreAndPopulate)]
[JsonConverter(typeof(JsonStringEnumMemberConverter))]
public Resolution Resolution { get; set; }Property Value
| Type | Description |
|---|---|
| Resolution |
SubjectAltNames
If specified, the proxy will verify that the server certificate’s subject alternate name matches one of the specified values.
note
When using the workloadEntry with workloadSelectors, the service account specified in the workloadEntry will also be used to derive the additional subject alternate names that should be verified.
Declaration
[JsonProperty(PropertyName = "subjectAltNames", Required = Required.Default, DefaultValueHandling = DefaultValueHandling.IgnoreAndPopulate)]
public List<string> SubjectAltNames { get; set; }Property Value
| Type | Description |
|---|---|
| List<string> |
WorkloadSelector
Applicable only for MESH_INTERNAL services. Only one of endpoints or workloadSelector can be specified. Selects one or more Kubernetes pods or VM workloads (specified using WorkloadEntry) based on their labels. The WorkloadEntry object representing the VMs should be defined in the same namespace as the ServiceEntry.
Declaration
[JsonProperty(PropertyName = "workloadSelector", Required = Required.Default, DefaultValueHandling = DefaultValueHandling.IgnoreAndPopulate)]
public WorkloadSelector WorkloadSelector { get; set; }Property Value
| Type | Description |
|---|---|
| WorkloadSelector |