{ "properties": { "spec": { "description": "Configuration affecting edge load balancer. See more details at: https://istio.io/docs/reference/config/networking/gateway.html", "properties": { "selector": { "additionalProperties": { "type": "string" }, "description": "One or more labels that indicate a specific set of pods/VMs on which this gateway configuration should be applied.", "type": "object" }, "servers": { "description": "A list of server specifications.", "items": { "properties": { "bind": { "description": "The ip or the Unix domain socket to which the listener should be bound to.", "type": "string" }, "defaultEndpoint": { "type": "string" }, "hosts": { "description": "One or more hosts exposed by this gateway.", "items": { "type": "string" }, "type": "array" }, "name": { "description": "An optional name of the server, when set must be unique across all servers.", "type": "string" }, "port": { "description": "The Port on which the proxy should listen for incoming connections.", "properties": { "name": { "description": "Label assigned to the port.", "type": "string" }, "number": { "description": "A valid non-negative integer port number.", "maximum": 4294967295, "minimum": 0, "type": "integer" }, "protocol": { "description": "The protocol exposed on the port.", "type": "string" }, "targetPort": { "maximum": 4294967295, "minimum": 0, "type": "integer" } }, "required": [ "number", "protocol", "name" ], "type": "object", "additionalProperties": false }, "tls": { "description": "Set of TLS related options that govern the server's behavior.", "properties": { "caCertificates": { "description": "REQUIRED if mode is `MUTUAL` or `OPTIONAL_MUTUAL`.", "type": "string" }, "caCrl": { "description": "OPTIONAL: The path to the file containing the certificate revocation list (CRL) to use in verifying a presented client side certificate.", "type": "string" }, "cipherSuites": { "description": "Optional: If specified, only support the specified cipher list.", "items": { "type": "string" }, "type": "array" }, "credentialName": { "description": "For gateways running on Kubernetes, the name of the secret that holds the TLS certs including the CA certificates.", "type": "string" }, "httpsRedirect": { "description": "If set to true, the load balancer will send a 301 redirect for all http connections, asking the clients to use HTTPS.", "type": "boolean" }, "maxProtocolVersion": { "description": "Optional: Maximum TLS protocol version.\n\nValid Options: TLS_AUTO, TLSV1_0, TLSV1_1, TLSV1_2, TLSV1_3", "enum": [ "TLS_AUTO", "TLSV1_0", "TLSV1_1", "TLSV1_2", "TLSV1_3" ], "type": "string" }, "minProtocolVersion": { "description": "Optional: Minimum TLS protocol version.\n\nValid Options: TLS_AUTO, TLSV1_0, TLSV1_1, TLSV1_2, TLSV1_3", "enum": [ "TLS_AUTO", "TLSV1_0", "TLSV1_1", "TLSV1_2", "TLSV1_3" ], "type": "string" }, "mode": { "description": "Optional: Indicates whether connections to this port should be secured using TLS.\n\nValid Options: PASSTHROUGH, SIMPLE, MUTUAL, AUTO_PASSTHROUGH, ISTIO_MUTUAL, OPTIONAL_MUTUAL", "enum": [ "PASSTHROUGH", "SIMPLE", "MUTUAL", "AUTO_PASSTHROUGH", "ISTIO_MUTUAL", "OPTIONAL_MUTUAL" ], "type": "string" }, "privateKey": { "description": "REQUIRED if mode is `SIMPLE` or `MUTUAL`.", "type": "string" }, "serverCertificate": { "description": "REQUIRED if mode is `SIMPLE` or `MUTUAL`.", "type": "string" }, "subjectAltNames": { "description": "A list of alternate names to verify the subject identity in the certificate presented by the client.", "items": { "type": "string" }, "type": "array" }, "verifyCertificateHash": { "description": "An optional list of hex-encoded SHA-256 hashes of the authorized client certificates.", "items": { "type": "string" }, "type": "array" }, "verifyCertificateSpki": { "description": "An optional list of base64-encoded SHA-256 hashes of the SPKIs of authorized client certificates.", "items": { "type": "string" }, "type": "array" } }, "type": "object", "additionalProperties": false } }, "required": [ "port", "hosts" ], "type": "object", "additionalProperties": false }, "type": "array" } }, "type": "object", "additionalProperties": false }, "status": { "type": "object", "x-kubernetes-preserve-unknown-fields": true } }, "type": "object" }