ssl.proto

Package: gloo.solo.io

Types:

Source File: github.com/solo-io/gloo/projects/gloo/api/v1/ssl.proto

SslConfig

SslConfig contains the options necessary to configure a virtual host or listener to use TLS

"secretRef": .core.solo.io.ResourceRef
"sslFiles": .gloo.solo.io.SSLFiles
"sds": .gloo.solo.io.SDSConfig
"sniDomains": []string
"verifySubjectAltName": []string
Field Type Description Default
secretRef .core.solo.io.ResourceRef SecretRef contains the secret ref to a gloo tls secret or a kubernetes tls secret. gloo tls secret can contain a root ca as well if verification is needed.
sslFiles .gloo.solo.io.SSLFiles SSLFiles reference paths to certificates which are local to the proxy
sds .gloo.solo.io.SDSConfig Use secret discovery service.
sniDomains []string optional. the SNI domains that should be considered for TLS connections
verifySubjectAltName []string Verify that the Subject Alternative Name in the peer certificate is one of the specified values. note that a root_ca must be provided if this option is used.

SSLFiles

SSLFiles reference paths to certificates which can be read by the proxy off of its local filesystem

"tlsCert": string
"tlsKey": string
"rootCa": string
Field Type Description Default
tlsCert string
tlsKey string
rootCa string for client cert validation. optional

UpstreamSslConfig

SslConfig contains the options necessary to configure a virtual host or listener to use TLS

"secretRef": .core.solo.io.ResourceRef
"sslFiles": .gloo.solo.io.SSLFiles
"sds": .gloo.solo.io.SDSConfig
"sni": string
"verifySubjectAltName": []string
Field Type Description Default
secretRef .core.solo.io.ResourceRef SecretRef contains the secret ref to a gloo tls secret or a kubernetes tls secret. gloo tls secret can contain a root ca as well if verification is needed.
sslFiles .gloo.solo.io.SSLFiles SSLFiles reference paths to certificates which are local to the proxy
sds .gloo.solo.io.SDSConfig Use secret discovery service.
sni string optional. the SNI domains that should be considered for TLS connections
verifySubjectAltName []string Verify that the Subject Alternative Name in the peer certificate is one of the specified values. note that a root_ca must be provided if this option is used.

SDSConfig

"targetUri": string
"callCredentials": .gloo.solo.io.CallCredentials
"certificatesSecretName": string
"validationContextName": string
Field Type Description Default
targetUri string Target uri for the sds channel. currently only a unix domain socket is supported.
callCredentials .gloo.solo.io.CallCredentials Call credentials.
certificatesSecretName string The name of the secret containing the certificate
validationContextName string The name of secret containing the validation context (i.e. root ca)

CallCredentials

"fileCredentialSource": .gloo.solo.io.CallCredentials.FileCredentialSource
Field Type Description Default
fileCredentialSource .gloo.solo.io.CallCredentials.FileCredentialSource Call credentials are coming from a file,

FileCredentialSource

"tokenFileName": string
"header": string
Field Type Description Default
tokenFileName string File containing auth token.
header string Header to carry the token.