Sync APIs. @tag-name=gloo-mesh-v2.7.0-rc1 (#1402)

Co-authored-by: soloio-bot <[email protected]>

api/gloo.solo.io/admin/v2/workspace_settings.proto

@@ -337,6 +337,18 @@ message WorkspaceSettingsSpec {
 
         // Port to be used to direct traffic to instead of the default gateway discovered port.
         uint32 port = 2;
+
+        // The type of the specified port. Default is SNI passthrough.
+        PortType port_type = 3;
+
+        // Types of host info ports (default is SNI_PASSTHROUGH).
+        enum PortType {
+          // The port is used for passthrough TLS.
+          SNI_PASSTHROUGH = 0;
+
+          // The port is used for TLS termination.
+          TLS_TERMINATION = 1;
+        }
       }
     }
   }

api/gloo.solo.io/apimanagement/v2/api_doc.proto

@@ -4,7 +4,6 @@
 // The ApiDoc type is used to represent different types of API schema specification languages:
 // - OpenAPI
 // - gRPC
-// - GraphQL
 syntax = "proto3";
 
 package apimanagement.gloo.solo.io;
@@ -45,6 +44,8 @@ message ApiDocSpec {
     // The gRPC schema specification language. Specify only one schema type.
     GrpcSchema grpc = 2;
 
+    // <b>Unsupported</b>: The GraphQL integration is no longer supported.
+    //
     // The graphQL schema specification language. Specify only one schema type.
     GraphQLSchema graphql = 3;
   }
@@ -81,17 +82,9 @@ message ApiDocSpec {
     string inline_string = 1;
   }
 
-  // A complete gRPC schema describing the API.
+  // <b>Unsupported</b>: The GraphQL integration is no longer supported.
   //
-  // **Example**: In this gRPC example for a basic user service app,
-  // the base64-encoded descriptor includes a set of fields that are defined
-  // for various queries, such as `UserSearch` and `UserByCountry`. For detailed
-  // information about the settings in this example, see
-  // [gRPC schema](https://docs.solo.io/gloo-mesh-gateway/latest/graphql/resolvers/resolved/resolver_grpc/)
-  // in the GraphQL integration documentation.
-  // ```yaml
-  // {{% readfile file="static/content/examples/generated/int/graphql_routes/cluster-1/api-doc_bookinfo_grpc-schema.yaml" %}}
-  // ```
+  // A complete gRPC schema describing the API.
   message GrpcSchema {
     // Protobuf descriptors that represent the gRPC services provided by your API, encoded in base64.
     // For more information, see the
@@ -100,19 +93,13 @@ message ApiDocSpec {
 
   }
 
+  // <b>Unsupported</b>: The GraphQL integration is no longer supported.
+  //
   // Provide a schema definition in GraphQL SDL format.
   // The GraphQL schema also has logging options for logging sensitive
   // request-related information, and schema extension configuration such as
   // custom type definitions. For more information about the different schema features,
   // see the [GraphQL documentation](https://graphql.org/learn/schema/).
-  //
-  // **Example**: In this GraphQL example for the Bookinfo sample app, a query type and object
-  // types are defined. For detailed information about the settings in this example, see
-  // [Example GraphQL ApiDoc](https://docs.solo.io/gloo-mesh-gateway/latest/graphql/apidoc/#example-graphql-apidoc)
-  // in the GraphQL integration documentation.
-  // ```yaml
-  // {{% readfile file="static/content/examples/generated/int/graphql_proxied_introspection/cluster-1/api-doc_bookinfo_music-schema.yaml" %}}
-  // ```
   message GraphQLSchema {
     // Required: The GraphQL schema definition. Root-level query and mutation
     // types are supported, and you must define at least a query type.

api/gloo.solo.io/common/v2/keepalive.proto

@@ -11,19 +11,42 @@ option (extproto.equal_all) = true;
 option (extproto.clone_all) = true;
 option (extproto.hash_all) = true;
 
-// Configure TCP keepalive for the ingress gateways of all meshes in this VirtualMesh.
+// Configure TCP keepalive settings.
 message TCPKeepalive {
 
   // Maximum number of TCP keepalive probes to send before determining that connection is dead.
+  // Defaults to the OS-level configuration. For Linux, the default is 9, unless overridden.
   uint32 probes = 1;
 
   // The time duration a connection needs to be idle before keep-alive probes start being sent.
-  // Format examples: `1h`/`1m`/`1s`/`1ms`.
-  // For information about the value format, see the [Google protocol buffer documentation](https://protobuf.dev/reference/protobuf/google.protobuf/#duration).
+  // Defaults to the OS-level configuration. For Linux, the default is 7200s (2 hours), unless overridden.
+  //
+  // </br>**Configuration constraints**:<ul>
+  // <li>The value must be an integer or decimal value and a preferred unit, or multiple of these concatenated.
+  // Examples: `1m`, `1h`, `1.5h`, `1s500ms`</li>
+  // <li>The value cannot have granularity smaller than one millisecond.</li>
+  // <li>The value must be at least 1ms.</li>
+  // <li>For information about the value format,
+  // see the [ParseDuration documentation](https://pkg.go.dev/time#ParseDuration).</li></ul>
+  //
+  // +kubebuilder:validation:XValidation:rule="duration(self) >= duration('1ms')",message="The value must be at least 1ms."
+  // +kubebuilder:validation:XValidation:rule="!self.contains('ns') && !self.contains('us') && !self.contains('μs')",message="The value cannot have granularity smaller than one millisecond."
+  // +kubebuilder:validation:XValidation:rule="(duration(self)-duration('1ns')).getMilliseconds() == duration(self).getMilliseconds()-1",message="The value cannot have granularity smaller than one millisecond."
   google.protobuf.Duration time = 2;
 
   // The time duration between keep-alive probes.
-  // Format examples: `1h`/`1m`/`1s`/`1ms`
-  // For information about the value format, see the [Google protocol buffer documentation](https://protobuf.dev/reference/protobuf/google.protobuf/#duration).
+  // Defaults to the OS-level configuration. For Linux, the default is 75s, unless overridden.
+  //
+  // </br>**Configuration constraints**:<ul>
+  // <li>The value must be an integer or decimal value and a preferred unit, or multiple of these concatenated.
+  // Examples: `1m`, `1h`, `1.5h`, `1s500ms`</li>
+  // <li>The value cannot have granularity smaller than one millisecond.</li>
+  // <li>The value must be at least 1ms.</li>
+  // <li>For information about the value format,
+  // see the [ParseDuration documentation](https://pkg.go.dev/time#ParseDuration).</li></ul>
+  //
+  // +kubebuilder:validation:XValidation:rule="duration(self) >= duration('1ms')",message="The value must be at least 1ms."
+  // +kubebuilder:validation:XValidation:rule="!self.contains('ns') && !self.contains('us') && !self.contains('μs')",message="The value cannot have granularity smaller than one millisecond."
+  // +kubebuilder:validation:XValidation:rule="(duration(self)-duration('1ns')).getMilliseconds() == duration(self).getMilliseconds()-1",message="The value cannot have granularity smaller than one millisecond."
   google.protobuf.Duration interval = 3;
 }

api/gloo.solo.io/internal/insights/v2alpha1/insights.proto

@@ -103,6 +103,7 @@ message Insight {
       SYS0015Data SYS0015 = 28;
       SYS0020Data SYS0020 = 30;
       SYS0025Data SYS0025 = 31;
+      ConfigCountsData configCounts = 32; // SYS0027, SYS0028, SYS0029, SYS0030,
     }
   }
 
@@ -236,4 +237,15 @@ message Insight {
     int32 solo_resources = 5;
   }
 
+  message ConfigCountsData {
+    int32 routes = 1;
+    repeated string route_errors = 2;
+    int32 policies = 3;
+    repeated string policy_errors = 4;
+    int32 gateways = 5;
+    repeated string gateway_errors = 6;
+    int32 destinations = 7;
+    repeated string destination_errors = 8;
+  }
+
 }

api/gloo.solo.io/internal/v2alpha1/virtual_service_backup.proto

@@ -1,13 +1,13 @@
 syntax = "proto3";
 package internal.gloo.solo.io;
 
-import "istio.io/api/networking/v1beta1/virtual_service.proto";
+import "istio.io/api/networking/v1alpha3/virtual_service.proto";
 import "github.com/solo-io/solo-apis/api/gloo.solo.io/common/v2/references.proto";
 
 option go_package = "github.com/solo-io/solo-apis/client-go/internal.gloo.solo.io/v2alpha1";
 
 message VirtualServiceBackupSpec {
   // The VirtualService spec that is being backed up
   // $hide_from_docs
-  istio.networking.v1beta1.VirtualService spec = 1;
-}
+  istio.networking.v1alpha3.VirtualService spec = 1;
+}

api/gloo.solo.io/networking/v2/virtual_gateway.proto

@@ -249,8 +249,10 @@ message VirtualGatewaySpec {
     message HTTPServer {
 
     }
-
-    // $hide_from_docs TODO: TCPServer
+
+    // Serve TCP routes for RouteTables that select this gateway.
+    // Make sure to open a TCP port on the backing Istio ingress gateway,
+    // which might require upgrading your IstioLifecycleManager or Helm installation.
     message TCPServer {
 
     }

api/gloo.solo.io/networking/v2alpha1/progressive_delivery.proto

@@ -2,7 +2,7 @@ syntax = "proto3";
 package networking.gloo.solo.io;
 
 import "extproto/ext.proto";
-import "istio.io/api/networking/v1beta1/virtual_service.proto";
+import "istio.io/api/networking/v1alpha3/virtual_service.proto";
 import "github.com/solo-io/solo-apis/api/gloo.solo.io/common/v2/status.proto";
 import "github.com/solo-io/solo-apis/api/gloo.solo.io/common/v2/references.proto";
 
@@ -67,7 +67,7 @@ message Destination {
   SubsetSelector subset = 2;
 
   // Specifies the port on the host that is being addressed.
-  istio.networking.v1beta1.PortSelector port = 3;
+  istio.networking.v1alpha3.PortSelector port = 3;
 }
 
 // $hide_from_docs

api/gloo.solo.io/policy/v2/resilience/adaptive_request_concurrency_policy.proto

@@ -51,7 +51,6 @@ option (extproto.clone_all) = true;
 message AdaptiveRequestConcurrencyPolicySpec {
 
   // Destinations to apply the concurrency limit to.
-  // Note that external services are not supported as destinations with this policy.
   // If empty, the policy applies to all destinations in the workspace.
   repeated .common.gloo.solo.io.DestinationSelector apply_to_destinations = 1;
 

api/gloo.solo.io/policy/v2/resilience/connection_policy.proto

@@ -35,6 +35,9 @@ message ConnectionPolicySpec {
 
     message TCPConfig {
       // Sets the TCP keep-alive settings to apply to selected destinations.
+      // If the EnableDefaultTcpKeepalive feature gate is enabled, TCP keep-alive is configured on all VirtualDestinations by default,
+      // with the probes field set to 9 and the time and interval fields set to 180s,
+      // and setting these values will override the defaults for selected VirtualDestinations.
       .common.gloo.solo.io.TCPKeepalive tcp_keepalive = 1;
 
       // Sets the maximum allowed connections to the destination host.

api/gloo.solo.io/policy/v2/resilience/failover_policy.proto

@@ -69,10 +69,6 @@ message FailoverPolicySpec {
 
   // Select the destinations to apply the policy to by using labels.
   // If empty, the policy applies to all destinations in the workspace.
-  // {{< alert context="info" >}}
-  // The destinations can be Kubernetes services or virtual destinations.
-  // Note that external services are not supported as destinations with this policy.
-  // {{< /alert >}}
   repeated .common.gloo.solo.io.DestinationSelector apply_to_destinations = 1;
 
   // The details of the failover policy to apply to the selected virtual destinations.

api/gloo.solo.io/policy/v2/resilience/listener_connection_policy.proto

@@ -18,7 +18,7 @@ option (extproto.clone_all) = true;
 // ListenerConnectionPolicy is used to set configuration for gateway listeners.
 //
 // ```
-// apiVersion: trafficcontrol.policy.gloo.solo.io/v2
+// apiVersion: resilience.policy.gloo.solo.io/v2
 // kind: ListenerConnectionPolicy
 // metadata:
 //   name: my-policy

api/gloo.solo.io/policy/v2/resilience/outlier_detection_policy.proto

@@ -43,11 +43,8 @@ message OutlierDetectionPolicySpec {
   // 
   // </br>**Implementation notes**:<ul>
   // <li>If empty, the policy applies to all destinations in the workspace.</li>
-  // <li>The outlier detection policy currently supports selecting Gloo virtual destinations.
-  // Selecting Kubernetes services is not supported. To select a Gloo external service,
-  // the external service must refer to a service that is outside the service mesh
-  // but within the same cluster environment. Selecting Gloo external services that
-  // refer to a service outside the cluster is not supported.</li></ul>
+  // <li>This policy currently supports selecting Gloo virtual destinations or external services.
+  // Selecting Kubernetes services is not supported.</li></ul>
   //
   // **Configuration constraints**: `applyToDestinations.kind` must equal either `VIRTUAL_DESTINATION` or `EXTERNAL_SERVICE`.
   repeated .common.gloo.solo.io.DestinationSelector apply_to_destinations = 1;

api/gloo.solo.io/policy/v2/security/ext_auth_policy.proto

@@ -55,7 +55,7 @@ message ExtAuthPolicySpec {
   // Destinations to apply the policy to.
   //
   // </br>**Implementation notes**:
-  // <li>Only Kubernetes services can be specified. Virtual destinations or external services are not supported.</li>
+  // <li>{{< reuse "conrefs/snippets/field-desc/dest-no-vdest.md" >}}</li>
   // <li>If empty and `applyToRoutes` is unset, the policy applies to all destinations in the workspace.</li>
   // <li>If empty and `applyToRoutes` is set, the policy does not apply to any destinations in the workspace.</li></ul>
   //

api/gloo.solo.io/policy/v2/security/jwt_policy.proto

@@ -104,7 +104,8 @@ message JWTPolicySpec {
   // If omitted and the policy selects a destination, the policy does not apply to any routes.
   repeated .common.gloo.solo.io.RouteSelector apply_to_routes = 1;
 
-  // Select the destinations where the policy will be applied. Only Kubernetes services are supported.
+  // Select the destinations where the policy will be applied.
+  // {{< reuse "conrefs/snippets/field-desc/dest-no-vdest.md" >}}
   // By default if omitted, the policy does not apply to any destinations.
   // If empty (`{}`), the policy applies to all destinations in the workspace.
   repeated .common.gloo.solo.io.DestinationSelector apply_to_destinations = 3;

api/gloo.solo.io/policy/v2/trafficcontrol/ratelimit_policy.proto

@@ -28,8 +28,7 @@ message RateLimitPolicySpec {
   repeated .common.gloo.solo.io.RouteSelector apply_to_routes = 1;
 
   // Select the destinations where the policy will be applied.
-  // Note that rate limit outputs are only translated for destinations that are Kubernetes services.
-  // External services and virtual destinations are not supported as destinations with this policy.
+  // {{< reuse "conrefs/snippets/field-desc/dest-no-vdest.md" >}}
   // If empty, the rate limit policy applies to all destinations in the workspace.
   // If the destination selector is empty but the route selector is set, no rate limits are applied on destinations, only on routes.
   repeated .common.gloo.solo.io.DestinationSelector apply_to_destinations = 2;