@@ -18,6 +18,14 @@ import "google/protobuf/duration.proto";
1818
1919package istio.proxy.v1.config ;
2020
21+ enum AuthPolicy {
22+ // Do not encrypt Envoy to Envoy traffic.
23+ NONE = 0 ;
24+
25+ // Envoy to Envoy traffic is wrapped into mutual TLS connections.
26+ MUTUAL_TLS = 1 ;
27+ }
28+
2129// ProxyConfig defines variables for individual Envoy instances.
2230message ProxyConfig {
2331 // Path to the generated configuration file directory.
@@ -73,6 +81,18 @@ message ProxyConfig {
7381 // Envoy as a sidecar in Kubernetes, this flag must be one of the availability
7482 // zones assigned to a node using failure-domain.beta.kubernetes.io/zone annotation.
7583 string availability_zone = 12 ;
84+
85+ // Authentication policy defines the global switch to control authentication
86+ // for Envoy-to-Envoy communication for infra components Mixer and Pilot.
87+ AuthPolicy infra_auth_policy = 13 ;
88+
89+ // Address of the mixer service (e.g. __istio-mixer:15004_).
90+ // Used by the proxy in front of mixer as the port to listen to,
91+ // The value must be the same as MeshConfig.mixer_address
92+ string mixer_address = 14 ;
93+
94+ // Pilot subject alternate name used for mutual TLS
95+ repeated string pilot_san = 15 ;
7696}
7797
7898
@@ -82,7 +102,7 @@ message MeshConfig {
82102 // Address of the egress Envoy service (e.g. _istio-egress:80_).
83103 string egress_proxy_address = 1 ;
84104
85- // Address of the mixer service (e.g. _istio-mixer:9090_ ).
105+ // Address of the mixer service (e.g. _istio-mixer:15004_ ).
86106 // Empty value disables Mixer checks and telemetry.
87107 string mixer_address = 2 ;
88108
@@ -131,6 +151,7 @@ message MeshConfig {
131151 // Defines whether to use Istio ingress controller for annotated or all ingress resources.
132152 IngressControllerMode ingress_controller_mode = 9 ;
133153
154+ // TODO AuthPolicy needs to be removed and merged with AuthPolicy defined above
134155 enum AuthPolicy {
135156 // Do not encrypt Envoy to Envoy traffic.
136157 NONE = 0 ;
0 commit comments