Merge release-1.1 to master

mesh/v1alpha1/config.proto

@@ -110,7 +110,8 @@ message MeshConfig {
   // $hide_from_docs
   AuthPolicy auth_policy = 10 [deprecated=true];
 
-  reserved 11;
+  // $hide_from_docs
+  google.protobuf.Duration rds_refresh_delay = 11 [deprecated=true];
 
   // Flag to control generation of trace spans and request IDs.
   // Requires a trace span collector defined in the proxy configuration.
@@ -132,8 +133,31 @@ message MeshConfig {
   ProxyConfig default_config = 14;
 
   reserved 15;
-  reserved 16;
-  reserved 17;
+
+  // $hide_from_docs
+  string mixer_address = 16 [deprecated=true];
+
+  message OutboundTrafficPolicy {
+    enum Mode {
+      // outbound traffic will be restricted to services defined in the service registry as well as those defined
+      // through ServiceEntries
+      REGISTRY_ONLY = 0 [deprecated=true];
+      // outbound traffic to unknown destinations will be allowed
+      ALLOW_ANY = 1 [deprecated=true];
+      // not implemented. outbound traffic will be restricted to destinations defined in VirtualServices only
+      VIRTUAL_SERVICE_ONLY = 2 [deprecated=true];
+    }
+    Mode mode = 1 [deprecated=true];
+  }
+
+  // Set the default behavior of the sidecar for handling outbound traffic from the application.
+  // While the default mode should work out of the box, if your application uses one or more external services that
+  // are not known apriori, setting the policy to ALLOW_ANY will cause the sidecars to route traffic to the any
+  // requested destination.
+  // Users are strongly encouraged to use ServiceEntries to explicitly declare any external dependencies,
+  // instead of using allow_any.
+  OutboundTrafficPolicy outbound_traffic_policy = 17 [deprecated=true];
+
   reserved 18;
 
   // Enables clide side policy checks.
@@ -143,7 +167,8 @@ message MeshConfig {
   // Use secret-mount files instead of SDS if set to empty.
   string sds_uds_path = 20;
 
-  reserved 21;
+  // $hide_from_docs
+  google.protobuf.Duration sds_refresh_delay = 21 [deprecated=true];
 
   // ConfigSource describes a source of configuration data for networking
   // rules, and other Istio configuration artifacts. Multiple data sources
@@ -172,7 +197,7 @@ message MeshConfig {
 message ConfigSource {
   // Address of the server implementing the Istio Mesh Configuration
   // protocol (MCP). Can be IP address or a fully qualified DNS name.
-  // Use file:/// to specify a file-based backend with absolute path to the directory.
+  // Use fs:/// to specify a file-based backend with absolute path to the directory.
   string address = 1;
 
   // Use the tls_settings to specify the tls mode to use. If the MCP server

mesh/v1alpha1/istio.mesh.v1alpha1.pb.html

@@ -4,7 +4,7 @@
 generator: protoc-gen-docs
 aliases:
   - /docs/reference/config/service-mesh.html
-number_of_entries: 13
+number_of_entries: 15
 ---
 <h2 id="AuthenticationPolicy">AuthenticationPolicy</h2>
 <section>
@@ -67,7 +67,7 @@ <h2 id="ConfigSource">ConfigSource</h2>
 <td>
 <p>Address of the server implementing the Istio Mesh Configuration
 protocol (MCP). Can be IP address or a fully qualified DNS name.
-Use file:/// to specify a file-based backend with absolute path to the directory.</p>
+Use fs:/// to specify a file-based backend with absolute path to the directory.</p>
 
 </td>
 </tr>
@@ -236,6 +236,19 @@ <h2 id="MeshConfig">MeshConfig</h2>
 and remain constant for the duration of the pod. The rest of the mesh config can be changed
 at runtime and config gets distributed dynamically.</p>
 
+</td>
+</tr>
+<tr id="MeshConfig-outbound_traffic_policy" class="deprecated ">
+<td><code>outboundTrafficPolicy</code></td>
+<td><code><a href="#MeshConfig-OutboundTrafficPolicy">MeshConfig.OutboundTrafficPolicy</a></code></td>
+<td>
+<p>Set the default behavior of the sidecar for handling outbound traffic from the application.
+While the default mode should work out of the box, if your application uses one or more external services that
+are not known apriori, setting the policy to ALLOW<em>ANY will cause the sidecars to route traffic to the any
+requested destination.
+Users are strongly encouraged to use ServiceEntries to explicitly declare any external dependencies,
+instead of using allow</em>any.</p>
+
 </td>
 </tr>
 <tr id="MeshConfig-enable_client_side_policy_check">
@@ -315,6 +328,61 @@ <h2 id="MeshConfig-IngressControllerMode">MeshConfig.IngressControllerMode</h2>
 a secondary ingress controller (e.g., in addition to a
 cloud-provided ingress controller).</p>
 
+</td>
+</tr>
+</tbody>
+</table>
+</section>
+<h2 id="MeshConfig-OutboundTrafficPolicy">MeshConfig.OutboundTrafficPolicy</h2>
+<section>
+<table class="message-fields">
+<thead>
+<tr>
+<th>Field</th>
+<th>Type</th>
+<th>Description</th>
+</tr>
+</thead>
+<tbody>
+<tr id="MeshConfig-OutboundTrafficPolicy-mode" class="deprecated ">
+<td><code>mode</code></td>
+<td><code><a href="#MeshConfig-OutboundTrafficPolicy-Mode">MeshConfig.OutboundTrafficPolicy.Mode</a></code></td>
+<td>
+</td>
+</tr>
+</tbody>
+</table>
+</section>
+<h2 id="MeshConfig-OutboundTrafficPolicy-Mode">MeshConfig.OutboundTrafficPolicy.Mode</h2>
+<section>
+<table class="enum-values">
+<thead>
+<tr>
+<th>Name</th>
+<th>Description</th>
+</tr>
+</thead>
+<tbody>
+<tr id="MeshConfig-OutboundTrafficPolicy-Mode-REGISTRY_ONLY" class="deprecated ">
+<td><code>REGISTRY_ONLY</code></td>
+<td>
+<p>outbound traffic will be restricted to services defined in the service registry as well as those defined
+through ServiceEntries</p>
+
+</td>
+</tr>
+<tr id="MeshConfig-OutboundTrafficPolicy-Mode-ALLOW_ANY" class="deprecated ">
+<td><code>ALLOW_ANY</code></td>
+<td>
+<p>outbound traffic to unknown destinations will be allowed</p>
+
+</td>
+</tr>
+<tr id="MeshConfig-OutboundTrafficPolicy-Mode-VIRTUAL_SERVICE_ONLY" class="deprecated ">
+<td><code>VIRTUAL_SERVICE_ONLY</code></td>
+<td>
+<p>not implemented. outbound traffic will be restricted to destinations defined in VirtualServices only</p>
+
 </td>
 </tr>
 </tbody>