Custom configurations

    This topic describes custom configurations of MOSN.

    • A string that consists of a decimal digit and a time unit suffix. Valid time units: , us (or µs), ms, s, m, and h. For example, 1 h, 3s, and 500 ms.

    metadata is used for matching MOSN routes and cluster hosts.

    mosn.lb corresponds to any content.

    • status: Boolean. Indicates whether TLS is enabled. Default value: false.
    • type: String. Specifies the type of tls_context. tls_context supports extension implementation. Different types correspond to different implementation methods. Default value:”” (empty string).
    • server_name: Used to verify the hostname of the certificate returned by the server when insecure_skip is not configured. Valid when configured at a cluster.
    • ca_cert: The root certificate issued by a trusted certificate authority (CA).
    • cert_chain: The TLS certificate chain.
    • private_key: The private key of a certificate.
    • require_client_cert: Boolean. Specifies whether the client certificate is required.
    • insecure_skip: Boolean. Specifies whether to skip server certificate verification. Valid when configured at a cluster.
    • cipher_suites: Specifies the cipher suites to be supported by TLS connections. If this parameter is specified, TLS connections support only the specified cipher suites and use them according to the order of how they are specified. Separate different cipher suites with a comma. Valid values:
      • Valid values: x25519, p256, p384, and p521.

    • : The earliest TLS version supported.

      • Valid values: TLS1.0, TLS1.1, and TLS1.2. Default value: TLS1.0.
      • Available TLS versions will be automatically identified by default.

    • max_version: The latest TLS version supported.

    • alpn: Specifies the protocol supported by ALPN on TLS connections.

      • Valid values: H2, HTTP/1.1, and SOFA.

    • extend_verify: JSON. Specifies the extension of tls_context when type is not empty.

    • sds_source: Specifies parameters required for accessing the SDS API. If sds_source is configured, the ca_cert, cert_chain, and private_key parameters will be ignored, but other configurations will remain valid.

    • CertificateConfig: Specifies how to obtain the values of cert_chain and private_key.
    • ValidationConfig: Specifies how to obtain the value of ca_cert.
    • For details about the configurations, see envoy: sds_secret_config.