The detailed list of fields supported on Citrix ADC as per the Istio CRDs (Destination Rule, Virtual Service, Policy, Gateway, Service Entry) is mentioned below.
Destination rule allows you to define policies that apply to traffic intended for a service after routing has occurred.
The following table describes the destination rule settings supported by Citrix ADC with Istio.
Notes:
istio-adaptorsupports only HTTP based Outlier Detection
Using virtual service, you can define a set of traffic routing rules to apply when a host is addressed. The following table describes the virtual service configuration settings supported by Citrix ADC with Istio.
| Field | Istio-adaptor version |
|---|---|
| host | 1.0.0 |
| subset | 1.0.0 |
| port | 1.0.0 |
| http.fault.abort.percentage | 1.0.0 |
| http.fault.abort.httpStatus | 1.0.0 |
| http.match.uri | 1.0.0 |
| http.match.scheme | 1.0.0 |
| http.match.method | 1.0.0 |
| http.match.authority | 1.0.0 |
| http.match.headers | 1.0.0 |
| http.match.port | 1.0.0 |
| http.redirect.uri | 1.0.0 |
| http.redirect.authority | 1.0.0 |
| http.rewrite.uri | 1.0.0 |
| http.rewrite.authority | 1.0.0 |
| tcp.route.destination | 1.0.0 |
| tcp.route.weight | 1.0.0 |
Gateway specification describes a set of ports that should be exposed, the type of protocol to use, SNI configuration for the load balancer, and so on. The following table describes the gateway configuration settings supported by Citrix ADC with Istio.
| Field | Istio-adaptor version |
|---|---|
| gateway.servers.port.number | 1.0.0 |
| gateway.servers.port.protocol | 1.0.0 |
| gateway.servers.port.name | 1.0.0 |
| gateway.servers.hosts | 1.0.0 |
| gateway.servers.tls.serverCertificate | 1.0.0 |
| gateway.servers.tls.privateKey | 1.0.0 |
| gateway.servers.tls.caCertificates | 1.0.0 |
| gateway.servers.tls.credentialName | 1.0.0 |
| gateway.servers.tls.mode.SIMPLE | 1.0.0 |
| gateway.servers.tls.mode.MUTUAL | 1.0.0 |
You can use service entry to enable adding additional entries into Istio’s internal service registry. Once you enable it, auto-discovered services in the mesh can access or route to these manually specified services.
| Field | Istio-adaptor version |
|---|---|
| serviceentry.hosts | 1.0.0 |
| serviceentry.ports | 1.0.0 |
| serviceentry.location.MESH_EXTERNAL | 1.0.0 |
| serviceentry.location.MESH_INTERNAL | 1.0.0 |
| serviceentry.resolution.DNS | 1.0.0 |
| serviceentry.exportTo | 1.0.0 |
Using authentication policies you can specify authentication requirements for services receiving requests in an Istio service mesh. The following table describes the authentication policy settings supported by Citrix ADC with Istio.
| Field | Istio-adaptor version | Remarks |
|---|---|---|
| jwt | 1.0.0 | |
| jwt.issuer | 1.0.0 | |
| jwt.audiences | 1.1.0 | This feature is supported on Citrix ADC CPX 12.1-54, 13.0-41.27, and later versions. |
| jwt.jwksUri | 1.0.0 | |
| jwt.jwtHeaders | 1.0.0 | This feature is supported on Citrix ADC CPX 12.1-54, 13.0-41.27, and later versions. |
| jwt.jwtParams | 1.1.0 | This feature is supported on Citrix ADC CPX 12.1-54, 13.0-41.27, and later versions. |
| jwt.triggerRules.excludedPaths | 1.0.0 | |
| jwt.triggerRules.includedPaths | 1.0.0 | |
| mtls | 1.0.0 | |
| mutualtls.mode.strict | 1.0.0 |
Citrix servicemesh solution currently does not support Mixer interaction. Thus, features associated with the Mixer are not supported. Citrix has plans to support Mixer integration in future releases.