The list of supported fields on Citrix ADC as per the Istio CRDs (Destination Rule, Virtual Service, Policy, Gateway, and Service Entry) is specified as follows:
Destination rule allows you to define policies that apply to traffic intended for a service after routing has occurred.
The following table describes the destination rule settings supported by Citrix ADC with Istio.
Using the virtual service, you can define a set of traffic routing rules to apply when a host is addressed. The following table describes the virtual service configuration settings supported by Citrix ADC with Istio.
| Field | xDS-adaptor version | Citrix ADC Version |
|---|---|---|
| host | 0.9.5 or later | 13.0–37.16+ |
| subset | 0.9.5 or later | 13.0–37.16+ |
| port | 0.9.5 or later | 13.0–37.16+ |
| http.fault.abort.percentage | 0.9.5 or later | 13.0–37.16+ |
| http.fault.abort.httpStatus | 0.9.5 or later | 13.0–37.16+ |
| http.match.uri | 0.9.5 or later | 13.0–37.16+ |
| http.match.scheme | 0.9.5 or later | 13.0–37.16+ |
| http.match.method | 0.9.5 or later | 13.0–37.16+ |
| http.match.authority | 0.9.5 or later | 13.0–37.16+ |
| http.match.headers | 0.9.5 or later | 13.0–37.16+ |
| http.match.port | 0.9.5 or later | 13.0–37.16+ |
| http.redirect.uri | 0.9.5 or later | 13.0–37.16+ |
| http.redirect.authority | 0.9.5 or later | 13.0–37.16+ |
| http.rewrite.uri | 0.9.5 or later | 13.0–37.16+ |
| http.rewrite.authority | 0.9.5 or later | 13.0–37.16+ |
| tcp.route.destination | 0.9.5 or later | 13.0–37.16+ |
| tcp.route.weight | 0.9.5 or later | 13.0–37.16+ |
| http.route.mirror | 0.9.5 or later | 13.0–47.22+ |
Note: http.route.mirrorPercentage will be supported in the next release.
Gateway specification describes a set of ports that must be exposed. It also provides details about the type of protocol to use, SNI configuration for the load balancer, and so on. The following table describes the gateway configuration settings supported by Citrix ADC with Istio.
| Field | xDS-adaptor version | Citrix ADC Version |
|---|---|---|
| gateway.servers.port.number | 0.9.5 or later | 13.0–37.16+ |
| gateway.servers.port.protocol | 0.9.5 or later | 13.0–37.16+ |
| gateway.servers.port.name | 0.9.5 or later | 13.0–37.16+ |
| gateway.servers.hosts | 0.9.5 or later | 13.0–37.16+ |
| gateway.servers.tls.serverCertificate | 0.9.5 or later | 13.0–37.16+ |
| gateway.servers.tls.privateKey | 0.9.5 or later | 13.0–37.16+ |
| gateway.servers.tls.caCertificates | 0.9.5 or later | 13.0–37.16+ |
| gateway.servers.tls.credentialName | 0.9.5 or later | 13.0–37.16+ |
| gateway.servers.tls.mode.SIMPLE | 0.9.5 or later | 13.0–37.16+ |
| gateway.servers.tls.mode.MUTUAL | 0.9.5 or later | 13.0–37.16+ |
You can use the service entry to enable adding more entries into Istio’s internal service registry. Once you enable it, auto-discovered services in the mesh can access or route to these manually specified services.
| Field | xDS-adaptor version | Citrix ADC Version |
|---|---|---|
| serviceentry.hosts | 0.9.5 or later | 13.0–37.16+ |
| serviceentry.ports | 0.9.5 or later | 13.0–37.16+ |
| serviceentry.location.MESH_EXTERNAL | 0.9.5 or later | 13.0–37.16+ |
| serviceentry.location.MESH_INTERNAL | 0.9.5 or later | 13.0–37.16+ |
| serviceentry.resolution.DNS | 0.9.5 or later | 13.0–37.16+ |
| serviceentry.exportTo | 0.9.5 or later | 13.0–37.16+ |
| serviceentry-endpoint.weight | 0.9.5 or later | 13.0–47.22+ |
Using authentication policies you can specify authentication requirements for services receiving requests in an Istio service mesh. The following table describes the authentication policy settings supported by Citrix ADC with Istio.
| Field | xDS-adaptor version | Citrix ADC Version |
|---|---|---|
| jwt | 0.9.5 or later | 13.0–37.16+ |
| jwt.issuer | 0.9.5 or later | 13.0–37.16+ |
| jwt.audiences | 0.9.5 or later | 13.0–38.13+ |
| jwt.jwksUri | 0.9.5 or later | 13.0–37.16+ |
| mtls | 0.9.5 or later | 13.0–37.16+ |
| mutualtls.mode.strict | 0.9.5 or later | 13.0–37.16+ |