Application Gateway for Containers API specification for Kubernetes
Packages
Package v1 is the v1 version of the API.
alb.networking.azure.io/v1
This document defines each of the resource types for alb.networking.azure.io/v1
.
Resource Types:
AffinityType
(string
alias)
(Appears on:SessionAffinity)
AffinityType defines the affinity type for the Service
Value | Description |
---|---|
"application-cookie" |
AffinityTypeApplicationCookie is a session affinity type for an application cookie |
"managed-cookie" |
AffinityTypeManagedCookie is a session affinity type for a managed cookie |
AlbConditionReason
(string
alias)
AlbConditionReason defines the set of reasons that explain why a particular condition type are raised by the Application Gateway for Containers resource.
Value | Description |
---|---|
"Accepted" |
AlbReasonAccepted indicates that the Application Gateway for Containers resource are accepted by the controller. |
"Ready" |
AlbReasonDeploymentReady indicates the Application Gateway for Containers resource deployment status. |
"InProgress" |
AlbReasonInProgress indicates whether the Application Gateway for Containers resource is in the process of being created, updated, or deleted. |
AlbConditionType
(string
alias)
AlbConditionType is a type of condition associated with an Application Gateway for Containers resource. This type should be used with the AlbStatus.Conditions field.
Value | Description |
---|---|
"Accepted" |
AlbConditionTypeAccepted indicates whether the Application Gateway for Containers resource are accepted by the controller. |
"Deployment" |
AlbConditionTypeDeployment indicates the deployment status of the Application Gateway for Containers resource. |
AlbSpec
(Appears on:ApplicationLoadBalancer)
AlbSpec defines the specifications for the Application Gateway for Containers resource.
Field | Description |
---|---|
associations []string |
Associations are subnet resource IDs the Application Gateway for Containers resource are associated with. |
AlbStatus
(Appears on:ApplicationLoadBalancer)
AlbStatus defines the observed state of Application Gateway for Containers resource.
Field | Description |
---|---|
conditions []Kubernetes meta/v1.Condition |
(Optional)
Known condition types are:
|
ApplicationLoadBalancer
ApplicationLoadBalancer is the schema for the Application Gateway for Containers resource.
Field | Description | ||
---|---|---|---|
metadata Kubernetes meta/v1.ObjectMeta |
(Optional)
Object’s metadata. Refer to the Kubernetes API documentation for the fields of themetadata field.
|
||
spec AlbSpec |
Spec is the specifications for Application Gateway for Containers resource.
|
||
status AlbStatus |
Status defines the current state of Application Gateway for Containers resource. |
BackendTLSPolicy
BackendTLSPolicy is the schema for the BackendTLSPolicys API.
Field | Description | ||||||
---|---|---|---|---|---|---|---|
metadata Kubernetes meta/v1.ObjectMeta |
(Optional)
Object’s metadata. Refer to the Kubernetes API documentation for the fields of themetadata field.
|
||||||
spec BackendTLSPolicySpec |
Spec is the BackendTLSPolicy specification.
|
||||||
status BackendTLSPolicyStatus |
Status defines the current state of BackendTLSPolicy. |
BackendTLSPolicyConditionReason
(string
alias)
BackendTLSPolicyConditionReason defines the set of reasons that explain why a particular BackendTLSPolicy condition type is raised.
Value | Description |
---|---|
"Accepted" |
BackendTLSPolicyReasonAccepted is used to set the BackendTLSPolicyConditionReason to Accepted When the given BackendTLSPolicy is correctly configured |
"InvalidBackendTLSPolicy" |
BackendTLSPolicyReasonInvalid is the reason when the BackendTLSPolicy isn’t Accepted |
"InvalidCertificateRef" |
BackendTLSPolicyReasonInvalidCertificateRef is used when an invalid certificate is referenced |
"InvalidGroup" |
BackendTLSPolicyReasonInvalidGroup is used when the group is invalid |
"InvalidKind" |
BackendTLSPolicyReasonInvalidKind is used when the kind/group is invalid |
"InvalidName" |
BackendTLSPolicyReasonInvalidName is used when the name is invalid |
"InvalidSecret" |
BackendTLSPolicyReasonInvalidSecret is used when the Secret is invalid |
"InvalidService" |
BackendTLSPolicyReasonInvalidService is used when the Service is invalid |
"NoTargetReference" |
BackendTLSPolicyReasonNoTargetReference is used when there’s no target reference |
"OverrideNotSupported" |
BackendTLSPolicyReasonOverrideNotSupported is used when the override isn’t supported |
"RefNotPermitted" |
BackendTLSPolicyReasonRefNotPermitted is used when the ref isn’t permitted |
"SectionNamesNotPermitted" |
BackendTLSPolicyReasonSectionNamesNotPermitted is used when the section names aren’t permitted |
BackendTLSPolicyConditionType
(string
alias)
BackendTLSPolicyConditionType is a type of condition associated with a BackendTLSPolicy. This type should be used with the BackendTLSPolicyStatus.Conditions field.
Value | Description |
---|---|
"Accepted" |
BackendTLSPolicyConditionAccepted is used to set the BackendTLSPolicyConditionType to Accepted |
"ResolvedRefs" |
BackendTLSPolicyConditionResolvedRefs is used to set the BackendTLSPolicyCondition to ResolvedRefs |
BackendTLSPolicyConfig
(Appears on:BackendTLSPolicySpec)
BackendTLSPolicyConfig defines the policy specification for the Backend TLS Policy.
Field | Description |
---|---|
CommonTLSPolicy CommonTLSPolicy |
(Members of |
sni string |
(Optional)
Sni is the server name to use for the TLS connection to the backend. |
ports []BackendTLSPolicyPort |
Ports specifies the list of ports where the policy is applied. |
clientCertificateRef Gateway API .SecretObjectReference |
(Optional)
ClientCertificateRef is the reference to the client certificate to use for the TLS connection to the backend. |
BackendTLSPolicyPort
(Appears on:BackendTLSPolicyConfig)
BackendTLSPolicyPort defines the port to use for the TLS connection to the backend
Field | Description |
---|---|
port int |
Port is the port to use for the TLS connection to the backend |
BackendTLSPolicySpec
(Appears on:BackendTLSPolicy)
BackendTLSPolicySpec defines the desired state of BackendTLSPolicy.
Field | Description |
---|---|
targetRef CustomTargetRef |
TargetRef identifies an API object to apply policy to. |
override BackendTLSPolicyConfig |
(Optional)
Override defines policy configuration that should override policy configuration attached below the targeted resource in the hierarchy. Note: Override is currently not supported and result in a validation error. Support for Override will be added in a future release. |
default BackendTLSPolicyConfig |
(Optional)
Default defines default policy configuration for the targeted resource. |
BackendTLSPolicyStatus
(Appears on:BackendTLSPolicy)
BackendTLSPolicyStatus defines the observed state of BackendTLSPolicy.
Field | Description |
---|---|
conditions []Kubernetes meta/v1.Condition |
(Optional)
Conditions describe the current conditions of the BackendTLSPolicy. Implementations should prefer to express BackendTLSPolicy conditions
using the Known condition types are:
|
CommonTLSPolicy
(Appears on:BackendTLSPolicyConfig)
CommonTLSPolicy is the schema for the CommonTLSPolicy API.
Field | Description |
---|---|
verify CommonTLSPolicyVerify |
(Optional)
Verify provides the options to verify the peer certificate. |
CommonTLSPolicyVerify
(Appears on:CommonTLSPolicy)
CommonTLSPolicyVerify defines the schema for the CommonTLSPolicyVerify API.
Field | Description |
---|---|
caCertificateRef Gateway API .SecretObjectReference |
CaCertificateRef is the CA certificate used to verify peer certificate. |
subjectAltName string |
(Optional)
SubjectAltName is the subject alternative name used to verify peer certificate. |
CustomTargetRef
(Appears on:BackendTLSPolicySpec, FrontendTLSPolicySpec, HealthCheckPolicySpec, RoutePolicySpec)
CustomTargetRef is a reference to a custom resource that isn’t part of the Kubernetes core API.
Field | Description |
---|---|
NamespacedPolicyTargetReference Gateway API alpha2.NamespacedPolicyTargetReference |
(Members of |
sectionNames []string |
(Optional)
SectionNames is the name of the section within the target resource. When unspecified, this targetRef targets the entire resource. In the following resources, SectionNames is interpreted as the following:
If a SectionNames is specified, but doesn’t exist on the targeted object,
the Policy fails to attach, and the policy implementation will record
a |
FrontendTLSPolicy
FrontendTLSPolicy is the schema for the FrontendTLSPolicy API
Field | Description | ||||||
---|---|---|---|---|---|---|---|
metadata Kubernetes meta/v1.ObjectMeta |
(Optional)
Object’s metadata. Refer to the Kubernetes API documentation for the fields of themetadata field.
|
||||||
spec FrontendTLSPolicySpec |
Spec is the FrontendTLSPolicy specification.
|
||||||
status FrontendTLSPolicyStatus |
Status defines the current state of FrontendTLSPolicy. |
FrontendTLSPolicyConditionReason
(string
alias)
FrontendTLSPolicyConditionReason defines the set of reasons that explain why a particular FrontendTLSPolicy condition type is raised.
Value | Description |
---|---|
"Accepted" |
FrontendTLSPolicyReasonAccepted is used to set the FrontendTLSPolicyConditionReason to Accepted When the given FrontendTLSPolicy is correctly configured |
"InvalidFrontendTLSPolicy" |
FrontendTLSPolicyReasonInvalid is the reason when the FrontendTLSPolicy isn’t Accepted |
"InvalidCertificateRef" |
FrontendTLSPolicyReasonInvalidCertificateRef is used when an invalid certificate is referenced |
"InvalidDefault" |
FrontendTLSPolicyReasonInvalidDefault is used when the default is invalid |
"InvalidGateway" |
FrontendTLSPolicyReasonInvalidGateway is used when the gateway is invalid |
"InvalidGroup" |
FrontendTLSPolicyReasonInvalidGroup is used when the group is invalid |
"InvalidKind" |
FrontendTLSPolicyReasonInvalidKind is used when the kind/group is invalid |
"InvalidName" |
FrontendTLSPolicyReasonInvalidName is used when the name is invalid |
"InvalidPolicyName" |
FrontendTLSPolicyReasonInvalidPolicyName is used when the policy name is invalid |
"InvalidPolicyType" |
FrontendTLSPolicyReasonInvalidPolicyType is used when the policy type is invalid |
"InvalidTargetReference" |
FrontendTLSPolicyReasonInvalidTargetReference is used when the target reference is invalid |
"NoTargetReference" |
FrontendTLSPolicyReasonNoTargetReference is used when there’s no target reference |
"OverrideNotSupported" |
FrontendTLSPolicyReasonOverrideNotSupported is used when the override isn’t supported |
"RefNotPermitted" |
FrontendTLSPolicyReasonRefNotPermitted is used when the ref isn’t permitted |
"SectionNamesNotPermitted" |
FrontendTLSPolicyReasonSectionNamesNotPermitted is used when the section names aren’t permitted |
FrontendTLSPolicyConditionType
(string
alias)
FrontendTLSPolicyConditionType is a type of condition associated with a FrontendTLSPolicy. This type should be used with the FrontendTLSPolicyStatus.Conditions field.
Value | Description |
---|---|
"Accepted" |
FrontendTLSPolicyConditionAccepted is used to set the FrontendTLSPolicyCondition to Accepted |
"ResolvedRefs" |
FrontendTLSPolicyConditionResolvedRefs is used to set the FrontendTLSPolicyCondition to ResolvedRefs |
FrontendTLSPolicyConfig
(Appears on:FrontendTLSPolicySpec)
FrontendTLSPolicyConfig defines the policy specification for the Frontend TLS Policy.
Field | Description |
---|---|
verify MTLSPolicyVerify |
(Optional)
Verify provides the options to verify the peer certificate. |
policyType PolicyType |
(Optional)
Type is the type of the policy. |
FrontendTLSPolicySpec
(Appears on:FrontendTLSPolicy)
FrontendTLSPolicySpec defines the desired state of FrontendTLSPolicy
Field | Description |
---|---|
targetRef CustomTargetRef |
TargetRef identifies an API object to apply policy to. |
default FrontendTLSPolicyConfig |
(Optional)
Default defines default policy configuration for the targeted resource. |
override FrontendTLSPolicyConfig |
(Optional)
Override defines policy configuration that should override policy configuration attached below the targeted resource in the hierarchy. Note: Override is currently not supported and result in a validation error. Support for Override will be added in a future release. |
FrontendTLSPolicyStatus
(Appears on:FrontendTLSPolicy)
FrontendTLSPolicyStatus defines the observed state of FrontendTLSPolicy.
Field | Description |
---|---|
conditions []Kubernetes meta/v1.Condition |
(Optional)
Conditions describe the current conditions of the FrontendTLSPolicy. Implementations should prefer to express FrontendTLSPolicy conditions
using the Known condition types are:
|
FrontendTLSPolicyType
(string
alias)
(Appears on:PolicyType)
FrontendTLSPolicyType is the type of the Frontend TLS Policy.
Value | Description |
---|---|
"predefined" |
PredefinedFrontendTLSPolicyType is the type of the predefined Frontend TLS Policy. |
FrontendTLSPolicyTypeName
(string
alias)
(Appears on:PolicyType)
FrontendTLSPolicyTypeName is the name of the Frontend TLS Policy.
Value | Description |
---|---|
"2023-06" |
PredefinedPolicy202306 is the name of the predefined Frontend TLS Policy for the policy “2023-06”. |
"2023-06-S" |
PredefinedPolicy202306Strict is the name of the predefined Frontend TLS Policy for the policy “2023-06-S”. This is a strict version of the policy “2023-06”. |
GRPCSpecifiers
(Appears on:HealthCheckPolicyConfig)
GRPCSpecifiers defines the schema for GRPC HealthCheck.
Field | Description |
---|---|
authority string |
(Optional)
Authority if present is used as the value of the Authority header in the health check. |
service string |
(Optional)
Service allows the configuration of a Health check registered under a different service name. |
HTTPHeader
(Appears on:HeaderFilter)
HTTPHeader represents an HTTP Header name and value as defined by RFC 7230.
Field | Description |
---|---|
name HTTPHeaderName |
Name is the name of the HTTP Header to be matched. Name matching MUST be case insensitive. (See https://tools.ietf.org/html/rfc7230#section-3.2). If multiple entries specify equivalent header names, the first entry with an equivalent name MUST be considered for a match. Subsequent entries with an equivalent header name MUST be ignored. Due to the case-insensitivity of header names, “foo” and “Foo” are considered equivalent. |
value string |
Value is the value of HTTP Header to be matched. |
HTTPHeaderName
(string
alias)
(Appears on:HTTPHeader)
HTTPHeaderName is the name of an HTTP header.
Valid values include:
- “Authorization”
- “Set-Cookie”
Invalid values include:
- ”:method” - “:” is an invalid character. This means that HTTP/2 pseudo headers aren’t currently supported by this type.
- ”/invalid” - “/ ” is an invalid character
HTTPMatch
(Appears on:HTTPSpecifiers)
HTTPMatch defines the HTTP matchers to use for HealthCheck checks.
Field | Description |
---|---|
body string |
(Optional)
Body defines the HTTP body matchers to use for HealthCheck checks. |
statusCodes []StatusCodes |
(Optional)
StatusCodes defines the HTTP status code matchers to use for HealthCheck checks. |
HTTPPathModifier
(Appears on:Redirect, URLRewriteFilter)
HTTPPathModifier defines configuration for path modifiers.
Field | Description | ||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
type HTTPPathModifierType |
Type defines the type of path modifier. More types may be added in a future release of the API. Values may be added to this enum, implementations must ensure unknown values won’t cause a crash. Unknown values here must result in the implementation setting the Accepted Condition for the rule to be false |
||||||||||||||||||||||||||||||||||||||||||||||||
replaceFullPath string |
(Optional)
ReplaceFullPath specifies the value with which to replace the full path of a request during a rewrite or redirect. |
||||||||||||||||||||||||||||||||||||||||||||||||
replacePrefixMatch string |
(Optional)
ReplacePrefixMatch specifies the value with which to replace the prefix match of a request during a rewrite or redirect. For example, a request to “/foo/bar” with a prefix match of “/foo” and a ReplacePrefixMatch of “/xyz” would be modified to “/xyz/bar”. This matches the behavior of the PathPrefix match type. This
matches full path elements. A path element refers to the list of labels
in the path split by the ReplacePrefixMatch is only compatible with a
|
HTTPPathModifierType
(string
alias)
(Appears on:HTTPPathModifier)
HTTPPathModifierType defines the type of path redirect or rewrite.
Value | Description |
---|---|
"ReplaceFullPath" |
FullPathHTTPPathModifier replaces the full path with the specified value. |
"ReplacePrefixMatch" |
PrefixMatchHTTPPathModifier replaces any prefix path with the substitution value. For example, a path with a prefix match of “/foo” and a ReplacePrefixMatch substitution of “/bar” replace “/foo” with “/bar” in matching requests. This matches the behavior of the PathPrefix match type. This
matches full path elements. A path element refers to the list of labels
in the path split by the |
HTTPSpecifiers
(Appears on:HealthCheckPolicyConfig)
HTTPSpecifiers defines the schema for HTTP HealthCheck check specification.
Field | Description |
---|---|
host string |
(Optional)
Host is the host header value to use for HealthCheck checks. |
path string |
(Optional)
Path is the path to use for HealthCheck checks. |
match HTTPMatch |
(Optional)
Match defines the HTTP matchers to use for HealthCheck checks. |
HeaderFilter
(Appears on:IngressRewrites)
HeaderFilter defines a filter that modifies the headers of an HTTP request or response. Only one action for a given header name is permitted. Filters specifying multiple actions of the same or different type for any one header name are invalid and rejected. Configuration to set or add multiple values for a header must use RFC 7230 header value formatting, separating each value with a comma.
Field | Description |
---|---|
set []HTTPHeader |
(Optional)
Set overwrites the request with the given header (name, value) before the action. Input: GET /foo HTTP/1.1 my-header: foo Config: set: - name: “my-header” value: “bar” Output: GET /foo HTTP/1.1 my-header: bar |
add []HTTPHeader |
(Optional)
Add adds the given header(s) (name, value) to the request before the action. It appends to any existing values associated with the header name. Input: GET /foo HTTP/1.1 my-header: foo Config: add: - name: “my-header” value: “bar,baz” Output: GET /foo HTTP/1.1 my-header: foo,bar,baz |
remove []string |
(Optional)
Remove the given header(s) from the HTTP request before the action. The value of Remove is a list of HTTP header names. Header names are case-insensitive (see https://datatracker.ietf.org/doc/html/rfc2616#section-4.2). Input: GET /foo HTTP/1.1 my-header1: foo my-header2: bar my-header3: baz Config: remove: [“my-header1”, “my-header3”] Output: GET /foo HTTP/1.1 my-header2: bar |
HeaderName
(string
alias)
HeaderName is the name of a header or query parameter.
HealthCheckPolicy
HealthCheckPolicy is the schema for the HealthCheckPolicy API.
Field | Description | ||||||
---|---|---|---|---|---|---|---|
metadata Kubernetes meta/v1.ObjectMeta |
(Optional)
Object’s metadata. Refer to the Kubernetes API documentation for the fields of themetadata field.
|
||||||
spec HealthCheckPolicySpec |
Spec is the HealthCheckPolicy specification.
|
||||||
status HealthCheckPolicyStatus |
Status defines the current state of HealthCheckPolicy. |
HealthCheckPolicyConditionReason
(string
alias)
HealthCheckPolicyConditionReason defines the set of reasons that explain why a particular HealthCheckPolicy condition type is raised.
Value | Description |
---|---|
"BackendTLSPolicyNotFound" |
BackendTLSPolicyConditionNotFound is used when the BackendTLSPolicy is not found for the service. |
"Accepted" |
HealthCheckPolicyReasonAccepted is used to set the HealthCheckPolicyConditionReason to Accepted. When the given HealthCheckPolicy is correctly configured. |
"InvalidHealthCheckPolicy" |
HealthCheckPolicyReasonInvalid is the reason when the HealthCheckPolicy isn’t Accepted. |
"InvalidGroup" |
HealthCheckPolicyReasonInvalidGroup is used when the group is invalid. |
"InvalidKind" |
HealthCheckPolicyReasonInvalidKind is used when the kind/group is invalid. |
"InvalidName" |
HealthCheckPolicyReasonInvalidName is used when the name is invalid. |
"InvalidPort" |
HealthCheckPolicyReasonInvalidPort is used when the port is invalid. |
"InvalidService" |
HealthCheckPolicyReasonInvalidService is used when the Service is invalid. |
"NoTargetReference" |
HealthCheckPolicyReasonNoTargetReference is used when there’s no target reference. |
"OverrideNotSupported" |
HealthCheckPolicyReasonOverrideNotSupported is used when the override isn’t supported. |
"RefNotPermitted" |
HealthCheckPolicyReasonRefNotPermitted is used when the ref isn’t permitted. |
"SectionNamesNotPermitted" |
HealthCheckPolicyReasonSectionNamesNotPermitted is used when the section names aren’t permitted. |
HealthCheckPolicyConditionType
(string
alias)
HealthCheckPolicyConditionType is a type of condition associated with a HealthCheckPolicy. This type should be used with the HealthCheckPolicyStatus.Conditions field.
Value | Description |
---|---|
"Accepted" |
HealthCheckPolicyConditionAccepted is used to set the HealthCheckPolicyConditionType to Accepted. |
"ResolvedRefs" |
HealthCheckPolicyConditionResolvedRefs is used to set the HealthCheckPolicyCondition to ResolvedRefs. |
HealthCheckPolicyConfig
(Appears on:HealthCheckPolicySpec)
HealthCheckPolicyConfig defines the schema for HealthCheck check specification.
Field | Description |
---|---|
interval Kubernetes meta/v1.Duration |
(Optional)
Interval is the number of seconds between HealthCheck checks. |
timeout Kubernetes meta/v1.Duration |
(Optional)
Timeout is the number of seconds after which the HealthCheck check is considered failed. |
port int32 |
(Optional)
Port is the port to use for HealthCheck checks. |
unhealthyThreshold int32 |
(Optional)
UnhealthyThreshold is the number of consecutive failed HealthCheck checks. |
healthyThreshold int32 |
(Optional)
HealthyThreshold is the number of consecutive successful HealthCheck checks. |
useTLS bool |
(Optional)
UseTLS indicates whether health check should enforce TLS. By default, health check will use the same protocol as the service if the same port is used for health check. If the port is different, health check will be plaintext. |
http HTTPSpecifiers |
(Optional)
HTTP defines the HTTP constraint specification for the HealthCheck of a target resource. |
grpc GRPCSpecifiers |
GRPC configures a gRPC v1 HealthCheck (https://github.com/grpc/grpc-proto/blob/master/grpc/health/v1/health.proto) against the target resource. |
HealthCheckPolicySpec
(Appears on:HealthCheckPolicy)
HealthCheckPolicySpec defines the desired state of HealthCheckPolicy.
Field | Description |
---|---|
targetRef CustomTargetRef |
TargetRef identifies an API object to apply policy to. |
override HealthCheckPolicyConfig |
(Optional)
Override defines policy configuration that should override policy configuration attached below the targeted resource in the hierarchy. Note: Override is currently not supported and will result in a validation error. Support for Override will be added in a future release. |
default HealthCheckPolicyConfig |
(Optional)
Default defines default policy configuration for the targeted resource. |
HealthCheckPolicyStatus
(Appears on:HealthCheckPolicy)
HealthCheckPolicyStatus defines the observed state of HealthCheckPolicy.
Field | Description |
---|---|
conditions []Kubernetes meta/v1.Condition |
(Optional)
Conditions describe the current conditions of the HealthCheckPolicy. Implementations should prefer to express HealthCheckPolicy conditions
using the Known condition types are:
|
IngressBackendPort
(Appears on:IngressBackendSettings)
IngressBackendPort describes a port on a backend. Only one of Name/Number should be defined.
Field | Description |
---|---|
port int32 |
(Optional)
Port indicates the port on the backend service |
name string |
(Optional)
Name must refer to a name on a port on the backend service |
protocol Protocol |
Protocol should be one of “HTTP”, “HTTPS” |
IngressBackendSettingStatus
(Appears on:IngressExtensionStatus)
IngressBackendSettingStatus describes the state of a BackendSetting
Field | Description |
---|---|
service string |
Service identifies the BackendSetting this status describes |
validationErrors []string |
(Optional)
Errors are a list of errors relating to this setting |
valid bool |
Valid indicates that there are no validation errors present on this BackendSetting |
IngressBackendSettings
(Appears on:IngressExtensionSpec)
IngressBackendSettings provides extended configuration options for a backend service
Field | Description |
---|---|
service string |
Service is the name of a backend service that this configuration applies to |
ports []IngressBackendPort |
(Optional)
Ports can be used to indicate if the backend service is listening on HTTP or HTTPS |
trustedRootCertificate string |
(Optional)
TrustedRootCertificate can be used to supply a certificate for the gateway to trust when communicating to the backend on a port specified as https |
sessionAffinity SessionAffinity |
(Optional)
SessionAffinity allows client requests to be consistently given to the same backend |
timeouts IngressTimeouts |
(Optional)
Timeouts define a set of timeout parameters to be applied to an Ingress |
IngressExtension
IngressExtension is the schema for the IngressExtension API
Field | Description | ||||
---|---|---|---|---|---|
metadata Kubernetes meta/v1.ObjectMeta |
(Optional)
Object’s metadata. Refer to the Kubernetes API documentation for the fields of themetadata field.
|
||||
spec IngressExtensionSpec |
Spec is the IngressExtension specification.
|
||||
status IngressExtensionStatus |
IngressExtensionConditionReason
(string
alias)
IngressExtensionConditionReason defines the set of reasons that explain why a particular IngressExtension condition type is raised.
Value | Description |
---|---|
"Accepted" |
IngressExtensionReasonAccepted is used to set the IngressExtensionConditionAccepted to Accepted |
"HasValidationErrors" |
IngressExtensionReasonHasErrors indicates there are some validation errors |
"NoValidationErrors" |
IngressExtensionReasonNoErrors indicates there are no validation errors |
"PartiallyAcceptedWithErrors" |
IngressExtensionReasonPartiallyAccepted is used to set the IngressExtensionConditionAccepted to Accepted, but with nonfatal validation errors |
IngressExtensionConditionType
(string
alias)
IngressExtensionConditionType is a type of condition associated with a IngressExtension. This type should be used with the IngressExtensionStatus.Conditions field.
Value | Description |
---|---|
"Accepted" |
IngressExtensionConditionAccepted indicates if the IngressExtension is accepted (reconciled) by the controller |
"Errors" |
IngressExtensionConditionErrors indicates if there are validation or build errors on the extension |
IngressExtensionSpec
(Appears on:IngressExtension)
IngressExtensionSpec defines the desired configuration of IngressExtension
Field | Description |
---|---|
rules []IngressRuleSetting |
(Optional)
Rules define the rules per host |
backendSettings []IngressBackendSettings |
(Optional)
BackendSettings defines a set of configuration options for Ingress service backends |
IngressExtensionStatus
(Appears on:IngressExtension)
IngressExtensionStatus describes the current state of the IngressExtension
Field | Description |
---|---|
rules []IngressRuleStatus |
(Optional)
Rules have detailed status information regarding each Rule |
backendSettings []IngressBackendSettingStatus |
(Optional)
BackendSettings has detailed status information regarding each BackendSettings |
conditions []Kubernetes meta/v1.Condition |
(Optional)
Conditions describe the current conditions of the IngressExtension. Known condition types are:
|
IngressRewrites
(Appears on:IngressRuleSetting)
IngressRewrites provides the various rewrites supported on a rule
Field | Description |
---|---|
type RewriteType |
Type identifies the type of rewrite |
requestHeaderModifier HeaderFilter |
(Optional)
RequestHeaderModifier defines a schema that modifies request headers. |
responseHeaderModifier HeaderFilter |
(Optional)
RequestHeaderModifier defines a schema that modifies response headers. |
urlRewrite URLRewriteFilter |
(Optional)
URLRewrite defines a schema that modifies a request during forwarding. |
IngressRuleSetting
(Appears on:IngressExtensionSpec)
IngressRuleSetting provides configuration options for rules
Field | Description |
---|---|
host string |
Host is used to match against Ingress rules with the same hostname in order to identify which rules affect these settings |
additionalHostnames []string |
(Optional)
AdditionalHostnames specifies more hostnames to listen on |
rewrites []IngressRewrites |
(Optional)
Rewrites defines the rewrites for the rule |
requestRedirect Redirect |
(Optional)
RequestRedirect defines the redirect behavior for the rule |
IngressRuleStatus
(Appears on:IngressExtensionStatus)
IngressRuleStatus describes the state of a rule
Field | Description |
---|---|
host string |
Host identifies the rule this status describes |
validationErrors []string |
(Optional)
Errors are a list of errors relating to this setting |
valid bool |
(Optional)
Valid indicates that there are no validation errors present on this rule |
IngressTimeouts
(Appears on:IngressBackendSettings)
IngressTimeouts can be used to configure timeout properties for an Ingress
Field | Description |
---|---|
requestTimeout Kubernetes meta/v1.Duration |
(Optional)
RequestTimeout defines the timeout used by the load balancer when forwarding requests to a backend service |
MTLSPolicyVerify
(Appears on:FrontendTLSPolicyConfig)
MTLSPolicyVerify defines the schema for the MTLSPolicyVerify API.
Field | Description |
---|---|
caCertificateRef Gateway API .SecretObjectReference |
CaCertificateRef is the CA certificate used to verify peer certificate. |
subjectAltNames []string |
(Optional)
SubjectAltNames is the list of subject alternative names used to verify peer certificate. |
PolicyType
(Appears on:FrontendTLSPolicyConfig)
PolicyType is the type of the policy.
Field | Description |
---|---|
name FrontendTLSPolicyTypeName |
Name is the name of the policy. |
type FrontendTLSPolicyType |
PredefinedFrontendTLSPolicyType is the type of the predefined Frontend TLS Policy. |
PortNumber
(int32
alias)
(Appears on:Redirect)
PortNumber defines a network port.
PreciseHostname
(string
alias)
(Appears on:Redirect, URLRewriteFilter)
PreciseHostname is the fully qualified domain name of a network host. This matches the RFC 1123 definition of a hostname with one notable exception that numeric IP addresses aren’t allowed.
Per RFC1035 and RFC1123, a label must consist of lower case alphanumeric characters or ‘-’, and must start and end with an alphanumeric character. No other punctuation is allowed.
Protocol
(string
alias)
(Appears on:IngressBackendPort)
Protocol defines the protocol used for certain properties. Valid Protocol values are:
- HTTP
- HTTPS
- TCP
Value | Description |
---|---|
"HTTP" |
ProtocolHTTP implies that the service uses HTTP. |
"HTTPS" |
ProtocolHTTPS implies that the service uses HTTPS. |
"TCP" |
ProtocolTCP implies that the service uses plain TCP. |
Redirect
(Appears on:IngressRuleSetting)
Redirect defines a filter that redirects a request. This MUST NOT be used on the same rule that also has a URLRewriteFilter.
Field | Description |
---|---|
scheme string |
(Optional)
Scheme is the scheme to be used in the value of the |
hostname PreciseHostname |
(Optional)
Hostname is the hostname to be used in the value of the |
path HTTPPathModifier |
(Optional)
Path defines parameters used to modify the path of the incoming request.
The modified path is then used to construct the |
port PortNumber |
(Optional)
Port is the port to be used in the value of the If no port is specified, the redirect port MUST be derived using the following rules:
Implementations SHOULD NOT add the port number in the ‘Location’ header in the following cases:
|
statusCode int |
(Optional)
StatusCode is the HTTP status code to be used in response. Values may be added to this enum, implementations must ensure that unknown values won’t cause a crash. |
RewriteType
(string
alias)
(Appears on:IngressRewrites)
RewriteType identifies the rewrite type
Value | Description |
---|---|
"RequestHeaderModifier" |
RequestHeaderModifier can be used to add or remove an HTTP header from an HTTP request before it’s sent to the upstream target. |
"ResponseHeaderModifier" |
ResponseHeaderModifier can be used to add or remove an HTTP header from an HTTP response before it’s sent to the client. |
"URLRewrite" |
URLRewrite can be used to modify a request during forwarding. |
RoutePolicy
RoutePolicy is the schema for the RoutePolicy API.
Field | Description | ||||||
---|---|---|---|---|---|---|---|
metadata Kubernetes meta/v1.ObjectMeta |
(Optional)
Object’s metadata. Refer to the Kubernetes API documentation for the fields of themetadata field.
|
||||||
spec RoutePolicySpec |
Spec is the RoutePolicy specification.
|
||||||
status RoutePolicyStatus |
Status defines the current state of RoutePolicy. |
RoutePolicyConditionReason
(string
alias)
RoutePolicyConditionReason defines the set of reasons that explain why a particular RoutePolicy condition type is raised.
Value | Description |
---|---|
"Accepted" |
RoutePolicyReasonAccepted is used to set the RoutePolicyConditionReason to Accepted When the given RoutePolicy is correctly configured |
"InvalidRoutePolicy" |
RoutePolicyReasonInvalid is the reason when the RoutePolicy isn’t Accepted |
"InvalidGRPCRoute" |
RoutePolicyReasonInvalidGRPCRoute is used when the GRPCRoute is invalid |
"InvalidGroup" |
RoutePolicyReasonInvalidGroup is used when the group is invalid |
"InvalidHTTPRoute" |
RoutePolicyReasonInvalidHTTPRoute is used when the HTTPRoute is invalid |
"InvalidKind" |
RoutePolicyReasonInvalidKind is used when the kind/group is invalid |
"InvalidName" |
RoutePolicyReasonInvalidName is used when the name is invalid |
"NoTargetReference" |
RoutePolicyReasonNoTargetReference is used when there’s no target reference |
"OverrideNotSupported" |
RoutePolicyReasonOverrideNotSupported is used when the override isn’t supported |
"RefNotPermitted" |
RoutePolicyReasonRefNotPermitted is used when the ref isn’t permitted |
"SectionNamesNotPermitted" |
RoutePolicyReasonSectionNamesNotPermitted is used when the section names aren’t permitted |
RoutePolicyConditionType
(string
alias)
RoutePolicyConditionType is a type of condition associated with a RoutePolicy. This type should be used with the RoutePolicyStatus.Conditions field.
Value | Description |
---|---|
"Accepted" |
RoutePolicyConditionAccepted is used to set the RoutePolicyConditionType to Accepted |
"ResolvedRefs" |
RoutePolicyConditionResolvedRefs is used to set the RoutePolicyCondition to ResolvedRefs |
RoutePolicyConfig
(Appears on:RoutePolicySpec)
RoutePolicyConfig defines the schema for RoutePolicy specification. This allows the specification of the following attributes: * Timeouts * Session Affinity
Field | Description |
---|---|
timeouts RouteTimeouts |
(Optional)
Custom Timeouts Timeout for the target resource. |
sessionAffinity SessionAffinity |
SessionAffinity defines the schema for Session Affinity specification |
RoutePolicySpec
(Appears on:RoutePolicy)
RoutePolicySpec defines the desired state of RoutePolicy.
Field | Description |
---|---|
targetRef CustomTargetRef |
TargetRef identifies an API object to apply policy to. |
override RoutePolicyConfig |
(Optional)
Override defines policy configuration that should override policy configuration attached below the targeted resource in the hierarchy. Note: Override is currently not supported and result in a validation error. Support for Override will be added in a future release. |
default RoutePolicyConfig |
(Optional)
Default defines default policy configuration for the targeted resource. |
RoutePolicyStatus
(Appears on:RoutePolicy)
RoutePolicyStatus defines the observed state of RoutePolicy.
Field | Description |
---|---|
conditions []Kubernetes meta/v1.Condition |
(Optional)
Conditions describe the current conditions of the RoutePolicy. Implementations should prefer to express RoutePolicy conditions
using the Known condition types are:
|
RouteTimeouts
(Appears on:RoutePolicyConfig)
RouteTimeouts defines the schema for Timeouts specification.
Field | Description |
---|---|
routeTimeout Kubernetes meta/v1.Duration |
(Optional)
RouteTimeout is the timeout for the route. |
SessionAffinity
(Appears on:IngressBackendSettings, RoutePolicyConfig)
SessionAffinity defines the schema for Session Affinity specification.
Field | Description |
---|---|
affinityType AffinityType |
|
cookieName string |
(Optional) |
cookieDuration Kubernetes meta/v1.Duration |
(Optional) |
StatusCodes
(Appears on:HTTPMatch)
StatusCodes defines the HTTP status code matchers to use for HealthCheck checks.
Field | Description |
---|---|
start int32 |
(Optional)
Start defines the start of the range of status codes to use for HealthCheck checks. This is inclusive. |
end int32 |
(Optional)
End defines the end of the range of status codes to use for HealthCheck checks. This is inclusive. |
URLRewriteFilter
(Appears on:IngressRewrites)
URLRewriteFilter defines a filter that modifies a request during forwarding. At most one of these filters may be used on a rule. This MUST NOT be used on the same rule having an sslRedirect.
Field | Description |
---|---|
hostname PreciseHostname |
(Optional)
Hostname is the value to be used to replace the Host header value during forwarding. |
path HTTPPathModifier |
(Optional)
Path defines a path rewrite. |