Documentation ¶
Overview ¶
Package v1alpha1 contains API schema definitions for the gateway.envoyproxy.io API group.
+kubebuilder:object:generate=true +groupName=gateway.envoyproxy.io
Index ¶
- Constants
- Variables
- func DefaultEnvoyProxyHpaMetrics() []autoscalingv2.MetricSpec
- func DefaultKubernetesContainerImage(image string) *string
- func DefaultKubernetesDaemonSetStrategy() *appsv1.DaemonSetUpdateStrategy
- func DefaultKubernetesDeploymentStrategy() *appsv1.DeploymentStrategy
- func DefaultResourceRequirements() *corev1.ResourceRequirements
- func DefaultShutdownManagerContainerResourceRequirements() *corev1.ResourceRequirements
- func ToBackendObjectReference(ref BackendRef) *gwapiv1.BackendObjectReference
- type ALPNProtocol
- type ALSEnvoyProxyAccessLog
- type ALSEnvoyProxyAccessLogType
- type ALSEnvoyProxyHTTPAccessLogConfig
- type ActiveHealthCheck
- type ActiveHealthCheckPayload
- type ActiveHealthCheckPayloadType
- type ActiveHealthCheckerType
- type AppProtocolType
- type Authorization
- type AuthorizationAction
- type AuthorizationRule
- type BackOffPolicy
- type Backend
- type BackendCluster
- type BackendConditionReason
- type BackendConditionType
- type BackendConnection
- type BackendEndpoint
- type BackendList
- type BackendRef
- type BackendSpec
- type BackendStatus
- type BackendTLSConfig
- type BackendTrafficPolicy
- type BackendTrafficPolicyList
- type BackendTrafficPolicySpec
- type BasicAuth
- type BootstrapType
- type CIDR
- type CORS
- type CircuitBreaker
- type ClaimToHeader
- type ClientConnection
- type ClientIPDetectionSettings
- type ClientTLSSettings
- type ClientTimeout
- type ClientTrafficPolicy
- type ClientTrafficPolicyList
- type ClientTrafficPolicySpec
- type ClientValidationContext
- type ClusterSettings
- type Compression
- type CompressorType
- type ConnectionLimit
- type ConsistentHash
- type ConsistentHashType
- type Cookie
- type CustomHeaderExtensionSettings
- type CustomResponse
- type CustomResponseBody
- type CustomResponseMatch
- type CustomTag
- type CustomTagType
- type DNS
- type EnvironmentCustomTag
- type EnvoyExtensionPolicy
- type EnvoyExtensionPolicyList
- type EnvoyExtensionPolicySpec
- type EnvoyFilter
- type EnvoyGateway
- func (in *EnvoyGateway) DeepCopy() *EnvoyGateway
- func (in *EnvoyGateway) DeepCopyInto(out *EnvoyGateway)
- func (in *EnvoyGateway) DeepCopyObject() runtime.Object
- func (e *EnvoyGateway) DisablePrometheus() bool
- func (e *EnvoyGateway) GetEnvoyGatewayAdmin() *EnvoyGatewayAdmin
- func (e *EnvoyGateway) GetEnvoyGatewayAdminAddress() string
- func (e *EnvoyGateway) GetEnvoyGatewayProvider() *EnvoyGatewayProvider
- func (e *EnvoyGateway) GetEnvoyGatewayTelemetry() *EnvoyGatewayTelemetry
- func (e *EnvoyGateway) NamespaceMode() bool
- func (e *EnvoyGateway) SetEnvoyGatewayDefaults()
- type EnvoyGatewayAdmin
- type EnvoyGatewayAdminAddress
- type EnvoyGatewayCustomProvider
- type EnvoyGatewayFileResourceProvider
- type EnvoyGatewayHostInfrastructureProvider
- type EnvoyGatewayInfrastructureProvider
- type EnvoyGatewayKubernetesProvider
- type EnvoyGatewayLogComponent
- type EnvoyGatewayLogging
- type EnvoyGatewayMetricSink
- type EnvoyGatewayMetrics
- type EnvoyGatewayOpenTelemetrySink
- type EnvoyGatewayPrometheusProvider
- type EnvoyGatewayProvider
- func (in *EnvoyGatewayProvider) DeepCopy() *EnvoyGatewayProvider
- func (in *EnvoyGatewayProvider) DeepCopyInto(out *EnvoyGatewayProvider)
- func (r *EnvoyGatewayProvider) GetEnvoyGatewayKubeProvider() *EnvoyGatewayKubernetesProvider
- func (r *EnvoyGatewayProvider) IsRunningOnHost() bool
- func (r *EnvoyGatewayProvider) IsRunningOnKubernetes() bool
- type EnvoyGatewayResourceProvider
- type EnvoyGatewaySpec
- type EnvoyGatewayTelemetry
- type EnvoyJSONPatchConfig
- type EnvoyPatchPolicy
- type EnvoyPatchPolicyList
- type EnvoyPatchPolicySpec
- type EnvoyPatchType
- type EnvoyProxy
- type EnvoyProxyKubernetesProvider
- type EnvoyProxyList
- type EnvoyProxyProvider
- type EnvoyProxySpec
- type EnvoyProxyStatus
- type EnvoyResourceType
- type ExtAuth
- type ExtProc
- type ExtProcBodyProcessingMode
- type ExtProcProcessingMode
- type ExtensionAPISettings
- type ExtensionHooks
- type ExtensionManager
- type ExtensionService
- type ExtensionTLS
- type FQDNEndpoint
- type FaultInjection
- type FaultInjectionAbort
- type FaultInjectionDelay
- type FileEnvoyProxyAccessLog
- type FilterPosition
- type GRPCActiveHealthChecker
- type GRPCExtAuthService
- type Gateway
- type GlobalRateLimit
- type GroupVersionKind
- type GzipCompressor
- type HTTP10Settings
- type HTTP1Settings
- type HTTP2Settings
- type HTTP3Settings
- type HTTPActiveHealthChecker
- type HTTPClientTimeout
- type HTTPDirectResponseFilter
- type HTTPExtAuthService
- type HTTPHostnameModifier
- type HTTPHostnameModifierType
- type HTTPPathModifier
- type HTTPPathModifierType
- type HTTPRouteFilter
- type HTTPRouteFilterList
- type HTTPRouteFilterSpec
- type HTTPStatus
- type HTTPTimeout
- type HTTPURLRewriteFilter
- type HTTPWasmCodeSource
- type Header
- type HeaderMatch
- type HeaderMatchType
- type HeaderSettings
- type HealthCheck
- type HealthCheckSettings
- type IPEndpoint
- type IPFamily
- type ImagePullPolicy
- type ImageWasmCodeSource
- type InfrastructureProviderType
- type InvalidMessageAction
- type JSONPatchOperation
- type JSONPatchOperationType
- type JWT
- type JWTClaim
- type JWTClaimValueType
- type JWTExtractor
- type JWTHeaderExtractor
- type JWTPrincipal
- type JWTProvider
- type JWTScope
- type KubernetesContainerSpec
- type KubernetesDaemonSetSpec
- type KubernetesDeployMode
- type KubernetesDeploymentSpec
- type KubernetesHorizontalPodAutoscalerSpec
- type KubernetesPatchSpec
- type KubernetesPodDisruptionBudgetSpec
- type KubernetesPodSpec
- type KubernetesServiceSpec
- type KubernetesWatchMode
- type KubernetesWatchModeType
- type LeaderElection
- type LiteralCustomTag
- type LoadBalancer
- type LoadBalancerType
- type LocalRateLimit
- type LogLevel
- type MergeType
- type MetricSinkType
- type OIDC
- type OIDCCookieNames
- type OIDCProvider
- type OpenTelemetryEnvoyProxyAccessLog
- type Origin
- type PassiveHealthCheck
- type PathEscapedSlashAction
- type PathSettings
- type PerRetryPolicy
- type PolicyTargetReferences
- type Principal
- type ProcessingModeOptions
- type ProviderType
- type ProxyAccessLog
- type ProxyAccessLogFormat
- type ProxyAccessLogFormatType
- type ProxyAccessLogSetting
- type ProxyAccessLogSink
- type ProxyAccessLogSinkType
- type ProxyAccessLogType
- type ProxyBootstrap
- type ProxyLogComponent
- type ProxyLogging
- type ProxyMetricSink
- type ProxyMetrics
- type ProxyOpenTelemetrySink
- type ProxyPrometheusProvider
- type ProxyProtocol
- type ProxyProtocolVersion
- type ProxyTelemetry
- type ProxyTracing
- type RateLimit
- type RateLimitDatabaseBackend
- type RateLimitDatabaseBackendType
- type RateLimitMetrics
- type RateLimitMetricsPrometheusProvider
- type RateLimitRedisSettings
- type RateLimitRule
- type RateLimitSelectCondition
- type RateLimitSpec
- type RateLimitTelemetry
- type RateLimitTracing
- type RateLimitTracingProvider
- type RateLimitTracingProviderType
- type RateLimitType
- type RateLimitUnit
- type RateLimitValue
- type RedisTLSSettings
- type RemoteJWKS
- type ReplaceRegexMatch
- type RequestHeaderCustomTag
- type ResourceProviderType
- type ResponseOverride
- type ResponseValueType
- type Retry
- type RetryOn
- type RoutingType
- type SecurityPolicy
- type SecurityPolicyList
- type SecurityPolicySpec
- type ServiceExternalTrafficPolicy
- type ServiceType
- type Session
- type SessionResumption
- type ShutdownConfig
- type ShutdownManager
- type SlowStart
- type SourceMatch
- type SourceMatchType
- type StatefulTLSSessionResumption
- type StatelessTLSSessionResumption
- type StatusCodeMatch
- type StatusCodeRange
- type StatusCodeValueType
- type StringMatch
- type StringMatchType
- type TCPActiveHealthChecker
- type TCPClientTimeout
- type TCPKeepalive
- type TCPTimeout
- type TLSSettings
- type TLSVersion
- type TargetSelector
- type Timeout
- type TracingProvider
- type TracingProviderType
- type TriggerEnum
- type UnixSocket
- type Wasm
- type WasmCodeSource
- type WasmCodeSourceType
- type WithUnderscoresAction
- type XDSTranslatorHook
- type XDSTranslatorHooks
- type XFCCCertData
- type XFCCForwardMode
- type XForwardedClientCert
- type XForwardedForSettings
- type ZipkinTracingProvider
Constants ¶
const ( // BackendConditionAccepted indicates whether the backend has been accepted or // rejected by a targeted resource, and why. // // Possible reasons for this condition to be True are: // // * "Accepted" // // Possible reasons for this condition to be False are: // // * "Invalid" // BackendConditionAccepted BackendConditionType = "Accepted" // BackendReasonAccepted is used with the "Accepted" condition when the backend // has been accepted by the targeted resource. BackendReasonAccepted BackendConditionReason = "Accepted" // BackendReasonInvalid is used with the "Accepted" condition when the backend // is syntactically or semantically invalid. BackendReasonInvalid BackendConditionReason = "Invalid" )
const ( // PolicyConditionOverridden indicates whether the policy has // completely attached to all the sections within the target or not. // // Possible reasons for this condition to be True are: // // * "Overridden" // PolicyConditionOverridden gwapiv1a2.PolicyConditionType = "Overridden" // PolicyReasonOverridden is used with the "Overridden" condition when the policy // has been overridden by another policy targeting a section within the same target. PolicyReasonOverridden gwapiv1a2.PolicyConditionReason = "Overridden" )
const ( // KindEnvoyGateway is the name of the EnvoyGateway kind. KindEnvoyGateway = "EnvoyGateway" // GatewayControllerName is the name of the GatewayClass controller. GatewayControllerName = "gateway.envoyproxy.io/gatewayclass-controller" // GatewayAdminPort is the port which envoy gateway admin server is listening on. GatewayAdminPort = 19000 // GatewayAdminHost is the host of envoy gateway admin server. GatewayAdminHost = "127.0.0.1" // GatewayMetricsPort is the port which envoy gateway metrics server is listening on. GatewayMetricsPort = 19001 // GatewayMetricsHost is the host of envoy gateway metrics server. GatewayMetricsHost = "0.0.0.0" )
const ( // KubernetesWatchModeTypeNamespaces indicates that the namespace watch mode is used. KubernetesWatchModeTypeNamespaces = "Namespaces" // KubernetesWatchModeTypeNamespaceSelector indicates that namespaceSelector watch // mode is used. KubernetesWatchModeTypeNamespaceSelector = "NamespaceSelector" )
const ( // PolicyConditionProgrammed indicates whether the policy has been translated // and ready to be programmed into the data plane. // // Possible reasons for this condition to be True are: // // * "Programmed" // // Possible reasons for this condition to be False are: // // * "Invalid" // * "ResourceNotFound" // PolicyConditionProgrammed gwapiv1a2.PolicyConditionType = "Programmed" // PolicyReasonProgrammed is used with the "Programmed" condition when the policy // is ready to be programmed into the data plane. PolicyReasonProgrammed gwapiv1a2.PolicyConditionReason = "Programmed" // PolicyReasonInvalid is used with the "Programmed" condition when the patch // is syntactically or semantically invalid. PolicyReasonInvalid gwapiv1a2.PolicyConditionReason = "Invalid" // PolicyReasonResourceNotFound is used with the "Programmed" condition when the // policy cannot find the resource type to patch to. PolicyReasonResourceNotFound gwapiv1a2.PolicyConditionReason = "ResourceNotFound" // PolicyReasonDisabled is used with the "Accepted" condition when the policy // feature is disabled by the configuration. PolicyReasonDisabled gwapiv1a2.PolicyConditionReason = "Disabled" )
const ( // DefaultDeploymentReplicas is the default number of deployment replicas. DefaultDeploymentReplicas = 1 // DefaultDeploymentCPUResourceRequests for deployment cpu resource DefaultDeploymentCPUResourceRequests = "100m" // DefaultDeploymentMemoryResourceRequests for deployment memory resource DefaultDeploymentMemoryResourceRequests = "512Mi" // DefaultEnvoyProxyImage is the default image used by envoyproxy DefaultEnvoyProxyImage = "envoyproxy/envoy:distroless-v1.32.1" // DefaultShutdownManagerCPUResourceRequests for shutdown manager cpu resource DefaultShutdownManagerCPUResourceRequests = "10m" // DefaultShutdownManagerMemoryResourceRequests for shutdown manager memory resource DefaultShutdownManagerMemoryResourceRequests = "32Mi" // DefaultShutdownManagerImage is the default image used for the shutdown manager. DefaultShutdownManagerImage = "docker.io/envoyproxy/gateway-dev:latest" // DefaultRateLimitImage is the default image used by ratelimit. DefaultRateLimitImage = "docker.io/envoyproxy/ratelimit:49af5cca" // HTTPProtocol is the common-used http protocol. HTTPProtocol = "http" // GRPCProtocol is the common-used grpc protocol. GRPCProtocol = "grpc" )
const BasicAuthUsersSecretKey = ".htpasswd"
const GroupName = "gateway.envoyproxy.io"
const (
// KindBackend is the name of the Backend kind.
KindBackend = "Backend"
)
const (
// KindBackendTrafficPolicy is the name of the BackendTrafficPolicy kind.
KindBackendTrafficPolicy = "BackendTrafficPolicy"
)
const (
// KindClientTrafficPolicy is the name of the ClientTrafficPolicy kind.
KindClientTrafficPolicy = "ClientTrafficPolicy"
)
const (
// KindEnvoyExtensionPolicy is the name of the EnvoyExtensionPolicy kind.
KindEnvoyExtensionPolicy = "EnvoyExtensionPolicy"
)
const (
// KindEnvoyPatchPolicy is the name of the EnvoyPatchPolicy kind.
KindEnvoyPatchPolicy = "EnvoyPatchPolicy"
)
const (
// KindEnvoyProxy is the name of the EnvoyProxy kind.
KindEnvoyProxy = "EnvoyProxy"
)
const (
// KindHTTPRouteFilter is the name of the HTTPRouteFilter kind.
KindHTTPRouteFilter = "HTTPRouteFilter"
)
const (
// KindSecurityPolicy is the name of the SecurityPolicy kind.
KindSecurityPolicy = "SecurityPolicy"
)
const OIDCClientSecretKey = "client-secret"
Variables ¶
var ( // GroupVersion is group version used to register these objects GroupVersion = schema.GroupVersion{Group: GroupName, Version: "v1alpha1"} // SchemeBuilder is used to add go types to the GroupVersionKind scheme SchemeBuilder = &scheme.Builder{GroupVersion: GroupVersion} // AddToScheme adds the types in this group-version to the given scheme. AddToScheme = SchemeBuilder.AddToScheme )
Functions ¶
func DefaultEnvoyProxyHpaMetrics ¶ added in v1.0.0
func DefaultEnvoyProxyHpaMetrics() []autoscalingv2.MetricSpec
func DefaultKubernetesContainerImage ¶ added in v0.6.0
DefaultKubernetesContainerImage returns the default envoyproxy image.
func DefaultKubernetesDaemonSetStrategy ¶ added in v1.1.0
func DefaultKubernetesDaemonSetStrategy() *appsv1.DaemonSetUpdateStrategy
DefaultKubernetesDaemonSetStrategy returns the default daemonset strategy settings.
func DefaultKubernetesDeploymentStrategy ¶ added in v0.6.0
func DefaultKubernetesDeploymentStrategy() *appsv1.DeploymentStrategy
DefaultKubernetesDeploymentStrategy returns the default deployment strategy settings.
func DefaultResourceRequirements ¶ added in v0.6.0
func DefaultResourceRequirements() *corev1.ResourceRequirements
DefaultResourceRequirements returns a new ResourceRequirements with default settings.
func DefaultShutdownManagerContainerResourceRequirements ¶ added in v1.0.0
func DefaultShutdownManagerContainerResourceRequirements() *corev1.ResourceRequirements
DefaultShutdownManagerContainerResourceRequirements returns a new ResourceRequirements with default settings.
func ToBackendObjectReference ¶ added in v1.1.0
func ToBackendObjectReference(ref BackendRef) *gwapiv1.BackendObjectReference
Types ¶
type ALPNProtocol ¶ added in v1.0.0
type ALPNProtocol string
ALPNProtocol specifies the protocol to be negotiated using ALPN +kubebuilder:validation:Enum=http/1.0;http/1.1;h2
const ( // HTTPProtocolVersion1_0 specifies that HTTP/1.0 should be negotiable with ALPN HTTPProtocolVersion1_0 ALPNProtocol = "http/1.0" // HTTPProtocolVersion1_1 specifies that HTTP/1.1 should be negotiable with ALPN HTTPProtocolVersion1_1 ALPNProtocol = "http/1.1" // HTTPProtocolVersion2 specifies that HTTP/2 should be negotiable with ALPN HTTPProtocolVersion2 ALPNProtocol = "h2" )
When adding ALPN constants, they must be values that are defined in the IANA registry for ALPN identification sequences https://www.iana.org/assignments/tls-extensiontype-values/tls-extensiontype-values.xhtml#alpn-protocol-ids
type ALSEnvoyProxyAccessLog ¶ added in v1.1.0
type ALSEnvoyProxyAccessLog struct { BackendCluster `json:",inline"` // LogName defines the friendly name of the access log to be returned in // StreamAccessLogsMessage.Identifier. This allows the access log server // to differentiate between different access logs coming from the same Envoy. // +optional // +kubebuilder:validation:MinLength=1 LogName *string `json:"logName,omitempty"` // Type defines the type of accesslog. Supported types are "HTTP" and "TCP". // +kubebuilder:validation:Enum=HTTP;TCP Type ALSEnvoyProxyAccessLogType `json:"type"` // HTTP defines additional configuration specific to HTTP access logs. // +optional HTTP *ALSEnvoyProxyHTTPAccessLogConfig `json:"http,omitempty"` }
ALSEnvoyProxyAccessLog defines the gRPC Access Log Service (ALS) sink. The service must implement the Envoy gRPC Access Log Service streaming API: https://www.envoyproxy.io/docs/envoy/latest/api-v3/service/accesslog/v3/als.proto Access log format information is passed in the form of gRPC metadata when the stream is established. Specifically, the following metadata is passed:
- `x-accesslog-text` - The access log format string when a Text format is used. - `x-accesslog-attr` - JSON encoded key/value pairs when a JSON format is used.
+kubebuilder:validation:XValidation:rule="self.type == 'HTTP' || !has(self.http)",message="The http field may only be set when type is HTTP." +kubebuilder:validation:XValidation:message="BackendRefs must be used, backendRef is not supported.",rule="!has(self.backendRef)" +kubebuilder:validation:XValidation:message="must have at least one backend in backendRefs",rule="has(self.backendRefs) && self.backendRefs.size() > 0" +kubebuilder:validation:XValidation:message="BackendRefs only supports Service kind.",rule="has(self.backendRefs) ? self.backendRefs.all(f, f.kind == 'Service') : true" +kubebuilder:validation:XValidation:message="BackendRefs only supports Core group.",rule="has(self.backendRefs) ? (self.backendRefs.all(f, f.group == \"\")) : true"
func (*ALSEnvoyProxyAccessLog) DeepCopy ¶ added in v1.1.0
func (in *ALSEnvoyProxyAccessLog) DeepCopy() *ALSEnvoyProxyAccessLog
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ALSEnvoyProxyAccessLog.
func (*ALSEnvoyProxyAccessLog) DeepCopyInto ¶ added in v1.1.0
func (in *ALSEnvoyProxyAccessLog) DeepCopyInto(out *ALSEnvoyProxyAccessLog)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type ALSEnvoyProxyAccessLogType ¶ added in v1.1.0
type ALSEnvoyProxyAccessLogType string
const ( // ALSEnvoyProxyAccessLogTypeHTTP defines the HTTP access log type and will populate StreamAccessLogsMessage.http_logs. ALSEnvoyProxyAccessLogTypeHTTP ALSEnvoyProxyAccessLogType = "HTTP" // ALSEnvoyProxyAccessLogTypeTCP defines the TCP access log type and will populate StreamAccessLogsMessage.tcp_logs. ALSEnvoyProxyAccessLogTypeTCP ALSEnvoyProxyAccessLogType = "TCP" )
type ALSEnvoyProxyHTTPAccessLogConfig ¶ added in v1.1.0
type ALSEnvoyProxyHTTPAccessLogConfig struct { // RequestHeaders defines request headers to include in log entries sent to the access log service. // +optional RequestHeaders []string `json:"requestHeaders,omitempty"` // ResponseHeaders defines response headers to include in log entries sent to the access log service. // +optional ResponseHeaders []string `json:"responseHeaders,omitempty"` // ResponseTrailers defines response trailers to include in log entries sent to the access log service. // +optional ResponseTrailers []string `json:"responseTrailers,omitempty"` }
func (*ALSEnvoyProxyHTTPAccessLogConfig) DeepCopy ¶ added in v1.1.0
func (in *ALSEnvoyProxyHTTPAccessLogConfig) DeepCopy() *ALSEnvoyProxyHTTPAccessLogConfig
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ALSEnvoyProxyHTTPAccessLogConfig.
func (*ALSEnvoyProxyHTTPAccessLogConfig) DeepCopyInto ¶ added in v1.1.0
func (in *ALSEnvoyProxyHTTPAccessLogConfig) DeepCopyInto(out *ALSEnvoyProxyHTTPAccessLogConfig)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type ActiveHealthCheck ¶ added in v1.0.0
type ActiveHealthCheck struct { // Timeout defines the time to wait for a health check response. // // +kubebuilder:validation:Format=duration // +kubebuilder:default="1s" // +optional Timeout *metav1.Duration `json:"timeout"` // Interval defines the time between active health checks. // // +kubebuilder:validation:Format=duration // +kubebuilder:default="3s" // +optional Interval *metav1.Duration `json:"interval"` // UnhealthyThreshold defines the number of unhealthy health checks required before a backend host is marked unhealthy. // // +kubebuilder:validation:Minimum=1 // +kubebuilder:default=3 // +optional UnhealthyThreshold *uint32 `json:"unhealthyThreshold"` // HealthyThreshold defines the number of healthy health checks required before a backend host is marked healthy. // // +kubebuilder:validation:Minimum=1 // +kubebuilder:default=1 // +optional HealthyThreshold *uint32 `json:"healthyThreshold"` // Type defines the type of health checker. // +kubebuilder:validation:Enum=HTTP;TCP;GRPC // +unionDiscriminator Type ActiveHealthCheckerType `json:"type" yaml:"type"` // HTTP defines the configuration of http health checker. // It's required while the health checker type is HTTP. // +optional HTTP *HTTPActiveHealthChecker `json:"http,omitempty" yaml:"http,omitempty"` // TCP defines the configuration of tcp health checker. // It's required while the health checker type is TCP. // +optional TCP *TCPActiveHealthChecker `json:"tcp,omitempty" yaml:"tcp,omitempty"` // GRPC defines the configuration of the GRPC health checker. // It's optional, and can only be used if the specified type is GRPC. // +optional GRPC *GRPCActiveHealthChecker `json:"grpc,omitempty" yaml:"grpc,omitempty"` }
ActiveHealthCheck defines the active health check configuration. EG supports various types of active health checking including HTTP, TCP. +union
+kubebuilder:validation:XValidation:rule="self.type == 'HTTP' ? has(self.http) : !has(self.http)",message="If Health Checker type is HTTP, http field needs to be set." +kubebuilder:validation:XValidation:rule="self.type == 'TCP' ? has(self.tcp) : !has(self.tcp)",message="If Health Checker type is TCP, tcp field needs to be set." +kubebuilder:validation:XValidation:rule="has(self.grpc) ? self.type == 'GRPC' : true", message="The grpc field can only be set if the Health Checker type is GRPC."
func (*ActiveHealthCheck) DeepCopy ¶ added in v1.0.0
func (in *ActiveHealthCheck) DeepCopy() *ActiveHealthCheck
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ActiveHealthCheck.
func (*ActiveHealthCheck) DeepCopyInto ¶ added in v1.0.0
func (in *ActiveHealthCheck) DeepCopyInto(out *ActiveHealthCheck)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type ActiveHealthCheckPayload ¶ added in v1.0.0
type ActiveHealthCheckPayload struct { // Type defines the type of the payload. // +kubebuilder:validation:Enum=Text;Binary // +unionDiscriminator Type ActiveHealthCheckPayloadType `json:"type" yaml:"type"` // Text payload in plain text. // +optional Text *string `json:"text,omitempty" yaml:"text,omitempty"` // Binary payload base64 encoded. // +optional Binary []byte `json:"binary,omitempty" yaml:"binary,omitempty"` }
ActiveHealthCheckPayload defines the encoding of the payload bytes in the payload. +union +kubebuilder:validation:XValidation:rule="self.type == 'Text' ? has(self.text) : !has(self.text)",message="If payload type is Text, text field needs to be set." +kubebuilder:validation:XValidation:rule="self.type == 'Binary' ? has(self.binary) : !has(self.binary)",message="If payload type is Binary, binary field needs to be set."
func (*ActiveHealthCheckPayload) DeepCopy ¶ added in v1.0.0
func (in *ActiveHealthCheckPayload) DeepCopy() *ActiveHealthCheckPayload
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ActiveHealthCheckPayload.
func (*ActiveHealthCheckPayload) DeepCopyInto ¶ added in v1.0.0
func (in *ActiveHealthCheckPayload) DeepCopyInto(out *ActiveHealthCheckPayload)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type ActiveHealthCheckPayloadType ¶ added in v1.0.0
type ActiveHealthCheckPayloadType string
ActiveHealthCheckPayloadType is the type of the payload. +kubebuilder:validation:Enum=Text;Binary
const ( // ActiveHealthCheckPayloadTypeText defines the Text type payload. ActiveHealthCheckPayloadTypeText ActiveHealthCheckPayloadType = "Text" // ActiveHealthCheckPayloadTypeBinary defines the Binary type payload. ActiveHealthCheckPayloadTypeBinary ActiveHealthCheckPayloadType = "Binary" )
type ActiveHealthCheckerType ¶ added in v1.0.0
type ActiveHealthCheckerType string
ActiveHealthCheckerType is the type of health checker. +kubebuilder:validation:Enum=HTTP;TCP;GRPC
const ( // ActiveHealthCheckerTypeHTTP defines the HTTP type of health checking. ActiveHealthCheckerTypeHTTP ActiveHealthCheckerType = "HTTP" // ActiveHealthCheckerTypeTCP defines the TCP type of health checking. ActiveHealthCheckerTypeTCP ActiveHealthCheckerType = "TCP" // ActiveHealthCheckerTypeGRPC defines the GRPC type of health checking. ActiveHealthCheckerTypeGRPC ActiveHealthCheckerType = "GRPC" )
type AppProtocolType ¶ added in v1.1.0
type AppProtocolType string
AppProtocolType defines various backend applications protocols supported by Envoy Gateway
+kubebuilder:validation:Enum=gateway.envoyproxy.io/h2c;gateway.envoyproxy.io/ws;gateway.envoyproxy.io/wss
const ( // AppProtocolTypeH2C defines the HTTP/2 application protocol. AppProtocolTypeH2C AppProtocolType = "gateway.envoyproxy.io/h2c" // AppProtocolTypeWS defines the WebSocket over HTTP protocol. AppProtocolTypeWS AppProtocolType = "gateway.envoyproxy.io/ws" // AppProtocolTypeWSS defines the WebSocket over HTTPS protocol. AppProtocolTypeWSS AppProtocolType = "gateway.envoyproxy.io/wss" )
type Authorization ¶ added in v1.1.0
type Authorization struct { // Rules defines a list of authorization rules. // These rules are evaluated in order, the first matching rule will be applied, // and the rest will be skipped. // // For example, if there are two rules: the first rule allows the request // and the second rule denies it, when a request matches both rules, it will be allowed. // // +optional Rules []AuthorizationRule `json:"rules,omitempty"` // DefaultAction defines the default action to be taken if no rules match. // If not specified, the default action is Deny. // +optional DefaultAction *AuthorizationAction `json:"defaultAction"` }
Authorization defines the authorization configuration.
Note: if neither `Rules` nor `DefaultAction` is specified, the default action is to deny all requests.
func (*Authorization) DeepCopy ¶ added in v1.1.0
func (in *Authorization) DeepCopy() *Authorization
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new Authorization.
func (*Authorization) DeepCopyInto ¶ added in v1.1.0
func (in *Authorization) DeepCopyInto(out *Authorization)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type AuthorizationAction ¶ added in v1.1.0
type AuthorizationAction string
AuthorizationAction defines the action to be taken if a rule matches. +kubebuilder:validation:Enum=Allow;Deny
const ( // AuthorizationActionAllow is the action to allow the request. AuthorizationActionAllow AuthorizationAction = "Allow" // AuthorizationActionDeny is the action to deny the request. AuthorizationActionDeny AuthorizationAction = "Deny" )
type AuthorizationRule ¶ added in v1.1.0
type AuthorizationRule struct { // Name is a user-friendly name for the rule. // If not specified, Envoy Gateway will generate a unique name for the rule. // // +optional // +kubebuilder:validation:MinLength=1 // +kubebuilder:validation:MaxLength=253 Name *string `json:"name,omitempty"` // Action defines the action to be taken if the rule matches. Action AuthorizationAction `json:"action"` // Principal specifies the client identity of a request. // If there are multiple principal types, all principals must match for the rule to match. // For example, if there are two principals: one for client IP and one for JWT claim, // the rule will match only if both the client IP and the JWT claim match. Principal Principal `json:"principal"` }
AuthorizationRule defines a single authorization rule.
func (*AuthorizationRule) DeepCopy ¶ added in v1.1.0
func (in *AuthorizationRule) DeepCopy() *AuthorizationRule
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new AuthorizationRule.
func (*AuthorizationRule) DeepCopyInto ¶ added in v1.1.0
func (in *AuthorizationRule) DeepCopyInto(out *AuthorizationRule)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type BackOffPolicy ¶ added in v1.0.0
type BackOffPolicy struct { // BaseInterval is the base interval between retries. // // +kubebuilder:validation:Format=duration BaseInterval *metav1.Duration `json:"baseInterval,omitempty"` // MaxInterval is the maximum interval between retries. This parameter is optional, but must be greater than or equal to the base_interval if set. // The default is 10 times the base_interval // // +optional // +kubebuilder:validation:Format=duration MaxInterval *metav1.Duration `json:"maxInterval,omitempty"` }
func (*BackOffPolicy) DeepCopy ¶ added in v1.0.0
func (in *BackOffPolicy) DeepCopy() *BackOffPolicy
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new BackOffPolicy.
func (*BackOffPolicy) DeepCopyInto ¶ added in v1.0.0
func (in *BackOffPolicy) DeepCopyInto(out *BackOffPolicy)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type Backend ¶ added in v1.1.0
type Backend struct { metav1.TypeMeta `json:",inline"` metav1.ObjectMeta `json:"metadata,omitempty"` // Spec defines the desired state of Backend. Spec BackendSpec `json:"spec"` // Status defines the current status of Backend. Status BackendStatus `json:"status,omitempty"` }
Backend allows the user to configure the endpoints of a backend and the behavior of the connection from Envoy Proxy to the backend.
+kubebuilder:object:root=true +kubebuilder:resource:categories=envoy-gateway,shortName=be +kubebuilder:subresource:status +kubebuilder:printcolumn:name="Status",type=string,JSONPath=`.status.conditions[?(@.type=="Accepted")].reason` +kubebuilder:printcolumn:name="Age",type=date,JSONPath=`.metadata.creationTimestamp`
func (*Backend) DeepCopy ¶ added in v1.1.0
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new Backend.
func (*Backend) DeepCopyInto ¶ added in v1.1.0
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
func (*Backend) DeepCopyObject ¶ added in v1.1.0
DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.
type BackendCluster ¶ added in v1.2.0
type BackendCluster struct { // BackendRef references a Kubernetes object that represents the // backend server to which the authorization request will be sent. // // Deprecated: Use BackendRefs instead. // +optional BackendRef *gwapiv1.BackendObjectReference `json:"backendRef,omitempty"` // BackendRefs references a Kubernetes object that represents the // backend server to which the authorization request will be sent. // // +kubebuilder:validation:MaxItems=16 // +optional BackendRefs []BackendRef `json:"backendRefs,omitempty"` // BackendSettings holds configuration for managing the connection // to the backend. // // +optional BackendSettings *ClusterSettings `json:"backendSettings,omitempty"` }
BackendCluster contains all the configuration required for configuring access to a backend. This can include multiple endpoints, and settings that apply for managing the connection to all these endpoints.
func (*BackendCluster) DeepCopy ¶ added in v1.2.0
func (in *BackendCluster) DeepCopy() *BackendCluster
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new BackendCluster.
func (*BackendCluster) DeepCopyInto ¶ added in v1.2.0
func (in *BackendCluster) DeepCopyInto(out *BackendCluster)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type BackendConditionReason ¶ added in v1.1.0
type BackendConditionReason string
BackendConditionReason is a reason for a backend condition.
type BackendConditionType ¶ added in v1.1.0
type BackendConditionType string
BackendConditionType is a type of condition for a backend. This type should be used with a Backend resource Status.Conditions field.
type BackendConnection ¶ added in v1.1.0
type BackendConnection struct { // BufferLimit Soft limit on size of the cluster’s connections read and write buffers. // BufferLimit applies to connection streaming (maybe non-streaming) channel between processes, it's in user space. // If unspecified, an implementation defined default is applied (32768 bytes). // For example, 20Mi, 1Gi, 256Ki etc. // Note: that when the suffix is not provided, the value is interpreted as bytes. // // +kubebuilder:validation:XIntOrString // +kubebuilder:validation:Pattern="^[1-9]+[0-9]*([EPTGMK]i|[EPTGMk])?$" // +optional BufferLimit *resource.Quantity `json:"bufferLimit,omitempty"` // SocketBufferLimit provides configuration for the maximum buffer size in bytes for each socket // to backend. // SocketBufferLimit applies to socket streaming channel between TCP/IP stacks, it's in kernel space. // For example, 20Mi, 1Gi, 256Ki etc. // Note that when the suffix is not provided, the value is interpreted as bytes. // // +kubebuilder:validation:XIntOrString // +kubebuilder:validation:Pattern="^[1-9]+[0-9]*([EPTGMK]i|[EPTGMk])?$" // +optional // +notImplementedHide SocketBufferLimit *resource.Quantity `json:"socketBufferLimit,omitempty"` }
BackendConnection allows users to configure connection-level settings of backend
func (*BackendConnection) DeepCopy ¶ added in v1.1.0
func (in *BackendConnection) DeepCopy() *BackendConnection
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new BackendConnection.
func (*BackendConnection) DeepCopyInto ¶ added in v1.1.0
func (in *BackendConnection) DeepCopyInto(out *BackendConnection)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type BackendEndpoint ¶ added in v1.1.0
type BackendEndpoint struct { // FQDN defines a FQDN endpoint // // +optional FQDN *FQDNEndpoint `json:"fqdn,omitempty"` // IP defines an IP endpoint. Supports both IPv4 and IPv6 addresses. // // +optional IP *IPEndpoint `json:"ip,omitempty"` // Unix defines the unix domain socket endpoint // // +optional Unix *UnixSocket `json:"unix,omitempty"` }
BackendEndpoint describes a backend endpoint, which can be either a fully-qualified domain name, IP address or unix domain socket corresponding to Envoy's Address: https://www.envoyproxy.io/docs/envoy/latest/api-v3/config/core/v3/address.proto#config-core-v3-address
+kubebuilder:validation:XValidation:rule="(has(self.fqdn) || has(self.ip) || has(self.unix))",message="one of fqdn, ip or unix must be specified" +kubebuilder:validation:XValidation:rule="((has(self.fqdn) && !(has(self.ip) || has(self.unix))) || (has(self.ip) && !(has(self.fqdn) || has(self.unix))) || (has(self.unix) && !(has(self.ip) || has(self.fqdn))))",message="only one of fqdn, ip or unix can be specified"
func (*BackendEndpoint) DeepCopy ¶ added in v1.1.0
func (in *BackendEndpoint) DeepCopy() *BackendEndpoint
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new BackendEndpoint.
func (*BackendEndpoint) DeepCopyInto ¶ added in v1.1.0
func (in *BackendEndpoint) DeepCopyInto(out *BackendEndpoint)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type BackendList ¶ added in v1.1.0
type BackendList struct { metav1.TypeMeta `json:",inline"` metav1.ListMeta `json:"metadata,omitempty"` Items []Backend `json:"items"` }
BackendList contains a list of Backend resources.
+kubebuilder:object:root=true
func (*BackendList) DeepCopy ¶ added in v1.1.0
func (in *BackendList) DeepCopy() *BackendList
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new BackendList.
func (*BackendList) DeepCopyInto ¶ added in v1.1.0
func (in *BackendList) DeepCopyInto(out *BackendList)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
func (*BackendList) DeepCopyObject ¶ added in v1.1.0
func (in *BackendList) DeepCopyObject() runtime.Object
DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.
type BackendRef ¶ added in v1.1.0
type BackendRef struct { // BackendObjectReference references a Kubernetes object that represents the backend. // Only Service kind is supported for now. gwapiv1.BackendObjectReference `json:",inline"` // Fallback indicates whether the backend is designated as a fallback. // Multiple fallback backends can be configured. // It is highly recommended to configure active or passive health checks to ensure that failover can be detected // when the active backends become unhealthy and to automatically readjust once the primary backends are healthy again. // The overprovisioning factor is set to 1.4, meaning the fallback backends will only start receiving traffic when // the health of the active backends falls below 72%. // // +optional Fallback *bool `json:"fallback,omitempty"` }
BackendRef defines how an ObjectReference that is specific to BackendRef.
func (*BackendRef) DeepCopy ¶ added in v1.1.0
func (in *BackendRef) DeepCopy() *BackendRef
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new BackendRef.
func (*BackendRef) DeepCopyInto ¶ added in v1.1.0
func (in *BackendRef) DeepCopyInto(out *BackendRef)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type BackendSpec ¶ added in v1.1.0
type BackendSpec struct { // Endpoints defines the endpoints to be used when connecting to the backend. // // +kubebuilder:validation:MinItems=1 // +kubebuilder:validation:MaxItems=4 // +kubebuilder:validation:XValidation:rule="self.all(f, has(f.fqdn)) || !self.exists(f, has(f.fqdn))",message="fqdn addresses cannot be mixed with other address types" Endpoints []BackendEndpoint `json:"endpoints,omitempty"` // AppProtocols defines the application protocols to be supported when connecting to the backend. // // +optional AppProtocols []AppProtocolType `json:"appProtocols,omitempty"` // Fallback indicates whether the backend is designated as a fallback. // It is highly recommended to configure active or passive health checks to ensure that failover can be detected // when the active backends become unhealthy and to automatically readjust once the primary backends are healthy again. // The overprovisioning factor is set to 1.4, meaning the fallback backends will only start receiving traffic when // the health of the active backends falls below 72%. // // +optional Fallback *bool `json:"fallback,omitempty"` }
BackendSpec describes the desired state of BackendSpec.
func (*BackendSpec) DeepCopy ¶ added in v1.1.0
func (in *BackendSpec) DeepCopy() *BackendSpec
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new BackendSpec.
func (*BackendSpec) DeepCopyInto ¶ added in v1.1.0
func (in *BackendSpec) DeepCopyInto(out *BackendSpec)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type BackendStatus ¶ added in v1.1.0
type BackendStatus struct { // Conditions describe the current conditions of the Backend. // // +optional // +listType=map // +listMapKey=type // +kubebuilder:validation:MaxItems=8 Conditions []metav1.Condition `json:"conditions,omitempty"` }
BackendStatus defines the state of Backend
func (*BackendStatus) DeepCopy ¶ added in v1.1.0
func (in *BackendStatus) DeepCopy() *BackendStatus
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new BackendStatus.
func (*BackendStatus) DeepCopyInto ¶ added in v1.1.0
func (in *BackendStatus) DeepCopyInto(out *BackendStatus)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type BackendTLSConfig ¶ added in v1.1.0
type BackendTLSConfig struct { // ClientCertificateRef defines the reference to a Kubernetes Secret that contains // the client certificate and private key for Envoy to use when connecting to // backend services and external services, such as ExtAuth, ALS, OpenTelemetry, etc. // This secret should be located within the same namespace as the Envoy proxy resource that references it. // +optional ClientCertificateRef *gwapiv1.SecretObjectReference `json:"clientCertificateRef,omitempty"` TLSSettings `json:",inline"` }
BackendTLSConfig describes the BackendTLS configuration for Envoy Proxy.
func (*BackendTLSConfig) DeepCopy ¶ added in v1.1.0
func (in *BackendTLSConfig) DeepCopy() *BackendTLSConfig
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new BackendTLSConfig.
func (*BackendTLSConfig) DeepCopyInto ¶ added in v1.1.0
func (in *BackendTLSConfig) DeepCopyInto(out *BackendTLSConfig)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type BackendTrafficPolicy ¶ added in v0.6.0
type BackendTrafficPolicy struct { metav1.TypeMeta `json:",inline"` metav1.ObjectMeta `json:"metadata,omitempty"` // spec defines the desired state of BackendTrafficPolicy. Spec BackendTrafficPolicySpec `json:"spec"` // status defines the current status of BackendTrafficPolicy. Status gwapiv1a2.PolicyStatus `json:"status,omitempty"` }
BackendTrafficPolicy allows the user to configure the behavior of the connection between the Envoy Proxy listener and the backend service.
func (*BackendTrafficPolicy) DeepCopy ¶ added in v0.6.0
func (in *BackendTrafficPolicy) DeepCopy() *BackendTrafficPolicy
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new BackendTrafficPolicy.
func (*BackendTrafficPolicy) DeepCopyInto ¶ added in v0.6.0
func (in *BackendTrafficPolicy) DeepCopyInto(out *BackendTrafficPolicy)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
func (*BackendTrafficPolicy) DeepCopyObject ¶ added in v0.6.0
func (in *BackendTrafficPolicy) DeepCopyObject() runtime.Object
DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.
type BackendTrafficPolicyList ¶ added in v0.6.0
type BackendTrafficPolicyList struct { metav1.TypeMeta `json:",inline"` metav1.ListMeta `json:"metadata,omitempty"` Items []BackendTrafficPolicy `json:"items"` }
BackendTrafficPolicyList contains a list of BackendTrafficPolicy resources.
func (*BackendTrafficPolicyList) DeepCopy ¶ added in v0.6.0
func (in *BackendTrafficPolicyList) DeepCopy() *BackendTrafficPolicyList
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new BackendTrafficPolicyList.
func (*BackendTrafficPolicyList) DeepCopyInto ¶ added in v0.6.0
func (in *BackendTrafficPolicyList) DeepCopyInto(out *BackendTrafficPolicyList)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
func (*BackendTrafficPolicyList) DeepCopyObject ¶ added in v0.6.0
func (in *BackendTrafficPolicyList) DeepCopyObject() runtime.Object
DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.
type BackendTrafficPolicySpec ¶ added in v0.6.0
type BackendTrafficPolicySpec struct { PolicyTargetReferences `json:",inline"` ClusterSettings `json:",inline"` // RateLimit allows the user to limit the number of incoming requests // to a predefined value based on attributes within the traffic flow. // +optional RateLimit *RateLimitSpec `json:"rateLimit,omitempty"` // FaultInjection defines the fault injection policy to be applied. This configuration can be used to // inject delays and abort requests to mimic failure scenarios such as service failures and overloads // +optional FaultInjection *FaultInjection `json:"faultInjection,omitempty"` // UseClientProtocol configures Envoy to prefer sending requests to backends using // the same HTTP protocol that the incoming request used. Defaults to false, which means // that Envoy will use the protocol indicated by the attached BackendRef. // // +optional UseClientProtocol *bool `json:"useClientProtocol,omitempty"` // The compression config for the http streams. // // +optional // +notImplementedHide Compression []*Compression `json:"compression,omitempty"` // ResponseOverride defines the configuration to override specific responses with a custom one. // If multiple configurations are specified, the first one to match wins. // // +optional ResponseOverride []*ResponseOverride `json:"responseOverride,omitempty"` }
+kubebuilder:validation:XValidation:rule="(has(self.targetRef) && !has(self.targetRefs)) || (!has(self.targetRef) && has(self.targetRefs)) || (has(self.targetSelectors) && self.targetSelectors.size() > 0) ", message="either targetRef or targetRefs must be used"
+kubebuilder:validation:XValidation:rule="has(self.targetRef) ? self.targetRef.group == 'gateway.networking.k8s.io' : true ", message="this policy can only have a targetRef.group of gateway.networking.k8s.io" +kubebuilder:validation:XValidation:rule="has(self.targetRef) ? self.targetRef.kind in ['Gateway', 'HTTPRoute', 'GRPCRoute', 'UDPRoute', 'TCPRoute', 'TLSRoute'] : true", message="this policy can only have a targetRef.kind of Gateway/HTTPRoute/GRPCRoute/TCPRoute/UDPRoute/TLSRoute" +kubebuilder:validation:XValidation:rule="has(self.targetRef) ? !has(self.targetRef.sectionName) : true",message="this policy does not yet support the sectionName field" +kubebuilder:validation:XValidation:rule="has(self.targetRefs) ? self.targetRefs.all(ref, ref.group == 'gateway.networking.k8s.io') : true ", message="this policy can only have a targetRefs[*].group of gateway.networking.k8s.io" +kubebuilder:validation:XValidation:rule="has(self.targetRefs) ? self.targetRefs.all(ref, ref.kind in ['Gateway', 'HTTPRoute', 'GRPCRoute', 'UDPRoute', 'TCPRoute', 'TLSRoute']) : true ", message="this policy can only have a targetRefs[*].kind of Gateway/HTTPRoute/GRPCRoute/TCPRoute/UDPRoute/TLSRoute" +kubebuilder:validation:XValidation:rule="has(self.targetRefs) ? self.targetRefs.all(ref, !has(ref.sectionName)) : true",message="this policy does not yet support the sectionName field"
BackendTrafficPolicySpec defines the desired state of BackendTrafficPolicy.
func (*BackendTrafficPolicySpec) DeepCopy ¶ added in v0.6.0
func (in *BackendTrafficPolicySpec) DeepCopy() *BackendTrafficPolicySpec
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new BackendTrafficPolicySpec.
func (*BackendTrafficPolicySpec) DeepCopyInto ¶ added in v0.6.0
func (in *BackendTrafficPolicySpec) DeepCopyInto(out *BackendTrafficPolicySpec)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type BasicAuth ¶ added in v1.0.0
type BasicAuth struct { // The Kubernetes secret which contains the username-password pairs in // htpasswd format, used to verify user credentials in the "Authorization" // header. // // This is an Opaque secret. The username-password pairs should be stored in // the key ".htpasswd". As the key name indicates, the value needs to be the // htpasswd format, for example: "user1:{SHA}hashed_user1_password". // Right now, only SHA hash algorithm is supported. // Reference to https://httpd.apache.org/docs/2.4/programs/htpasswd.html // for more details. // // Note: The secret must be in the same namespace as the SecurityPolicy. Users gwapiv1.SecretObjectReference `json:"users"` }
BasicAuth defines the configuration for the HTTP Basic Authentication.
func (*BasicAuth) DeepCopy ¶ added in v1.0.0
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new BasicAuth.
func (*BasicAuth) DeepCopyInto ¶ added in v1.0.0
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type BootstrapType ¶ added in v0.6.0
type BootstrapType string
BootstrapType defines the types of bootstrap supported by Envoy Gateway. +kubebuilder:validation:Enum=Merge;Replace;JSONPatch
const ( // Merge merges the provided bootstrap with the default one. The provided bootstrap can add or override a value // within a map, or add a new value to a list. // Please note that the provided bootstrap can't override a value within a list. BootstrapTypeMerge BootstrapType = "Merge" // Replace replaces the default bootstrap with the provided one. BootstrapTypeReplace BootstrapType = "Replace" // JSONPatch applies the provided JSONPatches to the default bootstrap. BootstrapTypeJSONPatch BootstrapType = "JSONPatch" )
type CIDR ¶ added in v1.1.0
type CIDR string
CIDR defines a CIDR Address range. A CIDR can be an IPv4 address range such as "192.168.1.0/24" or an IPv6 address range such as "2001:0db8:11a3:09d7::/64". +kubebuilder:validation:Pattern=`((25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\.(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\.(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\.(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\/([0-9]+))|((([0-9a-fA-F]{1,4}:){7,7}[0-9a-fA-F]{1,4}|([0-9a-fA-F]{1,4}:){1,7}:|([0-9a-fA-F]{1,4}:){1,6}:[0-9a-fA-F]{1,4}|([0-9a-fA-F]{1,4}:){1,5}(:[0-9a-fA-F]{1,4}){1,2}|([0-9a-fA-F]{1,4}:){1,4}(:[0-9a-fA-F]{1,4}){1,3}|([0-9a-fA-F]{1,4}:){1,3}(:[0-9a-fA-F]{1,4}){1,4}|([0-9a-fA-F]{1,4}:){1,2}(:[0-9a-fA-F]{1,4}){1,5}|[0-9a-fA-F]{1,4}:((:[0-9a-fA-F]{1,4}){1,6})|:((:[0-9a-fA-F]{1,4}){1,7}|:)|fe80:(:[0-9a-fA-F]{0,4}){0,4}%[0-9a-zA-Z]{1,}|::(ffff(:0{1,4}){0,1}:){0,1}((25[0-5]|(2[0-4]|1{0,1}[0-9]){0,1}[0-9])\.){3,3}(25[0-5]|(2[0-4]|1{0,1}[0-9]){0,1}[0-9])|([0-9a-fA-F]{1,4}:){1,4}:((25[0-5]|(2[0-4]|1{0,1}[0-9]){0,1}[0-9])\.){3,3}(25[0-5]|(2[0-4]|1{0,1}[0-9]){0,1}[0-9]))\/([0-9]+))`
type CORS ¶ added in v0.6.0
type CORS struct { // AllowOrigins defines the origins that are allowed to make requests. // It specifies the allowed origins in the Access-Control-Allow-Origin CORS response header. // The value "*" allows any origin to make requests. // // +optional AllowOrigins []Origin `json:"allowOrigins,omitempty"` // AllowMethods defines the methods that are allowed to make requests. // It specifies the allowed methods in the Access-Control-Allow-Methods CORS response header.. // The value "*" allows any method to be used. // // +optional AllowMethods []string `json:"allowMethods,omitempty"` // AllowHeaders defines the headers that are allowed to be sent with requests. // It specifies the allowed headers in the Access-Control-Allow-Headers CORS response header.. // The value "*" allows any header to be sent. // // +optional AllowHeaders []string `json:"allowHeaders,omitempty"` // ExposeHeaders defines which response headers should be made accessible to // scripts running in the browser. // It specifies the headers in the Access-Control-Expose-Headers CORS response header.. // The value "*" allows any header to be exposed. // // +optional ExposeHeaders []string `json:"exposeHeaders,omitempty"` // MaxAge defines how long the results of a preflight request can be cached. // It specifies the value in the Access-Control-Max-Age CORS response header.. // // +optional MaxAge *metav1.Duration `json:"maxAge,omitempty"` // AllowCredentials indicates whether a request can include user credentials // like cookies, authentication headers, or TLS client certificates. // It specifies the value in the Access-Control-Allow-Credentials CORS response header. // // +optional AllowCredentials *bool `json:"allowCredentials,omitempty"` }
CORS defines the configuration for Cross-Origin Resource Sharing (CORS).
func (*CORS) DeepCopy ¶ added in v0.6.0
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new CORS.
func (*CORS) DeepCopyInto ¶ added in v0.6.0
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type CircuitBreaker ¶ added in v1.0.0
type CircuitBreaker struct { // The maximum number of connections that Envoy will establish to the referenced backend defined within a xRoute rule. // // +kubebuilder:validation:Minimum=0 // +kubebuilder:validation:Maximum=4294967295 // +kubebuilder:default=1024 // +optional MaxConnections *int64 `json:"maxConnections,omitempty"` // The maximum number of pending requests that Envoy will queue to the referenced backend defined within a xRoute rule. // // +kubebuilder:validation:Minimum=0 // +kubebuilder:validation:Maximum=4294967295 // +kubebuilder:default=1024 // +optional MaxPendingRequests *int64 `json:"maxPendingRequests,omitempty"` // The maximum number of parallel requests that Envoy will make to the referenced backend defined within a xRoute rule. // // +kubebuilder:validation:Minimum=0 // +kubebuilder:validation:Maximum=4294967295 // +kubebuilder:default=1024 // +optional MaxParallelRequests *int64 `json:"maxParallelRequests,omitempty"` // The maximum number of parallel retries that Envoy will make to the referenced backend defined within a xRoute rule. // // +kubebuilder:validation:Minimum=0 // +kubebuilder:validation:Maximum=4294967295 // +kubebuilder:default=1024 // +optional MaxParallelRetries *int64 `json:"maxParallelRetries,omitempty"` // The maximum number of requests that Envoy will make over a single connection to the referenced backend defined within a xRoute rule. // Default: unlimited. // // +kubebuilder:validation:Minimum=0 // +kubebuilder:validation:Maximum=4294967295 // +optional MaxRequestsPerConnection *int64 `json:"maxRequestsPerConnection,omitempty"` }
CircuitBreaker defines the Circuit Breaker configuration.
func (*CircuitBreaker) DeepCopy ¶ added in v1.0.0
func (in *CircuitBreaker) DeepCopy() *CircuitBreaker
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new CircuitBreaker.
func (*CircuitBreaker) DeepCopyInto ¶ added in v1.0.0
func (in *CircuitBreaker) DeepCopyInto(out *CircuitBreaker)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type ClaimToHeader ¶ added in v0.5.0
type ClaimToHeader struct { // Header defines the name of the HTTP request header that the JWT Claim will be saved into. Header string `json:"header"` // Claim is the JWT Claim that should be saved into the header : it can be a nested claim of type // (eg. "claim.nested.key", "sub"). The nested claim name must use dot "." // to separate the JSON name path. Claim string `json:"claim"` }
ClaimToHeader defines a configuration to convert JWT claims into HTTP headers
func (*ClaimToHeader) DeepCopy ¶ added in v0.5.0
func (in *ClaimToHeader) DeepCopy() *ClaimToHeader
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ClaimToHeader.
func (*ClaimToHeader) DeepCopyInto ¶ added in v0.5.0
func (in *ClaimToHeader) DeepCopyInto(out *ClaimToHeader)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type ClientConnection ¶ added in v1.1.0
type ClientConnection struct { // ConnectionLimit defines limits related to connections // // +optional ConnectionLimit *ConnectionLimit `json:"connectionLimit,omitempty"` // BufferLimit provides configuration for the maximum buffer size in bytes for each incoming connection. // BufferLimit applies to connection streaming (maybe non-streaming) channel between processes, it's in user space. // For example, 20Mi, 1Gi, 256Ki etc. // Note that when the suffix is not provided, the value is interpreted as bytes. // Default: 32768 bytes. // // +kubebuilder:validation:XIntOrString // +kubebuilder:validation:Pattern="^[1-9]+[0-9]*([EPTGMK]i|[EPTGMk])?$" // +optional BufferLimit *resource.Quantity `json:"bufferLimit,omitempty"` // SocketBufferLimit provides configuration for the maximum buffer size in bytes for each incoming socket. // SocketBufferLimit applies to socket streaming channel between TCP/IP stacks, it's in kernel space. // For example, 20Mi, 1Gi, 256Ki etc. // Note that when the suffix is not provided, the value is interpreted as bytes. // // +kubebuilder:validation:XIntOrString // +kubebuilder:validation:Pattern="^[1-9]+[0-9]*([EPTGMK]i|[EPTGMk])?$" // +optional // +notImplementedHide SocketBufferLimit *resource.Quantity `json:"socketBufferLimit,omitempty"` }
ClientConnection allows users to configure connection-level settings of client
func (*ClientConnection) DeepCopy ¶ added in v1.1.0
func (in *ClientConnection) DeepCopy() *ClientConnection
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ClientConnection.
func (*ClientConnection) DeepCopyInto ¶ added in v1.1.0
func (in *ClientConnection) DeepCopyInto(out *ClientConnection)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type ClientIPDetectionSettings ¶ added in v1.0.0
type ClientIPDetectionSettings struct { // XForwardedForSettings provides configuration for using X-Forwarded-For headers for determining the client IP address. // // +optional XForwardedFor *XForwardedForSettings `json:"xForwardedFor,omitempty"` // CustomHeader provides configuration for determining the client IP address for a request based on // a trusted custom HTTP header. This uses the custom_header original IP detection extension. // Refer to https://www.envoyproxy.io/docs/envoy/latest/api-v3/extensions/http/original_ip_detection/custom_header/v3/custom_header.proto // for more details. // // +optional CustomHeader *CustomHeaderExtensionSettings `json:"customHeader,omitempty"` }
ClientIPDetectionSettings provides configuration for determining the original client IP address for requests.
+kubebuilder:validation:XValidation:rule="!(has(self.xForwardedFor) && has(self.customHeader))",message="customHeader cannot be used in conjunction with xForwardedFor"
func (*ClientIPDetectionSettings) DeepCopy ¶ added in v1.0.0
func (in *ClientIPDetectionSettings) DeepCopy() *ClientIPDetectionSettings
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ClientIPDetectionSettings.
func (*ClientIPDetectionSettings) DeepCopyInto ¶ added in v1.0.0
func (in *ClientIPDetectionSettings) DeepCopyInto(out *ClientIPDetectionSettings)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type ClientTLSSettings ¶ added in v1.1.0
type ClientTLSSettings struct { // ClientValidation specifies the configuration to validate the client // initiating the TLS connection to the Gateway listener. // +optional ClientValidation *ClientValidationContext `json:"clientValidation,omitempty"` TLSSettings `json:",inline"` // Session defines settings related to TLS session management. // +optional Session *Session `json:"session,omitempty"` }
func (*ClientTLSSettings) DeepCopy ¶ added in v1.1.0
func (in *ClientTLSSettings) DeepCopy() *ClientTLSSettings
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ClientTLSSettings.
func (*ClientTLSSettings) DeepCopyInto ¶ added in v1.1.0
func (in *ClientTLSSettings) DeepCopyInto(out *ClientTLSSettings)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type ClientTimeout ¶ added in v1.0.0
type ClientTimeout struct { // Timeout settings for TCP. // // +optional TCP *TCPClientTimeout `json:"tcp,omitempty"` // Timeout settings for HTTP. // // +optional HTTP *HTTPClientTimeout `json:"http,omitempty"` }
func (*ClientTimeout) DeepCopy ¶ added in v1.0.0
func (in *ClientTimeout) DeepCopy() *ClientTimeout
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ClientTimeout.
func (*ClientTimeout) DeepCopyInto ¶ added in v1.0.0
func (in *ClientTimeout) DeepCopyInto(out *ClientTimeout)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type ClientTrafficPolicy ¶ added in v0.6.0
type ClientTrafficPolicy struct { metav1.TypeMeta `json:",inline"` metav1.ObjectMeta `json:"metadata,omitempty"` // Spec defines the desired state of ClientTrafficPolicy. Spec ClientTrafficPolicySpec `json:"spec"` // Status defines the current status of ClientTrafficPolicy. Status gwapiv1a2.PolicyStatus `json:"status,omitempty"` }
ClientTrafficPolicy allows the user to configure the behavior of the connection between the downstream client and Envoy Proxy listener.
func (*ClientTrafficPolicy) DeepCopy ¶ added in v0.6.0
func (in *ClientTrafficPolicy) DeepCopy() *ClientTrafficPolicy
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ClientTrafficPolicy.
func (*ClientTrafficPolicy) DeepCopyInto ¶ added in v0.6.0
func (in *ClientTrafficPolicy) DeepCopyInto(out *ClientTrafficPolicy)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
func (*ClientTrafficPolicy) DeepCopyObject ¶ added in v0.6.0
func (in *ClientTrafficPolicy) DeepCopyObject() runtime.Object
DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.
type ClientTrafficPolicyList ¶ added in v0.6.0
type ClientTrafficPolicyList struct { metav1.TypeMeta `json:",inline"` metav1.ListMeta `json:"metadata,omitempty"` Items []ClientTrafficPolicy `json:"items"` }
ClientTrafficPolicyList contains a list of ClientTrafficPolicy resources.
func (*ClientTrafficPolicyList) DeepCopy ¶ added in v0.6.0
func (in *ClientTrafficPolicyList) DeepCopy() *ClientTrafficPolicyList
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ClientTrafficPolicyList.
func (*ClientTrafficPolicyList) DeepCopyInto ¶ added in v0.6.0
func (in *ClientTrafficPolicyList) DeepCopyInto(out *ClientTrafficPolicyList)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
func (*ClientTrafficPolicyList) DeepCopyObject ¶ added in v0.6.0
func (in *ClientTrafficPolicyList) DeepCopyObject() runtime.Object
DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.
type ClientTrafficPolicySpec ¶ added in v0.6.0
type ClientTrafficPolicySpec struct { PolicyTargetReferences `json:",inline"` // TcpKeepalive settings associated with the downstream client connection. // If defined, sets SO_KEEPALIVE on the listener socket to enable TCP Keepalives. // Disabled by default. // // +optional TCPKeepalive *TCPKeepalive `json:"tcpKeepalive,omitempty"` // EnableProxyProtocol interprets the ProxyProtocol header and adds the // Client Address into the X-Forwarded-For header. // Note Proxy Protocol must be present when this field is set, else the connection // is closed. // // +optional EnableProxyProtocol *bool `json:"enableProxyProtocol,omitempty"` // ClientIPDetectionSettings provides configuration for determining the original client IP address for requests. // // +optional ClientIPDetection *ClientIPDetectionSettings `json:"clientIPDetection,omitempty"` // TLS settings configure TLS termination settings with the downstream client. // // +optional TLS *ClientTLSSettings `json:"tls,omitempty"` // Path enables managing how the incoming path set by clients can be normalized. // // +optional Path *PathSettings `json:"path,omitempty"` // HeaderSettings provides configuration for header management. // // +optional Headers *HeaderSettings `json:"headers,omitempty"` // Timeout settings for the client connections. // // +optional Timeout *ClientTimeout `json:"timeout,omitempty"` // Connection includes client connection settings. // // +optional Connection *ClientConnection `json:"connection,omitempty"` // HTTP1 provides HTTP/1 configuration on the listener. // // +optional HTTP1 *HTTP1Settings `json:"http1,omitempty"` // HTTP2 provides HTTP/2 configuration on the listener. // // +optional HTTP2 *HTTP2Settings `json:"http2,omitempty"` // HTTP3 provides HTTP/3 configuration on the listener. // // +optional HTTP3 *HTTP3Settings `json:"http3,omitempty"` // HealthCheck provides configuration for determining whether the HTTP/HTTPS listener is healthy. // // +optional HealthCheck *HealthCheckSettings `json:"healthCheck,omitempty"` }
+kubebuilder:validation:XValidation:rule="(has(self.targetRef) && !has(self.targetRefs)) || (!has(self.targetRef) && has(self.targetRefs)) || (has(self.targetSelectors) && self.targetSelectors.size() > 0) ", message="either targetRef or targetRefs must be used"
+kubebuilder:validation:XValidation:rule="has(self.targetRef) ? self.targetRef.group == 'gateway.networking.k8s.io' : true", message="this policy can only have a targetRef.group of gateway.networking.k8s.io" +kubebuilder:validation:XValidation:rule="has(self.targetRef) ? self.targetRef.kind == 'Gateway' : true", message="this policy can only have a targetRef.kind of Gateway" +kubebuilder:validation:XValidation:rule="has(self.targetRefs) ? self.targetRefs.all(ref, ref.group == 'gateway.networking.k8s.io') : true", message="this policy can only have a targetRefs[*].group of gateway.networking.k8s.io" +kubebuilder:validation:XValidation:rule="has(self.targetRefs) ? self.targetRefs.all(ref, ref.kind == 'Gateway') : true", message="this policy can only have a targetRefs[*].kind of Gateway"
ClientTrafficPolicySpec defines the desired state of ClientTrafficPolicy.
func (*ClientTrafficPolicySpec) DeepCopy ¶ added in v0.6.0
func (in *ClientTrafficPolicySpec) DeepCopy() *ClientTrafficPolicySpec
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ClientTrafficPolicySpec.
func (*ClientTrafficPolicySpec) DeepCopyInto ¶ added in v0.6.0
func (in *ClientTrafficPolicySpec) DeepCopyInto(out *ClientTrafficPolicySpec)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type ClientValidationContext ¶ added in v1.0.0
type ClientValidationContext struct { // Optional set to true accepts connections even when a client doesn't present a certificate. // Defaults to false, which rejects connections without a valid client certificate. // +optional Optional bool `json:"optional,omitempty"` // CACertificateRefs contains one or more references to // Kubernetes objects that contain TLS certificates of // the Certificate Authorities that can be used // as a trust anchor to validate the certificates presented by the client. // // A single reference to a Kubernetes ConfigMap or a Kubernetes Secret, // with the CA certificate in a key named `ca.crt` is currently supported. // // References to a resource in different namespace are invalid UNLESS there // is a ReferenceGrant in the target namespace that allows the certificate // to be attached. // // +kubebuilder:validation:MaxItems=8 // +optional CACertificateRefs []gwapiv1.SecretObjectReference `json:"caCertificateRefs,omitempty"` }
ClientValidationContext holds configuration that can be used to validate the client initiating the TLS connection to the Gateway. By default, no client specific configuration is validated.
func (*ClientValidationContext) DeepCopy ¶ added in v1.0.0
func (in *ClientValidationContext) DeepCopy() *ClientValidationContext
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ClientValidationContext.
func (*ClientValidationContext) DeepCopyInto ¶ added in v1.0.0
func (in *ClientValidationContext) DeepCopyInto(out *ClientValidationContext)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type ClusterSettings ¶ added in v1.2.0
type ClusterSettings struct { // LoadBalancer policy to apply when routing traffic from the gateway to // the backend endpoints. Defaults to `LeastRequest`. // +optional LoadBalancer *LoadBalancer `json:"loadBalancer,omitempty"` // Retry provides more advanced usage, allowing users to customize the number of retries, retry fallback strategy, and retry triggering conditions. // If not set, retry will be disabled. // +optional Retry *Retry `json:"retry,omitempty"` // ProxyProtocol enables the Proxy Protocol when communicating with the backend. // +optional ProxyProtocol *ProxyProtocol `json:"proxyProtocol,omitempty"` // TcpKeepalive settings associated with the upstream client connection. // Disabled by default. // // +optional TCPKeepalive *TCPKeepalive `json:"tcpKeepalive,omitempty"` // HealthCheck allows gateway to perform active health checking on backends. // // +optional HealthCheck *HealthCheck `json:"healthCheck,omitempty"` // Circuit Breaker settings for the upstream connections and requests. // If not set, circuit breakers will be enabled with the default thresholds // // +optional CircuitBreaker *CircuitBreaker `json:"circuitBreaker,omitempty"` // Timeout settings for the backend connections. // // +optional Timeout *Timeout `json:"timeout,omitempty"` // Connection includes backend connection settings. // // +optional Connection *BackendConnection `json:"connection,omitempty"` // DNS includes dns resolution settings. // // +optional DNS *DNS `json:"dns,omitempty"` // HTTP2 provides HTTP/2 configuration for backend connections. // // +optional HTTP2 *HTTP2Settings `json:"http2,omitempty"` }
ClusterSettings provides the various knobs that can be set to control how traffic to a given backend will be configured.
func (*ClusterSettings) DeepCopy ¶ added in v1.2.0
func (in *ClusterSettings) DeepCopy() *ClusterSettings
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ClusterSettings.
func (*ClusterSettings) DeepCopyInto ¶ added in v1.2.0
func (in *ClusterSettings) DeepCopyInto(out *ClusterSettings)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type Compression ¶ added in v1.0.0
type Compression struct { // CompressorType defines the compressor type to use for compression. // // +required Type CompressorType `json:"type"` // The configuration for GZIP compressor. // // +optional Gzip *GzipCompressor `json:"gzip,omitempty"` }
Compression defines the config of enabling compression. This can help reduce the bandwidth at the expense of higher CPU.
func (*Compression) DeepCopy ¶ added in v1.0.0
func (in *Compression) DeepCopy() *Compression
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new Compression.
func (*Compression) DeepCopyInto ¶ added in v1.0.0
func (in *Compression) DeepCopyInto(out *Compression)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type CompressorType ¶ added in v1.0.0
type CompressorType string
CompressorType defines the types of compressor library supported by Envoy Gateway.
+kubebuilder:validation:Enum=Gzip
type ConnectionLimit ¶ added in v1.1.0
type ConnectionLimit struct { // Value of the maximum concurrent connections limit. // When the limit is reached, incoming connections will be closed after the CloseDelay duration. // // +kubebuilder:validation:Minimum=1 Value int64 `json:"value"` // CloseDelay defines the delay to use before closing connections that are rejected // once the limit value is reached. // Default: none. // // +optional CloseDelay *gwapiv1.Duration `json:"closeDelay,omitempty"` }
func (*ConnectionLimit) DeepCopy ¶ added in v1.1.0
func (in *ConnectionLimit) DeepCopy() *ConnectionLimit
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ConnectionLimit.
func (*ConnectionLimit) DeepCopyInto ¶ added in v1.1.0
func (in *ConnectionLimit) DeepCopyInto(out *ConnectionLimit)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type ConsistentHash ¶ added in v0.6.0
type ConsistentHash struct { // ConsistentHashType defines the type of input to hash on. Valid Type values are // "SourceIP", // "Header", // "Cookie". // // +unionDiscriminator Type ConsistentHashType `json:"type"` // Header configures the header hash policy when the consistent hash type is set to Header. // // +optional Header *Header `json:"header,omitempty"` // Cookie configures the cookie hash policy when the consistent hash type is set to Cookie. // // +optional Cookie *Cookie `json:"cookie,omitempty"` // The table size for consistent hashing, must be prime number limited to 5000011. // // +kubebuilder:validation:Minimum=2 // +kubebuilder:validation:Maximum=5000011 // +kubebuilder:default=65537 // +optional TableSize *uint64 `json:"tableSize,omitempty"` }
ConsistentHash defines the configuration related to the consistent hash load balancer policy. +union
+kubebuilder:validation:XValidation:rule="self.type == 'Header' ? has(self.header) : !has(self.header)",message="If consistent hash type is header, the header field must be set." +kubebuilder:validation:XValidation:rule="self.type == 'Cookie' ? has(self.cookie) : !has(self.cookie)",message="If consistent hash type is cookie, the cookie field must be set."
func (*ConsistentHash) DeepCopy ¶ added in v0.6.0
func (in *ConsistentHash) DeepCopy() *ConsistentHash
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ConsistentHash.
func (*ConsistentHash) DeepCopyInto ¶ added in v0.6.0
func (in *ConsistentHash) DeepCopyInto(out *ConsistentHash)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type ConsistentHashType ¶ added in v0.6.0
type ConsistentHashType string
ConsistentHashType defines the type of input to hash on. +kubebuilder:validation:Enum=SourceIP;Header;Cookie
const ( // SourceIPConsistentHashType hashes based on the source IP address. SourceIPConsistentHashType ConsistentHashType = "SourceIP" // HeaderConsistentHashType hashes based on a request header. HeaderConsistentHashType ConsistentHashType = "Header" // CookieConsistentHashType hashes based on a cookie. CookieConsistentHashType ConsistentHashType = "Cookie" )
type Cookie ¶ added in v1.1.0
type Cookie struct { // Name of the cookie to hash. // If this cookie does not exist in the request, Envoy will generate a cookie and set // the TTL on the response back to the client based on Layer 4 // attributes of the backend endpoint, to ensure that these future requests // go to the same backend endpoint. Make sure to set the TTL field for this case. Name string `json:"name"` // TTL of the generated cookie if the cookie is not present. This value sets the // Max-Age attribute value. // // +optional TTL *metav1.Duration `json:"ttl,omitempty"` // Additional Attributes to set for the generated cookie. // // +optional Attributes map[string]string `json:"attributes,omitempty"` }
Cookie defines the cookie hashing configuration for consistent hash based load balancing.
func (*Cookie) DeepCopy ¶ added in v1.1.0
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new Cookie.
func (*Cookie) DeepCopyInto ¶ added in v1.1.0
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type CustomHeaderExtensionSettings ¶ added in v1.0.0
type CustomHeaderExtensionSettings struct { // Name of the header containing the original downstream remote address, if present. // // +kubebuilder:validation:MinLength=1 // +kubebuilder:validation:MaxLength=255 // +kubebuilder:validation:Pattern="^[A-Za-z0-9-]+$" // Name string `json:"name"` // FailClosed is a switch used to control the flow of traffic when client IP detection // fails. If set to true, the listener will respond with 403 Forbidden when the client // IP address cannot be determined. // // +optional FailClosed *bool `json:"failClosed,omitempty"` }
CustomHeaderExtensionSettings provides configuration for determining the client IP address for a request based on a trusted custom HTTP header. This uses the the custom_header original IP detection extension. Refer to https://www.envoyproxy.io/docs/envoy/latest/api-v3/extensions/http/original_ip_detection/custom_header/v3/custom_header.proto for more details.
func (*CustomHeaderExtensionSettings) DeepCopy ¶ added in v1.0.0
func (in *CustomHeaderExtensionSettings) DeepCopy() *CustomHeaderExtensionSettings
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new CustomHeaderExtensionSettings.
func (*CustomHeaderExtensionSettings) DeepCopyInto ¶ added in v1.0.0
func (in *CustomHeaderExtensionSettings) DeepCopyInto(out *CustomHeaderExtensionSettings)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type CustomResponse ¶ added in v1.2.0
type CustomResponse struct { // Content Type of the response. This will be set in the Content-Type header. // // +optional ContentType *string `json:"contentType,omitempty"` // Body of the Custom Response Body CustomResponseBody `json:"body"` }
CustomResponse defines the configuration for returning a custom response.
func (*CustomResponse) DeepCopy ¶ added in v1.2.0
func (in *CustomResponse) DeepCopy() *CustomResponse
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new CustomResponse.
func (*CustomResponse) DeepCopyInto ¶ added in v1.2.0
func (in *CustomResponse) DeepCopyInto(out *CustomResponse)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type CustomResponseBody ¶ added in v1.2.0
type CustomResponseBody struct { // Type is the type of method to use to read the body value. // Valid values are Inline and ValueRef, default is Inline. // // +kubebuilder:default=Inline // +kubebuilder:validation:Enum=Inline;ValueRef // +unionDiscriminator Type *ResponseValueType `json:"type"` // Inline contains the value as an inline string. // // +optional Inline *string `json:"inline,omitempty"` // ValueRef contains the contents of the body // specified as a local object reference. // Only a reference to ConfigMap is supported. // // The value of key `response.body` in the ConfigMap will be used as the response body. // If the key is not found, the first value in the ConfigMap will be used. // // +optional ValueRef *gwapiv1.LocalObjectReference `json:"valueRef,omitempty"` }
CustomResponseBody +kubebuilder:validation:XValidation:message="inline must be set for type Inline",rule="(!has(self.type) || self.type == 'Inline')? has(self.inline) : true" +kubebuilder:validation:XValidation:message="valueRef must be set for type ValueRef",rule="(has(self.type) && self.type == 'ValueRef')? has(self.valueRef) : true" +kubebuilder:validation:XValidation:message="only ConfigMap is supported for ValueRef",rule="has(self.valueRef) ? self.valueRef.kind == 'ConfigMap' : true"
func (*CustomResponseBody) DeepCopy ¶ added in v1.2.0
func (in *CustomResponseBody) DeepCopy() *CustomResponseBody
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new CustomResponseBody.
func (*CustomResponseBody) DeepCopyInto ¶ added in v1.2.0
func (in *CustomResponseBody) DeepCopyInto(out *CustomResponseBody)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type CustomResponseMatch ¶ added in v1.2.0
type CustomResponseMatch struct { // Status code to match on. The match evaluates to true if any of the matches are successful. // +kubebuilder:validation:MinItems=1 // +kubebuilder:validation:MaxItems=50 StatusCodes []StatusCodeMatch `json:"statusCodes"` }
CustomResponseMatch defines the configuration for matching a user response to return a custom one.
func (*CustomResponseMatch) DeepCopy ¶ added in v1.2.0
func (in *CustomResponseMatch) DeepCopy() *CustomResponseMatch
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new CustomResponseMatch.
func (*CustomResponseMatch) DeepCopyInto ¶ added in v1.2.0
func (in *CustomResponseMatch) DeepCopyInto(out *CustomResponseMatch)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type CustomTag ¶ added in v0.6.0
type CustomTag struct { // Type defines the type of custom tag. // +kubebuilder:validation:Enum=Literal;Environment;RequestHeader // +unionDiscriminator // +kubebuilder:default=Literal Type CustomTagType `json:"type"` // Literal adds hard-coded value to each span. // It's required when the type is "Literal". Literal *LiteralCustomTag `json:"literal,omitempty"` // Environment adds value from environment variable to each span. // It's required when the type is "Environment". Environment *EnvironmentCustomTag `json:"environment,omitempty"` // RequestHeader adds value from request header to each span. // It's required when the type is "RequestHeader". RequestHeader *RequestHeaderCustomTag `json:"requestHeader,omitempty"` }
func (*CustomTag) DeepCopy ¶ added in v0.6.0
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new CustomTag.
func (*CustomTag) DeepCopyInto ¶ added in v0.6.0
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type CustomTagType ¶ added in v0.6.0
type CustomTagType string
const ( // CustomTagTypeLiteral adds hard-coded value to each span. CustomTagTypeLiteral CustomTagType = "Literal" // CustomTagTypeEnvironment adds value from environment variable to each span. CustomTagTypeEnvironment CustomTagType = "Environment" // CustomTagTypeRequestHeader adds value from request header to each span. CustomTagTypeRequestHeader CustomTagType = "RequestHeader" )
type DNS ¶ added in v1.2.0
type DNS struct { // DNSRefreshRate specifies the rate at which DNS records should be refreshed. // Defaults to 30 seconds. DNSRefreshRate *metav1.Duration `json:"dnsRefreshRate,omitempty"` // RespectDNSTTL indicates whether the DNS Time-To-Live (TTL) should be respected. // If the value is set to true, the DNS refresh rate will be set to the resource record’s TTL. // Defaults to true. RespectDNSTTL *bool `json:"respectDnsTtl,omitempty"` }
func (*DNS) DeepCopy ¶ added in v1.2.0
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new DNS.
func (*DNS) DeepCopyInto ¶ added in v1.2.0
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type EnvironmentCustomTag ¶ added in v0.6.0
type EnvironmentCustomTag struct { // Name defines the name of the environment variable which to extract the value from. Name string `json:"name"` // DefaultValue defines the default value to use if the environment variable is not set. // +optional DefaultValue *string `json:"defaultValue,omitempty"` }
EnvironmentCustomTag adds value from environment variable to each span.
func (*EnvironmentCustomTag) DeepCopy ¶ added in v0.6.0
func (in *EnvironmentCustomTag) DeepCopy() *EnvironmentCustomTag
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new EnvironmentCustomTag.
func (*EnvironmentCustomTag) DeepCopyInto ¶ added in v0.6.0
func (in *EnvironmentCustomTag) DeepCopyInto(out *EnvironmentCustomTag)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type EnvoyExtensionPolicy ¶ added in v1.1.0
type EnvoyExtensionPolicy struct { metav1.TypeMeta `json:",inline"` metav1.ObjectMeta `json:"metadata,omitempty"` // Spec defines the desired state of EnvoyExtensionPolicy. Spec EnvoyExtensionPolicySpec `json:"spec"` // Status defines the current status of EnvoyExtensionPolicy. Status gwapiv1a2.PolicyStatus `json:"status,omitempty"` }
EnvoyExtensionPolicy allows the user to configure various envoy extensibility options for the Gateway.
func (*EnvoyExtensionPolicy) DeepCopy ¶ added in v1.1.0
func (in *EnvoyExtensionPolicy) DeepCopy() *EnvoyExtensionPolicy
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new EnvoyExtensionPolicy.
func (*EnvoyExtensionPolicy) DeepCopyInto ¶ added in v1.1.0
func (in *EnvoyExtensionPolicy) DeepCopyInto(out *EnvoyExtensionPolicy)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
func (*EnvoyExtensionPolicy) DeepCopyObject ¶ added in v1.1.0
func (in *EnvoyExtensionPolicy) DeepCopyObject() runtime.Object
DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.
type EnvoyExtensionPolicyList ¶ added in v1.1.0
type EnvoyExtensionPolicyList struct { metav1.TypeMeta `json:",inline"` metav1.ListMeta `json:"metadata,omitempty"` Items []EnvoyExtensionPolicy `json:"items"` }
EnvoyExtensionPolicyList contains a list of EnvoyExtensionPolicy resources.
func (*EnvoyExtensionPolicyList) DeepCopy ¶ added in v1.1.0
func (in *EnvoyExtensionPolicyList) DeepCopy() *EnvoyExtensionPolicyList
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new EnvoyExtensionPolicyList.
func (*EnvoyExtensionPolicyList) DeepCopyInto ¶ added in v1.1.0
func (in *EnvoyExtensionPolicyList) DeepCopyInto(out *EnvoyExtensionPolicyList)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
func (*EnvoyExtensionPolicyList) DeepCopyObject ¶ added in v1.1.0
func (in *EnvoyExtensionPolicyList) DeepCopyObject() runtime.Object
DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.
type EnvoyExtensionPolicySpec ¶ added in v1.1.0
type EnvoyExtensionPolicySpec struct { PolicyTargetReferences `json:",inline"` // Wasm is a list of Wasm extensions to be loaded by the Gateway. // Order matters, as the extensions will be loaded in the order they are // defined in this list. // // +kubebuilder:validation:MaxItems=16 // +optional Wasm []Wasm `json:"wasm,omitempty"` // ExtProc is an ordered list of external processing filters // that should added to the envoy filter chain // // +kubebuilder:validation:MaxItems=16 // +optional ExtProc []ExtProc `json:"extProc,omitempty"` }
+kubebuilder:validation:XValidation:rule="(has(self.targetRef) && !has(self.targetRefs)) || (!has(self.targetRef) && has(self.targetRefs)) || (has(self.targetSelectors) && self.targetSelectors.size() > 0) ", message="either targetRef or targetRefs must be used"
+kubebuilder:validation:XValidation:rule="has(self.targetRef) ? self.targetRef.group == 'gateway.networking.k8s.io' : true", message="this policy can only have a targetRef.group of gateway.networking.k8s.io" +kubebuilder:validation:XValidation:rule="has(self.targetRef) ? self.targetRef.kind in ['Gateway', 'HTTPRoute', 'GRPCRoute', 'UDPRoute', 'TCPRoute', 'TLSRoute'] : true", message="this policy can only have a targetRef.kind of Gateway/HTTPRoute/GRPCRoute/TCPRoute/UDPRoute/TLSRoute" +kubebuilder:validation:XValidation:rule="has(self.targetRef) ? !has(self.targetRef.sectionName) : true",message="this policy does not yet support the sectionName field" +kubebuilder:validation:XValidation:rule="has(self.targetRefs) ? self.targetRefs.all(ref, ref.group == 'gateway.networking.k8s.io') : true ", message="this policy can only have a targetRefs[*].group of gateway.networking.k8s.io" +kubebuilder:validation:XValidation:rule="has(self.targetRefs) ? self.targetRefs.all(ref, ref.kind in ['Gateway', 'HTTPRoute', 'GRPCRoute', 'UDPRoute', 'TCPRoute', 'TLSRoute']) : true ", message="this policy can only have a targetRefs[*].kind of Gateway/HTTPRoute/GRPCRoute/TCPRoute/UDPRoute/TLSRoute" +kubebuilder:validation:XValidation:rule="has(self.targetRefs) ? self.targetRefs.all(ref, !has(ref.sectionName)) : true",message="this policy does not yet support the sectionName field"
EnvoyExtensionPolicySpec defines the desired state of EnvoyExtensionPolicy.
func (*EnvoyExtensionPolicySpec) DeepCopy ¶ added in v1.1.0
func (in *EnvoyExtensionPolicySpec) DeepCopy() *EnvoyExtensionPolicySpec
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new EnvoyExtensionPolicySpec.
func (*EnvoyExtensionPolicySpec) DeepCopyInto ¶ added in v1.1.0
func (in *EnvoyExtensionPolicySpec) DeepCopyInto(out *EnvoyExtensionPolicySpec)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type EnvoyFilter ¶ added in v1.1.0
type EnvoyFilter string
EnvoyFilter defines the type of Envoy HTTP filter. +kubebuilder:validation:Enum=envoy.filters.http.health_check;envoy.filters.http.fault;envoy.filters.http.cors;envoy.filters.http.ext_authz;envoy.filters.http.basic_auth;envoy.filters.http.oauth2;envoy.filters.http.jwt_authn;envoy.filters.http.stateful_session;envoy.filters.http.ext_proc;envoy.filters.http.wasm;envoy.filters.http.rbac;envoy.filters.http.local_ratelimit;envoy.filters.http.ratelimit;envoy.filters.http.custom_response
const ( // EnvoyFilterHealthCheck defines the Envoy HTTP health check filter. EnvoyFilterHealthCheck EnvoyFilter = "envoy.filters.http.health_check" // EnvoyFilterFault defines the Envoy HTTP fault filter. EnvoyFilterFault EnvoyFilter = "envoy.filters.http.fault" // EnvoyFilterCORS defines the Envoy HTTP CORS filter. EnvoyFilterCORS EnvoyFilter = "envoy.filters.http.cors" // EnvoyFilterExtAuthz defines the Envoy HTTP external authorization filter. EnvoyFilterExtAuthz EnvoyFilter = "envoy.filters.http.ext_authz" // EnvoyFilterBasicAuth defines the Envoy HTTP basic authentication filter. EnvoyFilterBasicAuth EnvoyFilter = "envoy.filters.http.basic_auth" // EnvoyFilterOAuth2 defines the Envoy HTTP OAuth2 filter. EnvoyFilterOAuth2 EnvoyFilter = "envoy.filters.http.oauth2" // EnvoyFilterJWTAuthn defines the Envoy HTTP JWT authentication filter. EnvoyFilterJWTAuthn EnvoyFilter = "envoy.filters.http.jwt_authn" // EnvoyFilterSessionPersistence defines the Envoy HTTP session persistence filter. EnvoyFilterSessionPersistence EnvoyFilter = "envoy.filters.http.stateful_session" // EnvoyFilterExtProc defines the Envoy HTTP external process filter. EnvoyFilterExtProc EnvoyFilter = "envoy.filters.http.ext_proc" // EnvoyFilterWasm defines the Envoy HTTP WebAssembly filter. EnvoyFilterWasm EnvoyFilter = "envoy.filters.http.wasm" // EnvoyFilterRBAC defines the Envoy RBAC filter. EnvoyFilterRBAC EnvoyFilter = "envoy.filters.http.rbac" // EnvoyFilterLocalRateLimit defines the Envoy HTTP local rate limit filter. EnvoyFilterLocalRateLimit EnvoyFilter = "envoy.filters.http.local_ratelimit" // EnvoyFilterRateLimit defines the Envoy HTTP rate limit filter. EnvoyFilterRateLimit EnvoyFilter = "envoy.filters.http.ratelimit" // EnvoyFilterCustomResponse defines the Envoy HTTP custom response filter. EnvoyFilterCustomResponse EnvoyFilter = "envoy.filters.http.custom_response" // EnvoyFilterRouter defines the Envoy HTTP router filter. EnvoyFilterRouter EnvoyFilter = "envoy.filters.http.router" )
func (EnvoyFilter) String ¶ added in v1.2.0
func (f EnvoyFilter) String() string
String returns the string representation of the EnvoyFilter type.
type EnvoyGateway ¶ added in v0.6.0
type EnvoyGateway struct { metav1.TypeMeta `json:",inline"` // EnvoyGatewaySpec defines the desired state of EnvoyGateway. EnvoyGatewaySpec `json:",inline"` }
EnvoyGateway is the schema for the envoygateways API.
func DefaultEnvoyGateway ¶ added in v0.6.0
func DefaultEnvoyGateway() *EnvoyGateway
DefaultEnvoyGateway returns a new EnvoyGateway with default configuration parameters.
func (*EnvoyGateway) DeepCopy ¶ added in v0.6.0
func (in *EnvoyGateway) DeepCopy() *EnvoyGateway
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new EnvoyGateway.
func (*EnvoyGateway) DeepCopyInto ¶ added in v0.6.0
func (in *EnvoyGateway) DeepCopyInto(out *EnvoyGateway)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
func (*EnvoyGateway) DeepCopyObject ¶ added in v0.6.0
func (in *EnvoyGateway) DeepCopyObject() runtime.Object
DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.
func (*EnvoyGateway) DisablePrometheus ¶ added in v0.6.0
func (e *EnvoyGateway) DisablePrometheus() bool
DisablePrometheus returns if disable prometheus.
func (*EnvoyGateway) GetEnvoyGatewayAdmin ¶ added in v0.6.0
func (e *EnvoyGateway) GetEnvoyGatewayAdmin() *EnvoyGatewayAdmin
GetEnvoyGatewayAdmin returns the EnvoyGatewayAdmin of EnvoyGateway or a default EnvoyGatewayAdmin if unspecified.
func (*EnvoyGateway) GetEnvoyGatewayAdminAddress ¶ added in v0.6.0
func (e *EnvoyGateway) GetEnvoyGatewayAdminAddress() string
GetEnvoyGatewayAdminAddress returns the EnvoyGateway Admin Address.
func (*EnvoyGateway) GetEnvoyGatewayProvider ¶ added in v0.6.0
func (e *EnvoyGateway) GetEnvoyGatewayProvider() *EnvoyGatewayProvider
GetEnvoyGatewayProvider returns the EnvoyGatewayProvider of EnvoyGateway or a default EnvoyGatewayProvider if unspecified.
func (*EnvoyGateway) GetEnvoyGatewayTelemetry ¶ added in v0.6.0
func (e *EnvoyGateway) GetEnvoyGatewayTelemetry() *EnvoyGatewayTelemetry
GetEnvoyGatewayTelemetry returns the EnvoyGatewayTelemetry of EnvoyGateway or a default EnvoyGatewayTelemetry if unspecified.
func (*EnvoyGateway) NamespaceMode ¶ added in v1.0.0
func (e *EnvoyGateway) NamespaceMode() bool
NamespaceMode returns if uses namespace mode.
func (*EnvoyGateway) SetEnvoyGatewayDefaults ¶ added in v0.6.0
func (e *EnvoyGateway) SetEnvoyGatewayDefaults()
SetEnvoyGatewayDefaults sets default EnvoyGateway configuration parameters.
type EnvoyGatewayAdmin ¶ added in v0.6.0
type EnvoyGatewayAdmin struct { // Address defines the address of Envoy Gateway Admin Server. // // +optional Address *EnvoyGatewayAdminAddress `json:"address,omitempty"` // EnableDumpConfig defines if enable dump config in Envoy Gateway logs. // // +optional EnableDumpConfig bool `json:"enableDumpConfig,omitempty"` // EnablePprof defines if enable pprof in Envoy Gateway Admin Server. // // +optional EnablePprof bool `json:"enablePprof,omitempty"` }
EnvoyGatewayAdmin defines the Envoy Gateway Admin configuration.
func DefaultEnvoyGatewayAdmin ¶ added in v0.6.0
func DefaultEnvoyGatewayAdmin() *EnvoyGatewayAdmin
DefaultEnvoyGatewayAdmin returns a new EnvoyGatewayAdmin with default configuration parameters.
func (*EnvoyGatewayAdmin) DeepCopy ¶ added in v0.6.0
func (in *EnvoyGatewayAdmin) DeepCopy() *EnvoyGatewayAdmin
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new EnvoyGatewayAdmin.
func (*EnvoyGatewayAdmin) DeepCopyInto ¶ added in v0.6.0
func (in *EnvoyGatewayAdmin) DeepCopyInto(out *EnvoyGatewayAdmin)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type EnvoyGatewayAdminAddress ¶ added in v0.6.0
type EnvoyGatewayAdminAddress struct { // Port defines the port the admin server is exposed on. // // +optional // +kubebuilder:validation:Minimum=0 // +kubebuilder:default=19000 Port int `json:"port,omitempty"` // Host defines the admin server hostname. // // +optional // +kubebuilder:default="127.0.0.1" Host string `json:"host,omitempty"` }
EnvoyGatewayAdminAddress defines the Envoy Gateway Admin Address configuration.
func DefaultEnvoyGatewayAdminAddress ¶ added in v0.6.0
func DefaultEnvoyGatewayAdminAddress() *EnvoyGatewayAdminAddress
DefaultEnvoyGatewayAdminAddress returns a new EnvoyGatewayAdminAddress with default configuration parameters.
func (*EnvoyGatewayAdminAddress) DeepCopy ¶ added in v0.6.0
func (in *EnvoyGatewayAdminAddress) DeepCopy() *EnvoyGatewayAdminAddress
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new EnvoyGatewayAdminAddress.
func (*EnvoyGatewayAdminAddress) DeepCopyInto ¶ added in v0.6.0
func (in *EnvoyGatewayAdminAddress) DeepCopyInto(out *EnvoyGatewayAdminAddress)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type EnvoyGatewayCustomProvider ¶ added in v0.6.0
type EnvoyGatewayCustomProvider struct { // Resource defines the desired resource provider. // This provider is used to specify the provider to be used // to retrieve the resource configurations such as Gateway API // resources Resource EnvoyGatewayResourceProvider `json:"resource"` // Infrastructure defines the desired infrastructure provider. // This provider is used to specify the provider to be used // to provide an environment to deploy the out resources like // the Envoy Proxy data plane. // // Infrastructure is optional, if provider is not specified, // No infrastructure provider is available. // +optional Infrastructure *EnvoyGatewayInfrastructureProvider `json:"infrastructure,omitempty"` }
EnvoyGatewayCustomProvider defines configuration for the Custom provider.
func (*EnvoyGatewayCustomProvider) DeepCopy ¶ added in v0.6.0
func (in *EnvoyGatewayCustomProvider) DeepCopy() *EnvoyGatewayCustomProvider
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new EnvoyGatewayCustomProvider.
func (*EnvoyGatewayCustomProvider) DeepCopyInto ¶ added in v0.6.0
func (in *EnvoyGatewayCustomProvider) DeepCopyInto(out *EnvoyGatewayCustomProvider)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type EnvoyGatewayFileResourceProvider ¶ added in v0.6.0
type EnvoyGatewayFileResourceProvider struct { // Paths are the paths to a directory or file containing the resource configuration. // Recursive subdirectories are not currently supported. Paths []string `json:"paths"` }
EnvoyGatewayFileResourceProvider defines configuration for the File Resource provider.
func (*EnvoyGatewayFileResourceProvider) DeepCopy ¶ added in v0.6.0
func (in *EnvoyGatewayFileResourceProvider) DeepCopy() *EnvoyGatewayFileResourceProvider
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new EnvoyGatewayFileResourceProvider.
func (*EnvoyGatewayFileResourceProvider) DeepCopyInto ¶ added in v0.6.0
func (in *EnvoyGatewayFileResourceProvider) DeepCopyInto(out *EnvoyGatewayFileResourceProvider)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type EnvoyGatewayHostInfrastructureProvider ¶ added in v0.6.0
type EnvoyGatewayHostInfrastructureProvider struct { }
EnvoyGatewayHostInfrastructureProvider defines configuration for the Host Infrastructure provider.
func (*EnvoyGatewayHostInfrastructureProvider) DeepCopy ¶ added in v0.6.0
func (in *EnvoyGatewayHostInfrastructureProvider) DeepCopy() *EnvoyGatewayHostInfrastructureProvider
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new EnvoyGatewayHostInfrastructureProvider.
func (*EnvoyGatewayHostInfrastructureProvider) DeepCopyInto ¶ added in v0.6.0
func (in *EnvoyGatewayHostInfrastructureProvider) DeepCopyInto(out *EnvoyGatewayHostInfrastructureProvider)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type EnvoyGatewayInfrastructureProvider ¶ added in v0.6.0
type EnvoyGatewayInfrastructureProvider struct { // Type is the type of infrastructure providers to use. Supported types are "Host". // // +unionDiscriminator Type InfrastructureProviderType `json:"type"` // Host defines the configuration of the Host provider. Host provides runtime // deployment of the data plane as a child process on the host environment. // // +optional Host *EnvoyGatewayHostInfrastructureProvider `json:"host,omitempty"` }
EnvoyGatewayInfrastructureProvider defines configuration for the Custom Infrastructure provider.
func (*EnvoyGatewayInfrastructureProvider) DeepCopy ¶ added in v0.6.0
func (in *EnvoyGatewayInfrastructureProvider) DeepCopy() *EnvoyGatewayInfrastructureProvider
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new EnvoyGatewayInfrastructureProvider.
func (*EnvoyGatewayInfrastructureProvider) DeepCopyInto ¶ added in v0.6.0
func (in *EnvoyGatewayInfrastructureProvider) DeepCopyInto(out *EnvoyGatewayInfrastructureProvider)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type EnvoyGatewayKubernetesProvider ¶ added in v0.6.0
type EnvoyGatewayKubernetesProvider struct { // RateLimitDeployment defines the desired state of the Envoy ratelimit deployment resource. // If unspecified, default settings for the managed Envoy ratelimit deployment resource // are applied. // // +optional RateLimitDeployment *KubernetesDeploymentSpec `json:"rateLimitDeployment,omitempty"` // Watch holds configuration of which input resources should be watched and reconciled. // +optional Watch *KubernetesWatchMode `json:"watch,omitempty"` // Deploy holds configuration of how output managed resources such as the Envoy Proxy data plane // should be deployed // +optional Deploy *KubernetesDeployMode `json:"deploy,omitempty"` // OverwriteControlPlaneCerts updates the secrets containing the control plane certs, when set. // +optional OverwriteControlPlaneCerts *bool `json:"overwriteControlPlaneCerts,omitempty"` // LeaderElection specifies the configuration for leader election. // If it's not set up, leader election will be active by default, using Kubernetes' standard settings. // +optional LeaderElection *LeaderElection `json:"leaderElection,omitempty"` // ShutdownManager defines the configuration for the shutdown manager. // +optional ShutdownManager *ShutdownManager `json:"shutdownManager,omitempty"` }
EnvoyGatewayKubernetesProvider defines configuration for the Kubernetes provider.
func DefaultEnvoyGatewayKubeProvider ¶ added in v0.6.0
func DefaultEnvoyGatewayKubeProvider() *EnvoyGatewayKubernetesProvider
DefaultEnvoyGatewayKubeProvider returns a new EnvoyGatewayKubernetesProvider with default settings.
func (*EnvoyGatewayKubernetesProvider) DeepCopy ¶ added in v0.6.0
func (in *EnvoyGatewayKubernetesProvider) DeepCopy() *EnvoyGatewayKubernetesProvider
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new EnvoyGatewayKubernetesProvider.
func (*EnvoyGatewayKubernetesProvider) DeepCopyInto ¶ added in v0.6.0
func (in *EnvoyGatewayKubernetesProvider) DeepCopyInto(out *EnvoyGatewayKubernetesProvider)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type EnvoyGatewayLogComponent ¶ added in v0.6.0
type EnvoyGatewayLogComponent string
EnvoyGatewayLogComponent defines a component that supports a configured logging level. +kubebuilder:validation:Enum=default;provider;gateway-api;xds-translator;xds-server;infrastructure;global-ratelimit
const ( // LogComponentGatewayDefault defines the "default"-wide logging component. When specified, // all other logging components are ignored. LogComponentGatewayDefault EnvoyGatewayLogComponent = "default" // LogComponentProviderRunner defines the "provider" runner component. LogComponentProviderRunner EnvoyGatewayLogComponent = "provider" // LogComponentGatewayAPIRunner defines the "gateway-api" runner component. LogComponentGatewayAPIRunner EnvoyGatewayLogComponent = "gateway-api" // LogComponentXdsTranslatorRunner defines the "xds-translator" runner component. LogComponentXdsTranslatorRunner EnvoyGatewayLogComponent = "xds-translator" // LogComponentXdsServerRunner defines the "xds-server" runner component. LogComponentXdsServerRunner EnvoyGatewayLogComponent = "xds-server" // LogComponentInfrastructureRunner defines the "infrastructure" runner component. LogComponentInfrastructureRunner EnvoyGatewayLogComponent = "infrastructure" // LogComponentGlobalRateLimitRunner defines the "global-ratelimit" runner component. LogComponentGlobalRateLimitRunner EnvoyGatewayLogComponent = "global-ratelimit" )
type EnvoyGatewayLogging ¶ added in v0.6.0
type EnvoyGatewayLogging struct { // Level is the logging level. If unspecified, defaults to "info". // EnvoyGatewayLogComponent options: default/provider/gateway-api/xds-translator/xds-server/infrastructure/global-ratelimit. // LogLevel options: debug/info/error/warn. // // +kubebuilder:default={default: info} Level map[EnvoyGatewayLogComponent]LogLevel `json:"level,omitempty"` }
EnvoyGatewayLogging defines logging for Envoy Gateway.
func DefaultEnvoyGatewayLogging ¶ added in v0.6.0
func DefaultEnvoyGatewayLogging() *EnvoyGatewayLogging
DefaultEnvoyGatewayLogging returns a new EnvoyGatewayLogging with default configuration parameters.
func (*EnvoyGatewayLogging) DeepCopy ¶ added in v0.6.0
func (in *EnvoyGatewayLogging) DeepCopy() *EnvoyGatewayLogging
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new EnvoyGatewayLogging.
func (*EnvoyGatewayLogging) DeepCopyInto ¶ added in v0.6.0
func (in *EnvoyGatewayLogging) DeepCopyInto(out *EnvoyGatewayLogging)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
func (*EnvoyGatewayLogging) DefaultEnvoyGatewayLoggingLevel ¶ added in v0.6.0
func (logging *EnvoyGatewayLogging) DefaultEnvoyGatewayLoggingLevel(level LogLevel) LogLevel
DefaultEnvoyGatewayLoggingLevel returns a new EnvoyGatewayLogging with default configuration parameters. When v1alpha1.LogComponentGatewayDefault specified, all other logging components are ignored.
func (*EnvoyGatewayLogging) SetEnvoyGatewayLoggingDefaults ¶ added in v0.6.0
func (logging *EnvoyGatewayLogging) SetEnvoyGatewayLoggingDefaults()
SetEnvoyGatewayLoggingDefaults sets default EnvoyGatewayLogging configuration parameters.
type EnvoyGatewayMetricSink ¶ added in v0.6.0
type EnvoyGatewayMetricSink struct { // Type defines the metric sink type. // EG control plane currently supports OpenTelemetry. // +kubebuilder:validation:Enum=OpenTelemetry // +kubebuilder:default=OpenTelemetry Type MetricSinkType `json:"type"` // OpenTelemetry defines the configuration for OpenTelemetry sink. // It's required if the sink type is OpenTelemetry. OpenTelemetry *EnvoyGatewayOpenTelemetrySink `json:"openTelemetry,omitempty"` }
EnvoyGatewayMetricSink defines control plane metric sinks where metrics are sent to.
func (*EnvoyGatewayMetricSink) DeepCopy ¶ added in v0.6.0
func (in *EnvoyGatewayMetricSink) DeepCopy() *EnvoyGatewayMetricSink
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new EnvoyGatewayMetricSink.
func (*EnvoyGatewayMetricSink) DeepCopyInto ¶ added in v0.6.0
func (in *EnvoyGatewayMetricSink) DeepCopyInto(out *EnvoyGatewayMetricSink)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type EnvoyGatewayMetrics ¶ added in v0.6.0
type EnvoyGatewayMetrics struct { // Sinks defines the metric sinks where metrics are sent to. Sinks []EnvoyGatewayMetricSink `json:"sinks,omitempty"` // Prometheus defines the configuration for prometheus endpoint. Prometheus *EnvoyGatewayPrometheusProvider `json:"prometheus,omitempty"` }
EnvoyGatewayMetrics defines control plane push/pull metrics configurations.
func DefaultEnvoyGatewayMetrics ¶ added in v0.6.0
func DefaultEnvoyGatewayMetrics() *EnvoyGatewayMetrics
DefaultEnvoyGatewayMetrics returns a new EnvoyGatewayMetrics with default configuration parameters.
func (*EnvoyGatewayMetrics) DeepCopy ¶ added in v0.6.0
func (in *EnvoyGatewayMetrics) DeepCopy() *EnvoyGatewayMetrics
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new EnvoyGatewayMetrics.
func (*EnvoyGatewayMetrics) DeepCopyInto ¶ added in v0.6.0
func (in *EnvoyGatewayMetrics) DeepCopyInto(out *EnvoyGatewayMetrics)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type EnvoyGatewayOpenTelemetrySink ¶ added in v0.6.0
type EnvoyGatewayOpenTelemetrySink struct { // Host define the sink service hostname. Host string `json:"host"` // Protocol define the sink service protocol. // +kubebuilder:validation:Enum=grpc;http Protocol string `json:"protocol"` // Port defines the port the sink service is exposed on. // // +optional // +kubebuilder:validation:Minimum=0 // +kubebuilder:default=4317 Port int32 `json:"port,omitempty"` // ExportInterval configures the intervening time between exports for a // Sink. This option overrides any value set for the // OTEL_METRIC_EXPORT_INTERVAL environment variable. // If ExportInterval is less than or equal to zero, 60 seconds // is used as the default. ExportInterval *gwapiv1.Duration `json:"exportInterval,omitempty"` // ExportTimeout configures the time a Sink waits for an export to // complete before canceling it. This option overrides any value set for the // OTEL_METRIC_EXPORT_TIMEOUT environment variable. // If ExportTimeout is less than or equal to zero, 30 seconds // is used as the default. ExportTimeout *gwapiv1.Duration `json:"exportTimeout,omitempty"` }
func (*EnvoyGatewayOpenTelemetrySink) DeepCopy ¶ added in v0.6.0
func (in *EnvoyGatewayOpenTelemetrySink) DeepCopy() *EnvoyGatewayOpenTelemetrySink
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new EnvoyGatewayOpenTelemetrySink.
func (*EnvoyGatewayOpenTelemetrySink) DeepCopyInto ¶ added in v0.6.0
func (in *EnvoyGatewayOpenTelemetrySink) DeepCopyInto(out *EnvoyGatewayOpenTelemetrySink)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type EnvoyGatewayPrometheusProvider ¶ added in v0.6.0
type EnvoyGatewayPrometheusProvider struct { // Disable defines if disables the prometheus metrics in pull mode. // Disable bool `json:"disable,omitempty"` }
EnvoyGatewayPrometheusProvider will expose prometheus endpoint in pull mode.
func DefaultEnvoyGatewayPrometheus ¶ added in v0.6.0
func DefaultEnvoyGatewayPrometheus() *EnvoyGatewayPrometheusProvider
DefaultEnvoyGatewayPrometheus returns a new EnvoyGatewayMetrics with default configuration parameters.
func (*EnvoyGatewayPrometheusProvider) DeepCopy ¶ added in v0.6.0
func (in *EnvoyGatewayPrometheusProvider) DeepCopy() *EnvoyGatewayPrometheusProvider
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new EnvoyGatewayPrometheusProvider.
func (*EnvoyGatewayPrometheusProvider) DeepCopyInto ¶ added in v0.6.0
func (in *EnvoyGatewayPrometheusProvider) DeepCopyInto(out *EnvoyGatewayPrometheusProvider)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type EnvoyGatewayProvider ¶ added in v0.6.0
type EnvoyGatewayProvider struct { // Type is the type of provider to use. Supported types are "Kubernetes", "Custom". // // +unionDiscriminator Type ProviderType `json:"type"` // Kubernetes defines the configuration of the Kubernetes provider. Kubernetes // provides runtime configuration via the Kubernetes API. // // +optional Kubernetes *EnvoyGatewayKubernetesProvider `json:"kubernetes,omitempty"` // Custom defines the configuration for the Custom provider. This provider // allows you to define a specific resource provider and an infrastructure // provider. // // +optional Custom *EnvoyGatewayCustomProvider `json:"custom,omitempty"` }
EnvoyGatewayProvider defines the desired configuration of a provider. +union
func DefaultEnvoyGatewayProvider ¶ added in v0.6.0
func DefaultEnvoyGatewayProvider() *EnvoyGatewayProvider
DefaultEnvoyGatewayProvider returns a new EnvoyGatewayProvider with default configuration parameters.
func (*EnvoyGatewayProvider) DeepCopy ¶ added in v0.6.0
func (in *EnvoyGatewayProvider) DeepCopy() *EnvoyGatewayProvider
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new EnvoyGatewayProvider.
func (*EnvoyGatewayProvider) DeepCopyInto ¶ added in v0.6.0
func (in *EnvoyGatewayProvider) DeepCopyInto(out *EnvoyGatewayProvider)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
func (*EnvoyGatewayProvider) GetEnvoyGatewayKubeProvider ¶ added in v0.6.0
func (r *EnvoyGatewayProvider) GetEnvoyGatewayKubeProvider() *EnvoyGatewayKubernetesProvider
GetEnvoyGatewayKubeProvider returns the EnvoyGatewayKubernetesProvider of Provider or a default EnvoyGatewayKubernetesProvider if unspecified. If EnvoyGatewayProvider is not of type "Kubernetes", a nil EnvoyGatewayKubernetesProvider is returned.
func (*EnvoyGatewayProvider) IsRunningOnHost ¶ added in v1.2.0
func (r *EnvoyGatewayProvider) IsRunningOnHost() bool
func (*EnvoyGatewayProvider) IsRunningOnKubernetes ¶ added in v1.2.0
func (r *EnvoyGatewayProvider) IsRunningOnKubernetes() bool
type EnvoyGatewayResourceProvider ¶ added in v0.6.0
type EnvoyGatewayResourceProvider struct { // Type is the type of resource provider to use. Supported types are "File". // // +unionDiscriminator Type ResourceProviderType `json:"type"` // File defines the configuration of the File provider. File provides runtime // configuration defined by one or more files. // // +optional File *EnvoyGatewayFileResourceProvider `json:"file,omitempty"` }
EnvoyGatewayResourceProvider defines configuration for the Custom Resource provider.
func (*EnvoyGatewayResourceProvider) DeepCopy ¶ added in v0.6.0
func (in *EnvoyGatewayResourceProvider) DeepCopy() *EnvoyGatewayResourceProvider
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new EnvoyGatewayResourceProvider.
func (*EnvoyGatewayResourceProvider) DeepCopyInto ¶ added in v0.6.0
func (in *EnvoyGatewayResourceProvider) DeepCopyInto(out *EnvoyGatewayResourceProvider)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type EnvoyGatewaySpec ¶ added in v0.6.0
type EnvoyGatewaySpec struct { // Gateway defines desired Gateway API specific configuration. If unset, // default configuration parameters will apply. // // +optional Gateway *Gateway `json:"gateway,omitempty"` // Provider defines the desired provider and provider-specific configuration. // If unspecified, the Kubernetes provider is used with default configuration // parameters. // // +optional Provider *EnvoyGatewayProvider `json:"provider,omitempty"` // Logging defines logging parameters for Envoy Gateway. // // +optional // +kubebuilder:default={default: info} Logging *EnvoyGatewayLogging `json:"logging,omitempty"` // Admin defines the desired admin related abilities. // If unspecified, the Admin is used with default configuration // parameters. // // +optional Admin *EnvoyGatewayAdmin `json:"admin,omitempty"` // Telemetry defines the desired control plane telemetry related abilities. // If unspecified, the telemetry is used with default configuration. // // +optional Telemetry *EnvoyGatewayTelemetry `json:"telemetry,omitempty"` // RateLimit defines the configuration associated with the Rate Limit service // deployed by Envoy Gateway required to implement the Global Rate limiting // functionality. The specific rate limit service used here is the reference // implementation in Envoy. For more details visit https://github.com/envoyproxy/ratelimit. // This configuration is unneeded for "Local" rate limiting. // // +optional RateLimit *RateLimit `json:"rateLimit,omitempty"` // ExtensionManager defines an extension manager to register for the Envoy Gateway Control Plane. // // +optional ExtensionManager *ExtensionManager `json:"extensionManager,omitempty"` // ExtensionAPIs defines the settings related to specific Gateway API Extensions // implemented by Envoy Gateway // // +optional ExtensionAPIs *ExtensionAPISettings `json:"extensionApis,omitempty"` }
EnvoyGatewaySpec defines the desired state of Envoy Gateway.
func (*EnvoyGatewaySpec) DeepCopy ¶ added in v0.6.0
func (in *EnvoyGatewaySpec) DeepCopy() *EnvoyGatewaySpec
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new EnvoyGatewaySpec.
func (*EnvoyGatewaySpec) DeepCopyInto ¶ added in v0.6.0
func (in *EnvoyGatewaySpec) DeepCopyInto(out *EnvoyGatewaySpec)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type EnvoyGatewayTelemetry ¶ added in v0.6.0
type EnvoyGatewayTelemetry struct { // Metrics defines metrics configuration for envoy gateway. Metrics *EnvoyGatewayMetrics `json:"metrics,omitempty"` }
EnvoyGatewayTelemetry defines telemetry configurations for envoy gateway control plane. Control plane will focus on metrics observability telemetry and tracing telemetry later.
func DefaultEnvoyGatewayTelemetry ¶ added in v0.6.0
func DefaultEnvoyGatewayTelemetry() *EnvoyGatewayTelemetry
DefaultEnvoyGatewayTelemetry returns a new EnvoyGatewayTelemetry with default configuration parameters.
func (*EnvoyGatewayTelemetry) DeepCopy ¶ added in v0.6.0
func (in *EnvoyGatewayTelemetry) DeepCopy() *EnvoyGatewayTelemetry
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new EnvoyGatewayTelemetry.
func (*EnvoyGatewayTelemetry) DeepCopyInto ¶ added in v0.6.0
func (in *EnvoyGatewayTelemetry) DeepCopyInto(out *EnvoyGatewayTelemetry)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type EnvoyJSONPatchConfig ¶ added in v0.5.0
type EnvoyJSONPatchConfig struct { // Type is the typed URL of the Envoy xDS Resource Type EnvoyResourceType `json:"type"` // Name is the name of the resource Name string `json:"name"` // Patch defines the JSON Patch Operation Operation JSONPatchOperation `json:"operation"` }
EnvoyJSONPatchConfig defines the configuration for patching a Envoy xDS Resource using JSONPatch semantic
func (*EnvoyJSONPatchConfig) DeepCopy ¶ added in v0.5.0
func (in *EnvoyJSONPatchConfig) DeepCopy() *EnvoyJSONPatchConfig
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new EnvoyJSONPatchConfig.
func (*EnvoyJSONPatchConfig) DeepCopyInto ¶ added in v0.5.0
func (in *EnvoyJSONPatchConfig) DeepCopyInto(out *EnvoyJSONPatchConfig)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type EnvoyPatchPolicy ¶ added in v0.5.0
type EnvoyPatchPolicy struct { metav1.TypeMeta `json:",inline"` metav1.ObjectMeta `json:"metadata,omitempty"` // Spec defines the desired state of EnvoyPatchPolicy. Spec EnvoyPatchPolicySpec `json:"spec"` // Status defines the current status of EnvoyPatchPolicy. Status gwapiv1a2.PolicyStatus `json:"status,omitempty"` }
EnvoyPatchPolicy allows the user to modify the generated Envoy xDS resources by Envoy Gateway using this patch API
func (*EnvoyPatchPolicy) DeepCopy ¶ added in v0.5.0
func (in *EnvoyPatchPolicy) DeepCopy() *EnvoyPatchPolicy
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new EnvoyPatchPolicy.
func (*EnvoyPatchPolicy) DeepCopyInto ¶ added in v0.5.0
func (in *EnvoyPatchPolicy) DeepCopyInto(out *EnvoyPatchPolicy)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
func (*EnvoyPatchPolicy) DeepCopyObject ¶ added in v0.5.0
func (in *EnvoyPatchPolicy) DeepCopyObject() runtime.Object
DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.
type EnvoyPatchPolicyList ¶ added in v0.5.0
type EnvoyPatchPolicyList struct { metav1.TypeMeta `json:",inline"` metav1.ListMeta `json:"metadata,omitempty"` Items []EnvoyPatchPolicy `json:"items"` }
EnvoyPatchPolicyList contains a list of EnvoyPatchPolicy resources.
func (*EnvoyPatchPolicyList) DeepCopy ¶ added in v0.5.0
func (in *EnvoyPatchPolicyList) DeepCopy() *EnvoyPatchPolicyList
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new EnvoyPatchPolicyList.
func (*EnvoyPatchPolicyList) DeepCopyInto ¶ added in v0.5.0
func (in *EnvoyPatchPolicyList) DeepCopyInto(out *EnvoyPatchPolicyList)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
func (*EnvoyPatchPolicyList) DeepCopyObject ¶ added in v0.5.0
func (in *EnvoyPatchPolicyList) DeepCopyObject() runtime.Object
DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.
type EnvoyPatchPolicySpec ¶ added in v0.5.0
type EnvoyPatchPolicySpec struct { // Type decides the type of patch. // Valid EnvoyPatchType values are "JSONPatch". // // +unionDiscriminator Type EnvoyPatchType `json:"type"` // JSONPatch defines the JSONPatch configuration. // // +optional JSONPatches []EnvoyJSONPatchConfig `json:"jsonPatches,omitempty"` // TargetRef is the name of the Gateway API resource this policy // is being attached to. // By default, attaching to Gateway is supported and // when mergeGateways is enabled it should attach to GatewayClass. // This Policy and the TargetRef MUST be in the same namespace // for this Policy to have effect and be applied to the Gateway // TargetRef TargetRef gwapiv1a2.LocalPolicyTargetReference `json:"targetRef"` // Priority of the EnvoyPatchPolicy. // If multiple EnvoyPatchPolicies are applied to the same // TargetRef, they will be applied in the ascending order of // the priority i.e. int32.min has the highest priority and // int32.max has the lowest priority. // Defaults to 0. Priority int32 `json:"priority,omitempty"` }
EnvoyPatchPolicySpec defines the desired state of EnvoyPatchPolicy. +union
func (*EnvoyPatchPolicySpec) DeepCopy ¶ added in v0.5.0
func (in *EnvoyPatchPolicySpec) DeepCopy() *EnvoyPatchPolicySpec
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new EnvoyPatchPolicySpec.
func (*EnvoyPatchPolicySpec) DeepCopyInto ¶ added in v0.5.0
func (in *EnvoyPatchPolicySpec) DeepCopyInto(out *EnvoyPatchPolicySpec)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type EnvoyPatchType ¶ added in v0.5.0
type EnvoyPatchType string
EnvoyPatchType specifies the types of Envoy patching mechanisms. +kubebuilder:validation:Enum=JSONPatch
const ( // JSONPatchEnvoyPatchType allows the user to patch the generated xDS resources using JSONPatch semantics. // For more details on the semantics, please refer to https://datatracker.ietf.org/doc/html/rfc6902 JSONPatchEnvoyPatchType EnvoyPatchType = "JSONPatch" )
type EnvoyProxy ¶ added in v0.6.0
type EnvoyProxy struct { metav1.TypeMeta `json:",inline"` metav1.ObjectMeta `json:"metadata,omitempty"` // EnvoyProxySpec defines the desired state of EnvoyProxy. Spec EnvoyProxySpec `json:"spec,omitempty"` // EnvoyProxyStatus defines the actual state of EnvoyProxy. Status EnvoyProxyStatus `json:"status,omitempty"` }
EnvoyProxy is the schema for the envoyproxies API.
func (*EnvoyProxy) DeepCopy ¶ added in v0.6.0
func (in *EnvoyProxy) DeepCopy() *EnvoyProxy
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new EnvoyProxy.
func (*EnvoyProxy) DeepCopyInto ¶ added in v0.6.0
func (in *EnvoyProxy) DeepCopyInto(out *EnvoyProxy)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
func (*EnvoyProxy) DeepCopyObject ¶ added in v0.6.0
func (in *EnvoyProxy) DeepCopyObject() runtime.Object
DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.
func (*EnvoyProxy) GetEnvoyProxyProvider ¶ added in v0.6.0
func (e *EnvoyProxy) GetEnvoyProxyProvider() *EnvoyProxyProvider
GetEnvoyProxyProvider returns the EnvoyProxyProvider of EnvoyProxy or a default EnvoyProxyProvider if unspecified.
func (*EnvoyProxy) NeedToSwitchPorts ¶ added in v1.1.0
func (e *EnvoyProxy) NeedToSwitchPorts() bool
NeedToSwitchPorts returns true if the EnvoyProxy needs to switch ports.
type EnvoyProxyKubernetesProvider ¶ added in v0.6.0
type EnvoyProxyKubernetesProvider struct { // EnvoyDeployment defines the desired state of the Envoy deployment resource. // If unspecified, default settings for the managed Envoy deployment resource // are applied. // // +optional EnvoyDeployment *KubernetesDeploymentSpec `json:"envoyDeployment,omitempty"` // EnvoyDaemonSet defines the desired state of the Envoy daemonset resource. // Disabled by default, a deployment resource is used instead to provision the Envoy Proxy fleet // // +optional EnvoyDaemonSet *KubernetesDaemonSetSpec `json:"envoyDaemonSet,omitempty"` // EnvoyService defines the desired state of the Envoy service resource. // If unspecified, default settings for the managed Envoy service resource // are applied. // // +optional EnvoyService *KubernetesServiceSpec `json:"envoyService,omitempty"` // EnvoyHpa defines the Horizontal Pod Autoscaler settings for Envoy Proxy Deployment. // Once the HPA is being set, Replicas field from EnvoyDeployment will be ignored. // // +optional EnvoyHpa *KubernetesHorizontalPodAutoscalerSpec `json:"envoyHpa,omitempty"` // UseListenerPortAsContainerPort disables the port shifting feature in the Envoy Proxy. // When set to false (default value), if the service port is a privileged port (1-1023), add a constant to the value converting it into an ephemeral port. // This allows the container to bind to the port without needing a CAP_NET_BIND_SERVICE capability. // // +optional UseListenerPortAsContainerPort *bool `json:"useListenerPortAsContainerPort,omitempty"` // EnvoyPDB allows to control the pod disruption budget of an Envoy Proxy. // +optional EnvoyPDB *KubernetesPodDisruptionBudgetSpec `json:"envoyPDB,omitempty"` }
+kubebuilder:validation:XValidation:rule="((has(self.envoyDeployment) && !has(self.envoyDaemonSet)) || (!has(self.envoyDeployment) && has(self.envoyDaemonSet))) || (!has(self.envoyDeployment) && !has(self.envoyDaemonSet))",message="only one of envoyDeployment or envoyDaemonSet can be specified" +kubebuilder:validation:XValidation:rule="((has(self.envoyHpa) && !has(self.envoyDaemonSet)) || (!has(self.envoyHpa) && has(self.envoyDaemonSet))) || (!has(self.envoyHpa) && !has(self.envoyDaemonSet))",message="cannot use envoyHpa if envoyDaemonSet is used"
EnvoyProxyKubernetesProvider defines configuration for the Kubernetes resource provider.
func DefaultEnvoyProxyKubeProvider ¶ added in v0.6.0
func DefaultEnvoyProxyKubeProvider() *EnvoyProxyKubernetesProvider
DefaultEnvoyProxyKubeProvider returns a new EnvoyProxyKubernetesProvider with default settings.
func (*EnvoyProxyKubernetesProvider) DeepCopy ¶ added in v0.6.0
func (in *EnvoyProxyKubernetesProvider) DeepCopy() *EnvoyProxyKubernetesProvider
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new EnvoyProxyKubernetesProvider.
func (*EnvoyProxyKubernetesProvider) DeepCopyInto ¶ added in v0.6.0
func (in *EnvoyProxyKubernetesProvider) DeepCopyInto(out *EnvoyProxyKubernetesProvider)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type EnvoyProxyList ¶ added in v0.6.0
type EnvoyProxyList struct { metav1.TypeMeta `json:",inline"` metav1.ListMeta `json:"metadata,omitempty"` Items []EnvoyProxy `json:"items"` }
EnvoyProxyList contains a list of EnvoyProxy
func (*EnvoyProxyList) DeepCopy ¶ added in v0.6.0
func (in *EnvoyProxyList) DeepCopy() *EnvoyProxyList
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new EnvoyProxyList.
func (*EnvoyProxyList) DeepCopyInto ¶ added in v0.6.0
func (in *EnvoyProxyList) DeepCopyInto(out *EnvoyProxyList)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
func (*EnvoyProxyList) DeepCopyObject ¶ added in v0.6.0
func (in *EnvoyProxyList) DeepCopyObject() runtime.Object
DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.
type EnvoyProxyProvider ¶ added in v0.6.0
type EnvoyProxyProvider struct { // Type is the type of resource provider to use. A resource provider provides // infrastructure resources for running the data plane, e.g. Envoy proxy, and // optional auxiliary control planes. Supported types are "Kubernetes". // // +unionDiscriminator Type ProviderType `json:"type"` // Kubernetes defines the desired state of the Kubernetes resource provider. // Kubernetes provides infrastructure resources for running the data plane, // e.g. Envoy proxy. If unspecified and type is "Kubernetes", default settings // for managed Kubernetes resources are applied. // // +optional Kubernetes *EnvoyProxyKubernetesProvider `json:"kubernetes,omitempty"` }
EnvoyProxyProvider defines the desired state of a resource provider. +union
func DefaultEnvoyProxyProvider ¶ added in v0.6.0
func DefaultEnvoyProxyProvider() *EnvoyProxyProvider
DefaultEnvoyProxyProvider returns a new EnvoyProxyProvider with default settings.
func (*EnvoyProxyProvider) DeepCopy ¶ added in v0.6.0
func (in *EnvoyProxyProvider) DeepCopy() *EnvoyProxyProvider
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new EnvoyProxyProvider.
func (*EnvoyProxyProvider) DeepCopyInto ¶ added in v0.6.0
func (in *EnvoyProxyProvider) DeepCopyInto(out *EnvoyProxyProvider)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
func (*EnvoyProxyProvider) GetEnvoyProxyKubeProvider ¶ added in v0.6.0
func (r *EnvoyProxyProvider) GetEnvoyProxyKubeProvider() *EnvoyProxyKubernetesProvider
GetEnvoyProxyKubeProvider returns the EnvoyProxyKubernetesProvider of EnvoyProxyProvider or a default EnvoyProxyKubernetesProvider if unspecified. If EnvoyProxyProvider is not of type "Kubernetes", a nil EnvoyProxyKubernetesProvider is returned.
type EnvoyProxySpec ¶ added in v0.6.0
type EnvoyProxySpec struct { // Provider defines the desired resource provider and provider-specific configuration. // If unspecified, the "Kubernetes" resource provider is used with default configuration // parameters. // // +optional Provider *EnvoyProxyProvider `json:"provider,omitempty"` // Logging defines logging parameters for managed proxies. // +kubebuilder:default={level: {default: warn}} Logging ProxyLogging `json:"logging,omitempty"` // Telemetry defines telemetry parameters for managed proxies. // // +optional Telemetry *ProxyTelemetry `json:"telemetry,omitempty"` // Bootstrap defines the Envoy Bootstrap as a YAML string. // Visit https://www.envoyproxy.io/docs/envoy/latest/api-v3/config/bootstrap/v3/bootstrap.proto#envoy-v3-api-msg-config-bootstrap-v3-bootstrap // to learn more about the syntax. // If set, this is the Bootstrap configuration used for the managed Envoy Proxy fleet instead of the default Bootstrap configuration // set by Envoy Gateway. // Some fields within the Bootstrap that are required to communicate with the xDS Server (Envoy Gateway) and receive xDS resources // from it are not configurable and will result in the `EnvoyProxy` resource being rejected. // Backward compatibility across minor versions is not guaranteed. // We strongly recommend using `egctl x translate` to generate a `EnvoyProxy` resource with the `Bootstrap` field set to the default // Bootstrap configuration used. You can edit this configuration, and rerun `egctl x translate` to ensure there are no validation errors. // // +optional Bootstrap *ProxyBootstrap `json:"bootstrap,omitempty"` // Concurrency defines the number of worker threads to run. If unset, it defaults to // the number of cpuset threads on the platform. // // +optional Concurrency *int32 `json:"concurrency,omitempty"` // RoutingType can be set to "Service" to use the Service Cluster IP for routing to the backend, // or it can be set to "Endpoint" to use Endpoint routing. The default is "Endpoint". // +optional RoutingType *RoutingType `json:"routingType,omitempty"` // ExtraArgs defines additional command line options that are provided to Envoy. // More info: https://www.envoyproxy.io/docs/envoy/latest/operations/cli#command-line-options // Note: some command line options are used internally(e.g. --log-level) so they cannot be provided here. // // +optional ExtraArgs []string `json:"extraArgs,omitempty"` // MergeGateways defines if Gateway resources should be merged onto the same Envoy Proxy Infrastructure. // Setting this field to true would merge all Gateway Listeners under the parent Gateway Class. // This means that the port, protocol and hostname tuple must be unique for every listener. // If a duplicate listener is detected, the newer listener (based on timestamp) will be rejected and its status will be updated with a "Accepted=False" condition. // // +optional MergeGateways *bool `json:"mergeGateways,omitempty"` // Shutdown defines configuration for graceful envoy shutdown process. // // +optional Shutdown *ShutdownConfig `json:"shutdown,omitempty"` // FilterOrder defines the order of filters in the Envoy proxy's HTTP filter chain. // The FilterPosition in the list will be applied in the order they are defined. // If unspecified, the default filter order is applied. // Default filter order is: // // - envoy.filters.http.health_check // // - envoy.filters.http.fault // // - envoy.filters.http.cors // // - envoy.filters.http.ext_authz // // - envoy.filters.http.basic_auth // // - envoy.filters.http.oauth2 // // - envoy.filters.http.jwt_authn // // - envoy.filters.http.stateful_session // // - envoy.filters.http.ext_proc // // - envoy.filters.http.wasm // // - envoy.filters.http.rbac // // - envoy.filters.http.local_ratelimit // // - envoy.filters.http.ratelimit // // - envoy.filters.http.custom_response // // - envoy.filters.http.router // // Note: "envoy.filters.http.router" cannot be reordered, it's always the last filter in the chain. // // +optional FilterOrder []FilterPosition `json:"filterOrder,omitempty"` // BackendTLS is the TLS configuration for the Envoy proxy to use when connecting to backends. // These settings are applied on backends for which TLS policies are specified. // +optional BackendTLS *BackendTLSConfig `json:"backendTLS,omitempty"` // IPFamily specifies the IP family for the EnvoyProxy fleet. // This setting only affects the Gateway listener port and does not impact // other aspects of the Envoy proxy configuration. // If not specified, the system will operate as follows: // - It defaults to IPv4 only. // - IPv6 and dual-stack environments are not supported in this default configuration. // Note: To enable IPv6 or dual-stack functionality, explicit configuration is required. // +kubebuilder:validation:Enum=IPv4;IPv6;DualStack // +optional IPFamily *IPFamily `json:"ipFamily,omitempty"` }
EnvoyProxySpec defines the desired state of EnvoyProxy.
func (*EnvoyProxySpec) DeepCopy ¶ added in v0.6.0
func (in *EnvoyProxySpec) DeepCopy() *EnvoyProxySpec
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new EnvoyProxySpec.
func (*EnvoyProxySpec) DeepCopyInto ¶ added in v0.6.0
func (in *EnvoyProxySpec) DeepCopyInto(out *EnvoyProxySpec)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type EnvoyProxyStatus ¶ added in v0.6.0
type EnvoyProxyStatus struct { }
EnvoyProxyStatus defines the observed state of EnvoyProxy. This type is not implemented until https://github.com/envoyproxy/gateway/issues/1007 is fixed.
func (*EnvoyProxyStatus) DeepCopy ¶ added in v0.6.0
func (in *EnvoyProxyStatus) DeepCopy() *EnvoyProxyStatus
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new EnvoyProxyStatus.
func (*EnvoyProxyStatus) DeepCopyInto ¶ added in v0.6.0
func (in *EnvoyProxyStatus) DeepCopyInto(out *EnvoyProxyStatus)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type EnvoyResourceType ¶ added in v0.5.0
type EnvoyResourceType string
EnvoyResourceType specifies the type URL of the Envoy resource. +kubebuilder:validation:Enum=type.googleapis.com/envoy.config.listener.v3.Listener;type.googleapis.com/envoy.config.route.v3.RouteConfiguration;type.googleapis.com/envoy.config.cluster.v3.Cluster;type.googleapis.com/envoy.config.endpoint.v3.ClusterLoadAssignment;type.googleapis.com/envoy.extensions.transport_sockets.tls.v3.Secret
const ( // ListenerEnvoyResourceType defines the Type URL of the Listener resource ListenerEnvoyResourceType EnvoyResourceType = "type.googleapis.com/envoy.config.listener.v3.Listener" // RouteConfigurationEnvoyResourceType defines the Type URL of the RouteConfiguration resource RouteConfigurationEnvoyResourceType EnvoyResourceType = "type.googleapis.com/envoy.config.route.v3.RouteConfiguration" // ClusterEnvoyResourceType defines the Type URL of the Cluster resource ClusterEnvoyResourceType EnvoyResourceType = "type.googleapis.com/envoy.config.cluster.v3.Cluster" // ClusterLoadAssignmentEnvoyResourceType defines the Type URL of the ClusterLoadAssignment resource ClusterLoadAssignmentEnvoyResourceType EnvoyResourceType = "type.googleapis.com/envoy.config.endpoint.v3.ClusterLoadAssignment" )
type ExtAuth ¶ added in v1.0.0
type ExtAuth struct { // GRPC defines the gRPC External Authorization service. // Either GRPCService or HTTPService must be specified, // and only one of them can be provided. GRPC *GRPCExtAuthService `json:"grpc,omitempty"` // HTTP defines the HTTP External Authorization service. // Either GRPCService or HTTPService must be specified, // and only one of them can be provided. HTTP *HTTPExtAuthService `json:"http,omitempty"` // HeadersToExtAuth defines the client request headers that will be included // in the request to the external authorization service. // Note: If not specified, the default behavior for gRPC and HTTP external // authorization services is different due to backward compatibility reasons. // All headers will be included in the check request to a gRPC authorization server. // Only the following headers will be included in the check request to an HTTP // authorization server: Host, Method, Path, Content-Length, and Authorization. // And these headers will always be included to the check request to an HTTP // authorization server by default, no matter whether they are specified // in HeadersToExtAuth or not. // +optional HeadersToExtAuth []string `json:"headersToExtAuth,omitempty"` // FailOpen is a switch used to control the behavior when a response from the External Authorization service cannot be obtained. // If FailOpen is set to true, the system allows the traffic to pass through. // Otherwise, if it is set to false or not set (defaulting to false), // the system blocks the traffic and returns a HTTP 5xx error, reflecting a fail-closed approach. // This setting determines whether to prioritize accessibility over strict security in case of authorization service failure. // // +optional // +kubebuilder:default=false FailOpen *bool `json:"failOpen,omitempty"` // RecomputeRoute clears the route cache and recalculates the routing decision. // This field must be enabled if the headers added or modified by the ExtAuth are used for // route matching decisions. If the recomputation selects a new route, features targeting // the new matched route will be applied. // // +optional RecomputeRoute *bool `json:"recomputeRoute,omitempty"` }
ExtAuth defines the configuration for External Authorization.
+kubebuilder:validation:XValidation:rule="(has(self.grpc) || has(self.http))",message="one of grpc or http must be specified" +kubebuilder:validation:XValidation:rule="(has(self.grpc) && !has(self.http)) || (!has(self.grpc) && has(self.http))",message="only one of grpc or http can be specified"
func (*ExtAuth) DeepCopy ¶ added in v1.0.0
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ExtAuth.
func (*ExtAuth) DeepCopyInto ¶ added in v1.0.0
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type ExtProc ¶ added in v1.1.0
type ExtProc struct { BackendCluster `json:",inline"` // MessageTimeout is the timeout for a response to be returned from the external processor // Default: 200ms // // +optional MessageTimeout *gwapiv1.Duration `json:"messageTimeout,omitempty"` // FailOpen defines if requests or responses that cannot be processed due to connectivity to the // external processor are terminated or passed-through. // Default: false // // +optional FailOpen *bool `json:"failOpen,omitempty"` // ProcessingMode defines how request and response body is processed // Default: header and body are not sent to the external processor // // +optional ProcessingMode *ExtProcProcessingMode `json:"processingMode,omitempty"` }
ExtProc defines the configuration for External Processing filter. +kubebuilder:validation:XValidation:message="BackendRefs must be used, backendRef is not supported.",rule="!has(self.backendRef)" +kubebuilder:validation:XValidation:message="BackendRefs only supports Service and Backend kind.",rule="has(self.backendRefs) ? self.backendRefs.all(f, f.kind == 'Service' || f.kind == 'Backend') : true" +kubebuilder:validation:XValidation:message="BackendRefs only supports Core and gateway.envoyproxy.io group.",rule="has(self.backendRefs) ? (self.backendRefs.all(f, f.group == \"\" || f.group == 'gateway.envoyproxy.io')) : true"
func (*ExtProc) DeepCopy ¶ added in v1.1.0
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ExtProc.
func (*ExtProc) DeepCopyInto ¶ added in v1.1.0
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type ExtProcBodyProcessingMode ¶ added in v1.1.0
type ExtProcBodyProcessingMode string
+kubebuilder:validation:Enum=Streamed;Buffered;BufferedPartial
const ( // StreamedExtProcBodyProcessingMode will stream the body to the server in pieces as they arrive at the proxy. StreamedExtProcBodyProcessingMode ExtProcBodyProcessingMode = "Streamed" // BufferedExtProcBodyProcessingMode will buffer the message body in memory and send the entire body at once. If the body exceeds the configured buffer limit, then the downstream system will receive an error. BufferedExtProcBodyProcessingMode ExtProcBodyProcessingMode = "Buffered" // BufferedPartialExtBodyHeaderProcessingMode will buffer the message body in memory and send the entire body in one chunk. If the body exceeds the configured buffer limit, then the body contents up to the buffer limit will be sent. BufferedPartialExtBodyHeaderProcessingMode ExtProcBodyProcessingMode = "BufferedPartial" )
type ExtProcProcessingMode ¶ added in v1.1.0
type ExtProcProcessingMode struct { // Defines processing mode for requests. If present, request headers are sent. Request body is processed according // to the specified mode. // // +optional Request *ProcessingModeOptions `json:"request,omitempty"` // Defines processing mode for responses. If present, response headers are sent. Response body is processed according // to the specified mode. // // +optional Response *ProcessingModeOptions `json:"response,omitempty"` }
ExtProcProcessingMode defines if and how headers and bodies are sent to the service. https://www.envoyproxy.io/docs/envoy/latest/api-v3/extensions/filters/http/ext_proc/v3/processing_mode.proto#envoy-v3-api-msg-extensions-filters-http-ext-proc-v3-processingmode
func (*ExtProcProcessingMode) DeepCopy ¶ added in v1.1.0
func (in *ExtProcProcessingMode) DeepCopy() *ExtProcProcessingMode
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ExtProcProcessingMode.
func (*ExtProcProcessingMode) DeepCopyInto ¶ added in v1.1.0
func (in *ExtProcProcessingMode) DeepCopyInto(out *ExtProcProcessingMode)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type ExtensionAPISettings ¶ added in v0.6.0
type ExtensionAPISettings struct { // EnableEnvoyPatchPolicy enables Envoy Gateway to // reconcile and implement the EnvoyPatchPolicy resources. EnableEnvoyPatchPolicy bool `json:"enableEnvoyPatchPolicy"` // EnableBackend enables Envoy Gateway to // reconcile and implement the Backend resources. EnableBackend bool `json:"enableBackend"` }
ExtensionAPISettings defines the settings specific to Gateway API Extensions.
func (*ExtensionAPISettings) DeepCopy ¶ added in v0.6.0
func (in *ExtensionAPISettings) DeepCopy() *ExtensionAPISettings
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ExtensionAPISettings.
func (*ExtensionAPISettings) DeepCopyInto ¶ added in v0.6.0
func (in *ExtensionAPISettings) DeepCopyInto(out *ExtensionAPISettings)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type ExtensionHooks ¶ added in v0.6.0
type ExtensionHooks struct { // XDSTranslator defines all the supported extension hooks for the xds-translator runner XDSTranslator *XDSTranslatorHooks `json:"xdsTranslator,omitempty"` }
ExtensionHooks defines extension hooks across all supported runners
func (*ExtensionHooks) DeepCopy ¶ added in v0.6.0
func (in *ExtensionHooks) DeepCopy() *ExtensionHooks
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ExtensionHooks.
func (*ExtensionHooks) DeepCopyInto ¶ added in v0.6.0
func (in *ExtensionHooks) DeepCopyInto(out *ExtensionHooks)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type ExtensionManager ¶ added in v0.6.0
type ExtensionManager struct { // Resources defines the set of K8s resources the extension will handle as route // filter resources // // +optional Resources []GroupVersionKind `json:"resources,omitempty"` // PolicyResources defines the set of K8S resources the extension server will handle // as directly attached GatewayAPI policies // // +optional PolicyResources []GroupVersionKind `json:"policyResources,omitempty"` // Hooks defines the set of hooks the extension supports // // +kubebuilder:validation:Required Hooks *ExtensionHooks `json:"hooks,omitempty"` // Service defines the configuration of the extension service that the Envoy // Gateway Control Plane will call through extension hooks. // // +kubebuilder:validation:Required Service *ExtensionService `json:"service,omitempty"` }
ExtensionManager defines the configuration for registering an extension manager to the Envoy Gateway control plane.
func (*ExtensionManager) DeepCopy ¶ added in v0.6.0
func (in *ExtensionManager) DeepCopy() *ExtensionManager
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ExtensionManager.
func (*ExtensionManager) DeepCopyInto ¶ added in v0.6.0
func (in *ExtensionManager) DeepCopyInto(out *ExtensionManager)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type ExtensionService ¶ added in v0.6.0
type ExtensionService struct { // BackendEndpoint points to where the extension server can be found. BackendEndpoint `json:",inline"` // Host define the extension service hostname. // Deprecated: use the appropriate transport attribute instead (FQDN,IP,Unix) // // +optional Host string `json:"host,omitempty"` // Port defines the port the extension service is exposed on. // Deprecated: use the appropriate transport attribute instead (FQDN,IP,Unix) // // +optional // +kubebuilder:validation:Minimum=0 // +kubebuilder:default=80 Port int32 `json:"port,omitempty"` // TLS defines TLS configuration for communication between Envoy Gateway and // the extension service. // // +optional TLS *ExtensionTLS `json:"tls,omitempty"` }
ExtensionService defines the configuration for connecting to a registered extension service.
func (*ExtensionService) DeepCopy ¶ added in v0.6.0
func (in *ExtensionService) DeepCopy() *ExtensionService
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ExtensionService.
func (*ExtensionService) DeepCopyInto ¶ added in v0.6.0
func (in *ExtensionService) DeepCopyInto(out *ExtensionService)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type ExtensionTLS ¶ added in v0.6.0
type ExtensionTLS struct { // CertificateRef contains a references to objects (Kubernetes objects or otherwise) that // contains a TLS certificate and private keys. These certificates are used to // establish a TLS handshake to the extension server. // // CertificateRef can only reference a Kubernetes Secret at this time. // // +kubebuilder:validation:Required CertificateRef gwapiv1.SecretObjectReference `json:"certificateRef"` }
ExtensionTLS defines the TLS configuration when connecting to an extension service
func (*ExtensionTLS) DeepCopy ¶ added in v0.6.0
func (in *ExtensionTLS) DeepCopy() *ExtensionTLS
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ExtensionTLS.
func (*ExtensionTLS) DeepCopyInto ¶ added in v0.6.0
func (in *ExtensionTLS) DeepCopyInto(out *ExtensionTLS)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type FQDNEndpoint ¶ added in v1.1.0
type FQDNEndpoint struct { // Hostname defines the FQDN hostname of the backend endpoint. // // +kubebuilder:validation:MinLength=1 // +kubebuilder:validation:MaxLength=253 // +kubebuilder:validation:Pattern=`^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9]))*$` Hostname string `json:"hostname"` // Port defines the port of the backend endpoint. // // +kubebuilder:validation:Minimum=0 // +kubebuilder:validation:Maximum=65535 Port int32 `json:"port"` }
FQDNEndpoint describes TCP/UDP socket address, corresponding to Envoy's Socket Address https://www.envoyproxy.io/docs/envoy/latest/api-v3/config/core/v3/address.proto#config-core-v3-socketaddress
func (*FQDNEndpoint) DeepCopy ¶ added in v1.1.0
func (in *FQDNEndpoint) DeepCopy() *FQDNEndpoint
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new FQDNEndpoint.
func (*FQDNEndpoint) DeepCopyInto ¶ added in v1.1.0
func (in *FQDNEndpoint) DeepCopyInto(out *FQDNEndpoint)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type FaultInjection ¶ added in v1.0.0
type FaultInjection struct { // If specified, a delay will be injected into the request. // // +optional Delay *FaultInjectionDelay `json:"delay,omitempty"` // If specified, the request will be aborted if it meets the configuration criteria. // // +optional Abort *FaultInjectionAbort `json:"abort,omitempty"` }
FaultInjection defines the fault injection policy to be applied. This configuration can be used to inject delays and abort requests to mimic failure scenarios such as service failures and overloads +union
+kubebuilder:validation:XValidation:rule=" has(self.delay) || has(self.abort) ",message="Delay and abort faults are set at least one."
func (*FaultInjection) DeepCopy ¶ added in v1.0.0
func (in *FaultInjection) DeepCopy() *FaultInjection
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new FaultInjection.
func (*FaultInjection) DeepCopyInto ¶ added in v1.0.0
func (in *FaultInjection) DeepCopyInto(out *FaultInjection)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type FaultInjectionAbort ¶ added in v1.0.0
type FaultInjectionAbort struct { // StatusCode specifies the HTTP status code to be returned // // +optional // +kubebuilder:validation:Minimum=200 // +kubebuilder:validation:Maximum=600 HTTPStatus *int32 `json:"httpStatus,omitempty"` // GrpcStatus specifies the GRPC status code to be returned // // +optional GrpcStatus *int32 `json:"grpcStatus,omitempty"` // Percentage specifies the percentage of requests to be aborted. Default 100%, if set 0, no requests will be aborted. Accuracy to 0.0001%. // +optional // +kubebuilder:default=100 Percentage *float32 `json:"percentage,omitempty"` }
FaultInjectionAbort defines the abort fault injection configuration +union
+kubebuilder:validation:XValidation:rule=" !(has(self.httpStatus) && has(self.grpcStatus)) ",message="httpStatus and grpcStatus cannot be simultaneously defined." +kubebuilder:validation:XValidation:rule=" has(self.httpStatus) || has(self.grpcStatus) ",message="httpStatus and grpcStatus are set at least one."
func (*FaultInjectionAbort) DeepCopy ¶ added in v1.0.0
func (in *FaultInjectionAbort) DeepCopy() *FaultInjectionAbort
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new FaultInjectionAbort.
func (*FaultInjectionAbort) DeepCopyInto ¶ added in v1.0.0
func (in *FaultInjectionAbort) DeepCopyInto(out *FaultInjectionAbort)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type FaultInjectionDelay ¶ added in v1.0.0
type FaultInjectionDelay struct { // FixedDelay specifies the fixed delay duration // // +required FixedDelay *metav1.Duration `json:"fixedDelay"` // Percentage specifies the percentage of requests to be delayed. Default 100%, if set 0, no requests will be delayed. Accuracy to 0.0001%. // +optional // +kubebuilder:default=100 Percentage *float32 `json:"percentage,omitempty"` }
FaultInjectionDelay defines the delay fault injection configuration
func (*FaultInjectionDelay) DeepCopy ¶ added in v1.0.0
func (in *FaultInjectionDelay) DeepCopy() *FaultInjectionDelay
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new FaultInjectionDelay.
func (*FaultInjectionDelay) DeepCopyInto ¶ added in v1.0.0
func (in *FaultInjectionDelay) DeepCopyInto(out *FaultInjectionDelay)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type FileEnvoyProxyAccessLog ¶ added in v0.6.0
type FileEnvoyProxyAccessLog struct { // Path defines the file path used to expose envoy access log(e.g. /dev/stdout). // +kubebuilder:validation:MinLength=1 Path string `json:"path,omitempty"` }
func (*FileEnvoyProxyAccessLog) DeepCopy ¶ added in v0.6.0
func (in *FileEnvoyProxyAccessLog) DeepCopy() *FileEnvoyProxyAccessLog
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new FileEnvoyProxyAccessLog.
func (*FileEnvoyProxyAccessLog) DeepCopyInto ¶ added in v0.6.0
func (in *FileEnvoyProxyAccessLog) DeepCopyInto(out *FileEnvoyProxyAccessLog)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type FilterPosition ¶ added in v1.1.0
type FilterPosition struct { // Name of the filter. Name EnvoyFilter `json:"name"` // Before defines the filter that should come before the filter. // Only one of Before or After must be set. Before *EnvoyFilter `json:"before,omitempty"` // After defines the filter that should come after the filter. // Only one of Before or After must be set. After *EnvoyFilter `json:"after,omitempty"` }
FilterPosition defines the position of an Envoy HTTP filter in the filter chain. +kubebuilder:validation:XValidation:rule="(has(self.before) || has(self.after))",message="one of before or after must be specified" +kubebuilder:validation:XValidation:rule="(has(self.before) && !has(self.after)) || (!has(self.before) && has(self.after))",message="only one of before or after can be specified"
func (*FilterPosition) DeepCopy ¶ added in v1.1.0
func (in *FilterPosition) DeepCopy() *FilterPosition
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new FilterPosition.
func (*FilterPosition) DeepCopyInto ¶ added in v1.1.0
func (in *FilterPosition) DeepCopyInto(out *FilterPosition)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type GRPCActiveHealthChecker ¶ added in v1.2.0
type GRPCActiveHealthChecker struct { // Service to send in the health check request. // If this is not specified, then the health check request applies to the entire // server and not to a specific service. // +optional Service *string `json:"service,omitempty" yaml:"service,omitempty"` }
GRPCActiveHealthChecker defines the settings of the GRPC health check.
func (*GRPCActiveHealthChecker) DeepCopy ¶ added in v1.2.0
func (in *GRPCActiveHealthChecker) DeepCopy() *GRPCActiveHealthChecker
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new GRPCActiveHealthChecker.
func (*GRPCActiveHealthChecker) DeepCopyInto ¶ added in v1.2.0
func (in *GRPCActiveHealthChecker) DeepCopyInto(out *GRPCActiveHealthChecker)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type GRPCExtAuthService ¶ added in v1.0.0
type GRPCExtAuthService struct { // Only Service kind is supported for now. BackendCluster `json:",inline"` }
GRPCExtAuthService defines the gRPC External Authorization service The authorization request message is defined in https://www.envoyproxy.io/docs/envoy/latest/api-v3/service/auth/v3/external_auth.proto +kubebuilder:validation:XValidation:message="backendRef or backendRefs needs to be set",rule="has(self.backendRef) || self.backendRefs.size() > 0" +kubebuilder:validation:XValidation:message="BackendRefs only supports Service and Backend kind.",rule="has(self.backendRefs) ? self.backendRefs.all(f, f.kind == 'Service' || f.kind == 'Backend') : true" +kubebuilder:validation:XValidation:message="BackendRefs only supports Core and gateway.envoyproxy.io group.",rule="has(self.backendRefs) ? (self.backendRefs.all(f, f.group == \"\" || f.group == 'gateway.envoyproxy.io')) : true"
func (*GRPCExtAuthService) DeepCopy ¶ added in v1.0.0
func (in *GRPCExtAuthService) DeepCopy() *GRPCExtAuthService
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new GRPCExtAuthService.
func (*GRPCExtAuthService) DeepCopyInto ¶ added in v1.0.0
func (in *GRPCExtAuthService) DeepCopyInto(out *GRPCExtAuthService)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type Gateway ¶ added in v0.6.0
type Gateway struct { // ControllerName defines the name of the Gateway API controller. If unspecified, // defaults to "gateway.envoyproxy.io/gatewayclass-controller". See the following // for additional details: // https://gateway-api.sigs.k8s.io/reference/spec/#gateway.networking.k8s.io/v1.GatewayClass // // +optional ControllerName string `json:"controllerName,omitempty"` }
Gateway defines the desired Gateway API configuration of Envoy Gateway.
func DefaultGateway ¶ added in v0.6.0
func DefaultGateway() *Gateway
DefaultGateway returns a new Gateway with default configuration parameters.
func (*Gateway) DeepCopy ¶ added in v0.6.0
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new Gateway.
func (*Gateway) DeepCopyInto ¶ added in v0.6.0
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type GlobalRateLimit ¶
type GlobalRateLimit struct { // Rules are a list of RateLimit selectors and limits. Each rule and its // associated limit is applied in a mutually exclusive way. If a request // matches multiple rules, each of their associated limits get applied, so a // single request might increase the rate limit counters for multiple rules // if selected. The rate limit service will return a logical OR of the individual // rate limit decisions of all matching rules. For example, if a request // matches two rules, one rate limited and one not, the final decision will be // to rate limit the request. // // +kubebuilder:validation:MaxItems=64 Rules []RateLimitRule `json:"rules"` }
GlobalRateLimit defines global rate limit configuration.
func (*GlobalRateLimit) DeepCopy ¶
func (in *GlobalRateLimit) DeepCopy() *GlobalRateLimit
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new GlobalRateLimit.
func (*GlobalRateLimit) DeepCopyInto ¶
func (in *GlobalRateLimit) DeepCopyInto(out *GlobalRateLimit)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type GroupVersionKind ¶ added in v0.6.0
type GroupVersionKind struct { Group string `json:"group"` Version string `json:"version"` Kind string `json:"kind"` }
GroupVersionKind unambiguously identifies a Kind. It can be converted to k8s.io/apimachinery/pkg/runtime/schema.GroupVersionKind
func (*GroupVersionKind) DeepCopy ¶ added in v0.6.0
func (in *GroupVersionKind) DeepCopy() *GroupVersionKind
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new GroupVersionKind.
func (*GroupVersionKind) DeepCopyInto ¶ added in v0.6.0
func (in *GroupVersionKind) DeepCopyInto(out *GroupVersionKind)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type GzipCompressor ¶ added in v1.0.0
type GzipCompressor struct{}
GzipCompressor defines the config for the Gzip compressor. The default values can be found here: https://www.envoyproxy.io/docs/envoy/latest/api-v3/extensions/compression/gzip/compressor/v3/gzip.proto#extension-envoy-compression-gzip-compressor
func (*GzipCompressor) DeepCopy ¶ added in v1.0.0
func (in *GzipCompressor) DeepCopy() *GzipCompressor
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new GzipCompressor.
func (*GzipCompressor) DeepCopyInto ¶ added in v1.0.0
func (in *GzipCompressor) DeepCopyInto(out *GzipCompressor)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type HTTP10Settings ¶ added in v1.0.0
type HTTP10Settings struct { // UseDefaultHost defines if the HTTP/1.0 request is missing the Host header, // then the hostname associated with the listener should be injected into the // request. // If this is not set and an HTTP/1.0 request arrives without a host, then // it will be rejected. // +optional UseDefaultHost *bool `json:"useDefaultHost,omitempty"` }
HTTP10Settings provides HTTP/1.0 configuration on the listener.
func (*HTTP10Settings) DeepCopy ¶ added in v1.0.0
func (in *HTTP10Settings) DeepCopy() *HTTP10Settings
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new HTTP10Settings.
func (*HTTP10Settings) DeepCopyInto ¶ added in v1.0.0
func (in *HTTP10Settings) DeepCopyInto(out *HTTP10Settings)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type HTTP1Settings ¶ added in v1.0.0
type HTTP1Settings struct { // EnableTrailers defines if HTTP/1 trailers should be proxied by Envoy. // +optional EnableTrailers *bool `json:"enableTrailers,omitempty"` // PreserveHeaderCase defines if Envoy should preserve the letter case of headers. // By default, Envoy will lowercase all the headers. // +optional PreserveHeaderCase *bool `json:"preserveHeaderCase,omitempty"` // HTTP10 turns on support for HTTP/1.0 and HTTP/0.9 requests. // +optional HTTP10 *HTTP10Settings `json:"http10,omitempty"` }
HTTP1Settings provides HTTP/1 configuration on the listener.
func (*HTTP1Settings) DeepCopy ¶ added in v1.0.0
func (in *HTTP1Settings) DeepCopy() *HTTP1Settings
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new HTTP1Settings.
func (*HTTP1Settings) DeepCopyInto ¶ added in v1.0.0
func (in *HTTP1Settings) DeepCopyInto(out *HTTP1Settings)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type HTTP2Settings ¶ added in v1.1.0
type HTTP2Settings struct { // InitialStreamWindowSize sets the initial window size for HTTP/2 streams. // If not set, the default value is 64 KiB(64*1024). // // +kubebuilder:validation:XIntOrString // +kubebuilder:validation:Pattern="^[1-9]+[0-9]*([EPTGMK]i|[EPTGMk])?$" // +optional InitialStreamWindowSize *resource.Quantity `json:"initialStreamWindowSize,omitempty"` // InitialConnectionWindowSize sets the initial window size for HTTP/2 connections. // If not set, the default value is 1 MiB. // // +kubebuilder:validation:XIntOrString // +kubebuilder:validation:Pattern="^[1-9]+[0-9]*([EPTGMK]i|[EPTGMk])?$" // +optional InitialConnectionWindowSize *resource.Quantity `json:"initialConnectionWindowSize,omitempty"` // MaxConcurrentStreams sets the maximum number of concurrent streams allowed per connection. // If not set, the default value is 100. // +kubebuilder:validation:Minimum=1 // +kubebuilder:validation:Maximum=2147483647 // +optional MaxConcurrentStreams *uint32 `json:"maxConcurrentStreams,omitempty"` // OnInvalidMessage determines if Envoy will terminate the connection or just the offending stream in the event of HTTP messaging error // It's recommended for L2 Envoy deployments to set this value to TerminateStream. // https://www.envoyproxy.io/docs/envoy/latest/configuration/best_practices/level_two // Default: TerminateConnection // +optional OnInvalidMessage *InvalidMessageAction `json:"onInvalidMessage,omitempty"` }
HTTP2Settings provides HTTP/2 configuration for listeners and backends.
func (*HTTP2Settings) DeepCopy ¶ added in v1.1.0
func (in *HTTP2Settings) DeepCopy() *HTTP2Settings
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new HTTP2Settings.
func (*HTTP2Settings) DeepCopyInto ¶ added in v1.1.0
func (in *HTTP2Settings) DeepCopyInto(out *HTTP2Settings)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type HTTP3Settings ¶ added in v1.0.0
type HTTP3Settings struct{}
HTTP3Settings provides HTTP/3 configuration on the listener.
func (*HTTP3Settings) DeepCopy ¶ added in v1.0.0
func (in *HTTP3Settings) DeepCopy() *HTTP3Settings
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new HTTP3Settings.
func (*HTTP3Settings) DeepCopyInto ¶ added in v1.0.0
func (in *HTTP3Settings) DeepCopyInto(out *HTTP3Settings)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type HTTPActiveHealthChecker ¶ added in v1.0.0
type HTTPActiveHealthChecker struct { // Path defines the HTTP path that will be requested during health checking. // +kubebuilder:validation:MinLength=1 // +kubebuilder:validation:MaxLength=1024 Path string `json:"path" yaml:"path"` // Method defines the HTTP method used for health checking. // Defaults to GET // +optional Method *string `json:"method,omitempty" yaml:"method,omitempty"` // ExpectedStatuses defines a list of HTTP response statuses considered healthy. // Defaults to 200 only // +optional ExpectedStatuses []HTTPStatus `json:"expectedStatuses,omitempty" yaml:"expectedStatuses,omitempty"` // ExpectedResponse defines a list of HTTP expected responses to match. // +optional ExpectedResponse *ActiveHealthCheckPayload `json:"expectedResponse,omitempty" yaml:"expectedResponse,omitempty"` }
HTTPActiveHealthChecker defines the settings of http health check.
func (*HTTPActiveHealthChecker) DeepCopy ¶ added in v1.0.0
func (in *HTTPActiveHealthChecker) DeepCopy() *HTTPActiveHealthChecker
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new HTTPActiveHealthChecker.
func (*HTTPActiveHealthChecker) DeepCopyInto ¶ added in v1.0.0
func (in *HTTPActiveHealthChecker) DeepCopyInto(out *HTTPActiveHealthChecker)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type HTTPClientTimeout ¶ added in v1.0.0
type HTTPClientTimeout struct { // RequestReceivedTimeout is the duration envoy waits for the complete request reception. This timer starts upon request // initiation and stops when either the last byte of the request is sent upstream or when the response begins. // // +optional RequestReceivedTimeout *gwapiv1.Duration `json:"requestReceivedTimeout,omitempty"` // IdleTimeout for an HTTP connection. Idle time is defined as a period in which there are no active requests in the connection. // Default: 1 hour. // // +optional IdleTimeout *gwapiv1.Duration `json:"idleTimeout,omitempty"` }
func (*HTTPClientTimeout) DeepCopy ¶ added in v1.0.0
func (in *HTTPClientTimeout) DeepCopy() *HTTPClientTimeout
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new HTTPClientTimeout.
func (*HTTPClientTimeout) DeepCopyInto ¶ added in v1.0.0
func (in *HTTPClientTimeout) DeepCopyInto(out *HTTPClientTimeout)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type HTTPDirectResponseFilter ¶ added in v1.2.0
type HTTPDirectResponseFilter struct { // Content Type of the response. This will be set in the Content-Type header. // // +optional ContentType *string `json:"contentType,omitempty"` // Body of the Response // // +optional Body *CustomResponseBody `json:"body,omitempty"` // Status Code of the HTTP response // If unset, defaults to 200. // +optional StatusCode *int `json:"statusCode,omitempty"` }
HTTPDirectResponseFilter defines the configuration to return a fixed response.
func (*HTTPDirectResponseFilter) DeepCopy ¶ added in v1.2.0
func (in *HTTPDirectResponseFilter) DeepCopy() *HTTPDirectResponseFilter
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new HTTPDirectResponseFilter.
func (*HTTPDirectResponseFilter) DeepCopyInto ¶ added in v1.2.0
func (in *HTTPDirectResponseFilter) DeepCopyInto(out *HTTPDirectResponseFilter)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type HTTPExtAuthService ¶ added in v1.0.0
type HTTPExtAuthService struct { // Only Service kind is supported for now. BackendCluster `json:",inline"` // Path is the path of the HTTP External Authorization service. // If path is specified, the authorization request will be sent to that path, // or else the authorization request will be sent to the root path. Path *string `json:"path,omitempty"` // HeadersToBackend are the authorization response headers that will be added // to the original client request before sending it to the backend server. // Note that coexisting headers will be overridden. // If not specified, no authorization response headers will be added to the // original client request. // +optional HeadersToBackend []string `json:"headersToBackend,omitempty"` }
HTTPExtAuthService defines the HTTP External Authorization service
+kubebuilder:validation:XValidation:message="backendRef or backendRefs needs to be set",rule="has(self.backendRef) || self.backendRefs.size() > 0" +kubebuilder:validation:XValidation:message="BackendRefs only supports Service and Backend kind.",rule="has(self.backendRefs) ? self.backendRefs.all(f, f.kind == 'Service' || f.kind == 'Backend') : true" +kubebuilder:validation:XValidation:message="BackendRefs only supports Core and gateway.envoyproxy.io group.",rule="has(self.backendRefs) ? (self.backendRefs.all(f, f.group == \"\" || f.group == 'gateway.envoyproxy.io')) : true"
func (*HTTPExtAuthService) DeepCopy ¶ added in v1.0.0
func (in *HTTPExtAuthService) DeepCopy() *HTTPExtAuthService
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new HTTPExtAuthService.
func (*HTTPExtAuthService) DeepCopyInto ¶ added in v1.0.0
func (in *HTTPExtAuthService) DeepCopyInto(out *HTTPExtAuthService)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type HTTPHostnameModifier ¶ added in v1.2.0
type HTTPHostnameModifier struct { // +kubebuilder:validation:Enum=Header;Backend // +kubebuilder:validation:Required Type HTTPHostnameModifierType `json:"type"` // Header is the name of the header whose value would be used to rewrite the Host header // +optional Header *string `json:"header,omitempty"` }
+kubebuilder:validation:XValidation:message="header must be nil if the type is not Header",rule="!(has(self.header) && self.type != 'Header')" +kubebuilder:validation:XValidation:message="header must be specified for Header type",rule="!(!has(self.header) && self.type == 'Header')"
func (*HTTPHostnameModifier) DeepCopy ¶ added in v1.2.0
func (in *HTTPHostnameModifier) DeepCopy() *HTTPHostnameModifier
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new HTTPHostnameModifier.
func (*HTTPHostnameModifier) DeepCopyInto ¶ added in v1.2.0
func (in *HTTPHostnameModifier) DeepCopyInto(out *HTTPHostnameModifier)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type HTTPHostnameModifierType ¶ added in v1.2.0
type HTTPHostnameModifierType string
HTTPPathModifierType defines the type of Hostname rewrite.
const ( // HeaderHTTPHostnameModifier indicates that the Host header value would be replaced with the value of the header specified in header. // https://www.envoyproxy.io/docs/envoy/latest/api-v3/config/route/v3/route_components.proto#envoy-v3-api-field-config-route-v3-routeaction-host-rewrite-header HeaderHTTPHostnameModifier HTTPHostnameModifierType = "Header" // BackendHTTPHostnameModifier indicates that the Host header value would be replaced by the DNS name of the backend if it exists. // https://www.envoyproxy.io/docs/envoy/latest/api-v3/config/route/v3/route_components.proto#envoy-v3-api-field-config-route-v3-routeaction-auto-host-rewrite BackendHTTPHostnameModifier HTTPHostnameModifierType = "Backend" )
type HTTPPathModifier ¶ added in v1.2.0
type HTTPPathModifier struct { // +kubebuilder:validation:Enum=ReplaceRegexMatch // +kubebuilder:validation:Required Type HTTPPathModifierType `json:"type"` // ReplaceRegexMatch defines a path regex rewrite. The path portions matched by the regex pattern are replaced by the defined substitution. // https://www.envoyproxy.io/docs/envoy/latest/api-v3/config/route/v3/route_components.proto#envoy-v3-api-field-config-route-v3-routeaction-regex-rewrite // Some examples: // (1) replaceRegexMatch: // pattern: ^/service/([^/]+)(/.*)$ // substitution: \2/instance/\1 // Would transform /service/foo/v1/api into /v1/api/instance/foo. // (2) replaceRegexMatch: // pattern: one // substitution: two // Would transform /xxx/one/yyy/one/zzz into /xxx/two/yyy/two/zzz. // (3) replaceRegexMatch: // pattern: ^(.*?)one(.*)$ // substitution: \1two\2 // Would transform /xxx/one/yyy/one/zzz into /xxx/two/yyy/one/zzz. // (3) replaceRegexMatch: // pattern: (?i)/xxx/ // substitution: /yyy/ // Would transform path /aaa/XxX/bbb into /aaa/yyy/bbb (case-insensitive). // +optional ReplaceRegexMatch *ReplaceRegexMatch `json:"replaceRegexMatch,omitempty"` }
+kubebuilder:validation:XValidation:rule="self.type == 'ReplaceRegexMatch' ? has(self.replaceRegexMatch) : !has(self.replaceRegexMatch)",message="If HTTPPathModifier type is ReplaceRegexMatch, replaceRegexMatch field needs to be set."
func (*HTTPPathModifier) DeepCopy ¶ added in v1.2.0
func (in *HTTPPathModifier) DeepCopy() *HTTPPathModifier
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new HTTPPathModifier.
func (*HTTPPathModifier) DeepCopyInto ¶ added in v1.2.0
func (in *HTTPPathModifier) DeepCopyInto(out *HTTPPathModifier)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type HTTPPathModifierType ¶ added in v1.2.0
type HTTPPathModifierType string
HTTPPathModifierType defines the type of path redirect or rewrite.
const ( // RegexHTTPPathModifier This type of modifier indicates that the portions of the path that match the specified // regex would be substituted with the specified substitution value // https://www.envoyproxy.io/docs/envoy/latest/api-v3/type/matcher/v3/regex.proto#type-matcher-v3-regexmatchandsubstitute RegexHTTPPathModifier HTTPPathModifierType = "ReplaceRegexMatch" )
type HTTPRouteFilter ¶ added in v1.2.0
type HTTPRouteFilter struct { metav1.TypeMeta `json:",inline"` metav1.ObjectMeta `json:"metadata,omitempty"` // Spec defines the desired state of HTTPRouteFilter. Spec HTTPRouteFilterSpec `json:"spec"` }
HTTPRouteFilter is a custom Envoy Gateway HTTPRouteFilter which provides extended traffic processing options such as path regex rewrite, direct response and more.
func (*HTTPRouteFilter) DeepCopy ¶ added in v1.2.0
func (in *HTTPRouteFilter) DeepCopy() *HTTPRouteFilter
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new HTTPRouteFilter.
func (*HTTPRouteFilter) DeepCopyInto ¶ added in v1.2.0
func (in *HTTPRouteFilter) DeepCopyInto(out *HTTPRouteFilter)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
func (*HTTPRouteFilter) DeepCopyObject ¶ added in v1.2.0
func (in *HTTPRouteFilter) DeepCopyObject() runtime.Object
DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.
type HTTPRouteFilterList ¶ added in v1.2.0
type HTTPRouteFilterList struct { metav1.TypeMeta `json:",inline"` metav1.ListMeta `json:"metadata,omitempty"` Items []HTTPRouteFilter `json:"items"` }
HTTPRouteFilterList contains a list of HTTPRouteFilter resources.
func (*HTTPRouteFilterList) DeepCopy ¶ added in v1.2.0
func (in *HTTPRouteFilterList) DeepCopy() *HTTPRouteFilterList
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new HTTPRouteFilterList.
func (*HTTPRouteFilterList) DeepCopyInto ¶ added in v1.2.0
func (in *HTTPRouteFilterList) DeepCopyInto(out *HTTPRouteFilterList)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
func (*HTTPRouteFilterList) DeepCopyObject ¶ added in v1.2.0
func (in *HTTPRouteFilterList) DeepCopyObject() runtime.Object
DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.
type HTTPRouteFilterSpec ¶ added in v1.2.0
type HTTPRouteFilterSpec struct { // +optional URLRewrite *HTTPURLRewriteFilter `json:"urlRewrite,omitempty"` // +optional DirectResponse *HTTPDirectResponseFilter `json:"directResponse,omitempty"` }
HTTPRouteFilterSpec defines the desired state of HTTPRouteFilter. +union
func (*HTTPRouteFilterSpec) DeepCopy ¶ added in v1.2.0
func (in *HTTPRouteFilterSpec) DeepCopy() *HTTPRouteFilterSpec
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new HTTPRouteFilterSpec.
func (*HTTPRouteFilterSpec) DeepCopyInto ¶ added in v1.2.0
func (in *HTTPRouteFilterSpec) DeepCopyInto(out *HTTPRouteFilterSpec)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type HTTPStatus ¶ added in v1.0.0
type HTTPStatus int
HTTPStatus defines the http status code. +kubebuilder:validation:Minimum=100 +kubebuilder:validation:Maximum=600 +kubebuilder:validation:ExclusiveMaximum=true
type HTTPTimeout ¶ added in v1.0.0
type HTTPTimeout struct { // The idle timeout for an HTTP connection. Idle time is defined as a period in which there are no active requests in the connection. // Default: 1 hour. // // +optional ConnectionIdleTimeout *gwapiv1.Duration `json:"connectionIdleTimeout,omitempty"` // The maximum duration of an HTTP connection. // Default: unlimited. // // +optional MaxConnectionDuration *gwapiv1.Duration `json:"maxConnectionDuration,omitempty"` // RequestTimeout is the time until which entire response is received from the upstream. // // +optional RequestTimeout *gwapiv1.Duration `json:"requestTimeout,omitempty" yaml:"requestTimeout,omitempty"` }
func (*HTTPTimeout) DeepCopy ¶ added in v1.0.0
func (in *HTTPTimeout) DeepCopy() *HTTPTimeout
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new HTTPTimeout.
func (*HTTPTimeout) DeepCopyInto ¶ added in v1.0.0
func (in *HTTPTimeout) DeepCopyInto(out *HTTPTimeout)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type HTTPURLRewriteFilter ¶ added in v1.2.0
type HTTPURLRewriteFilter struct { // Hostname is the value to be used to replace the Host header value during // forwarding. // // +optional Hostname *HTTPHostnameModifier `json:"hostname,omitempty"` // Path defines a path rewrite. // // +optional Path *HTTPPathModifier `json:"path,omitempty"` }
HTTPURLRewriteFilter define rewrites of HTTP URL components such as path and host
func (*HTTPURLRewriteFilter) DeepCopy ¶ added in v1.2.0
func (in *HTTPURLRewriteFilter) DeepCopy() *HTTPURLRewriteFilter
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new HTTPURLRewriteFilter.
func (*HTTPURLRewriteFilter) DeepCopyInto ¶ added in v1.2.0
func (in *HTTPURLRewriteFilter) DeepCopyInto(out *HTTPURLRewriteFilter)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type HTTPWasmCodeSource ¶ added in v1.1.0
type HTTPWasmCodeSource struct { // URL is the URL containing the Wasm code. // +kubebuilder:validation:Pattern=`^((https?:)(\/\/\/?)([\w]*(?::[\w]*)?@)?([\d\w\.-]+)(?::(\d+))?)?([\/\\\w\.()-]*)?(?:([?][^#]*)?(#.*)?)*` URL string `json:"url"` // SHA256 checksum that will be used to verify the Wasm code. // // If not specified, Envoy Gateway will not verify the downloaded Wasm code. // kubebuilder:validation:Pattern=`^[a-f0-9]{64}$` // +optional SHA256 *string `json:"sha256"` }
HTTPWasmCodeSource defines the HTTP URL containing the Wasm code.
func (*HTTPWasmCodeSource) DeepCopy ¶ added in v1.1.0
func (in *HTTPWasmCodeSource) DeepCopy() *HTTPWasmCodeSource
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new HTTPWasmCodeSource.
func (*HTTPWasmCodeSource) DeepCopyInto ¶ added in v1.1.0
func (in *HTTPWasmCodeSource) DeepCopyInto(out *HTTPWasmCodeSource)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type Header ¶ added in v1.1.0
type Header struct { // Name of the header to hash. Name string `json:"name"` }
Header defines the header hashing configuration for consistent hash based load balancing.
func (*Header) DeepCopy ¶ added in v1.1.0
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new Header.
func (*Header) DeepCopyInto ¶ added in v1.1.0
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type HeaderMatch ¶
type HeaderMatch struct { // Type specifies how to match against the value of the header. // // +optional // +kubebuilder:default=Exact Type *HeaderMatchType `json:"type,omitempty"` // Name of the HTTP header. // +kubebuilder:validation:MinLength=1 // +kubebuilder:validation:MaxLength=256 Name string `json:"name"` // Value within the HTTP header. Due to the // case-insensitivity of header names, "foo" and "Foo" are considered equivalent. // Do not set this field when Type="Distinct", implying matching on any/all unique // values within the header. // // +optional // +kubebuilder:validation:MaxLength=1024 Value *string `json:"value,omitempty"` // Invert specifies whether the value match result will be inverted. // Do not set this field when Type="Distinct", implying matching on any/all unique // values within the header. // // +optional // +kubebuilder:default=false Invert *bool `json:"invert,omitempty"` }
HeaderMatch defines the match attributes within the HTTP Headers of the request.
func (*HeaderMatch) DeepCopy ¶
func (in *HeaderMatch) DeepCopy() *HeaderMatch
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new HeaderMatch.
func (*HeaderMatch) DeepCopyInto ¶
func (in *HeaderMatch) DeepCopyInto(out *HeaderMatch)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type HeaderMatchType ¶
type HeaderMatchType string
HeaderMatchType specifies the semantics of how HTTP header values should be compared. Valid HeaderMatchType values are "Exact", "RegularExpression", and "Distinct".
+kubebuilder:validation:Enum=Exact;RegularExpression;Distinct
const ( // HeaderMatchExact matches the exact value of the Value field against the value of // the specified HTTP Header. HeaderMatchExact HeaderMatchType = "Exact" // HeaderMatchRegularExpression matches a regular expression against the value of the // specified HTTP Header. The regex string must adhere to the syntax documented in // https://github.com/google/re2/wiki/Syntax. HeaderMatchRegularExpression HeaderMatchType = "RegularExpression" // HeaderMatchDistinct matches any and all possible unique values encountered in the // specified HTTP Header. Note that each unique value will receive its own rate limit // bucket. // Note: This is only supported for Global Rate Limits. HeaderMatchDistinct HeaderMatchType = "Distinct" )
HeaderMatchType constants.
type HeaderSettings ¶ added in v1.0.0
type HeaderSettings struct { // EnableEnvoyHeaders configures Envoy Proxy to add the "X-Envoy-" headers to requests // and responses. // +optional EnableEnvoyHeaders *bool `json:"enableEnvoyHeaders,omitempty"` // DisableRateLimitHeaders configures Envoy Proxy to omit the "X-RateLimit-" response headers // when rate limiting is enabled. // +optional DisableRateLimitHeaders *bool `json:"disableRateLimitHeaders,omitempty"` // XForwardedClientCert configures how Envoy Proxy handle the x-forwarded-client-cert (XFCC) HTTP header. // // x-forwarded-client-cert (XFCC) is an HTTP header used to forward the certificate // information of part or all of the clients or proxies that a request has flowed through, // on its way from the client to the server. // // Envoy proxy may choose to sanitize/append/forward the XFCC header before proxying the request. // // If not set, the default behavior is sanitizing the XFCC header. // +optional XForwardedClientCert *XForwardedClientCert `json:"xForwardedClientCert,omitempty"` // WithUnderscoresAction configures the action to take when an HTTP header with underscores // is encountered. The default action is to reject the request. // +optional WithUnderscoresAction *WithUnderscoresAction `json:"withUnderscoresAction,omitempty"` // PreserveXRequestID configures Envoy to keep the X-Request-ID header if passed for a request that is edge // (Edge request is the request from external clients to front Envoy) and not reset it, which is the current Envoy behaviour. // It defaults to false. // // +optional PreserveXRequestID *bool `json:"preserveXRequestID,omitempty"` // EarlyRequestHeaders defines settings for early request header modification, before envoy performs // routing, tracing and built-in header manipulation. // // +optional EarlyRequestHeaders *gwapiv1.HTTPHeaderFilter `json:"earlyRequestHeaders,omitempty"` }
HeaderSettings provides configuration options for headers on the listener.
func (*HeaderSettings) DeepCopy ¶ added in v1.0.0
func (in *HeaderSettings) DeepCopy() *HeaderSettings
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new HeaderSettings.
func (*HeaderSettings) DeepCopyInto ¶ added in v1.0.0
func (in *HeaderSettings) DeepCopyInto(out *HeaderSettings)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type HealthCheck ¶ added in v1.0.0
type HealthCheck struct { // Active health check configuration // +optional Active *ActiveHealthCheck `json:"active,omitempty"` // Passive passive check configuration // +optional Passive *PassiveHealthCheck `json:"passive,omitempty"` }
HealthCheck configuration to decide which endpoints are healthy and can be used for routing.
func (*HealthCheck) DeepCopy ¶ added in v1.0.0
func (in *HealthCheck) DeepCopy() *HealthCheck
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new HealthCheck.
func (*HealthCheck) DeepCopyInto ¶ added in v1.0.0
func (in *HealthCheck) DeepCopyInto(out *HealthCheck)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type HealthCheckSettings ¶ added in v1.1.0
type HealthCheckSettings struct { // Path specifies the HTTP path to match on for health check requests. // +kubebuilder:validation:MinLength=1 // +kubebuilder:validation:MaxLength=1024 Path string `json:"path"` }
HealthCheckSettings provides HealthCheck configuration on the HTTP/HTTPS listener.
func (*HealthCheckSettings) DeepCopy ¶ added in v1.1.0
func (in *HealthCheckSettings) DeepCopy() *HealthCheckSettings
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new HealthCheckSettings.
func (*HealthCheckSettings) DeepCopyInto ¶ added in v1.1.0
func (in *HealthCheckSettings) DeepCopyInto(out *HealthCheckSettings)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type IPEndpoint ¶ added in v1.1.0
type IPEndpoint struct { // Address defines the IP address of the backend endpoint. // Supports both IPv4 and IPv6 addresses. // // +kubebuilder:validation:MinLength=3 // +kubebuilder:validation:MaxLength=45 // +kubebuilder:validation:Pattern=`^((25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\.){3}(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)$|^(([0-9a-fA-F]{1,4}:){1,7}[0-9a-fA-F]{1,4}|::|(([0-9a-fA-F]{1,4}:){0,5})?(:[0-9a-fA-F]{1,4}){1,2})$` Address string `json:"address"` // Port defines the port of the backend endpoint. // // +kubebuilder:validation:Minimum=0 // +kubebuilder:validation:Maximum=65535 Port int32 `json:"port"` }
IPEndpoint describes TCP/UDP socket address, corresponding to Envoy's Socket Address https://www.envoyproxy.io/docs/envoy/latest/api-v3/config/core/v3/address.proto#config-core-v3-socketaddress
func (*IPEndpoint) DeepCopy ¶ added in v1.1.0
func (in *IPEndpoint) DeepCopy() *IPEndpoint
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new IPEndpoint.
func (*IPEndpoint) DeepCopyInto ¶ added in v1.1.0
func (in *IPEndpoint) DeepCopyInto(out *IPEndpoint)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type IPFamily ¶ added in v1.2.0
type IPFamily string
IPFamily defines the IP family to use for the Envoy proxy.
const ( // IPv4 defines the IPv4 family. IPv4 IPFamily = "IPv4" // IPv6 defines the IPv6 family. IPv6 IPFamily = "IPv6" // DualStack defines the dual-stack family. // When set to DualStack, Envoy proxy will listen on both IPv4 and IPv6 addresses // for incoming client traffic, enabling support for both IP protocol versions. DualStack IPFamily = "DualStack" )
type ImagePullPolicy ¶ added in v1.1.0
type ImagePullPolicy string
ImagePullPolicy defines the policy to use when pulling an OIC image. +kubebuilder:validation:Enum=IfNotPresent;Always
const ( // ImagePullPolicyIfNotPresent will only pull the image if it does not already exist in the EG cache. ImagePullPolicyIfNotPresent ImagePullPolicy = "IfNotPresent" // ImagePullPolicyAlways will pull the image when the EnvoyExtension resource version changes. // Note: EG does not update the Wasm module every time an Envoy proxy requests the Wasm module. ImagePullPolicyAlways ImagePullPolicy = "Always" )
type ImageWasmCodeSource ¶ added in v1.1.0
type ImageWasmCodeSource struct { // URL is the URL of the OCI image. // URL can be in the format of `registry/image:tag` or `registry/image@sha256:digest`. URL string `json:"url"` // SHA256 checksum that will be used to verify the OCI image. // // It must match the digest of the OCI image. // // If not specified, Envoy Gateway will not verify the downloaded OCI image. // kubebuilder:validation:Pattern=`^[a-f0-9]{64}$` // +optional SHA256 *string `json:"sha256"` // PullSecretRef is a reference to the secret containing the credentials to pull the image. // Only support Kubernetes Secret resource from the same namespace. // +kubebuilder:validation:XValidation:message="only support Secret kind.",rule="self.kind == 'Secret'" // +optional PullSecretRef *gwapiv1.SecretObjectReference `json:"pullSecretRef,omitempty"` }
ImageWasmCodeSource defines the OCI image containing the Wasm code.
func (*ImageWasmCodeSource) DeepCopy ¶ added in v1.1.0
func (in *ImageWasmCodeSource) DeepCopy() *ImageWasmCodeSource
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ImageWasmCodeSource.
func (*ImageWasmCodeSource) DeepCopyInto ¶ added in v1.1.0
func (in *ImageWasmCodeSource) DeepCopyInto(out *ImageWasmCodeSource)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type InfrastructureProviderType ¶ added in v0.6.0
type InfrastructureProviderType string
InfrastructureProviderType defines the types of custom infrastructure providers supported by Envoy Gateway.
+kubebuilder:validation:Enum=Host
const ( // InfrastructureProviderTypeHost defines the "Host" provider. InfrastructureProviderTypeHost InfrastructureProviderType = "Host" )
type InvalidMessageAction ¶ added in v1.2.0
type InvalidMessageAction string
const ( InvalidMessageActionTerminateConnection InvalidMessageAction = "TerminateConnection" InvalidMessageActionTerminateStream InvalidMessageAction = "TerminateStream" )
type JSONPatchOperation ¶ added in v0.5.0
type JSONPatchOperation struct { // Op is the type of operation to perform Op JSONPatchOperationType `json:"op"` // Path is a JSONPointer expression. Refer to https://datatracker.ietf.org/doc/html/rfc6901 for more details. // It specifies the location of the target document/field where the operation will be performed // +optional Path *string `json:"path,omitempty"` // JSONPath is a JSONPath expression. Refer to https://datatracker.ietf.org/doc/rfc9535/ for more details. // It produces one or more JSONPointer expressions based on the given JSON document. // If no JSONPointer is found, it will result in an error. // If the 'Path' property is also set, it will be appended to the resulting JSONPointer expressions from the JSONPath evaluation. // This is useful when creating a property that does not yet exist in the JSON document. // The final JSONPointer expressions specifies the locations in the target document/field where the operation will be applied. // +optional JSONPath *string `json:"jsonPath,omitempty"` // From is the source location of the value to be copied or moved. Only valid // for move or copy operations // Refer to https://datatracker.ietf.org/doc/html/rfc6901 for more details. // +optional From *string `json:"from,omitempty"` // Value is the new value of the path location. The value is only used by // the `add` and `replace` operations. // +optional Value *apiextensionsv1.JSON `json:"value,omitempty"` }
JSONPatchOperation defines the JSON Patch Operation as defined in https://datatracker.ietf.org/doc/html/rfc6902
func (*JSONPatchOperation) DeepCopy ¶ added in v0.5.0
func (in *JSONPatchOperation) DeepCopy() *JSONPatchOperation
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new JSONPatchOperation.
func (*JSONPatchOperation) DeepCopyInto ¶ added in v0.5.0
func (in *JSONPatchOperation) DeepCopyInto(out *JSONPatchOperation)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type JSONPatchOperationType ¶ added in v0.5.0
type JSONPatchOperationType string
JSONPatchOperationType specifies the JSON Patch operations that can be performed. +kubebuilder:validation:Enum=add;remove;replace;move;copy;test
type JWT ¶ added in v0.6.0
type JWT struct { // Optional determines whether a missing JWT is acceptable, defaulting to false if not specified. // Note: Even if optional is set to true, JWT authentication will still fail if an invalid JWT is presented. Optional *bool `json:"optional,omitempty"` // Providers defines the JSON Web Token (JWT) authentication provider type. // When multiple JWT providers are specified, the JWT is considered valid if // any of the providers successfully validate the JWT. For additional details, // see https://www.envoyproxy.io/docs/envoy/latest/configuration/http/http_filters/jwt_authn_filter.html. // // +kubebuilder:validation:MinItems=1 // +kubebuilder:validation:MaxItems=4 Providers []JWTProvider `json:"providers"` }
JWT defines the configuration for JSON Web Token (JWT) authentication.
func (*JWT) DeepCopy ¶ added in v0.6.0
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new JWT.
func (*JWT) DeepCopyInto ¶ added in v0.6.0
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type JWTClaim ¶ added in v1.2.0
type JWTClaim struct { // Name is the name of the claim. // If it is a nested claim, use a dot (.) separated string as the name to // represent the full path to the claim. // For example, if the claim is in the "department" field in the "organization" field, // the name should be "organization.department". // // +kubebuilder:validation:MinLength=1 // +kubebuilder:validation:MaxLength=253 Name string `json:"name"` // ValueType is the type of the claim value. // Only String and StringArray types are supported for now. // // +kubebuilder:validation:Enum=String;StringArray // +kubebuilder:default=String // +unionDiscriminator // +optional ValueType *JWTClaimValueType `json:"valueType,omitempty"` // Values are the values that the claim must match. // If the claim is a string type, the specified value must match exactly. // If the claim is a string array type, the specified value must match one of the values in the array. // If multiple values are specified, one of the values must match for the rule to match. // // +kubebuilder:validation:MinItems=1 // +kubebuilder:validation:MaxItems=16 Values []string `json:"values"` }
JWTClaim specifies a claim in a JWT token.
func (*JWTClaim) DeepCopy ¶ added in v1.2.0
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new JWTClaim.
func (*JWTClaim) DeepCopyInto ¶ added in v1.2.0
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type JWTClaimValueType ¶ added in v1.2.0
type JWTClaimValueType string
const ( JWTClaimValueTypeString JWTClaimValueType = "String" JWTClaimValueTypeStringArray JWTClaimValueType = "StringArray" )
type JWTExtractor ¶ added in v1.0.0
type JWTExtractor struct { // Headers represents a list of HTTP request headers to extract the JWT token from. // // +optional Headers []JWTHeaderExtractor `json:"headers,omitempty"` // Cookies represents a list of cookie names to extract the JWT token from. // // +optional Cookies []string `json:"cookies,omitempty"` // Params represents a list of query parameters to extract the JWT token from. // // +optional Params []string `json:"params,omitempty"` }
JWTExtractor defines a custom JWT token extraction from HTTP request. If specified, Envoy will extract the JWT token from the listed extractors (headers, cookies, or params) and validate each of them. If any value extracted is found to be an invalid JWT, a 401 error will be returned.
func (*JWTExtractor) DeepCopy ¶ added in v1.0.0
func (in *JWTExtractor) DeepCopy() *JWTExtractor
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new JWTExtractor.
func (*JWTExtractor) DeepCopyInto ¶ added in v1.0.0
func (in *JWTExtractor) DeepCopyInto(out *JWTExtractor)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type JWTHeaderExtractor ¶ added in v1.0.0
type JWTHeaderExtractor struct { // Name is the HTTP header name to retrieve the token // // +kubebuilder:validation:Required Name string `json:"name"` // ValuePrefix is the prefix that should be stripped before extracting the token. // The format would be used by Envoy like "{ValuePrefix}<TOKEN>". // For example, "Authorization: Bearer <TOKEN>", then the ValuePrefix="Bearer " with a space at the end. // // +optional ValuePrefix *string `json:"valuePrefix,omitempty"` }
JWTHeaderExtractor defines an HTTP header location to extract JWT token
func (*JWTHeaderExtractor) DeepCopy ¶ added in v1.0.0
func (in *JWTHeaderExtractor) DeepCopy() *JWTHeaderExtractor
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new JWTHeaderExtractor.
func (*JWTHeaderExtractor) DeepCopyInto ¶ added in v1.0.0
func (in *JWTHeaderExtractor) DeepCopyInto(out *JWTHeaderExtractor)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type JWTPrincipal ¶ added in v1.2.0
type JWTPrincipal struct { // Provider is the name of the JWT provider that used to verify the JWT token. // In order to use JWT claims for authorization, you must configure the JWT // authentication with the same provider in the same `SecurityPolicy`. // // +kubebuilder:validation:MinLength=1 // +kubebuilder:validation:MaxLength=253 Provider string `json:"provider"` // Claims are the claims in a JWT token. // // If multiple claims are specified, all claims must match for the rule to match. // For example, if there are two claims: one for the audience and one for the issuer, // the rule will match only if both the audience and the issuer match. // // +optional // +kubebuilder:validation:MinItems=1 // +kubebuilder:validation:MaxItems=16 Claims []JWTClaim `json:"claims,omitempty"` // Scopes are a special type of claim in a JWT token that represents the permissions of the client. // // The value of the scopes field should be a space delimited string that is expected in the scope parameter, // as defined in RFC 6749: https://datatracker.ietf.org/doc/html/rfc6749#page-23. // // If multiple scopes are specified, all scopes must match for the rule to match. // // +optional // +kubebuilder:validation:MinItems=1 // +kubebuilder:validation:MaxItems=16 Scopes []JWTScope `json:"scopes,omitempty"` }
JWTPrincipal specifies the client identity of a request based on the JWT claims and scopes. At least one of the claims or scopes must be specified. Claims and scopes are And-ed together if both are specified.
+kubebuilder:validation:XValidation:rule="(has(self.claims) || has(self.scopes))",message="at least one of claims or scopes must be specified"
func (*JWTPrincipal) DeepCopy ¶ added in v1.2.0
func (in *JWTPrincipal) DeepCopy() *JWTPrincipal
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new JWTPrincipal.
func (*JWTPrincipal) DeepCopyInto ¶ added in v1.2.0
func (in *JWTPrincipal) DeepCopyInto(out *JWTPrincipal)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type JWTProvider ¶ added in v0.6.0
type JWTProvider struct { // Name defines a unique name for the JWT provider. A name can have a variety of forms, // including RFC1123 subdomains, RFC 1123 labels, or RFC 1035 labels. // // +kubebuilder:validation:MinLength=1 // +kubebuilder:validation:MaxLength=253 Name string `json:"name"` // Issuer is the principal that issued the JWT and takes the form of a URL or email address. // For additional details, see https://tools.ietf.org/html/rfc7519#section-4.1.1 for // URL format and https://rfc-editor.org/rfc/rfc5322.html for email format. If not provided, // the JWT issuer is not checked. // // +kubebuilder:validation:MaxLength=253 // +optional Issuer string `json:"issuer,omitempty"` // Audiences is a list of JWT audiences allowed access. For additional details, see // https://tools.ietf.org/html/rfc7519#section-4.1.3. If not provided, JWT audiences // are not checked. // // +kubebuilder:validation:MaxItems=8 // +optional Audiences []string `json:"audiences,omitempty"` // RemoteJWKS defines how to fetch and cache JSON Web Key Sets (JWKS) from a remote // HTTP/HTTPS endpoint. RemoteJWKS RemoteJWKS `json:"remoteJWKS"` // ClaimToHeaders is a list of JWT claims that must be extracted into HTTP request headers // For examples, following config: // The claim must be of type; string, int, double, bool. Array type claims are not supported // // +optional ClaimToHeaders []ClaimToHeader `json:"claimToHeaders,omitempty"` // RecomputeRoute clears the route cache and recalculates the routing decision. // This field must be enabled if the headers generated from the claim are used for // route matching decisions. If the recomputation selects a new route, features targeting // the new matched route will be applied. // // +optional RecomputeRoute *bool `json:"recomputeRoute,omitempty"` // ExtractFrom defines different ways to extract the JWT token from HTTP request. // If empty, it defaults to extract JWT token from the Authorization HTTP request header using Bearer schema // or access_token from query parameters. // // +optional ExtractFrom *JWTExtractor `json:"extractFrom,omitempty"` }
JWTProvider defines how a JSON Web Token (JWT) can be verified. +kubebuilder:validation:XValidation:rule="(has(self.recomputeRoute) && self.recomputeRoute) ? size(self.claimToHeaders) > 0 : true", message="claimToHeaders must be specified if recomputeRoute is enabled"
func (*JWTProvider) DeepCopy ¶ added in v0.6.0
func (in *JWTProvider) DeepCopy() *JWTProvider
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new JWTProvider.
func (*JWTProvider) DeepCopyInto ¶ added in v0.6.0
func (in *JWTProvider) DeepCopyInto(out *JWTProvider)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type JWTScope ¶ added in v1.2.0
type JWTScope string
+kubebuilder:validation:MinLength=1 +kubebuilder:validation:MaxLength=253
type KubernetesContainerSpec ¶ added in v0.6.0
type KubernetesContainerSpec struct { // List of environment variables to set in the container. // // +optional Env []corev1.EnvVar `json:"env,omitempty"` // Resources required by this container. // More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ // // +optional Resources *corev1.ResourceRequirements `json:"resources,omitempty"` // SecurityContext defines the security options the container should be run with. // If set, the fields of SecurityContext override the equivalent fields of PodSecurityContext. // More info: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/ // // +optional SecurityContext *corev1.SecurityContext `json:"securityContext,omitempty"` // Image specifies the EnvoyProxy container image to be used, instead of the default image. // // +optional Image *string `json:"image,omitempty"` // VolumeMounts are volumes to mount into the container's filesystem. // Cannot be updated. // // +optional VolumeMounts []corev1.VolumeMount `json:"volumeMounts,omitempty"` }
KubernetesContainerSpec defines the desired state of the Kubernetes container resource.
func DefaultKubernetesContainer ¶ added in v0.6.0
func DefaultKubernetesContainer(image string) *KubernetesContainerSpec
DefaultKubernetesContainer returns a new KubernetesContainerSpec with default settings.
func (*KubernetesContainerSpec) DeepCopy ¶ added in v0.6.0
func (in *KubernetesContainerSpec) DeepCopy() *KubernetesContainerSpec
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new KubernetesContainerSpec.
func (*KubernetesContainerSpec) DeepCopyInto ¶ added in v0.6.0
func (in *KubernetesContainerSpec) DeepCopyInto(out *KubernetesContainerSpec)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type KubernetesDaemonSetSpec ¶ added in v1.1.0
type KubernetesDaemonSetSpec struct { // Patch defines how to perform the patch operation to daemonset // // +optional Patch *KubernetesPatchSpec `json:"patch,omitempty"` // The daemonset strategy to use to replace existing pods with new ones. // +optional Strategy *appsv1.DaemonSetUpdateStrategy `json:"strategy,omitempty"` // Pod defines the desired specification of pod. // // +optional Pod *KubernetesPodSpec `json:"pod,omitempty"` // Container defines the desired specification of main container. // // +optional Container *KubernetesContainerSpec `json:"container,omitempty"` // Name of the daemonSet. // When unset, this defaults to an autogenerated name. // // +optional Name *string `json:"name,omitempty"` }
KubernetesDaemonSetSpec defines the desired state of the Kubernetes daemonset resource.
func DefaultKubernetesDaemonSet ¶ added in v1.1.0
func DefaultKubernetesDaemonSet(image string) *KubernetesDaemonSetSpec
DefaultKubernetesDaemonSet returns a new DefaultKubernetesDaemonSet with default settings.
func (*KubernetesDaemonSetSpec) ApplyMergePatch ¶ added in v1.1.0
func (daemonset *KubernetesDaemonSetSpec) ApplyMergePatch(old *appsv1.DaemonSet) (*appsv1.DaemonSet, error)
ApplyMergePatch applies a merge patch to a daemonset based on the merge type
func (*KubernetesDaemonSetSpec) DeepCopy ¶ added in v1.1.0
func (in *KubernetesDaemonSetSpec) DeepCopy() *KubernetesDaemonSetSpec
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new KubernetesDaemonSetSpec.
func (*KubernetesDaemonSetSpec) DeepCopyInto ¶ added in v1.1.0
func (in *KubernetesDaemonSetSpec) DeepCopyInto(out *KubernetesDaemonSetSpec)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type KubernetesDeployMode ¶ added in v0.6.0
type KubernetesDeployMode struct { }
KubernetesDeployMode holds configuration for how to deploy managed resources such as the Envoy Proxy data plane fleet.
func (*KubernetesDeployMode) DeepCopy ¶ added in v0.6.0
func (in *KubernetesDeployMode) DeepCopy() *KubernetesDeployMode
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new KubernetesDeployMode.
func (*KubernetesDeployMode) DeepCopyInto ¶ added in v0.6.0
func (in *KubernetesDeployMode) DeepCopyInto(out *KubernetesDeployMode)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type KubernetesDeploymentSpec ¶ added in v0.6.0
type KubernetesDeploymentSpec struct { // Patch defines how to perform the patch operation to deployment // // +optional Patch *KubernetesPatchSpec `json:"patch,omitempty"` // Replicas is the number of desired pods. Defaults to 1. // // +optional Replicas *int32 `json:"replicas,omitempty"` // The deployment strategy to use to replace existing pods with new ones. // +optional Strategy *appsv1.DeploymentStrategy `json:"strategy,omitempty"` // Pod defines the desired specification of pod. // // +optional Pod *KubernetesPodSpec `json:"pod,omitempty"` // Container defines the desired specification of main container. // // +optional Container *KubernetesContainerSpec `json:"container,omitempty"` // List of initialization containers belonging to the pod. // More info: https://kubernetes.io/docs/concepts/workloads/pods/init-containers/ // // +optional InitContainers []corev1.Container `json:"initContainers,omitempty"` // Name of the deployment. // When unset, this defaults to an autogenerated name. // // +optional Name *string `json:"name,omitempty"` }
KubernetesDeploymentSpec defines the desired state of the Kubernetes deployment resource.
func DefaultKubernetesDeployment ¶ added in v0.6.0
func DefaultKubernetesDeployment(image string) *KubernetesDeploymentSpec
DefaultKubernetesDeployment returns a new KubernetesDeploymentSpec with default settings.
func (*KubernetesDeploymentSpec) ApplyMergePatch ¶ added in v1.0.0
func (deployment *KubernetesDeploymentSpec) ApplyMergePatch(old *appsv1.Deployment) (*appsv1.Deployment, error)
ApplyMergePatch applies a merge patch to a deployment based on the merge type
func (*KubernetesDeploymentSpec) DeepCopy ¶ added in v0.6.0
func (in *KubernetesDeploymentSpec) DeepCopy() *KubernetesDeploymentSpec
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new KubernetesDeploymentSpec.
func (*KubernetesDeploymentSpec) DeepCopyInto ¶ added in v0.6.0
func (in *KubernetesDeploymentSpec) DeepCopyInto(out *KubernetesDeploymentSpec)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type KubernetesHorizontalPodAutoscalerSpec ¶ added in v1.0.0
type KubernetesHorizontalPodAutoscalerSpec struct { // minReplicas is the lower limit for the number of replicas to which the autoscaler // can scale down. It defaults to 1 replica. // // +kubebuilder:validation:XValidation:message="minReplicas must be greater than 0",rule="self > 0" // +optional MinReplicas *int32 `json:"minReplicas,omitempty"` // maxReplicas is the upper limit for the number of replicas to which the autoscaler can scale up. // It cannot be less that minReplicas. // // +kubebuilder:validation:XValidation:message="maxReplicas must be greater than 0",rule="self > 0" MaxReplicas *int32 `json:"maxReplicas"` // metrics contains the specifications for which to use to calculate the // desired replica count (the maximum replica count across all metrics will // be used). // If left empty, it defaults to being based on CPU utilization with average on 80% usage. // // +optional Metrics []autoscalingv2.MetricSpec `json:"metrics,omitempty"` // behavior configures the scaling behavior of the target // in both Up and Down directions (scaleUp and scaleDown fields respectively). // If not set, the default HPAScalingRules for scale up and scale down are used. // See k8s.io.autoscaling.v2.HorizontalPodAutoScalerBehavior. // // +optional Behavior *autoscalingv2.HorizontalPodAutoscalerBehavior `json:"behavior,omitempty"` }
KubernetesHorizontalPodAutoscalerSpec defines Kubernetes Horizontal Pod Autoscaler settings of Envoy Proxy Deployment. When HPA is enabled, it is recommended that the value in `KubernetesDeploymentSpec.replicas` be removed, otherwise Envoy Gateway will revert back to this value every time reconciliation occurs. See k8s.io.autoscaling.v2.HorizontalPodAutoScalerSpec.
+kubebuilder:validation:XValidation:message="maxReplicas cannot be less than minReplicas",rule="!has(self.minReplicas) || self.maxReplicas >= self.minReplicas"
func (*KubernetesHorizontalPodAutoscalerSpec) DeepCopy ¶ added in v1.0.0
func (in *KubernetesHorizontalPodAutoscalerSpec) DeepCopy() *KubernetesHorizontalPodAutoscalerSpec
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new KubernetesHorizontalPodAutoscalerSpec.
func (*KubernetesHorizontalPodAutoscalerSpec) DeepCopyInto ¶ added in v1.0.0
func (in *KubernetesHorizontalPodAutoscalerSpec) DeepCopyInto(out *KubernetesHorizontalPodAutoscalerSpec)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type KubernetesPatchSpec ¶ added in v1.0.0
type KubernetesPatchSpec struct { // Type is the type of merge operation to perform // // By default, StrategicMerge is used as the patch type. // +optional Type *MergeType `json:"type,omitempty"` // Object contains the raw configuration for merged object Value apiextensionsv1.JSON `json:"value"` }
KubernetesPatchSpec defines how to perform the patch operation. Note that `value` can be an in-line YAML document, as can be seen in e.g. (the example of patching the Envoy proxy Deployment)[https://gateway.envoyproxy.io/docs/tasks/operations/customize-envoyproxy/#patching-deployment-for-envoyproxy]. Note also that, currently, strings containing literal JSON are _rejected_.
func (*KubernetesPatchSpec) DeepCopy ¶ added in v1.0.0
func (in *KubernetesPatchSpec) DeepCopy() *KubernetesPatchSpec
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new KubernetesPatchSpec.
func (*KubernetesPatchSpec) DeepCopyInto ¶ added in v1.0.0
func (in *KubernetesPatchSpec) DeepCopyInto(out *KubernetesPatchSpec)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type KubernetesPodDisruptionBudgetSpec ¶ added in v1.1.0
type KubernetesPodDisruptionBudgetSpec struct { // MinAvailable specifies the minimum number of pods that must be available at all times during voluntary disruptions, // such as node drains or updates. This setting ensures that your envoy proxy maintains a certain level of availability // and resilience during maintenance operations. // +optional MinAvailable *int32 `json:"minAvailable,omitempty"` }
KubernetesPodDisruptionBudgetSpec defines Kubernetes PodDisruptionBudget settings of Envoy Proxy Deployment.
func (*KubernetesPodDisruptionBudgetSpec) DeepCopy ¶ added in v1.1.0
func (in *KubernetesPodDisruptionBudgetSpec) DeepCopy() *KubernetesPodDisruptionBudgetSpec
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new KubernetesPodDisruptionBudgetSpec.
func (*KubernetesPodDisruptionBudgetSpec) DeepCopyInto ¶ added in v1.1.0
func (in *KubernetesPodDisruptionBudgetSpec) DeepCopyInto(out *KubernetesPodDisruptionBudgetSpec)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type KubernetesPodSpec ¶ added in v0.6.0
type KubernetesPodSpec struct { // Annotations are the annotations that should be appended to the pods. // By default, no pod annotations are appended. // // +optional Annotations map[string]string `json:"annotations,omitempty"` // Labels are the additional labels that should be tagged to the pods. // By default, no additional pod labels are tagged. // // +optional Labels map[string]string `json:"labels,omitempty"` // SecurityContext holds pod-level security attributes and common container settings. // Optional: Defaults to empty. See type description for default values of each field. // // +optional SecurityContext *corev1.PodSecurityContext `json:"securityContext,omitempty"` // If specified, the pod's scheduling constraints. // +optional Affinity *corev1.Affinity `json:"affinity,omitempty"` // If specified, the pod's tolerations. // +optional Tolerations []corev1.Toleration `json:"tolerations,omitempty"` // Volumes that can be mounted by containers belonging to the pod. // More info: https://kubernetes.io/docs/concepts/storage/volumes // // +optional Volumes []corev1.Volume `json:"volumes,omitempty"` // ImagePullSecrets is an optional list of references to secrets // in the same namespace to use for pulling any of the images used by this PodSpec. // If specified, these secrets will be passed to individual puller implementations for them to use. // More info: https://kubernetes.io/docs/concepts/containers/images#specifying-imagepullsecrets-on-a-pod // // +optional ImagePullSecrets []corev1.LocalObjectReference `json:"imagePullSecrets,omitempty"` // NodeSelector is a selector which must be true for the pod to fit on a node. // Selector which must match a node's labels for the pod to be scheduled on that node. // More info: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/ // // +optional NodeSelector map[string]string `json:"nodeSelector,omitempty"` // TopologySpreadConstraints describes how a group of pods ought to spread across topology // domains. Scheduler will schedule pods in a way which abides by the constraints. // All topologySpreadConstraints are ANDed. // // +optional TopologySpreadConstraints []corev1.TopologySpreadConstraint `json:"topologySpreadConstraints,omitempty"` }
KubernetesPodSpec defines the desired state of the Kubernetes pod resource.
func DefaultKubernetesPod ¶ added in v0.6.0
func DefaultKubernetesPod() *KubernetesPodSpec
DefaultKubernetesPod returns a new KubernetesPodSpec with default settings.
func (*KubernetesPodSpec) DeepCopy ¶ added in v0.6.0
func (in *KubernetesPodSpec) DeepCopy() *KubernetesPodSpec
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new KubernetesPodSpec.
func (*KubernetesPodSpec) DeepCopyInto ¶ added in v0.6.0
func (in *KubernetesPodSpec) DeepCopyInto(out *KubernetesPodSpec)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type KubernetesServiceSpec ¶ added in v0.6.0
type KubernetesServiceSpec struct { // Annotations that should be appended to the service. // By default, no annotations are appended. // // +optional Annotations map[string]string `json:"annotations,omitempty"` // Labels that should be appended to the service. // By default, no labels are appended. // // +optional Labels map[string]string `json:"labels,omitempty"` // Type determines how the Service is exposed. Defaults to LoadBalancer. // Valid options are ClusterIP, LoadBalancer and NodePort. // "LoadBalancer" means a service will be exposed via an external load balancer (if the cloud provider supports it). // "ClusterIP" means a service will only be accessible inside the cluster, via the cluster IP. // "NodePort" means a service will be exposed on a static Port on all Nodes of the cluster. // +kubebuilder:default:="LoadBalancer" // +optional Type *ServiceType `json:"type,omitempty"` // LoadBalancerClass, when specified, allows for choosing the LoadBalancer provider // implementation if more than one are available or is otherwise expected to be specified // +optional LoadBalancerClass *string `json:"loadBalancerClass,omitempty"` // AllocateLoadBalancerNodePorts defines if NodePorts will be automatically allocated for // services with type LoadBalancer. Default is "true". It may be set to "false" if the cluster // load-balancer does not rely on NodePorts. If the caller requests specific NodePorts (by specifying a // value), those requests will be respected, regardless of this field. This field may only be set for // services with type LoadBalancer and will be cleared if the type is changed to any other type. // +optional AllocateLoadBalancerNodePorts *bool `json:"allocateLoadBalancerNodePorts,omitempty"` // LoadBalancerSourceRanges defines a list of allowed IP addresses which will be configured as // firewall rules on the platform providers load balancer. This is not guaranteed to be working as // it happens outside of kubernetes and has to be supported and handled by the platform provider. // This field may only be set for services with type LoadBalancer and will be cleared if the type // is changed to any other type. // +optional LoadBalancerSourceRanges []string `json:"loadBalancerSourceRanges,omitempty"` // LoadBalancerIP defines the IP Address of the underlying load balancer service. This field // may be ignored if the load balancer provider does not support this feature. // This field has been deprecated in Kubernetes, but it is still used for setting the IP Address in some cloud // providers such as GCP. // // +kubebuilder:validation:XValidation:message="loadBalancerIP must be a valid IPv4 address",rule="self.matches(r\"^((25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\\.){3}(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)$\")" // +optional LoadBalancerIP *string `json:"loadBalancerIP,omitempty"` // ExternalTrafficPolicy determines the externalTrafficPolicy for the Envoy Service. Valid options // are Local and Cluster. Default is "Local". "Local" means traffic will only go to pods on the node // receiving the traffic. "Cluster" means connections are loadbalanced to all pods in the cluster. // +kubebuilder:default:="Local" // +optional ExternalTrafficPolicy *ServiceExternalTrafficPolicy `json:"externalTrafficPolicy,omitempty"` // Patch defines how to perform the patch operation to the service // // +optional Patch *KubernetesPatchSpec `json:"patch,omitempty"` // Name of the service. // When unset, this defaults to an autogenerated name. // // +optional Name *string `json:"name,omitempty"` }
KubernetesServiceSpec defines the desired state of the Kubernetes service resource. +kubebuilder:validation:XValidation:message="allocateLoadBalancerNodePorts can only be set for LoadBalancer type",rule="!has(self.allocateLoadBalancerNodePorts) || self.type == 'LoadBalancer'" +kubebuilder:validation:XValidation:message="loadBalancerSourceRanges can only be set for LoadBalancer type",rule="!has(self.loadBalancerSourceRanges) || self.type == 'LoadBalancer'" +kubebuilder:validation:XValidation:message="loadBalancerIP can only be set for LoadBalancer type",rule="!has(self.loadBalancerIP) || self.type == 'LoadBalancer'"
func DefaultKubernetesService ¶ added in v0.6.0
func DefaultKubernetesService() *KubernetesServiceSpec
DefaultKubernetesService returns a new KubernetesServiceSpec with default settings.
func (*KubernetesServiceSpec) ApplyMergePatch ¶ added in v1.0.0
ApplyMergePatch applies a merge patch to a service based on the merge type
func (*KubernetesServiceSpec) DeepCopy ¶ added in v0.6.0
func (in *KubernetesServiceSpec) DeepCopy() *KubernetesServiceSpec
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new KubernetesServiceSpec.
func (*KubernetesServiceSpec) DeepCopyInto ¶ added in v0.6.0
func (in *KubernetesServiceSpec) DeepCopyInto(out *KubernetesServiceSpec)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type KubernetesWatchMode ¶ added in v0.6.0
type KubernetesWatchMode struct { // Type indicates what watch mode to use. KubernetesWatchModeTypeNamespaces and // KubernetesWatchModeTypeNamespaceSelector are currently supported // By default, when this field is unset or empty, Envoy Gateway will watch for input namespaced resources // from all namespaces. Type KubernetesWatchModeType `json:"type,omitempty"` // Namespaces holds the list of namespaces that Envoy Gateway will watch for namespaced scoped // resources such as Gateway, HTTPRoute and Service. // Note that Envoy Gateway will continue to reconcile relevant cluster scoped resources such as // GatewayClass that it is linked to. Precisely one of Namespaces and NamespaceSelector must be set. Namespaces []string `json:"namespaces,omitempty"` // NamespaceSelector holds the label selector used to dynamically select namespaces. // Envoy Gateway will watch for namespaces matching the specified label selector. // Precisely one of Namespaces and NamespaceSelector must be set. NamespaceSelector *metav1.LabelSelector `json:"namespaceSelector,omitempty"` }
KubernetesWatchMode holds the configuration for which input resources to watch and reconcile.
func (*KubernetesWatchMode) DeepCopy ¶ added in v0.6.0
func (in *KubernetesWatchMode) DeepCopy() *KubernetesWatchMode
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new KubernetesWatchMode.
func (*KubernetesWatchMode) DeepCopyInto ¶ added in v0.6.0
func (in *KubernetesWatchMode) DeepCopyInto(out *KubernetesWatchMode)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type KubernetesWatchModeType ¶ added in v0.6.0
type KubernetesWatchModeType string
KubernetesWatchModeType defines the type of KubernetesWatchMode
type LeaderElection ¶ added in v1.1.0
type LeaderElection struct { // LeaseDuration defines the time non-leader contenders will wait before attempting to claim leadership. // It's based on the timestamp of the last acknowledged signal. The default setting is 15 seconds. LeaseDuration *gwapiv1.Duration `json:"leaseDuration,omitempty"` // RenewDeadline represents the time frame within which the current leader will attempt to renew its leadership // status before relinquishing its position. The default setting is 10 seconds. RenewDeadline *gwapiv1.Duration `json:"renewDeadline,omitempty"` // RetryPeriod denotes the interval at which LeaderElector clients should perform action retries. // The default setting is 2 seconds. RetryPeriod *gwapiv1.Duration `json:"retryPeriod,omitempty"` // Disable provides the option to turn off leader election, which is enabled by default. Disable *bool `json:"disable,omitempty"` }
LeaderElection defines the desired leader election settings.
func DefaultLeaderElection ¶ added in v1.1.0
func DefaultLeaderElection() *LeaderElection
DefaultLeaderElection returns a new LeaderElection with default configuration parameters.
func (*LeaderElection) DeepCopy ¶ added in v1.1.0
func (in *LeaderElection) DeepCopy() *LeaderElection
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new LeaderElection.
func (*LeaderElection) DeepCopyInto ¶ added in v1.1.0
func (in *LeaderElection) DeepCopyInto(out *LeaderElection)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type LiteralCustomTag ¶ added in v0.6.0
type LiteralCustomTag struct { // Value defines the hard-coded value to add to each span. Value string `json:"value"` }
LiteralCustomTag adds hard-coded value to each span.
func (*LiteralCustomTag) DeepCopy ¶ added in v0.6.0
func (in *LiteralCustomTag) DeepCopy() *LiteralCustomTag
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new LiteralCustomTag.
func (*LiteralCustomTag) DeepCopyInto ¶ added in v0.6.0
func (in *LiteralCustomTag) DeepCopyInto(out *LiteralCustomTag)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type LoadBalancer ¶ added in v0.6.0
type LoadBalancer struct { // Type decides the type of Load Balancer policy. // Valid LoadBalancerType values are // "ConsistentHash", // "LeastRequest", // "Random", // "RoundRobin". // // +unionDiscriminator Type LoadBalancerType `json:"type"` // ConsistentHash defines the configuration when the load balancer type is // set to ConsistentHash // // +optional ConsistentHash *ConsistentHash `json:"consistentHash,omitempty"` // SlowStart defines the configuration related to the slow start load balancer policy. // If set, during slow start window, traffic sent to the newly added hosts will gradually increase. // Currently this is only supported for RoundRobin and LeastRequest load balancers // // +optional SlowStart *SlowStart `json:"slowStart,omitempty"` }
LoadBalancer defines the load balancer policy to be applied. +union
+kubebuilder:validation:XValidation:rule="self.type == 'ConsistentHash' ? has(self.consistentHash) : !has(self.consistentHash)",message="If LoadBalancer type is consistentHash, consistentHash field needs to be set." +kubebuilder:validation:XValidation:rule="self.type in ['Random', 'ConsistentHash'] ? !has(self.slowStart) : true ",message="Currently SlowStart is only supported for RoundRobin and LeastRequest load balancers."
func (*LoadBalancer) DeepCopy ¶ added in v0.6.0
func (in *LoadBalancer) DeepCopy() *LoadBalancer
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new LoadBalancer.
func (*LoadBalancer) DeepCopyInto ¶ added in v0.6.0
func (in *LoadBalancer) DeepCopyInto(out *LoadBalancer)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type LoadBalancerType ¶ added in v0.6.0
type LoadBalancerType string
LoadBalancerType specifies the types of LoadBalancer. +kubebuilder:validation:Enum=ConsistentHash;LeastRequest;Random;RoundRobin
const ( // ConsistentHashLoadBalancerType load balancer policy. ConsistentHashLoadBalancerType LoadBalancerType = "ConsistentHash" // LeastRequestLoadBalancerType load balancer policy. LeastRequestLoadBalancerType LoadBalancerType = "LeastRequest" // RandomLoadBalancerType load balancer policy. RandomLoadBalancerType LoadBalancerType = "Random" // RoundRobinLoadBalancerType load balancer policy. RoundRobinLoadBalancerType LoadBalancerType = "RoundRobin" )
type LocalRateLimit ¶ added in v1.0.0
type LocalRateLimit struct { // Rules are a list of RateLimit selectors and limits. If a request matches // multiple rules, the strictest limit is applied. For example, if a request // matches two rules, one with 10rps and one with 20rps, the final limit will // be based on the rule with 10rps. // // +optional // +kubebuilder:validation:MaxItems=16 Rules []RateLimitRule `json:"rules"` }
LocalRateLimit defines local rate limit configuration.
func (*LocalRateLimit) DeepCopy ¶ added in v1.0.0
func (in *LocalRateLimit) DeepCopy() *LocalRateLimit
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new LocalRateLimit.
func (*LocalRateLimit) DeepCopyInto ¶ added in v1.0.0
func (in *LocalRateLimit) DeepCopyInto(out *LocalRateLimit)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type LogLevel ¶ added in v0.6.0
type LogLevel string
LogLevel defines a log level for Envoy Gateway and EnvoyProxy system logs. +kubebuilder:validation:Enum=debug;info;error;warn
const ( // LogLevelDebug defines the "debug" logging level. LogLevelDebug LogLevel = "debug" // LogLevelInfo defines the "Info" logging level. LogLevelInfo LogLevel = "info" // LogLevelWarn defines the "Warn" logging level. LogLevelWarn LogLevel = "warn" // LogLevelError defines the "Error" logging level. LogLevelError LogLevel = "error" )
type MergeType ¶ added in v1.0.0
type MergeType string
MergeType defines the type of merge operation
type MetricSinkType ¶ added in v0.6.0
type MetricSinkType string
const (
MetricSinkTypeOpenTelemetry MetricSinkType = "OpenTelemetry"
)
type OIDC ¶ added in v1.0.0
type OIDC struct { // The OIDC Provider configuration. Provider OIDCProvider `json:"provider"` // The client ID to be used in the OIDC // [Authentication Request](https://openid.net/specs/openid-connect-core-1_0.html#AuthRequest). // // +kubebuilder:validation:MinLength=1 ClientID string `json:"clientID"` // The Kubernetes secret which contains the OIDC client secret to be used in the // [Authentication Request](https://openid.net/specs/openid-connect-core-1_0.html#AuthRequest). // // This is an Opaque secret. The client secret should be stored in the key // "client-secret". // +kubebuilder:validation:Required ClientSecret gwapiv1.SecretObjectReference `json:"clientSecret"` // The optional cookie name overrides to be used for Bearer and IdToken cookies in the // [Authentication Request](https://openid.net/specs/openid-connect-core-1_0.html#AuthRequest). // If not specified, uses a randomly generated suffix // +optional CookieNames *OIDCCookieNames `json:"cookieNames,omitempty"` // The optional domain to set the access and ID token cookies on. // If not set, the cookies will default to the host of the request, not including the subdomains. // If set, the cookies will be set on the specified domain and all subdomains. // This means that requests to any subdomain will not require reauthentication after users log in to the parent domain. // +optional // +notImplementedHide // +kubebuilder:validation:Pattern=`^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9]))*$` CookieDomain *string `json:"cookieDomain,omitempty"` // The OIDC scopes to be used in the // [Authentication Request](https://openid.net/specs/openid-connect-core-1_0.html#AuthRequest). // The "openid" scope is always added to the list of scopes if not already // specified. // +optional Scopes []string `json:"scopes,omitempty"` // The OIDC resources to be used in the // [Authentication Request](https://openid.net/specs/openid-connect-core-1_0.html#AuthRequest). // +optional Resources []string `json:"resources,omitempty"` // The redirect URL to be used in the OIDC // [Authentication Request](https://openid.net/specs/openid-connect-core-1_0.html#AuthRequest). // If not specified, uses the default redirect URI "%REQ(x-forwarded-proto)%://%REQ(:authority)%/oauth2/callback" RedirectURL *string `json:"redirectURL,omitempty"` // The path to log a user out, clearing their credential cookies. // // If not specified, uses a default logout path "/logout" LogoutPath *string `json:"logoutPath,omitempty"` // ForwardAccessToken indicates whether the Envoy should forward the access token // via the Authorization header Bearer scheme to the upstream. // If not specified, defaults to false. // +optional ForwardAccessToken *bool `json:"forwardAccessToken,omitempty"` // DefaultTokenTTL is the default lifetime of the id token and access token. // Please note that Envoy will always use the expiry time from the response // of the authorization server if it is provided. This field is only used when // the expiry time is not provided by the authorization. // // If not specified, defaults to 0. In this case, the "expires_in" field in // the authorization response must be set by the authorization server, or the // OAuth flow will fail. // // +optional DefaultTokenTTL *metav1.Duration `json:"defaultTokenTTL,omitempty"` // RefreshToken indicates whether the Envoy should automatically refresh the // id token and access token when they expire. // When set to true, the Envoy will use the refresh token to get a new id token // and access token when they expire. // // If not specified, defaults to false. // +optional RefreshToken *bool `json:"refreshToken,omitempty"` // DefaultRefreshTokenTTL is the default lifetime of the refresh token. // This field is only used when the exp (expiration time) claim is omitted in // the refresh token or the refresh token is not JWT. // // If not specified, defaults to 604800s (one week). // Note: this field is only applicable when the "refreshToken" field is set to true. // +optional DefaultRefreshTokenTTL *metav1.Duration `json:"defaultRefreshTokenTTL,omitempty"` }
OIDC defines the configuration for the OpenID Connect (OIDC) authentication.
func (*OIDC) DeepCopy ¶ added in v1.0.0
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new OIDC.
func (*OIDC) DeepCopyInto ¶ added in v1.0.0
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type OIDCCookieNames ¶ added in v1.1.0
type OIDCCookieNames struct { // The name of the cookie used to store the AccessToken in the // [Authentication Request](https://openid.net/specs/openid-connect-core-1_0.html#AuthRequest). // If not specified, defaults to "AccessToken-(randomly generated uid)" // +optional AccessToken *string `json:"accessToken,omitempty"` // The name of the cookie used to store the IdToken in the // [Authentication Request](https://openid.net/specs/openid-connect-core-1_0.html#AuthRequest). // If not specified, defaults to "IdToken-(randomly generated uid)" // +optional IDToken *string `json:"idToken,omitempty"` }
OIDCCookieNames defines the names of cookies to use in the Envoy OIDC filter.
func (*OIDCCookieNames) DeepCopy ¶ added in v1.1.0
func (in *OIDCCookieNames) DeepCopy() *OIDCCookieNames
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new OIDCCookieNames.
func (*OIDCCookieNames) DeepCopyInto ¶ added in v1.1.0
func (in *OIDCCookieNames) DeepCopyInto(out *OIDCCookieNames)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type OIDCProvider ¶ added in v1.0.0
type OIDCProvider struct { // BackendRefs is used to specify the address of the OIDC Provider. // If the BackendRefs is not specified, The host and port of the OIDC Provider's token endpoint // will be used as the address of the OIDC Provider. // // TLS configuration can be specified in a BackendTLSConfig resource and target the BackendRefs. // // Other settings for the connection to the OIDC Provider can be specified in the BackendSettings resource. // // +optional BackendCluster `json:",inline"` // The OIDC Provider's [issuer identifier](https://openid.net/specs/openid-connect-discovery-1_0.html#IssuerDiscovery). // Issuer MUST be a URI RFC 3986 [RFC3986] with a scheme component that MUST // be https, a host component, and optionally, port and path components and // no query or fragment components. // +kubebuilder:validation:MinLength=1 Issuer string `json:"issuer"` // The OIDC Provider's [authorization endpoint](https://openid.net/specs/openid-connect-core-1_0.html#AuthorizationEndpoint). // If not provided, EG will try to discover it from the provider's [Well-Known Configuration Endpoint](https://openid.net/specs/openid-connect-discovery-1_0.html#ProviderConfigurationResponse). // // +optional AuthorizationEndpoint *string `json:"authorizationEndpoint,omitempty"` // The OIDC Provider's [token endpoint](https://openid.net/specs/openid-connect-core-1_0.html#TokenEndpoint). // If not provided, EG will try to discover it from the provider's [Well-Known Configuration Endpoint](https://openid.net/specs/openid-connect-discovery-1_0.html#ProviderConfigurationResponse). // // +optional TokenEndpoint *string `json:"tokenEndpoint,omitempty"` }
OIDCProvider defines the OIDC Provider configuration. +kubebuilder:validation:XValidation:rule="!has(self.backendRef)",message="BackendRefs must be used, backendRef is not supported." +kubebuilder:validation:XValidation:rule="has(self.backendSettings)? (has(self.backendSettings.retry)?(has(self.backendSettings.retry.perRetry)? !has(self.backendSettings.retry.perRetry.timeout):true):true):true",message="Retry timeout is not supported." +kubebuilder:validation:XValidation:rule="has(self.backendSettings)? (has(self.backendSettings.retry)?(has(self.backendSettings.retry.retryOn)? !has(self.backendSettings.retry.retryOn.httpStatusCodes):true):true):true",message="HTTPStatusCodes is not supported."
func (*OIDCProvider) DeepCopy ¶ added in v1.0.0
func (in *OIDCProvider) DeepCopy() *OIDCProvider
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new OIDCProvider.
func (*OIDCProvider) DeepCopyInto ¶ added in v1.0.0
func (in *OIDCProvider) DeepCopyInto(out *OIDCProvider)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type OpenTelemetryEnvoyProxyAccessLog ¶ added in v0.6.0
type OpenTelemetryEnvoyProxyAccessLog struct { BackendCluster `json:",inline"` // Host define the extension service hostname. // Deprecated: Use BackendRefs instead. // // +optional Host *string `json:"host,omitempty"` // Port defines the port the extension service is exposed on. // Deprecated: Use BackendRefs instead. // // +optional // +kubebuilder:validation:Minimum=0 // +kubebuilder:default=4317 Port int32 `json:"port,omitempty"` // Resources is a set of labels that describe the source of a log entry, including envoy node info. // It's recommended to follow [semantic conventions](https://opentelemetry.io/docs/reference/specification/resource/semantic_conventions/). // +optional Resources map[string]string `json:"resources,omitempty"` }
OpenTelemetryEnvoyProxyAccessLog defines the OpenTelemetry access log sink.
+kubebuilder:validation:XValidation:message="host or backendRefs needs to be set",rule="has(self.host) || self.backendRefs.size() > 0" +kubebuilder:validation:XValidation:message="BackendRefs must be used, backendRef is not supported.",rule="!has(self.backendRef)" +kubebuilder:validation:XValidation:message="BackendRefs only supports Service kind.",rule="has(self.backendRefs) ? self.backendRefs.all(f, f.kind == 'Service') : true" +kubebuilder:validation:XValidation:message="BackendRefs only supports Core group.",rule="has(self.backendRefs) ? (self.backendRefs.all(f, f.group == \"\")) : true"
func (*OpenTelemetryEnvoyProxyAccessLog) DeepCopy ¶ added in v0.6.0
func (in *OpenTelemetryEnvoyProxyAccessLog) DeepCopy() *OpenTelemetryEnvoyProxyAccessLog
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new OpenTelemetryEnvoyProxyAccessLog.
func (*OpenTelemetryEnvoyProxyAccessLog) DeepCopyInto ¶ added in v0.6.0
func (in *OpenTelemetryEnvoyProxyAccessLog) DeepCopyInto(out *OpenTelemetryEnvoyProxyAccessLog)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type Origin ¶ added in v1.0.0
type Origin string
Origin is defined by the scheme (protocol), hostname (domain), and port of the URL used to access it. The hostname can be "precise" which is just the domain name or "wildcard" which is a domain name prefixed with a single wildcard label such as "*.example.com". In addition to that a single wildcard (with or without scheme) can be configured to match any origin.
For example, the following are valid origins: - https://foo.example.com - https://*.example.com - http://foo.example.com:8080 - http://*.example.com:8080 - https://*
+kubebuilder:validation:MinLength=1 +kubebuilder:validation:MaxLength=253 +kubebuilder:validation:Pattern=`^(\*|https?:\/\/(\*|(\*\.)?(([\w-]+\.?)+)?[\w-]+)(:\d{1,5})?)$`
type PassiveHealthCheck ¶ added in v1.0.0
type PassiveHealthCheck struct { // SplitExternalLocalOriginErrors enables splitting of errors between external and local origin. // // +kubebuilder:default=false // +optional SplitExternalLocalOriginErrors *bool `json:"splitExternalLocalOriginErrors,omitempty"` // Interval defines the time between passive health checks. // // +kubebuilder:validation:Format=duration // +kubebuilder:default="3s" // +optional Interval *metav1.Duration `json:"interval,omitempty"` // ConsecutiveLocalOriginFailures sets the number of consecutive local origin failures triggering ejection. // Parameter takes effect only when split_external_local_origin_errors is set to true. // // +kubebuilder:default=5 // +optional ConsecutiveLocalOriginFailures *uint32 `json:"consecutiveLocalOriginFailures,omitempty"` // ConsecutiveGatewayErrors sets the number of consecutive gateway errors triggering ejection. // // +kubebuilder:default=0 // +optional ConsecutiveGatewayErrors *uint32 `json:"consecutiveGatewayErrors,omitempty"` // Consecutive5xxErrors sets the number of consecutive 5xx errors triggering ejection. // // +kubebuilder:default=5 // +optional Consecutive5xxErrors *uint32 `json:"consecutive5XxErrors,omitempty"` // BaseEjectionTime defines the base duration for which a host will be ejected on consecutive failures. // // +kubebuilder:validation:Format=duration // +kubebuilder:default="30s" // +optional BaseEjectionTime *metav1.Duration `json:"baseEjectionTime,omitempty"` // MaxEjectionPercent sets the maximum percentage of hosts in a cluster that can be ejected. // // +kubebuilder:default=10 // +optional MaxEjectionPercent *int32 `json:"maxEjectionPercent,omitempty"` }
PassiveHealthCheck defines the configuration for passive health checks in the context of Envoy's Outlier Detection, see https://www.envoyproxy.io/docs/envoy/latest/intro/arch_overview/upstream/outlier
func (*PassiveHealthCheck) DeepCopy ¶ added in v1.0.0
func (in *PassiveHealthCheck) DeepCopy() *PassiveHealthCheck
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new PassiveHealthCheck.
func (*PassiveHealthCheck) DeepCopyInto ¶ added in v1.0.0
func (in *PassiveHealthCheck) DeepCopyInto(out *PassiveHealthCheck)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type PathEscapedSlashAction ¶ added in v1.0.0
type PathEscapedSlashAction string
PathEscapedSlashAction determines the action for requests that contain %2F, %2f, %5C, or %5c sequences in the URI path. +kubebuilder:validation:Enum=KeepUnchanged;RejectRequest;UnescapeAndForward;UnescapeAndRedirect
const ( // KeepUnchangedAction keeps escaped slashes as they arrive without changes KeepUnchangedAction PathEscapedSlashAction = "KeepUnchanged" // RejectRequestAction rejects client requests containing escaped slashes // with a 400 status. gRPC requests will be rejected with the INTERNAL (13) // error code. // The "httpN.downstream_rq_failed_path_normalization" counter is incremented // for each rejected request. RejectRequestAction PathEscapedSlashAction = "RejectRequest" // UnescapeAndRedirect unescapes %2F and %5C sequences and redirects to the new path // if these sequences were present. // // Redirect occurs after path normalization and merge slashes transformations if // they were configured. gRPC requests will be rejected with the INTERNAL (13) // error code. // This option minimizes possibility of path confusion exploits by forcing request // with unescaped slashes to traverse all parties: downstream client, intermediate // proxies, Envoy and upstream server. // The “httpN.downstream_rq_redirected_with_normalized_path” counter is incremented // for each redirected request. UnescapeAndRedirect PathEscapedSlashAction = "UnescapeAndRedirect" // UnescapeAndForward unescapes %2F and %5C sequences and forwards the request. // Note: this option should not be enabled if intermediaries perform path based access // control as it may lead to path confusion vulnerabilities. UnescapeAndForward PathEscapedSlashAction = "UnescapeAndForward" )
type PathSettings ¶ added in v1.0.0
type PathSettings struct { // EscapedSlashesAction determines how %2f, %2F, %5c, or %5C sequences in the path URI // should be handled. // The default is UnescapeAndRedirect. // // +optional EscapedSlashesAction *PathEscapedSlashAction `json:"escapedSlashesAction,omitempty"` // DisableMergeSlashes allows disabling the default configuration of merging adjacent // slashes in the path. // Note that slash merging is not part of the HTTP spec and is provided for convenience. // // +optional DisableMergeSlashes *bool `json:"disableMergeSlashes,omitempty"` }
PathSettings provides settings that managing how the incoming path set by clients is handled.
func (*PathSettings) DeepCopy ¶ added in v1.0.0
func (in *PathSettings) DeepCopy() *PathSettings
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new PathSettings.
func (*PathSettings) DeepCopyInto ¶ added in v1.0.0
func (in *PathSettings) DeepCopyInto(out *PathSettings)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type PerRetryPolicy ¶ added in v1.0.0
type PerRetryPolicy struct { // Timeout is the timeout per retry attempt. // // +optional // +kubebuilder:validation:Format=duration Timeout *metav1.Duration `json:"timeout,omitempty"` // Backoff is the backoff policy to be applied per retry attempt. gateway uses a fully jittered exponential // back-off algorithm for retries. For additional details, // see https://www.envoyproxy.io/docs/envoy/latest/configuration/http/http_filters/router_filter#config-http-filters-router-x-envoy-max-retries // // +optional BackOff *BackOffPolicy `json:"backOff,omitempty"` }
func (*PerRetryPolicy) DeepCopy ¶ added in v1.0.0
func (in *PerRetryPolicy) DeepCopy() *PerRetryPolicy
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new PerRetryPolicy.
func (*PerRetryPolicy) DeepCopyInto ¶ added in v1.0.0
func (in *PerRetryPolicy) DeepCopyInto(out *PerRetryPolicy)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type PolicyTargetReferences ¶ added in v1.1.0
type PolicyTargetReferences struct { // TargetRef is the name of the resource this policy is being attached to. // This policy and the TargetRef MUST be in the same namespace for this // Policy to have effect // // Deprecated: use targetRefs/targetSelectors instead TargetRef *gwapiv1a2.LocalPolicyTargetReferenceWithSectionName `json:"targetRef,omitempty"` // TargetRefs are the names of the Gateway resources this policy // is being attached to. TargetRefs []gwapiv1a2.LocalPolicyTargetReferenceWithSectionName `json:"targetRefs,omitempty"` // TargetSelectors allow targeting resources for this policy based on labels TargetSelectors []TargetSelector `json:"targetSelectors,omitempty"` }
func (*PolicyTargetReferences) DeepCopy ¶ added in v1.1.0
func (in *PolicyTargetReferences) DeepCopy() *PolicyTargetReferences
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new PolicyTargetReferences.
func (*PolicyTargetReferences) DeepCopyInto ¶ added in v1.1.0
func (in *PolicyTargetReferences) DeepCopyInto(out *PolicyTargetReferences)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
func (PolicyTargetReferences) GetTargetRefs ¶ added in v1.1.0
func (p PolicyTargetReferences) GetTargetRefs() []gwapiv1a2.LocalPolicyTargetReferenceWithSectionName
type Principal ¶ added in v1.1.0
type Principal struct { // ClientCIDRs are the IP CIDR ranges of the client. // Valid examples are "192.168.1.0/24" or "2001:db8::/64" // // If multiple CIDR ranges are specified, one of the CIDR ranges must match // the client IP for the rule to match. // // The client IP is inferred from the X-Forwarded-For header, a custom header, // or the proxy protocol. // You can use the `ClientIPDetection` or the `EnableProxyProtocol` field in // the `ClientTrafficPolicy` to configure how the client IP is detected. // +optional // +kubebuilder:validation:MinItems=1 ClientCIDRs []CIDR `json:"clientCIDRs,omitempty"` // JWT authorize the request based on the JWT claims and scopes. // Note: in order to use JWT claims for authorization, you must configure the // JWT authentication in the same `SecurityPolicy`. // +optional // +notImplementedHide JWT *JWTPrincipal `json:"jwt,omitempty"` }
If there are multiple principal types, all principals must match for the rule to match.
+kubebuilder:validation:XValidation:rule="(has(self.clientCIDRs) || has(self.jwt))",message="at least one of clientCIDRs or jwt must be specified"
func (*Principal) DeepCopy ¶ added in v1.1.0
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new Principal.
func (*Principal) DeepCopyInto ¶ added in v1.1.0
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type ProcessingModeOptions ¶ added in v1.1.0
type ProcessingModeOptions struct { // Defines body processing mode // // +optional Body *ExtProcBodyProcessingMode `json:"body,omitempty"` }
ProcessingModeOptions defines if headers or body should be processed by the external service
func (*ProcessingModeOptions) DeepCopy ¶ added in v1.1.0
func (in *ProcessingModeOptions) DeepCopy() *ProcessingModeOptions
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ProcessingModeOptions.
func (*ProcessingModeOptions) DeepCopyInto ¶ added in v1.1.0
func (in *ProcessingModeOptions) DeepCopyInto(out *ProcessingModeOptions)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type ProviderType ¶ added in v0.6.0
type ProviderType string
ProviderType defines the types of providers supported by Envoy Gateway.
+kubebuilder:validation:Enum=Kubernetes;Custom
const ( // ProviderTypeKubernetes defines the "Kubernetes" provider. ProviderTypeKubernetes ProviderType = "Kubernetes" // ProviderTypeCustom defines the "Custom" provider. ProviderTypeCustom ProviderType = "Custom" )
type ProxyAccessLog ¶ added in v0.6.0
type ProxyAccessLog struct { // Disable disables access logging for managed proxies if set to true. Disable bool `json:"disable,omitempty"` // Settings defines accesslog settings for managed proxies. // If unspecified, will send default format to stdout. // +optional // +kubebuilder:validation:MinItems=1 // +kubebuilder:validation:MaxItems=50 Settings []ProxyAccessLogSetting `json:"settings,omitempty"` }
func (*ProxyAccessLog) DeepCopy ¶ added in v0.6.0
func (in *ProxyAccessLog) DeepCopy() *ProxyAccessLog
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ProxyAccessLog.
func (*ProxyAccessLog) DeepCopyInto ¶ added in v0.6.0
func (in *ProxyAccessLog) DeepCopyInto(out *ProxyAccessLog)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type ProxyAccessLogFormat ¶ added in v0.6.0
type ProxyAccessLogFormat struct { // Type defines the type of accesslog format. // +kubebuilder:validation:Enum=Text;JSON // +unionDiscriminator Type ProxyAccessLogFormatType `json:"type,omitempty"` // Text defines the text accesslog format, following Envoy accesslog formatting, // It's required when the format type is "Text". // Envoy [command operators](https://www.envoyproxy.io/docs/envoy/latest/configuration/observability/access_log/usage#command-operators) may be used in the format. // The [format string documentation](https://www.envoyproxy.io/docs/envoy/latest/configuration/observability/access_log/usage#config-access-log-format-strings) provides more information. // +optional Text *string `json:"text,omitempty"` // JSON is additional attributes that describe the specific event occurrence. // Structured format for the envoy access logs. Envoy [command operators](https://www.envoyproxy.io/docs/envoy/latest/configuration/observability/access_log/usage#command-operators) // can be used as values for fields within the Struct. // It's required when the format type is "JSON". // +optional JSON map[string]string `json:"json,omitempty"` }
ProxyAccessLogFormat defines the format of accesslog. By default accesslogs are written to standard output. +union
+kubebuilder:validation:XValidation:rule="self.type == 'Text' ? has(self.text) : !has(self.text)",message="If AccessLogFormat type is Text, text field needs to be set." +kubebuilder:validation:XValidation:rule="self.type == 'JSON' ? has(self.json) : !has(self.json)",message="If AccessLogFormat type is JSON, json field needs to be set."
func (*ProxyAccessLogFormat) DeepCopy ¶ added in v0.6.0
func (in *ProxyAccessLogFormat) DeepCopy() *ProxyAccessLogFormat
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ProxyAccessLogFormat.
func (*ProxyAccessLogFormat) DeepCopyInto ¶ added in v0.6.0
func (in *ProxyAccessLogFormat) DeepCopyInto(out *ProxyAccessLogFormat)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type ProxyAccessLogFormatType ¶ added in v0.6.0
type ProxyAccessLogFormatType string
const ( // ProxyAccessLogFormatTypeText defines the text accesslog format. ProxyAccessLogFormatTypeText ProxyAccessLogFormatType = "Text" // ProxyAccessLogFormatTypeJSON defines the JSON accesslog format. ProxyAccessLogFormatTypeJSON ProxyAccessLogFormatType = "JSON" )
type ProxyAccessLogSetting ¶ added in v0.6.0
type ProxyAccessLogSetting struct { // Format defines the format of accesslog. // This will be ignored if sink type is ALS. // +optional Format *ProxyAccessLogFormat `json:"format,omitempty"` // Matches defines the match conditions for accesslog in CEL expression. // An accesslog will be emitted only when one or more match conditions are evaluated to true. // Invalid [CEL](https://www.envoyproxy.io/docs/envoy/latest/xds/type/v3/cel.proto.html#common-expression-language-cel-proto) expressions will be ignored. // +kubebuilder:validation:MaxItems=10 Matches []string `json:"matches,omitempty"` // Sinks defines the sinks of accesslog. // +kubebuilder:validation:MinItems=1 // +kubebuilder:validation:MaxItems=50 Sinks []ProxyAccessLogSink `json:"sinks"` // Type defines the component emitting the accesslog, such as Listener and Route. // If type not defined, the setting would apply to: // (1) All Routes. // (2) Listeners if and only if Envoy does not find a matching route for a request. // If type is defined, the accesslog settings would apply to the relevant component (as-is). // +kubebuilder:validation:Enum=Listener;Route // +optional Type *ProxyAccessLogType `json:"type,omitempty"` }
func (*ProxyAccessLogSetting) DeepCopy ¶ added in v0.6.0
func (in *ProxyAccessLogSetting) DeepCopy() *ProxyAccessLogSetting
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ProxyAccessLogSetting.
func (*ProxyAccessLogSetting) DeepCopyInto ¶ added in v0.6.0
func (in *ProxyAccessLogSetting) DeepCopyInto(out *ProxyAccessLogSetting)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type ProxyAccessLogSink ¶ added in v0.6.0
type ProxyAccessLogSink struct { // Type defines the type of accesslog sink. // +kubebuilder:validation:Enum=ALS;File;OpenTelemetry // +unionDiscriminator Type ProxyAccessLogSinkType `json:"type,omitempty"` // ALS defines the gRPC Access Log Service (ALS) sink. // +optional ALS *ALSEnvoyProxyAccessLog `json:"als,omitempty"` // File defines the file accesslog sink. // +optional File *FileEnvoyProxyAccessLog `json:"file,omitempty"` // OpenTelemetry defines the OpenTelemetry accesslog sink. // +optional OpenTelemetry *OpenTelemetryEnvoyProxyAccessLog `json:"openTelemetry,omitempty"` }
ProxyAccessLogSink defines the sink of accesslog. +union
+kubebuilder:validation:XValidation:rule="self.type == 'ALS' ? has(self.als) : !has(self.als)",message="If AccessLogSink type is ALS, als field needs to be set." +kubebuilder:validation:XValidation:rule="self.type == 'File' ? has(self.file) : !has(self.file)",message="If AccessLogSink type is File, file field needs to be set." +kubebuilder:validation:XValidation:rule="self.type == 'OpenTelemetry' ? has(self.openTelemetry) : !has(self.openTelemetry)",message="If AccessLogSink type is OpenTelemetry, openTelemetry field needs to be set."
func (*ProxyAccessLogSink) DeepCopy ¶ added in v0.6.0
func (in *ProxyAccessLogSink) DeepCopy() *ProxyAccessLogSink
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ProxyAccessLogSink.
func (*ProxyAccessLogSink) DeepCopyInto ¶ added in v0.6.0
func (in *ProxyAccessLogSink) DeepCopyInto(out *ProxyAccessLogSink)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type ProxyAccessLogSinkType ¶ added in v0.6.0
type ProxyAccessLogSinkType string
const ( // ProxyAccessLogSinkTypeALS defines the gRPC Access Log Service (ALS) sink. // The service must implement the Envoy gRPC Access Log Service streaming API: // https://www.envoyproxy.io/docs/envoy/latest/api-v3/service/accesslog/v3/als.proto ProxyAccessLogSinkTypeALS ProxyAccessLogSinkType = "ALS" // ProxyAccessLogSinkTypeFile defines the file accesslog sink. ProxyAccessLogSinkTypeFile ProxyAccessLogSinkType = "File" // ProxyAccessLogSinkTypeOpenTelemetry defines the OpenTelemetry accesslog sink. // When the provider is Kubernetes, EnvoyGateway always sends `k8s.namespace.name` // and `k8s.pod.name` as additional attributes. ProxyAccessLogSinkTypeOpenTelemetry ProxyAccessLogSinkType = "OpenTelemetry" )
type ProxyAccessLogType ¶ added in v1.2.0
type ProxyAccessLogType string
const ( // ProxyAccessLogTypeListener defines the accesslog for Listeners. // https://www.envoyproxy.io/docs/envoy/latest/api-v3/config/listener/v3/listener.proto#envoy-v3-api-field-config-listener-v3-listener-access-log ProxyAccessLogTypeListener ProxyAccessLogType = "Listener" // ProxyAccessLogTypeRoute defines the accesslog for HTTP, GRPC, UDP and TCP Routes. // https://www.envoyproxy.io/docs/envoy/latest/api-v3/extensions/filters/udp/udp_proxy/v3/udp_proxy.proto#envoy-v3-api-field-extensions-filters-udp-udp-proxy-v3-udpproxyconfig-access-log // https://www.envoyproxy.io/docs/envoy/latest/api-v3/extensions/filters/network/tcp_proxy/v3/tcp_proxy.proto#envoy-v3-api-field-extensions-filters-network-tcp-proxy-v3-tcpproxy-access-log // https://www.envoyproxy.io/docs/envoy/latest/api-v3/extensions/filters/network/http_connection_manager/v3/http_connection_manager.proto#envoy-v3-api-field-extensions-filters-network-http-connection-manager-v3-httpconnectionmanager-access-log ProxyAccessLogTypeRoute ProxyAccessLogType = "Route" )
type ProxyBootstrap ¶ added in v0.6.0
type ProxyBootstrap struct { // Type is the type of the bootstrap configuration, it should be either Replace, Merge, or JSONPatch. // If unspecified, it defaults to Replace. // +optional // +kubebuilder:default=Replace // +unionDiscriminator Type *BootstrapType `json:"type"` // Value is a YAML string of the bootstrap. // +optional Value *string `json:"value,omitempty"` // JSONPatches is an array of JSONPatches to be applied to the default bootstrap. Patches are // applied in the order in which they are defined. JSONPatches []JSONPatchOperation `json:"jsonPatches,omitempty"` }
ProxyBootstrap defines Envoy Bootstrap configuration. +union +kubebuilder:validation:XValidation:rule="self.type == 'JSONPatch' ? self.jsonPatches.size() > 0 : has(self.value)", message="provided bootstrap patch doesn't match the configured patch type"
func (*ProxyBootstrap) DeepCopy ¶ added in v0.6.0
func (in *ProxyBootstrap) DeepCopy() *ProxyBootstrap
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ProxyBootstrap.
func (*ProxyBootstrap) DeepCopyInto ¶ added in v0.6.0
func (in *ProxyBootstrap) DeepCopyInto(out *ProxyBootstrap)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type ProxyLogComponent ¶ added in v0.6.0
type ProxyLogComponent string
ProxyLogComponent defines a component that supports a configured logging level. +kubebuilder:validation:Enum=system;upstream;http;connection;admin;client;filter;main;router;runtime
const ( // LogComponentDefault defines the default logging component. // See more details: https://www.envoyproxy.io/docs/envoy/latest/operations/cli#cmdoption-l LogComponentDefault ProxyLogComponent = "default" // LogComponentUpstream defines the "upstream" logging component. LogComponentUpstream ProxyLogComponent = "upstream" // LogComponentHTTP defines the "http" logging component. LogComponentHTTP ProxyLogComponent = "http" // LogComponentConnection defines the "connection" logging component. LogComponentConnection ProxyLogComponent = "connection" // LogComponentAdmin defines the "admin" logging component. LogComponentAdmin ProxyLogComponent = "admin" // LogComponentClient defines the "client" logging component. LogComponentClient ProxyLogComponent = "client" // LogComponentFilter defines the "filter" logging component. LogComponentFilter ProxyLogComponent = "filter" // LogComponentMain defines the "main" logging component. LogComponentMain ProxyLogComponent = "main" // LogComponentRouter defines the "router" logging component. LogComponentRouter ProxyLogComponent = "router" // LogComponentRuntime defines the "runtime" logging component. LogComponentRuntime ProxyLogComponent = "runtime" )
type ProxyLogging ¶ added in v0.6.0
type ProxyLogging struct { // Level is a map of logging level per component, where the component is the key // and the log level is the value. If unspecified, defaults to "default: warn". // // +kubebuilder:default={default: warn} Level map[ProxyLogComponent]LogLevel `json:"level,omitempty"` }
ProxyLogging defines logging parameters for managed proxies.
func (*ProxyLogging) DeepCopy ¶ added in v0.6.0
func (in *ProxyLogging) DeepCopy() *ProxyLogging
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ProxyLogging.
func (*ProxyLogging) DeepCopyInto ¶ added in v0.6.0
func (in *ProxyLogging) DeepCopyInto(out *ProxyLogging)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
func (*ProxyLogging) DefaultEnvoyProxyLoggingLevel ¶ added in v0.6.0
func (logging *ProxyLogging) DefaultEnvoyProxyLoggingLevel() LogLevel
DefaultEnvoyProxyLoggingLevel returns envoy proxy v1alpha1.LogComponentGatewayDefault log level. If unspecified, defaults to "warn". When specified, all other logging components are ignored.
func (*ProxyLogging) GetEnvoyProxyComponentLevel ¶ added in v0.6.0
func (logging *ProxyLogging) GetEnvoyProxyComponentLevel() string
GetEnvoyProxyComponentLevel returns envoy proxy component log level args. xref: https://www.envoyproxy.io/docs/envoy/latest/operations/cli#cmdoption-component-log-level
type ProxyMetricSink ¶ added in v0.6.0
type ProxyMetricSink struct { // Type defines the metric sink type. // EG currently only supports OpenTelemetry. // +kubebuilder:validation:Enum=OpenTelemetry // +kubebuilder:default=OpenTelemetry // +unionDiscriminator Type MetricSinkType `json:"type"` // OpenTelemetry defines the configuration for OpenTelemetry sink. // It's required if the sink type is OpenTelemetry. // +optional OpenTelemetry *ProxyOpenTelemetrySink `json:"openTelemetry,omitempty"` }
ProxyMetricSink defines the sink of metrics. Default metrics sink is OpenTelemetry. +union
+kubebuilder:validation:XValidation:rule="self.type == 'OpenTelemetry' ? has(self.openTelemetry) : !has(self.openTelemetry)",message="If MetricSink type is OpenTelemetry, openTelemetry field needs to be set."
func (*ProxyMetricSink) DeepCopy ¶ added in v0.6.0
func (in *ProxyMetricSink) DeepCopy() *ProxyMetricSink
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ProxyMetricSink.
func (*ProxyMetricSink) DeepCopyInto ¶ added in v0.6.0
func (in *ProxyMetricSink) DeepCopyInto(out *ProxyMetricSink)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type ProxyMetrics ¶ added in v0.6.0
type ProxyMetrics struct { // Prometheus defines the configuration for Admin endpoint `/stats/prometheus`. Prometheus *ProxyPrometheusProvider `json:"prometheus,omitempty"` // Sinks defines the metric sinks where metrics are sent to. // +kubebuilder:validation:MaxItems=16 Sinks []ProxyMetricSink `json:"sinks,omitempty"` // Matches defines configuration for selecting specific metrics instead of generating all metrics stats // that are enabled by default. This helps reduce CPU and memory overhead in Envoy, but eliminating some stats // may after critical functionality. Here are the stats that we strongly recommend not disabling: // `cluster_manager.warming_clusters`, `cluster.<cluster_name>.membership_total`,`cluster.<cluster_name>.membership_healthy`, // `cluster.<cluster_name>.membership_degraded`,reference https://github.com/envoyproxy/envoy/issues/9856, // https://github.com/envoyproxy/envoy/issues/14610 // Matches []StringMatch `json:"matches,omitempty"` // EnableVirtualHostStats enables envoy stat metrics for virtual hosts. // // +optional EnableVirtualHostStats *bool `json:"enableVirtualHostStats,omitempty"` // EnablePerEndpointStats enables per endpoint envoy stats metrics. // Please use with caution. // // +optional EnablePerEndpointStats *bool `json:"enablePerEndpointStats,omitempty"` // EnableRequestResponseSizesStats enables publishing of histograms tracking header and body sizes of requests and responses. // // +optional EnableRequestResponseSizesStats *bool `json:"enableRequestResponseSizesStats,omitempty"` }
func (*ProxyMetrics) DeepCopy ¶ added in v0.6.0
func (in *ProxyMetrics) DeepCopy() *ProxyMetrics
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ProxyMetrics.
func (*ProxyMetrics) DeepCopyInto ¶ added in v0.6.0
func (in *ProxyMetrics) DeepCopyInto(out *ProxyMetrics)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type ProxyOpenTelemetrySink ¶ added in v0.6.0
type ProxyOpenTelemetrySink struct { BackendCluster `json:",inline"` // Host define the service hostname. // Deprecated: Use BackendRefs instead. // // +optional Host *string `json:"host,omitempty"` // Port defines the port the service is exposed on. // Deprecated: Use BackendRefs instead. // // +optional // +kubebuilder:validation:Minimum=0 // +kubebuilder:validation:Maximum=65535 // +kubebuilder:default=4317 Port int32 `json:"port,omitempty"` }
ProxyOpenTelemetrySink defines the configuration for OpenTelemetry sink.
+kubebuilder:validation:XValidation:message="host or backendRefs needs to be set",rule="has(self.host) || self.backendRefs.size() > 0" +kubebuilder:validation:XValidation:message="BackendRefs must be used, backendRef is not supported.",rule="!has(self.backendRef)" +kubebuilder:validation:XValidation:message="only supports Service kind.",rule="has(self.backendRefs) ? self.backendRefs.all(f, f.kind == 'Service') : true" +kubebuilder:validation:XValidation:message="BackendRefs only supports Core group.",rule="has(self.backendRefs) ? (self.backendRefs.all(f, f.group == \"\")) : true"
func (*ProxyOpenTelemetrySink) DeepCopy ¶ added in v0.6.0
func (in *ProxyOpenTelemetrySink) DeepCopy() *ProxyOpenTelemetrySink
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ProxyOpenTelemetrySink.
func (*ProxyOpenTelemetrySink) DeepCopyInto ¶ added in v0.6.0
func (in *ProxyOpenTelemetrySink) DeepCopyInto(out *ProxyOpenTelemetrySink)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type ProxyPrometheusProvider ¶ added in v0.6.0
type ProxyPrometheusProvider struct { // Disable the Prometheus endpoint. Disable bool `json:"disable,omitempty"` // Configure the compression on Prometheus endpoint. Compression is useful in situations when bandwidth is scarce and large payloads can be effectively compressed at the expense of higher CPU load. // +optional Compression *Compression `json:"compression,omitempty"` }
func (*ProxyPrometheusProvider) DeepCopy ¶ added in v0.6.0
func (in *ProxyPrometheusProvider) DeepCopy() *ProxyPrometheusProvider
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ProxyPrometheusProvider.
func (*ProxyPrometheusProvider) DeepCopyInto ¶ added in v0.6.0
func (in *ProxyPrometheusProvider) DeepCopyInto(out *ProxyPrometheusProvider)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type ProxyProtocol ¶ added in v1.0.0
type ProxyProtocol struct { // Version of ProxyProtol // Valid ProxyProtocolVersion values are // "V1" // "V2" Version ProxyProtocolVersion `json:"version"` }
ProxyProtocol defines the configuration related to the proxy protocol when communicating with the backend.
func (*ProxyProtocol) DeepCopy ¶ added in v1.0.0
func (in *ProxyProtocol) DeepCopy() *ProxyProtocol
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ProxyProtocol.
func (*ProxyProtocol) DeepCopyInto ¶ added in v1.0.0
func (in *ProxyProtocol) DeepCopyInto(out *ProxyProtocol)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type ProxyProtocolVersion ¶ added in v1.0.0
type ProxyProtocolVersion string
ProxyProtocolVersion defines the version of the Proxy Protocol to use. +kubebuilder:validation:Enum=V1;V2
const ( // ProxyProtocolVersionV1 is the PROXY protocol version 1 (human readable format). ProxyProtocolVersionV1 ProxyProtocolVersion = "V1" // ProxyProtocolVersionV2 is the PROXY protocol version 2 (binary format). ProxyProtocolVersionV2 ProxyProtocolVersion = "V2" )
type ProxyTelemetry ¶ added in v0.6.0
type ProxyTelemetry struct { // AccessLogs defines accesslog parameters for managed proxies. // If unspecified, will send default format to stdout. // +optional AccessLog *ProxyAccessLog `json:"accessLog,omitempty"` // Tracing defines tracing configuration for managed proxies. // If unspecified, will not send tracing data. // +optional Tracing *ProxyTracing `json:"tracing,omitempty"` // Metrics defines metrics configuration for managed proxies. Metrics *ProxyMetrics `json:"metrics,omitempty"` }
func (*ProxyTelemetry) DeepCopy ¶ added in v0.6.0
func (in *ProxyTelemetry) DeepCopy() *ProxyTelemetry
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ProxyTelemetry.
func (*ProxyTelemetry) DeepCopyInto ¶ added in v0.6.0
func (in *ProxyTelemetry) DeepCopyInto(out *ProxyTelemetry)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type ProxyTracing ¶ added in v0.6.0
type ProxyTracing struct { // SamplingRate controls the rate at which traffic will be // selected for tracing if no prior sampling decision has been made. // Defaults to 100, valid values [0-100]. 100 indicates 100% sampling. // +kubebuilder:validation:Minimum=0 // +kubebuilder:validation:Maximum=100 // +kubebuilder:default=100 // +optional SamplingRate *uint32 `json:"samplingRate,omitempty"` // CustomTags defines the custom tags to add to each span. // If provider is kubernetes, pod name and namespace are added by default. CustomTags map[string]CustomTag `json:"customTags,omitempty"` // Provider defines the tracing provider. Provider TracingProvider `json:"provider"` }
func (*ProxyTracing) DeepCopy ¶ added in v0.6.0
func (in *ProxyTracing) DeepCopy() *ProxyTracing
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ProxyTracing.
func (*ProxyTracing) DeepCopyInto ¶ added in v0.6.0
func (in *ProxyTracing) DeepCopyInto(out *ProxyTracing)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type RateLimit ¶ added in v0.6.0
type RateLimit struct { // Backend holds the configuration associated with the // database backend used by the rate limit service to store // state associated with global ratelimiting. Backend RateLimitDatabaseBackend `json:"backend"` // Timeout specifies the timeout period for the proxy to access the ratelimit server // If not set, timeout is 20ms. // +optional // +kubebuilder:validation:Format=duration Timeout *metav1.Duration `json:"timeout,omitempty"` // FailClosed is a switch used to control the flow of traffic // when the response from the ratelimit server cannot be obtained. // If FailClosed is false, let the traffic pass, // otherwise, don't let the traffic pass and return 500. // If not set, FailClosed is False. FailClosed bool `json:"failClosed"` // Telemetry defines telemetry configuration for RateLimit. // +optional Telemetry *RateLimitTelemetry `json:"telemetry,omitempty"` }
RateLimit defines the configuration associated with the Rate Limit Service used for Global Rate Limiting.
func (*RateLimit) DeepCopy ¶ added in v0.6.0
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new RateLimit.
func (*RateLimit) DeepCopyInto ¶ added in v0.6.0
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type RateLimitDatabaseBackend ¶ added in v0.6.0
type RateLimitDatabaseBackend struct { // Type is the type of database backend to use. Supported types are: // * Redis: Connects to a Redis database. // // +unionDiscriminator Type RateLimitDatabaseBackendType `json:"type"` // Redis defines the settings needed to connect to a Redis database. // // +optional Redis *RateLimitRedisSettings `json:"redis,omitempty"` }
RateLimitDatabaseBackend defines the configuration associated with the database backend used by the rate limit service. +union
func (*RateLimitDatabaseBackend) DeepCopy ¶ added in v0.6.0
func (in *RateLimitDatabaseBackend) DeepCopy() *RateLimitDatabaseBackend
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new RateLimitDatabaseBackend.
func (*RateLimitDatabaseBackend) DeepCopyInto ¶ added in v0.6.0
func (in *RateLimitDatabaseBackend) DeepCopyInto(out *RateLimitDatabaseBackend)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type RateLimitDatabaseBackendType ¶ added in v0.6.0
type RateLimitDatabaseBackendType string
RateLimitDatabaseBackendType specifies the types of database backend to be used by the rate limit service. +kubebuilder:validation:Enum=Redis
const ( // RedisBackendType uses a redis database for the rate limit service. RedisBackendType RateLimitDatabaseBackendType = "Redis" )
type RateLimitMetrics ¶ added in v1.0.0
type RateLimitMetrics struct { // Prometheus defines the configuration for prometheus endpoint. Prometheus *RateLimitMetricsPrometheusProvider `json:"prometheus,omitempty"` }
func (*RateLimitMetrics) DeepCopy ¶ added in v1.0.0
func (in *RateLimitMetrics) DeepCopy() *RateLimitMetrics
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new RateLimitMetrics.
func (*RateLimitMetrics) DeepCopyInto ¶ added in v1.0.0
func (in *RateLimitMetrics) DeepCopyInto(out *RateLimitMetrics)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type RateLimitMetricsPrometheusProvider ¶ added in v1.0.0
type RateLimitMetricsPrometheusProvider struct { // Disable the Prometheus endpoint. Disable bool `json:"disable,omitempty"` }
func (*RateLimitMetricsPrometheusProvider) DeepCopy ¶ added in v1.0.0
func (in *RateLimitMetricsPrometheusProvider) DeepCopy() *RateLimitMetricsPrometheusProvider
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new RateLimitMetricsPrometheusProvider.
func (*RateLimitMetricsPrometheusProvider) DeepCopyInto ¶ added in v1.0.0
func (in *RateLimitMetricsPrometheusProvider) DeepCopyInto(out *RateLimitMetricsPrometheusProvider)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type RateLimitRedisSettings ¶ added in v0.6.0
type RateLimitRedisSettings struct { // URL of the Redis Database. URL string `json:"url"` // TLS defines TLS configuration for connecting to redis database. // // +optional TLS *RedisTLSSettings `json:"tls,omitempty"` }
RateLimitRedisSettings defines the configuration for connecting to redis database.
func (*RateLimitRedisSettings) DeepCopy ¶ added in v0.6.0
func (in *RateLimitRedisSettings) DeepCopy() *RateLimitRedisSettings
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new RateLimitRedisSettings.
func (*RateLimitRedisSettings) DeepCopyInto ¶ added in v0.6.0
func (in *RateLimitRedisSettings) DeepCopyInto(out *RateLimitRedisSettings)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type RateLimitRule ¶
type RateLimitRule struct { // ClientSelectors holds the list of select conditions to select // specific clients using attributes from the traffic flow. // All individual select conditions must hold True for this rule // and its limit to be applied. // // If no client selectors are specified, the rule applies to all traffic of // the targeted Route. // // If the policy targets a Gateway, the rule applies to each Route of the Gateway. // Please note that each Route has its own rate limit counters. For example, // if a Gateway has two Routes, and the policy has a rule with limit 10rps, // each Route will have its own 10rps limit. // // +optional // +kubebuilder:validation:MaxItems=8 ClientSelectors []RateLimitSelectCondition `json:"clientSelectors,omitempty"` // Limit holds the rate limit values. // This limit is applied for traffic flows when the selectors // compute to True, causing the request to be counted towards the limit. // The limit is enforced and the request is ratelimited, i.e. a response with // 429 HTTP status code is sent back to the client when // the selected requests have reached the limit. Limit RateLimitValue `json:"limit"` }
RateLimitRule defines the semantics for matching attributes from the incoming requests, and setting limits for them.
func (*RateLimitRule) DeepCopy ¶
func (in *RateLimitRule) DeepCopy() *RateLimitRule
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new RateLimitRule.
func (*RateLimitRule) DeepCopyInto ¶
func (in *RateLimitRule) DeepCopyInto(out *RateLimitRule)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type RateLimitSelectCondition ¶
type RateLimitSelectCondition struct { // Headers is a list of request headers to match. Multiple header values are ANDed together, // meaning, a request MUST match all the specified headers. // At least one of headers or sourceCIDR condition must be specified. // // +optional // +kubebuilder:validation:MaxItems=16 Headers []HeaderMatch `json:"headers,omitempty"` // SourceCIDR is the client IP Address range to match on. // At least one of headers or sourceCIDR condition must be specified. // // +optional SourceCIDR *SourceMatch `json:"sourceCIDR,omitempty"` }
RateLimitSelectCondition specifies the attributes within the traffic flow that can be used to select a subset of clients to be ratelimited. All the individual conditions must hold True for the overall condition to hold True.
func (*RateLimitSelectCondition) DeepCopy ¶
func (in *RateLimitSelectCondition) DeepCopy() *RateLimitSelectCondition
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new RateLimitSelectCondition.
func (*RateLimitSelectCondition) DeepCopyInto ¶
func (in *RateLimitSelectCondition) DeepCopyInto(out *RateLimitSelectCondition)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type RateLimitSpec ¶ added in v0.6.0
type RateLimitSpec struct { // Type decides the scope for the RateLimits. // Valid RateLimitType values are "Global" or "Local". // // +unionDiscriminator Type RateLimitType `json:"type"` // Global defines global rate limit configuration. // // +optional Global *GlobalRateLimit `json:"global,omitempty"` // Local defines local rate limit configuration. // // +optional Local *LocalRateLimit `json:"local,omitempty"` }
RateLimitSpec defines the desired state of RateLimitSpec. +union
func (*RateLimitSpec) DeepCopy ¶ added in v0.6.0
func (in *RateLimitSpec) DeepCopy() *RateLimitSpec
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new RateLimitSpec.
func (*RateLimitSpec) DeepCopyInto ¶ added in v0.6.0
func (in *RateLimitSpec) DeepCopyInto(out *RateLimitSpec)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type RateLimitTelemetry ¶ added in v1.0.0
type RateLimitTelemetry struct { // Metrics defines metrics configuration for RateLimit. Metrics *RateLimitMetrics `json:"metrics,omitempty"` // Tracing defines traces configuration for RateLimit. Tracing *RateLimitTracing `json:"tracing,omitempty"` }
func (*RateLimitTelemetry) DeepCopy ¶ added in v1.0.0
func (in *RateLimitTelemetry) DeepCopy() *RateLimitTelemetry
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new RateLimitTelemetry.
func (*RateLimitTelemetry) DeepCopyInto ¶ added in v1.0.0
func (in *RateLimitTelemetry) DeepCopyInto(out *RateLimitTelemetry)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type RateLimitTracing ¶ added in v1.1.0
type RateLimitTracing struct { // SamplingRate controls the rate at which traffic will be // selected for tracing if no prior sampling decision has been made. // Defaults to 100, valid values [0-100]. 100 indicates 100% sampling. // +optional SamplingRate *uint32 `json:"samplingRate,omitempty"` // Provider defines the rateLimit tracing provider. // Only OpenTelemetry is supported currently. Provider *RateLimitTracingProvider `json:"provider,omitempty"` }
func (*RateLimitTracing) DeepCopy ¶ added in v1.1.0
func (in *RateLimitTracing) DeepCopy() *RateLimitTracing
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new RateLimitTracing.
func (*RateLimitTracing) DeepCopyInto ¶ added in v1.1.0
func (in *RateLimitTracing) DeepCopyInto(out *RateLimitTracing)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type RateLimitTracingProvider ¶ added in v1.1.0
type RateLimitTracingProvider struct { // Type defines the tracing provider type. // Since to RateLimit Exporter currently using OpenTelemetry, only OpenTelemetry is supported Type *RateLimitTracingProviderType `json:"type,omitempty"` // URL is the endpoint of the trace collector that supports the OTLP protocol URL string `json:"url"` }
RateLimitTracingProvider defines the tracing provider configuration of RateLimit
func (*RateLimitTracingProvider) DeepCopy ¶ added in v1.1.0
func (in *RateLimitTracingProvider) DeepCopy() *RateLimitTracingProvider
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new RateLimitTracingProvider.
func (*RateLimitTracingProvider) DeepCopyInto ¶ added in v1.1.0
func (in *RateLimitTracingProvider) DeepCopyInto(out *RateLimitTracingProvider)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type RateLimitTracingProviderType ¶ added in v1.1.0
type RateLimitTracingProviderType string
type RateLimitType ¶
type RateLimitType string
RateLimitType specifies the types of RateLimiting. +kubebuilder:validation:Enum=Global;Local
const ( // GlobalRateLimitType allows the rate limits to be applied across all Envoy // proxy instances. GlobalRateLimitType RateLimitType = "Global" // LocalRateLimitType allows the rate limits to be applied on a per Envoy // proxy instance basis. LocalRateLimitType RateLimitType = "Local" )
type RateLimitUnit ¶
type RateLimitUnit string
RateLimitUnit specifies the intervals for setting rate limits. Valid RateLimitUnit values are "Second", "Minute", "Hour", and "Day".
+kubebuilder:validation:Enum=Second;Minute;Hour;Day
const ( // RateLimitUnitSecond specifies the rate limit interval to be 1 second. RateLimitUnitSecond RateLimitUnit = "Second" // RateLimitUnitMinute specifies the rate limit interval to be 1 minute. RateLimitUnitMinute RateLimitUnit = "Minute" // RateLimitUnitHour specifies the rate limit interval to be 1 hour. RateLimitUnitHour RateLimitUnit = "Hour" // RateLimitUnitDay specifies the rate limit interval to be 1 day. RateLimitUnitDay RateLimitUnit = "Day" )
RateLimitUnit constants.
type RateLimitValue ¶
type RateLimitValue struct { Requests uint `json:"requests"` Unit RateLimitUnit `json:"unit"` }
RateLimitValue defines the limits for rate limiting.
func (*RateLimitValue) DeepCopy ¶
func (in *RateLimitValue) DeepCopy() *RateLimitValue
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new RateLimitValue.
func (*RateLimitValue) DeepCopyInto ¶
func (in *RateLimitValue) DeepCopyInto(out *RateLimitValue)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type RedisTLSSettings ¶ added in v0.6.0
type RedisTLSSettings struct { // CertificateRef defines the client certificate reference for TLS connections. // Currently only a Kubernetes Secret of type TLS is supported. // +optional CertificateRef *gwapiv1.SecretObjectReference `json:"certificateRef,omitempty"` }
RedisTLSSettings defines the TLS configuration for connecting to redis database.
func (*RedisTLSSettings) DeepCopy ¶ added in v0.6.0
func (in *RedisTLSSettings) DeepCopy() *RedisTLSSettings
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new RedisTLSSettings.
func (*RedisTLSSettings) DeepCopyInto ¶ added in v0.6.0
func (in *RedisTLSSettings) DeepCopyInto(out *RedisTLSSettings)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type RemoteJWKS ¶
type RemoteJWKS struct { // URI is the HTTPS URI to fetch the JWKS. Envoy's system trust bundle is used to // validate the server certificate. // // +kubebuilder:validation:MinLength=1 // +kubebuilder:validation:MaxLength=253 URI string `json:"uri"` }
RemoteJWKS defines how to fetch and cache JSON Web Key Sets (JWKS) from a remote HTTP/HTTPS endpoint.
func (*RemoteJWKS) DeepCopy ¶
func (in *RemoteJWKS) DeepCopy() *RemoteJWKS
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new RemoteJWKS.
func (*RemoteJWKS) DeepCopyInto ¶
func (in *RemoteJWKS) DeepCopyInto(out *RemoteJWKS)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type ReplaceRegexMatch ¶ added in v1.2.0
type ReplaceRegexMatch struct { // Pattern matches a regular expression against the value of the HTTP Path.The regex string must // adhere to the syntax documented in https://github.com/google/re2/wiki/Syntax. // +kubebuilder:validation:MinLength=1 Pattern string `json:"pattern"` // Substitution is an expression that replaces the matched portion.The expression may include numbered // capture groups that adhere to syntax documented in https://github.com/google/re2/wiki/Syntax. Substitution string `json:"substitution"` }
func (*ReplaceRegexMatch) DeepCopy ¶ added in v1.2.0
func (in *ReplaceRegexMatch) DeepCopy() *ReplaceRegexMatch
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ReplaceRegexMatch.
func (*ReplaceRegexMatch) DeepCopyInto ¶ added in v1.2.0
func (in *ReplaceRegexMatch) DeepCopyInto(out *ReplaceRegexMatch)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type RequestHeaderCustomTag ¶ added in v0.6.0
type RequestHeaderCustomTag struct { // Name defines the name of the request header which to extract the value from. Name string `json:"name"` // DefaultValue defines the default value to use if the request header is not set. // +optional DefaultValue *string `json:"defaultValue,omitempty"` }
RequestHeaderCustomTag adds value from request header to each span.
func (*RequestHeaderCustomTag) DeepCopy ¶ added in v0.6.0
func (in *RequestHeaderCustomTag) DeepCopy() *RequestHeaderCustomTag
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new RequestHeaderCustomTag.
func (*RequestHeaderCustomTag) DeepCopyInto ¶ added in v0.6.0
func (in *RequestHeaderCustomTag) DeepCopyInto(out *RequestHeaderCustomTag)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type ResourceProviderType ¶ added in v0.6.0
type ResourceProviderType string
ResourceProviderType defines the types of custom resource providers supported by Envoy Gateway.
+kubebuilder:validation:Enum=File
const ( // ResourceProviderTypeFile defines the "File" provider. ResourceProviderTypeFile ResourceProviderType = "File" )
type ResponseOverride ¶ added in v1.2.0
type ResponseOverride struct { // Match configuration. Match CustomResponseMatch `json:"match"` // Response configuration. Response CustomResponse `json:"response"` }
ResponseOverride defines the configuration to override specific responses with a custom one.
func (*ResponseOverride) DeepCopy ¶ added in v1.2.0
func (in *ResponseOverride) DeepCopy() *ResponseOverride
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ResponseOverride.
func (*ResponseOverride) DeepCopyInto ¶ added in v1.2.0
func (in *ResponseOverride) DeepCopyInto(out *ResponseOverride)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type ResponseValueType ¶ added in v1.2.0
type ResponseValueType string
ResponseValueType defines the types of values for the response body supported by Envoy Gateway. +kubebuilder:validation:Enum=Inline;ValueRef
const ( // ResponseValueTypeInline defines the "Inline" response body type. ResponseValueTypeInline ResponseValueType = "Inline" // ResponseValueTypeValueRef defines the "ValueRef" response body type. ResponseValueTypeValueRef ResponseValueType = "ValueRef" )
type Retry ¶ added in v1.0.0
type Retry struct { // NumRetries is the number of retries to be attempted. Defaults to 2. // // +optional // +kubebuilder:validation:Minimum=0 // +kubebuilder:default=2 NumRetries *int32 `json:"numRetries,omitempty"` // RetryOn specifies the retry trigger condition. // // If not specified, the default is to retry on connect-failure,refused-stream,unavailable,cancelled,retriable-status-codes(503). // +optional RetryOn *RetryOn `json:"retryOn,omitempty"` // PerRetry is the retry policy to be applied per retry attempt. // // +optional PerRetry *PerRetryPolicy `json:"perRetry,omitempty"` }
Retry defines the retry strategy to be applied.
func (*Retry) DeepCopy ¶ added in v1.0.0
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new Retry.
func (*Retry) DeepCopyInto ¶ added in v1.0.0
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type RetryOn ¶ added in v1.0.0
type RetryOn struct { // Triggers specifies the retry trigger condition(Http/Grpc). // // +optional Triggers []TriggerEnum `json:"triggers,omitempty"` // HttpStatusCodes specifies the http status codes to be retried. // The retriable-status-codes trigger must also be configured for these status codes to trigger a retry. // // +optional HTTPStatusCodes []HTTPStatus `json:"httpStatusCodes,omitempty"` }
func (*RetryOn) DeepCopy ¶ added in v1.0.0
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new RetryOn.
func (*RetryOn) DeepCopyInto ¶ added in v1.0.0
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type RoutingType ¶ added in v1.1.0
type RoutingType string
RoutingType defines the type of routing of this Envoy proxy.
const ( // ServiceRoutingType is the RoutingType for Service Cluster IP routing. ServiceRoutingType RoutingType = "Service" // EndpointRoutingType is the RoutingType for Endpoint routing. EndpointRoutingType RoutingType = "Endpoint" )
type SecurityPolicy ¶ added in v0.6.0
type SecurityPolicy struct { metav1.TypeMeta `json:",inline"` metav1.ObjectMeta `json:"metadata,omitempty"` // Spec defines the desired state of SecurityPolicy. Spec SecurityPolicySpec `json:"spec"` // Status defines the current status of SecurityPolicy. Status gwapiv1a2.PolicyStatus `json:"status,omitempty"` }
SecurityPolicy allows the user to configure various security settings for a Gateway.
func (*SecurityPolicy) DeepCopy ¶ added in v0.6.0
func (in *SecurityPolicy) DeepCopy() *SecurityPolicy
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new SecurityPolicy.
func (*SecurityPolicy) DeepCopyInto ¶ added in v0.6.0
func (in *SecurityPolicy) DeepCopyInto(out *SecurityPolicy)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
func (*SecurityPolicy) DeepCopyObject ¶ added in v0.6.0
func (in *SecurityPolicy) DeepCopyObject() runtime.Object
DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.
type SecurityPolicyList ¶ added in v0.6.0
type SecurityPolicyList struct { metav1.TypeMeta `json:",inline"` metav1.ListMeta `json:"metadata,omitempty"` Items []SecurityPolicy `json:"items"` }
SecurityPolicyList contains a list of SecurityPolicy resources.
func (*SecurityPolicyList) DeepCopy ¶ added in v0.6.0
func (in *SecurityPolicyList) DeepCopy() *SecurityPolicyList
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new SecurityPolicyList.
func (*SecurityPolicyList) DeepCopyInto ¶ added in v0.6.0
func (in *SecurityPolicyList) DeepCopyInto(out *SecurityPolicyList)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
func (*SecurityPolicyList) DeepCopyObject ¶ added in v0.6.0
func (in *SecurityPolicyList) DeepCopyObject() runtime.Object
DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.
type SecurityPolicySpec ¶ added in v0.6.0
type SecurityPolicySpec struct { PolicyTargetReferences `json:",inline"` // CORS defines the configuration for Cross-Origin Resource Sharing (CORS). // // +optional CORS *CORS `json:"cors,omitempty"` // BasicAuth defines the configuration for the HTTP Basic Authentication. // // +optional BasicAuth *BasicAuth `json:"basicAuth,omitempty"` // JWT defines the configuration for JSON Web Token (JWT) authentication. // // +optional JWT *JWT `json:"jwt,omitempty"` // OIDC defines the configuration for the OpenID Connect (OIDC) authentication. // // +optional OIDC *OIDC `json:"oidc,omitempty"` // ExtAuth defines the configuration for External Authorization. // // +optional ExtAuth *ExtAuth `json:"extAuth,omitempty"` // Authorization defines the authorization configuration. // // +optional Authorization *Authorization `json:"authorization,omitempty"` }
+kubebuilder:validation:XValidation:rule="(has(self.targetRef) && !has(self.targetRefs)) || (!has(self.targetRef) && has(self.targetRefs)) || (has(self.targetSelectors) && self.targetSelectors.size() > 0) ", message="either targetRef or targetRefs must be used"
+kubebuilder:validation:XValidation:rule="has(self.targetRef) ? self.targetRef.group == 'gateway.networking.k8s.io' : true", message="this policy can only have a targetRef.group of gateway.networking.k8s.io" +kubebuilder:validation:XValidation:rule="has(self.targetRef) ? self.targetRef.kind in ['Gateway', 'HTTPRoute', 'GRPCRoute'] : true", message="this policy can only have a targetRef.kind of Gateway/HTTPRoute/GRPCRoute" +kubebuilder:validation:XValidation:rule="has(self.targetRef) ? !has(self.targetRef.sectionName) : true",message="this policy does not yet support the sectionName field" +kubebuilder:validation:XValidation:rule="has(self.targetRefs) ? self.targetRefs.all(ref, ref.group == 'gateway.networking.k8s.io') : true ", message="this policy can only have a targetRefs[*].group of gateway.networking.k8s.io" +kubebuilder:validation:XValidation:rule="has(self.targetRefs) ? self.targetRefs.all(ref, ref.kind in ['Gateway', 'HTTPRoute', 'GRPCRoute']) : true ", message="this policy can only have a targetRefs[*].kind of Gateway/HTTPRoute/GRPCRoute" +kubebuilder:validation:XValidation:rule="has(self.targetRefs) ? self.targetRefs.all(ref, !has(ref.sectionName)) : true",message="this policy does not yet support the sectionName field" +kubebuilder:validation:XValidation:rule="(has(self.authorization) && has(self.authorization.rules) && self.authorization.rules.exists(r, has(r.principal.jwt))) ? has(self.jwt) : true", message="if authorization.rules.principal.jwt is used, jwt must be defined"
SecurityPolicySpec defines the desired state of SecurityPolicy.
func (*SecurityPolicySpec) DeepCopy ¶ added in v0.6.0
func (in *SecurityPolicySpec) DeepCopy() *SecurityPolicySpec
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new SecurityPolicySpec.
func (*SecurityPolicySpec) DeepCopyInto ¶ added in v0.6.0
func (in *SecurityPolicySpec) DeepCopyInto(out *SecurityPolicySpec)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type ServiceExternalTrafficPolicy ¶ added in v1.0.0
type ServiceExternalTrafficPolicy string
ServiceExternalTrafficPolicy describes how nodes distribute service traffic they receive on one of the Service's "externally-facing" addresses (NodePorts, ExternalIPs, and LoadBalancer IPs. +enum +kubebuilder:validation:Enum=Local;Cluster
const ( // ServiceExternalTrafficPolicyCluster routes traffic to all endpoints. ServiceExternalTrafficPolicyCluster ServiceExternalTrafficPolicy = "Cluster" // ServiceExternalTrafficPolicyLocal preserves the source IP of the traffic by // routing only to endpoints on the same node as the traffic was received on // (dropping the traffic if there are no local endpoints). ServiceExternalTrafficPolicyLocal ServiceExternalTrafficPolicy = "Local" )
func DefaultKubernetesServiceExternalTrafficPolicy ¶ added in v1.0.0
func DefaultKubernetesServiceExternalTrafficPolicy() *ServiceExternalTrafficPolicy
func GetKubernetesServiceExternalTrafficPolicy ¶ added in v1.0.0
func GetKubernetesServiceExternalTrafficPolicy(serviceExternalTrafficPolicy ServiceExternalTrafficPolicy) *ServiceExternalTrafficPolicy
type ServiceType ¶ added in v0.6.0
type ServiceType string
ServiceType string describes ingress methods for a service +enum +kubebuilder:validation:Enum=ClusterIP;LoadBalancer;NodePort
const ( // ServiceTypeClusterIP means a service will only be accessible inside the // cluster, via the cluster IP. ServiceTypeClusterIP ServiceType = "ClusterIP" // ServiceTypeLoadBalancer means a service will be exposed via an // external load balancer (if the cloud provider supports it). ServiceTypeLoadBalancer ServiceType = "LoadBalancer" // ServiceTypeNodePort means a service will be exposed on each Kubernetes Node // at a static Port, common across all Nodes. ServiceTypeNodePort ServiceType = "NodePort" )
func DefaultKubernetesServiceType ¶ added in v0.6.0
func DefaultKubernetesServiceType() *ServiceType
DefaultKubernetesServiceType returns a new KubernetesServiceType with default settings.
func GetKubernetesServiceType ¶ added in v0.6.0
func GetKubernetesServiceType(serviceType ServiceType) *ServiceType
GetKubernetesServiceType returns the KubernetesServiceType pointer.
type Session ¶ added in v1.2.0
type Session struct { // Resumption determines the proxy's supported TLS session resumption option. // By default, Envoy Gateway does not enable session resumption. Use sessionResumption to // enable stateful and stateless session resumption. Users should consider security impacts // of different resumption methods. Performance gains from resumption are diminished when // Envoy proxy is deployed with more than one replica. // +optional Resumption *SessionResumption `json:"resumption,omitempty"` }
Session defines settings related to TLS session management.
func (*Session) DeepCopy ¶ added in v1.2.0
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new Session.
func (*Session) DeepCopyInto ¶ added in v1.2.0
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type SessionResumption ¶ added in v1.2.0
type SessionResumption struct { // Stateless defines setting for stateless (session-ticket based) session resumption // +optional Stateless *StatelessTLSSessionResumption `json:"stateless,omitempty"` // Stateful defines setting for stateful (session-id based) session resumption // +optional Stateful *StatefulTLSSessionResumption `json:"stateful,omitempty"` }
SessionResumption defines supported tls session resumption methods and their associated configuration.
func (*SessionResumption) DeepCopy ¶ added in v1.2.0
func (in *SessionResumption) DeepCopy() *SessionResumption
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new SessionResumption.
func (*SessionResumption) DeepCopyInto ¶ added in v1.2.0
func (in *SessionResumption) DeepCopyInto(out *SessionResumption)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type ShutdownConfig ¶ added in v1.0.0
type ShutdownConfig struct { // DrainTimeout defines the graceful drain timeout. This should be less than the pod's terminationGracePeriodSeconds. // If unspecified, defaults to 60 seconds. // // +optional DrainTimeout *metav1.Duration `json:"drainTimeout,omitempty"` // MinDrainDuration defines the minimum drain duration allowing time for endpoint deprogramming to complete. // If unspecified, defaults to 10 seconds. // // +optional MinDrainDuration *metav1.Duration `json:"minDrainDuration,omitempty"` }
ShutdownConfig defines configuration for graceful envoy shutdown process.
func (*ShutdownConfig) DeepCopy ¶ added in v1.0.0
func (in *ShutdownConfig) DeepCopy() *ShutdownConfig
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ShutdownConfig.
func (*ShutdownConfig) DeepCopyInto ¶ added in v1.0.0
func (in *ShutdownConfig) DeepCopyInto(out *ShutdownConfig)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type ShutdownManager ¶ added in v1.1.0
type ShutdownManager struct { // Image specifies the ShutdownManager container image to be used, instead of the default image. Image *string `json:"image,omitempty"` }
ShutdownManager defines the configuration for the shutdown manager.
func (*ShutdownManager) DeepCopy ¶ added in v1.1.0
func (in *ShutdownManager) DeepCopy() *ShutdownManager
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ShutdownManager.
func (*ShutdownManager) DeepCopyInto ¶ added in v1.1.0
func (in *ShutdownManager) DeepCopyInto(out *ShutdownManager)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type SlowStart ¶ added in v1.0.0
type SlowStart struct { // Window defines the duration of the warm up period for newly added host. // During slow start window, traffic sent to the newly added hosts will gradually increase. // Currently only supports linear growth of traffic. For additional details, // see https://www.envoyproxy.io/docs/envoy/latest/api-v3/config/cluster/v3/cluster.proto#config-cluster-v3-cluster-slowstartconfig // +kubebuilder:validation:Required Window *metav1.Duration `json:"window"` }
SlowStart defines the configuration related to the slow start load balancer policy.
func (*SlowStart) DeepCopy ¶ added in v1.0.0
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new SlowStart.
func (*SlowStart) DeepCopyInto ¶ added in v1.0.0
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type SourceMatch ¶ added in v0.5.0
type SourceMatch struct { // +optional // +kubebuilder:default=Exact Type *SourceMatchType `json:"type,omitempty"` // Value is the IP CIDR that represents the range of Source IP Addresses of the client. // These could also be the intermediate addresses through which the request has flown through and is part of the `X-Forwarded-For` header. // For example, `192.168.0.1/32`, `192.168.0.0/24`, `001:db8::/64`. // +kubebuilder:validation:MinLength=1 // +kubebuilder:validation:MaxLength=256 Value string `json:"value"` }
func (*SourceMatch) DeepCopy ¶ added in v0.5.0
func (in *SourceMatch) DeepCopy() *SourceMatch
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new SourceMatch.
func (*SourceMatch) DeepCopyInto ¶ added in v0.5.0
func (in *SourceMatch) DeepCopyInto(out *SourceMatch)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type SourceMatchType ¶ added in v0.5.0
type SourceMatchType string
+kubebuilder:validation:Enum=Exact;Distinct
const ( // SourceMatchExact All IP Addresses within the specified Source IP CIDR are treated as a single client selector // and share the same rate limit bucket. SourceMatchExact SourceMatchType = "Exact" // SourceMatchDistinct Each IP Address within the specified Source IP CIDR is treated as a distinct client selector // and uses a separate rate limit bucket/counter. // Note: This is only supported for Global Rate Limits. SourceMatchDistinct SourceMatchType = "Distinct" )
type StatefulTLSSessionResumption ¶ added in v1.2.0
type StatefulTLSSessionResumption struct{}
StatefulTLSSessionResumption defines the stateful (session-id based) type of TLS session resumption. Note: When Envoy Proxy is deployed with more than one replica, session caches are not synchronized between instances, possibly leading to resumption failures. Envoy does not re-validate client certificates upon session resumption. https://www.envoyproxy.io/docs/envoy/latest/api-v3/config/route/v3/route_components.proto#config-route-v3-routematch-tlscontextmatchoptions
func (*StatefulTLSSessionResumption) DeepCopy ¶ added in v1.2.0
func (in *StatefulTLSSessionResumption) DeepCopy() *StatefulTLSSessionResumption
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new StatefulTLSSessionResumption.
func (*StatefulTLSSessionResumption) DeepCopyInto ¶ added in v1.2.0
func (in *StatefulTLSSessionResumption) DeepCopyInto(out *StatefulTLSSessionResumption)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type StatelessTLSSessionResumption ¶ added in v1.2.0
type StatelessTLSSessionResumption struct{}
StatelessTLSSessionResumption defines the stateless (session-ticket based) type of TLS session resumption. Note: When Envoy Proxy is deployed with more than one replica, session ticket encryption keys are not synchronized between instances, possibly leading to resumption failures. In-memory session ticket encryption keys are rotated every 48 hours. https://www.envoyproxy.io/docs/envoy/latest/api-v3/extensions/transport_sockets/tls/v3/common.proto#extensions-transport-sockets-tls-v3-tlssessionticketkeys https://commondatastorage.googleapis.com/chromium-boringssl-docs/ssl.h.html#Session-tickets
func (*StatelessTLSSessionResumption) DeepCopy ¶ added in v1.2.0
func (in *StatelessTLSSessionResumption) DeepCopy() *StatelessTLSSessionResumption
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new StatelessTLSSessionResumption.
func (*StatelessTLSSessionResumption) DeepCopyInto ¶ added in v1.2.0
func (in *StatelessTLSSessionResumption) DeepCopyInto(out *StatelessTLSSessionResumption)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type StatusCodeMatch ¶ added in v1.2.0
type StatusCodeMatch struct { // Type is the type of value. // Valid values are Value and Range, default is Value. // // +kubebuilder:default=Value // +kubebuilder:validation:Enum=Value;Range // +unionDiscriminator Type *StatusCodeValueType `json:"type"` // Value contains the value of the status code. // // +optional Value *int `json:"value,omitempty"` // Range contains the range of status codes. // // +optional Range *StatusCodeRange `json:"range,omitempty"` }
StatusCodeMatch defines the configuration for matching a status code. +kubebuilder:validation:XValidation:message="value must be set for type Value",rule="(!has(self.type) || self.type == 'Value')? has(self.value) : true" +kubebuilder:validation:XValidation:message="range must be set for type Range",rule="(has(self.type) && self.type == 'Range')? has(self.range) : true"
func (*StatusCodeMatch) DeepCopy ¶ added in v1.2.0
func (in *StatusCodeMatch) DeepCopy() *StatusCodeMatch
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new StatusCodeMatch.
func (*StatusCodeMatch) DeepCopyInto ¶ added in v1.2.0
func (in *StatusCodeMatch) DeepCopyInto(out *StatusCodeMatch)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type StatusCodeRange ¶ added in v1.2.0
type StatusCodeRange struct { // Start of the range, including the start value. Start int `json:"start"` // End of the range, including the end value. End int `json:"end"` }
StatusCodeRange defines the configuration for define a range of status codes. +kubebuilder:validation:XValidation: message="end must be greater than start",rule="self.end > self.start"
func (*StatusCodeRange) DeepCopy ¶ added in v1.2.0
func (in *StatusCodeRange) DeepCopy() *StatusCodeRange
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new StatusCodeRange.
func (*StatusCodeRange) DeepCopyInto ¶ added in v1.2.0
func (in *StatusCodeRange) DeepCopyInto(out *StatusCodeRange)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type StatusCodeValueType ¶ added in v1.2.0
type StatusCodeValueType string
StatusCodeValueType defines the types of values for the status code match supported by Envoy Gateway. +kubebuilder:validation:Enum=Value;Range
const ( // StatusCodeValueTypeValue defines the "Value" status code match type. StatusCodeValueTypeValue StatusCodeValueType = "Value" // StatusCodeValueTypeRange defines the "Range" status code match type. StatusCodeValueTypeRange StatusCodeValueType = "Range" )
type StringMatch ¶ added in v0.6.0
type StringMatch struct { // Type specifies how to match against a string. // // +optional // +kubebuilder:default=Exact Type *StringMatchType `json:"type,omitempty"` // Value specifies the string value that the match must have. // // +kubebuilder:validation:MinLength=1 // +kubebuilder:validation:MaxLength=1024 Value string `json:"value"` }
StringMatch defines how to match any strings. This is a general purpose match condition that can be used by other EG APIs that need to match against a string.
func (*StringMatch) DeepCopy ¶ added in v0.6.0
func (in *StringMatch) DeepCopy() *StringMatch
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new StringMatch.
func (*StringMatch) DeepCopyInto ¶ added in v0.6.0
func (in *StringMatch) DeepCopyInto(out *StringMatch)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type StringMatchType ¶ added in v1.0.0
type StringMatchType string
StringMatchType specifies the semantics of how a string value should be compared. Valid MatchType values are "Exact", "Prefix", "Suffix", "RegularExpression".
+kubebuilder:validation:Enum=Exact;Prefix;Suffix;RegularExpression
const ( // StringMatchExact :the input string must match exactly the match value. StringMatchExact StringMatchType = "Exact" // StringMatchPrefix :the input string must start with the match value. StringMatchPrefix StringMatchType = "Prefix" // StringMatchSuffix :the input string must end with the match value. StringMatchSuffix StringMatchType = "Suffix" // StringMatchRegularExpression :The input string must match the regular expression // specified in the match value. // The regex string must adhere to the syntax documented in // https://github.com/google/re2/wiki/Syntax. StringMatchRegularExpression StringMatchType = "RegularExpression" )
type TCPActiveHealthChecker ¶ added in v1.0.0
type TCPActiveHealthChecker struct { // Send defines the request payload. // +optional Send *ActiveHealthCheckPayload `json:"send,omitempty" yaml:"send,omitempty"` // Receive defines the expected response payload. // +optional Receive *ActiveHealthCheckPayload `json:"receive,omitempty" yaml:"receive,omitempty"` }
TCPActiveHealthChecker defines the settings of tcp health check.
func (*TCPActiveHealthChecker) DeepCopy ¶ added in v1.0.0
func (in *TCPActiveHealthChecker) DeepCopy() *TCPActiveHealthChecker
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new TCPActiveHealthChecker.
func (*TCPActiveHealthChecker) DeepCopyInto ¶ added in v1.0.0
func (in *TCPActiveHealthChecker) DeepCopyInto(out *TCPActiveHealthChecker)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type TCPClientTimeout ¶ added in v1.1.0
type TCPClientTimeout struct { // IdleTimeout for a TCP connection. Idle time is defined as a period in which there are no // bytes sent or received on either the upstream or downstream connection. // Default: 1 hour. // // +optional IdleTimeout *gwapiv1.Duration `json:"idleTimeout,omitempty"` }
TCPClientTimeout only provides timeout configuration on the listener whose protocol is TCP or TLS.
func (*TCPClientTimeout) DeepCopy ¶ added in v1.1.0
func (in *TCPClientTimeout) DeepCopy() *TCPClientTimeout
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new TCPClientTimeout.
func (*TCPClientTimeout) DeepCopyInto ¶ added in v1.1.0
func (in *TCPClientTimeout) DeepCopyInto(out *TCPClientTimeout)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type TCPKeepalive ¶ added in v0.6.0
type TCPKeepalive struct { // The total number of unacknowledged probes to send before deciding // the connection is dead. // Defaults to 9. // // +optional Probes *uint32 `json:"probes,omitempty"` // The duration a connection needs to be idle before keep-alive // probes start being sent. // The duration format is // Defaults to `7200s`. // // +optional IdleTime *gwapiv1.Duration `json:"idleTime,omitempty"` // The duration between keep-alive probes. // Defaults to `75s`. // // +optional Interval *gwapiv1.Duration `json:"interval,omitempty"` }
TCPKeepalive define the TCP Keepalive configuration.
func (*TCPKeepalive) DeepCopy ¶ added in v0.6.0
func (in *TCPKeepalive) DeepCopy() *TCPKeepalive
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new TCPKeepalive.
func (*TCPKeepalive) DeepCopyInto ¶ added in v0.6.0
func (in *TCPKeepalive) DeepCopyInto(out *TCPKeepalive)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type TCPTimeout ¶ added in v1.0.0
type TCPTimeout struct { // The timeout for network connection establishment, including TCP and TLS handshakes. // Default: 10 seconds. // // +optional ConnectTimeout *gwapiv1.Duration `json:"connectTimeout,omitempty"` }
func (*TCPTimeout) DeepCopy ¶ added in v1.0.0
func (in *TCPTimeout) DeepCopy() *TCPTimeout
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new TCPTimeout.
func (*TCPTimeout) DeepCopyInto ¶ added in v1.0.0
func (in *TCPTimeout) DeepCopyInto(out *TCPTimeout)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type TLSSettings ¶ added in v1.0.0
type TLSSettings struct { // Min specifies the minimal TLS protocol version to allow. // The default is TLS 1.2 if this is not specified. // // +optional MinVersion *TLSVersion `json:"minVersion,omitempty"` // Max specifies the maximal TLS protocol version to allow // The default is TLS 1.3 if this is not specified. // // +optional MaxVersion *TLSVersion `json:"maxVersion,omitempty"` // Ciphers specifies the set of cipher suites supported when // negotiating TLS 1.0 - 1.2. This setting has no effect for TLS 1.3. // In non-FIPS Envoy Proxy builds the default cipher list is: // - [ECDHE-ECDSA-AES128-GCM-SHA256|ECDHE-ECDSA-CHACHA20-POLY1305] // - [ECDHE-RSA-AES128-GCM-SHA256|ECDHE-RSA-CHACHA20-POLY1305] // - ECDHE-ECDSA-AES256-GCM-SHA384 // - ECDHE-RSA-AES256-GCM-SHA384 // In builds using BoringSSL FIPS the default cipher list is: // - ECDHE-ECDSA-AES128-GCM-SHA256 // - ECDHE-RSA-AES128-GCM-SHA256 // - ECDHE-ECDSA-AES256-GCM-SHA384 // - ECDHE-RSA-AES256-GCM-SHA384 // // +optional Ciphers []string `json:"ciphers,omitempty"` // ECDHCurves specifies the set of supported ECDH curves. // In non-FIPS Envoy Proxy builds the default curves are: // - X25519 // - P-256 // In builds using BoringSSL FIPS the default curve is: // - P-256 // // +optional ECDHCurves []string `json:"ecdhCurves,omitempty"` // SignatureAlgorithms specifies which signature algorithms the listener should // support. // // +optional SignatureAlgorithms []string `json:"signatureAlgorithms,omitempty"` // ALPNProtocols supplies the list of ALPN protocols that should be // exposed by the listener. By default h2 and http/1.1 are enabled. // Supported values are: // - http/1.0 // - http/1.1 // - h2 // // +optional ALPNProtocols []ALPNProtocol `json:"alpnProtocols,omitempty"` }
+kubebuilder:validation:XValidation:rule="has(self.minVersion) && self.minVersion == '1.3' ? !has(self.ciphers) : true", message="setting ciphers has no effect if the minimum possible TLS version is 1.3" +kubebuilder:validation:XValidation:rule="has(self.minVersion) && has(self.maxVersion) ? {\"Auto\":0,\"1.0\":1,\"1.1\":2,\"1.2\":3,\"1.3\":4}[self.minVersion] <= {\"1.0\":1,\"1.1\":2,\"1.2\":3,\"1.3\":4,\"Auto\":5}[self.maxVersion] : !has(self.minVersion) && has(self.maxVersion) ? 3 <= {\"1.0\":1,\"1.1\":2,\"1.2\":3,\"1.3\":4,\"Auto\":5}[self.maxVersion] : true", message="minVersion must be smaller or equal to maxVersion"
func (*TLSSettings) DeepCopy ¶ added in v1.0.0
func (in *TLSSettings) DeepCopy() *TLSSettings
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new TLSSettings.
func (*TLSSettings) DeepCopyInto ¶ added in v1.0.0
func (in *TLSSettings) DeepCopyInto(out *TLSSettings)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type TLSVersion ¶ added in v1.0.0
type TLSVersion string
TLSVersion specifies the TLS version +kubebuilder:validation:Enum=Auto;"1.0";"1.1";"1.2";"1.3"
const ( // TLSAuto allows Envoy to choose the optimal TLS Version TLSAuto TLSVersion = "Auto" // TLS1.0 specifies TLS version 1.0 TLSv10 TLSVersion = "1.0" // TLS1.1 specifies TLS version 1.1 TLSv11 TLSVersion = "1.1" // TLSv1.2 specifies TLS version 1.2 TLSv12 TLSVersion = "1.2" // TLSv1.3 specifies TLS version 1.3 TLSv13 TLSVersion = "1.3" )
type TargetSelector ¶ added in v1.1.0
type TargetSelector struct { // Group is the group that this selector targets. Defaults to gateway.networking.k8s.io // // +kubebuilder:default:="gateway.networking.k8s.io" Group *gwapiv1a2.Group `json:"group,omitempty"` // Kind is the resource kind that this selector targets. Kind gwapiv1a2.Kind `json:"kind"` // MatchLabels are the set of label selectors for identifying the targeted resource MatchLabels map[string]string `json:"matchLabels"` }
+kubebuilder:validation:XValidation:rule="has(self.group) ? self.group == 'gateway.networking.k8s.io' : true ", message="group must be gateway.networking.k8s.io"
func (*TargetSelector) DeepCopy ¶ added in v1.1.0
func (in *TargetSelector) DeepCopy() *TargetSelector
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new TargetSelector.
func (*TargetSelector) DeepCopyInto ¶ added in v1.1.0
func (in *TargetSelector) DeepCopyInto(out *TargetSelector)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type Timeout ¶ added in v1.0.0
type Timeout struct { // Timeout settings for TCP. // // +optional TCP *TCPTimeout `json:"tcp,omitempty"` // Timeout settings for HTTP. // // +optional HTTP *HTTPTimeout `json:"http,omitempty"` }
Timeout defines configuration for timeouts related to connections.
func (*Timeout) DeepCopy ¶ added in v1.0.0
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new Timeout.
func (*Timeout) DeepCopyInto ¶ added in v1.0.0
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type TracingProvider ¶ added in v0.6.0
type TracingProvider struct { BackendCluster `json:",inline"` // Type defines the tracing provider type. // +kubebuilder:validation:Enum=OpenTelemetry;Zipkin;Datadog // +kubebuilder:default=OpenTelemetry Type TracingProviderType `json:"type"` // Host define the provider service hostname. // Deprecated: Use BackendRefs instead. // // +optional Host *string `json:"host,omitempty"` // Port defines the port the provider service is exposed on. // Deprecated: Use BackendRefs instead. // // +optional // +kubebuilder:validation:Minimum=0 // +kubebuilder:default=4317 Port int32 `json:"port,omitempty"` // Zipkin defines the Zipkin tracing provider configuration // +optional Zipkin *ZipkinTracingProvider `json:"zipkin,omitempty"` }
TracingProvider defines the tracing provider configuration.
+kubebuilder:validation:XValidation:message="host or backendRefs needs to be set",rule="has(self.host) || self.backendRefs.size() > 0" +kubebuilder:validation:XValidation:message="BackendRefs must be used, backendRef is not supported.",rule="!has(self.backendRef)" +kubebuilder:validation:XValidation:message="only supports Service kind.",rule="has(self.backendRefs) ? self.backendRefs.all(f, f.kind == 'Service') : true" +kubebuilder:validation:XValidation:message="BackendRefs only supports Core group.",rule="has(self.backendRefs) ? (self.backendRefs.all(f, f.group == \"\")) : true"
func (*TracingProvider) DeepCopy ¶ added in v0.6.0
func (in *TracingProvider) DeepCopy() *TracingProvider
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new TracingProvider.
func (*TracingProvider) DeepCopyInto ¶ added in v0.6.0
func (in *TracingProvider) DeepCopyInto(out *TracingProvider)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type TracingProviderType ¶ added in v0.6.0
type TracingProviderType string
const ( TracingProviderTypeOpenTelemetry TracingProviderType = "OpenTelemetry" TracingProviderTypeZipkin TracingProviderType = "Zipkin" TracingProviderTypeDatadog TracingProviderType = "Datadog" )
const (
RateLimitTracingProviderTypeOpenTelemetry TracingProviderType = "OpenTelemetry"
)
type TriggerEnum ¶ added in v1.0.0
type TriggerEnum string
TriggerEnum specifies the conditions that trigger retries. +kubebuilder:validation:Enum={"5xx","gateway-error","reset","connect-failure","retriable-4xx","refused-stream","retriable-status-codes","cancelled","deadline-exceeded","internal","resource-exhausted","unavailable"}
const ( // The upstream server responds with any 5xx response code, or does not respond at all (disconnect/reset/read timeout). // Includes connect-failure and refused-stream. Error5XX TriggerEnum = "5xx" // The response is a gateway error (502,503 or 504). GatewayError TriggerEnum = "gateway-error" // The upstream server does not respond at all (disconnect/reset/read timeout.) Reset TriggerEnum = "reset" // Connection failure to the upstream server (connect timeout, etc.). (Included in *5xx*) ConnectFailure TriggerEnum = "connect-failure" // The upstream server responds with a retriable 4xx response code. // Currently, the only response code in this category is 409. Retriable4XX TriggerEnum = "retriable-4xx" // The upstream server resets the stream with a REFUSED_STREAM error code. RefusedStream TriggerEnum = "refused-stream" // The upstream server responds with any response code matching one defined in the RetriableStatusCodes. RetriableStatusCodes TriggerEnum = "retriable-status-codes" // The gRPC status code in the response headers is “cancelled”. Cancelled TriggerEnum = "cancelled" // The gRPC status code in the response headers is “deadline-exceeded”. DeadlineExceeded TriggerEnum = "deadline-exceeded" // The gRPC status code in the response headers is “internal”. Internal TriggerEnum = "internal" // The gRPC status code in the response headers is “resource-exhausted”. ResourceExhausted TriggerEnum = "resource-exhausted" Unavailable TriggerEnum = "unavailable" )
type UnixSocket ¶ added in v1.1.0
type UnixSocket struct { // Path defines the unix domain socket path of the backend endpoint. Path string `json:"path"` }
UnixSocket describes TCP/UDP unix domain socket address, corresponding to Envoy's Pipe https://www.envoyproxy.io/docs/envoy/latest/api-v3/config/core/v3/address.proto#config-core-v3-pipe
func (*UnixSocket) DeepCopy ¶ added in v1.1.0
func (in *UnixSocket) DeepCopy() *UnixSocket
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new UnixSocket.
func (*UnixSocket) DeepCopyInto ¶ added in v1.1.0
func (in *UnixSocket) DeepCopyInto(out *UnixSocket)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type Wasm ¶ added in v1.1.0
type Wasm struct { // Name is a unique name for this Wasm extension. It is used to identify the // Wasm extension if multiple extensions are handled by the same vm_id and root_id. // It's also used for logging/debugging. // If not specified, EG will generate a unique name for the Wasm extension. // // +optional Name *string `json:"name,omitempty"` // RootID is a unique ID for a set of extensions in a VM which will share a // RootContext and Contexts if applicable (e.g., an Wasm HttpFilter and an Wasm AccessLog). // If left blank, all extensions with a blank root_id with the same vm_id will share Context(s). // // Note: RootID must match the root_id parameter used to register the Context in the Wasm code. RootID *string `json:"rootID,omitempty"` // Code is the Wasm code for the extension. Code WasmCodeSource `json:"code"` // Config is the configuration for the Wasm extension. // This configuration will be passed as a JSON string to the Wasm extension. // +optional Config *apiextensionsv1.JSON `json:"config,omitempty"` // FailOpen is a switch used to control the behavior when a fatal error occurs // during the initialization or the execution of the Wasm extension. // If FailOpen is set to true, the system bypasses the Wasm extension and // allows the traffic to pass through. Otherwise, if it is set to false or // not set (defaulting to false), the system blocks the traffic and returns // an HTTP 5xx error. // // +optional // +kubebuilder:default=false FailOpen *bool `json:"failOpen,omitempty"` }
Wasm defines a Wasm extension.
Note: at the moment, Envoy Gateway does not support configuring Wasm runtime. v8 is used as the VM runtime for the Wasm extensions.
func (*Wasm) DeepCopy ¶ added in v1.1.0
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new Wasm.
func (*Wasm) DeepCopyInto ¶ added in v1.1.0
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type WasmCodeSource ¶ added in v1.1.0
type WasmCodeSource struct { // Type is the type of the source of the Wasm code. // Valid WasmCodeSourceType values are "HTTP" or "Image". // // +kubebuilder:validation:Enum=HTTP;Image;ConfigMap // +unionDiscriminator Type WasmCodeSourceType `json:"type"` // HTTP is the HTTP URL containing the Wasm code. // // Note that the HTTP server must be accessible from the Envoy proxy. // +optional HTTP *HTTPWasmCodeSource `json:"http,omitempty"` // Image is the OCI image containing the Wasm code. // // Note that the image must be accessible from the Envoy Gateway. // +optional Image *ImageWasmCodeSource `json:"image,omitempty"` // PullPolicy is the policy to use when pulling the Wasm module by either the HTTP or Image source. // This field is only applicable when the SHA256 field is not set. // // If not specified, the default policy is IfNotPresent except for OCI images whose tag is latest. // // Note: EG does not update the Wasm module every time an Envoy proxy requests // the Wasm module even if the pull policy is set to Always. // It only updates the Wasm module when the EnvoyExtension resource version changes. // +optional PullPolicy *ImagePullPolicy `json:"pullPolicy,omitempty"` }
WasmCodeSource defines the source of the Wasm code. +union
+kubebuilder:validation:XValidation:rule="self.type == 'HTTP' ? has(self.http) : !has(self.http)",message="If type is HTTP, http field needs to be set." +kubebuilder:validation:XValidation:rule="self.type == 'Image' ? has(self.image) : !has(self.image)",message="If type is Image, image field needs to be set."
func (*WasmCodeSource) DeepCopy ¶ added in v1.1.0
func (in *WasmCodeSource) DeepCopy() *WasmCodeSource
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new WasmCodeSource.
func (*WasmCodeSource) DeepCopyInto ¶ added in v1.1.0
func (in *WasmCodeSource) DeepCopyInto(out *WasmCodeSource)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type WasmCodeSourceType ¶ added in v1.1.0
type WasmCodeSourceType string
WasmCodeSourceType specifies the types of sources for the Wasm code. +kubebuilder:validation:Enum=HTTP;Image
const ( // HTTPWasmCodeSourceType allows the user to specify the Wasm code in an HTTP URL. HTTPWasmCodeSourceType WasmCodeSourceType = "HTTP" // ImageWasmCodeSourceType allows the user to specify the Wasm code in an OCI image. ImageWasmCodeSourceType WasmCodeSourceType = "Image" )
type WithUnderscoresAction ¶ added in v1.1.0
type WithUnderscoresAction string
WithUnderscoresAction configures the action to take when an HTTP header with underscores is encountered. +kubebuilder:validation:Enum=Allow;RejectRequest;DropHeader
const ( // WithUnderscoresActionAllow allows headers with underscores to be passed through. WithUnderscoresActionAllow WithUnderscoresAction = "Allow" // WithUnderscoresActionRejectRequest rejects the client request. HTTP/1 requests are rejected with // the 400 status. HTTP/2 requests end with the stream reset. WithUnderscoresActionRejectRequest WithUnderscoresAction = "RejectRequest" // WithUnderscoresActionDropHeader drops the client header with name containing underscores. The header // is dropped before the filter chain is invoked and as such filters will not see // dropped headers. WithUnderscoresActionDropHeader WithUnderscoresAction = "DropHeader" )
type XDSTranslatorHook ¶ added in v0.6.0
type XDSTranslatorHook string
XDSTranslatorHook defines the types of hooks that an Envoy Gateway extension may support for the xds-translator
+kubebuilder:validation:Enum=VirtualHost;Route;HTTPListener;Translation
const ( XDSVirtualHost XDSTranslatorHook = "VirtualHost" XDSRoute XDSTranslatorHook = "Route" XDSHTTPListener XDSTranslatorHook = "HTTPListener" XDSTranslation XDSTranslatorHook = "Translation" )
type XDSTranslatorHooks ¶ added in v0.6.0
type XDSTranslatorHooks struct { Pre []XDSTranslatorHook `json:"pre,omitempty"` Post []XDSTranslatorHook `json:"post,omitempty"` }
XDSTranslatorHooks contains all the pre and post hooks for the xds-translator runner.
func (*XDSTranslatorHooks) DeepCopy ¶ added in v0.6.0
func (in *XDSTranslatorHooks) DeepCopy() *XDSTranslatorHooks
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new XDSTranslatorHooks.
func (*XDSTranslatorHooks) DeepCopyInto ¶ added in v0.6.0
func (in *XDSTranslatorHooks) DeepCopyInto(out *XDSTranslatorHooks)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type XFCCCertData ¶ added in v1.1.0
type XFCCCertData string
XFCCCertData specifies the fields in the client certificate to be forwarded in the XFCC header. +kubebuilder:validation:Enum=Subject;Cert;Chain;DNS;URI
const ( // XFCCCertDataSubject is the Subject field of the current client certificate. XFCCCertDataSubject XFCCCertData = "Subject" // XFCCCertDataCert is the entire client certificate in URL encoded PEM format. XFCCCertDataCert XFCCCertData = "Cert" // XFCCCertDataChain is the entire client certificate chain (including the leaf certificate) in URL encoded PEM format. XFCCCertDataChain XFCCCertData = "Chain" // XFCCCertDataDNS is the DNS type Subject Alternative Name field of the current client certificate. XFCCCertDataDNS XFCCCertData = "DNS" // XFCCCertDataURI is the URI type Subject Alternative Name field of the current client certificate. XFCCCertDataURI XFCCCertData = "URI" )
type XFCCForwardMode ¶ added in v1.1.0
type XFCCForwardMode string
XFCCForwardMode defines how XFCC header is handled by Envoy Proxy. +kubebuilder:validation:Enum=Sanitize;ForwardOnly;AppendForward;SanitizeSet;AlwaysForwardOnly
const ( // XFCCForwardModeSanitize removes the XFCC header from the request. This is the default mode. XFCCForwardModeSanitize XFCCForwardMode = "Sanitize" // XFCCForwardModeForwardOnly forwards the XFCC header in the request if the client connection is mTLS. XFCCForwardModeForwardOnly XFCCForwardMode = "ForwardOnly" // XFCCForwardModeAppendForward appends the client certificate information to the request’s XFCC header and forward it if the client connection is mTLS. XFCCForwardModeAppendForward XFCCForwardMode = "AppendForward" // XFCCForwardModeSanitizeSet resets the XFCC header with the client certificate information and forward it if the client connection is mTLS. // The existing certificate information in the XFCC header is removed. XFCCForwardModeSanitizeSet XFCCForwardMode = "SanitizeSet" // XFCCForwardModeAlwaysForwardOnly always forwards the XFCC header in the request, regardless of whether the client connection is mTLS. XFCCForwardModeAlwaysForwardOnly XFCCForwardMode = "AlwaysForwardOnly" )
type XForwardedClientCert ¶ added in v1.1.0
type XForwardedClientCert struct { // Mode defines how XFCC header is handled by Envoy Proxy. // If not set, the default mode is `Sanitize`. // +optional Mode *XFCCForwardMode `json:"mode,omitempty"` // CertDetailsToAdd specifies the fields in the client certificate to be forwarded in the XFCC header. // // Hash(the SHA 256 digest of the current client certificate) and By(the Subject Alternative Name) // are always included if the client certificate is forwarded. // // This field is only applicable when the mode is set to `AppendForward` or // `SanitizeSet` and the client connection is mTLS. // +kubebuilder:validation:MaxItems=5 // +optional CertDetailsToAdd []XFCCCertData `json:"certDetailsToAdd,omitempty"` }
XForwardedClientCert configures how Envoy Proxy handle the x-forwarded-client-cert (XFCC) HTTP header. +kubebuilder:validation:XValidation:rule="(has(self.certDetailsToAdd) && self.certDetailsToAdd.size() > 0) ? (self.mode == 'AppendForward' || self.mode == 'SanitizeSet') : true",message="certDetailsToAdd can only be set when mode is AppendForward or SanitizeSet"
func (*XForwardedClientCert) DeepCopy ¶ added in v1.1.0
func (in *XForwardedClientCert) DeepCopy() *XForwardedClientCert
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new XForwardedClientCert.
func (*XForwardedClientCert) DeepCopyInto ¶ added in v1.1.0
func (in *XForwardedClientCert) DeepCopyInto(out *XForwardedClientCert)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type XForwardedForSettings ¶ added in v1.0.0
type XForwardedForSettings struct { // NumTrustedHops controls the number of additional ingress proxy hops from the right side of XFF HTTP // headers to trust when determining the origin client's IP address. // Refer to https://www.envoyproxy.io/docs/envoy/latest/configuration/http/http_conn_man/headers#x-forwarded-for // for more details. // // +optional NumTrustedHops *uint32 `json:"numTrustedHops,omitempty"` }
XForwardedForSettings provides configuration for using X-Forwarded-For headers for determining the client IP address.
func (*XForwardedForSettings) DeepCopy ¶ added in v1.0.0
func (in *XForwardedForSettings) DeepCopy() *XForwardedForSettings
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new XForwardedForSettings.
func (*XForwardedForSettings) DeepCopyInto ¶ added in v1.0.0
func (in *XForwardedForSettings) DeepCopyInto(out *XForwardedForSettings)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type ZipkinTracingProvider ¶ added in v1.1.0
type ZipkinTracingProvider struct { // Enable128BitTraceID determines whether a 128bit trace id will be used // when creating a new trace instance. If set to false, a 64bit trace // id will be used. // +optional Enable128BitTraceID *bool `json:"enable128BitTraceId,omitempty"` // client and server spans sharing the same span context should be disabled. // +optional DisableSharedSpanContext *bool `json:"disableSharedSpanContext,omitempty"` }
ZipkinTracingProvider defines the Zipkin tracing provider configuration.
func (*ZipkinTracingProvider) DeepCopy ¶ added in v1.1.0
func (in *ZipkinTracingProvider) DeepCopy() *ZipkinTracingProvider
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ZipkinTracingProvider.
func (*ZipkinTracingProvider) DeepCopyInto ¶ added in v1.1.0
func (in *ZipkinTracingProvider) DeepCopyInto(out *ZipkinTracingProvider)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
Source Files ¶
- accesslogging_types.go
- authorization_types.go
- backend_types.go
- backendtrafficpolicy_types.go
- basic_auth_types.go
- circuitbreaker_types.go
- clienttrafficpolicy_types.go
- compression_types.go
- connection_types.go
- cors_types.go
- dns_types.go
- doc.go
- envoyextensionypolicy_types.go
- envoygateway_helpers.go
- envoygateway_metrics_types.go
- envoygateway_types.go
- envoypatchpolicy_types.go
- envoyproxy_helpers.go
- envoyproxy_metric_types.go
- envoyproxy_types.go
- ext_auth_types.go
- ext_proc_types.go
- fault_injection.go
- groupversion_info.go
- healthcheck_types.go
- httproutefilter_types.go
- jwt_types.go
- keepalive_types.go
- kubernetes_helpers.go
- loadbalancer_types.go
- oidc_types.go
- pathsettings_types.go
- policy_helpers.go
- proxyprotocol_types.go
- ratelimit_types.go
- retry_types.go
- securitypolicy_types.go
- share_types_helper.go
- shared_types.go
- timeout_types.go
- tls_types.go
- tracing_types.go
- wasm_types.go
- zz_generated.deepcopy.go