v1alpha1

package
v1.2.3 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Dec 2, 2024 License: Apache-2.0 Imports: 20 Imported by: 15

Documentation

Overview

Package v1alpha1 contains API schema definitions for the gateway.envoyproxy.io API group.

+kubebuilder:object:generate=true +groupName=gateway.envoyproxy.io

Index

Constants

View Source
const (
	// BackendConditionAccepted indicates whether the backend has been accepted or
	// rejected by a targeted resource, and why.
	//
	// Possible reasons for this condition to be True are:
	//
	// * "Accepted"
	//
	// Possible reasons for this condition to be False are:
	//
	// * "Invalid"
	//
	BackendConditionAccepted BackendConditionType = "Accepted"

	// BackendReasonAccepted is used with the "Accepted" condition when the backend
	// has been accepted by the targeted resource.
	BackendReasonAccepted BackendConditionReason = "Accepted"

	// BackendReasonInvalid is used with the "Accepted" condition when the backend
	// is syntactically or semantically invalid.
	BackendReasonInvalid BackendConditionReason = "Invalid"
)
View Source
const (
	// PolicyConditionOverridden indicates whether the policy has
	// completely attached to all the sections within the target or not.
	//
	// Possible reasons for this condition to be True are:
	//
	// * "Overridden"
	//
	PolicyConditionOverridden gwapiv1a2.PolicyConditionType = "Overridden"

	// PolicyReasonOverridden is used with the "Overridden" condition when the policy
	// has been overridden by another policy targeting a section within the same target.
	PolicyReasonOverridden gwapiv1a2.PolicyConditionReason = "Overridden"
)
View Source
const (
	// KindEnvoyGateway is the name of the EnvoyGateway kind.
	KindEnvoyGateway = "EnvoyGateway"
	// GatewayControllerName is the name of the GatewayClass controller.
	GatewayControllerName = "gateway.envoyproxy.io/gatewayclass-controller"
	// GatewayAdminPort is the port which envoy gateway admin server is listening on.
	GatewayAdminPort = 19000
	// GatewayAdminHost is the host of envoy gateway admin server.
	GatewayAdminHost = "127.0.0.1"
	// GatewayMetricsPort is the port which envoy gateway metrics server is listening on.
	GatewayMetricsPort = 19001
	// GatewayMetricsHost is the host of envoy gateway metrics server.
	GatewayMetricsHost = "0.0.0.0"
)
View Source
const (
	// KubernetesWatchModeTypeNamespaces indicates that the namespace watch mode is used.
	KubernetesWatchModeTypeNamespaces = "Namespaces"

	// KubernetesWatchModeTypeNamespaceSelector indicates that namespaceSelector watch
	// mode is used.
	KubernetesWatchModeTypeNamespaceSelector = "NamespaceSelector"
)
View Source
const (
	// PolicyConditionProgrammed indicates whether the policy has been translated
	// and ready to be programmed into the data plane.
	//
	// Possible reasons for this condition to be True are:
	//
	// * "Programmed"
	//
	// Possible reasons for this condition to be False are:
	//
	// * "Invalid"
	// * "ResourceNotFound"
	//
	PolicyConditionProgrammed gwapiv1a2.PolicyConditionType = "Programmed"

	// PolicyReasonProgrammed is used with the "Programmed" condition when the policy
	// is ready to be programmed into the data plane.
	PolicyReasonProgrammed gwapiv1a2.PolicyConditionReason = "Programmed"

	// PolicyReasonInvalid is used with the "Programmed" condition when the patch
	// is syntactically or semantically invalid.
	PolicyReasonInvalid gwapiv1a2.PolicyConditionReason = "Invalid"

	// PolicyReasonResourceNotFound is used with the "Programmed" condition when the
	// policy cannot find the resource type to patch to.
	PolicyReasonResourceNotFound gwapiv1a2.PolicyConditionReason = "ResourceNotFound"

	// PolicyReasonDisabled is used with the "Accepted" condition when the policy
	// feature is disabled by the configuration.
	PolicyReasonDisabled gwapiv1a2.PolicyConditionReason = "Disabled"
)
View Source
const (
	// DefaultDeploymentReplicas is the default number of deployment replicas.
	DefaultDeploymentReplicas = 1
	// DefaultDeploymentCPUResourceRequests for deployment cpu resource
	DefaultDeploymentCPUResourceRequests = "100m"
	// DefaultDeploymentMemoryResourceRequests for deployment memory resource
	DefaultDeploymentMemoryResourceRequests = "512Mi"
	// DefaultEnvoyProxyImage is the default image used by envoyproxy
	DefaultEnvoyProxyImage = "envoyproxy/envoy:distroless-v1.32.1"
	// DefaultShutdownManagerCPUResourceRequests for shutdown manager cpu resource
	DefaultShutdownManagerCPUResourceRequests = "10m"
	// DefaultShutdownManagerMemoryResourceRequests for shutdown manager memory resource
	DefaultShutdownManagerMemoryResourceRequests = "32Mi"
	// DefaultShutdownManagerImage is the default image used for the shutdown manager.
	DefaultShutdownManagerImage = "docker.io/envoyproxy/gateway-dev:latest"
	// DefaultRateLimitImage is the default image used by ratelimit.
	DefaultRateLimitImage = "docker.io/envoyproxy/ratelimit:49af5cca"
	// HTTPProtocol is the common-used http protocol.
	HTTPProtocol = "http"
	// GRPCProtocol is the common-used grpc protocol.
	GRPCProtocol = "grpc"
)
View Source
const BasicAuthUsersSecretKey = ".htpasswd"
View Source
const GroupName = "gateway.envoyproxy.io"
View Source
const (
	// KindBackend is the name of the Backend kind.
	KindBackend = "Backend"
)
View Source
const (
	// KindBackendTrafficPolicy is the name of the BackendTrafficPolicy kind.
	KindBackendTrafficPolicy = "BackendTrafficPolicy"
)
View Source
const (
	// KindClientTrafficPolicy is the name of the ClientTrafficPolicy kind.
	KindClientTrafficPolicy = "ClientTrafficPolicy"
)
View Source
const (
	// KindEnvoyExtensionPolicy is the name of the EnvoyExtensionPolicy kind.
	KindEnvoyExtensionPolicy = "EnvoyExtensionPolicy"
)
View Source
const (
	// KindEnvoyPatchPolicy is the name of the EnvoyPatchPolicy kind.
	KindEnvoyPatchPolicy = "EnvoyPatchPolicy"
)
View Source
const (
	// KindEnvoyProxy is the name of the EnvoyProxy kind.
	KindEnvoyProxy = "EnvoyProxy"
)
View Source
const (
	// KindHTTPRouteFilter is the name of the HTTPRouteFilter kind.
	KindHTTPRouteFilter = "HTTPRouteFilter"
)
View Source
const (
	// KindSecurityPolicy is the name of the SecurityPolicy kind.
	KindSecurityPolicy = "SecurityPolicy"
)
View Source
const OIDCClientSecretKey = "client-secret"

Variables

View Source
var (

	// GroupVersion is group version used to register these objects
	GroupVersion = schema.GroupVersion{Group: GroupName, Version: "v1alpha1"}

	// SchemeBuilder is used to add go types to the GroupVersionKind scheme
	SchemeBuilder = &scheme.Builder{GroupVersion: GroupVersion}

	// AddToScheme adds the types in this group-version to the given scheme.
	AddToScheme = SchemeBuilder.AddToScheme
)

Functions

func DefaultEnvoyProxyHpaMetrics added in v1.0.0

func DefaultEnvoyProxyHpaMetrics() []autoscalingv2.MetricSpec

func DefaultKubernetesContainerImage added in v0.6.0

func DefaultKubernetesContainerImage(image string) *string

DefaultKubernetesContainerImage returns the default envoyproxy image.

func DefaultKubernetesDaemonSetStrategy added in v1.1.0

func DefaultKubernetesDaemonSetStrategy() *appsv1.DaemonSetUpdateStrategy

DefaultKubernetesDaemonSetStrategy returns the default daemonset strategy settings.

func DefaultKubernetesDeploymentStrategy added in v0.6.0

func DefaultKubernetesDeploymentStrategy() *appsv1.DeploymentStrategy

DefaultKubernetesDeploymentStrategy returns the default deployment strategy settings.

func DefaultResourceRequirements added in v0.6.0

func DefaultResourceRequirements() *corev1.ResourceRequirements

DefaultResourceRequirements returns a new ResourceRequirements with default settings.

func DefaultShutdownManagerContainerResourceRequirements added in v1.0.0

func DefaultShutdownManagerContainerResourceRequirements() *corev1.ResourceRequirements

DefaultShutdownManagerContainerResourceRequirements returns a new ResourceRequirements with default settings.

func ToBackendObjectReference added in v1.1.0

func ToBackendObjectReference(ref BackendRef) *gwapiv1.BackendObjectReference

Types

type ALPNProtocol added in v1.0.0

type ALPNProtocol string

ALPNProtocol specifies the protocol to be negotiated using ALPN +kubebuilder:validation:Enum=http/1.0;http/1.1;h2

const (
	// HTTPProtocolVersion1_0 specifies that HTTP/1.0 should be negotiable with ALPN
	HTTPProtocolVersion1_0 ALPNProtocol = "http/1.0"
	// HTTPProtocolVersion1_1 specifies that HTTP/1.1 should be negotiable with ALPN
	HTTPProtocolVersion1_1 ALPNProtocol = "http/1.1"
	// HTTPProtocolVersion2 specifies that HTTP/2 should be negotiable with ALPN
	HTTPProtocolVersion2 ALPNProtocol = "h2"
)

When adding ALPN constants, they must be values that are defined in the IANA registry for ALPN identification sequences https://www.iana.org/assignments/tls-extensiontype-values/tls-extensiontype-values.xhtml#alpn-protocol-ids

type ALSEnvoyProxyAccessLog added in v1.1.0

type ALSEnvoyProxyAccessLog struct {
	BackendCluster `json:",inline"`

	// LogName defines the friendly name of the access log to be returned in
	// StreamAccessLogsMessage.Identifier. This allows the access log server
	// to differentiate between different access logs coming from the same Envoy.
	// +optional
	// +kubebuilder:validation:MinLength=1
	LogName *string `json:"logName,omitempty"`
	// Type defines the type of accesslog. Supported types are "HTTP" and "TCP".
	// +kubebuilder:validation:Enum=HTTP;TCP
	Type ALSEnvoyProxyAccessLogType `json:"type"`
	// HTTP defines additional configuration specific to HTTP access logs.
	// +optional
	HTTP *ALSEnvoyProxyHTTPAccessLogConfig `json:"http,omitempty"`
}

ALSEnvoyProxyAccessLog defines the gRPC Access Log Service (ALS) sink. The service must implement the Envoy gRPC Access Log Service streaming API: https://www.envoyproxy.io/docs/envoy/latest/api-v3/service/accesslog/v3/als.proto Access log format information is passed in the form of gRPC metadata when the stream is established. Specifically, the following metadata is passed:

- `x-accesslog-text` - The access log format string when a Text format is used. - `x-accesslog-attr` - JSON encoded key/value pairs when a JSON format is used.

+kubebuilder:validation:XValidation:rule="self.type == 'HTTP' || !has(self.http)",message="The http field may only be set when type is HTTP." +kubebuilder:validation:XValidation:message="BackendRefs must be used, backendRef is not supported.",rule="!has(self.backendRef)" +kubebuilder:validation:XValidation:message="must have at least one backend in backendRefs",rule="has(self.backendRefs) && self.backendRefs.size() > 0" +kubebuilder:validation:XValidation:message="BackendRefs only supports Service kind.",rule="has(self.backendRefs) ? self.backendRefs.all(f, f.kind == 'Service') : true" +kubebuilder:validation:XValidation:message="BackendRefs only supports Core group.",rule="has(self.backendRefs) ? (self.backendRefs.all(f, f.group == \"\")) : true"

func (*ALSEnvoyProxyAccessLog) DeepCopy added in v1.1.0

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ALSEnvoyProxyAccessLog.

func (*ALSEnvoyProxyAccessLog) DeepCopyInto added in v1.1.0

func (in *ALSEnvoyProxyAccessLog) DeepCopyInto(out *ALSEnvoyProxyAccessLog)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type ALSEnvoyProxyAccessLogType added in v1.1.0

type ALSEnvoyProxyAccessLogType string
const (
	// ALSEnvoyProxyAccessLogTypeHTTP defines the HTTP access log type and will populate StreamAccessLogsMessage.http_logs.
	ALSEnvoyProxyAccessLogTypeHTTP ALSEnvoyProxyAccessLogType = "HTTP"
	// ALSEnvoyProxyAccessLogTypeTCP defines the TCP access log type and will populate StreamAccessLogsMessage.tcp_logs.
	ALSEnvoyProxyAccessLogTypeTCP ALSEnvoyProxyAccessLogType = "TCP"
)

type ALSEnvoyProxyHTTPAccessLogConfig added in v1.1.0

type ALSEnvoyProxyHTTPAccessLogConfig struct {
	// RequestHeaders defines request headers to include in log entries sent to the access log service.
	// +optional
	RequestHeaders []string `json:"requestHeaders,omitempty"`
	// ResponseHeaders defines response headers to include in log entries sent to the access log service.
	// +optional
	ResponseHeaders []string `json:"responseHeaders,omitempty"`
	// ResponseTrailers defines response trailers to include in log entries sent to the access log service.
	// +optional
	ResponseTrailers []string `json:"responseTrailers,omitempty"`
}

func (*ALSEnvoyProxyHTTPAccessLogConfig) DeepCopy added in v1.1.0

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ALSEnvoyProxyHTTPAccessLogConfig.

func (*ALSEnvoyProxyHTTPAccessLogConfig) DeepCopyInto added in v1.1.0

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type ActiveHealthCheck added in v1.0.0

type ActiveHealthCheck struct {
	// Timeout defines the time to wait for a health check response.
	//
	// +kubebuilder:validation:Format=duration
	// +kubebuilder:default="1s"
	// +optional
	Timeout *metav1.Duration `json:"timeout"`

	// Interval defines the time between active health checks.
	//
	// +kubebuilder:validation:Format=duration
	// +kubebuilder:default="3s"
	// +optional
	Interval *metav1.Duration `json:"interval"`

	// UnhealthyThreshold defines the number of unhealthy health checks required before a backend host is marked unhealthy.
	//
	// +kubebuilder:validation:Minimum=1
	// +kubebuilder:default=3
	// +optional
	UnhealthyThreshold *uint32 `json:"unhealthyThreshold"`

	// HealthyThreshold defines the number of healthy health checks required before a backend host is marked healthy.
	//
	// +kubebuilder:validation:Minimum=1
	// +kubebuilder:default=1
	// +optional
	HealthyThreshold *uint32 `json:"healthyThreshold"`

	// Type defines the type of health checker.
	// +kubebuilder:validation:Enum=HTTP;TCP;GRPC
	// +unionDiscriminator
	Type ActiveHealthCheckerType `json:"type" yaml:"type"`

	// HTTP defines the configuration of http health checker.
	// It's required while the health checker type is HTTP.
	// +optional
	HTTP *HTTPActiveHealthChecker `json:"http,omitempty" yaml:"http,omitempty"`

	// TCP defines the configuration of tcp health checker.
	// It's required while the health checker type is TCP.
	// +optional
	TCP *TCPActiveHealthChecker `json:"tcp,omitempty" yaml:"tcp,omitempty"`

	// GRPC defines the configuration of the GRPC health checker.
	// It's optional, and can only be used if the specified type is GRPC.
	// +optional
	GRPC *GRPCActiveHealthChecker `json:"grpc,omitempty" yaml:"grpc,omitempty"`
}

ActiveHealthCheck defines the active health check configuration. EG supports various types of active health checking including HTTP, TCP. +union

+kubebuilder:validation:XValidation:rule="self.type == 'HTTP' ? has(self.http) : !has(self.http)",message="If Health Checker type is HTTP, http field needs to be set." +kubebuilder:validation:XValidation:rule="self.type == 'TCP' ? has(self.tcp) : !has(self.tcp)",message="If Health Checker type is TCP, tcp field needs to be set." +kubebuilder:validation:XValidation:rule="has(self.grpc) ? self.type == 'GRPC' : true", message="The grpc field can only be set if the Health Checker type is GRPC."

func (*ActiveHealthCheck) DeepCopy added in v1.0.0

func (in *ActiveHealthCheck) DeepCopy() *ActiveHealthCheck

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ActiveHealthCheck.

func (*ActiveHealthCheck) DeepCopyInto added in v1.0.0

func (in *ActiveHealthCheck) DeepCopyInto(out *ActiveHealthCheck)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type ActiveHealthCheckPayload added in v1.0.0

type ActiveHealthCheckPayload struct {
	// Type defines the type of the payload.
	// +kubebuilder:validation:Enum=Text;Binary
	// +unionDiscriminator
	Type ActiveHealthCheckPayloadType `json:"type" yaml:"type"`
	// Text payload in plain text.
	// +optional
	Text *string `json:"text,omitempty" yaml:"text,omitempty"`
	// Binary payload base64 encoded.
	// +optional
	Binary []byte `json:"binary,omitempty" yaml:"binary,omitempty"`
}

ActiveHealthCheckPayload defines the encoding of the payload bytes in the payload. +union +kubebuilder:validation:XValidation:rule="self.type == 'Text' ? has(self.text) : !has(self.text)",message="If payload type is Text, text field needs to be set." +kubebuilder:validation:XValidation:rule="self.type == 'Binary' ? has(self.binary) : !has(self.binary)",message="If payload type is Binary, binary field needs to be set."

func (*ActiveHealthCheckPayload) DeepCopy added in v1.0.0

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ActiveHealthCheckPayload.

func (*ActiveHealthCheckPayload) DeepCopyInto added in v1.0.0

func (in *ActiveHealthCheckPayload) DeepCopyInto(out *ActiveHealthCheckPayload)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type ActiveHealthCheckPayloadType added in v1.0.0

type ActiveHealthCheckPayloadType string

ActiveHealthCheckPayloadType is the type of the payload. +kubebuilder:validation:Enum=Text;Binary

const (
	// ActiveHealthCheckPayloadTypeText defines the Text type payload.
	ActiveHealthCheckPayloadTypeText ActiveHealthCheckPayloadType = "Text"
	// ActiveHealthCheckPayloadTypeBinary defines the Binary type payload.
	ActiveHealthCheckPayloadTypeBinary ActiveHealthCheckPayloadType = "Binary"
)

type ActiveHealthCheckerType added in v1.0.0

type ActiveHealthCheckerType string

ActiveHealthCheckerType is the type of health checker. +kubebuilder:validation:Enum=HTTP;TCP;GRPC

const (
	// ActiveHealthCheckerTypeHTTP defines the HTTP type of health checking.
	ActiveHealthCheckerTypeHTTP ActiveHealthCheckerType = "HTTP"
	// ActiveHealthCheckerTypeTCP defines the TCP type of health checking.
	ActiveHealthCheckerTypeTCP ActiveHealthCheckerType = "TCP"
	// ActiveHealthCheckerTypeGRPC defines the GRPC type of health checking.
	ActiveHealthCheckerTypeGRPC ActiveHealthCheckerType = "GRPC"
)

type AppProtocolType added in v1.1.0

type AppProtocolType string

AppProtocolType defines various backend applications protocols supported by Envoy Gateway

+kubebuilder:validation:Enum=gateway.envoyproxy.io/h2c;gateway.envoyproxy.io/ws;gateway.envoyproxy.io/wss

const (
	// AppProtocolTypeH2C defines the HTTP/2 application protocol.
	AppProtocolTypeH2C AppProtocolType = "gateway.envoyproxy.io/h2c"
	// AppProtocolTypeWS defines the WebSocket over HTTP protocol.
	AppProtocolTypeWS AppProtocolType = "gateway.envoyproxy.io/ws"
	// AppProtocolTypeWSS defines the WebSocket over HTTPS protocol.
	AppProtocolTypeWSS AppProtocolType = "gateway.envoyproxy.io/wss"
)

type Authorization added in v1.1.0

type Authorization struct {
	// Rules defines a list of authorization rules.
	// These rules are evaluated in order, the first matching rule will be applied,
	// and the rest will be skipped.
	//
	// For example, if there are two rules: the first rule allows the request
	// and the second rule denies it, when a request matches both rules, it will be allowed.
	//
	// +optional
	Rules []AuthorizationRule `json:"rules,omitempty"`

	// DefaultAction defines the default action to be taken if no rules match.
	// If not specified, the default action is Deny.
	// +optional
	DefaultAction *AuthorizationAction `json:"defaultAction"`
}

Authorization defines the authorization configuration.

Note: if neither `Rules` nor `DefaultAction` is specified, the default action is to deny all requests.

func (*Authorization) DeepCopy added in v1.1.0

func (in *Authorization) DeepCopy() *Authorization

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new Authorization.

func (*Authorization) DeepCopyInto added in v1.1.0

func (in *Authorization) DeepCopyInto(out *Authorization)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type AuthorizationAction added in v1.1.0

type AuthorizationAction string

AuthorizationAction defines the action to be taken if a rule matches. +kubebuilder:validation:Enum=Allow;Deny

const (
	// AuthorizationActionAllow is the action to allow the request.
	AuthorizationActionAllow AuthorizationAction = "Allow"
	// AuthorizationActionDeny is the action to deny the request.
	AuthorizationActionDeny AuthorizationAction = "Deny"
)

type AuthorizationRule added in v1.1.0

type AuthorizationRule struct {
	// Name is a user-friendly name for the rule.
	// If not specified, Envoy Gateway will generate a unique name for the rule.
	//
	// +optional
	// +kubebuilder:validation:MinLength=1
	// +kubebuilder:validation:MaxLength=253
	Name *string `json:"name,omitempty"`

	// Action defines the action to be taken if the rule matches.
	Action AuthorizationAction `json:"action"`

	// Principal specifies the client identity of a request.
	// If there are multiple principal types, all principals must match for the rule to match.
	// For example, if there are two principals: one for client IP and one for JWT claim,
	// the rule will match only if both the client IP and the JWT claim match.
	Principal Principal `json:"principal"`
}

AuthorizationRule defines a single authorization rule.

func (*AuthorizationRule) DeepCopy added in v1.1.0

func (in *AuthorizationRule) DeepCopy() *AuthorizationRule

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new AuthorizationRule.

func (*AuthorizationRule) DeepCopyInto added in v1.1.0

func (in *AuthorizationRule) DeepCopyInto(out *AuthorizationRule)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type BackOffPolicy added in v1.0.0

type BackOffPolicy struct {
	// BaseInterval is the base interval between retries.
	//
	// +kubebuilder:validation:Format=duration
	BaseInterval *metav1.Duration `json:"baseInterval,omitempty"`
	// MaxInterval is the maximum interval between retries. This parameter is optional, but must be greater than or equal to the base_interval if set.
	// The default is 10 times the base_interval
	//
	// +optional
	// +kubebuilder:validation:Format=duration
	MaxInterval *metav1.Duration `json:"maxInterval,omitempty"`
}

func (*BackOffPolicy) DeepCopy added in v1.0.0

func (in *BackOffPolicy) DeepCopy() *BackOffPolicy

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new BackOffPolicy.

func (*BackOffPolicy) DeepCopyInto added in v1.0.0

func (in *BackOffPolicy) DeepCopyInto(out *BackOffPolicy)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type Backend added in v1.1.0

type Backend struct {
	metav1.TypeMeta   `json:",inline"`
	metav1.ObjectMeta `json:"metadata,omitempty"`

	// Spec defines the desired state of Backend.
	Spec BackendSpec `json:"spec"`

	// Status defines the current status of Backend.
	Status BackendStatus `json:"status,omitempty"`
}

Backend allows the user to configure the endpoints of a backend and the behavior of the connection from Envoy Proxy to the backend.

+kubebuilder:object:root=true +kubebuilder:resource:categories=envoy-gateway,shortName=be +kubebuilder:subresource:status +kubebuilder:printcolumn:name="Status",type=string,JSONPath=`.status.conditions[?(@.type=="Accepted")].reason` +kubebuilder:printcolumn:name="Age",type=date,JSONPath=`.metadata.creationTimestamp`

func (*Backend) DeepCopy added in v1.1.0

func (in *Backend) DeepCopy() *Backend

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new Backend.

func (*Backend) DeepCopyInto added in v1.1.0

func (in *Backend) DeepCopyInto(out *Backend)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

func (*Backend) DeepCopyObject added in v1.1.0

func (in *Backend) DeepCopyObject() runtime.Object

DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.

type BackendCluster added in v1.2.0

type BackendCluster struct {
	// BackendRef references a Kubernetes object that represents the
	// backend server to which the authorization request will be sent.
	//
	// Deprecated: Use BackendRefs instead.
	// +optional
	BackendRef *gwapiv1.BackendObjectReference `json:"backendRef,omitempty"`

	// BackendRefs references a Kubernetes object that represents the
	// backend server to which the authorization request will be sent.
	//
	// +kubebuilder:validation:MaxItems=16
	// +optional
	BackendRefs []BackendRef `json:"backendRefs,omitempty"`

	// BackendSettings holds configuration for managing the connection
	// to the backend.
	//
	// +optional
	BackendSettings *ClusterSettings `json:"backendSettings,omitempty"`
}

BackendCluster contains all the configuration required for configuring access to a backend. This can include multiple endpoints, and settings that apply for managing the connection to all these endpoints.

func (*BackendCluster) DeepCopy added in v1.2.0

func (in *BackendCluster) DeepCopy() *BackendCluster

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new BackendCluster.

func (*BackendCluster) DeepCopyInto added in v1.2.0

func (in *BackendCluster) DeepCopyInto(out *BackendCluster)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type BackendConditionReason added in v1.1.0

type BackendConditionReason string

BackendConditionReason is a reason for a backend condition.

type BackendConditionType added in v1.1.0

type BackendConditionType string

BackendConditionType is a type of condition for a backend. This type should be used with a Backend resource Status.Conditions field.

type BackendConnection added in v1.1.0

type BackendConnection struct {
	// BufferLimit Soft limit on size of the cluster’s connections read and write buffers.
	// BufferLimit applies to connection streaming (maybe non-streaming) channel between processes, it's in user space.
	// If unspecified, an implementation defined default is applied (32768 bytes).
	// For example, 20Mi, 1Gi, 256Ki etc.
	// Note: that when the suffix is not provided, the value is interpreted as bytes.
	//
	// +kubebuilder:validation:XIntOrString
	// +kubebuilder:validation:Pattern="^[1-9]+[0-9]*([EPTGMK]i|[EPTGMk])?$"
	// +optional
	BufferLimit *resource.Quantity `json:"bufferLimit,omitempty"`
	// SocketBufferLimit provides configuration for the maximum buffer size in bytes for each socket
	// to backend.
	// SocketBufferLimit applies to socket streaming channel between TCP/IP stacks, it's in kernel space.
	// For example, 20Mi, 1Gi, 256Ki etc.
	// Note that when the suffix is not provided, the value is interpreted as bytes.
	//
	// +kubebuilder:validation:XIntOrString
	// +kubebuilder:validation:Pattern="^[1-9]+[0-9]*([EPTGMK]i|[EPTGMk])?$"
	// +optional
	// +notImplementedHide
	SocketBufferLimit *resource.Quantity `json:"socketBufferLimit,omitempty"`
}

BackendConnection allows users to configure connection-level settings of backend

func (*BackendConnection) DeepCopy added in v1.1.0

func (in *BackendConnection) DeepCopy() *BackendConnection

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new BackendConnection.

func (*BackendConnection) DeepCopyInto added in v1.1.0

func (in *BackendConnection) DeepCopyInto(out *BackendConnection)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type BackendEndpoint added in v1.1.0

type BackendEndpoint struct {
	// FQDN defines a FQDN endpoint
	//
	// +optional
	FQDN *FQDNEndpoint `json:"fqdn,omitempty"`

	// IP defines an IP endpoint. Supports both IPv4 and IPv6 addresses.
	//
	// +optional
	IP *IPEndpoint `json:"ip,omitempty"`

	// Unix defines the unix domain socket endpoint
	//
	// +optional
	Unix *UnixSocket `json:"unix,omitempty"`
}

BackendEndpoint describes a backend endpoint, which can be either a fully-qualified domain name, IP address or unix domain socket corresponding to Envoy's Address: https://www.envoyproxy.io/docs/envoy/latest/api-v3/config/core/v3/address.proto#config-core-v3-address

+kubebuilder:validation:XValidation:rule="(has(self.fqdn) || has(self.ip) || has(self.unix))",message="one of fqdn, ip or unix must be specified" +kubebuilder:validation:XValidation:rule="((has(self.fqdn) && !(has(self.ip) || has(self.unix))) || (has(self.ip) && !(has(self.fqdn) || has(self.unix))) || (has(self.unix) && !(has(self.ip) || has(self.fqdn))))",message="only one of fqdn, ip or unix can be specified"

func (*BackendEndpoint) DeepCopy added in v1.1.0

func (in *BackendEndpoint) DeepCopy() *BackendEndpoint

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new BackendEndpoint.

func (*BackendEndpoint) DeepCopyInto added in v1.1.0

func (in *BackendEndpoint) DeepCopyInto(out *BackendEndpoint)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type BackendList added in v1.1.0

type BackendList struct {
	metav1.TypeMeta `json:",inline"`
	metav1.ListMeta `json:"metadata,omitempty"`
	Items           []Backend `json:"items"`
}

BackendList contains a list of Backend resources.

+kubebuilder:object:root=true

func (*BackendList) DeepCopy added in v1.1.0

func (in *BackendList) DeepCopy() *BackendList

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new BackendList.

func (*BackendList) DeepCopyInto added in v1.1.0

func (in *BackendList) DeepCopyInto(out *BackendList)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

func (*BackendList) DeepCopyObject added in v1.1.0

func (in *BackendList) DeepCopyObject() runtime.Object

DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.

type BackendRef added in v1.1.0

type BackendRef struct {
	// BackendObjectReference references a Kubernetes object that represents the backend.
	// Only Service kind is supported for now.
	gwapiv1.BackendObjectReference `json:",inline"`
	// Fallback indicates whether the backend is designated as a fallback.
	// Multiple fallback backends can be configured.
	// It is highly recommended to configure active or passive health checks to ensure that failover can be detected
	// when the active backends become unhealthy and to automatically readjust once the primary backends are healthy again.
	// The overprovisioning factor is set to 1.4, meaning the fallback backends will only start receiving traffic when
	// the health of the active backends falls below 72%.
	//
	// +optional
	Fallback *bool `json:"fallback,omitempty"`
}

BackendRef defines how an ObjectReference that is specific to BackendRef.

func (*BackendRef) DeepCopy added in v1.1.0

func (in *BackendRef) DeepCopy() *BackendRef

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new BackendRef.

func (*BackendRef) DeepCopyInto added in v1.1.0

func (in *BackendRef) DeepCopyInto(out *BackendRef)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type BackendSpec added in v1.1.0

type BackendSpec struct {
	// Endpoints defines the endpoints to be used when connecting to the backend.
	//
	// +kubebuilder:validation:MinItems=1
	// +kubebuilder:validation:MaxItems=4
	// +kubebuilder:validation:XValidation:rule="self.all(f, has(f.fqdn)) || !self.exists(f, has(f.fqdn))",message="fqdn addresses cannot be mixed with other address types"
	Endpoints []BackendEndpoint `json:"endpoints,omitempty"`

	// AppProtocols defines the application protocols to be supported when connecting to the backend.
	//
	// +optional
	AppProtocols []AppProtocolType `json:"appProtocols,omitempty"`

	// Fallback indicates whether the backend is designated as a fallback.
	// It is highly recommended to configure active or passive health checks to ensure that failover can be detected
	// when the active backends become unhealthy and to automatically readjust once the primary backends are healthy again.
	// The overprovisioning factor is set to 1.4, meaning the fallback backends will only start receiving traffic when
	// the health of the active backends falls below 72%.
	//
	// +optional
	Fallback *bool `json:"fallback,omitempty"`
}

BackendSpec describes the desired state of BackendSpec.

func (*BackendSpec) DeepCopy added in v1.1.0

func (in *BackendSpec) DeepCopy() *BackendSpec

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new BackendSpec.

func (*BackendSpec) DeepCopyInto added in v1.1.0

func (in *BackendSpec) DeepCopyInto(out *BackendSpec)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type BackendStatus added in v1.1.0

type BackendStatus struct {
	// Conditions describe the current conditions of the Backend.
	//
	// +optional
	// +listType=map
	// +listMapKey=type
	// +kubebuilder:validation:MaxItems=8
	Conditions []metav1.Condition `json:"conditions,omitempty"`
}

BackendStatus defines the state of Backend

func (*BackendStatus) DeepCopy added in v1.1.0

func (in *BackendStatus) DeepCopy() *BackendStatus

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new BackendStatus.

func (*BackendStatus) DeepCopyInto added in v1.1.0

func (in *BackendStatus) DeepCopyInto(out *BackendStatus)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type BackendTLSConfig added in v1.1.0

type BackendTLSConfig struct {
	// ClientCertificateRef defines the reference to a Kubernetes Secret that contains
	// the client certificate and private key for Envoy to use when connecting to
	// backend services and external services, such as ExtAuth, ALS, OpenTelemetry, etc.
	// This secret should be located within the same namespace as the Envoy proxy resource that references it.
	// +optional
	ClientCertificateRef *gwapiv1.SecretObjectReference `json:"clientCertificateRef,omitempty"`
	TLSSettings          `json:",inline"`
}

BackendTLSConfig describes the BackendTLS configuration for Envoy Proxy.

func (*BackendTLSConfig) DeepCopy added in v1.1.0

func (in *BackendTLSConfig) DeepCopy() *BackendTLSConfig

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new BackendTLSConfig.

func (*BackendTLSConfig) DeepCopyInto added in v1.1.0

func (in *BackendTLSConfig) DeepCopyInto(out *BackendTLSConfig)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type BackendTrafficPolicy added in v0.6.0

type BackendTrafficPolicy struct {
	metav1.TypeMeta   `json:",inline"`
	metav1.ObjectMeta `json:"metadata,omitempty"`

	// spec defines the desired state of BackendTrafficPolicy.
	Spec BackendTrafficPolicySpec `json:"spec"`

	// status defines the current status of BackendTrafficPolicy.
	Status gwapiv1a2.PolicyStatus `json:"status,omitempty"`
}

BackendTrafficPolicy allows the user to configure the behavior of the connection between the Envoy Proxy listener and the backend service.

func (*BackendTrafficPolicy) DeepCopy added in v0.6.0

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new BackendTrafficPolicy.

func (*BackendTrafficPolicy) DeepCopyInto added in v0.6.0

func (in *BackendTrafficPolicy) DeepCopyInto(out *BackendTrafficPolicy)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

func (*BackendTrafficPolicy) DeepCopyObject added in v0.6.0

func (in *BackendTrafficPolicy) DeepCopyObject() runtime.Object

DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.

type BackendTrafficPolicyList added in v0.6.0

type BackendTrafficPolicyList struct {
	metav1.TypeMeta `json:",inline"`
	metav1.ListMeta `json:"metadata,omitempty"`
	Items           []BackendTrafficPolicy `json:"items"`
}

BackendTrafficPolicyList contains a list of BackendTrafficPolicy resources.

func (*BackendTrafficPolicyList) DeepCopy added in v0.6.0

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new BackendTrafficPolicyList.

func (*BackendTrafficPolicyList) DeepCopyInto added in v0.6.0

func (in *BackendTrafficPolicyList) DeepCopyInto(out *BackendTrafficPolicyList)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

func (*BackendTrafficPolicyList) DeepCopyObject added in v0.6.0

func (in *BackendTrafficPolicyList) DeepCopyObject() runtime.Object

DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.

type BackendTrafficPolicySpec added in v0.6.0

type BackendTrafficPolicySpec struct {
	PolicyTargetReferences `json:",inline"`
	ClusterSettings        `json:",inline"`

	// RateLimit allows the user to limit the number of incoming requests
	// to a predefined value based on attributes within the traffic flow.
	// +optional
	RateLimit *RateLimitSpec `json:"rateLimit,omitempty"`

	// FaultInjection defines the fault injection policy to be applied. This configuration can be used to
	// inject delays and abort requests to mimic failure scenarios such as service failures and overloads
	// +optional
	FaultInjection *FaultInjection `json:"faultInjection,omitempty"`

	// UseClientProtocol configures Envoy to prefer sending requests to backends using
	// the same HTTP protocol that the incoming request used. Defaults to false, which means
	// that Envoy will use the protocol indicated by the attached BackendRef.
	//
	// +optional
	UseClientProtocol *bool `json:"useClientProtocol,omitempty"`

	// The compression config for the http streams.
	//
	// +optional
	// +notImplementedHide
	Compression []*Compression `json:"compression,omitempty"`

	// ResponseOverride defines the configuration to override specific responses with a custom one.
	// If multiple configurations are specified, the first one to match wins.
	//
	// +optional
	ResponseOverride []*ResponseOverride `json:"responseOverride,omitempty"`
}

+kubebuilder:validation:XValidation:rule="(has(self.targetRef) && !has(self.targetRefs)) || (!has(self.targetRef) && has(self.targetRefs)) || (has(self.targetSelectors) && self.targetSelectors.size() > 0) ", message="either targetRef or targetRefs must be used"

+kubebuilder:validation:XValidation:rule="has(self.targetRef) ? self.targetRef.group == 'gateway.networking.k8s.io' : true ", message="this policy can only have a targetRef.group of gateway.networking.k8s.io" +kubebuilder:validation:XValidation:rule="has(self.targetRef) ? self.targetRef.kind in ['Gateway', 'HTTPRoute', 'GRPCRoute', 'UDPRoute', 'TCPRoute', 'TLSRoute'] : true", message="this policy can only have a targetRef.kind of Gateway/HTTPRoute/GRPCRoute/TCPRoute/UDPRoute/TLSRoute" +kubebuilder:validation:XValidation:rule="has(self.targetRef) ? !has(self.targetRef.sectionName) : true",message="this policy does not yet support the sectionName field" +kubebuilder:validation:XValidation:rule="has(self.targetRefs) ? self.targetRefs.all(ref, ref.group == 'gateway.networking.k8s.io') : true ", message="this policy can only have a targetRefs[*].group of gateway.networking.k8s.io" +kubebuilder:validation:XValidation:rule="has(self.targetRefs) ? self.targetRefs.all(ref, ref.kind in ['Gateway', 'HTTPRoute', 'GRPCRoute', 'UDPRoute', 'TCPRoute', 'TLSRoute']) : true ", message="this policy can only have a targetRefs[*].kind of Gateway/HTTPRoute/GRPCRoute/TCPRoute/UDPRoute/TLSRoute" +kubebuilder:validation:XValidation:rule="has(self.targetRefs) ? self.targetRefs.all(ref, !has(ref.sectionName)) : true",message="this policy does not yet support the sectionName field"

BackendTrafficPolicySpec defines the desired state of BackendTrafficPolicy.

func (*BackendTrafficPolicySpec) DeepCopy added in v0.6.0

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new BackendTrafficPolicySpec.

func (*BackendTrafficPolicySpec) DeepCopyInto added in v0.6.0

func (in *BackendTrafficPolicySpec) DeepCopyInto(out *BackendTrafficPolicySpec)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type BasicAuth added in v1.0.0

type BasicAuth struct {
	// The Kubernetes secret which contains the username-password pairs in
	// htpasswd format, used to verify user credentials in the "Authorization"
	// header.
	//
	// This is an Opaque secret. The username-password pairs should be stored in
	// the key ".htpasswd". As the key name indicates, the value needs to be the
	// htpasswd format, for example: "user1:{SHA}hashed_user1_password".
	// Right now, only SHA hash algorithm is supported.
	// Reference to https://httpd.apache.org/docs/2.4/programs/htpasswd.html
	// for more details.
	//
	// Note: The secret must be in the same namespace as the SecurityPolicy.
	Users gwapiv1.SecretObjectReference `json:"users"`
}

BasicAuth defines the configuration for the HTTP Basic Authentication.

func (*BasicAuth) DeepCopy added in v1.0.0

func (in *BasicAuth) DeepCopy() *BasicAuth

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new BasicAuth.

func (*BasicAuth) DeepCopyInto added in v1.0.0

func (in *BasicAuth) DeepCopyInto(out *BasicAuth)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type BootstrapType added in v0.6.0

type BootstrapType string

BootstrapType defines the types of bootstrap supported by Envoy Gateway. +kubebuilder:validation:Enum=Merge;Replace;JSONPatch

const (
	// Merge merges the provided bootstrap with the default one. The provided bootstrap can add or override a value
	// within a map, or add a new value to a list.
	// Please note that the provided bootstrap can't override a value within a list.
	BootstrapTypeMerge BootstrapType = "Merge"

	// Replace replaces the default bootstrap with the provided one.
	BootstrapTypeReplace BootstrapType = "Replace"

	// JSONPatch applies the provided JSONPatches to the default bootstrap.
	BootstrapTypeJSONPatch BootstrapType = "JSONPatch"
)

type CIDR added in v1.1.0

type CIDR string

CIDR defines a CIDR Address range. A CIDR can be an IPv4 address range such as "192.168.1.0/24" or an IPv6 address range such as "2001:0db8:11a3:09d7::/64". +kubebuilder:validation:Pattern=`((25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\.(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\.(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\.(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\/([0-9]+))|((([0-9a-fA-F]{1,4}:){7,7}[0-9a-fA-F]{1,4}|([0-9a-fA-F]{1,4}:){1,7}:|([0-9a-fA-F]{1,4}:){1,6}:[0-9a-fA-F]{1,4}|([0-9a-fA-F]{1,4}:){1,5}(:[0-9a-fA-F]{1,4}){1,2}|([0-9a-fA-F]{1,4}:){1,4}(:[0-9a-fA-F]{1,4}){1,3}|([0-9a-fA-F]{1,4}:){1,3}(:[0-9a-fA-F]{1,4}){1,4}|([0-9a-fA-F]{1,4}:){1,2}(:[0-9a-fA-F]{1,4}){1,5}|[0-9a-fA-F]{1,4}:((:[0-9a-fA-F]{1,4}){1,6})|:((:[0-9a-fA-F]{1,4}){1,7}|:)|fe80:(:[0-9a-fA-F]{0,4}){0,4}%[0-9a-zA-Z]{1,}|::(ffff(:0{1,4}){0,1}:){0,1}((25[0-5]|(2[0-4]|1{0,1}[0-9]){0,1}[0-9])\.){3,3}(25[0-5]|(2[0-4]|1{0,1}[0-9]){0,1}[0-9])|([0-9a-fA-F]{1,4}:){1,4}:((25[0-5]|(2[0-4]|1{0,1}[0-9]){0,1}[0-9])\.){3,3}(25[0-5]|(2[0-4]|1{0,1}[0-9]){0,1}[0-9]))\/([0-9]+))`

type CORS added in v0.6.0

type CORS struct {
	// AllowOrigins defines the origins that are allowed to make requests.
	// It specifies the allowed origins in the Access-Control-Allow-Origin CORS response header.
	// The value "*" allows any origin to make requests.
	//
	// +optional
	AllowOrigins []Origin `json:"allowOrigins,omitempty"`

	// AllowMethods defines the methods that are allowed to make requests.
	// It specifies the allowed methods in the Access-Control-Allow-Methods CORS response header..
	// The value "*" allows any method to be used.
	//
	// +optional
	AllowMethods []string `json:"allowMethods,omitempty"`

	// AllowHeaders defines the headers that are allowed to be sent with requests.
	// It specifies the allowed headers in the Access-Control-Allow-Headers CORS response header..
	// The value "*" allows any header to be sent.
	//
	// +optional
	AllowHeaders []string `json:"allowHeaders,omitempty"`

	// ExposeHeaders defines which response headers should be made accessible to
	// scripts running in the browser.
	// It specifies the headers in the Access-Control-Expose-Headers CORS response header..
	// The value "*" allows any header to be exposed.
	//
	// +optional
	ExposeHeaders []string `json:"exposeHeaders,omitempty"`

	// MaxAge defines how long the results of a preflight request can be cached.
	// It specifies the value in the Access-Control-Max-Age CORS response header..
	//
	// +optional
	MaxAge *metav1.Duration `json:"maxAge,omitempty"`

	// AllowCredentials indicates whether a request can include user credentials
	// like cookies, authentication headers, or TLS client certificates.
	// It specifies the value in the Access-Control-Allow-Credentials CORS response header.
	//
	// +optional
	AllowCredentials *bool `json:"allowCredentials,omitempty"`
}

CORS defines the configuration for Cross-Origin Resource Sharing (CORS).

func (*CORS) DeepCopy added in v0.6.0

func (in *CORS) DeepCopy() *CORS

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new CORS.

func (*CORS) DeepCopyInto added in v0.6.0

func (in *CORS) DeepCopyInto(out *CORS)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type CircuitBreaker added in v1.0.0

type CircuitBreaker struct {
	// The maximum number of connections that Envoy will establish to the referenced backend defined within a xRoute rule.
	//
	// +kubebuilder:validation:Minimum=0
	// +kubebuilder:validation:Maximum=4294967295
	// +kubebuilder:default=1024
	// +optional
	MaxConnections *int64 `json:"maxConnections,omitempty"`

	// The maximum number of pending requests that Envoy will queue to the referenced backend defined within a xRoute rule.
	//
	// +kubebuilder:validation:Minimum=0
	// +kubebuilder:validation:Maximum=4294967295
	// +kubebuilder:default=1024
	// +optional
	MaxPendingRequests *int64 `json:"maxPendingRequests,omitempty"`

	// The maximum number of parallel requests that Envoy will make to the referenced backend defined within a xRoute rule.
	//
	// +kubebuilder:validation:Minimum=0
	// +kubebuilder:validation:Maximum=4294967295
	// +kubebuilder:default=1024
	// +optional
	MaxParallelRequests *int64 `json:"maxParallelRequests,omitempty"`

	// The maximum number of parallel retries that Envoy will make to the referenced backend defined within a xRoute rule.
	//
	// +kubebuilder:validation:Minimum=0
	// +kubebuilder:validation:Maximum=4294967295
	// +kubebuilder:default=1024
	// +optional
	MaxParallelRetries *int64 `json:"maxParallelRetries,omitempty"`

	// The maximum number of requests that Envoy will make over a single connection to the referenced backend defined within a xRoute rule.
	// Default: unlimited.
	//
	// +kubebuilder:validation:Minimum=0
	// +kubebuilder:validation:Maximum=4294967295
	// +optional
	MaxRequestsPerConnection *int64 `json:"maxRequestsPerConnection,omitempty"`
}

CircuitBreaker defines the Circuit Breaker configuration.

func (*CircuitBreaker) DeepCopy added in v1.0.0

func (in *CircuitBreaker) DeepCopy() *CircuitBreaker

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new CircuitBreaker.

func (*CircuitBreaker) DeepCopyInto added in v1.0.0

func (in *CircuitBreaker) DeepCopyInto(out *CircuitBreaker)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type ClaimToHeader added in v0.5.0

type ClaimToHeader struct {
	// Header defines the name of the HTTP request header that the JWT Claim will be saved into.
	Header string `json:"header"`

	// Claim is the JWT Claim that should be saved into the header : it can be a nested claim of type
	// (eg. "claim.nested.key", "sub"). The nested claim name must use dot "."
	// to separate the JSON name path.
	Claim string `json:"claim"`
}

ClaimToHeader defines a configuration to convert JWT claims into HTTP headers

func (*ClaimToHeader) DeepCopy added in v0.5.0

func (in *ClaimToHeader) DeepCopy() *ClaimToHeader

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ClaimToHeader.

func (*ClaimToHeader) DeepCopyInto added in v0.5.0

func (in *ClaimToHeader) DeepCopyInto(out *ClaimToHeader)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type ClientConnection added in v1.1.0

type ClientConnection struct {
	// ConnectionLimit defines limits related to connections
	//
	// +optional
	ConnectionLimit *ConnectionLimit `json:"connectionLimit,omitempty"`
	// BufferLimit provides configuration for the maximum buffer size in bytes for each incoming connection.
	// BufferLimit applies to connection streaming (maybe non-streaming) channel between processes, it's in user space.
	// For example, 20Mi, 1Gi, 256Ki etc.
	// Note that when the suffix is not provided, the value is interpreted as bytes.
	// Default: 32768 bytes.
	//
	// +kubebuilder:validation:XIntOrString
	// +kubebuilder:validation:Pattern="^[1-9]+[0-9]*([EPTGMK]i|[EPTGMk])?$"
	// +optional
	BufferLimit *resource.Quantity `json:"bufferLimit,omitempty"`
	// SocketBufferLimit provides configuration for the maximum buffer size in bytes for each incoming socket.
	// SocketBufferLimit applies to socket streaming channel between TCP/IP stacks, it's in kernel space.
	// For example, 20Mi, 1Gi, 256Ki etc.
	// Note that when the suffix is not provided, the value is interpreted as bytes.
	//
	// +kubebuilder:validation:XIntOrString
	// +kubebuilder:validation:Pattern="^[1-9]+[0-9]*([EPTGMK]i|[EPTGMk])?$"
	// +optional
	// +notImplementedHide
	SocketBufferLimit *resource.Quantity `json:"socketBufferLimit,omitempty"`
}

ClientConnection allows users to configure connection-level settings of client

func (*ClientConnection) DeepCopy added in v1.1.0

func (in *ClientConnection) DeepCopy() *ClientConnection

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ClientConnection.

func (*ClientConnection) DeepCopyInto added in v1.1.0

func (in *ClientConnection) DeepCopyInto(out *ClientConnection)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type ClientIPDetectionSettings added in v1.0.0

type ClientIPDetectionSettings struct {
	// XForwardedForSettings provides configuration for using X-Forwarded-For headers for determining the client IP address.
	//
	// +optional
	XForwardedFor *XForwardedForSettings `json:"xForwardedFor,omitempty"`
	// CustomHeader provides configuration for determining the client IP address for a request based on
	// a trusted custom HTTP header. This uses the custom_header original IP detection extension.
	// Refer to https://www.envoyproxy.io/docs/envoy/latest/api-v3/extensions/http/original_ip_detection/custom_header/v3/custom_header.proto
	// for more details.
	//
	// +optional
	CustomHeader *CustomHeaderExtensionSettings `json:"customHeader,omitempty"`
}

ClientIPDetectionSettings provides configuration for determining the original client IP address for requests.

+kubebuilder:validation:XValidation:rule="!(has(self.xForwardedFor) && has(self.customHeader))",message="customHeader cannot be used in conjunction with xForwardedFor"

func (*ClientIPDetectionSettings) DeepCopy added in v1.0.0

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ClientIPDetectionSettings.

func (*ClientIPDetectionSettings) DeepCopyInto added in v1.0.0

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type ClientTLSSettings added in v1.1.0

type ClientTLSSettings struct {
	// ClientValidation specifies the configuration to validate the client
	// initiating the TLS connection to the Gateway listener.
	// +optional
	ClientValidation *ClientValidationContext `json:"clientValidation,omitempty"`
	TLSSettings      `json:",inline"`

	// Session defines settings related to TLS session management.
	// +optional
	Session *Session `json:"session,omitempty"`
}

func (*ClientTLSSettings) DeepCopy added in v1.1.0

func (in *ClientTLSSettings) DeepCopy() *ClientTLSSettings

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ClientTLSSettings.

func (*ClientTLSSettings) DeepCopyInto added in v1.1.0

func (in *ClientTLSSettings) DeepCopyInto(out *ClientTLSSettings)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type ClientTimeout added in v1.0.0

type ClientTimeout struct {
	// Timeout settings for TCP.
	//
	// +optional
	TCP *TCPClientTimeout `json:"tcp,omitempty"`

	// Timeout settings for HTTP.
	//
	// +optional
	HTTP *HTTPClientTimeout `json:"http,omitempty"`
}

func (*ClientTimeout) DeepCopy added in v1.0.0

func (in *ClientTimeout) DeepCopy() *ClientTimeout

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ClientTimeout.

func (*ClientTimeout) DeepCopyInto added in v1.0.0

func (in *ClientTimeout) DeepCopyInto(out *ClientTimeout)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type ClientTrafficPolicy added in v0.6.0

type ClientTrafficPolicy struct {
	metav1.TypeMeta   `json:",inline"`
	metav1.ObjectMeta `json:"metadata,omitempty"`

	// Spec defines the desired state of ClientTrafficPolicy.
	Spec ClientTrafficPolicySpec `json:"spec"`

	// Status defines the current status of ClientTrafficPolicy.
	Status gwapiv1a2.PolicyStatus `json:"status,omitempty"`
}

ClientTrafficPolicy allows the user to configure the behavior of the connection between the downstream client and Envoy Proxy listener.

func (*ClientTrafficPolicy) DeepCopy added in v0.6.0

func (in *ClientTrafficPolicy) DeepCopy() *ClientTrafficPolicy

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ClientTrafficPolicy.

func (*ClientTrafficPolicy) DeepCopyInto added in v0.6.0

func (in *ClientTrafficPolicy) DeepCopyInto(out *ClientTrafficPolicy)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

func (*ClientTrafficPolicy) DeepCopyObject added in v0.6.0

func (in *ClientTrafficPolicy) DeepCopyObject() runtime.Object

DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.

type ClientTrafficPolicyList added in v0.6.0

type ClientTrafficPolicyList struct {
	metav1.TypeMeta `json:",inline"`
	metav1.ListMeta `json:"metadata,omitempty"`
	Items           []ClientTrafficPolicy `json:"items"`
}

ClientTrafficPolicyList contains a list of ClientTrafficPolicy resources.

func (*ClientTrafficPolicyList) DeepCopy added in v0.6.0

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ClientTrafficPolicyList.

func (*ClientTrafficPolicyList) DeepCopyInto added in v0.6.0

func (in *ClientTrafficPolicyList) DeepCopyInto(out *ClientTrafficPolicyList)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

func (*ClientTrafficPolicyList) DeepCopyObject added in v0.6.0

func (in *ClientTrafficPolicyList) DeepCopyObject() runtime.Object

DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.

type ClientTrafficPolicySpec added in v0.6.0

type ClientTrafficPolicySpec struct {
	PolicyTargetReferences `json:",inline"`

	// TcpKeepalive settings associated with the downstream client connection.
	// If defined, sets SO_KEEPALIVE on the listener socket to enable TCP Keepalives.
	// Disabled by default.
	//
	// +optional
	TCPKeepalive *TCPKeepalive `json:"tcpKeepalive,omitempty"`
	// EnableProxyProtocol interprets the ProxyProtocol header and adds the
	// Client Address into the X-Forwarded-For header.
	// Note Proxy Protocol must be present when this field is set, else the connection
	// is closed.
	//
	// +optional
	EnableProxyProtocol *bool `json:"enableProxyProtocol,omitempty"`
	// ClientIPDetectionSettings provides configuration for determining the original client IP address for requests.
	//
	// +optional
	ClientIPDetection *ClientIPDetectionSettings `json:"clientIPDetection,omitempty"`
	// TLS settings configure TLS termination settings with the downstream client.
	//
	// +optional
	TLS *ClientTLSSettings `json:"tls,omitempty"`
	// Path enables managing how the incoming path set by clients can be normalized.
	//
	// +optional
	Path *PathSettings `json:"path,omitempty"`
	// HeaderSettings provides configuration for header management.
	//
	// +optional
	Headers *HeaderSettings `json:"headers,omitempty"`
	// Timeout settings for the client connections.
	//
	// +optional
	Timeout *ClientTimeout `json:"timeout,omitempty"`
	// Connection includes client connection settings.
	//
	// +optional
	Connection *ClientConnection `json:"connection,omitempty"`
	// HTTP1 provides HTTP/1 configuration on the listener.
	//
	// +optional
	HTTP1 *HTTP1Settings `json:"http1,omitempty"`
	// HTTP2 provides HTTP/2 configuration on the listener.
	//
	// +optional
	HTTP2 *HTTP2Settings `json:"http2,omitempty"`
	// HTTP3 provides HTTP/3 configuration on the listener.
	//
	// +optional
	HTTP3 *HTTP3Settings `json:"http3,omitempty"`
	// HealthCheck provides configuration for determining whether the HTTP/HTTPS listener is healthy.
	//
	// +optional
	HealthCheck *HealthCheckSettings `json:"healthCheck,omitempty"`
}

+kubebuilder:validation:XValidation:rule="(has(self.targetRef) && !has(self.targetRefs)) || (!has(self.targetRef) && has(self.targetRefs)) || (has(self.targetSelectors) && self.targetSelectors.size() > 0) ", message="either targetRef or targetRefs must be used"

+kubebuilder:validation:XValidation:rule="has(self.targetRef) ? self.targetRef.group == 'gateway.networking.k8s.io' : true", message="this policy can only have a targetRef.group of gateway.networking.k8s.io" +kubebuilder:validation:XValidation:rule="has(self.targetRef) ? self.targetRef.kind == 'Gateway' : true", message="this policy can only have a targetRef.kind of Gateway" +kubebuilder:validation:XValidation:rule="has(self.targetRefs) ? self.targetRefs.all(ref, ref.group == 'gateway.networking.k8s.io') : true", message="this policy can only have a targetRefs[*].group of gateway.networking.k8s.io" +kubebuilder:validation:XValidation:rule="has(self.targetRefs) ? self.targetRefs.all(ref, ref.kind == 'Gateway') : true", message="this policy can only have a targetRefs[*].kind of Gateway"

ClientTrafficPolicySpec defines the desired state of ClientTrafficPolicy.

func (*ClientTrafficPolicySpec) DeepCopy added in v0.6.0

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ClientTrafficPolicySpec.

func (*ClientTrafficPolicySpec) DeepCopyInto added in v0.6.0

func (in *ClientTrafficPolicySpec) DeepCopyInto(out *ClientTrafficPolicySpec)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type ClientValidationContext added in v1.0.0

type ClientValidationContext struct {
	// Optional set to true accepts connections even when a client doesn't present a certificate.
	// Defaults to false, which rejects connections without a valid client certificate.
	// +optional
	Optional bool `json:"optional,omitempty"`

	// CACertificateRefs contains one or more references to
	// Kubernetes objects that contain TLS certificates of
	// the Certificate Authorities that can be used
	// as a trust anchor to validate the certificates presented by the client.
	//
	// A single reference to a Kubernetes ConfigMap or a Kubernetes Secret,
	// with the CA certificate in a key named `ca.crt` is currently supported.
	//
	// References to a resource in different namespace are invalid UNLESS there
	// is a ReferenceGrant in the target namespace that allows the certificate
	// to be attached.
	//
	// +kubebuilder:validation:MaxItems=8
	// +optional
	CACertificateRefs []gwapiv1.SecretObjectReference `json:"caCertificateRefs,omitempty"`
}

ClientValidationContext holds configuration that can be used to validate the client initiating the TLS connection to the Gateway. By default, no client specific configuration is validated.

func (*ClientValidationContext) DeepCopy added in v1.0.0

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ClientValidationContext.

func (*ClientValidationContext) DeepCopyInto added in v1.0.0

func (in *ClientValidationContext) DeepCopyInto(out *ClientValidationContext)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type ClusterSettings added in v1.2.0

type ClusterSettings struct {
	// LoadBalancer policy to apply when routing traffic from the gateway to
	// the backend endpoints. Defaults to `LeastRequest`.
	// +optional
	LoadBalancer *LoadBalancer `json:"loadBalancer,omitempty"`

	// Retry provides more advanced usage, allowing users to customize the number of retries, retry fallback strategy, and retry triggering conditions.
	// If not set, retry will be disabled.
	// +optional
	Retry *Retry `json:"retry,omitempty"`

	// ProxyProtocol enables the Proxy Protocol when communicating with the backend.
	// +optional
	ProxyProtocol *ProxyProtocol `json:"proxyProtocol,omitempty"`

	// TcpKeepalive settings associated with the upstream client connection.
	// Disabled by default.
	//
	// +optional
	TCPKeepalive *TCPKeepalive `json:"tcpKeepalive,omitempty"`

	// HealthCheck allows gateway to perform active health checking on backends.
	//
	// +optional
	HealthCheck *HealthCheck `json:"healthCheck,omitempty"`

	// Circuit Breaker settings for the upstream connections and requests.
	// If not set, circuit breakers will be enabled with the default thresholds
	//
	// +optional
	CircuitBreaker *CircuitBreaker `json:"circuitBreaker,omitempty"`

	// Timeout settings for the backend connections.
	//
	// +optional
	Timeout *Timeout `json:"timeout,omitempty"`

	// Connection includes backend connection settings.
	//
	// +optional
	Connection *BackendConnection `json:"connection,omitempty"`

	// DNS includes dns resolution settings.
	//
	// +optional
	DNS *DNS `json:"dns,omitempty"`

	// HTTP2 provides HTTP/2 configuration for backend connections.
	//
	// +optional
	HTTP2 *HTTP2Settings `json:"http2,omitempty"`
}

ClusterSettings provides the various knobs that can be set to control how traffic to a given backend will be configured.

func (*ClusterSettings) DeepCopy added in v1.2.0

func (in *ClusterSettings) DeepCopy() *ClusterSettings

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ClusterSettings.

func (*ClusterSettings) DeepCopyInto added in v1.2.0

func (in *ClusterSettings) DeepCopyInto(out *ClusterSettings)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type Compression added in v1.0.0

type Compression struct {
	// CompressorType defines the compressor type to use for compression.
	//
	// +required
	Type CompressorType `json:"type"`

	// The configuration for GZIP compressor.
	//
	// +optional
	Gzip *GzipCompressor `json:"gzip,omitempty"`
}

Compression defines the config of enabling compression. This can help reduce the bandwidth at the expense of higher CPU.

func (*Compression) DeepCopy added in v1.0.0

func (in *Compression) DeepCopy() *Compression

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new Compression.

func (*Compression) DeepCopyInto added in v1.0.0

func (in *Compression) DeepCopyInto(out *Compression)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type CompressorType added in v1.0.0

type CompressorType string

CompressorType defines the types of compressor library supported by Envoy Gateway.

+kubebuilder:validation:Enum=Gzip

type ConnectionLimit added in v1.1.0

type ConnectionLimit struct {
	// Value of the maximum concurrent connections limit.
	// When the limit is reached, incoming connections will be closed after the CloseDelay duration.
	//
	// +kubebuilder:validation:Minimum=1
	Value int64 `json:"value"`

	// CloseDelay defines the delay to use before closing connections that are rejected
	// once the limit value is reached.
	// Default: none.
	//
	// +optional
	CloseDelay *gwapiv1.Duration `json:"closeDelay,omitempty"`
}

func (*ConnectionLimit) DeepCopy added in v1.1.0

func (in *ConnectionLimit) DeepCopy() *ConnectionLimit

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ConnectionLimit.

func (*ConnectionLimit) DeepCopyInto added in v1.1.0

func (in *ConnectionLimit) DeepCopyInto(out *ConnectionLimit)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type ConsistentHash added in v0.6.0

type ConsistentHash struct {
	// ConsistentHashType defines the type of input to hash on. Valid Type values are
	// "SourceIP",
	// "Header",
	// "Cookie".
	//
	// +unionDiscriminator
	Type ConsistentHashType `json:"type"`

	// Header configures the header hash policy when the consistent hash type is set to Header.
	//
	// +optional
	Header *Header `json:"header,omitempty"`

	// Cookie configures the cookie hash policy when the consistent hash type is set to Cookie.
	//
	// +optional
	Cookie *Cookie `json:"cookie,omitempty"`

	// The table size for consistent hashing, must be prime number limited to 5000011.
	//
	// +kubebuilder:validation:Minimum=2
	// +kubebuilder:validation:Maximum=5000011
	// +kubebuilder:default=65537
	// +optional
	TableSize *uint64 `json:"tableSize,omitempty"`
}

ConsistentHash defines the configuration related to the consistent hash load balancer policy. +union

+kubebuilder:validation:XValidation:rule="self.type == 'Header' ? has(self.header) : !has(self.header)",message="If consistent hash type is header, the header field must be set." +kubebuilder:validation:XValidation:rule="self.type == 'Cookie' ? has(self.cookie) : !has(self.cookie)",message="If consistent hash type is cookie, the cookie field must be set."

func (*ConsistentHash) DeepCopy added in v0.6.0

func (in *ConsistentHash) DeepCopy() *ConsistentHash

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ConsistentHash.

func (*ConsistentHash) DeepCopyInto added in v0.6.0

func (in *ConsistentHash) DeepCopyInto(out *ConsistentHash)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type ConsistentHashType added in v0.6.0

type ConsistentHashType string

ConsistentHashType defines the type of input to hash on. +kubebuilder:validation:Enum=SourceIP;Header;Cookie

const (
	// SourceIPConsistentHashType hashes based on the source IP address.
	SourceIPConsistentHashType ConsistentHashType = "SourceIP"
	// HeaderConsistentHashType hashes based on a request header.
	HeaderConsistentHashType ConsistentHashType = "Header"
	// CookieConsistentHashType hashes based on a cookie.
	CookieConsistentHashType ConsistentHashType = "Cookie"
)
type Cookie struct {
	// Name of the cookie to hash.
	// If this cookie does not exist in the request, Envoy will generate a cookie and set
	// the TTL on the response back to the client based on Layer 4
	// attributes of the backend endpoint, to ensure that these future requests
	// go to the same backend endpoint. Make sure to set the TTL field for this case.
	Name string `json:"name"`
	// TTL of the generated cookie if the cookie is not present. This value sets the
	// Max-Age attribute value.
	//
	// +optional
	TTL *metav1.Duration `json:"ttl,omitempty"`
	// Additional Attributes to set for the generated cookie.
	//
	// +optional
	Attributes map[string]string `json:"attributes,omitempty"`
}

Cookie defines the cookie hashing configuration for consistent hash based load balancing.

func (*Cookie) DeepCopy added in v1.1.0

func (in *Cookie) DeepCopy() *Cookie

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new Cookie.

func (*Cookie) DeepCopyInto added in v1.1.0

func (in *Cookie) DeepCopyInto(out *Cookie)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type CustomHeaderExtensionSettings added in v1.0.0

type CustomHeaderExtensionSettings struct {
	// Name of the header containing the original downstream remote address, if present.
	//
	// +kubebuilder:validation:MinLength=1
	// +kubebuilder:validation:MaxLength=255
	// +kubebuilder:validation:Pattern="^[A-Za-z0-9-]+$"
	//
	Name string `json:"name"`
	// FailClosed is a switch used to control the flow of traffic when client IP detection
	// fails. If set to true, the listener will respond with 403 Forbidden when the client
	// IP address cannot be determined.
	//
	// +optional
	FailClosed *bool `json:"failClosed,omitempty"`
}

CustomHeaderExtensionSettings provides configuration for determining the client IP address for a request based on a trusted custom HTTP header. This uses the the custom_header original IP detection extension. Refer to https://www.envoyproxy.io/docs/envoy/latest/api-v3/extensions/http/original_ip_detection/custom_header/v3/custom_header.proto for more details.

func (*CustomHeaderExtensionSettings) DeepCopy added in v1.0.0

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new CustomHeaderExtensionSettings.

func (*CustomHeaderExtensionSettings) DeepCopyInto added in v1.0.0

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type CustomResponse added in v1.2.0

type CustomResponse struct {
	// Content Type of the response. This will be set in the Content-Type header.
	//
	// +optional
	ContentType *string `json:"contentType,omitempty"`

	// Body of the Custom Response
	Body CustomResponseBody `json:"body"`
}

CustomResponse defines the configuration for returning a custom response.

func (*CustomResponse) DeepCopy added in v1.2.0

func (in *CustomResponse) DeepCopy() *CustomResponse

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new CustomResponse.

func (*CustomResponse) DeepCopyInto added in v1.2.0

func (in *CustomResponse) DeepCopyInto(out *CustomResponse)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type CustomResponseBody added in v1.2.0

type CustomResponseBody struct {
	// Type is the type of method to use to read the body value.
	// Valid values are Inline and ValueRef, default is Inline.
	//
	// +kubebuilder:default=Inline
	// +kubebuilder:validation:Enum=Inline;ValueRef
	// +unionDiscriminator
	Type *ResponseValueType `json:"type"`

	// Inline contains the value as an inline string.
	//
	// +optional
	Inline *string `json:"inline,omitempty"`

	// ValueRef contains the contents of the body
	// specified as a local object reference.
	// Only a reference to ConfigMap is supported.
	//
	// The value of key `response.body` in the ConfigMap will be used as the response body.
	// If the key is not found, the first value in the ConfigMap will be used.
	//
	// +optional
	ValueRef *gwapiv1.LocalObjectReference `json:"valueRef,omitempty"`
}

CustomResponseBody +kubebuilder:validation:XValidation:message="inline must be set for type Inline",rule="(!has(self.type) || self.type == 'Inline')? has(self.inline) : true" +kubebuilder:validation:XValidation:message="valueRef must be set for type ValueRef",rule="(has(self.type) && self.type == 'ValueRef')? has(self.valueRef) : true" +kubebuilder:validation:XValidation:message="only ConfigMap is supported for ValueRef",rule="has(self.valueRef) ? self.valueRef.kind == 'ConfigMap' : true"

func (*CustomResponseBody) DeepCopy added in v1.2.0

func (in *CustomResponseBody) DeepCopy() *CustomResponseBody

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new CustomResponseBody.

func (*CustomResponseBody) DeepCopyInto added in v1.2.0

func (in *CustomResponseBody) DeepCopyInto(out *CustomResponseBody)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type CustomResponseMatch added in v1.2.0

type CustomResponseMatch struct {
	// Status code to match on. The match evaluates to true if any of the matches are successful.
	// +kubebuilder:validation:MinItems=1
	// +kubebuilder:validation:MaxItems=50
	StatusCodes []StatusCodeMatch `json:"statusCodes"`
}

CustomResponseMatch defines the configuration for matching a user response to return a custom one.

func (*CustomResponseMatch) DeepCopy added in v1.2.0

func (in *CustomResponseMatch) DeepCopy() *CustomResponseMatch

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new CustomResponseMatch.

func (*CustomResponseMatch) DeepCopyInto added in v1.2.0

func (in *CustomResponseMatch) DeepCopyInto(out *CustomResponseMatch)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type CustomTag added in v0.6.0

type CustomTag struct {
	// Type defines the type of custom tag.
	// +kubebuilder:validation:Enum=Literal;Environment;RequestHeader
	// +unionDiscriminator
	// +kubebuilder:default=Literal
	Type CustomTagType `json:"type"`
	// Literal adds hard-coded value to each span.
	// It's required when the type is "Literal".
	Literal *LiteralCustomTag `json:"literal,omitempty"`
	// Environment adds value from environment variable to each span.
	// It's required when the type is "Environment".
	Environment *EnvironmentCustomTag `json:"environment,omitempty"`
	// RequestHeader adds value from request header to each span.
	// It's required when the type is "RequestHeader".
	RequestHeader *RequestHeaderCustomTag `json:"requestHeader,omitempty"`
}

func (*CustomTag) DeepCopy added in v0.6.0

func (in *CustomTag) DeepCopy() *CustomTag

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new CustomTag.

func (*CustomTag) DeepCopyInto added in v0.6.0

func (in *CustomTag) DeepCopyInto(out *CustomTag)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type CustomTagType added in v0.6.0

type CustomTagType string
const (
	// CustomTagTypeLiteral adds hard-coded value to each span.
	CustomTagTypeLiteral CustomTagType = "Literal"
	// CustomTagTypeEnvironment adds value from environment variable to each span.
	CustomTagTypeEnvironment CustomTagType = "Environment"
	// CustomTagTypeRequestHeader adds value from request header to each span.
	CustomTagTypeRequestHeader CustomTagType = "RequestHeader"
)

type DNS added in v1.2.0

type DNS struct {
	// DNSRefreshRate specifies the rate at which DNS records should be refreshed.
	// Defaults to 30 seconds.
	DNSRefreshRate *metav1.Duration `json:"dnsRefreshRate,omitempty"`
	// RespectDNSTTL indicates whether the DNS Time-To-Live (TTL) should be respected.
	// If the value is set to true, the DNS refresh rate will be set to the resource record’s TTL.
	// Defaults to true.
	RespectDNSTTL *bool `json:"respectDnsTtl,omitempty"`
}

func (*DNS) DeepCopy added in v1.2.0

func (in *DNS) DeepCopy() *DNS

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new DNS.

func (*DNS) DeepCopyInto added in v1.2.0

func (in *DNS) DeepCopyInto(out *DNS)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type EnvironmentCustomTag added in v0.6.0

type EnvironmentCustomTag struct {
	// Name defines the name of the environment variable which to extract the value from.
	Name string `json:"name"`
	// DefaultValue defines the default value to use if the environment variable is not set.
	// +optional
	DefaultValue *string `json:"defaultValue,omitempty"`
}

EnvironmentCustomTag adds value from environment variable to each span.

func (*EnvironmentCustomTag) DeepCopy added in v0.6.0

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new EnvironmentCustomTag.

func (*EnvironmentCustomTag) DeepCopyInto added in v0.6.0

func (in *EnvironmentCustomTag) DeepCopyInto(out *EnvironmentCustomTag)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type EnvoyExtensionPolicy added in v1.1.0

type EnvoyExtensionPolicy struct {
	metav1.TypeMeta   `json:",inline"`
	metav1.ObjectMeta `json:"metadata,omitempty"`

	// Spec defines the desired state of EnvoyExtensionPolicy.
	Spec EnvoyExtensionPolicySpec `json:"spec"`

	// Status defines the current status of EnvoyExtensionPolicy.
	Status gwapiv1a2.PolicyStatus `json:"status,omitempty"`
}

EnvoyExtensionPolicy allows the user to configure various envoy extensibility options for the Gateway.

func (*EnvoyExtensionPolicy) DeepCopy added in v1.1.0

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new EnvoyExtensionPolicy.

func (*EnvoyExtensionPolicy) DeepCopyInto added in v1.1.0

func (in *EnvoyExtensionPolicy) DeepCopyInto(out *EnvoyExtensionPolicy)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

func (*EnvoyExtensionPolicy) DeepCopyObject added in v1.1.0

func (in *EnvoyExtensionPolicy) DeepCopyObject() runtime.Object

DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.

type EnvoyExtensionPolicyList added in v1.1.0

type EnvoyExtensionPolicyList struct {
	metav1.TypeMeta `json:",inline"`
	metav1.ListMeta `json:"metadata,omitempty"`
	Items           []EnvoyExtensionPolicy `json:"items"`
}

EnvoyExtensionPolicyList contains a list of EnvoyExtensionPolicy resources.

func (*EnvoyExtensionPolicyList) DeepCopy added in v1.1.0

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new EnvoyExtensionPolicyList.

func (*EnvoyExtensionPolicyList) DeepCopyInto added in v1.1.0

func (in *EnvoyExtensionPolicyList) DeepCopyInto(out *EnvoyExtensionPolicyList)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

func (*EnvoyExtensionPolicyList) DeepCopyObject added in v1.1.0

func (in *EnvoyExtensionPolicyList) DeepCopyObject() runtime.Object

DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.

type EnvoyExtensionPolicySpec added in v1.1.0

type EnvoyExtensionPolicySpec struct {
	PolicyTargetReferences `json:",inline"`

	// Wasm is a list of Wasm extensions to be loaded by the Gateway.
	// Order matters, as the extensions will be loaded in the order they are
	// defined in this list.
	//
	// +kubebuilder:validation:MaxItems=16
	// +optional
	Wasm []Wasm `json:"wasm,omitempty"`

	// ExtProc is an ordered list of external processing filters
	// that should added to the envoy filter chain
	//
	// +kubebuilder:validation:MaxItems=16
	// +optional
	ExtProc []ExtProc `json:"extProc,omitempty"`
}

+kubebuilder:validation:XValidation:rule="(has(self.targetRef) && !has(self.targetRefs)) || (!has(self.targetRef) && has(self.targetRefs)) || (has(self.targetSelectors) && self.targetSelectors.size() > 0) ", message="either targetRef or targetRefs must be used"

+kubebuilder:validation:XValidation:rule="has(self.targetRef) ? self.targetRef.group == 'gateway.networking.k8s.io' : true", message="this policy can only have a targetRef.group of gateway.networking.k8s.io" +kubebuilder:validation:XValidation:rule="has(self.targetRef) ? self.targetRef.kind in ['Gateway', 'HTTPRoute', 'GRPCRoute', 'UDPRoute', 'TCPRoute', 'TLSRoute'] : true", message="this policy can only have a targetRef.kind of Gateway/HTTPRoute/GRPCRoute/TCPRoute/UDPRoute/TLSRoute" +kubebuilder:validation:XValidation:rule="has(self.targetRef) ? !has(self.targetRef.sectionName) : true",message="this policy does not yet support the sectionName field" +kubebuilder:validation:XValidation:rule="has(self.targetRefs) ? self.targetRefs.all(ref, ref.group == 'gateway.networking.k8s.io') : true ", message="this policy can only have a targetRefs[*].group of gateway.networking.k8s.io" +kubebuilder:validation:XValidation:rule="has(self.targetRefs) ? self.targetRefs.all(ref, ref.kind in ['Gateway', 'HTTPRoute', 'GRPCRoute', 'UDPRoute', 'TCPRoute', 'TLSRoute']) : true ", message="this policy can only have a targetRefs[*].kind of Gateway/HTTPRoute/GRPCRoute/TCPRoute/UDPRoute/TLSRoute" +kubebuilder:validation:XValidation:rule="has(self.targetRefs) ? self.targetRefs.all(ref, !has(ref.sectionName)) : true",message="this policy does not yet support the sectionName field"

EnvoyExtensionPolicySpec defines the desired state of EnvoyExtensionPolicy.

func (*EnvoyExtensionPolicySpec) DeepCopy added in v1.1.0

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new EnvoyExtensionPolicySpec.

func (*EnvoyExtensionPolicySpec) DeepCopyInto added in v1.1.0

func (in *EnvoyExtensionPolicySpec) DeepCopyInto(out *EnvoyExtensionPolicySpec)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type EnvoyFilter added in v1.1.0

type EnvoyFilter string

EnvoyFilter defines the type of Envoy HTTP filter. +kubebuilder:validation:Enum=envoy.filters.http.health_check;envoy.filters.http.fault;envoy.filters.http.cors;envoy.filters.http.ext_authz;envoy.filters.http.basic_auth;envoy.filters.http.oauth2;envoy.filters.http.jwt_authn;envoy.filters.http.stateful_session;envoy.filters.http.ext_proc;envoy.filters.http.wasm;envoy.filters.http.rbac;envoy.filters.http.local_ratelimit;envoy.filters.http.ratelimit;envoy.filters.http.custom_response

const (
	// EnvoyFilterHealthCheck defines the Envoy HTTP health check filter.
	EnvoyFilterHealthCheck EnvoyFilter = "envoy.filters.http.health_check"

	// EnvoyFilterFault defines the Envoy HTTP fault filter.
	EnvoyFilterFault EnvoyFilter = "envoy.filters.http.fault"

	// EnvoyFilterCORS defines the Envoy HTTP CORS filter.
	EnvoyFilterCORS EnvoyFilter = "envoy.filters.http.cors"

	// EnvoyFilterExtAuthz defines the Envoy HTTP external authorization filter.
	EnvoyFilterExtAuthz EnvoyFilter = "envoy.filters.http.ext_authz"

	// EnvoyFilterBasicAuth defines the Envoy HTTP basic authentication filter.
	EnvoyFilterBasicAuth EnvoyFilter = "envoy.filters.http.basic_auth"

	// EnvoyFilterOAuth2 defines the Envoy HTTP OAuth2 filter.
	EnvoyFilterOAuth2 EnvoyFilter = "envoy.filters.http.oauth2"

	// EnvoyFilterJWTAuthn defines the Envoy HTTP JWT authentication filter.
	EnvoyFilterJWTAuthn EnvoyFilter = "envoy.filters.http.jwt_authn"

	// EnvoyFilterSessionPersistence defines the Envoy HTTP session persistence filter.
	EnvoyFilterSessionPersistence EnvoyFilter = "envoy.filters.http.stateful_session"

	// EnvoyFilterExtProc defines the Envoy HTTP external process filter.
	EnvoyFilterExtProc EnvoyFilter = "envoy.filters.http.ext_proc"

	// EnvoyFilterWasm defines the Envoy HTTP WebAssembly filter.
	EnvoyFilterWasm EnvoyFilter = "envoy.filters.http.wasm"

	// EnvoyFilterRBAC defines the Envoy RBAC filter.
	EnvoyFilterRBAC EnvoyFilter = "envoy.filters.http.rbac"

	// EnvoyFilterLocalRateLimit defines the Envoy HTTP local rate limit filter.
	EnvoyFilterLocalRateLimit EnvoyFilter = "envoy.filters.http.local_ratelimit"

	// EnvoyFilterRateLimit defines the Envoy HTTP rate limit filter.
	EnvoyFilterRateLimit EnvoyFilter = "envoy.filters.http.ratelimit"

	// EnvoyFilterCustomResponse defines the Envoy HTTP custom response filter.
	EnvoyFilterCustomResponse EnvoyFilter = "envoy.filters.http.custom_response"

	// EnvoyFilterRouter defines the Envoy HTTP router filter.
	EnvoyFilterRouter EnvoyFilter = "envoy.filters.http.router"
)

func (EnvoyFilter) String added in v1.2.0

func (f EnvoyFilter) String() string

String returns the string representation of the EnvoyFilter type.

type EnvoyGateway added in v0.6.0

type EnvoyGateway struct {
	metav1.TypeMeta `json:",inline"`

	// EnvoyGatewaySpec defines the desired state of EnvoyGateway.
	EnvoyGatewaySpec `json:",inline"`
}

EnvoyGateway is the schema for the envoygateways API.

func DefaultEnvoyGateway added in v0.6.0

func DefaultEnvoyGateway() *EnvoyGateway

DefaultEnvoyGateway returns a new EnvoyGateway with default configuration parameters.

func (*EnvoyGateway) DeepCopy added in v0.6.0

func (in *EnvoyGateway) DeepCopy() *EnvoyGateway

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new EnvoyGateway.

func (*EnvoyGateway) DeepCopyInto added in v0.6.0

func (in *EnvoyGateway) DeepCopyInto(out *EnvoyGateway)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

func (*EnvoyGateway) DeepCopyObject added in v0.6.0

func (in *EnvoyGateway) DeepCopyObject() runtime.Object

DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.

func (*EnvoyGateway) DisablePrometheus added in v0.6.0

func (e *EnvoyGateway) DisablePrometheus() bool

DisablePrometheus returns if disable prometheus.

func (*EnvoyGateway) GetEnvoyGatewayAdmin added in v0.6.0

func (e *EnvoyGateway) GetEnvoyGatewayAdmin() *EnvoyGatewayAdmin

GetEnvoyGatewayAdmin returns the EnvoyGatewayAdmin of EnvoyGateway or a default EnvoyGatewayAdmin if unspecified.

func (*EnvoyGateway) GetEnvoyGatewayAdminAddress added in v0.6.0

func (e *EnvoyGateway) GetEnvoyGatewayAdminAddress() string

GetEnvoyGatewayAdminAddress returns the EnvoyGateway Admin Address.

func (*EnvoyGateway) GetEnvoyGatewayProvider added in v0.6.0

func (e *EnvoyGateway) GetEnvoyGatewayProvider() *EnvoyGatewayProvider

GetEnvoyGatewayProvider returns the EnvoyGatewayProvider of EnvoyGateway or a default EnvoyGatewayProvider if unspecified.

func (*EnvoyGateway) GetEnvoyGatewayTelemetry added in v0.6.0

func (e *EnvoyGateway) GetEnvoyGatewayTelemetry() *EnvoyGatewayTelemetry

GetEnvoyGatewayTelemetry returns the EnvoyGatewayTelemetry of EnvoyGateway or a default EnvoyGatewayTelemetry if unspecified.

func (*EnvoyGateway) NamespaceMode added in v1.0.0

func (e *EnvoyGateway) NamespaceMode() bool

NamespaceMode returns if uses namespace mode.

func (*EnvoyGateway) SetEnvoyGatewayDefaults added in v0.6.0

func (e *EnvoyGateway) SetEnvoyGatewayDefaults()

SetEnvoyGatewayDefaults sets default EnvoyGateway configuration parameters.

type EnvoyGatewayAdmin added in v0.6.0

type EnvoyGatewayAdmin struct {
	// Address defines the address of Envoy Gateway Admin Server.
	//
	// +optional
	Address *EnvoyGatewayAdminAddress `json:"address,omitempty"`
	// EnableDumpConfig defines if enable dump config in Envoy Gateway logs.
	//
	// +optional
	EnableDumpConfig bool `json:"enableDumpConfig,omitempty"`
	// EnablePprof defines if enable pprof in Envoy Gateway Admin Server.
	//
	// +optional
	EnablePprof bool `json:"enablePprof,omitempty"`
}

EnvoyGatewayAdmin defines the Envoy Gateway Admin configuration.

func DefaultEnvoyGatewayAdmin added in v0.6.0

func DefaultEnvoyGatewayAdmin() *EnvoyGatewayAdmin

DefaultEnvoyGatewayAdmin returns a new EnvoyGatewayAdmin with default configuration parameters.

func (*EnvoyGatewayAdmin) DeepCopy added in v0.6.0

func (in *EnvoyGatewayAdmin) DeepCopy() *EnvoyGatewayAdmin

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new EnvoyGatewayAdmin.

func (*EnvoyGatewayAdmin) DeepCopyInto added in v0.6.0

func (in *EnvoyGatewayAdmin) DeepCopyInto(out *EnvoyGatewayAdmin)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type EnvoyGatewayAdminAddress added in v0.6.0

type EnvoyGatewayAdminAddress struct {
	// Port defines the port the admin server is exposed on.
	//
	// +optional
	// +kubebuilder:validation:Minimum=0
	// +kubebuilder:default=19000
	Port int `json:"port,omitempty"`
	// Host defines the admin server hostname.
	//
	// +optional
	// +kubebuilder:default="127.0.0.1"
	Host string `json:"host,omitempty"`
}

EnvoyGatewayAdminAddress defines the Envoy Gateway Admin Address configuration.

func DefaultEnvoyGatewayAdminAddress added in v0.6.0

func DefaultEnvoyGatewayAdminAddress() *EnvoyGatewayAdminAddress

DefaultEnvoyGatewayAdminAddress returns a new EnvoyGatewayAdminAddress with default configuration parameters.

func (*EnvoyGatewayAdminAddress) DeepCopy added in v0.6.0

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new EnvoyGatewayAdminAddress.

func (*EnvoyGatewayAdminAddress) DeepCopyInto added in v0.6.0

func (in *EnvoyGatewayAdminAddress) DeepCopyInto(out *EnvoyGatewayAdminAddress)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type EnvoyGatewayCustomProvider added in v0.6.0

type EnvoyGatewayCustomProvider struct {
	// Resource defines the desired resource provider.
	// This provider is used to specify the provider to be used
	// to retrieve the resource configurations such as Gateway API
	// resources
	Resource EnvoyGatewayResourceProvider `json:"resource"`
	// Infrastructure defines the desired infrastructure provider.
	// This provider is used to specify the provider to be used
	// to provide an environment to deploy the out resources like
	// the Envoy Proxy data plane.
	//
	// Infrastructure is optional, if provider is not specified,
	// No infrastructure provider is available.
	// +optional
	Infrastructure *EnvoyGatewayInfrastructureProvider `json:"infrastructure,omitempty"`
}

EnvoyGatewayCustomProvider defines configuration for the Custom provider.

func (*EnvoyGatewayCustomProvider) DeepCopy added in v0.6.0

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new EnvoyGatewayCustomProvider.

func (*EnvoyGatewayCustomProvider) DeepCopyInto added in v0.6.0

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type EnvoyGatewayFileResourceProvider added in v0.6.0

type EnvoyGatewayFileResourceProvider struct {
	// Paths are the paths to a directory or file containing the resource configuration.
	// Recursive subdirectories are not currently supported.
	Paths []string `json:"paths"`
}

EnvoyGatewayFileResourceProvider defines configuration for the File Resource provider.

func (*EnvoyGatewayFileResourceProvider) DeepCopy added in v0.6.0

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new EnvoyGatewayFileResourceProvider.

func (*EnvoyGatewayFileResourceProvider) DeepCopyInto added in v0.6.0

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type EnvoyGatewayHostInfrastructureProvider added in v0.6.0

type EnvoyGatewayHostInfrastructureProvider struct {
}

EnvoyGatewayHostInfrastructureProvider defines configuration for the Host Infrastructure provider.

func (*EnvoyGatewayHostInfrastructureProvider) DeepCopy added in v0.6.0

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new EnvoyGatewayHostInfrastructureProvider.

func (*EnvoyGatewayHostInfrastructureProvider) DeepCopyInto added in v0.6.0

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type EnvoyGatewayInfrastructureProvider added in v0.6.0

type EnvoyGatewayInfrastructureProvider struct {
	// Type is the type of infrastructure providers to use. Supported types are "Host".
	//
	// +unionDiscriminator
	Type InfrastructureProviderType `json:"type"`
	// Host defines the configuration of the Host provider. Host provides runtime
	// deployment of the data plane as a child process on the host environment.
	//
	// +optional
	Host *EnvoyGatewayHostInfrastructureProvider `json:"host,omitempty"`
}

EnvoyGatewayInfrastructureProvider defines configuration for the Custom Infrastructure provider.

func (*EnvoyGatewayInfrastructureProvider) DeepCopy added in v0.6.0

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new EnvoyGatewayInfrastructureProvider.

func (*EnvoyGatewayInfrastructureProvider) DeepCopyInto added in v0.6.0

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type EnvoyGatewayKubernetesProvider added in v0.6.0

type EnvoyGatewayKubernetesProvider struct {
	// RateLimitDeployment defines the desired state of the Envoy ratelimit deployment resource.
	// If unspecified, default settings for the managed Envoy ratelimit deployment resource
	// are applied.
	//
	// +optional
	RateLimitDeployment *KubernetesDeploymentSpec `json:"rateLimitDeployment,omitempty"`

	// Watch holds configuration of which input resources should be watched and reconciled.
	// +optional
	Watch *KubernetesWatchMode `json:"watch,omitempty"`
	// Deploy holds configuration of how output managed resources such as the Envoy Proxy data plane
	// should be deployed
	// +optional
	Deploy *KubernetesDeployMode `json:"deploy,omitempty"`
	// OverwriteControlPlaneCerts updates the secrets containing the control plane certs, when set.
	// +optional
	OverwriteControlPlaneCerts *bool `json:"overwriteControlPlaneCerts,omitempty"`
	// LeaderElection specifies the configuration for leader election.
	// If it's not set up, leader election will be active by default, using Kubernetes' standard settings.
	// +optional
	LeaderElection *LeaderElection `json:"leaderElection,omitempty"`

	// ShutdownManager defines the configuration for the shutdown manager.
	// +optional
	ShutdownManager *ShutdownManager `json:"shutdownManager,omitempty"`
}

EnvoyGatewayKubernetesProvider defines configuration for the Kubernetes provider.

func DefaultEnvoyGatewayKubeProvider added in v0.6.0

func DefaultEnvoyGatewayKubeProvider() *EnvoyGatewayKubernetesProvider

DefaultEnvoyGatewayKubeProvider returns a new EnvoyGatewayKubernetesProvider with default settings.

func (*EnvoyGatewayKubernetesProvider) DeepCopy added in v0.6.0

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new EnvoyGatewayKubernetesProvider.

func (*EnvoyGatewayKubernetesProvider) DeepCopyInto added in v0.6.0

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type EnvoyGatewayLogComponent added in v0.6.0

type EnvoyGatewayLogComponent string

EnvoyGatewayLogComponent defines a component that supports a configured logging level. +kubebuilder:validation:Enum=default;provider;gateway-api;xds-translator;xds-server;infrastructure;global-ratelimit

const (
	// LogComponentGatewayDefault defines the "default"-wide logging component. When specified,
	// all other logging components are ignored.
	LogComponentGatewayDefault EnvoyGatewayLogComponent = "default"

	// LogComponentProviderRunner defines the "provider" runner component.
	LogComponentProviderRunner EnvoyGatewayLogComponent = "provider"

	// LogComponentGatewayAPIRunner defines the "gateway-api" runner component.
	LogComponentGatewayAPIRunner EnvoyGatewayLogComponent = "gateway-api"

	// LogComponentXdsTranslatorRunner defines the "xds-translator" runner component.
	LogComponentXdsTranslatorRunner EnvoyGatewayLogComponent = "xds-translator"

	// LogComponentXdsServerRunner defines the "xds-server" runner component.
	LogComponentXdsServerRunner EnvoyGatewayLogComponent = "xds-server"

	// LogComponentInfrastructureRunner defines the "infrastructure" runner component.
	LogComponentInfrastructureRunner EnvoyGatewayLogComponent = "infrastructure"

	// LogComponentGlobalRateLimitRunner defines the "global-ratelimit" runner component.
	LogComponentGlobalRateLimitRunner EnvoyGatewayLogComponent = "global-ratelimit"
)

type EnvoyGatewayLogging added in v0.6.0

type EnvoyGatewayLogging struct {
	// Level is the logging level. If unspecified, defaults to "info".
	// EnvoyGatewayLogComponent options: default/provider/gateway-api/xds-translator/xds-server/infrastructure/global-ratelimit.
	// LogLevel options: debug/info/error/warn.
	//
	// +kubebuilder:default={default: info}
	Level map[EnvoyGatewayLogComponent]LogLevel `json:"level,omitempty"`
}

EnvoyGatewayLogging defines logging for Envoy Gateway.

func DefaultEnvoyGatewayLogging added in v0.6.0

func DefaultEnvoyGatewayLogging() *EnvoyGatewayLogging

DefaultEnvoyGatewayLogging returns a new EnvoyGatewayLogging with default configuration parameters.

func (*EnvoyGatewayLogging) DeepCopy added in v0.6.0

func (in *EnvoyGatewayLogging) DeepCopy() *EnvoyGatewayLogging

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new EnvoyGatewayLogging.

func (*EnvoyGatewayLogging) DeepCopyInto added in v0.6.0

func (in *EnvoyGatewayLogging) DeepCopyInto(out *EnvoyGatewayLogging)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

func (*EnvoyGatewayLogging) DefaultEnvoyGatewayLoggingLevel added in v0.6.0

func (logging *EnvoyGatewayLogging) DefaultEnvoyGatewayLoggingLevel(level LogLevel) LogLevel

DefaultEnvoyGatewayLoggingLevel returns a new EnvoyGatewayLogging with default configuration parameters. When v1alpha1.LogComponentGatewayDefault specified, all other logging components are ignored.

func (*EnvoyGatewayLogging) SetEnvoyGatewayLoggingDefaults added in v0.6.0

func (logging *EnvoyGatewayLogging) SetEnvoyGatewayLoggingDefaults()

SetEnvoyGatewayLoggingDefaults sets default EnvoyGatewayLogging configuration parameters.

type EnvoyGatewayMetricSink added in v0.6.0

type EnvoyGatewayMetricSink struct {
	// Type defines the metric sink type.
	// EG control plane currently supports OpenTelemetry.
	// +kubebuilder:validation:Enum=OpenTelemetry
	// +kubebuilder:default=OpenTelemetry
	Type MetricSinkType `json:"type"`
	// OpenTelemetry defines the configuration for OpenTelemetry sink.
	// It's required if the sink type is OpenTelemetry.
	OpenTelemetry *EnvoyGatewayOpenTelemetrySink `json:"openTelemetry,omitempty"`
}

EnvoyGatewayMetricSink defines control plane metric sinks where metrics are sent to.

func (*EnvoyGatewayMetricSink) DeepCopy added in v0.6.0

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new EnvoyGatewayMetricSink.

func (*EnvoyGatewayMetricSink) DeepCopyInto added in v0.6.0

func (in *EnvoyGatewayMetricSink) DeepCopyInto(out *EnvoyGatewayMetricSink)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type EnvoyGatewayMetrics added in v0.6.0

type EnvoyGatewayMetrics struct {
	// Sinks defines the metric sinks where metrics are sent to.
	Sinks []EnvoyGatewayMetricSink `json:"sinks,omitempty"`
	// Prometheus defines the configuration for prometheus endpoint.
	Prometheus *EnvoyGatewayPrometheusProvider `json:"prometheus,omitempty"`
}

EnvoyGatewayMetrics defines control plane push/pull metrics configurations.

func DefaultEnvoyGatewayMetrics added in v0.6.0

func DefaultEnvoyGatewayMetrics() *EnvoyGatewayMetrics

DefaultEnvoyGatewayMetrics returns a new EnvoyGatewayMetrics with default configuration parameters.

func (*EnvoyGatewayMetrics) DeepCopy added in v0.6.0

func (in *EnvoyGatewayMetrics) DeepCopy() *EnvoyGatewayMetrics

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new EnvoyGatewayMetrics.

func (*EnvoyGatewayMetrics) DeepCopyInto added in v0.6.0

func (in *EnvoyGatewayMetrics) DeepCopyInto(out *EnvoyGatewayMetrics)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type EnvoyGatewayOpenTelemetrySink added in v0.6.0

type EnvoyGatewayOpenTelemetrySink struct {
	// Host define the sink service hostname.
	Host string `json:"host"`
	// Protocol define the sink service protocol.
	// +kubebuilder:validation:Enum=grpc;http
	Protocol string `json:"protocol"`
	// Port defines the port the sink service is exposed on.
	//
	// +optional
	// +kubebuilder:validation:Minimum=0
	// +kubebuilder:default=4317
	Port int32 `json:"port,omitempty"`
	// ExportInterval configures the intervening time between exports for a
	// Sink. This option overrides any value set for the
	// OTEL_METRIC_EXPORT_INTERVAL environment variable.
	// If ExportInterval is less than or equal to zero, 60 seconds
	// is used as the default.
	ExportInterval *gwapiv1.Duration `json:"exportInterval,omitempty"`
	// ExportTimeout configures the time a Sink waits for an export to
	// complete before canceling it. This option overrides any value set for the
	// OTEL_METRIC_EXPORT_TIMEOUT environment variable.
	// If ExportTimeout is less than or equal to zero, 30 seconds
	// is used as the default.
	ExportTimeout *gwapiv1.Duration `json:"exportTimeout,omitempty"`
}

func (*EnvoyGatewayOpenTelemetrySink) DeepCopy added in v0.6.0

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new EnvoyGatewayOpenTelemetrySink.

func (*EnvoyGatewayOpenTelemetrySink) DeepCopyInto added in v0.6.0

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type EnvoyGatewayPrometheusProvider added in v0.6.0

type EnvoyGatewayPrometheusProvider struct {
	// Disable defines if disables the prometheus metrics in pull mode.
	//
	Disable bool `json:"disable,omitempty"`
}

EnvoyGatewayPrometheusProvider will expose prometheus endpoint in pull mode.

func DefaultEnvoyGatewayPrometheus added in v0.6.0

func DefaultEnvoyGatewayPrometheus() *EnvoyGatewayPrometheusProvider

DefaultEnvoyGatewayPrometheus returns a new EnvoyGatewayMetrics with default configuration parameters.

func (*EnvoyGatewayPrometheusProvider) DeepCopy added in v0.6.0

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new EnvoyGatewayPrometheusProvider.

func (*EnvoyGatewayPrometheusProvider) DeepCopyInto added in v0.6.0

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type EnvoyGatewayProvider added in v0.6.0

type EnvoyGatewayProvider struct {
	// Type is the type of provider to use. Supported types are "Kubernetes", "Custom".
	//
	// +unionDiscriminator
	Type ProviderType `json:"type"`

	// Kubernetes defines the configuration of the Kubernetes provider. Kubernetes
	// provides runtime configuration via the Kubernetes API.
	//
	// +optional
	Kubernetes *EnvoyGatewayKubernetesProvider `json:"kubernetes,omitempty"`

	// Custom defines the configuration for the Custom provider. This provider
	// allows you to define a specific resource provider and an infrastructure
	// provider.
	//
	// +optional
	Custom *EnvoyGatewayCustomProvider `json:"custom,omitempty"`
}

EnvoyGatewayProvider defines the desired configuration of a provider. +union

func DefaultEnvoyGatewayProvider added in v0.6.0

func DefaultEnvoyGatewayProvider() *EnvoyGatewayProvider

DefaultEnvoyGatewayProvider returns a new EnvoyGatewayProvider with default configuration parameters.

func (*EnvoyGatewayProvider) DeepCopy added in v0.6.0

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new EnvoyGatewayProvider.

func (*EnvoyGatewayProvider) DeepCopyInto added in v0.6.0

func (in *EnvoyGatewayProvider) DeepCopyInto(out *EnvoyGatewayProvider)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

func (*EnvoyGatewayProvider) GetEnvoyGatewayKubeProvider added in v0.6.0

func (r *EnvoyGatewayProvider) GetEnvoyGatewayKubeProvider() *EnvoyGatewayKubernetesProvider

GetEnvoyGatewayKubeProvider returns the EnvoyGatewayKubernetesProvider of Provider or a default EnvoyGatewayKubernetesProvider if unspecified. If EnvoyGatewayProvider is not of type "Kubernetes", a nil EnvoyGatewayKubernetesProvider is returned.

func (*EnvoyGatewayProvider) IsRunningOnHost added in v1.2.0

func (r *EnvoyGatewayProvider) IsRunningOnHost() bool

func (*EnvoyGatewayProvider) IsRunningOnKubernetes added in v1.2.0

func (r *EnvoyGatewayProvider) IsRunningOnKubernetes() bool

type EnvoyGatewayResourceProvider added in v0.6.0

type EnvoyGatewayResourceProvider struct {
	// Type is the type of resource provider to use. Supported types are "File".
	//
	// +unionDiscriminator
	Type ResourceProviderType `json:"type"`
	// File defines the configuration of the File provider. File provides runtime
	// configuration defined by one or more files.
	//
	// +optional
	File *EnvoyGatewayFileResourceProvider `json:"file,omitempty"`
}

EnvoyGatewayResourceProvider defines configuration for the Custom Resource provider.

func (*EnvoyGatewayResourceProvider) DeepCopy added in v0.6.0

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new EnvoyGatewayResourceProvider.

func (*EnvoyGatewayResourceProvider) DeepCopyInto added in v0.6.0

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type EnvoyGatewaySpec added in v0.6.0

type EnvoyGatewaySpec struct {
	// Gateway defines desired Gateway API specific configuration. If unset,
	// default configuration parameters will apply.
	//
	// +optional
	Gateway *Gateway `json:"gateway,omitempty"`

	// Provider defines the desired provider and provider-specific configuration.
	// If unspecified, the Kubernetes provider is used with default configuration
	// parameters.
	//
	// +optional
	Provider *EnvoyGatewayProvider `json:"provider,omitempty"`

	// Logging defines logging parameters for Envoy Gateway.
	//
	// +optional
	// +kubebuilder:default={default: info}
	Logging *EnvoyGatewayLogging `json:"logging,omitempty"`

	// Admin defines the desired admin related abilities.
	// If unspecified, the Admin is used with default configuration
	// parameters.
	//
	// +optional
	Admin *EnvoyGatewayAdmin `json:"admin,omitempty"`

	// Telemetry defines the desired control plane telemetry related abilities.
	// If unspecified, the telemetry is used with default configuration.
	//
	// +optional
	Telemetry *EnvoyGatewayTelemetry `json:"telemetry,omitempty"`

	// RateLimit defines the configuration associated with the Rate Limit service
	// deployed by Envoy Gateway required to implement the Global Rate limiting
	// functionality. The specific rate limit service used here is the reference
	// implementation in Envoy. For more details visit https://github.com/envoyproxy/ratelimit.
	// This configuration is unneeded for "Local" rate limiting.
	//
	// +optional
	RateLimit *RateLimit `json:"rateLimit,omitempty"`

	// ExtensionManager defines an extension manager to register for the Envoy Gateway Control Plane.
	//
	// +optional
	ExtensionManager *ExtensionManager `json:"extensionManager,omitempty"`

	// ExtensionAPIs defines the settings related to specific Gateway API Extensions
	// implemented by Envoy Gateway
	//
	// +optional
	ExtensionAPIs *ExtensionAPISettings `json:"extensionApis,omitempty"`
}

EnvoyGatewaySpec defines the desired state of Envoy Gateway.

func (*EnvoyGatewaySpec) DeepCopy added in v0.6.0

func (in *EnvoyGatewaySpec) DeepCopy() *EnvoyGatewaySpec

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new EnvoyGatewaySpec.

func (*EnvoyGatewaySpec) DeepCopyInto added in v0.6.0

func (in *EnvoyGatewaySpec) DeepCopyInto(out *EnvoyGatewaySpec)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type EnvoyGatewayTelemetry added in v0.6.0

type EnvoyGatewayTelemetry struct {
	// Metrics defines metrics configuration for envoy gateway.
	Metrics *EnvoyGatewayMetrics `json:"metrics,omitempty"`
}

EnvoyGatewayTelemetry defines telemetry configurations for envoy gateway control plane. Control plane will focus on metrics observability telemetry and tracing telemetry later.

func DefaultEnvoyGatewayTelemetry added in v0.6.0

func DefaultEnvoyGatewayTelemetry() *EnvoyGatewayTelemetry

DefaultEnvoyGatewayTelemetry returns a new EnvoyGatewayTelemetry with default configuration parameters.

func (*EnvoyGatewayTelemetry) DeepCopy added in v0.6.0

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new EnvoyGatewayTelemetry.

func (*EnvoyGatewayTelemetry) DeepCopyInto added in v0.6.0

func (in *EnvoyGatewayTelemetry) DeepCopyInto(out *EnvoyGatewayTelemetry)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type EnvoyJSONPatchConfig added in v0.5.0

type EnvoyJSONPatchConfig struct {
	// Type is the typed URL of the Envoy xDS Resource
	Type EnvoyResourceType `json:"type"`
	// Name is the name of the resource
	Name string `json:"name"`
	// Patch defines the JSON Patch Operation
	Operation JSONPatchOperation `json:"operation"`
}

EnvoyJSONPatchConfig defines the configuration for patching a Envoy xDS Resource using JSONPatch semantic

func (*EnvoyJSONPatchConfig) DeepCopy added in v0.5.0

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new EnvoyJSONPatchConfig.

func (*EnvoyJSONPatchConfig) DeepCopyInto added in v0.5.0

func (in *EnvoyJSONPatchConfig) DeepCopyInto(out *EnvoyJSONPatchConfig)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type EnvoyPatchPolicy added in v0.5.0

type EnvoyPatchPolicy struct {
	metav1.TypeMeta   `json:",inline"`
	metav1.ObjectMeta `json:"metadata,omitempty"`

	// Spec defines the desired state of EnvoyPatchPolicy.
	Spec EnvoyPatchPolicySpec `json:"spec"`

	// Status defines the current status of EnvoyPatchPolicy.
	Status gwapiv1a2.PolicyStatus `json:"status,omitempty"`
}

EnvoyPatchPolicy allows the user to modify the generated Envoy xDS resources by Envoy Gateway using this patch API

func (*EnvoyPatchPolicy) DeepCopy added in v0.5.0

func (in *EnvoyPatchPolicy) DeepCopy() *EnvoyPatchPolicy

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new EnvoyPatchPolicy.

func (*EnvoyPatchPolicy) DeepCopyInto added in v0.5.0

func (in *EnvoyPatchPolicy) DeepCopyInto(out *EnvoyPatchPolicy)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

func (*EnvoyPatchPolicy) DeepCopyObject added in v0.5.0

func (in *EnvoyPatchPolicy) DeepCopyObject() runtime.Object

DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.

type EnvoyPatchPolicyList added in v0.5.0

type EnvoyPatchPolicyList struct {
	metav1.TypeMeta `json:",inline"`
	metav1.ListMeta `json:"metadata,omitempty"`
	Items           []EnvoyPatchPolicy `json:"items"`
}

EnvoyPatchPolicyList contains a list of EnvoyPatchPolicy resources.

func (*EnvoyPatchPolicyList) DeepCopy added in v0.5.0

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new EnvoyPatchPolicyList.

func (*EnvoyPatchPolicyList) DeepCopyInto added in v0.5.0

func (in *EnvoyPatchPolicyList) DeepCopyInto(out *EnvoyPatchPolicyList)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

func (*EnvoyPatchPolicyList) DeepCopyObject added in v0.5.0

func (in *EnvoyPatchPolicyList) DeepCopyObject() runtime.Object

DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.

type EnvoyPatchPolicySpec added in v0.5.0

type EnvoyPatchPolicySpec struct {
	// Type decides the type of patch.
	// Valid EnvoyPatchType values are "JSONPatch".
	//
	// +unionDiscriminator
	Type EnvoyPatchType `json:"type"`
	// JSONPatch defines the JSONPatch configuration.
	//
	// +optional
	JSONPatches []EnvoyJSONPatchConfig `json:"jsonPatches,omitempty"`
	// TargetRef is the name of the Gateway API resource this policy
	// is being attached to.
	// By default, attaching to Gateway is supported and
	// when mergeGateways is enabled it should attach to GatewayClass.
	// This Policy and the TargetRef MUST be in the same namespace
	// for this Policy to have effect and be applied to the Gateway
	// TargetRef
	TargetRef gwapiv1a2.LocalPolicyTargetReference `json:"targetRef"`
	// Priority of the EnvoyPatchPolicy.
	// If multiple EnvoyPatchPolicies are applied to the same
	// TargetRef, they will be applied in the ascending order of
	// the priority i.e. int32.min has the highest priority and
	// int32.max has the lowest priority.
	// Defaults to 0.
	Priority int32 `json:"priority,omitempty"`
}

EnvoyPatchPolicySpec defines the desired state of EnvoyPatchPolicy. +union

func (*EnvoyPatchPolicySpec) DeepCopy added in v0.5.0

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new EnvoyPatchPolicySpec.

func (*EnvoyPatchPolicySpec) DeepCopyInto added in v0.5.0

func (in *EnvoyPatchPolicySpec) DeepCopyInto(out *EnvoyPatchPolicySpec)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type EnvoyPatchType added in v0.5.0

type EnvoyPatchType string

EnvoyPatchType specifies the types of Envoy patching mechanisms. +kubebuilder:validation:Enum=JSONPatch

const (
	// JSONPatchEnvoyPatchType allows the user to patch the generated xDS resources using JSONPatch semantics.
	// For more details on the semantics, please refer to https://datatracker.ietf.org/doc/html/rfc6902
	JSONPatchEnvoyPatchType EnvoyPatchType = "JSONPatch"
)

type EnvoyProxy added in v0.6.0

type EnvoyProxy struct {
	metav1.TypeMeta   `json:",inline"`
	metav1.ObjectMeta `json:"metadata,omitempty"`

	// EnvoyProxySpec defines the desired state of EnvoyProxy.
	Spec EnvoyProxySpec `json:"spec,omitempty"`
	// EnvoyProxyStatus defines the actual state of EnvoyProxy.
	Status EnvoyProxyStatus `json:"status,omitempty"`
}

EnvoyProxy is the schema for the envoyproxies API.

func (*EnvoyProxy) DeepCopy added in v0.6.0

func (in *EnvoyProxy) DeepCopy() *EnvoyProxy

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new EnvoyProxy.

func (*EnvoyProxy) DeepCopyInto added in v0.6.0

func (in *EnvoyProxy) DeepCopyInto(out *EnvoyProxy)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

func (*EnvoyProxy) DeepCopyObject added in v0.6.0

func (in *EnvoyProxy) DeepCopyObject() runtime.Object

DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.

func (*EnvoyProxy) GetEnvoyProxyProvider added in v0.6.0

func (e *EnvoyProxy) GetEnvoyProxyProvider() *EnvoyProxyProvider

GetEnvoyProxyProvider returns the EnvoyProxyProvider of EnvoyProxy or a default EnvoyProxyProvider if unspecified.

func (*EnvoyProxy) NeedToSwitchPorts added in v1.1.0

func (e *EnvoyProxy) NeedToSwitchPorts() bool

NeedToSwitchPorts returns true if the EnvoyProxy needs to switch ports.

type EnvoyProxyKubernetesProvider added in v0.6.0

type EnvoyProxyKubernetesProvider struct {
	// EnvoyDeployment defines the desired state of the Envoy deployment resource.
	// If unspecified, default settings for the managed Envoy deployment resource
	// are applied.
	//
	// +optional
	EnvoyDeployment *KubernetesDeploymentSpec `json:"envoyDeployment,omitempty"`

	// EnvoyDaemonSet defines the desired state of the Envoy daemonset resource.
	// Disabled by default, a deployment resource is used instead to provision the Envoy Proxy fleet
	//
	// +optional
	EnvoyDaemonSet *KubernetesDaemonSetSpec `json:"envoyDaemonSet,omitempty"`

	// EnvoyService defines the desired state of the Envoy service resource.
	// If unspecified, default settings for the managed Envoy service resource
	// are applied.
	//
	// +optional
	EnvoyService *KubernetesServiceSpec `json:"envoyService,omitempty"`

	// EnvoyHpa defines the Horizontal Pod Autoscaler settings for Envoy Proxy Deployment.
	// Once the HPA is being set, Replicas field from EnvoyDeployment will be ignored.
	//
	// +optional
	EnvoyHpa *KubernetesHorizontalPodAutoscalerSpec `json:"envoyHpa,omitempty"`

	// UseListenerPortAsContainerPort disables the port shifting feature in the Envoy Proxy.
	// When set to false (default value), if the service port is a privileged port (1-1023), add a constant to the value converting it into an ephemeral port.
	// This allows the container to bind to the port without needing a CAP_NET_BIND_SERVICE capability.
	//
	// +optional
	UseListenerPortAsContainerPort *bool `json:"useListenerPortAsContainerPort,omitempty"`

	// EnvoyPDB allows to control the pod disruption budget of an Envoy Proxy.
	// +optional
	EnvoyPDB *KubernetesPodDisruptionBudgetSpec `json:"envoyPDB,omitempty"`
}

+kubebuilder:validation:XValidation:rule="((has(self.envoyDeployment) && !has(self.envoyDaemonSet)) || (!has(self.envoyDeployment) && has(self.envoyDaemonSet))) || (!has(self.envoyDeployment) && !has(self.envoyDaemonSet))",message="only one of envoyDeployment or envoyDaemonSet can be specified" +kubebuilder:validation:XValidation:rule="((has(self.envoyHpa) && !has(self.envoyDaemonSet)) || (!has(self.envoyHpa) && has(self.envoyDaemonSet))) || (!has(self.envoyHpa) && !has(self.envoyDaemonSet))",message="cannot use envoyHpa if envoyDaemonSet is used"

EnvoyProxyKubernetesProvider defines configuration for the Kubernetes resource provider.

func DefaultEnvoyProxyKubeProvider added in v0.6.0

func DefaultEnvoyProxyKubeProvider() *EnvoyProxyKubernetesProvider

DefaultEnvoyProxyKubeProvider returns a new EnvoyProxyKubernetesProvider with default settings.

func (*EnvoyProxyKubernetesProvider) DeepCopy added in v0.6.0

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new EnvoyProxyKubernetesProvider.

func (*EnvoyProxyKubernetesProvider) DeepCopyInto added in v0.6.0

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type EnvoyProxyList added in v0.6.0

type EnvoyProxyList struct {
	metav1.TypeMeta `json:",inline"`
	metav1.ListMeta `json:"metadata,omitempty"`
	Items           []EnvoyProxy `json:"items"`
}

EnvoyProxyList contains a list of EnvoyProxy

func (*EnvoyProxyList) DeepCopy added in v0.6.0

func (in *EnvoyProxyList) DeepCopy() *EnvoyProxyList

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new EnvoyProxyList.

func (*EnvoyProxyList) DeepCopyInto added in v0.6.0

func (in *EnvoyProxyList) DeepCopyInto(out *EnvoyProxyList)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

func (*EnvoyProxyList) DeepCopyObject added in v0.6.0

func (in *EnvoyProxyList) DeepCopyObject() runtime.Object

DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.

type EnvoyProxyProvider added in v0.6.0

type EnvoyProxyProvider struct {
	// Type is the type of resource provider to use. A resource provider provides
	// infrastructure resources for running the data plane, e.g. Envoy proxy, and
	// optional auxiliary control planes. Supported types are "Kubernetes".
	//
	// +unionDiscriminator
	Type ProviderType `json:"type"`
	// Kubernetes defines the desired state of the Kubernetes resource provider.
	// Kubernetes provides infrastructure resources for running the data plane,
	// e.g. Envoy proxy. If unspecified and type is "Kubernetes", default settings
	// for managed Kubernetes resources are applied.
	//
	// +optional
	Kubernetes *EnvoyProxyKubernetesProvider `json:"kubernetes,omitempty"`
}

EnvoyProxyProvider defines the desired state of a resource provider. +union

func DefaultEnvoyProxyProvider added in v0.6.0

func DefaultEnvoyProxyProvider() *EnvoyProxyProvider

DefaultEnvoyProxyProvider returns a new EnvoyProxyProvider with default settings.

func (*EnvoyProxyProvider) DeepCopy added in v0.6.0

func (in *EnvoyProxyProvider) DeepCopy() *EnvoyProxyProvider

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new EnvoyProxyProvider.

func (*EnvoyProxyProvider) DeepCopyInto added in v0.6.0

func (in *EnvoyProxyProvider) DeepCopyInto(out *EnvoyProxyProvider)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

func (*EnvoyProxyProvider) GetEnvoyProxyKubeProvider added in v0.6.0

func (r *EnvoyProxyProvider) GetEnvoyProxyKubeProvider() *EnvoyProxyKubernetesProvider

GetEnvoyProxyKubeProvider returns the EnvoyProxyKubernetesProvider of EnvoyProxyProvider or a default EnvoyProxyKubernetesProvider if unspecified. If EnvoyProxyProvider is not of type "Kubernetes", a nil EnvoyProxyKubernetesProvider is returned.

type EnvoyProxySpec added in v0.6.0

type EnvoyProxySpec struct {
	// Provider defines the desired resource provider and provider-specific configuration.
	// If unspecified, the "Kubernetes" resource provider is used with default configuration
	// parameters.
	//
	// +optional
	Provider *EnvoyProxyProvider `json:"provider,omitempty"`

	// Logging defines logging parameters for managed proxies.
	// +kubebuilder:default={level: {default: warn}}
	Logging ProxyLogging `json:"logging,omitempty"`

	// Telemetry defines telemetry parameters for managed proxies.
	//
	// +optional
	Telemetry *ProxyTelemetry `json:"telemetry,omitempty"`

	// Bootstrap defines the Envoy Bootstrap as a YAML string.
	// Visit https://www.envoyproxy.io/docs/envoy/latest/api-v3/config/bootstrap/v3/bootstrap.proto#envoy-v3-api-msg-config-bootstrap-v3-bootstrap
	// to learn more about the syntax.
	// If set, this is the Bootstrap configuration used for the managed Envoy Proxy fleet instead of the default Bootstrap configuration
	// set by Envoy Gateway.
	// Some fields within the Bootstrap that are required to communicate with the xDS Server (Envoy Gateway) and receive xDS resources
	// from it are not configurable and will result in the `EnvoyProxy` resource being rejected.
	// Backward compatibility across minor versions is not guaranteed.
	// We strongly recommend using `egctl x translate` to generate a `EnvoyProxy` resource with the `Bootstrap` field set to the default
	// Bootstrap configuration used. You can edit this configuration, and rerun `egctl x translate` to ensure there are no validation errors.
	//
	// +optional
	Bootstrap *ProxyBootstrap `json:"bootstrap,omitempty"`

	// Concurrency defines the number of worker threads to run. If unset, it defaults to
	// the number of cpuset threads on the platform.
	//
	// +optional
	Concurrency *int32 `json:"concurrency,omitempty"`

	// RoutingType can be set to "Service" to use the Service Cluster IP for routing to the backend,
	// or it can be set to "Endpoint" to use Endpoint routing. The default is "Endpoint".
	// +optional
	RoutingType *RoutingType `json:"routingType,omitempty"`

	// ExtraArgs defines additional command line options that are provided to Envoy.
	// More info: https://www.envoyproxy.io/docs/envoy/latest/operations/cli#command-line-options
	// Note: some command line options are used internally(e.g. --log-level) so they cannot be provided here.
	//
	// +optional
	ExtraArgs []string `json:"extraArgs,omitempty"`

	// MergeGateways defines if Gateway resources should be merged onto the same Envoy Proxy Infrastructure.
	// Setting this field to true would merge all Gateway Listeners under the parent Gateway Class.
	// This means that the port, protocol and hostname tuple must be unique for every listener.
	// If a duplicate listener is detected, the newer listener (based on timestamp) will be rejected and its status will be updated with a "Accepted=False" condition.
	//
	// +optional
	MergeGateways *bool `json:"mergeGateways,omitempty"`

	// Shutdown defines configuration for graceful envoy shutdown process.
	//
	// +optional
	Shutdown *ShutdownConfig `json:"shutdown,omitempty"`

	// FilterOrder defines the order of filters in the Envoy proxy's HTTP filter chain.
	// The FilterPosition in the list will be applied in the order they are defined.
	// If unspecified, the default filter order is applied.
	// Default filter order is:
	//
	// - envoy.filters.http.health_check
	//
	// - envoy.filters.http.fault
	//
	// - envoy.filters.http.cors
	//
	// - envoy.filters.http.ext_authz
	//
	// - envoy.filters.http.basic_auth
	//
	// - envoy.filters.http.oauth2
	//
	// - envoy.filters.http.jwt_authn
	//
	// - envoy.filters.http.stateful_session
	//
	// - envoy.filters.http.ext_proc
	//
	// - envoy.filters.http.wasm
	//
	// - envoy.filters.http.rbac
	//
	// - envoy.filters.http.local_ratelimit
	//
	// - envoy.filters.http.ratelimit
	//
	// - envoy.filters.http.custom_response
	//
	// - envoy.filters.http.router
	//
	// Note: "envoy.filters.http.router" cannot be reordered, it's always the last filter in the chain.
	//
	// +optional
	FilterOrder []FilterPosition `json:"filterOrder,omitempty"`
	// BackendTLS is the TLS configuration for the Envoy proxy to use when connecting to backends.
	// These settings are applied on backends for which TLS policies are specified.
	// +optional
	BackendTLS *BackendTLSConfig `json:"backendTLS,omitempty"`

	// IPFamily specifies the IP family for the EnvoyProxy fleet.
	// This setting only affects the Gateway listener port and does not impact
	// other aspects of the Envoy proxy configuration.
	// If not specified, the system will operate as follows:
	// - It defaults to IPv4 only.
	// - IPv6 and dual-stack environments are not supported in this default configuration.
	// Note: To enable IPv6 or dual-stack functionality, explicit configuration is required.
	// +kubebuilder:validation:Enum=IPv4;IPv6;DualStack
	// +optional
	IPFamily *IPFamily `json:"ipFamily,omitempty"`
}

EnvoyProxySpec defines the desired state of EnvoyProxy.

func (*EnvoyProxySpec) DeepCopy added in v0.6.0

func (in *EnvoyProxySpec) DeepCopy() *EnvoyProxySpec

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new EnvoyProxySpec.

func (*EnvoyProxySpec) DeepCopyInto added in v0.6.0

func (in *EnvoyProxySpec) DeepCopyInto(out *EnvoyProxySpec)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type EnvoyProxyStatus added in v0.6.0

type EnvoyProxyStatus struct {
}

EnvoyProxyStatus defines the observed state of EnvoyProxy. This type is not implemented until https://github.com/envoyproxy/gateway/issues/1007 is fixed.

func (*EnvoyProxyStatus) DeepCopy added in v0.6.0

func (in *EnvoyProxyStatus) DeepCopy() *EnvoyProxyStatus

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new EnvoyProxyStatus.

func (*EnvoyProxyStatus) DeepCopyInto added in v0.6.0

func (in *EnvoyProxyStatus) DeepCopyInto(out *EnvoyProxyStatus)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type EnvoyResourceType added in v0.5.0

type EnvoyResourceType string

EnvoyResourceType specifies the type URL of the Envoy resource. +kubebuilder:validation:Enum=type.googleapis.com/envoy.config.listener.v3.Listener;type.googleapis.com/envoy.config.route.v3.RouteConfiguration;type.googleapis.com/envoy.config.cluster.v3.Cluster;type.googleapis.com/envoy.config.endpoint.v3.ClusterLoadAssignment;type.googleapis.com/envoy.extensions.transport_sockets.tls.v3.Secret

const (
	// ListenerEnvoyResourceType defines the Type URL of the Listener resource
	ListenerEnvoyResourceType EnvoyResourceType = "type.googleapis.com/envoy.config.listener.v3.Listener"
	// RouteConfigurationEnvoyResourceType defines the Type URL of the RouteConfiguration resource
	RouteConfigurationEnvoyResourceType EnvoyResourceType = "type.googleapis.com/envoy.config.route.v3.RouteConfiguration"
	// ClusterEnvoyResourceType defines the Type URL of the Cluster resource
	ClusterEnvoyResourceType EnvoyResourceType = "type.googleapis.com/envoy.config.cluster.v3.Cluster"
	// ClusterLoadAssignmentEnvoyResourceType defines the Type URL of the ClusterLoadAssignment resource
	ClusterLoadAssignmentEnvoyResourceType EnvoyResourceType = "type.googleapis.com/envoy.config.endpoint.v3.ClusterLoadAssignment"
)

type ExtAuth added in v1.0.0

type ExtAuth struct {
	// GRPC defines the gRPC External Authorization service.
	// Either GRPCService or HTTPService must be specified,
	// and only one of them can be provided.
	GRPC *GRPCExtAuthService `json:"grpc,omitempty"`

	// HTTP defines the HTTP External Authorization service.
	// Either GRPCService or HTTPService must be specified,
	// and only one of them can be provided.
	HTTP *HTTPExtAuthService `json:"http,omitempty"`

	// HeadersToExtAuth defines the client request headers that will be included
	// in the request to the external authorization service.
	// Note: If not specified, the default behavior for gRPC and HTTP external
	// authorization services is different due to backward compatibility reasons.
	// All headers will be included in the check request to a gRPC authorization server.
	// Only the following headers will be included in the check request to an HTTP
	// authorization server: Host, Method, Path, Content-Length, and Authorization.
	// And these headers will always be included to the check request to an HTTP
	// authorization server by default, no matter whether they are specified
	// in HeadersToExtAuth or not.
	// +optional
	HeadersToExtAuth []string `json:"headersToExtAuth,omitempty"`

	// FailOpen is a switch used to control the behavior when a response from the External Authorization service cannot be obtained.
	// If FailOpen is set to true, the system allows the traffic to pass through.
	// Otherwise, if it is set to false or not set (defaulting to false),
	// the system blocks the traffic and returns a HTTP 5xx error, reflecting a fail-closed approach.
	// This setting determines whether to prioritize accessibility over strict security in case of authorization service failure.
	//
	// +optional
	// +kubebuilder:default=false
	FailOpen *bool `json:"failOpen,omitempty"`

	// RecomputeRoute clears the route cache and recalculates the routing decision.
	// This field must be enabled if the headers added or modified by the ExtAuth are used for
	// route matching decisions. If the recomputation selects a new route, features targeting
	// the new matched route will be applied.
	//
	// +optional
	RecomputeRoute *bool `json:"recomputeRoute,omitempty"`
}

ExtAuth defines the configuration for External Authorization.

+kubebuilder:validation:XValidation:rule="(has(self.grpc) || has(self.http))",message="one of grpc or http must be specified" +kubebuilder:validation:XValidation:rule="(has(self.grpc) && !has(self.http)) || (!has(self.grpc) && has(self.http))",message="only one of grpc or http can be specified"

func (*ExtAuth) DeepCopy added in v1.0.0

func (in *ExtAuth) DeepCopy() *ExtAuth

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ExtAuth.

func (*ExtAuth) DeepCopyInto added in v1.0.0

func (in *ExtAuth) DeepCopyInto(out *ExtAuth)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type ExtProc added in v1.1.0

type ExtProc struct {
	BackendCluster `json:",inline"`

	// MessageTimeout is the timeout for a response to be returned from the external processor
	// Default: 200ms
	//
	// +optional
	MessageTimeout *gwapiv1.Duration `json:"messageTimeout,omitempty"`

	// FailOpen defines if requests or responses that cannot be processed due to connectivity to the
	// external processor are terminated or passed-through.
	// Default: false
	//
	// +optional
	FailOpen *bool `json:"failOpen,omitempty"`

	// ProcessingMode defines how request and response body is processed
	// Default: header and body are not sent to the external processor
	//
	// +optional
	ProcessingMode *ExtProcProcessingMode `json:"processingMode,omitempty"`
}

ExtProc defines the configuration for External Processing filter. +kubebuilder:validation:XValidation:message="BackendRefs must be used, backendRef is not supported.",rule="!has(self.backendRef)" +kubebuilder:validation:XValidation:message="BackendRefs only supports Service and Backend kind.",rule="has(self.backendRefs) ? self.backendRefs.all(f, f.kind == 'Service' || f.kind == 'Backend') : true" +kubebuilder:validation:XValidation:message="BackendRefs only supports Core and gateway.envoyproxy.io group.",rule="has(self.backendRefs) ? (self.backendRefs.all(f, f.group == \"\" || f.group == 'gateway.envoyproxy.io')) : true"

func (*ExtProc) DeepCopy added in v1.1.0

func (in *ExtProc) DeepCopy() *ExtProc

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ExtProc.

func (*ExtProc) DeepCopyInto added in v1.1.0

func (in *ExtProc) DeepCopyInto(out *ExtProc)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type ExtProcBodyProcessingMode added in v1.1.0

type ExtProcBodyProcessingMode string

+kubebuilder:validation:Enum=Streamed;Buffered;BufferedPartial

const (
	// StreamedExtProcBodyProcessingMode will stream the body to the server in pieces as they arrive at the proxy.
	StreamedExtProcBodyProcessingMode ExtProcBodyProcessingMode = "Streamed"
	// BufferedExtProcBodyProcessingMode will buffer the message body in memory and send the entire body at once. If the body exceeds the configured buffer limit, then the downstream system will receive an error.
	BufferedExtProcBodyProcessingMode ExtProcBodyProcessingMode = "Buffered"
	// BufferedPartialExtBodyHeaderProcessingMode will buffer the message body in memory and send the entire body in one chunk. If the body exceeds the configured buffer limit, then the body contents up to the buffer limit will be sent.
	BufferedPartialExtBodyHeaderProcessingMode ExtProcBodyProcessingMode = "BufferedPartial"
)

type ExtProcProcessingMode added in v1.1.0

type ExtProcProcessingMode struct {
	// Defines processing mode for requests. If present, request headers are sent. Request body is processed according
	// to the specified mode.
	//
	// +optional
	Request *ProcessingModeOptions `json:"request,omitempty"`

	// Defines processing mode for responses. If present, response headers are sent. Response body is processed according
	// to the specified mode.
	//
	// +optional
	Response *ProcessingModeOptions `json:"response,omitempty"`
}

ExtProcProcessingMode defines if and how headers and bodies are sent to the service. https://www.envoyproxy.io/docs/envoy/latest/api-v3/extensions/filters/http/ext_proc/v3/processing_mode.proto#envoy-v3-api-msg-extensions-filters-http-ext-proc-v3-processingmode

func (*ExtProcProcessingMode) DeepCopy added in v1.1.0

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ExtProcProcessingMode.

func (*ExtProcProcessingMode) DeepCopyInto added in v1.1.0

func (in *ExtProcProcessingMode) DeepCopyInto(out *ExtProcProcessingMode)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type ExtensionAPISettings added in v0.6.0

type ExtensionAPISettings struct {
	// EnableEnvoyPatchPolicy enables Envoy Gateway to
	// reconcile and implement the EnvoyPatchPolicy resources.
	EnableEnvoyPatchPolicy bool `json:"enableEnvoyPatchPolicy"`
	// EnableBackend enables Envoy Gateway to
	// reconcile and implement the Backend resources.
	EnableBackend bool `json:"enableBackend"`
}

ExtensionAPISettings defines the settings specific to Gateway API Extensions.

func (*ExtensionAPISettings) DeepCopy added in v0.6.0

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ExtensionAPISettings.

func (*ExtensionAPISettings) DeepCopyInto added in v0.6.0

func (in *ExtensionAPISettings) DeepCopyInto(out *ExtensionAPISettings)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type ExtensionHooks added in v0.6.0

type ExtensionHooks struct {
	// XDSTranslator defines all the supported extension hooks for the xds-translator runner
	XDSTranslator *XDSTranslatorHooks `json:"xdsTranslator,omitempty"`
}

ExtensionHooks defines extension hooks across all supported runners

func (*ExtensionHooks) DeepCopy added in v0.6.0

func (in *ExtensionHooks) DeepCopy() *ExtensionHooks

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ExtensionHooks.

func (*ExtensionHooks) DeepCopyInto added in v0.6.0

func (in *ExtensionHooks) DeepCopyInto(out *ExtensionHooks)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type ExtensionManager added in v0.6.0

type ExtensionManager struct {
	// Resources defines the set of K8s resources the extension will handle as route
	// filter resources
	//
	// +optional
	Resources []GroupVersionKind `json:"resources,omitempty"`

	// PolicyResources defines the set of K8S resources the extension server will handle
	// as directly attached GatewayAPI policies
	//
	// +optional
	PolicyResources []GroupVersionKind `json:"policyResources,omitempty"`

	// Hooks defines the set of hooks the extension supports
	//
	// +kubebuilder:validation:Required
	Hooks *ExtensionHooks `json:"hooks,omitempty"`

	// Service defines the configuration of the extension service that the Envoy
	// Gateway Control Plane will call through extension hooks.
	//
	// +kubebuilder:validation:Required
	Service *ExtensionService `json:"service,omitempty"`
}

ExtensionManager defines the configuration for registering an extension manager to the Envoy Gateway control plane.

func (*ExtensionManager) DeepCopy added in v0.6.0

func (in *ExtensionManager) DeepCopy() *ExtensionManager

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ExtensionManager.

func (*ExtensionManager) DeepCopyInto added in v0.6.0

func (in *ExtensionManager) DeepCopyInto(out *ExtensionManager)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type ExtensionService added in v0.6.0

type ExtensionService struct {
	// BackendEndpoint points to where the extension server can be found.
	BackendEndpoint `json:",inline"`

	// Host define the extension service hostname.
	// Deprecated: use the appropriate transport attribute instead (FQDN,IP,Unix)
	//
	// +optional
	Host string `json:"host,omitempty"`

	// Port defines the port the extension service is exposed on.
	// Deprecated: use the appropriate transport attribute instead (FQDN,IP,Unix)
	//
	// +optional
	// +kubebuilder:validation:Minimum=0
	// +kubebuilder:default=80
	Port int32 `json:"port,omitempty"`

	// TLS defines TLS configuration for communication between Envoy Gateway and
	// the extension service.
	//
	// +optional
	TLS *ExtensionTLS `json:"tls,omitempty"`
}

ExtensionService defines the configuration for connecting to a registered extension service.

func (*ExtensionService) DeepCopy added in v0.6.0

func (in *ExtensionService) DeepCopy() *ExtensionService

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ExtensionService.

func (*ExtensionService) DeepCopyInto added in v0.6.0

func (in *ExtensionService) DeepCopyInto(out *ExtensionService)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type ExtensionTLS added in v0.6.0

type ExtensionTLS struct {
	// CertificateRef contains a references to objects (Kubernetes objects or otherwise) that
	// contains a TLS certificate and private keys. These certificates are used to
	// establish a TLS handshake to the extension server.
	//
	// CertificateRef can only reference a Kubernetes Secret at this time.
	//
	// +kubebuilder:validation:Required
	CertificateRef gwapiv1.SecretObjectReference `json:"certificateRef"`
}

ExtensionTLS defines the TLS configuration when connecting to an extension service

func (*ExtensionTLS) DeepCopy added in v0.6.0

func (in *ExtensionTLS) DeepCopy() *ExtensionTLS

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ExtensionTLS.

func (*ExtensionTLS) DeepCopyInto added in v0.6.0

func (in *ExtensionTLS) DeepCopyInto(out *ExtensionTLS)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type FQDNEndpoint added in v1.1.0

type FQDNEndpoint struct {
	// Hostname defines the FQDN hostname of the backend endpoint.
	//
	// +kubebuilder:validation:MinLength=1
	// +kubebuilder:validation:MaxLength=253
	// +kubebuilder:validation:Pattern=`^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9]))*$`
	Hostname string `json:"hostname"`

	// Port defines the port of the backend endpoint.
	//
	// +kubebuilder:validation:Minimum=0
	// +kubebuilder:validation:Maximum=65535
	Port int32 `json:"port"`
}

FQDNEndpoint describes TCP/UDP socket address, corresponding to Envoy's Socket Address https://www.envoyproxy.io/docs/envoy/latest/api-v3/config/core/v3/address.proto#config-core-v3-socketaddress

func (*FQDNEndpoint) DeepCopy added in v1.1.0

func (in *FQDNEndpoint) DeepCopy() *FQDNEndpoint

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new FQDNEndpoint.

func (*FQDNEndpoint) DeepCopyInto added in v1.1.0

func (in *FQDNEndpoint) DeepCopyInto(out *FQDNEndpoint)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type FaultInjection added in v1.0.0

type FaultInjection struct {
	// If specified, a delay will be injected into the request.
	//
	// +optional
	Delay *FaultInjectionDelay `json:"delay,omitempty"`

	// If specified, the request will be aborted if it meets the configuration criteria.
	//
	// +optional
	Abort *FaultInjectionAbort `json:"abort,omitempty"`
}

FaultInjection defines the fault injection policy to be applied. This configuration can be used to inject delays and abort requests to mimic failure scenarios such as service failures and overloads +union

+kubebuilder:validation:XValidation:rule=" has(self.delay) || has(self.abort) ",message="Delay and abort faults are set at least one."

func (*FaultInjection) DeepCopy added in v1.0.0

func (in *FaultInjection) DeepCopy() *FaultInjection

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new FaultInjection.

func (*FaultInjection) DeepCopyInto added in v1.0.0

func (in *FaultInjection) DeepCopyInto(out *FaultInjection)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type FaultInjectionAbort added in v1.0.0

type FaultInjectionAbort struct {
	// StatusCode specifies the HTTP status code to be returned
	//
	// +optional
	// +kubebuilder:validation:Minimum=200
	// +kubebuilder:validation:Maximum=600
	HTTPStatus *int32 `json:"httpStatus,omitempty"`

	// GrpcStatus specifies the GRPC status code to be returned
	//
	// +optional
	GrpcStatus *int32 `json:"grpcStatus,omitempty"`

	// Percentage specifies the percentage of requests to be aborted. Default 100%, if set 0, no requests will be aborted. Accuracy to 0.0001%.
	// +optional
	// +kubebuilder:default=100
	Percentage *float32 `json:"percentage,omitempty"`
}

FaultInjectionAbort defines the abort fault injection configuration +union

+kubebuilder:validation:XValidation:rule=" !(has(self.httpStatus) && has(self.grpcStatus)) ",message="httpStatus and grpcStatus cannot be simultaneously defined." +kubebuilder:validation:XValidation:rule=" has(self.httpStatus) || has(self.grpcStatus) ",message="httpStatus and grpcStatus are set at least one."

func (*FaultInjectionAbort) DeepCopy added in v1.0.0

func (in *FaultInjectionAbort) DeepCopy() *FaultInjectionAbort

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new FaultInjectionAbort.

func (*FaultInjectionAbort) DeepCopyInto added in v1.0.0

func (in *FaultInjectionAbort) DeepCopyInto(out *FaultInjectionAbort)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type FaultInjectionDelay added in v1.0.0

type FaultInjectionDelay struct {
	// FixedDelay specifies the fixed delay duration
	//
	// +required
	FixedDelay *metav1.Duration `json:"fixedDelay"`

	// Percentage specifies the percentage of requests to be delayed. Default 100%, if set 0, no requests will be delayed. Accuracy to 0.0001%.
	// +optional
	// +kubebuilder:default=100
	Percentage *float32 `json:"percentage,omitempty"`
}

FaultInjectionDelay defines the delay fault injection configuration

func (*FaultInjectionDelay) DeepCopy added in v1.0.0

func (in *FaultInjectionDelay) DeepCopy() *FaultInjectionDelay

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new FaultInjectionDelay.

func (*FaultInjectionDelay) DeepCopyInto added in v1.0.0

func (in *FaultInjectionDelay) DeepCopyInto(out *FaultInjectionDelay)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type FileEnvoyProxyAccessLog added in v0.6.0

type FileEnvoyProxyAccessLog struct {
	// Path defines the file path used to expose envoy access log(e.g. /dev/stdout).
	// +kubebuilder:validation:MinLength=1
	Path string `json:"path,omitempty"`
}

func (*FileEnvoyProxyAccessLog) DeepCopy added in v0.6.0

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new FileEnvoyProxyAccessLog.

func (*FileEnvoyProxyAccessLog) DeepCopyInto added in v0.6.0

func (in *FileEnvoyProxyAccessLog) DeepCopyInto(out *FileEnvoyProxyAccessLog)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type FilterPosition added in v1.1.0

type FilterPosition struct {
	// Name of the filter.
	Name EnvoyFilter `json:"name"`

	// Before defines the filter that should come before the filter.
	// Only one of Before or After must be set.
	Before *EnvoyFilter `json:"before,omitempty"`

	// After defines the filter that should come after the filter.
	// Only one of Before or After must be set.
	After *EnvoyFilter `json:"after,omitempty"`
}

FilterPosition defines the position of an Envoy HTTP filter in the filter chain. +kubebuilder:validation:XValidation:rule="(has(self.before) || has(self.after))",message="one of before or after must be specified" +kubebuilder:validation:XValidation:rule="(has(self.before) && !has(self.after)) || (!has(self.before) && has(self.after))",message="only one of before or after can be specified"

func (*FilterPosition) DeepCopy added in v1.1.0

func (in *FilterPosition) DeepCopy() *FilterPosition

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new FilterPosition.

func (*FilterPosition) DeepCopyInto added in v1.1.0

func (in *FilterPosition) DeepCopyInto(out *FilterPosition)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type GRPCActiveHealthChecker added in v1.2.0

type GRPCActiveHealthChecker struct {
	// Service to send in the health check request.
	// If this is not specified, then the health check request applies to the entire
	// server and not to a specific service.
	// +optional
	Service *string `json:"service,omitempty" yaml:"service,omitempty"`
}

GRPCActiveHealthChecker defines the settings of the GRPC health check.

func (*GRPCActiveHealthChecker) DeepCopy added in v1.2.0

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new GRPCActiveHealthChecker.

func (*GRPCActiveHealthChecker) DeepCopyInto added in v1.2.0

func (in *GRPCActiveHealthChecker) DeepCopyInto(out *GRPCActiveHealthChecker)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type GRPCExtAuthService added in v1.0.0

type GRPCExtAuthService struct {
	// Only Service kind is supported for now.
	BackendCluster `json:",inline"`
}

GRPCExtAuthService defines the gRPC External Authorization service The authorization request message is defined in https://www.envoyproxy.io/docs/envoy/latest/api-v3/service/auth/v3/external_auth.proto +kubebuilder:validation:XValidation:message="backendRef or backendRefs needs to be set",rule="has(self.backendRef) || self.backendRefs.size() > 0" +kubebuilder:validation:XValidation:message="BackendRefs only supports Service and Backend kind.",rule="has(self.backendRefs) ? self.backendRefs.all(f, f.kind == 'Service' || f.kind == 'Backend') : true" +kubebuilder:validation:XValidation:message="BackendRefs only supports Core and gateway.envoyproxy.io group.",rule="has(self.backendRefs) ? (self.backendRefs.all(f, f.group == \"\" || f.group == 'gateway.envoyproxy.io')) : true"

func (*GRPCExtAuthService) DeepCopy added in v1.0.0

func (in *GRPCExtAuthService) DeepCopy() *GRPCExtAuthService

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new GRPCExtAuthService.

func (*GRPCExtAuthService) DeepCopyInto added in v1.0.0

func (in *GRPCExtAuthService) DeepCopyInto(out *GRPCExtAuthService)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type Gateway added in v0.6.0

type Gateway struct {
	// ControllerName defines the name of the Gateway API controller. If unspecified,
	// defaults to "gateway.envoyproxy.io/gatewayclass-controller". See the following
	// for additional details:
	//   https://gateway-api.sigs.k8s.io/reference/spec/#gateway.networking.k8s.io/v1.GatewayClass
	//
	// +optional
	ControllerName string `json:"controllerName,omitempty"`
}

Gateway defines the desired Gateway API configuration of Envoy Gateway.

func DefaultGateway added in v0.6.0

func DefaultGateway() *Gateway

DefaultGateway returns a new Gateway with default configuration parameters.

func (*Gateway) DeepCopy added in v0.6.0

func (in *Gateway) DeepCopy() *Gateway

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new Gateway.

func (*Gateway) DeepCopyInto added in v0.6.0

func (in *Gateway) DeepCopyInto(out *Gateway)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type GlobalRateLimit

type GlobalRateLimit struct {
	// Rules are a list of RateLimit selectors and limits. Each rule and its
	// associated limit is applied in a mutually exclusive way. If a request
	// matches multiple rules, each of their associated limits get applied, so a
	// single request might increase the rate limit counters for multiple rules
	// if selected. The rate limit service will return a logical OR of the individual
	// rate limit decisions of all matching rules. For example, if a request
	// matches two rules, one rate limited and one not, the final decision will be
	// to rate limit the request.
	//
	// +kubebuilder:validation:MaxItems=64
	Rules []RateLimitRule `json:"rules"`
}

GlobalRateLimit defines global rate limit configuration.

func (*GlobalRateLimit) DeepCopy

func (in *GlobalRateLimit) DeepCopy() *GlobalRateLimit

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new GlobalRateLimit.

func (*GlobalRateLimit) DeepCopyInto

func (in *GlobalRateLimit) DeepCopyInto(out *GlobalRateLimit)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type GroupVersionKind added in v0.6.0

type GroupVersionKind struct {
	Group   string `json:"group"`
	Version string `json:"version"`
	Kind    string `json:"kind"`
}

GroupVersionKind unambiguously identifies a Kind. It can be converted to k8s.io/apimachinery/pkg/runtime/schema.GroupVersionKind

func (*GroupVersionKind) DeepCopy added in v0.6.0

func (in *GroupVersionKind) DeepCopy() *GroupVersionKind

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new GroupVersionKind.

func (*GroupVersionKind) DeepCopyInto added in v0.6.0

func (in *GroupVersionKind) DeepCopyInto(out *GroupVersionKind)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type GzipCompressor added in v1.0.0

type GzipCompressor struct{}

GzipCompressor defines the config for the Gzip compressor. The default values can be found here: https://www.envoyproxy.io/docs/envoy/latest/api-v3/extensions/compression/gzip/compressor/v3/gzip.proto#extension-envoy-compression-gzip-compressor

func (*GzipCompressor) DeepCopy added in v1.0.0

func (in *GzipCompressor) DeepCopy() *GzipCompressor

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new GzipCompressor.

func (*GzipCompressor) DeepCopyInto added in v1.0.0

func (in *GzipCompressor) DeepCopyInto(out *GzipCompressor)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type HTTP10Settings added in v1.0.0

type HTTP10Settings struct {
	// UseDefaultHost defines if the HTTP/1.0 request is missing the Host header,
	// then the hostname associated with the listener should be injected into the
	// request.
	// If this is not set and an HTTP/1.0 request arrives without a host, then
	// it will be rejected.
	// +optional
	UseDefaultHost *bool `json:"useDefaultHost,omitempty"`
}

HTTP10Settings provides HTTP/1.0 configuration on the listener.

func (*HTTP10Settings) DeepCopy added in v1.0.0

func (in *HTTP10Settings) DeepCopy() *HTTP10Settings

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new HTTP10Settings.

func (*HTTP10Settings) DeepCopyInto added in v1.0.0

func (in *HTTP10Settings) DeepCopyInto(out *HTTP10Settings)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type HTTP1Settings added in v1.0.0

type HTTP1Settings struct {
	// EnableTrailers defines if HTTP/1 trailers should be proxied by Envoy.
	// +optional
	EnableTrailers *bool `json:"enableTrailers,omitempty"`
	// PreserveHeaderCase defines if Envoy should preserve the letter case of headers.
	// By default, Envoy will lowercase all the headers.
	// +optional
	PreserveHeaderCase *bool `json:"preserveHeaderCase,omitempty"`
	// HTTP10 turns on support for HTTP/1.0 and HTTP/0.9 requests.
	// +optional
	HTTP10 *HTTP10Settings `json:"http10,omitempty"`
}

HTTP1Settings provides HTTP/1 configuration on the listener.

func (*HTTP1Settings) DeepCopy added in v1.0.0

func (in *HTTP1Settings) DeepCopy() *HTTP1Settings

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new HTTP1Settings.

func (*HTTP1Settings) DeepCopyInto added in v1.0.0

func (in *HTTP1Settings) DeepCopyInto(out *HTTP1Settings)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type HTTP2Settings added in v1.1.0

type HTTP2Settings struct {
	// InitialStreamWindowSize sets the initial window size for HTTP/2 streams.
	// If not set, the default value is 64 KiB(64*1024).
	//
	// +kubebuilder:validation:XIntOrString
	// +kubebuilder:validation:Pattern="^[1-9]+[0-9]*([EPTGMK]i|[EPTGMk])?$"
	// +optional
	InitialStreamWindowSize *resource.Quantity `json:"initialStreamWindowSize,omitempty"`

	// InitialConnectionWindowSize sets the initial window size for HTTP/2 connections.
	// If not set, the default value is 1 MiB.
	//
	// +kubebuilder:validation:XIntOrString
	// +kubebuilder:validation:Pattern="^[1-9]+[0-9]*([EPTGMK]i|[EPTGMk])?$"
	// +optional
	InitialConnectionWindowSize *resource.Quantity `json:"initialConnectionWindowSize,omitempty"`

	// MaxConcurrentStreams sets the maximum number of concurrent streams allowed per connection.
	// If not set, the default value is 100.
	// +kubebuilder:validation:Minimum=1
	// +kubebuilder:validation:Maximum=2147483647
	// +optional
	MaxConcurrentStreams *uint32 `json:"maxConcurrentStreams,omitempty"`

	// OnInvalidMessage determines if Envoy will terminate the connection or just the offending stream in the event of HTTP messaging error
	// It's recommended for L2 Envoy deployments to set this value to TerminateStream.
	// https://www.envoyproxy.io/docs/envoy/latest/configuration/best_practices/level_two
	// Default: TerminateConnection
	// +optional
	OnInvalidMessage *InvalidMessageAction `json:"onInvalidMessage,omitempty"`
}

HTTP2Settings provides HTTP/2 configuration for listeners and backends.

func (*HTTP2Settings) DeepCopy added in v1.1.0

func (in *HTTP2Settings) DeepCopy() *HTTP2Settings

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new HTTP2Settings.

func (*HTTP2Settings) DeepCopyInto added in v1.1.0

func (in *HTTP2Settings) DeepCopyInto(out *HTTP2Settings)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type HTTP3Settings added in v1.0.0

type HTTP3Settings struct{}

HTTP3Settings provides HTTP/3 configuration on the listener.

func (*HTTP3Settings) DeepCopy added in v1.0.0

func (in *HTTP3Settings) DeepCopy() *HTTP3Settings

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new HTTP3Settings.

func (*HTTP3Settings) DeepCopyInto added in v1.0.0

func (in *HTTP3Settings) DeepCopyInto(out *HTTP3Settings)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type HTTPActiveHealthChecker added in v1.0.0

type HTTPActiveHealthChecker struct {
	// Path defines the HTTP path that will be requested during health checking.
	// +kubebuilder:validation:MinLength=1
	// +kubebuilder:validation:MaxLength=1024
	Path string `json:"path" yaml:"path"`
	// Method defines the HTTP method used for health checking.
	// Defaults to GET
	// +optional
	Method *string `json:"method,omitempty" yaml:"method,omitempty"`
	// ExpectedStatuses defines a list of HTTP response statuses considered healthy.
	// Defaults to 200 only
	// +optional
	ExpectedStatuses []HTTPStatus `json:"expectedStatuses,omitempty" yaml:"expectedStatuses,omitempty"`
	// ExpectedResponse defines a list of HTTP expected responses to match.
	// +optional
	ExpectedResponse *ActiveHealthCheckPayload `json:"expectedResponse,omitempty" yaml:"expectedResponse,omitempty"`
}

HTTPActiveHealthChecker defines the settings of http health check.

func (*HTTPActiveHealthChecker) DeepCopy added in v1.0.0

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new HTTPActiveHealthChecker.

func (*HTTPActiveHealthChecker) DeepCopyInto added in v1.0.0

func (in *HTTPActiveHealthChecker) DeepCopyInto(out *HTTPActiveHealthChecker)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type HTTPClientTimeout added in v1.0.0

type HTTPClientTimeout struct {
	// RequestReceivedTimeout is the duration envoy waits for the complete request reception. This timer starts upon request
	// initiation and stops when either the last byte of the request is sent upstream or when the response begins.
	//
	// +optional
	RequestReceivedTimeout *gwapiv1.Duration `json:"requestReceivedTimeout,omitempty"`

	// IdleTimeout for an HTTP connection. Idle time is defined as a period in which there are no active requests in the connection.
	// Default: 1 hour.
	//
	// +optional
	IdleTimeout *gwapiv1.Duration `json:"idleTimeout,omitempty"`
}

func (*HTTPClientTimeout) DeepCopy added in v1.0.0

func (in *HTTPClientTimeout) DeepCopy() *HTTPClientTimeout

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new HTTPClientTimeout.

func (*HTTPClientTimeout) DeepCopyInto added in v1.0.0

func (in *HTTPClientTimeout) DeepCopyInto(out *HTTPClientTimeout)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type HTTPDirectResponseFilter added in v1.2.0

type HTTPDirectResponseFilter struct {
	// Content Type of the response. This will be set in the Content-Type header.
	//
	// +optional
	ContentType *string `json:"contentType,omitempty"`

	// Body of the Response
	//
	// +optional
	Body *CustomResponseBody `json:"body,omitempty"`

	// Status Code of the HTTP response
	// If unset, defaults to 200.
	// +optional
	StatusCode *int `json:"statusCode,omitempty"`
}

HTTPDirectResponseFilter defines the configuration to return a fixed response.

func (*HTTPDirectResponseFilter) DeepCopy added in v1.2.0

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new HTTPDirectResponseFilter.

func (*HTTPDirectResponseFilter) DeepCopyInto added in v1.2.0

func (in *HTTPDirectResponseFilter) DeepCopyInto(out *HTTPDirectResponseFilter)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type HTTPExtAuthService added in v1.0.0

type HTTPExtAuthService struct {
	// Only Service kind is supported for now.
	BackendCluster `json:",inline"`

	// Path is the path of the HTTP External Authorization service.
	// If path is specified, the authorization request will be sent to that path,
	// or else the authorization request will be sent to the root path.
	Path *string `json:"path,omitempty"`

	// HeadersToBackend are the authorization response headers that will be added
	// to the original client request before sending it to the backend server.
	// Note that coexisting headers will be overridden.
	// If not specified, no authorization response headers will be added to the
	// original client request.
	// +optional
	HeadersToBackend []string `json:"headersToBackend,omitempty"`
}

HTTPExtAuthService defines the HTTP External Authorization service

+kubebuilder:validation:XValidation:message="backendRef or backendRefs needs to be set",rule="has(self.backendRef) || self.backendRefs.size() > 0" +kubebuilder:validation:XValidation:message="BackendRefs only supports Service and Backend kind.",rule="has(self.backendRefs) ? self.backendRefs.all(f, f.kind == 'Service' || f.kind == 'Backend') : true" +kubebuilder:validation:XValidation:message="BackendRefs only supports Core and gateway.envoyproxy.io group.",rule="has(self.backendRefs) ? (self.backendRefs.all(f, f.group == \"\" || f.group == 'gateway.envoyproxy.io')) : true"

func (*HTTPExtAuthService) DeepCopy added in v1.0.0

func (in *HTTPExtAuthService) DeepCopy() *HTTPExtAuthService

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new HTTPExtAuthService.

func (*HTTPExtAuthService) DeepCopyInto added in v1.0.0

func (in *HTTPExtAuthService) DeepCopyInto(out *HTTPExtAuthService)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type HTTPHostnameModifier added in v1.2.0

type HTTPHostnameModifier struct {
	// +kubebuilder:validation:Enum=Header;Backend
	// +kubebuilder:validation:Required
	Type HTTPHostnameModifierType `json:"type"`

	// Header is the name of the header whose value would be used to rewrite the Host header
	// +optional
	Header *string `json:"header,omitempty"`
}

+kubebuilder:validation:XValidation:message="header must be nil if the type is not Header",rule="!(has(self.header) && self.type != 'Header')" +kubebuilder:validation:XValidation:message="header must be specified for Header type",rule="!(!has(self.header) && self.type == 'Header')"

func (*HTTPHostnameModifier) DeepCopy added in v1.2.0

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new HTTPHostnameModifier.

func (*HTTPHostnameModifier) DeepCopyInto added in v1.2.0

func (in *HTTPHostnameModifier) DeepCopyInto(out *HTTPHostnameModifier)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type HTTPHostnameModifierType added in v1.2.0

type HTTPHostnameModifierType string

HTTPPathModifierType defines the type of Hostname rewrite.

const (
	// HeaderHTTPHostnameModifier indicates that the Host header value would be replaced with the value of the header specified in header.
	// https://www.envoyproxy.io/docs/envoy/latest/api-v3/config/route/v3/route_components.proto#envoy-v3-api-field-config-route-v3-routeaction-host-rewrite-header
	HeaderHTTPHostnameModifier HTTPHostnameModifierType = "Header"
	// BackendHTTPHostnameModifier indicates that the Host header value would be replaced by the DNS name of the backend if it exists.
	// https://www.envoyproxy.io/docs/envoy/latest/api-v3/config/route/v3/route_components.proto#envoy-v3-api-field-config-route-v3-routeaction-auto-host-rewrite
	BackendHTTPHostnameModifier HTTPHostnameModifierType = "Backend"
)

type HTTPPathModifier added in v1.2.0

type HTTPPathModifier struct {
	// +kubebuilder:validation:Enum=ReplaceRegexMatch
	// +kubebuilder:validation:Required
	Type HTTPPathModifierType `json:"type"`
	// ReplaceRegexMatch defines a path regex rewrite. The path portions matched by the regex pattern are replaced by the defined substitution.
	// https://www.envoyproxy.io/docs/envoy/latest/api-v3/config/route/v3/route_components.proto#envoy-v3-api-field-config-route-v3-routeaction-regex-rewrite
	// Some examples:
	// (1) replaceRegexMatch:
	//       pattern: ^/service/([^/]+)(/.*)$
	//       substitution: \2/instance/\1
	//     Would transform /service/foo/v1/api into /v1/api/instance/foo.
	// (2) replaceRegexMatch:
	//       pattern: one
	//       substitution: two
	//     Would transform /xxx/one/yyy/one/zzz into /xxx/two/yyy/two/zzz.
	// (3) replaceRegexMatch:
	//       pattern: ^(.*?)one(.*)$
	//       substitution: \1two\2
	//     Would transform /xxx/one/yyy/one/zzz into /xxx/two/yyy/one/zzz.
	// (3) replaceRegexMatch:
	//       pattern: (?i)/xxx/
	//       substitution: /yyy/
	//     Would transform path /aaa/XxX/bbb into /aaa/yyy/bbb (case-insensitive).
	// +optional
	ReplaceRegexMatch *ReplaceRegexMatch `json:"replaceRegexMatch,omitempty"`
}

+kubebuilder:validation:XValidation:rule="self.type == 'ReplaceRegexMatch' ? has(self.replaceRegexMatch) : !has(self.replaceRegexMatch)",message="If HTTPPathModifier type is ReplaceRegexMatch, replaceRegexMatch field needs to be set."

func (*HTTPPathModifier) DeepCopy added in v1.2.0

func (in *HTTPPathModifier) DeepCopy() *HTTPPathModifier

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new HTTPPathModifier.

func (*HTTPPathModifier) DeepCopyInto added in v1.2.0

func (in *HTTPPathModifier) DeepCopyInto(out *HTTPPathModifier)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type HTTPPathModifierType added in v1.2.0

type HTTPPathModifierType string

HTTPPathModifierType defines the type of path redirect or rewrite.

const (
	// RegexHTTPPathModifier This type of modifier indicates that the portions of the path that match the specified
	//  regex would be substituted with the specified substitution value
	// https://www.envoyproxy.io/docs/envoy/latest/api-v3/type/matcher/v3/regex.proto#type-matcher-v3-regexmatchandsubstitute
	RegexHTTPPathModifier HTTPPathModifierType = "ReplaceRegexMatch"
)

type HTTPRouteFilter added in v1.2.0

type HTTPRouteFilter struct {
	metav1.TypeMeta   `json:",inline"`
	metav1.ObjectMeta `json:"metadata,omitempty"`

	// Spec defines the desired state of HTTPRouteFilter.
	Spec HTTPRouteFilterSpec `json:"spec"`
}

HTTPRouteFilter is a custom Envoy Gateway HTTPRouteFilter which provides extended traffic processing options such as path regex rewrite, direct response and more.

func (*HTTPRouteFilter) DeepCopy added in v1.2.0

func (in *HTTPRouteFilter) DeepCopy() *HTTPRouteFilter

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new HTTPRouteFilter.

func (*HTTPRouteFilter) DeepCopyInto added in v1.2.0

func (in *HTTPRouteFilter) DeepCopyInto(out *HTTPRouteFilter)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

func (*HTTPRouteFilter) DeepCopyObject added in v1.2.0

func (in *HTTPRouteFilter) DeepCopyObject() runtime.Object

DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.

type HTTPRouteFilterList added in v1.2.0

type HTTPRouteFilterList struct {
	metav1.TypeMeta `json:",inline"`
	metav1.ListMeta `json:"metadata,omitempty"`
	Items           []HTTPRouteFilter `json:"items"`
}

HTTPRouteFilterList contains a list of HTTPRouteFilter resources.

func (*HTTPRouteFilterList) DeepCopy added in v1.2.0

func (in *HTTPRouteFilterList) DeepCopy() *HTTPRouteFilterList

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new HTTPRouteFilterList.

func (*HTTPRouteFilterList) DeepCopyInto added in v1.2.0

func (in *HTTPRouteFilterList) DeepCopyInto(out *HTTPRouteFilterList)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

func (*HTTPRouteFilterList) DeepCopyObject added in v1.2.0

func (in *HTTPRouteFilterList) DeepCopyObject() runtime.Object

DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.

type HTTPRouteFilterSpec added in v1.2.0

type HTTPRouteFilterSpec struct {
	// +optional
	URLRewrite *HTTPURLRewriteFilter `json:"urlRewrite,omitempty"`
	// +optional
	DirectResponse *HTTPDirectResponseFilter `json:"directResponse,omitempty"`
}

HTTPRouteFilterSpec defines the desired state of HTTPRouteFilter. +union

func (*HTTPRouteFilterSpec) DeepCopy added in v1.2.0

func (in *HTTPRouteFilterSpec) DeepCopy() *HTTPRouteFilterSpec

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new HTTPRouteFilterSpec.

func (*HTTPRouteFilterSpec) DeepCopyInto added in v1.2.0

func (in *HTTPRouteFilterSpec) DeepCopyInto(out *HTTPRouteFilterSpec)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type HTTPStatus added in v1.0.0

type HTTPStatus int

HTTPStatus defines the http status code. +kubebuilder:validation:Minimum=100 +kubebuilder:validation:Maximum=600 +kubebuilder:validation:ExclusiveMaximum=true

type HTTPTimeout added in v1.0.0

type HTTPTimeout struct {
	// The idle timeout for an HTTP connection. Idle time is defined as a period in which there are no active requests in the connection.
	// Default: 1 hour.
	//
	// +optional
	ConnectionIdleTimeout *gwapiv1.Duration `json:"connectionIdleTimeout,omitempty"`

	// The maximum duration of an HTTP connection.
	// Default: unlimited.
	//
	// +optional
	MaxConnectionDuration *gwapiv1.Duration `json:"maxConnectionDuration,omitempty"`

	// RequestTimeout is the time until which entire response is received from the upstream.
	//
	// +optional
	RequestTimeout *gwapiv1.Duration `json:"requestTimeout,omitempty" yaml:"requestTimeout,omitempty"`
}

func (*HTTPTimeout) DeepCopy added in v1.0.0

func (in *HTTPTimeout) DeepCopy() *HTTPTimeout

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new HTTPTimeout.

func (*HTTPTimeout) DeepCopyInto added in v1.0.0

func (in *HTTPTimeout) DeepCopyInto(out *HTTPTimeout)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type HTTPURLRewriteFilter added in v1.2.0

type HTTPURLRewriteFilter struct {
	// Hostname is the value to be used to replace the Host header value during
	// forwarding.
	//
	// +optional
	Hostname *HTTPHostnameModifier `json:"hostname,omitempty"`
	// Path defines a path rewrite.
	//
	// +optional
	Path *HTTPPathModifier `json:"path,omitempty"`
}

HTTPURLRewriteFilter define rewrites of HTTP URL components such as path and host

func (*HTTPURLRewriteFilter) DeepCopy added in v1.2.0

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new HTTPURLRewriteFilter.

func (*HTTPURLRewriteFilter) DeepCopyInto added in v1.2.0

func (in *HTTPURLRewriteFilter) DeepCopyInto(out *HTTPURLRewriteFilter)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type HTTPWasmCodeSource added in v1.1.0

type HTTPWasmCodeSource struct {
	// URL is the URL containing the Wasm code.
	// +kubebuilder:validation:Pattern=`^((https?:)(\/\/\/?)([\w]*(?::[\w]*)?@)?([\d\w\.-]+)(?::(\d+))?)?([\/\\\w\.()-]*)?(?:([?][^#]*)?(#.*)?)*`
	URL string `json:"url"`

	// SHA256 checksum that will be used to verify the Wasm code.
	//
	// If not specified, Envoy Gateway will not verify the downloaded Wasm code.
	// kubebuilder:validation:Pattern=`^[a-f0-9]{64}$`
	// +optional
	SHA256 *string `json:"sha256"`
}

HTTPWasmCodeSource defines the HTTP URL containing the Wasm code.

func (*HTTPWasmCodeSource) DeepCopy added in v1.1.0

func (in *HTTPWasmCodeSource) DeepCopy() *HTTPWasmCodeSource

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new HTTPWasmCodeSource.

func (*HTTPWasmCodeSource) DeepCopyInto added in v1.1.0

func (in *HTTPWasmCodeSource) DeepCopyInto(out *HTTPWasmCodeSource)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type Header struct {
	// Name of the header to hash.
	Name string `json:"name"`
}

Header defines the header hashing configuration for consistent hash based load balancing.

func (*Header) DeepCopy added in v1.1.0

func (in *Header) DeepCopy() *Header

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new Header.

func (*Header) DeepCopyInto added in v1.1.0

func (in *Header) DeepCopyInto(out *Header)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type HeaderMatch

type HeaderMatch struct {
	// Type specifies how to match against the value of the header.
	//
	// +optional
	// +kubebuilder:default=Exact
	Type *HeaderMatchType `json:"type,omitempty"`

	// Name of the HTTP header.
	// +kubebuilder:validation:MinLength=1
	// +kubebuilder:validation:MaxLength=256
	Name string `json:"name"`

	// Value within the HTTP header. Due to the
	// case-insensitivity of header names, "foo" and "Foo" are considered equivalent.
	// Do not set this field when Type="Distinct", implying matching on any/all unique
	// values within the header.
	//
	// +optional
	// +kubebuilder:validation:MaxLength=1024
	Value *string `json:"value,omitempty"`

	// Invert specifies whether the value match result will be inverted.
	// Do not set this field when Type="Distinct", implying matching on any/all unique
	// values within the header.
	//
	// +optional
	// +kubebuilder:default=false
	Invert *bool `json:"invert,omitempty"`
}

HeaderMatch defines the match attributes within the HTTP Headers of the request.

func (*HeaderMatch) DeepCopy

func (in *HeaderMatch) DeepCopy() *HeaderMatch

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new HeaderMatch.

func (*HeaderMatch) DeepCopyInto

func (in *HeaderMatch) DeepCopyInto(out *HeaderMatch)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type HeaderMatchType

type HeaderMatchType string

HeaderMatchType specifies the semantics of how HTTP header values should be compared. Valid HeaderMatchType values are "Exact", "RegularExpression", and "Distinct".

+kubebuilder:validation:Enum=Exact;RegularExpression;Distinct

const (
	// HeaderMatchExact matches the exact value of the Value field against the value of
	// the specified HTTP Header.
	HeaderMatchExact HeaderMatchType = "Exact"
	// HeaderMatchRegularExpression matches a regular expression against the value of the
	// specified HTTP Header. The regex string must adhere to the syntax documented in
	// https://github.com/google/re2/wiki/Syntax.
	HeaderMatchRegularExpression HeaderMatchType = "RegularExpression"
	// HeaderMatchDistinct matches any and all possible unique values encountered in the
	// specified HTTP Header. Note that each unique value will receive its own rate limit
	// bucket.
	// Note: This is only supported for Global Rate Limits.
	HeaderMatchDistinct HeaderMatchType = "Distinct"
)

HeaderMatchType constants.

type HeaderSettings added in v1.0.0

type HeaderSettings struct {
	// EnableEnvoyHeaders configures Envoy Proxy to add the "X-Envoy-" headers to requests
	// and responses.
	// +optional
	EnableEnvoyHeaders *bool `json:"enableEnvoyHeaders,omitempty"`

	// DisableRateLimitHeaders configures Envoy Proxy to omit the "X-RateLimit-" response headers
	// when rate limiting is enabled.
	// +optional
	DisableRateLimitHeaders *bool `json:"disableRateLimitHeaders,omitempty"`

	// XForwardedClientCert configures how Envoy Proxy handle the x-forwarded-client-cert (XFCC) HTTP header.
	//
	// x-forwarded-client-cert (XFCC) is an HTTP header used to forward the certificate
	// information of part or all of the clients or proxies that a request has flowed through,
	// on its way from the client to the server.
	//
	// Envoy proxy may choose to sanitize/append/forward the XFCC header before proxying the request.
	//
	// If not set, the default behavior is sanitizing the XFCC header.
	// +optional
	XForwardedClientCert *XForwardedClientCert `json:"xForwardedClientCert,omitempty"`

	// WithUnderscoresAction configures the action to take when an HTTP header with underscores
	// is encountered. The default action is to reject the request.
	// +optional
	WithUnderscoresAction *WithUnderscoresAction `json:"withUnderscoresAction,omitempty"`

	// PreserveXRequestID configures Envoy to keep the X-Request-ID header if passed for a request that is edge
	// (Edge request is the request from external clients to front Envoy) and not reset it, which is the current Envoy behaviour.
	// It defaults to false.
	//
	// +optional
	PreserveXRequestID *bool `json:"preserveXRequestID,omitempty"`

	// EarlyRequestHeaders defines settings for early request header modification, before envoy performs
	// routing, tracing and built-in header manipulation.
	//
	// +optional
	EarlyRequestHeaders *gwapiv1.HTTPHeaderFilter `json:"earlyRequestHeaders,omitempty"`
}

HeaderSettings provides configuration options for headers on the listener.

func (*HeaderSettings) DeepCopy added in v1.0.0

func (in *HeaderSettings) DeepCopy() *HeaderSettings

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new HeaderSettings.

func (*HeaderSettings) DeepCopyInto added in v1.0.0

func (in *HeaderSettings) DeepCopyInto(out *HeaderSettings)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type HealthCheck added in v1.0.0

type HealthCheck struct {
	// Active health check configuration
	// +optional
	Active *ActiveHealthCheck `json:"active,omitempty"`

	// Passive passive check configuration
	// +optional
	Passive *PassiveHealthCheck `json:"passive,omitempty"`
}

HealthCheck configuration to decide which endpoints are healthy and can be used for routing.

func (*HealthCheck) DeepCopy added in v1.0.0

func (in *HealthCheck) DeepCopy() *HealthCheck

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new HealthCheck.

func (*HealthCheck) DeepCopyInto added in v1.0.0

func (in *HealthCheck) DeepCopyInto(out *HealthCheck)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type HealthCheckSettings added in v1.1.0

type HealthCheckSettings struct {
	// Path specifies the HTTP path to match on for health check requests.
	// +kubebuilder:validation:MinLength=1
	// +kubebuilder:validation:MaxLength=1024
	Path string `json:"path"`
}

HealthCheckSettings provides HealthCheck configuration on the HTTP/HTTPS listener.

func (*HealthCheckSettings) DeepCopy added in v1.1.0

func (in *HealthCheckSettings) DeepCopy() *HealthCheckSettings

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new HealthCheckSettings.

func (*HealthCheckSettings) DeepCopyInto added in v1.1.0

func (in *HealthCheckSettings) DeepCopyInto(out *HealthCheckSettings)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type IPEndpoint added in v1.1.0

type IPEndpoint struct {
	// Address defines the IP address of the backend endpoint.
	// Supports both IPv4 and IPv6 addresses.
	//
	// +kubebuilder:validation:MinLength=3
	// +kubebuilder:validation:MaxLength=45
	// +kubebuilder:validation:Pattern=`^((25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\.){3}(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)$|^(([0-9a-fA-F]{1,4}:){1,7}[0-9a-fA-F]{1,4}|::|(([0-9a-fA-F]{1,4}:){0,5})?(:[0-9a-fA-F]{1,4}){1,2})$`
	Address string `json:"address"`

	// Port defines the port of the backend endpoint.
	//
	// +kubebuilder:validation:Minimum=0
	// +kubebuilder:validation:Maximum=65535
	Port int32 `json:"port"`
}

IPEndpoint describes TCP/UDP socket address, corresponding to Envoy's Socket Address https://www.envoyproxy.io/docs/envoy/latest/api-v3/config/core/v3/address.proto#config-core-v3-socketaddress

func (*IPEndpoint) DeepCopy added in v1.1.0

func (in *IPEndpoint) DeepCopy() *IPEndpoint

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new IPEndpoint.

func (*IPEndpoint) DeepCopyInto added in v1.1.0

func (in *IPEndpoint) DeepCopyInto(out *IPEndpoint)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type IPFamily added in v1.2.0

type IPFamily string

IPFamily defines the IP family to use for the Envoy proxy.

const (
	// IPv4 defines the IPv4 family.
	IPv4 IPFamily = "IPv4"
	// IPv6 defines the IPv6 family.
	IPv6 IPFamily = "IPv6"
	// DualStack defines the dual-stack family.
	// When set to DualStack, Envoy proxy will listen on both IPv4 and IPv6 addresses
	// for incoming client traffic, enabling support for both IP protocol versions.
	DualStack IPFamily = "DualStack"
)

type ImagePullPolicy added in v1.1.0

type ImagePullPolicy string

ImagePullPolicy defines the policy to use when pulling an OIC image. +kubebuilder:validation:Enum=IfNotPresent;Always

const (
	// ImagePullPolicyIfNotPresent will only pull the image if it does not already exist in the EG cache.
	ImagePullPolicyIfNotPresent ImagePullPolicy = "IfNotPresent"

	// ImagePullPolicyAlways will pull the image when the EnvoyExtension resource version changes.
	// Note: EG does not update the Wasm module every time an Envoy proxy requests the Wasm module.
	ImagePullPolicyAlways ImagePullPolicy = "Always"
)

type ImageWasmCodeSource added in v1.1.0

type ImageWasmCodeSource struct {
	// URL is the URL of the OCI image.
	// URL can be in the format of `registry/image:tag` or `registry/image@sha256:digest`.
	URL string `json:"url"`

	// SHA256 checksum that will be used to verify the OCI image.
	//
	// It must match the digest of the OCI image.
	//
	// If not specified, Envoy Gateway will not verify the downloaded OCI image.
	// kubebuilder:validation:Pattern=`^[a-f0-9]{64}$`
	// +optional
	SHA256 *string `json:"sha256"`

	// PullSecretRef is a reference to the secret containing the credentials to pull the image.
	// Only support Kubernetes Secret resource from the same namespace.
	// +kubebuilder:validation:XValidation:message="only support Secret kind.",rule="self.kind == 'Secret'"
	// +optional
	PullSecretRef *gwapiv1.SecretObjectReference `json:"pullSecretRef,omitempty"`
}

ImageWasmCodeSource defines the OCI image containing the Wasm code.

func (*ImageWasmCodeSource) DeepCopy added in v1.1.0

func (in *ImageWasmCodeSource) DeepCopy() *ImageWasmCodeSource

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ImageWasmCodeSource.

func (*ImageWasmCodeSource) DeepCopyInto added in v1.1.0

func (in *ImageWasmCodeSource) DeepCopyInto(out *ImageWasmCodeSource)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type InfrastructureProviderType added in v0.6.0

type InfrastructureProviderType string

InfrastructureProviderType defines the types of custom infrastructure providers supported by Envoy Gateway.

+kubebuilder:validation:Enum=Host

const (
	// InfrastructureProviderTypeHost defines the "Host" provider.
	InfrastructureProviderTypeHost InfrastructureProviderType = "Host"
)

type InvalidMessageAction added in v1.2.0

type InvalidMessageAction string
const (
	InvalidMessageActionTerminateConnection InvalidMessageAction = "TerminateConnection"
	InvalidMessageActionTerminateStream     InvalidMessageAction = "TerminateStream"
)

type JSONPatchOperation added in v0.5.0

type JSONPatchOperation struct {
	// Op is the type of operation to perform
	Op JSONPatchOperationType `json:"op"`
	// Path is a JSONPointer expression. Refer to https://datatracker.ietf.org/doc/html/rfc6901 for more details.
	// It specifies the location of the target document/field where the operation will be performed
	// +optional
	Path *string `json:"path,omitempty"`
	// JSONPath is a JSONPath expression. Refer to https://datatracker.ietf.org/doc/rfc9535/ for more details.
	// It produces one or more JSONPointer expressions based on the given JSON document.
	// If no JSONPointer is found, it will result in an error.
	// If the 'Path' property is also set, it will be appended to the resulting JSONPointer expressions from the JSONPath evaluation.
	// This is useful when creating a property that does not yet exist in the JSON document.
	// The final JSONPointer expressions specifies the locations in the target document/field where the operation will be applied.
	// +optional
	JSONPath *string `json:"jsonPath,omitempty"`
	// From is the source location of the value to be copied or moved. Only valid
	// for move or copy operations
	// Refer to https://datatracker.ietf.org/doc/html/rfc6901 for more details.
	// +optional
	From *string `json:"from,omitempty"`
	// Value is the new value of the path location. The value is only used by
	// the `add` and `replace` operations.
	// +optional
	Value *apiextensionsv1.JSON `json:"value,omitempty"`
}

JSONPatchOperation defines the JSON Patch Operation as defined in https://datatracker.ietf.org/doc/html/rfc6902

func (*JSONPatchOperation) DeepCopy added in v0.5.0

func (in *JSONPatchOperation) DeepCopy() *JSONPatchOperation

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new JSONPatchOperation.

func (*JSONPatchOperation) DeepCopyInto added in v0.5.0

func (in *JSONPatchOperation) DeepCopyInto(out *JSONPatchOperation)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type JSONPatchOperationType added in v0.5.0

type JSONPatchOperationType string

JSONPatchOperationType specifies the JSON Patch operations that can be performed. +kubebuilder:validation:Enum=add;remove;replace;move;copy;test

type JWT added in v0.6.0

type JWT struct {
	// Optional determines whether a missing JWT is acceptable, defaulting to false if not specified.
	// Note: Even if optional is set to true, JWT authentication will still fail if an invalid JWT is presented.
	Optional *bool `json:"optional,omitempty"`

	// Providers defines the JSON Web Token (JWT) authentication provider type.
	// When multiple JWT providers are specified, the JWT is considered valid if
	// any of the providers successfully validate the JWT. For additional details,
	// see https://www.envoyproxy.io/docs/envoy/latest/configuration/http/http_filters/jwt_authn_filter.html.
	//
	// +kubebuilder:validation:MinItems=1
	// +kubebuilder:validation:MaxItems=4
	Providers []JWTProvider `json:"providers"`
}

JWT defines the configuration for JSON Web Token (JWT) authentication.

func (*JWT) DeepCopy added in v0.6.0

func (in *JWT) DeepCopy() *JWT

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new JWT.

func (*JWT) DeepCopyInto added in v0.6.0

func (in *JWT) DeepCopyInto(out *JWT)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type JWTClaim added in v1.2.0

type JWTClaim struct {
	// Name is the name of the claim.
	// If it is a nested claim, use a dot (.) separated string as the name to
	// represent the full path to the claim.
	// For example, if the claim is in the "department" field in the "organization" field,
	// the name should be "organization.department".
	//
	// +kubebuilder:validation:MinLength=1
	// +kubebuilder:validation:MaxLength=253
	Name string `json:"name"`

	// ValueType is the type of the claim value.
	// Only String and StringArray types are supported for now.
	//
	// +kubebuilder:validation:Enum=String;StringArray
	// +kubebuilder:default=String
	// +unionDiscriminator
	// +optional
	ValueType *JWTClaimValueType `json:"valueType,omitempty"`

	// Values are the values that the claim must match.
	// If the claim is a string type, the specified value must match exactly.
	// If the claim is a string array type, the specified value must match one of the values in the array.
	// If multiple values are specified, one of the values must match for the rule to match.
	//
	// +kubebuilder:validation:MinItems=1
	// +kubebuilder:validation:MaxItems=16
	Values []string `json:"values"`
}

JWTClaim specifies a claim in a JWT token.

func (*JWTClaim) DeepCopy added in v1.2.0

func (in *JWTClaim) DeepCopy() *JWTClaim

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new JWTClaim.

func (*JWTClaim) DeepCopyInto added in v1.2.0

func (in *JWTClaim) DeepCopyInto(out *JWTClaim)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type JWTClaimValueType added in v1.2.0

type JWTClaimValueType string
const (
	JWTClaimValueTypeString      JWTClaimValueType = "String"
	JWTClaimValueTypeStringArray JWTClaimValueType = "StringArray"
)

type JWTExtractor added in v1.0.0

type JWTExtractor struct {
	// Headers represents a list of HTTP request headers to extract the JWT token from.
	//
	// +optional
	Headers []JWTHeaderExtractor `json:"headers,omitempty"`

	// Cookies represents a list of cookie names to extract the JWT token from.
	//
	// +optional
	Cookies []string `json:"cookies,omitempty"`

	// Params represents a list of query parameters to extract the JWT token from.
	//
	// +optional
	Params []string `json:"params,omitempty"`
}

JWTExtractor defines a custom JWT token extraction from HTTP request. If specified, Envoy will extract the JWT token from the listed extractors (headers, cookies, or params) and validate each of them. If any value extracted is found to be an invalid JWT, a 401 error will be returned.

func (*JWTExtractor) DeepCopy added in v1.0.0

func (in *JWTExtractor) DeepCopy() *JWTExtractor

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new JWTExtractor.

func (*JWTExtractor) DeepCopyInto added in v1.0.0

func (in *JWTExtractor) DeepCopyInto(out *JWTExtractor)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type JWTHeaderExtractor added in v1.0.0

type JWTHeaderExtractor struct {
	// Name is the HTTP header name to retrieve the token
	//
	// +kubebuilder:validation:Required
	Name string `json:"name"`

	// ValuePrefix is the prefix that should be stripped before extracting the token.
	// The format would be used by Envoy like "{ValuePrefix}<TOKEN>".
	// For example, "Authorization: Bearer <TOKEN>", then the ValuePrefix="Bearer " with a space at the end.
	//
	// +optional
	ValuePrefix *string `json:"valuePrefix,omitempty"`
}

JWTHeaderExtractor defines an HTTP header location to extract JWT token

func (*JWTHeaderExtractor) DeepCopy added in v1.0.0

func (in *JWTHeaderExtractor) DeepCopy() *JWTHeaderExtractor

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new JWTHeaderExtractor.

func (*JWTHeaderExtractor) DeepCopyInto added in v1.0.0

func (in *JWTHeaderExtractor) DeepCopyInto(out *JWTHeaderExtractor)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type JWTPrincipal added in v1.2.0

type JWTPrincipal struct {
	// Provider is the name of the JWT provider that used to verify the JWT token.
	// In order to use JWT claims for authorization, you must configure the JWT
	// authentication with the same provider in the same `SecurityPolicy`.
	//
	// +kubebuilder:validation:MinLength=1
	// +kubebuilder:validation:MaxLength=253
	Provider string `json:"provider"`

	// Claims are the claims in a JWT token.
	//
	// If multiple claims are specified, all claims must match for the rule to match.
	// For example, if there are two claims: one for the audience and one for the issuer,
	// the rule will match only if both the audience and the issuer match.
	//
	// +optional
	// +kubebuilder:validation:MinItems=1
	// +kubebuilder:validation:MaxItems=16
	Claims []JWTClaim `json:"claims,omitempty"`

	// Scopes are a special type of claim in a JWT token that represents the permissions of the client.
	//
	// The value of the scopes field should be a space delimited string that is expected in the scope parameter,
	// as defined in RFC 6749: https://datatracker.ietf.org/doc/html/rfc6749#page-23.
	//
	// If multiple scopes are specified, all scopes must match for the rule to match.
	//
	// +optional
	// +kubebuilder:validation:MinItems=1
	// +kubebuilder:validation:MaxItems=16
	Scopes []JWTScope `json:"scopes,omitempty"`
}

JWTPrincipal specifies the client identity of a request based on the JWT claims and scopes. At least one of the claims or scopes must be specified. Claims and scopes are And-ed together if both are specified.

+kubebuilder:validation:XValidation:rule="(has(self.claims) || has(self.scopes))",message="at least one of claims or scopes must be specified"

func (*JWTPrincipal) DeepCopy added in v1.2.0

func (in *JWTPrincipal) DeepCopy() *JWTPrincipal

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new JWTPrincipal.

func (*JWTPrincipal) DeepCopyInto added in v1.2.0

func (in *JWTPrincipal) DeepCopyInto(out *JWTPrincipal)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type JWTProvider added in v0.6.0

type JWTProvider struct {
	// Name defines a unique name for the JWT provider. A name can have a variety of forms,
	// including RFC1123 subdomains, RFC 1123 labels, or RFC 1035 labels.
	//
	// +kubebuilder:validation:MinLength=1
	// +kubebuilder:validation:MaxLength=253
	Name string `json:"name"`

	// Issuer is the principal that issued the JWT and takes the form of a URL or email address.
	// For additional details, see https://tools.ietf.org/html/rfc7519#section-4.1.1 for
	// URL format and https://rfc-editor.org/rfc/rfc5322.html for email format. If not provided,
	// the JWT issuer is not checked.
	//
	// +kubebuilder:validation:MaxLength=253
	// +optional
	Issuer string `json:"issuer,omitempty"`

	// Audiences is a list of JWT audiences allowed access. For additional details, see
	// https://tools.ietf.org/html/rfc7519#section-4.1.3. If not provided, JWT audiences
	// are not checked.
	//
	// +kubebuilder:validation:MaxItems=8
	// +optional
	Audiences []string `json:"audiences,omitempty"`

	// RemoteJWKS defines how to fetch and cache JSON Web Key Sets (JWKS) from a remote
	// HTTP/HTTPS endpoint.
	RemoteJWKS RemoteJWKS `json:"remoteJWKS"`

	// ClaimToHeaders is a list of JWT claims that must be extracted into HTTP request headers
	// For examples, following config:
	// The claim must be of type; string, int, double, bool. Array type claims are not supported
	//
	// +optional
	ClaimToHeaders []ClaimToHeader `json:"claimToHeaders,omitempty"`

	// RecomputeRoute clears the route cache and recalculates the routing decision.
	// This field must be enabled if the headers generated from the claim are used for
	// route matching decisions. If the recomputation selects a new route, features targeting
	// the new matched route will be applied.
	//
	// +optional
	RecomputeRoute *bool `json:"recomputeRoute,omitempty"`

	// ExtractFrom defines different ways to extract the JWT token from HTTP request.
	// If empty, it defaults to extract JWT token from the Authorization HTTP request header using Bearer schema
	// or access_token from query parameters.
	//
	// +optional
	ExtractFrom *JWTExtractor `json:"extractFrom,omitempty"`
}

JWTProvider defines how a JSON Web Token (JWT) can be verified. +kubebuilder:validation:XValidation:rule="(has(self.recomputeRoute) && self.recomputeRoute) ? size(self.claimToHeaders) > 0 : true", message="claimToHeaders must be specified if recomputeRoute is enabled"

func (*JWTProvider) DeepCopy added in v0.6.0

func (in *JWTProvider) DeepCopy() *JWTProvider

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new JWTProvider.

func (*JWTProvider) DeepCopyInto added in v0.6.0

func (in *JWTProvider) DeepCopyInto(out *JWTProvider)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type JWTScope added in v1.2.0

type JWTScope string

+kubebuilder:validation:MinLength=1 +kubebuilder:validation:MaxLength=253

type KubernetesContainerSpec added in v0.6.0

type KubernetesContainerSpec struct {
	// List of environment variables to set in the container.
	//
	// +optional
	Env []corev1.EnvVar `json:"env,omitempty"`

	// Resources required by this container.
	// More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
	//
	// +optional
	Resources *corev1.ResourceRequirements `json:"resources,omitempty"`

	// SecurityContext defines the security options the container should be run with.
	// If set, the fields of SecurityContext override the equivalent fields of PodSecurityContext.
	// More info: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/
	//
	// +optional
	SecurityContext *corev1.SecurityContext `json:"securityContext,omitempty"`

	// Image specifies the EnvoyProxy container image to be used, instead of the default image.
	//
	// +optional
	Image *string `json:"image,omitempty"`

	// VolumeMounts are volumes to mount into the container's filesystem.
	// Cannot be updated.
	//
	// +optional
	VolumeMounts []corev1.VolumeMount `json:"volumeMounts,omitempty"`
}

KubernetesContainerSpec defines the desired state of the Kubernetes container resource.

func DefaultKubernetesContainer added in v0.6.0

func DefaultKubernetesContainer(image string) *KubernetesContainerSpec

DefaultKubernetesContainer returns a new KubernetesContainerSpec with default settings.

func (*KubernetesContainerSpec) DeepCopy added in v0.6.0

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new KubernetesContainerSpec.

func (*KubernetesContainerSpec) DeepCopyInto added in v0.6.0

func (in *KubernetesContainerSpec) DeepCopyInto(out *KubernetesContainerSpec)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type KubernetesDaemonSetSpec added in v1.1.0

type KubernetesDaemonSetSpec struct {
	// Patch defines how to perform the patch operation to daemonset
	//
	// +optional
	Patch *KubernetesPatchSpec `json:"patch,omitempty"`

	// The daemonset strategy to use to replace existing pods with new ones.
	// +optional
	Strategy *appsv1.DaemonSetUpdateStrategy `json:"strategy,omitempty"`

	// Pod defines the desired specification of pod.
	//
	// +optional
	Pod *KubernetesPodSpec `json:"pod,omitempty"`

	// Container defines the desired specification of main container.
	//
	// +optional
	Container *KubernetesContainerSpec `json:"container,omitempty"`

	// Name of the daemonSet.
	// When unset, this defaults to an autogenerated name.
	//
	// +optional
	Name *string `json:"name,omitempty"`
}

KubernetesDaemonSetSpec defines the desired state of the Kubernetes daemonset resource.

func DefaultKubernetesDaemonSet added in v1.1.0

func DefaultKubernetesDaemonSet(image string) *KubernetesDaemonSetSpec

DefaultKubernetesDaemonSet returns a new DefaultKubernetesDaemonSet with default settings.

func (*KubernetesDaemonSetSpec) ApplyMergePatch added in v1.1.0

func (daemonset *KubernetesDaemonSetSpec) ApplyMergePatch(old *appsv1.DaemonSet) (*appsv1.DaemonSet, error)

ApplyMergePatch applies a merge patch to a daemonset based on the merge type

func (*KubernetesDaemonSetSpec) DeepCopy added in v1.1.0

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new KubernetesDaemonSetSpec.

func (*KubernetesDaemonSetSpec) DeepCopyInto added in v1.1.0

func (in *KubernetesDaemonSetSpec) DeepCopyInto(out *KubernetesDaemonSetSpec)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type KubernetesDeployMode added in v0.6.0

type KubernetesDeployMode struct {
}

KubernetesDeployMode holds configuration for how to deploy managed resources such as the Envoy Proxy data plane fleet.

func (*KubernetesDeployMode) DeepCopy added in v0.6.0

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new KubernetesDeployMode.

func (*KubernetesDeployMode) DeepCopyInto added in v0.6.0

func (in *KubernetesDeployMode) DeepCopyInto(out *KubernetesDeployMode)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type KubernetesDeploymentSpec added in v0.6.0

type KubernetesDeploymentSpec struct {
	// Patch defines how to perform the patch operation to deployment
	//
	// +optional
	Patch *KubernetesPatchSpec `json:"patch,omitempty"`

	// Replicas is the number of desired pods. Defaults to 1.
	//
	// +optional
	Replicas *int32 `json:"replicas,omitempty"`

	// The deployment strategy to use to replace existing pods with new ones.
	// +optional
	Strategy *appsv1.DeploymentStrategy `json:"strategy,omitempty"`

	// Pod defines the desired specification of pod.
	//
	// +optional
	Pod *KubernetesPodSpec `json:"pod,omitempty"`

	// Container defines the desired specification of main container.
	//
	// +optional
	Container *KubernetesContainerSpec `json:"container,omitempty"`

	// List of initialization containers belonging to the pod.
	// More info: https://kubernetes.io/docs/concepts/workloads/pods/init-containers/
	//
	// +optional
	InitContainers []corev1.Container `json:"initContainers,omitempty"`

	// Name of the deployment.
	// When unset, this defaults to an autogenerated name.
	//
	// +optional
	Name *string `json:"name,omitempty"`
}

KubernetesDeploymentSpec defines the desired state of the Kubernetes deployment resource.

func DefaultKubernetesDeployment added in v0.6.0

func DefaultKubernetesDeployment(image string) *KubernetesDeploymentSpec

DefaultKubernetesDeployment returns a new KubernetesDeploymentSpec with default settings.

func (*KubernetesDeploymentSpec) ApplyMergePatch added in v1.0.0

func (deployment *KubernetesDeploymentSpec) ApplyMergePatch(old *appsv1.Deployment) (*appsv1.Deployment, error)

ApplyMergePatch applies a merge patch to a deployment based on the merge type

func (*KubernetesDeploymentSpec) DeepCopy added in v0.6.0

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new KubernetesDeploymentSpec.

func (*KubernetesDeploymentSpec) DeepCopyInto added in v0.6.0

func (in *KubernetesDeploymentSpec) DeepCopyInto(out *KubernetesDeploymentSpec)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type KubernetesHorizontalPodAutoscalerSpec added in v1.0.0

type KubernetesHorizontalPodAutoscalerSpec struct {
	// minReplicas is the lower limit for the number of replicas to which the autoscaler
	// can scale down. It defaults to 1 replica.
	//
	// +kubebuilder:validation:XValidation:message="minReplicas must be greater than 0",rule="self > 0"
	// +optional
	MinReplicas *int32 `json:"minReplicas,omitempty"`

	// maxReplicas is the upper limit for the number of replicas to which the autoscaler can scale up.
	// It cannot be less that minReplicas.
	//
	// +kubebuilder:validation:XValidation:message="maxReplicas must be greater than 0",rule="self > 0"
	MaxReplicas *int32 `json:"maxReplicas"`

	// metrics contains the specifications for which to use to calculate the
	// desired replica count (the maximum replica count across all metrics will
	// be used).
	// If left empty, it defaults to being based on CPU utilization with average on 80% usage.
	//
	// +optional
	Metrics []autoscalingv2.MetricSpec `json:"metrics,omitempty"`

	// behavior configures the scaling behavior of the target
	// in both Up and Down directions (scaleUp and scaleDown fields respectively).
	// If not set, the default HPAScalingRules for scale up and scale down are used.
	// See k8s.io.autoscaling.v2.HorizontalPodAutoScalerBehavior.
	//
	// +optional
	Behavior *autoscalingv2.HorizontalPodAutoscalerBehavior `json:"behavior,omitempty"`
}

KubernetesHorizontalPodAutoscalerSpec defines Kubernetes Horizontal Pod Autoscaler settings of Envoy Proxy Deployment. When HPA is enabled, it is recommended that the value in `KubernetesDeploymentSpec.replicas` be removed, otherwise Envoy Gateway will revert back to this value every time reconciliation occurs. See k8s.io.autoscaling.v2.HorizontalPodAutoScalerSpec.

+kubebuilder:validation:XValidation:message="maxReplicas cannot be less than minReplicas",rule="!has(self.minReplicas) || self.maxReplicas >= self.minReplicas"

func (*KubernetesHorizontalPodAutoscalerSpec) DeepCopy added in v1.0.0

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new KubernetesHorizontalPodAutoscalerSpec.

func (*KubernetesHorizontalPodAutoscalerSpec) DeepCopyInto added in v1.0.0

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type KubernetesPatchSpec added in v1.0.0

type KubernetesPatchSpec struct {
	// Type is the type of merge operation to perform
	//
	// By default, StrategicMerge is used as the patch type.
	// +optional
	Type *MergeType `json:"type,omitempty"`

	// Object contains the raw configuration for merged object
	Value apiextensionsv1.JSON `json:"value"`
}

KubernetesPatchSpec defines how to perform the patch operation. Note that `value` can be an in-line YAML document, as can be seen in e.g. (the example of patching the Envoy proxy Deployment)[https://gateway.envoyproxy.io/docs/tasks/operations/customize-envoyproxy/#patching-deployment-for-envoyproxy]. Note also that, currently, strings containing literal JSON are _rejected_.

func (*KubernetesPatchSpec) DeepCopy added in v1.0.0

func (in *KubernetesPatchSpec) DeepCopy() *KubernetesPatchSpec

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new KubernetesPatchSpec.

func (*KubernetesPatchSpec) DeepCopyInto added in v1.0.0

func (in *KubernetesPatchSpec) DeepCopyInto(out *KubernetesPatchSpec)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type KubernetesPodDisruptionBudgetSpec added in v1.1.0

type KubernetesPodDisruptionBudgetSpec struct {
	// MinAvailable specifies the minimum number of pods that must be available at all times during voluntary disruptions,
	// such as node drains or updates. This setting ensures that your envoy proxy maintains a certain level of availability
	// and resilience during maintenance operations.
	// +optional
	MinAvailable *int32 `json:"minAvailable,omitempty"`
}

KubernetesPodDisruptionBudgetSpec defines Kubernetes PodDisruptionBudget settings of Envoy Proxy Deployment.

func (*KubernetesPodDisruptionBudgetSpec) DeepCopy added in v1.1.0

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new KubernetesPodDisruptionBudgetSpec.

func (*KubernetesPodDisruptionBudgetSpec) DeepCopyInto added in v1.1.0

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type KubernetesPodSpec added in v0.6.0

type KubernetesPodSpec struct {
	// Annotations are the annotations that should be appended to the pods.
	// By default, no pod annotations are appended.
	//
	// +optional
	Annotations map[string]string `json:"annotations,omitempty"`

	// Labels are the additional labels that should be tagged to the pods.
	// By default, no additional pod labels are tagged.
	//
	// +optional
	Labels map[string]string `json:"labels,omitempty"`

	// SecurityContext holds pod-level security attributes and common container settings.
	// Optional: Defaults to empty.  See type description for default values of each field.
	//
	// +optional
	SecurityContext *corev1.PodSecurityContext `json:"securityContext,omitempty"`

	// If specified, the pod's scheduling constraints.
	// +optional
	Affinity *corev1.Affinity `json:"affinity,omitempty"`

	// If specified, the pod's tolerations.
	// +optional
	Tolerations []corev1.Toleration `json:"tolerations,omitempty"`

	// Volumes that can be mounted by containers belonging to the pod.
	// More info: https://kubernetes.io/docs/concepts/storage/volumes
	//
	// +optional
	Volumes []corev1.Volume `json:"volumes,omitempty"`

	// ImagePullSecrets is an optional list of references to secrets
	// in the same namespace to use for pulling any of the images used by this PodSpec.
	// If specified, these secrets will be passed to individual puller implementations for them to use.
	// More info: https://kubernetes.io/docs/concepts/containers/images#specifying-imagepullsecrets-on-a-pod
	//
	// +optional
	ImagePullSecrets []corev1.LocalObjectReference `json:"imagePullSecrets,omitempty"`

	// NodeSelector is a selector which must be true for the pod to fit on a node.
	// Selector which must match a node's labels for the pod to be scheduled on that node.
	// More info: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/
	//
	// +optional
	NodeSelector map[string]string `json:"nodeSelector,omitempty"`

	// TopologySpreadConstraints describes how a group of pods ought to spread across topology
	// domains. Scheduler will schedule pods in a way which abides by the constraints.
	// All topologySpreadConstraints are ANDed.
	//
	// +optional
	TopologySpreadConstraints []corev1.TopologySpreadConstraint `json:"topologySpreadConstraints,omitempty"`
}

KubernetesPodSpec defines the desired state of the Kubernetes pod resource.

func DefaultKubernetesPod added in v0.6.0

func DefaultKubernetesPod() *KubernetesPodSpec

DefaultKubernetesPod returns a new KubernetesPodSpec with default settings.

func (*KubernetesPodSpec) DeepCopy added in v0.6.0

func (in *KubernetesPodSpec) DeepCopy() *KubernetesPodSpec

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new KubernetesPodSpec.

func (*KubernetesPodSpec) DeepCopyInto added in v0.6.0

func (in *KubernetesPodSpec) DeepCopyInto(out *KubernetesPodSpec)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type KubernetesServiceSpec added in v0.6.0

type KubernetesServiceSpec struct {
	// Annotations that should be appended to the service.
	// By default, no annotations are appended.
	//
	// +optional
	Annotations map[string]string `json:"annotations,omitempty"`

	// Labels that should be appended to the service.
	// By default, no labels are appended.
	//
	// +optional
	Labels map[string]string `json:"labels,omitempty"`

	// Type determines how the Service is exposed. Defaults to LoadBalancer.
	// Valid options are ClusterIP, LoadBalancer and NodePort.
	// "LoadBalancer" means a service will be exposed via an external load balancer (if the cloud provider supports it).
	// "ClusterIP" means a service will only be accessible inside the cluster, via the cluster IP.
	// "NodePort" means a service will be exposed on a static Port on all Nodes of the cluster.
	// +kubebuilder:default:="LoadBalancer"
	// +optional
	Type *ServiceType `json:"type,omitempty"`

	// LoadBalancerClass, when specified, allows for choosing the LoadBalancer provider
	// implementation if more than one are available or is otherwise expected to be specified
	// +optional
	LoadBalancerClass *string `json:"loadBalancerClass,omitempty"`

	// AllocateLoadBalancerNodePorts defines if NodePorts will be automatically allocated for
	// services with type LoadBalancer. Default is "true". It may be set to "false" if the cluster
	// load-balancer does not rely on NodePorts. If the caller requests specific NodePorts (by specifying a
	// value), those requests will be respected, regardless of this field. This field may only be set for
	// services with type LoadBalancer and will be cleared if the type is changed to any other type.
	// +optional
	AllocateLoadBalancerNodePorts *bool `json:"allocateLoadBalancerNodePorts,omitempty"`

	// LoadBalancerSourceRanges defines a list of allowed IP addresses which will be configured as
	// firewall rules on the platform providers load balancer. This is not guaranteed to be working as
	// it happens outside of kubernetes and has to be supported and handled by the platform provider.
	// This field may only be set for services with type LoadBalancer and will be cleared if the type
	// is changed to any other type.
	// +optional
	LoadBalancerSourceRanges []string `json:"loadBalancerSourceRanges,omitempty"`

	// LoadBalancerIP defines the IP Address of the underlying load balancer service. This field
	// may be ignored if the load balancer provider does not support this feature.
	// This field has been deprecated in Kubernetes, but it is still used for setting the IP Address in some cloud
	// providers such as GCP.
	//
	// +kubebuilder:validation:XValidation:message="loadBalancerIP must be a valid IPv4 address",rule="self.matches(r\"^((25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\\.){3}(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)$\")"
	// +optional
	LoadBalancerIP *string `json:"loadBalancerIP,omitempty"`

	// ExternalTrafficPolicy determines the externalTrafficPolicy for the Envoy Service. Valid options
	// are Local and Cluster. Default is "Local". "Local" means traffic will only go to pods on the node
	// receiving the traffic. "Cluster" means connections are loadbalanced to all pods in the cluster.
	// +kubebuilder:default:="Local"
	// +optional
	ExternalTrafficPolicy *ServiceExternalTrafficPolicy `json:"externalTrafficPolicy,omitempty"`

	// Patch defines how to perform the patch operation to the service
	//
	// +optional
	Patch *KubernetesPatchSpec `json:"patch,omitempty"`

	// Name of the service.
	// When unset, this defaults to an autogenerated name.
	//
	// +optional
	Name *string `json:"name,omitempty"`
}

KubernetesServiceSpec defines the desired state of the Kubernetes service resource. +kubebuilder:validation:XValidation:message="allocateLoadBalancerNodePorts can only be set for LoadBalancer type",rule="!has(self.allocateLoadBalancerNodePorts) || self.type == 'LoadBalancer'" +kubebuilder:validation:XValidation:message="loadBalancerSourceRanges can only be set for LoadBalancer type",rule="!has(self.loadBalancerSourceRanges) || self.type == 'LoadBalancer'" +kubebuilder:validation:XValidation:message="loadBalancerIP can only be set for LoadBalancer type",rule="!has(self.loadBalancerIP) || self.type == 'LoadBalancer'"

func DefaultKubernetesService added in v0.6.0

func DefaultKubernetesService() *KubernetesServiceSpec

DefaultKubernetesService returns a new KubernetesServiceSpec with default settings.

func (*KubernetesServiceSpec) ApplyMergePatch added in v1.0.0

func (service *KubernetesServiceSpec) ApplyMergePatch(old *corev1.Service) (*corev1.Service, error)

ApplyMergePatch applies a merge patch to a service based on the merge type

func (*KubernetesServiceSpec) DeepCopy added in v0.6.0

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new KubernetesServiceSpec.

func (*KubernetesServiceSpec) DeepCopyInto added in v0.6.0

func (in *KubernetesServiceSpec) DeepCopyInto(out *KubernetesServiceSpec)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type KubernetesWatchMode added in v0.6.0

type KubernetesWatchMode struct {
	// Type indicates what watch mode to use. KubernetesWatchModeTypeNamespaces and
	// KubernetesWatchModeTypeNamespaceSelector are currently supported
	// By default, when this field is unset or empty, Envoy Gateway will watch for input namespaced resources
	// from all namespaces.
	Type KubernetesWatchModeType `json:"type,omitempty"`

	// Namespaces holds the list of namespaces that Envoy Gateway will watch for namespaced scoped
	// resources such as Gateway, HTTPRoute and Service.
	// Note that Envoy Gateway will continue to reconcile relevant cluster scoped resources such as
	// GatewayClass that it is linked to. Precisely one of Namespaces and NamespaceSelector must be set.
	Namespaces []string `json:"namespaces,omitempty"`

	// NamespaceSelector holds the label selector used to dynamically select namespaces.
	// Envoy Gateway will watch for namespaces matching the specified label selector.
	// Precisely one of Namespaces and NamespaceSelector must be set.
	NamespaceSelector *metav1.LabelSelector `json:"namespaceSelector,omitempty"`
}

KubernetesWatchMode holds the configuration for which input resources to watch and reconcile.

func (*KubernetesWatchMode) DeepCopy added in v0.6.0

func (in *KubernetesWatchMode) DeepCopy() *KubernetesWatchMode

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new KubernetesWatchMode.

func (*KubernetesWatchMode) DeepCopyInto added in v0.6.0

func (in *KubernetesWatchMode) DeepCopyInto(out *KubernetesWatchMode)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type KubernetesWatchModeType added in v0.6.0

type KubernetesWatchModeType string

KubernetesWatchModeType defines the type of KubernetesWatchMode

type LeaderElection added in v1.1.0

type LeaderElection struct {
	// LeaseDuration defines the time non-leader contenders will wait before attempting to claim leadership.
	// It's based on the timestamp of the last acknowledged signal. The default setting is 15 seconds.
	LeaseDuration *gwapiv1.Duration `json:"leaseDuration,omitempty"`
	// RenewDeadline represents the time frame within which the current leader will attempt to renew its leadership
	// status before relinquishing its position. The default setting is 10 seconds.
	RenewDeadline *gwapiv1.Duration `json:"renewDeadline,omitempty"`
	// RetryPeriod denotes the interval at which LeaderElector clients should perform action retries.
	// The default setting is 2 seconds.
	RetryPeriod *gwapiv1.Duration `json:"retryPeriod,omitempty"`
	// Disable provides the option to turn off leader election, which is enabled by default.
	Disable *bool `json:"disable,omitempty"`
}

LeaderElection defines the desired leader election settings.

func DefaultLeaderElection added in v1.1.0

func DefaultLeaderElection() *LeaderElection

DefaultLeaderElection returns a new LeaderElection with default configuration parameters.

func (*LeaderElection) DeepCopy added in v1.1.0

func (in *LeaderElection) DeepCopy() *LeaderElection

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new LeaderElection.

func (*LeaderElection) DeepCopyInto added in v1.1.0

func (in *LeaderElection) DeepCopyInto(out *LeaderElection)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type LiteralCustomTag added in v0.6.0

type LiteralCustomTag struct {
	// Value defines the hard-coded value to add to each span.
	Value string `json:"value"`
}

LiteralCustomTag adds hard-coded value to each span.

func (*LiteralCustomTag) DeepCopy added in v0.6.0

func (in *LiteralCustomTag) DeepCopy() *LiteralCustomTag

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new LiteralCustomTag.

func (*LiteralCustomTag) DeepCopyInto added in v0.6.0

func (in *LiteralCustomTag) DeepCopyInto(out *LiteralCustomTag)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type LoadBalancer added in v0.6.0

type LoadBalancer struct {
	// Type decides the type of Load Balancer policy.
	// Valid LoadBalancerType values are
	// "ConsistentHash",
	// "LeastRequest",
	// "Random",
	// "RoundRobin".
	//
	// +unionDiscriminator
	Type LoadBalancerType `json:"type"`
	// ConsistentHash defines the configuration when the load balancer type is
	// set to ConsistentHash
	//
	// +optional
	ConsistentHash *ConsistentHash `json:"consistentHash,omitempty"`

	// SlowStart defines the configuration related to the slow start load balancer policy.
	// If set, during slow start window, traffic sent to the newly added hosts will gradually increase.
	// Currently this is only supported for RoundRobin and LeastRequest load balancers
	//
	// +optional
	SlowStart *SlowStart `json:"slowStart,omitempty"`
}

LoadBalancer defines the load balancer policy to be applied. +union

+kubebuilder:validation:XValidation:rule="self.type == 'ConsistentHash' ? has(self.consistentHash) : !has(self.consistentHash)",message="If LoadBalancer type is consistentHash, consistentHash field needs to be set." +kubebuilder:validation:XValidation:rule="self.type in ['Random', 'ConsistentHash'] ? !has(self.slowStart) : true ",message="Currently SlowStart is only supported for RoundRobin and LeastRequest load balancers."

func (*LoadBalancer) DeepCopy added in v0.6.0

func (in *LoadBalancer) DeepCopy() *LoadBalancer

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new LoadBalancer.

func (*LoadBalancer) DeepCopyInto added in v0.6.0

func (in *LoadBalancer) DeepCopyInto(out *LoadBalancer)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type LoadBalancerType added in v0.6.0

type LoadBalancerType string

LoadBalancerType specifies the types of LoadBalancer. +kubebuilder:validation:Enum=ConsistentHash;LeastRequest;Random;RoundRobin

const (
	// ConsistentHashLoadBalancerType load balancer policy.
	ConsistentHashLoadBalancerType LoadBalancerType = "ConsistentHash"
	// LeastRequestLoadBalancerType load balancer policy.
	LeastRequestLoadBalancerType LoadBalancerType = "LeastRequest"
	// RandomLoadBalancerType load balancer policy.
	RandomLoadBalancerType LoadBalancerType = "Random"
	// RoundRobinLoadBalancerType load balancer policy.
	RoundRobinLoadBalancerType LoadBalancerType = "RoundRobin"
)

type LocalRateLimit added in v1.0.0

type LocalRateLimit struct {
	// Rules are a list of RateLimit selectors and limits. If a request matches
	// multiple rules, the strictest limit is applied. For example, if a request
	// matches two rules, one with 10rps and one with 20rps, the final limit will
	// be based on the rule with 10rps.
	//
	// +optional
	// +kubebuilder:validation:MaxItems=16
	Rules []RateLimitRule `json:"rules"`
}

LocalRateLimit defines local rate limit configuration.

func (*LocalRateLimit) DeepCopy added in v1.0.0

func (in *LocalRateLimit) DeepCopy() *LocalRateLimit

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new LocalRateLimit.

func (*LocalRateLimit) DeepCopyInto added in v1.0.0

func (in *LocalRateLimit) DeepCopyInto(out *LocalRateLimit)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type LogLevel added in v0.6.0

type LogLevel string

LogLevel defines a log level for Envoy Gateway and EnvoyProxy system logs. +kubebuilder:validation:Enum=debug;info;error;warn

const (
	// LogLevelDebug defines the "debug" logging level.
	LogLevelDebug LogLevel = "debug"

	// LogLevelInfo defines the "Info" logging level.
	LogLevelInfo LogLevel = "info"

	// LogLevelWarn defines the "Warn" logging level.
	LogLevelWarn LogLevel = "warn"

	// LogLevelError defines the "Error" logging level.
	LogLevelError LogLevel = "error"
)

type MergeType added in v1.0.0

type MergeType string

MergeType defines the type of merge operation

const (
	// StrategicMerge indicates a strategic merge patch type
	StrategicMerge MergeType = "StrategicMerge"
	// JSONMerge indicates a JSON merge patch type
	JSONMerge MergeType = "JSONMerge"
)

type MetricSinkType added in v0.6.0

type MetricSinkType string
const (
	MetricSinkTypeOpenTelemetry MetricSinkType = "OpenTelemetry"
)

type OIDC added in v1.0.0

type OIDC struct {
	// The OIDC Provider configuration.
	Provider OIDCProvider `json:"provider"`

	// The client ID to be used in the OIDC
	// [Authentication Request](https://openid.net/specs/openid-connect-core-1_0.html#AuthRequest).
	//
	// +kubebuilder:validation:MinLength=1
	ClientID string `json:"clientID"`

	// The Kubernetes secret which contains the OIDC client secret to be used in the
	// [Authentication Request](https://openid.net/specs/openid-connect-core-1_0.html#AuthRequest).
	//
	// This is an Opaque secret. The client secret should be stored in the key
	// "client-secret".
	// +kubebuilder:validation:Required
	ClientSecret gwapiv1.SecretObjectReference `json:"clientSecret"`

	// The optional cookie name overrides to be used for Bearer and IdToken cookies in the
	// [Authentication Request](https://openid.net/specs/openid-connect-core-1_0.html#AuthRequest).
	// If not specified, uses a randomly generated suffix
	// +optional
	CookieNames *OIDCCookieNames `json:"cookieNames,omitempty"`

	// The optional domain to set the access and ID token cookies on.
	// If not set, the cookies will default to the host of the request, not including the subdomains.
	// If set, the cookies will be set on the specified domain and all subdomains.
	// This means that requests to any subdomain will not require reauthentication after users log in to the parent domain.
	// +optional
	// +notImplementedHide
	// +kubebuilder:validation:Pattern=`^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9]))*$`
	CookieDomain *string `json:"cookieDomain,omitempty"`

	// The OIDC scopes to be used in the
	// [Authentication Request](https://openid.net/specs/openid-connect-core-1_0.html#AuthRequest).
	// The "openid" scope is always added to the list of scopes if not already
	// specified.
	// +optional
	Scopes []string `json:"scopes,omitempty"`

	// The OIDC resources to be used in the
	// [Authentication Request](https://openid.net/specs/openid-connect-core-1_0.html#AuthRequest).
	// +optional
	Resources []string `json:"resources,omitempty"`

	// The redirect URL to be used in the OIDC
	// [Authentication Request](https://openid.net/specs/openid-connect-core-1_0.html#AuthRequest).
	// If not specified, uses the default redirect URI "%REQ(x-forwarded-proto)%://%REQ(:authority)%/oauth2/callback"
	RedirectURL *string `json:"redirectURL,omitempty"`

	// The path to log a user out, clearing their credential cookies.
	//
	// If not specified, uses a default logout path "/logout"
	LogoutPath *string `json:"logoutPath,omitempty"`

	// ForwardAccessToken indicates whether the Envoy should forward the access token
	// via the Authorization header Bearer scheme to the upstream.
	// If not specified, defaults to false.
	// +optional
	ForwardAccessToken *bool `json:"forwardAccessToken,omitempty"`

	// DefaultTokenTTL is the default lifetime of the id token and access token.
	// Please note that Envoy will always use the expiry time from the response
	// of the authorization server if it is provided. This field is only used when
	// the expiry time is not provided by the authorization.
	//
	// If not specified, defaults to 0. In this case, the "expires_in" field in
	// the authorization response must be set by the authorization server, or the
	// OAuth flow will fail.
	//
	// +optional
	DefaultTokenTTL *metav1.Duration `json:"defaultTokenTTL,omitempty"`

	// RefreshToken indicates whether the Envoy should automatically refresh the
	// id token and access token when they expire.
	// When set to true, the Envoy will use the refresh token to get a new id token
	// and access token when they expire.
	//
	// If not specified, defaults to false.
	// +optional
	RefreshToken *bool `json:"refreshToken,omitempty"`

	// DefaultRefreshTokenTTL is the default lifetime of the refresh token.
	// This field is only used when the exp (expiration time) claim is omitted in
	// the refresh token or the refresh token is not JWT.
	//
	// If not specified, defaults to 604800s (one week).
	// Note: this field is only applicable when the "refreshToken" field is set to true.
	// +optional
	DefaultRefreshTokenTTL *metav1.Duration `json:"defaultRefreshTokenTTL,omitempty"`
}

OIDC defines the configuration for the OpenID Connect (OIDC) authentication.

func (*OIDC) DeepCopy added in v1.0.0

func (in *OIDC) DeepCopy() *OIDC

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new OIDC.

func (*OIDC) DeepCopyInto added in v1.0.0

func (in *OIDC) DeepCopyInto(out *OIDC)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type OIDCCookieNames added in v1.1.0

type OIDCCookieNames struct {
	// The name of the cookie used to store the AccessToken in the
	// [Authentication Request](https://openid.net/specs/openid-connect-core-1_0.html#AuthRequest).
	// If not specified, defaults to "AccessToken-(randomly generated uid)"
	// +optional
	AccessToken *string `json:"accessToken,omitempty"`
	// The name of the cookie used to store the IdToken in the
	// [Authentication Request](https://openid.net/specs/openid-connect-core-1_0.html#AuthRequest).
	// If not specified, defaults to "IdToken-(randomly generated uid)"
	// +optional
	IDToken *string `json:"idToken,omitempty"`
}

OIDCCookieNames defines the names of cookies to use in the Envoy OIDC filter.

func (*OIDCCookieNames) DeepCopy added in v1.1.0

func (in *OIDCCookieNames) DeepCopy() *OIDCCookieNames

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new OIDCCookieNames.

func (*OIDCCookieNames) DeepCopyInto added in v1.1.0

func (in *OIDCCookieNames) DeepCopyInto(out *OIDCCookieNames)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type OIDCProvider added in v1.0.0

type OIDCProvider struct {
	// BackendRefs is used to specify the address of the OIDC Provider.
	// If the BackendRefs is not specified, The host and port of the OIDC Provider's token endpoint
	// will be used as the address of the OIDC Provider.
	//
	// TLS configuration can be specified in a BackendTLSConfig resource and target the BackendRefs.
	//
	// Other settings for the connection to the OIDC Provider can be specified in the BackendSettings resource.
	//
	// +optional
	BackendCluster `json:",inline"`

	// The OIDC Provider's [issuer identifier](https://openid.net/specs/openid-connect-discovery-1_0.html#IssuerDiscovery).
	// Issuer MUST be a URI RFC 3986 [RFC3986] with a scheme component that MUST
	// be https, a host component, and optionally, port and path components and
	// no query or fragment components.
	// +kubebuilder:validation:MinLength=1
	Issuer string `json:"issuer"`

	// The OIDC Provider's [authorization endpoint](https://openid.net/specs/openid-connect-core-1_0.html#AuthorizationEndpoint).
	// If not provided, EG will try to discover it from the provider's [Well-Known Configuration Endpoint](https://openid.net/specs/openid-connect-discovery-1_0.html#ProviderConfigurationResponse).
	//
	// +optional
	AuthorizationEndpoint *string `json:"authorizationEndpoint,omitempty"`

	// The OIDC Provider's [token endpoint](https://openid.net/specs/openid-connect-core-1_0.html#TokenEndpoint).
	// If not provided, EG will try to discover it from the provider's [Well-Known Configuration Endpoint](https://openid.net/specs/openid-connect-discovery-1_0.html#ProviderConfigurationResponse).
	//
	// +optional
	TokenEndpoint *string `json:"tokenEndpoint,omitempty"`
}

OIDCProvider defines the OIDC Provider configuration. +kubebuilder:validation:XValidation:rule="!has(self.backendRef)",message="BackendRefs must be used, backendRef is not supported." +kubebuilder:validation:XValidation:rule="has(self.backendSettings)? (has(self.backendSettings.retry)?(has(self.backendSettings.retry.perRetry)? !has(self.backendSettings.retry.perRetry.timeout):true):true):true",message="Retry timeout is not supported." +kubebuilder:validation:XValidation:rule="has(self.backendSettings)? (has(self.backendSettings.retry)?(has(self.backendSettings.retry.retryOn)? !has(self.backendSettings.retry.retryOn.httpStatusCodes):true):true):true",message="HTTPStatusCodes is not supported."

func (*OIDCProvider) DeepCopy added in v1.0.0

func (in *OIDCProvider) DeepCopy() *OIDCProvider

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new OIDCProvider.

func (*OIDCProvider) DeepCopyInto added in v1.0.0

func (in *OIDCProvider) DeepCopyInto(out *OIDCProvider)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type OpenTelemetryEnvoyProxyAccessLog added in v0.6.0

type OpenTelemetryEnvoyProxyAccessLog struct {
	BackendCluster `json:",inline"`
	// Host define the extension service hostname.
	// Deprecated: Use BackendRefs instead.
	//
	// +optional
	Host *string `json:"host,omitempty"`
	// Port defines the port the extension service is exposed on.
	// Deprecated: Use BackendRefs instead.
	//
	// +optional
	// +kubebuilder:validation:Minimum=0
	// +kubebuilder:default=4317
	Port int32 `json:"port,omitempty"`
	// Resources is a set of labels that describe the source of a log entry, including envoy node info.
	// It's recommended to follow [semantic conventions](https://opentelemetry.io/docs/reference/specification/resource/semantic_conventions/).
	// +optional
	Resources map[string]string `json:"resources,omitempty"`
}

OpenTelemetryEnvoyProxyAccessLog defines the OpenTelemetry access log sink.

+kubebuilder:validation:XValidation:message="host or backendRefs needs to be set",rule="has(self.host) || self.backendRefs.size() > 0" +kubebuilder:validation:XValidation:message="BackendRefs must be used, backendRef is not supported.",rule="!has(self.backendRef)" +kubebuilder:validation:XValidation:message="BackendRefs only supports Service kind.",rule="has(self.backendRefs) ? self.backendRefs.all(f, f.kind == 'Service') : true" +kubebuilder:validation:XValidation:message="BackendRefs only supports Core group.",rule="has(self.backendRefs) ? (self.backendRefs.all(f, f.group == \"\")) : true"

func (*OpenTelemetryEnvoyProxyAccessLog) DeepCopy added in v0.6.0

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new OpenTelemetryEnvoyProxyAccessLog.

func (*OpenTelemetryEnvoyProxyAccessLog) DeepCopyInto added in v0.6.0

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type Origin added in v1.0.0

type Origin string

Origin is defined by the scheme (protocol), hostname (domain), and port of the URL used to access it. The hostname can be "precise" which is just the domain name or "wildcard" which is a domain name prefixed with a single wildcard label such as "*.example.com". In addition to that a single wildcard (with or without scheme) can be configured to match any origin.

For example, the following are valid origins: - https://foo.example.com - https://*.example.com - http://foo.example.com:8080 - http://*.example.com:8080 - https://*

+kubebuilder:validation:MinLength=1 +kubebuilder:validation:MaxLength=253 +kubebuilder:validation:Pattern=`^(\*|https?:\/\/(\*|(\*\.)?(([\w-]+\.?)+)?[\w-]+)(:\d{1,5})?)$`

type PassiveHealthCheck added in v1.0.0

type PassiveHealthCheck struct {
	// SplitExternalLocalOriginErrors enables splitting of errors between external and local origin.
	//
	// +kubebuilder:default=false
	// +optional
	SplitExternalLocalOriginErrors *bool `json:"splitExternalLocalOriginErrors,omitempty"`

	// Interval defines the time between passive health checks.
	//
	// +kubebuilder:validation:Format=duration
	// +kubebuilder:default="3s"
	// +optional
	Interval *metav1.Duration `json:"interval,omitempty"`

	// ConsecutiveLocalOriginFailures sets the number of consecutive local origin failures triggering ejection.
	// Parameter takes effect only when split_external_local_origin_errors is set to true.
	//
	// +kubebuilder:default=5
	// +optional
	ConsecutiveLocalOriginFailures *uint32 `json:"consecutiveLocalOriginFailures,omitempty"`

	// ConsecutiveGatewayErrors sets the number of consecutive gateway errors triggering ejection.
	//
	// +kubebuilder:default=0
	// +optional
	ConsecutiveGatewayErrors *uint32 `json:"consecutiveGatewayErrors,omitempty"`

	// Consecutive5xxErrors sets the number of consecutive 5xx errors triggering ejection.
	//
	// +kubebuilder:default=5
	// +optional
	Consecutive5xxErrors *uint32 `json:"consecutive5XxErrors,omitempty"`

	// BaseEjectionTime defines the base duration for which a host will be ejected on consecutive failures.
	//
	// +kubebuilder:validation:Format=duration
	// +kubebuilder:default="30s"
	// +optional
	BaseEjectionTime *metav1.Duration `json:"baseEjectionTime,omitempty"`

	// MaxEjectionPercent sets the maximum percentage of hosts in a cluster that can be ejected.
	//
	// +kubebuilder:default=10
	// +optional
	MaxEjectionPercent *int32 `json:"maxEjectionPercent,omitempty"`
}

PassiveHealthCheck defines the configuration for passive health checks in the context of Envoy's Outlier Detection, see https://www.envoyproxy.io/docs/envoy/latest/intro/arch_overview/upstream/outlier

func (*PassiveHealthCheck) DeepCopy added in v1.0.0

func (in *PassiveHealthCheck) DeepCopy() *PassiveHealthCheck

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new PassiveHealthCheck.

func (*PassiveHealthCheck) DeepCopyInto added in v1.0.0

func (in *PassiveHealthCheck) DeepCopyInto(out *PassiveHealthCheck)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type PathEscapedSlashAction added in v1.0.0

type PathEscapedSlashAction string

PathEscapedSlashAction determines the action for requests that contain %2F, %2f, %5C, or %5c sequences in the URI path. +kubebuilder:validation:Enum=KeepUnchanged;RejectRequest;UnescapeAndForward;UnescapeAndRedirect

const (
	// KeepUnchangedAction keeps escaped slashes as they arrive without changes
	KeepUnchangedAction PathEscapedSlashAction = "KeepUnchanged"
	// RejectRequestAction rejects client requests containing escaped slashes
	// with a 400 status. gRPC requests will be rejected with the INTERNAL (13)
	// error code.
	// The "httpN.downstream_rq_failed_path_normalization" counter is incremented
	// for each rejected request.
	RejectRequestAction PathEscapedSlashAction = "RejectRequest"
	// UnescapeAndRedirect unescapes %2F and %5C sequences and redirects to the new path
	// if these sequences were present.
	//
	// Redirect occurs after path normalization and merge slashes transformations if
	// they were configured. gRPC requests will be rejected with the INTERNAL (13)
	// error code.
	// This option minimizes possibility of path confusion exploits by forcing request
	// with unescaped slashes to traverse all parties: downstream client, intermediate
	// proxies, Envoy and upstream server.
	// The “httpN.downstream_rq_redirected_with_normalized_path” counter is incremented
	// for each redirected request.
	UnescapeAndRedirect PathEscapedSlashAction = "UnescapeAndRedirect"
	// UnescapeAndForward unescapes %2F and %5C sequences and forwards the request.
	// Note: this option should not be enabled if intermediaries perform path based access
	// control as it may lead to path confusion vulnerabilities.
	UnescapeAndForward PathEscapedSlashAction = "UnescapeAndForward"
)

type PathSettings added in v1.0.0

type PathSettings struct {
	// EscapedSlashesAction determines how %2f, %2F, %5c, or %5C sequences in the path URI
	// should be handled.
	// The default is UnescapeAndRedirect.
	//
	// +optional
	EscapedSlashesAction *PathEscapedSlashAction `json:"escapedSlashesAction,omitempty"`
	// DisableMergeSlashes allows disabling the default configuration of merging adjacent
	// slashes in the path.
	// Note that slash merging is not part of the HTTP spec and is provided for convenience.
	//
	// +optional
	DisableMergeSlashes *bool `json:"disableMergeSlashes,omitempty"`
}

PathSettings provides settings that managing how the incoming path set by clients is handled.

func (*PathSettings) DeepCopy added in v1.0.0

func (in *PathSettings) DeepCopy() *PathSettings

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new PathSettings.

func (*PathSettings) DeepCopyInto added in v1.0.0

func (in *PathSettings) DeepCopyInto(out *PathSettings)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type PerRetryPolicy added in v1.0.0

type PerRetryPolicy struct {
	// Timeout is the timeout per retry attempt.
	//
	// +optional
	// +kubebuilder:validation:Format=duration
	Timeout *metav1.Duration `json:"timeout,omitempty"`
	// Backoff is the backoff policy to be applied per retry attempt. gateway uses a fully jittered exponential
	// back-off algorithm for retries. For additional details,
	// see https://www.envoyproxy.io/docs/envoy/latest/configuration/http/http_filters/router_filter#config-http-filters-router-x-envoy-max-retries
	//
	// +optional
	BackOff *BackOffPolicy `json:"backOff,omitempty"`
}

func (*PerRetryPolicy) DeepCopy added in v1.0.0

func (in *PerRetryPolicy) DeepCopy() *PerRetryPolicy

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new PerRetryPolicy.

func (*PerRetryPolicy) DeepCopyInto added in v1.0.0

func (in *PerRetryPolicy) DeepCopyInto(out *PerRetryPolicy)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type PolicyTargetReferences added in v1.1.0

type PolicyTargetReferences struct {
	// TargetRef is the name of the resource this policy is being attached to.
	// This policy and the TargetRef MUST be in the same namespace for this
	// Policy to have effect
	//
	// Deprecated: use targetRefs/targetSelectors instead
	TargetRef *gwapiv1a2.LocalPolicyTargetReferenceWithSectionName `json:"targetRef,omitempty"`

	// TargetRefs are the names of the Gateway resources this policy
	// is being attached to.
	TargetRefs []gwapiv1a2.LocalPolicyTargetReferenceWithSectionName `json:"targetRefs,omitempty"`

	// TargetSelectors allow targeting resources for this policy based on labels
	TargetSelectors []TargetSelector `json:"targetSelectors,omitempty"`
}

func (*PolicyTargetReferences) DeepCopy added in v1.1.0

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new PolicyTargetReferences.

func (*PolicyTargetReferences) DeepCopyInto added in v1.1.0

func (in *PolicyTargetReferences) DeepCopyInto(out *PolicyTargetReferences)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

func (PolicyTargetReferences) GetTargetRefs added in v1.1.0

type Principal added in v1.1.0

type Principal struct {
	// ClientCIDRs are the IP CIDR ranges of the client.
	// Valid examples are "192.168.1.0/24" or "2001:db8::/64"
	//
	// If multiple CIDR ranges are specified, one of the CIDR ranges must match
	// the client IP for the rule to match.
	//
	// The client IP is inferred from the X-Forwarded-For header, a custom header,
	// or the proxy protocol.
	// You can use the `ClientIPDetection` or the `EnableProxyProtocol` field in
	// the `ClientTrafficPolicy` to configure how the client IP is detected.
	// +optional
	// +kubebuilder:validation:MinItems=1
	ClientCIDRs []CIDR `json:"clientCIDRs,omitempty"`

	// JWT authorize the request based on the JWT claims and scopes.
	// Note: in order to use JWT claims for authorization, you must configure the
	// JWT authentication in the same `SecurityPolicy`.
	// +optional
	// +notImplementedHide
	JWT *JWTPrincipal `json:"jwt,omitempty"`
}

If there are multiple principal types, all principals must match for the rule to match.

+kubebuilder:validation:XValidation:rule="(has(self.clientCIDRs) || has(self.jwt))",message="at least one of clientCIDRs or jwt must be specified"

func (*Principal) DeepCopy added in v1.1.0

func (in *Principal) DeepCopy() *Principal

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new Principal.

func (*Principal) DeepCopyInto added in v1.1.0

func (in *Principal) DeepCopyInto(out *Principal)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type ProcessingModeOptions added in v1.1.0

type ProcessingModeOptions struct {
	// Defines body processing mode
	//
	// +optional
	Body *ExtProcBodyProcessingMode `json:"body,omitempty"`
}

ProcessingModeOptions defines if headers or body should be processed by the external service

func (*ProcessingModeOptions) DeepCopy added in v1.1.0

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ProcessingModeOptions.

func (*ProcessingModeOptions) DeepCopyInto added in v1.1.0

func (in *ProcessingModeOptions) DeepCopyInto(out *ProcessingModeOptions)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type ProviderType added in v0.6.0

type ProviderType string

ProviderType defines the types of providers supported by Envoy Gateway.

+kubebuilder:validation:Enum=Kubernetes;Custom

const (
	// ProviderTypeKubernetes defines the "Kubernetes" provider.
	ProviderTypeKubernetes ProviderType = "Kubernetes"

	// ProviderTypeCustom defines the "Custom" provider.
	ProviderTypeCustom ProviderType = "Custom"
)

type ProxyAccessLog added in v0.6.0

type ProxyAccessLog struct {
	// Disable disables access logging for managed proxies if set to true.
	Disable bool `json:"disable,omitempty"`
	// Settings defines accesslog settings for managed proxies.
	// If unspecified, will send default format to stdout.
	// +optional
	// +kubebuilder:validation:MinItems=1
	// +kubebuilder:validation:MaxItems=50
	Settings []ProxyAccessLogSetting `json:"settings,omitempty"`
}

func (*ProxyAccessLog) DeepCopy added in v0.6.0

func (in *ProxyAccessLog) DeepCopy() *ProxyAccessLog

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ProxyAccessLog.

func (*ProxyAccessLog) DeepCopyInto added in v0.6.0

func (in *ProxyAccessLog) DeepCopyInto(out *ProxyAccessLog)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type ProxyAccessLogFormat added in v0.6.0

type ProxyAccessLogFormat struct {
	// Type defines the type of accesslog format.
	// +kubebuilder:validation:Enum=Text;JSON
	// +unionDiscriminator
	Type ProxyAccessLogFormatType `json:"type,omitempty"`
	// Text defines the text accesslog format, following Envoy accesslog formatting,
	// It's required when the format type is "Text".
	// Envoy [command operators](https://www.envoyproxy.io/docs/envoy/latest/configuration/observability/access_log/usage#command-operators) may be used in the format.
	// The [format string documentation](https://www.envoyproxy.io/docs/envoy/latest/configuration/observability/access_log/usage#config-access-log-format-strings) provides more information.
	// +optional
	Text *string `json:"text,omitempty"`
	// JSON is additional attributes that describe the specific event occurrence.
	// Structured format for the envoy access logs. Envoy [command operators](https://www.envoyproxy.io/docs/envoy/latest/configuration/observability/access_log/usage#command-operators)
	// can be used as values for fields within the Struct.
	// It's required when the format type is "JSON".
	// +optional
	JSON map[string]string `json:"json,omitempty"`
}

ProxyAccessLogFormat defines the format of accesslog. By default accesslogs are written to standard output. +union

+kubebuilder:validation:XValidation:rule="self.type == 'Text' ? has(self.text) : !has(self.text)",message="If AccessLogFormat type is Text, text field needs to be set." +kubebuilder:validation:XValidation:rule="self.type == 'JSON' ? has(self.json) : !has(self.json)",message="If AccessLogFormat type is JSON, json field needs to be set."

func (*ProxyAccessLogFormat) DeepCopy added in v0.6.0

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ProxyAccessLogFormat.

func (*ProxyAccessLogFormat) DeepCopyInto added in v0.6.0

func (in *ProxyAccessLogFormat) DeepCopyInto(out *ProxyAccessLogFormat)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type ProxyAccessLogFormatType added in v0.6.0

type ProxyAccessLogFormatType string
const (
	// ProxyAccessLogFormatTypeText defines the text accesslog format.
	ProxyAccessLogFormatTypeText ProxyAccessLogFormatType = "Text"
	// ProxyAccessLogFormatTypeJSON defines the JSON accesslog format.
	ProxyAccessLogFormatTypeJSON ProxyAccessLogFormatType = "JSON"
)

type ProxyAccessLogSetting added in v0.6.0

type ProxyAccessLogSetting struct {
	// Format defines the format of accesslog.
	// This will be ignored if sink type is ALS.
	// +optional
	Format *ProxyAccessLogFormat `json:"format,omitempty"`
	// Matches defines the match conditions for accesslog in CEL expression.
	// An accesslog will be emitted only when one or more match conditions are evaluated to true.
	// Invalid [CEL](https://www.envoyproxy.io/docs/envoy/latest/xds/type/v3/cel.proto.html#common-expression-language-cel-proto) expressions will be ignored.
	// +kubebuilder:validation:MaxItems=10
	Matches []string `json:"matches,omitempty"`
	// Sinks defines the sinks of accesslog.
	// +kubebuilder:validation:MinItems=1
	// +kubebuilder:validation:MaxItems=50
	Sinks []ProxyAccessLogSink `json:"sinks"`
	// Type defines the component emitting the accesslog, such as Listener and Route.
	// If type not defined, the setting would apply to:
	// (1) All Routes.
	// (2) Listeners if and only if Envoy does not find a matching route for a request.
	// If type is defined, the accesslog settings would apply to the relevant component (as-is).
	// +kubebuilder:validation:Enum=Listener;Route
	// +optional
	Type *ProxyAccessLogType `json:"type,omitempty"`
}

func (*ProxyAccessLogSetting) DeepCopy added in v0.6.0

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ProxyAccessLogSetting.

func (*ProxyAccessLogSetting) DeepCopyInto added in v0.6.0

func (in *ProxyAccessLogSetting) DeepCopyInto(out *ProxyAccessLogSetting)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type ProxyAccessLogSink added in v0.6.0

type ProxyAccessLogSink struct {
	// Type defines the type of accesslog sink.
	// +kubebuilder:validation:Enum=ALS;File;OpenTelemetry
	// +unionDiscriminator
	Type ProxyAccessLogSinkType `json:"type,omitempty"`
	// ALS defines the gRPC Access Log Service (ALS) sink.
	// +optional
	ALS *ALSEnvoyProxyAccessLog `json:"als,omitempty"`
	// File defines the file accesslog sink.
	// +optional
	File *FileEnvoyProxyAccessLog `json:"file,omitempty"`
	// OpenTelemetry defines the OpenTelemetry accesslog sink.
	// +optional
	OpenTelemetry *OpenTelemetryEnvoyProxyAccessLog `json:"openTelemetry,omitempty"`
}

ProxyAccessLogSink defines the sink of accesslog. +union

+kubebuilder:validation:XValidation:rule="self.type == 'ALS' ? has(self.als) : !has(self.als)",message="If AccessLogSink type is ALS, als field needs to be set." +kubebuilder:validation:XValidation:rule="self.type == 'File' ? has(self.file) : !has(self.file)",message="If AccessLogSink type is File, file field needs to be set." +kubebuilder:validation:XValidation:rule="self.type == 'OpenTelemetry' ? has(self.openTelemetry) : !has(self.openTelemetry)",message="If AccessLogSink type is OpenTelemetry, openTelemetry field needs to be set."

func (*ProxyAccessLogSink) DeepCopy added in v0.6.0

func (in *ProxyAccessLogSink) DeepCopy() *ProxyAccessLogSink

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ProxyAccessLogSink.

func (*ProxyAccessLogSink) DeepCopyInto added in v0.6.0

func (in *ProxyAccessLogSink) DeepCopyInto(out *ProxyAccessLogSink)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type ProxyAccessLogSinkType added in v0.6.0

type ProxyAccessLogSinkType string
const (
	// ProxyAccessLogSinkTypeALS defines the gRPC Access Log Service (ALS) sink.
	// The service must implement the Envoy gRPC Access Log Service streaming API:
	// https://www.envoyproxy.io/docs/envoy/latest/api-v3/service/accesslog/v3/als.proto
	ProxyAccessLogSinkTypeALS ProxyAccessLogSinkType = "ALS"
	// ProxyAccessLogSinkTypeFile defines the file accesslog sink.
	ProxyAccessLogSinkTypeFile ProxyAccessLogSinkType = "File"
	// ProxyAccessLogSinkTypeOpenTelemetry defines the OpenTelemetry accesslog sink.
	// When the provider is Kubernetes, EnvoyGateway always sends `k8s.namespace.name`
	// and `k8s.pod.name` as additional attributes.
	ProxyAccessLogSinkTypeOpenTelemetry ProxyAccessLogSinkType = "OpenTelemetry"
)

type ProxyBootstrap added in v0.6.0

type ProxyBootstrap struct {
	// Type is the type of the bootstrap configuration, it should be either Replace,  Merge, or JSONPatch.
	// If unspecified, it defaults to Replace.
	// +optional
	// +kubebuilder:default=Replace
	// +unionDiscriminator
	Type *BootstrapType `json:"type"`

	// Value is a YAML string of the bootstrap.
	// +optional
	Value *string `json:"value,omitempty"`

	// JSONPatches is an array of JSONPatches to be applied to the default bootstrap. Patches are
	// applied in the order in which they are defined.
	JSONPatches []JSONPatchOperation `json:"jsonPatches,omitempty"`
}

ProxyBootstrap defines Envoy Bootstrap configuration. +union +kubebuilder:validation:XValidation:rule="self.type == 'JSONPatch' ? self.jsonPatches.size() > 0 : has(self.value)", message="provided bootstrap patch doesn't match the configured patch type"

func (*ProxyBootstrap) DeepCopy added in v0.6.0

func (in *ProxyBootstrap) DeepCopy() *ProxyBootstrap

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ProxyBootstrap.

func (*ProxyBootstrap) DeepCopyInto added in v0.6.0

func (in *ProxyBootstrap) DeepCopyInto(out *ProxyBootstrap)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type ProxyLogComponent added in v0.6.0

type ProxyLogComponent string

ProxyLogComponent defines a component that supports a configured logging level. +kubebuilder:validation:Enum=system;upstream;http;connection;admin;client;filter;main;router;runtime

const (
	// LogComponentDefault defines the default logging component.
	// See more details: https://www.envoyproxy.io/docs/envoy/latest/operations/cli#cmdoption-l
	LogComponentDefault ProxyLogComponent = "default"

	// LogComponentUpstream defines the "upstream" logging component.
	LogComponentUpstream ProxyLogComponent = "upstream"

	// LogComponentHTTP defines the "http" logging component.
	LogComponentHTTP ProxyLogComponent = "http"

	// LogComponentConnection defines the "connection" logging component.
	LogComponentConnection ProxyLogComponent = "connection"

	// LogComponentAdmin defines the "admin" logging component.
	LogComponentAdmin ProxyLogComponent = "admin"

	// LogComponentClient defines the "client" logging component.
	LogComponentClient ProxyLogComponent = "client"

	// LogComponentFilter defines the "filter" logging component.
	LogComponentFilter ProxyLogComponent = "filter"

	// LogComponentMain defines the "main" logging component.
	LogComponentMain ProxyLogComponent = "main"

	// LogComponentRouter defines the "router" logging component.
	LogComponentRouter ProxyLogComponent = "router"

	// LogComponentRuntime defines the "runtime" logging component.
	LogComponentRuntime ProxyLogComponent = "runtime"
)

type ProxyLogging added in v0.6.0

type ProxyLogging struct {
	// Level is a map of logging level per component, where the component is the key
	// and the log level is the value. If unspecified, defaults to "default: warn".
	//
	// +kubebuilder:default={default: warn}
	Level map[ProxyLogComponent]LogLevel `json:"level,omitempty"`
}

ProxyLogging defines logging parameters for managed proxies.

func (*ProxyLogging) DeepCopy added in v0.6.0

func (in *ProxyLogging) DeepCopy() *ProxyLogging

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ProxyLogging.

func (*ProxyLogging) DeepCopyInto added in v0.6.0

func (in *ProxyLogging) DeepCopyInto(out *ProxyLogging)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

func (*ProxyLogging) DefaultEnvoyProxyLoggingLevel added in v0.6.0

func (logging *ProxyLogging) DefaultEnvoyProxyLoggingLevel() LogLevel

DefaultEnvoyProxyLoggingLevel returns envoy proxy v1alpha1.LogComponentGatewayDefault log level. If unspecified, defaults to "warn". When specified, all other logging components are ignored.

func (*ProxyLogging) GetEnvoyProxyComponentLevel added in v0.6.0

func (logging *ProxyLogging) GetEnvoyProxyComponentLevel() string

GetEnvoyProxyComponentLevel returns envoy proxy component log level args. xref: https://www.envoyproxy.io/docs/envoy/latest/operations/cli#cmdoption-component-log-level

type ProxyMetricSink added in v0.6.0

type ProxyMetricSink struct {
	// Type defines the metric sink type.
	// EG currently only supports OpenTelemetry.
	// +kubebuilder:validation:Enum=OpenTelemetry
	// +kubebuilder:default=OpenTelemetry
	// +unionDiscriminator
	Type MetricSinkType `json:"type"`
	// OpenTelemetry defines the configuration for OpenTelemetry sink.
	// It's required if the sink type is OpenTelemetry.
	// +optional
	OpenTelemetry *ProxyOpenTelemetrySink `json:"openTelemetry,omitempty"`
}

ProxyMetricSink defines the sink of metrics. Default metrics sink is OpenTelemetry. +union

+kubebuilder:validation:XValidation:rule="self.type == 'OpenTelemetry' ? has(self.openTelemetry) : !has(self.openTelemetry)",message="If MetricSink type is OpenTelemetry, openTelemetry field needs to be set."

func (*ProxyMetricSink) DeepCopy added in v0.6.0

func (in *ProxyMetricSink) DeepCopy() *ProxyMetricSink

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ProxyMetricSink.

func (*ProxyMetricSink) DeepCopyInto added in v0.6.0

func (in *ProxyMetricSink) DeepCopyInto(out *ProxyMetricSink)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type ProxyMetrics added in v0.6.0

type ProxyMetrics struct {
	// Prometheus defines the configuration for Admin endpoint `/stats/prometheus`.
	Prometheus *ProxyPrometheusProvider `json:"prometheus,omitempty"`
	// Sinks defines the metric sinks where metrics are sent to.
	// +kubebuilder:validation:MaxItems=16
	Sinks []ProxyMetricSink `json:"sinks,omitempty"`
	// Matches defines configuration for selecting specific metrics instead of generating all metrics stats
	// that are enabled by default. This helps reduce CPU and memory overhead in Envoy, but eliminating some stats
	// may after critical functionality. Here are the stats that we strongly recommend not disabling:
	// `cluster_manager.warming_clusters`, `cluster.<cluster_name>.membership_total`,`cluster.<cluster_name>.membership_healthy`,
	// `cluster.<cluster_name>.membership_degraded`,reference  https://github.com/envoyproxy/envoy/issues/9856,
	// https://github.com/envoyproxy/envoy/issues/14610
	//
	Matches []StringMatch `json:"matches,omitempty"`

	// EnableVirtualHostStats enables envoy stat metrics for virtual hosts.
	//
	// +optional
	EnableVirtualHostStats *bool `json:"enableVirtualHostStats,omitempty"`

	// EnablePerEndpointStats enables per endpoint envoy stats metrics.
	// Please use with caution.
	//
	// +optional
	EnablePerEndpointStats *bool `json:"enablePerEndpointStats,omitempty"`

	// EnableRequestResponseSizesStats enables publishing of histograms tracking header and body sizes of requests and responses.
	//
	// +optional
	EnableRequestResponseSizesStats *bool `json:"enableRequestResponseSizesStats,omitempty"`
}

func (*ProxyMetrics) DeepCopy added in v0.6.0

func (in *ProxyMetrics) DeepCopy() *ProxyMetrics

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ProxyMetrics.

func (*ProxyMetrics) DeepCopyInto added in v0.6.0

func (in *ProxyMetrics) DeepCopyInto(out *ProxyMetrics)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type ProxyOpenTelemetrySink added in v0.6.0

type ProxyOpenTelemetrySink struct {
	BackendCluster `json:",inline"`
	// Host define the service hostname.
	// Deprecated: Use BackendRefs instead.
	//
	// +optional
	Host *string `json:"host,omitempty"`
	// Port defines the port the service is exposed on.
	// Deprecated: Use BackendRefs instead.
	//
	// +optional
	// +kubebuilder:validation:Minimum=0
	// +kubebuilder:validation:Maximum=65535
	// +kubebuilder:default=4317
	Port int32 `json:"port,omitempty"`
}

ProxyOpenTelemetrySink defines the configuration for OpenTelemetry sink.

+kubebuilder:validation:XValidation:message="host or backendRefs needs to be set",rule="has(self.host) || self.backendRefs.size() > 0" +kubebuilder:validation:XValidation:message="BackendRefs must be used, backendRef is not supported.",rule="!has(self.backendRef)" +kubebuilder:validation:XValidation:message="only supports Service kind.",rule="has(self.backendRefs) ? self.backendRefs.all(f, f.kind == 'Service') : true" +kubebuilder:validation:XValidation:message="BackendRefs only supports Core group.",rule="has(self.backendRefs) ? (self.backendRefs.all(f, f.group == \"\")) : true"

func (*ProxyOpenTelemetrySink) DeepCopy added in v0.6.0

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ProxyOpenTelemetrySink.

func (*ProxyOpenTelemetrySink) DeepCopyInto added in v0.6.0

func (in *ProxyOpenTelemetrySink) DeepCopyInto(out *ProxyOpenTelemetrySink)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type ProxyPrometheusProvider added in v0.6.0

type ProxyPrometheusProvider struct {
	// Disable the Prometheus endpoint.
	Disable bool `json:"disable,omitempty"`
	// Configure the compression on Prometheus endpoint. Compression is useful in situations when bandwidth is scarce and large payloads can be effectively compressed at the expense of higher CPU load.
	// +optional
	Compression *Compression `json:"compression,omitempty"`
}

func (*ProxyPrometheusProvider) DeepCopy added in v0.6.0

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ProxyPrometheusProvider.

func (*ProxyPrometheusProvider) DeepCopyInto added in v0.6.0

func (in *ProxyPrometheusProvider) DeepCopyInto(out *ProxyPrometheusProvider)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type ProxyProtocol added in v1.0.0

type ProxyProtocol struct {
	// Version of ProxyProtol
	// Valid ProxyProtocolVersion values are
	// "V1"
	// "V2"
	Version ProxyProtocolVersion `json:"version"`
}

ProxyProtocol defines the configuration related to the proxy protocol when communicating with the backend.

func (*ProxyProtocol) DeepCopy added in v1.0.0

func (in *ProxyProtocol) DeepCopy() *ProxyProtocol

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ProxyProtocol.

func (*ProxyProtocol) DeepCopyInto added in v1.0.0

func (in *ProxyProtocol) DeepCopyInto(out *ProxyProtocol)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type ProxyProtocolVersion added in v1.0.0

type ProxyProtocolVersion string

ProxyProtocolVersion defines the version of the Proxy Protocol to use. +kubebuilder:validation:Enum=V1;V2

const (
	// ProxyProtocolVersionV1 is the PROXY protocol version 1 (human readable format).
	ProxyProtocolVersionV1 ProxyProtocolVersion = "V1"
	// ProxyProtocolVersionV2 is the PROXY protocol version 2 (binary format).
	ProxyProtocolVersionV2 ProxyProtocolVersion = "V2"
)

type ProxyTelemetry added in v0.6.0

type ProxyTelemetry struct {
	// AccessLogs defines accesslog parameters for managed proxies.
	// If unspecified, will send default format to stdout.
	// +optional
	AccessLog *ProxyAccessLog `json:"accessLog,omitempty"`
	// Tracing defines tracing configuration for managed proxies.
	// If unspecified, will not send tracing data.
	// +optional
	Tracing *ProxyTracing `json:"tracing,omitempty"`

	// Metrics defines metrics configuration for managed proxies.
	Metrics *ProxyMetrics `json:"metrics,omitempty"`
}

func (*ProxyTelemetry) DeepCopy added in v0.6.0

func (in *ProxyTelemetry) DeepCopy() *ProxyTelemetry

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ProxyTelemetry.

func (*ProxyTelemetry) DeepCopyInto added in v0.6.0

func (in *ProxyTelemetry) DeepCopyInto(out *ProxyTelemetry)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type ProxyTracing added in v0.6.0

type ProxyTracing struct {
	// SamplingRate controls the rate at which traffic will be
	// selected for tracing if no prior sampling decision has been made.
	// Defaults to 100, valid values [0-100]. 100 indicates 100% sampling.
	// +kubebuilder:validation:Minimum=0
	// +kubebuilder:validation:Maximum=100
	// +kubebuilder:default=100
	// +optional
	SamplingRate *uint32 `json:"samplingRate,omitempty"`
	// CustomTags defines the custom tags to add to each span.
	// If provider is kubernetes, pod name and namespace are added by default.
	CustomTags map[string]CustomTag `json:"customTags,omitempty"`
	// Provider defines the tracing provider.
	Provider TracingProvider `json:"provider"`
}

func (*ProxyTracing) DeepCopy added in v0.6.0

func (in *ProxyTracing) DeepCopy() *ProxyTracing

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ProxyTracing.

func (*ProxyTracing) DeepCopyInto added in v0.6.0

func (in *ProxyTracing) DeepCopyInto(out *ProxyTracing)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type RateLimit added in v0.6.0

type RateLimit struct {
	// Backend holds the configuration associated with the
	// database backend used by the rate limit service to store
	// state associated with global ratelimiting.
	Backend RateLimitDatabaseBackend `json:"backend"`

	// Timeout specifies the timeout period for the proxy to access the ratelimit server
	// If not set, timeout is 20ms.
	// +optional
	// +kubebuilder:validation:Format=duration
	Timeout *metav1.Duration `json:"timeout,omitempty"`

	// FailClosed is a switch used to control the flow of traffic
	// when the response from the ratelimit server cannot be obtained.
	// If FailClosed is false, let the traffic pass,
	// otherwise, don't let the traffic pass and return 500.
	// If not set, FailClosed is False.
	FailClosed bool `json:"failClosed"`

	// Telemetry defines telemetry configuration for RateLimit.
	// +optional
	Telemetry *RateLimitTelemetry `json:"telemetry,omitempty"`
}

RateLimit defines the configuration associated with the Rate Limit Service used for Global Rate Limiting.

func (*RateLimit) DeepCopy added in v0.6.0

func (in *RateLimit) DeepCopy() *RateLimit

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new RateLimit.

func (*RateLimit) DeepCopyInto added in v0.6.0

func (in *RateLimit) DeepCopyInto(out *RateLimit)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type RateLimitDatabaseBackend added in v0.6.0

type RateLimitDatabaseBackend struct {
	// Type is the type of database backend to use. Supported types are:
	//	* Redis: Connects to a Redis database.
	//
	// +unionDiscriminator
	Type RateLimitDatabaseBackendType `json:"type"`
	// Redis defines the settings needed to connect to a Redis database.
	//
	// +optional
	Redis *RateLimitRedisSettings `json:"redis,omitempty"`
}

RateLimitDatabaseBackend defines the configuration associated with the database backend used by the rate limit service. +union

func (*RateLimitDatabaseBackend) DeepCopy added in v0.6.0

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new RateLimitDatabaseBackend.

func (*RateLimitDatabaseBackend) DeepCopyInto added in v0.6.0

func (in *RateLimitDatabaseBackend) DeepCopyInto(out *RateLimitDatabaseBackend)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type RateLimitDatabaseBackendType added in v0.6.0

type RateLimitDatabaseBackendType string

RateLimitDatabaseBackendType specifies the types of database backend to be used by the rate limit service. +kubebuilder:validation:Enum=Redis

const (
	// RedisBackendType uses a redis database for the rate limit service.
	RedisBackendType RateLimitDatabaseBackendType = "Redis"
)

type RateLimitMetrics added in v1.0.0

type RateLimitMetrics struct {
	// Prometheus defines the configuration for prometheus endpoint.
	Prometheus *RateLimitMetricsPrometheusProvider `json:"prometheus,omitempty"`
}

func (*RateLimitMetrics) DeepCopy added in v1.0.0

func (in *RateLimitMetrics) DeepCopy() *RateLimitMetrics

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new RateLimitMetrics.

func (*RateLimitMetrics) DeepCopyInto added in v1.0.0

func (in *RateLimitMetrics) DeepCopyInto(out *RateLimitMetrics)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type RateLimitMetricsPrometheusProvider added in v1.0.0

type RateLimitMetricsPrometheusProvider struct {
	// Disable the Prometheus endpoint.
	Disable bool `json:"disable,omitempty"`
}

func (*RateLimitMetricsPrometheusProvider) DeepCopy added in v1.0.0

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new RateLimitMetricsPrometheusProvider.

func (*RateLimitMetricsPrometheusProvider) DeepCopyInto added in v1.0.0

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type RateLimitRedisSettings added in v0.6.0

type RateLimitRedisSettings struct {
	// URL of the Redis Database.
	URL string `json:"url"`

	// TLS defines TLS configuration for connecting to redis database.
	//
	// +optional
	TLS *RedisTLSSettings `json:"tls,omitempty"`
}

RateLimitRedisSettings defines the configuration for connecting to redis database.

func (*RateLimitRedisSettings) DeepCopy added in v0.6.0

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new RateLimitRedisSettings.

func (*RateLimitRedisSettings) DeepCopyInto added in v0.6.0

func (in *RateLimitRedisSettings) DeepCopyInto(out *RateLimitRedisSettings)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type RateLimitRule

type RateLimitRule struct {
	// ClientSelectors holds the list of select conditions to select
	// specific clients using attributes from the traffic flow.
	// All individual select conditions must hold True for this rule
	// and its limit to be applied.
	//
	// If no client selectors are specified, the rule applies to all traffic of
	// the targeted Route.
	//
	// If the policy targets a Gateway, the rule applies to each Route of the Gateway.
	// Please note that each Route has its own rate limit counters. For example,
	// if a Gateway has two Routes, and the policy has a rule with limit 10rps,
	// each Route will have its own 10rps limit.
	//
	// +optional
	// +kubebuilder:validation:MaxItems=8
	ClientSelectors []RateLimitSelectCondition `json:"clientSelectors,omitempty"`
	// Limit holds the rate limit values.
	// This limit is applied for traffic flows when the selectors
	// compute to True, causing the request to be counted towards the limit.
	// The limit is enforced and the request is ratelimited, i.e. a response with
	// 429 HTTP status code is sent back to the client when
	// the selected requests have reached the limit.
	Limit RateLimitValue `json:"limit"`
}

RateLimitRule defines the semantics for matching attributes from the incoming requests, and setting limits for them.

func (*RateLimitRule) DeepCopy

func (in *RateLimitRule) DeepCopy() *RateLimitRule

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new RateLimitRule.

func (*RateLimitRule) DeepCopyInto

func (in *RateLimitRule) DeepCopyInto(out *RateLimitRule)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type RateLimitSelectCondition

type RateLimitSelectCondition struct {
	// Headers is a list of request headers to match. Multiple header values are ANDed together,
	// meaning, a request MUST match all the specified headers.
	// At least one of headers or sourceCIDR condition must be specified.
	//
	// +optional
	// +kubebuilder:validation:MaxItems=16
	Headers []HeaderMatch `json:"headers,omitempty"`

	// SourceCIDR is the client IP Address range to match on.
	// At least one of headers or sourceCIDR condition must be specified.
	//
	// +optional
	SourceCIDR *SourceMatch `json:"sourceCIDR,omitempty"`
}

RateLimitSelectCondition specifies the attributes within the traffic flow that can be used to select a subset of clients to be ratelimited. All the individual conditions must hold True for the overall condition to hold True.

func (*RateLimitSelectCondition) DeepCopy

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new RateLimitSelectCondition.

func (*RateLimitSelectCondition) DeepCopyInto

func (in *RateLimitSelectCondition) DeepCopyInto(out *RateLimitSelectCondition)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type RateLimitSpec added in v0.6.0

type RateLimitSpec struct {
	// Type decides the scope for the RateLimits.
	// Valid RateLimitType values are "Global" or "Local".
	//
	// +unionDiscriminator
	Type RateLimitType `json:"type"`
	// Global defines global rate limit configuration.
	//
	// +optional
	Global *GlobalRateLimit `json:"global,omitempty"`

	// Local defines local rate limit configuration.
	//
	// +optional
	Local *LocalRateLimit `json:"local,omitempty"`
}

RateLimitSpec defines the desired state of RateLimitSpec. +union

func (*RateLimitSpec) DeepCopy added in v0.6.0

func (in *RateLimitSpec) DeepCopy() *RateLimitSpec

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new RateLimitSpec.

func (*RateLimitSpec) DeepCopyInto added in v0.6.0

func (in *RateLimitSpec) DeepCopyInto(out *RateLimitSpec)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type RateLimitTelemetry added in v1.0.0

type RateLimitTelemetry struct {
	// Metrics defines metrics configuration for RateLimit.
	Metrics *RateLimitMetrics `json:"metrics,omitempty"`

	// Tracing defines traces configuration for RateLimit.
	Tracing *RateLimitTracing `json:"tracing,omitempty"`
}

func (*RateLimitTelemetry) DeepCopy added in v1.0.0

func (in *RateLimitTelemetry) DeepCopy() *RateLimitTelemetry

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new RateLimitTelemetry.

func (*RateLimitTelemetry) DeepCopyInto added in v1.0.0

func (in *RateLimitTelemetry) DeepCopyInto(out *RateLimitTelemetry)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type RateLimitTracing added in v1.1.0

type RateLimitTracing struct {
	// SamplingRate controls the rate at which traffic will be
	// selected for tracing if no prior sampling decision has been made.
	// Defaults to 100, valid values [0-100]. 100 indicates 100% sampling.
	// +optional
	SamplingRate *uint32 `json:"samplingRate,omitempty"`

	// Provider defines the rateLimit tracing provider.
	// Only OpenTelemetry is supported currently.
	Provider *RateLimitTracingProvider `json:"provider,omitempty"`
}

func (*RateLimitTracing) DeepCopy added in v1.1.0

func (in *RateLimitTracing) DeepCopy() *RateLimitTracing

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new RateLimitTracing.

func (*RateLimitTracing) DeepCopyInto added in v1.1.0

func (in *RateLimitTracing) DeepCopyInto(out *RateLimitTracing)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type RateLimitTracingProvider added in v1.1.0

type RateLimitTracingProvider struct {
	// Type defines the tracing provider type.
	// Since to RateLimit Exporter currently using OpenTelemetry, only OpenTelemetry is supported
	Type *RateLimitTracingProviderType `json:"type,omitempty"`

	// URL is the endpoint of the trace collector that supports the OTLP protocol
	URL string `json:"url"`
}

RateLimitTracingProvider defines the tracing provider configuration of RateLimit

func (*RateLimitTracingProvider) DeepCopy added in v1.1.0

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new RateLimitTracingProvider.

func (*RateLimitTracingProvider) DeepCopyInto added in v1.1.0

func (in *RateLimitTracingProvider) DeepCopyInto(out *RateLimitTracingProvider)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type RateLimitTracingProviderType added in v1.1.0

type RateLimitTracingProviderType string

type RateLimitType

type RateLimitType string

RateLimitType specifies the types of RateLimiting. +kubebuilder:validation:Enum=Global;Local

const (
	// GlobalRateLimitType allows the rate limits to be applied across all Envoy
	// proxy instances.
	GlobalRateLimitType RateLimitType = "Global"

	// LocalRateLimitType allows the rate limits to be applied on a per Envoy
	// proxy instance basis.
	LocalRateLimitType RateLimitType = "Local"
)

type RateLimitUnit

type RateLimitUnit string

RateLimitUnit specifies the intervals for setting rate limits. Valid RateLimitUnit values are "Second", "Minute", "Hour", and "Day".

+kubebuilder:validation:Enum=Second;Minute;Hour;Day

const (
	// RateLimitUnitSecond specifies the rate limit interval to be 1 second.
	RateLimitUnitSecond RateLimitUnit = "Second"

	// RateLimitUnitMinute specifies the rate limit interval to be 1 minute.
	RateLimitUnitMinute RateLimitUnit = "Minute"

	// RateLimitUnitHour specifies the rate limit interval to be 1 hour.
	RateLimitUnitHour RateLimitUnit = "Hour"

	// RateLimitUnitDay specifies the rate limit interval to be 1 day.
	RateLimitUnitDay RateLimitUnit = "Day"
)

RateLimitUnit constants.

type RateLimitValue

type RateLimitValue struct {
	Requests uint          `json:"requests"`
	Unit     RateLimitUnit `json:"unit"`
}

RateLimitValue defines the limits for rate limiting.

func (*RateLimitValue) DeepCopy

func (in *RateLimitValue) DeepCopy() *RateLimitValue

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new RateLimitValue.

func (*RateLimitValue) DeepCopyInto

func (in *RateLimitValue) DeepCopyInto(out *RateLimitValue)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type RedisTLSSettings added in v0.6.0

type RedisTLSSettings struct {
	// CertificateRef defines the client certificate reference for TLS connections.
	// Currently only a Kubernetes Secret of type TLS is supported.
	// +optional
	CertificateRef *gwapiv1.SecretObjectReference `json:"certificateRef,omitempty"`
}

RedisTLSSettings defines the TLS configuration for connecting to redis database.

func (*RedisTLSSettings) DeepCopy added in v0.6.0

func (in *RedisTLSSettings) DeepCopy() *RedisTLSSettings

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new RedisTLSSettings.

func (*RedisTLSSettings) DeepCopyInto added in v0.6.0

func (in *RedisTLSSettings) DeepCopyInto(out *RedisTLSSettings)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type RemoteJWKS

type RemoteJWKS struct {
	// URI is the HTTPS URI to fetch the JWKS. Envoy's system trust bundle is used to
	// validate the server certificate.
	//
	// +kubebuilder:validation:MinLength=1
	// +kubebuilder:validation:MaxLength=253
	URI string `json:"uri"`
}

RemoteJWKS defines how to fetch and cache JSON Web Key Sets (JWKS) from a remote HTTP/HTTPS endpoint.

func (*RemoteJWKS) DeepCopy

func (in *RemoteJWKS) DeepCopy() *RemoteJWKS

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new RemoteJWKS.

func (*RemoteJWKS) DeepCopyInto

func (in *RemoteJWKS) DeepCopyInto(out *RemoteJWKS)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type ReplaceRegexMatch added in v1.2.0

type ReplaceRegexMatch struct {
	// Pattern matches a regular expression against the value of the HTTP Path.The regex string must
	// adhere to the syntax documented in https://github.com/google/re2/wiki/Syntax.
	// +kubebuilder:validation:MinLength=1
	Pattern string `json:"pattern"`
	// Substitution is an expression that replaces the matched portion.The expression may include numbered
	// capture groups that adhere to syntax documented in https://github.com/google/re2/wiki/Syntax.
	Substitution string `json:"substitution"`
}

func (*ReplaceRegexMatch) DeepCopy added in v1.2.0

func (in *ReplaceRegexMatch) DeepCopy() *ReplaceRegexMatch

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ReplaceRegexMatch.

func (*ReplaceRegexMatch) DeepCopyInto added in v1.2.0

func (in *ReplaceRegexMatch) DeepCopyInto(out *ReplaceRegexMatch)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type RequestHeaderCustomTag added in v0.6.0

type RequestHeaderCustomTag struct {
	// Name defines the name of the request header which to extract the value from.
	Name string `json:"name"`
	// DefaultValue defines the default value to use if the request header is not set.
	// +optional
	DefaultValue *string `json:"defaultValue,omitempty"`
}

RequestHeaderCustomTag adds value from request header to each span.

func (*RequestHeaderCustomTag) DeepCopy added in v0.6.0

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new RequestHeaderCustomTag.

func (*RequestHeaderCustomTag) DeepCopyInto added in v0.6.0

func (in *RequestHeaderCustomTag) DeepCopyInto(out *RequestHeaderCustomTag)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type ResourceProviderType added in v0.6.0

type ResourceProviderType string

ResourceProviderType defines the types of custom resource providers supported by Envoy Gateway.

+kubebuilder:validation:Enum=File

const (
	// ResourceProviderTypeFile defines the "File" provider.
	ResourceProviderTypeFile ResourceProviderType = "File"
)

type ResponseOverride added in v1.2.0

type ResponseOverride struct {
	// Match configuration.
	Match CustomResponseMatch `json:"match"`
	// Response configuration.
	Response CustomResponse `json:"response"`
}

ResponseOverride defines the configuration to override specific responses with a custom one.

func (*ResponseOverride) DeepCopy added in v1.2.0

func (in *ResponseOverride) DeepCopy() *ResponseOverride

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ResponseOverride.

func (*ResponseOverride) DeepCopyInto added in v1.2.0

func (in *ResponseOverride) DeepCopyInto(out *ResponseOverride)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type ResponseValueType added in v1.2.0

type ResponseValueType string

ResponseValueType defines the types of values for the response body supported by Envoy Gateway. +kubebuilder:validation:Enum=Inline;ValueRef

const (
	// ResponseValueTypeInline defines the "Inline" response body type.
	ResponseValueTypeInline ResponseValueType = "Inline"

	// ResponseValueTypeValueRef defines the "ValueRef" response body type.
	ResponseValueTypeValueRef ResponseValueType = "ValueRef"
)

type Retry added in v1.0.0

type Retry struct {
	// NumRetries is the number of retries to be attempted. Defaults to 2.
	//
	// +optional
	// +kubebuilder:validation:Minimum=0
	// +kubebuilder:default=2
	NumRetries *int32 `json:"numRetries,omitempty"`

	// RetryOn specifies the retry trigger condition.
	//
	// If not specified, the default is to retry on connect-failure,refused-stream,unavailable,cancelled,retriable-status-codes(503).
	// +optional
	RetryOn *RetryOn `json:"retryOn,omitempty"`

	// PerRetry is the retry policy to be applied per retry attempt.
	//
	// +optional
	PerRetry *PerRetryPolicy `json:"perRetry,omitempty"`
}

Retry defines the retry strategy to be applied.

func (*Retry) DeepCopy added in v1.0.0

func (in *Retry) DeepCopy() *Retry

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new Retry.

func (*Retry) DeepCopyInto added in v1.0.0

func (in *Retry) DeepCopyInto(out *Retry)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type RetryOn added in v1.0.0

type RetryOn struct {
	// Triggers specifies the retry trigger condition(Http/Grpc).
	//
	// +optional
	Triggers []TriggerEnum `json:"triggers,omitempty"`

	// HttpStatusCodes specifies the http status codes to be retried.
	// The retriable-status-codes trigger must also be configured for these status codes to trigger a retry.
	//
	// +optional
	HTTPStatusCodes []HTTPStatus `json:"httpStatusCodes,omitempty"`
}

func (*RetryOn) DeepCopy added in v1.0.0

func (in *RetryOn) DeepCopy() *RetryOn

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new RetryOn.

func (*RetryOn) DeepCopyInto added in v1.0.0

func (in *RetryOn) DeepCopyInto(out *RetryOn)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type RoutingType added in v1.1.0

type RoutingType string

RoutingType defines the type of routing of this Envoy proxy.

const (
	// ServiceRoutingType is the RoutingType for Service Cluster IP routing.
	ServiceRoutingType RoutingType = "Service"
	// EndpointRoutingType is the RoutingType for Endpoint routing.
	EndpointRoutingType RoutingType = "Endpoint"
)

type SecurityPolicy added in v0.6.0

type SecurityPolicy struct {
	metav1.TypeMeta   `json:",inline"`
	metav1.ObjectMeta `json:"metadata,omitempty"`

	// Spec defines the desired state of SecurityPolicy.
	Spec SecurityPolicySpec `json:"spec"`

	// Status defines the current status of SecurityPolicy.
	Status gwapiv1a2.PolicyStatus `json:"status,omitempty"`
}

SecurityPolicy allows the user to configure various security settings for a Gateway.

func (*SecurityPolicy) DeepCopy added in v0.6.0

func (in *SecurityPolicy) DeepCopy() *SecurityPolicy

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new SecurityPolicy.

func (*SecurityPolicy) DeepCopyInto added in v0.6.0

func (in *SecurityPolicy) DeepCopyInto(out *SecurityPolicy)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

func (*SecurityPolicy) DeepCopyObject added in v0.6.0

func (in *SecurityPolicy) DeepCopyObject() runtime.Object

DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.

type SecurityPolicyList added in v0.6.0

type SecurityPolicyList struct {
	metav1.TypeMeta `json:",inline"`
	metav1.ListMeta `json:"metadata,omitempty"`
	Items           []SecurityPolicy `json:"items"`
}

SecurityPolicyList contains a list of SecurityPolicy resources.

func (*SecurityPolicyList) DeepCopy added in v0.6.0

func (in *SecurityPolicyList) DeepCopy() *SecurityPolicyList

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new SecurityPolicyList.

func (*SecurityPolicyList) DeepCopyInto added in v0.6.0

func (in *SecurityPolicyList) DeepCopyInto(out *SecurityPolicyList)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

func (*SecurityPolicyList) DeepCopyObject added in v0.6.0

func (in *SecurityPolicyList) DeepCopyObject() runtime.Object

DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.

type SecurityPolicySpec added in v0.6.0

type SecurityPolicySpec struct {
	PolicyTargetReferences `json:",inline"`

	// CORS defines the configuration for Cross-Origin Resource Sharing (CORS).
	//
	// +optional
	CORS *CORS `json:"cors,omitempty"`

	// BasicAuth defines the configuration for the HTTP Basic Authentication.
	//
	// +optional
	BasicAuth *BasicAuth `json:"basicAuth,omitempty"`

	// JWT defines the configuration for JSON Web Token (JWT) authentication.
	//
	// +optional
	JWT *JWT `json:"jwt,omitempty"`

	// OIDC defines the configuration for the OpenID Connect (OIDC) authentication.
	//
	// +optional
	OIDC *OIDC `json:"oidc,omitempty"`

	// ExtAuth defines the configuration for External Authorization.
	//
	// +optional
	ExtAuth *ExtAuth `json:"extAuth,omitempty"`

	// Authorization defines the authorization configuration.
	//
	// +optional
	Authorization *Authorization `json:"authorization,omitempty"`
}

+kubebuilder:validation:XValidation:rule="(has(self.targetRef) && !has(self.targetRefs)) || (!has(self.targetRef) && has(self.targetRefs)) || (has(self.targetSelectors) && self.targetSelectors.size() > 0) ", message="either targetRef or targetRefs must be used"

+kubebuilder:validation:XValidation:rule="has(self.targetRef) ? self.targetRef.group == 'gateway.networking.k8s.io' : true", message="this policy can only have a targetRef.group of gateway.networking.k8s.io" +kubebuilder:validation:XValidation:rule="has(self.targetRef) ? self.targetRef.kind in ['Gateway', 'HTTPRoute', 'GRPCRoute'] : true", message="this policy can only have a targetRef.kind of Gateway/HTTPRoute/GRPCRoute" +kubebuilder:validation:XValidation:rule="has(self.targetRef) ? !has(self.targetRef.sectionName) : true",message="this policy does not yet support the sectionName field" +kubebuilder:validation:XValidation:rule="has(self.targetRefs) ? self.targetRefs.all(ref, ref.group == 'gateway.networking.k8s.io') : true ", message="this policy can only have a targetRefs[*].group of gateway.networking.k8s.io" +kubebuilder:validation:XValidation:rule="has(self.targetRefs) ? self.targetRefs.all(ref, ref.kind in ['Gateway', 'HTTPRoute', 'GRPCRoute']) : true ", message="this policy can only have a targetRefs[*].kind of Gateway/HTTPRoute/GRPCRoute" +kubebuilder:validation:XValidation:rule="has(self.targetRefs) ? self.targetRefs.all(ref, !has(ref.sectionName)) : true",message="this policy does not yet support the sectionName field" +kubebuilder:validation:XValidation:rule="(has(self.authorization) && has(self.authorization.rules) && self.authorization.rules.exists(r, has(r.principal.jwt))) ? has(self.jwt) : true", message="if authorization.rules.principal.jwt is used, jwt must be defined"

SecurityPolicySpec defines the desired state of SecurityPolicy.

func (*SecurityPolicySpec) DeepCopy added in v0.6.0

func (in *SecurityPolicySpec) DeepCopy() *SecurityPolicySpec

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new SecurityPolicySpec.

func (*SecurityPolicySpec) DeepCopyInto added in v0.6.0

func (in *SecurityPolicySpec) DeepCopyInto(out *SecurityPolicySpec)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type ServiceExternalTrafficPolicy added in v1.0.0

type ServiceExternalTrafficPolicy string

ServiceExternalTrafficPolicy describes how nodes distribute service traffic they receive on one of the Service's "externally-facing" addresses (NodePorts, ExternalIPs, and LoadBalancer IPs. +enum +kubebuilder:validation:Enum=Local;Cluster

const (
	// ServiceExternalTrafficPolicyCluster routes traffic to all endpoints.
	ServiceExternalTrafficPolicyCluster ServiceExternalTrafficPolicy = "Cluster"

	// ServiceExternalTrafficPolicyLocal preserves the source IP of the traffic by
	// routing only to endpoints on the same node as the traffic was received on
	// (dropping the traffic if there are no local endpoints).
	ServiceExternalTrafficPolicyLocal ServiceExternalTrafficPolicy = "Local"
)

func DefaultKubernetesServiceExternalTrafficPolicy added in v1.0.0

func DefaultKubernetesServiceExternalTrafficPolicy() *ServiceExternalTrafficPolicy

func GetKubernetesServiceExternalTrafficPolicy added in v1.0.0

func GetKubernetesServiceExternalTrafficPolicy(serviceExternalTrafficPolicy ServiceExternalTrafficPolicy) *ServiceExternalTrafficPolicy

type ServiceType added in v0.6.0

type ServiceType string

ServiceType string describes ingress methods for a service +enum +kubebuilder:validation:Enum=ClusterIP;LoadBalancer;NodePort

const (
	// ServiceTypeClusterIP means a service will only be accessible inside the
	// cluster, via the cluster IP.
	ServiceTypeClusterIP ServiceType = "ClusterIP"

	// ServiceTypeLoadBalancer means a service will be exposed via an
	// external load balancer (if the cloud provider supports it).
	ServiceTypeLoadBalancer ServiceType = "LoadBalancer"

	// ServiceTypeNodePort means a service will be exposed on each Kubernetes Node
	// at a static Port, common across all Nodes.
	ServiceTypeNodePort ServiceType = "NodePort"
)

func DefaultKubernetesServiceType added in v0.6.0

func DefaultKubernetesServiceType() *ServiceType

DefaultKubernetesServiceType returns a new KubernetesServiceType with default settings.

func GetKubernetesServiceType added in v0.6.0

func GetKubernetesServiceType(serviceType ServiceType) *ServiceType

GetKubernetesServiceType returns the KubernetesServiceType pointer.

type Session added in v1.2.0

type Session struct {
	// Resumption determines the proxy's supported TLS session resumption option.
	// By default, Envoy Gateway does not enable session resumption. Use sessionResumption to
	// enable stateful and stateless session resumption. Users should consider security impacts
	// of different resumption methods. Performance gains from resumption are diminished when
	// Envoy proxy is deployed with more than one replica.
	// +optional
	Resumption *SessionResumption `json:"resumption,omitempty"`
}

Session defines settings related to TLS session management.

func (*Session) DeepCopy added in v1.2.0

func (in *Session) DeepCopy() *Session

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new Session.

func (*Session) DeepCopyInto added in v1.2.0

func (in *Session) DeepCopyInto(out *Session)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type SessionResumption added in v1.2.0

type SessionResumption struct {
	// Stateless defines setting for stateless (session-ticket based) session resumption
	// +optional
	Stateless *StatelessTLSSessionResumption `json:"stateless,omitempty"`

	// Stateful defines setting for stateful (session-id based) session resumption
	// +optional
	Stateful *StatefulTLSSessionResumption `json:"stateful,omitempty"`
}

SessionResumption defines supported tls session resumption methods and their associated configuration.

func (*SessionResumption) DeepCopy added in v1.2.0

func (in *SessionResumption) DeepCopy() *SessionResumption

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new SessionResumption.

func (*SessionResumption) DeepCopyInto added in v1.2.0

func (in *SessionResumption) DeepCopyInto(out *SessionResumption)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type ShutdownConfig added in v1.0.0

type ShutdownConfig struct {
	// DrainTimeout defines the graceful drain timeout. This should be less than the pod's terminationGracePeriodSeconds.
	// If unspecified, defaults to 60 seconds.
	//
	// +optional
	DrainTimeout *metav1.Duration `json:"drainTimeout,omitempty"`
	// MinDrainDuration defines the minimum drain duration allowing time for endpoint deprogramming to complete.
	// If unspecified, defaults to 10 seconds.
	//
	// +optional
	MinDrainDuration *metav1.Duration `json:"minDrainDuration,omitempty"`
}

ShutdownConfig defines configuration for graceful envoy shutdown process.

func (*ShutdownConfig) DeepCopy added in v1.0.0

func (in *ShutdownConfig) DeepCopy() *ShutdownConfig

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ShutdownConfig.

func (*ShutdownConfig) DeepCopyInto added in v1.0.0

func (in *ShutdownConfig) DeepCopyInto(out *ShutdownConfig)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type ShutdownManager added in v1.1.0

type ShutdownManager struct {
	// Image specifies the ShutdownManager container image to be used, instead of the default image.
	Image *string `json:"image,omitempty"`
}

ShutdownManager defines the configuration for the shutdown manager.

func (*ShutdownManager) DeepCopy added in v1.1.0

func (in *ShutdownManager) DeepCopy() *ShutdownManager

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ShutdownManager.

func (*ShutdownManager) DeepCopyInto added in v1.1.0

func (in *ShutdownManager) DeepCopyInto(out *ShutdownManager)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type SlowStart added in v1.0.0

type SlowStart struct {
	// Window defines the duration of the warm up period for newly added host.
	// During slow start window, traffic sent to the newly added hosts will gradually increase.
	// Currently only supports linear growth of traffic. For additional details,
	// see https://www.envoyproxy.io/docs/envoy/latest/api-v3/config/cluster/v3/cluster.proto#config-cluster-v3-cluster-slowstartconfig
	// +kubebuilder:validation:Required
	Window *metav1.Duration `json:"window"`
}

SlowStart defines the configuration related to the slow start load balancer policy.

func (*SlowStart) DeepCopy added in v1.0.0

func (in *SlowStart) DeepCopy() *SlowStart

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new SlowStart.

func (*SlowStart) DeepCopyInto added in v1.0.0

func (in *SlowStart) DeepCopyInto(out *SlowStart)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type SourceMatch added in v0.5.0

type SourceMatch struct {
	// +optional
	// +kubebuilder:default=Exact
	Type *SourceMatchType `json:"type,omitempty"`

	// Value is the IP CIDR that represents the range of Source IP Addresses of the client.
	// These could also be the intermediate addresses through which the request has flown through and is part of the  `X-Forwarded-For` header.
	// For example, `192.168.0.1/32`, `192.168.0.0/24`, `001:db8::/64`.
	// +kubebuilder:validation:MinLength=1
	// +kubebuilder:validation:MaxLength=256
	Value string `json:"value"`
}

func (*SourceMatch) DeepCopy added in v0.5.0

func (in *SourceMatch) DeepCopy() *SourceMatch

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new SourceMatch.

func (*SourceMatch) DeepCopyInto added in v0.5.0

func (in *SourceMatch) DeepCopyInto(out *SourceMatch)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type SourceMatchType added in v0.5.0

type SourceMatchType string

+kubebuilder:validation:Enum=Exact;Distinct

const (
	// SourceMatchExact All IP Addresses within the specified Source IP CIDR are treated as a single client selector
	// and share the same rate limit bucket.
	SourceMatchExact SourceMatchType = "Exact"
	// SourceMatchDistinct Each IP Address within the specified Source IP CIDR is treated as a distinct client selector
	// and uses a separate rate limit bucket/counter.
	// Note: This is only supported for Global Rate Limits.
	SourceMatchDistinct SourceMatchType = "Distinct"
)

type StatefulTLSSessionResumption added in v1.2.0

type StatefulTLSSessionResumption struct{}

StatefulTLSSessionResumption defines the stateful (session-id based) type of TLS session resumption. Note: When Envoy Proxy is deployed with more than one replica, session caches are not synchronized between instances, possibly leading to resumption failures. Envoy does not re-validate client certificates upon session resumption. https://www.envoyproxy.io/docs/envoy/latest/api-v3/config/route/v3/route_components.proto#config-route-v3-routematch-tlscontextmatchoptions

func (*StatefulTLSSessionResumption) DeepCopy added in v1.2.0

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new StatefulTLSSessionResumption.

func (*StatefulTLSSessionResumption) DeepCopyInto added in v1.2.0

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type StatelessTLSSessionResumption added in v1.2.0

type StatelessTLSSessionResumption struct{}

StatelessTLSSessionResumption defines the stateless (session-ticket based) type of TLS session resumption. Note: When Envoy Proxy is deployed with more than one replica, session ticket encryption keys are not synchronized between instances, possibly leading to resumption failures. In-memory session ticket encryption keys are rotated every 48 hours. https://www.envoyproxy.io/docs/envoy/latest/api-v3/extensions/transport_sockets/tls/v3/common.proto#extensions-transport-sockets-tls-v3-tlssessionticketkeys https://commondatastorage.googleapis.com/chromium-boringssl-docs/ssl.h.html#Session-tickets

func (*StatelessTLSSessionResumption) DeepCopy added in v1.2.0

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new StatelessTLSSessionResumption.

func (*StatelessTLSSessionResumption) DeepCopyInto added in v1.2.0

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type StatusCodeMatch added in v1.2.0

type StatusCodeMatch struct {
	// Type is the type of value.
	// Valid values are Value and Range, default is Value.
	//
	// +kubebuilder:default=Value
	// +kubebuilder:validation:Enum=Value;Range
	// +unionDiscriminator
	Type *StatusCodeValueType `json:"type"`

	// Value contains the value of the status code.
	//
	// +optional
	Value *int `json:"value,omitempty"`

	// Range contains the range of status codes.
	//
	// +optional
	Range *StatusCodeRange `json:"range,omitempty"`
}

StatusCodeMatch defines the configuration for matching a status code. +kubebuilder:validation:XValidation:message="value must be set for type Value",rule="(!has(self.type) || self.type == 'Value')? has(self.value) : true" +kubebuilder:validation:XValidation:message="range must be set for type Range",rule="(has(self.type) && self.type == 'Range')? has(self.range) : true"

func (*StatusCodeMatch) DeepCopy added in v1.2.0

func (in *StatusCodeMatch) DeepCopy() *StatusCodeMatch

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new StatusCodeMatch.

func (*StatusCodeMatch) DeepCopyInto added in v1.2.0

func (in *StatusCodeMatch) DeepCopyInto(out *StatusCodeMatch)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type StatusCodeRange added in v1.2.0

type StatusCodeRange struct {
	// Start of the range, including the start value.
	Start int `json:"start"`
	// End of the range, including the end value.
	End int `json:"end"`
}

StatusCodeRange defines the configuration for define a range of status codes. +kubebuilder:validation:XValidation: message="end must be greater than start",rule="self.end > self.start"

func (*StatusCodeRange) DeepCopy added in v1.2.0

func (in *StatusCodeRange) DeepCopy() *StatusCodeRange

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new StatusCodeRange.

func (*StatusCodeRange) DeepCopyInto added in v1.2.0

func (in *StatusCodeRange) DeepCopyInto(out *StatusCodeRange)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type StatusCodeValueType added in v1.2.0

type StatusCodeValueType string

StatusCodeValueType defines the types of values for the status code match supported by Envoy Gateway. +kubebuilder:validation:Enum=Value;Range

const (
	// StatusCodeValueTypeValue defines the "Value" status code match type.
	StatusCodeValueTypeValue StatusCodeValueType = "Value"

	// StatusCodeValueTypeRange defines the "Range" status code match type.
	StatusCodeValueTypeRange StatusCodeValueType = "Range"
)

type StringMatch added in v0.6.0

type StringMatch struct {
	// Type specifies how to match against a string.
	//
	// +optional
	// +kubebuilder:default=Exact
	Type *StringMatchType `json:"type,omitempty"`

	// Value specifies the string value that the match must have.
	//
	// +kubebuilder:validation:MinLength=1
	// +kubebuilder:validation:MaxLength=1024
	Value string `json:"value"`
}

StringMatch defines how to match any strings. This is a general purpose match condition that can be used by other EG APIs that need to match against a string.

func (*StringMatch) DeepCopy added in v0.6.0

func (in *StringMatch) DeepCopy() *StringMatch

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new StringMatch.

func (*StringMatch) DeepCopyInto added in v0.6.0

func (in *StringMatch) DeepCopyInto(out *StringMatch)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type StringMatchType added in v1.0.0

type StringMatchType string

StringMatchType specifies the semantics of how a string value should be compared. Valid MatchType values are "Exact", "Prefix", "Suffix", "RegularExpression".

+kubebuilder:validation:Enum=Exact;Prefix;Suffix;RegularExpression

const (
	// StringMatchExact :the input string must match exactly the match value.
	StringMatchExact StringMatchType = "Exact"

	// StringMatchPrefix :the input string must start with the match value.
	StringMatchPrefix StringMatchType = "Prefix"

	// StringMatchSuffix :the input string must end with the match value.
	StringMatchSuffix StringMatchType = "Suffix"

	// StringMatchRegularExpression :The input string must match the regular expression
	// specified in the match value.
	// The regex string must adhere to the syntax documented in
	// https://github.com/google/re2/wiki/Syntax.
	StringMatchRegularExpression StringMatchType = "RegularExpression"
)

type TCPActiveHealthChecker added in v1.0.0

type TCPActiveHealthChecker struct {
	// Send defines the request payload.
	// +optional
	Send *ActiveHealthCheckPayload `json:"send,omitempty" yaml:"send,omitempty"`
	// Receive defines the expected response payload.
	// +optional
	Receive *ActiveHealthCheckPayload `json:"receive,omitempty" yaml:"receive,omitempty"`
}

TCPActiveHealthChecker defines the settings of tcp health check.

func (*TCPActiveHealthChecker) DeepCopy added in v1.0.0

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new TCPActiveHealthChecker.

func (*TCPActiveHealthChecker) DeepCopyInto added in v1.0.0

func (in *TCPActiveHealthChecker) DeepCopyInto(out *TCPActiveHealthChecker)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type TCPClientTimeout added in v1.1.0

type TCPClientTimeout struct {
	// IdleTimeout for a TCP connection. Idle time is defined as a period in which there are no
	// bytes sent or received on either the upstream or downstream connection.
	// Default: 1 hour.
	//
	// +optional
	IdleTimeout *gwapiv1.Duration `json:"idleTimeout,omitempty"`
}

TCPClientTimeout only provides timeout configuration on the listener whose protocol is TCP or TLS.

func (*TCPClientTimeout) DeepCopy added in v1.1.0

func (in *TCPClientTimeout) DeepCopy() *TCPClientTimeout

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new TCPClientTimeout.

func (*TCPClientTimeout) DeepCopyInto added in v1.1.0

func (in *TCPClientTimeout) DeepCopyInto(out *TCPClientTimeout)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type TCPKeepalive added in v0.6.0

type TCPKeepalive struct {
	// The total number of unacknowledged probes to send before deciding
	// the connection is dead.
	// Defaults to 9.
	//
	// +optional
	Probes *uint32 `json:"probes,omitempty"`
	// The duration a connection needs to be idle before keep-alive
	// probes start being sent.
	// The duration format is
	// Defaults to `7200s`.
	//
	// +optional
	IdleTime *gwapiv1.Duration `json:"idleTime,omitempty"`
	// The duration between keep-alive probes.
	// Defaults to `75s`.
	//
	// +optional
	Interval *gwapiv1.Duration `json:"interval,omitempty"`
}

TCPKeepalive define the TCP Keepalive configuration.

func (*TCPKeepalive) DeepCopy added in v0.6.0

func (in *TCPKeepalive) DeepCopy() *TCPKeepalive

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new TCPKeepalive.

func (*TCPKeepalive) DeepCopyInto added in v0.6.0

func (in *TCPKeepalive) DeepCopyInto(out *TCPKeepalive)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type TCPTimeout added in v1.0.0

type TCPTimeout struct {
	// The timeout for network connection establishment, including TCP and TLS handshakes.
	// Default: 10 seconds.
	//
	// +optional
	ConnectTimeout *gwapiv1.Duration `json:"connectTimeout,omitempty"`
}

func (*TCPTimeout) DeepCopy added in v1.0.0

func (in *TCPTimeout) DeepCopy() *TCPTimeout

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new TCPTimeout.

func (*TCPTimeout) DeepCopyInto added in v1.0.0

func (in *TCPTimeout) DeepCopyInto(out *TCPTimeout)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type TLSSettings added in v1.0.0

type TLSSettings struct {
	// Min specifies the minimal TLS protocol version to allow.
	// The default is TLS 1.2 if this is not specified.
	//
	// +optional
	MinVersion *TLSVersion `json:"minVersion,omitempty"`

	// Max specifies the maximal TLS protocol version to allow
	// The default is TLS 1.3 if this is not specified.
	//
	// +optional
	MaxVersion *TLSVersion `json:"maxVersion,omitempty"`

	// Ciphers specifies the set of cipher suites supported when
	// negotiating TLS 1.0 - 1.2. This setting has no effect for TLS 1.3.
	// In non-FIPS Envoy Proxy builds the default cipher list is:
	// - [ECDHE-ECDSA-AES128-GCM-SHA256|ECDHE-ECDSA-CHACHA20-POLY1305]
	// - [ECDHE-RSA-AES128-GCM-SHA256|ECDHE-RSA-CHACHA20-POLY1305]
	// - ECDHE-ECDSA-AES256-GCM-SHA384
	// - ECDHE-RSA-AES256-GCM-SHA384
	// In builds using BoringSSL FIPS the default cipher list is:
	// - ECDHE-ECDSA-AES128-GCM-SHA256
	// - ECDHE-RSA-AES128-GCM-SHA256
	// - ECDHE-ECDSA-AES256-GCM-SHA384
	// - ECDHE-RSA-AES256-GCM-SHA384
	//
	// +optional
	Ciphers []string `json:"ciphers,omitempty"`

	// ECDHCurves specifies the set of supported ECDH curves.
	// In non-FIPS Envoy Proxy builds the default curves are:
	// - X25519
	// - P-256
	// In builds using BoringSSL FIPS the default curve is:
	// - P-256
	//
	// +optional
	ECDHCurves []string `json:"ecdhCurves,omitempty"`

	// SignatureAlgorithms specifies which signature algorithms the listener should
	// support.
	//
	// +optional
	SignatureAlgorithms []string `json:"signatureAlgorithms,omitempty"`

	// ALPNProtocols supplies the list of ALPN protocols that should be
	// exposed by the listener. By default h2 and http/1.1 are enabled.
	// Supported values are:
	// - http/1.0
	// - http/1.1
	// - h2
	//
	// +optional
	ALPNProtocols []ALPNProtocol `json:"alpnProtocols,omitempty"`
}

+kubebuilder:validation:XValidation:rule="has(self.minVersion) && self.minVersion == '1.3' ? !has(self.ciphers) : true", message="setting ciphers has no effect if the minimum possible TLS version is 1.3" +kubebuilder:validation:XValidation:rule="has(self.minVersion) && has(self.maxVersion) ? {\"Auto\":0,\"1.0\":1,\"1.1\":2,\"1.2\":3,\"1.3\":4}[self.minVersion] <= {\"1.0\":1,\"1.1\":2,\"1.2\":3,\"1.3\":4,\"Auto\":5}[self.maxVersion] : !has(self.minVersion) && has(self.maxVersion) ? 3 <= {\"1.0\":1,\"1.1\":2,\"1.2\":3,\"1.3\":4,\"Auto\":5}[self.maxVersion] : true", message="minVersion must be smaller or equal to maxVersion"

func (*TLSSettings) DeepCopy added in v1.0.0

func (in *TLSSettings) DeepCopy() *TLSSettings

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new TLSSettings.

func (*TLSSettings) DeepCopyInto added in v1.0.0

func (in *TLSSettings) DeepCopyInto(out *TLSSettings)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type TLSVersion added in v1.0.0

type TLSVersion string

TLSVersion specifies the TLS version +kubebuilder:validation:Enum=Auto;"1.0";"1.1";"1.2";"1.3"

const (
	// TLSAuto allows Envoy to choose the optimal TLS Version
	TLSAuto TLSVersion = "Auto"
	// TLS1.0 specifies TLS version 1.0
	TLSv10 TLSVersion = "1.0"
	// TLS1.1 specifies TLS version 1.1
	TLSv11 TLSVersion = "1.1"
	// TLSv1.2 specifies TLS version 1.2
	TLSv12 TLSVersion = "1.2"
	// TLSv1.3 specifies TLS version 1.3
	TLSv13 TLSVersion = "1.3"
)

type TargetSelector added in v1.1.0

type TargetSelector struct {
	// Group is the group that this selector targets. Defaults to gateway.networking.k8s.io
	//
	// +kubebuilder:default:="gateway.networking.k8s.io"
	Group *gwapiv1a2.Group `json:"group,omitempty"`

	// Kind is the resource kind that this selector targets.
	Kind gwapiv1a2.Kind `json:"kind"`

	// MatchLabels are the set of label selectors for identifying the targeted resource
	MatchLabels map[string]string `json:"matchLabels"`
}

+kubebuilder:validation:XValidation:rule="has(self.group) ? self.group == 'gateway.networking.k8s.io' : true ", message="group must be gateway.networking.k8s.io"

func (*TargetSelector) DeepCopy added in v1.1.0

func (in *TargetSelector) DeepCopy() *TargetSelector

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new TargetSelector.

func (*TargetSelector) DeepCopyInto added in v1.1.0

func (in *TargetSelector) DeepCopyInto(out *TargetSelector)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type Timeout added in v1.0.0

type Timeout struct {
	// Timeout settings for TCP.
	//
	// +optional
	TCP *TCPTimeout `json:"tcp,omitempty"`

	// Timeout settings for HTTP.
	//
	// +optional
	HTTP *HTTPTimeout `json:"http,omitempty"`
}

Timeout defines configuration for timeouts related to connections.

func (*Timeout) DeepCopy added in v1.0.0

func (in *Timeout) DeepCopy() *Timeout

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new Timeout.

func (*Timeout) DeepCopyInto added in v1.0.0

func (in *Timeout) DeepCopyInto(out *Timeout)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type TracingProvider added in v0.6.0

type TracingProvider struct {
	BackendCluster `json:",inline"`
	// Type defines the tracing provider type.
	// +kubebuilder:validation:Enum=OpenTelemetry;Zipkin;Datadog
	// +kubebuilder:default=OpenTelemetry
	Type TracingProviderType `json:"type"`
	// Host define the provider service hostname.
	// Deprecated: Use BackendRefs instead.
	//
	// +optional
	Host *string `json:"host,omitempty"`
	// Port defines the port the provider service is exposed on.
	// Deprecated: Use BackendRefs instead.
	//
	// +optional
	// +kubebuilder:validation:Minimum=0
	// +kubebuilder:default=4317
	Port int32 `json:"port,omitempty"`
	// Zipkin defines the Zipkin tracing provider configuration
	// +optional
	Zipkin *ZipkinTracingProvider `json:"zipkin,omitempty"`
}

TracingProvider defines the tracing provider configuration.

+kubebuilder:validation:XValidation:message="host or backendRefs needs to be set",rule="has(self.host) || self.backendRefs.size() > 0" +kubebuilder:validation:XValidation:message="BackendRefs must be used, backendRef is not supported.",rule="!has(self.backendRef)" +kubebuilder:validation:XValidation:message="only supports Service kind.",rule="has(self.backendRefs) ? self.backendRefs.all(f, f.kind == 'Service') : true" +kubebuilder:validation:XValidation:message="BackendRefs only supports Core group.",rule="has(self.backendRefs) ? (self.backendRefs.all(f, f.group == \"\")) : true"

func (*TracingProvider) DeepCopy added in v0.6.0

func (in *TracingProvider) DeepCopy() *TracingProvider

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new TracingProvider.

func (*TracingProvider) DeepCopyInto added in v0.6.0

func (in *TracingProvider) DeepCopyInto(out *TracingProvider)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type TracingProviderType added in v0.6.0

type TracingProviderType string
const (
	TracingProviderTypeOpenTelemetry TracingProviderType = "OpenTelemetry"
	TracingProviderTypeZipkin        TracingProviderType = "Zipkin"
	TracingProviderTypeDatadog       TracingProviderType = "Datadog"
)
const (
	RateLimitTracingProviderTypeOpenTelemetry TracingProviderType = "OpenTelemetry"
)

type TriggerEnum added in v1.0.0

type TriggerEnum string

TriggerEnum specifies the conditions that trigger retries. +kubebuilder:validation:Enum={"5xx","gateway-error","reset","connect-failure","retriable-4xx","refused-stream","retriable-status-codes","cancelled","deadline-exceeded","internal","resource-exhausted","unavailable"}

const (

	// The upstream server responds with any 5xx response code, or does not respond at all (disconnect/reset/read timeout).
	// Includes connect-failure and refused-stream.
	Error5XX TriggerEnum = "5xx"
	// The response is a gateway error (502,503 or 504).
	GatewayError TriggerEnum = "gateway-error"
	// The upstream server does not respond at all (disconnect/reset/read timeout.)
	Reset TriggerEnum = "reset"
	// Connection failure to the upstream server (connect timeout, etc.). (Included in *5xx*)
	ConnectFailure TriggerEnum = "connect-failure"
	// The upstream server responds with a retriable 4xx response code.
	// Currently, the only response code in this category is 409.
	Retriable4XX TriggerEnum = "retriable-4xx"
	// The upstream server resets the stream with a REFUSED_STREAM error code.
	RefusedStream TriggerEnum = "refused-stream"
	// The upstream server responds with any response code matching one defined in the RetriableStatusCodes.
	RetriableStatusCodes TriggerEnum = "retriable-status-codes"

	// The gRPC status code in the response headers is “cancelled”.
	Cancelled TriggerEnum = "cancelled"
	// The gRPC status code in the response headers is “deadline-exceeded”.
	DeadlineExceeded TriggerEnum = "deadline-exceeded"
	// The gRPC status code in the response headers is “internal”.
	Internal TriggerEnum = "internal"
	// The gRPC status code in the response headers is “resource-exhausted”.
	ResourceExhausted TriggerEnum = "resource-exhausted"
	// The gRPC status code in the response headers is “unavailable”.
	Unavailable TriggerEnum = "unavailable"
)

type UnixSocket added in v1.1.0

type UnixSocket struct {
	// Path defines the unix domain socket path of the backend endpoint.
	Path string `json:"path"`
}

UnixSocket describes TCP/UDP unix domain socket address, corresponding to Envoy's Pipe https://www.envoyproxy.io/docs/envoy/latest/api-v3/config/core/v3/address.proto#config-core-v3-pipe

func (*UnixSocket) DeepCopy added in v1.1.0

func (in *UnixSocket) DeepCopy() *UnixSocket

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new UnixSocket.

func (*UnixSocket) DeepCopyInto added in v1.1.0

func (in *UnixSocket) DeepCopyInto(out *UnixSocket)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type Wasm added in v1.1.0

type Wasm struct {
	// Name is a unique name for this Wasm extension. It is used to identify the
	// Wasm extension if multiple extensions are handled by the same vm_id and root_id.
	// It's also used for logging/debugging.
	// If not specified, EG will generate a unique name for the Wasm extension.
	//
	// +optional
	Name *string `json:"name,omitempty"`

	// RootID is a unique ID for a set of extensions in a VM which will share a
	// RootContext and Contexts if applicable (e.g., an Wasm HttpFilter and an Wasm AccessLog).
	// If left blank, all extensions with a blank root_id with the same vm_id will share Context(s).
	//
	// Note: RootID must match the root_id parameter used to register the Context in the Wasm code.
	RootID *string `json:"rootID,omitempty"`

	// Code is the Wasm code for the extension.
	Code WasmCodeSource `json:"code"`

	// Config is the configuration for the Wasm extension.
	// This configuration will be passed as a JSON string to the Wasm extension.
	// +optional
	Config *apiextensionsv1.JSON `json:"config,omitempty"`

	// FailOpen is a switch used to control the behavior when a fatal error occurs
	// during the initialization or the execution of the Wasm extension.
	// If FailOpen is set to true, the system bypasses the Wasm extension and
	// allows the traffic to pass through. Otherwise, if it is set to false or
	// not set (defaulting to false), the system blocks the traffic and returns
	// an HTTP 5xx error.
	//
	// +optional
	// +kubebuilder:default=false
	FailOpen *bool `json:"failOpen,omitempty"`
}

Wasm defines a Wasm extension.

Note: at the moment, Envoy Gateway does not support configuring Wasm runtime. v8 is used as the VM runtime for the Wasm extensions.

func (*Wasm) DeepCopy added in v1.1.0

func (in *Wasm) DeepCopy() *Wasm

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new Wasm.

func (*Wasm) DeepCopyInto added in v1.1.0

func (in *Wasm) DeepCopyInto(out *Wasm)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type WasmCodeSource added in v1.1.0

type WasmCodeSource struct {
	// Type is the type of the source of the Wasm code.
	// Valid WasmCodeSourceType values are "HTTP" or "Image".
	//
	// +kubebuilder:validation:Enum=HTTP;Image;ConfigMap
	// +unionDiscriminator
	Type WasmCodeSourceType `json:"type"`

	// HTTP is the HTTP URL containing the Wasm code.
	//
	// Note that the HTTP server must be accessible from the Envoy proxy.
	// +optional
	HTTP *HTTPWasmCodeSource `json:"http,omitempty"`

	// Image is the OCI image containing the Wasm code.
	//
	// Note that the image must be accessible from the Envoy Gateway.
	// +optional
	Image *ImageWasmCodeSource `json:"image,omitempty"`

	// PullPolicy is the policy to use when pulling the Wasm module by either the HTTP or Image source.
	// This field is only applicable when the SHA256 field is not set.
	//
	// If not specified, the default policy is IfNotPresent except for OCI images whose tag is latest.
	//
	// Note: EG does not update the Wasm module every time an Envoy proxy requests
	// the Wasm module even if the pull policy is set to Always.
	// It only updates the Wasm module when the EnvoyExtension resource version changes.
	// +optional
	PullPolicy *ImagePullPolicy `json:"pullPolicy,omitempty"`
}

WasmCodeSource defines the source of the Wasm code. +union

+kubebuilder:validation:XValidation:rule="self.type == 'HTTP' ? has(self.http) : !has(self.http)",message="If type is HTTP, http field needs to be set." +kubebuilder:validation:XValidation:rule="self.type == 'Image' ? has(self.image) : !has(self.image)",message="If type is Image, image field needs to be set."

func (*WasmCodeSource) DeepCopy added in v1.1.0

func (in *WasmCodeSource) DeepCopy() *WasmCodeSource

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new WasmCodeSource.

func (*WasmCodeSource) DeepCopyInto added in v1.1.0

func (in *WasmCodeSource) DeepCopyInto(out *WasmCodeSource)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type WasmCodeSourceType added in v1.1.0

type WasmCodeSourceType string

WasmCodeSourceType specifies the types of sources for the Wasm code. +kubebuilder:validation:Enum=HTTP;Image

const (
	// HTTPWasmCodeSourceType allows the user to specify the Wasm code in an HTTP URL.
	HTTPWasmCodeSourceType WasmCodeSourceType = "HTTP"

	// ImageWasmCodeSourceType allows the user to specify the Wasm code in an OCI image.
	ImageWasmCodeSourceType WasmCodeSourceType = "Image"
)

type WithUnderscoresAction added in v1.1.0

type WithUnderscoresAction string

WithUnderscoresAction configures the action to take when an HTTP header with underscores is encountered. +kubebuilder:validation:Enum=Allow;RejectRequest;DropHeader

const (
	// WithUnderscoresActionAllow allows headers with underscores to be passed through.
	WithUnderscoresActionAllow WithUnderscoresAction = "Allow"
	// WithUnderscoresActionRejectRequest rejects the client request. HTTP/1 requests are rejected with
	// the 400 status. HTTP/2 requests end with the stream reset.
	WithUnderscoresActionRejectRequest WithUnderscoresAction = "RejectRequest"
	// WithUnderscoresActionDropHeader drops the client header with name containing underscores. The header
	// is dropped before the filter chain is invoked and as such filters will not see
	// dropped headers.
	WithUnderscoresActionDropHeader WithUnderscoresAction = "DropHeader"
)

type XDSTranslatorHook added in v0.6.0

type XDSTranslatorHook string

XDSTranslatorHook defines the types of hooks that an Envoy Gateway extension may support for the xds-translator

+kubebuilder:validation:Enum=VirtualHost;Route;HTTPListener;Translation

const (
	XDSVirtualHost  XDSTranslatorHook = "VirtualHost"
	XDSRoute        XDSTranslatorHook = "Route"
	XDSHTTPListener XDSTranslatorHook = "HTTPListener"
	XDSTranslation  XDSTranslatorHook = "Translation"
)

type XDSTranslatorHooks added in v0.6.0

type XDSTranslatorHooks struct {
	Pre  []XDSTranslatorHook `json:"pre,omitempty"`
	Post []XDSTranslatorHook `json:"post,omitempty"`
}

XDSTranslatorHooks contains all the pre and post hooks for the xds-translator runner.

func (*XDSTranslatorHooks) DeepCopy added in v0.6.0

func (in *XDSTranslatorHooks) DeepCopy() *XDSTranslatorHooks

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new XDSTranslatorHooks.

func (*XDSTranslatorHooks) DeepCopyInto added in v0.6.0

func (in *XDSTranslatorHooks) DeepCopyInto(out *XDSTranslatorHooks)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type XFCCCertData added in v1.1.0

type XFCCCertData string

XFCCCertData specifies the fields in the client certificate to be forwarded in the XFCC header. +kubebuilder:validation:Enum=Subject;Cert;Chain;DNS;URI

const (
	// XFCCCertDataSubject is the Subject field of the current client certificate.
	XFCCCertDataSubject XFCCCertData = "Subject"
	// XFCCCertDataCert is the entire client certificate in URL encoded PEM format.
	XFCCCertDataCert XFCCCertData = "Cert"
	// XFCCCertDataChain is the entire client certificate chain (including the leaf certificate) in URL encoded PEM format.
	XFCCCertDataChain XFCCCertData = "Chain"
	// XFCCCertDataDNS is the DNS type Subject Alternative Name field of the current client certificate.
	XFCCCertDataDNS XFCCCertData = "DNS"
	// XFCCCertDataURI is the URI type Subject Alternative Name field of the current client certificate.
	XFCCCertDataURI XFCCCertData = "URI"
)

type XFCCForwardMode added in v1.1.0

type XFCCForwardMode string

XFCCForwardMode defines how XFCC header is handled by Envoy Proxy. +kubebuilder:validation:Enum=Sanitize;ForwardOnly;AppendForward;SanitizeSet;AlwaysForwardOnly

const (
	// XFCCForwardModeSanitize removes the XFCC header from the request. This is the default mode.
	XFCCForwardModeSanitize XFCCForwardMode = "Sanitize"

	// XFCCForwardModeForwardOnly forwards the XFCC header in the request if the client connection is mTLS.
	XFCCForwardModeForwardOnly XFCCForwardMode = "ForwardOnly"

	// XFCCForwardModeAppendForward appends the client certificate information to the request’s XFCC header and forward it if the client connection is mTLS.
	XFCCForwardModeAppendForward XFCCForwardMode = "AppendForward"

	// XFCCForwardModeSanitizeSet resets the XFCC header with the client certificate information and forward it if the client connection is mTLS.
	// The existing certificate information in the XFCC header is removed.
	XFCCForwardModeSanitizeSet XFCCForwardMode = "SanitizeSet"

	// XFCCForwardModeAlwaysForwardOnly always forwards the XFCC header in the request, regardless of whether the client connection is mTLS.
	XFCCForwardModeAlwaysForwardOnly XFCCForwardMode = "AlwaysForwardOnly"
)

type XForwardedClientCert added in v1.1.0

type XForwardedClientCert struct {
	// Mode defines how XFCC header is handled by Envoy Proxy.
	// If not set, the default mode is `Sanitize`.
	// +optional
	Mode *XFCCForwardMode `json:"mode,omitempty"`

	// CertDetailsToAdd specifies the fields in the client certificate to be forwarded in the XFCC header.
	//
	// Hash(the SHA 256 digest of the current client certificate) and By(the Subject Alternative Name)
	// are always included if the client certificate is forwarded.
	//
	// This field is only applicable when the mode is set to `AppendForward` or
	// `SanitizeSet` and the client connection is mTLS.
	// +kubebuilder:validation:MaxItems=5
	// +optional
	CertDetailsToAdd []XFCCCertData `json:"certDetailsToAdd,omitempty"`
}

XForwardedClientCert configures how Envoy Proxy handle the x-forwarded-client-cert (XFCC) HTTP header. +kubebuilder:validation:XValidation:rule="(has(self.certDetailsToAdd) && self.certDetailsToAdd.size() > 0) ? (self.mode == 'AppendForward' || self.mode == 'SanitizeSet') : true",message="certDetailsToAdd can only be set when mode is AppendForward or SanitizeSet"

func (*XForwardedClientCert) DeepCopy added in v1.1.0

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new XForwardedClientCert.

func (*XForwardedClientCert) DeepCopyInto added in v1.1.0

func (in *XForwardedClientCert) DeepCopyInto(out *XForwardedClientCert)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type XForwardedForSettings added in v1.0.0

type XForwardedForSettings struct {
	// NumTrustedHops controls the number of additional ingress proxy hops from the right side of XFF HTTP
	// headers to trust when determining the origin client's IP address.
	// Refer to https://www.envoyproxy.io/docs/envoy/latest/configuration/http/http_conn_man/headers#x-forwarded-for
	// for more details.
	//
	// +optional
	NumTrustedHops *uint32 `json:"numTrustedHops,omitempty"`
}

XForwardedForSettings provides configuration for using X-Forwarded-For headers for determining the client IP address.

func (*XForwardedForSettings) DeepCopy added in v1.0.0

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new XForwardedForSettings.

func (*XForwardedForSettings) DeepCopyInto added in v1.0.0

func (in *XForwardedForSettings) DeepCopyInto(out *XForwardedForSettings)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type ZipkinTracingProvider added in v1.1.0

type ZipkinTracingProvider struct {
	// Enable128BitTraceID determines whether a 128bit trace id will be used
	// when creating a new trace instance. If set to false, a 64bit trace
	// id will be used.
	// +optional
	Enable128BitTraceID *bool `json:"enable128BitTraceId,omitempty"`
	// DisableSharedSpanContext determines whether the default Envoy behaviour of
	// client and server spans sharing the same span context should be disabled.
	// +optional
	DisableSharedSpanContext *bool `json:"disableSharedSpanContext,omitempty"`
}

ZipkinTracingProvider defines the Zipkin tracing provider configuration.

func (*ZipkinTracingProvider) DeepCopy added in v1.1.0

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ZipkinTracingProvider.

func (*ZipkinTracingProvider) DeepCopyInto added in v1.1.0

func (in *ZipkinTracingProvider) DeepCopyInto(out *ZipkinTracingProvider)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

Directories

Path Synopsis

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL