← Back to index Esc
Kind
Backendtrafficpolicy
Group
gateway.envoyproxy.io
Version
v1alpha1
apiVersion: gateway.envoyproxy.io/v1alpha1 kind: Backendtrafficpolicy metadata: name: example
View raw schema
apiVersion string
APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
kind string
Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
metadata object
spec object required
spec defines the desired state of BackendTrafficPolicy.
circuitBreaker object
Circuit Breaker settings for the upstream connections and requests. If not set, circuit breakers will be enabled with the default thresholds
maxConnections integer
The maximum number of connections that Envoy will establish to the referenced backend defined within a xRoute rule.
format: int64
minimum: 0
maximum: 4.294967295e+09
maxParallelRequests integer
The maximum number of parallel requests that Envoy will make to the referenced backend defined within a xRoute rule.
format: int64
minimum: 0
maximum: 4.294967295e+09
maxParallelRetries integer
The maximum number of parallel retries that Envoy will make to the referenced backend defined within a xRoute rule.
format: int64
minimum: 0
maximum: 4.294967295e+09
maxPendingRequests integer
The maximum number of pending requests that Envoy will queue to the referenced backend defined within a xRoute rule.
format: int64
minimum: 0
maximum: 4.294967295e+09
maxRequestsPerConnection integer
The maximum number of requests that Envoy will make over a single connection to the referenced backend defined within a xRoute rule. Default: unlimited.
format: int64
minimum: 0
maximum: 4.294967295e+09
perEndpoint object
PerEndpoint defines Circuit Breakers that will apply per-endpoint for an upstream cluster
maxConnections integer
MaxConnections configures the maximum number of connections that Envoy will establish per-endpoint to the referenced backend defined within a xRoute rule.
format: int64
minimum: 0
maximum: 4.294967295e+09
compression []object
The compression config for the http streams. Deprecated: Use Compressor instead.
brotli object
The configuration for Brotli compressor.
gzip object
The configuration for GZIP compressor.
minContentLength object
MinContentLength defines the minimum response size in bytes to apply compression. Responses smaller than this threshold will not be compressed. Must be at least 30 bytes as enforced by Envoy Proxy. Note that when the suffix is not provided, the value is interpreted as bytes. Default: 30 bytes
type string required
CompressorType defines the compressor type to use for compression.
enum: Gzip, Brotli, Zstd
zstd object
The configuration for Zstd compressor.
compressor []object
The compressor config for the http streams. This provides more granular control over compression configuration. Order matters: The first compressor in the list is preferred when q-values in Accept-Encoding are equal.
brotli object
The configuration for Brotli compressor.
gzip object
The configuration for GZIP compressor.
minContentLength object
MinContentLength defines the minimum response size in bytes to apply compression. Responses smaller than this threshold will not be compressed. Must be at least 30 bytes as enforced by Envoy Proxy. Note that when the suffix is not provided, the value is interpreted as bytes. Default: 30 bytes
type string required
CompressorType defines the compressor type to use for compression.
enum: Gzip, Brotli, Zstd
zstd object
The configuration for Zstd compressor.
connection object
Connection includes backend connection settings.
bufferLimit object
BufferLimit Soft limit on size of the cluster’s connections read and write buffers. BufferLimit applies to connection streaming (maybe non-streaming) channel between processes, it's in user space. If unspecified, an implementation defined default is applied (32768 bytes). For example, 20Mi, 1Gi, 256Ki etc. Note: that when the suffix is not provided, the value is interpreted as bytes.
preconnect object
Preconnect configures proactive upstream connections to reduce latency by establishing connections before they’re needed and avoiding connection establishment overhead. If unset, Envoy will fetch connections as needed to serve in-flight requests.
perEndpointPercent integer
PerEndpointPercent configures how many additional connections to maintain per upstream endpoint, useful for high-QPS or latency sensitive services. Expressed as a percentage of the connections required by active streams (e.g. 100 = preconnect disabled, 105 = 1.05x connections per-endpoint, 200 = 2.00×). Allowed value range is between 100-300. When both PerEndpointPercent and PredictivePercent are set, Envoy ensures both are satisfied (max of the two).
format: int32
minimum: 100
maximum: 300
predictivePercent integer
PredictivePercent configures how many additional connections to maintain across the cluster by anticipating which upstream endpoint the load balancer will select next, useful for low-QPS services. Relies on deterministic loadbalancing and is only supported with Random or RoundRobin. Expressed as a percentage of the connections required by active streams (e.g. 100 = 1.0 (no preconnect), 105 = 1.05× connections across the cluster, 200 = 2.00×). Minimum allowed value is 100. When both PerEndpointPercent and PredictivePercent are set Envoy ensures both are satisfied per host (max of the two).
format: int32
minimum: 100
socketBufferLimit object
SocketBufferLimit provides configuration for the maximum buffer size in bytes for each socket to backend. SocketBufferLimit applies to socket streaming channel between TCP/IP stacks, it's in kernel space. For example, 20Mi, 1Gi, 256Ki etc. Note that when the suffix is not provided, the value is interpreted as bytes.
dns object
DNS includes dns resolution settings.
dnsRefreshRate string
DNSRefreshRate specifies the rate at which DNS records should be refreshed. Defaults to 30 seconds.
pattern: ^([0-9]{1,5}(h|m|s|ms)){1,4}$
lookupFamily string
LookupFamily determines how Envoy would resolve DNS for Routes where the backend is specified as a fully qualified domain name (FQDN). If set, this configuration overrides other defaults.
enum: IPv4, IPv6, IPv4Preferred, IPv6Preferred, IPv4AndIPv6
respectDnsTtl boolean
RespectDNSTTL indicates whether the DNS Time-To-Live (TTL) should be respected. If the value is set to true, the DNS refresh rate will be set to the resource record’s TTL. Defaults to true.
faultInjection object
FaultInjection defines the fault injection policy to be applied. This configuration can be used to inject delays and abort requests to mimic failure scenarios such as service failures and overloads
abort object
If specified, the request will be aborted if it meets the configuration criteria.
grpcStatus integer
GrpcStatus specifies the GRPC status code to be returned
format: int32
httpStatus integer
StatusCode specifies the HTTP status code to be returned
format: int32
minimum: 200
maximum: 600
percentage number
Percentage specifies the percentage of requests to be aborted. Default 100%, if set 0, no requests will be aborted. Accuracy to 0.0001%.
delay object
If specified, a delay will be injected into the request.
fixedDelay string required
FixedDelay specifies the fixed delay duration
pattern: ^([0-9]{1,5}(h|m|s|ms)){1,4}$
percentage number
Percentage specifies the percentage of requests to be delayed. Default 100%, if set 0, no requests will be delayed. Accuracy to 0.0001%.
healthCheck object
HealthCheck allows gateway to perform active health checking on backends.
active object
Active health check configuration
grpc object
GRPC defines the configuration of the GRPC health checker. It's optional, and can only be used if the specified type is GRPC.
service string
Service to send in the health check request. If this is not specified, then the health check request applies to the entire server and not to a specific service.
healthyThreshold integer
HealthyThreshold defines the number of healthy health checks required before a backend host is marked healthy.
format: int32
minimum: 1
http object
HTTP defines the configuration of http health checker. It's required while the health checker type is HTTP.
expectedResponse object
ExpectedResponse defines a list of HTTP expected responses to match.
binary string
Binary payload base64 encoded.
format: byte
text string
Text payload in plain text.
type string required
Type defines the type of the payload.
expectedStatuses []integer
ExpectedStatuses defines a list of HTTP response statuses considered healthy. Defaults to 200 only
hostname string
Hostname defines the HTTP host that will be requested during health checking. Default: HTTPRoute or GRPCRoute hostname.
pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$
minLength: 1
maxLength: 253
method string
Method defines the HTTP method used for health checking. Defaults to GET
path string required
Path defines the HTTP path that will be requested during health checking.
minLength: 1
maxLength: 1024
initialJitter string
InitialJitter defines the maximum time Envoy will wait before the first health check. Envoy will randomly select a value between 0 and the initial jitter value.
pattern: ^([0-9]{1,5}(h|m|s|ms)){1,4}$
interval string
Interval defines the time between active health checks.
pattern: ^([0-9]{1,5}(h|m|s|ms)){1,4}$
tcp object
TCP defines the configuration of tcp health checker. It's required while the health checker type is TCP.
receive object
Receive defines the expected response payload.
binary string
Binary payload base64 encoded.
format: byte
text string
Text payload in plain text.
type string required
Type defines the type of the payload.
send object
Send defines the request payload.
binary string
Binary payload base64 encoded.
format: byte
text string
Text payload in plain text.
type string required
Type defines the type of the payload.
timeout string
Timeout defines the time to wait for a health check response.
pattern: ^([0-9]{1,5}(h|m|s|ms)){1,4}$
type string required
Type defines the type of health checker.
unhealthyThreshold integer
UnhealthyThreshold defines the number of unhealthy health checks required before a backend host is marked unhealthy.
format: int32
minimum: 1
panicThreshold integer
When number of unhealthy endpoints for a backend reaches this threshold Envoy will disregard health status and balance across all endpoints. It's designed to prevent a situation in which host failures cascade throughout the cluster as load increases. If not set, the default value is 50%. To disable panic mode, set value to `0`.
format: int32
minimum: 0
maximum: 100
passive object
Passive passive check configuration
baseEjectionTime string
BaseEjectionTime defines the base duration for which a host will be ejected on consecutive failures.
pattern: ^([0-9]{1,5}(h|m|s|ms)){1,4}$
consecutive5XxErrors integer
Consecutive5xxErrors sets the number of consecutive 5xx errors triggering ejection.
format: int32
consecutiveGatewayErrors integer
ConsecutiveGatewayErrors sets the number of consecutive gateway errors triggering ejection.
format: int32
consecutiveLocalOriginFailures integer
ConsecutiveLocalOriginFailures sets the number of consecutive local origin failures triggering ejection. Parameter takes effect only when split_external_local_origin_errors is set to true.
format: int32
failurePercentageThreshold integer
FailurePercentageThreshold sets the failure percentage threshold for outlier detection. If the failure percentage of a given host is greater than or equal to this value, it will be ejected. Defaults to 85.
format: int32
minimum: 0
maximum: 100
interval string
Interval defines the time between passive health checks.
pattern: ^([0-9]{1,5}(h|m|s|ms)){1,4}$
maxEjectionPercent integer
MaxEjectionPercent sets the maximum percentage of hosts in a cluster that can be ejected.
format: int32
splitExternalLocalOriginErrors boolean
SplitExternalLocalOriginErrors enables splitting of errors between external and local origin.
http2 object
HTTP2 provides HTTP/2 configuration for backend connections.
initialConnectionWindowSize object
InitialConnectionWindowSize sets the initial window size for HTTP/2 connections. If not set, the default value is 1 MiB.
initialStreamWindowSize object
InitialStreamWindowSize sets the initial window size for HTTP/2 streams. If not set, the default value is 64 KiB(64*1024).
maxConcurrentStreams integer
MaxConcurrentStreams sets the maximum number of concurrent streams allowed per connection. If not set, the default value is 100.
format: int32
minimum: 1
maximum: 2.147483647e+09
onInvalidMessage string
OnInvalidMessage determines if Envoy will terminate the connection or just the offending stream in the event of HTTP messaging error It's recommended for L2 Envoy deployments to set this value to TerminateStream. https://www.envoyproxy.io/docs/envoy/latest/configuration/best_practices/level_two Default: TerminateConnection
httpUpgrade []object
HTTPUpgrade defines the configuration for HTTP protocol upgrades. If not specified, the default upgrade configuration(websocket) will be used.
connect object
Connect specifies the configuration for the CONNECT config. This is allowed only when type is CONNECT.
terminate boolean
Terminate the CONNECT request, and forwards the payload as raw TCP data.
type string required
Type is the case-insensitive type of protocol upgrade. e.g. `websocket`, `CONNECT`, `spdy/3.1` etc.
loadBalancer object
LoadBalancer policy to apply when routing traffic from the gateway to the backend endpoints. Defaults to `LeastRequest`.
consistentHash object
ConsistentHash defines the configuration when the load balancer type is set to ConsistentHash
cookie object
Cookie configures the cookie hash policy when the consistent hash type is set to Cookie.
attributes object
Additional Attributes to set for the generated cookie.
name string required
Name of the cookie to hash. If this cookie does not exist in the request, Envoy will generate a cookie and set the TTL on the response back to the client based on Layer 4 attributes of the backend endpoint, to ensure that these future requests go to the same backend endpoint. Make sure to set the TTL field for this case.
ttl string
TTL of the generated cookie if the cookie is not present. This value sets the Max-Age attribute value.
pattern: ^([0-9]{1,5}(h|m|s|ms)){1,4}$
header object
Header configures the header hash policy when the consistent hash type is set to Header. Deprecated: use Headers instead
name string required
Name of the header to hash.
headers []object
Headers configures the header hash policy for each header, when the consistent hash type is set to Headers.
name string required
Name of the header to hash.
queryParams []object
QueryParams configures the query parameter hash policy when the consistent hash type is set to QueryParams.
name string required
Name of the query param to hash.
tableSize integer
The table size for consistent hashing, must be prime number limited to 5000011.
format: int64
minimum: 2
maximum: 5.000011e+06
type string required
ConsistentHashType defines the type of input to hash on. Valid Type values are "SourceIP", "Header", "Headers", "Cookie". "QueryParams".
enum: SourceIP, Header, Headers, Cookie, QueryParams
endpointOverride object
EndpointOverride defines the configuration for endpoint override. When specified, the load balancer will attempt to route requests to endpoints based on the override information extracted from request headers or metadata. If the override endpoints are not available, the configured load balancer policy will be used as fallback.
extractFrom []object required
ExtractFrom defines the sources to extract endpoint override information from.
minItems: 1
maxItems: 10
header string
Header defines the header to get the override endpoint addresses. The header value must specify at least one endpoint in `IP:Port` format or multiple endpoints in `IP:Port,IP:Port,...` format. For example `10.0.0.5:8080` or `[2600:4040:5204::1574:24ae]:80`. The IPv6 address is enclosed in square brackets.
slowStart object
SlowStart defines the configuration related to the slow start load balancer policy. If set, during slow start window, traffic sent to the newly added hosts will gradually increase. Currently this is only supported for RoundRobin and LeastRequest load balancers
window string required
Window defines the duration of the warm up period for newly added host. During slow start window, traffic sent to the newly added hosts will gradually increase. Currently only supports linear growth of traffic. For additional details, see https://www.envoyproxy.io/docs/envoy/latest/api-v3/config/cluster/v3/cluster.proto#config-cluster-v3-cluster-slowstartconfig
pattern: ^([0-9]{1,5}(h|m|s|ms)){1,4}$
type string required
Type decides the type of Load Balancer policy. Valid LoadBalancerType values are "ConsistentHash", "LeastRequest", "Random", "RoundRobin".
enum: ConsistentHash, LeastRequest, Random, RoundRobin
zoneAware object
ZoneAware defines the configuration related to the distribution of requests between locality zones.
preferLocal object
PreferLocalZone configures zone-aware routing to prefer sending traffic to the local locality zone.
force object
ForceLocalZone defines override configuration for forcing all traffic to stay within the local zone instead of the default behavior which maintains equal distribution among upstream endpoints while sending as much traffic as possible locally.
minEndpointsInZoneThreshold integer
MinEndpointsInZoneThreshold is the minimum number of upstream endpoints in the local zone required to honor the forceLocalZone override. This is useful for protecting zones with fewer endpoints.
format: int32
minEndpointsThreshold integer
MinEndpointsThreshold is the minimum number of total upstream endpoints across all zones required to enable zone-aware routing.
format: int64
percentageEnabled integer
Configures percentage of requests that will be considered for zone aware routing if zone aware routing is configured. If not specified, Envoy defaults to 100%.
format: int32
minimum: 0
maximum: 100
mergeType string
MergeType determines how this configuration is merged with existing BackendTrafficPolicy configurations targeting a parent resource. When set, this configuration will be merged into a parent BackendTrafficPolicy (i.e. the one targeting a Gateway or Listener). This field cannot be set when targeting a parent resource (Gateway). If unset, no merging occurs, and only the most specific configuration takes effect.
proxyProtocol object
ProxyProtocol enables the Proxy Protocol when communicating with the backend.
version string required
Version of ProxyProtol Valid ProxyProtocolVersion values are "V1" "V2"
enum: V1, V2
rateLimit object
RateLimit allows the user to limit the number of incoming requests to a predefined value based on attributes within the traffic flow.
global object
Global defines global rate limit configuration.
rules []object required
Rules are a list of RateLimit selectors and limits. Each rule and its associated limit is applied in a mutually exclusive way. If a request matches multiple rules, each of their associated limits get applied, so a single request might increase the rate limit counters for multiple rules if selected. The rate limit service will return a logical OR of the individual rate limit decisions of all matching rules. For example, if a request matches two rules, one rate limited and one not, the final decision will be to rate limit the request.
maxItems: 128
clientSelectors []object
ClientSelectors holds the list of select conditions to select specific clients using attributes from the traffic flow. All individual select conditions must hold True for this rule and its limit to be applied. If no client selectors are specified, the rule applies to all traffic of the targeted Route. If the policy targets a Gateway, the rule applies to each Route of the Gateway. Please note that each Route has its own rate limit counters. For example, if a Gateway has two Routes, and the policy has a rule with limit 10rps, each Route will have its own 10rps limit.
maxItems: 8
headers []object
Headers is a list of request headers to match. Multiple header values are ANDed together, meaning, a request MUST match all the specified headers.
maxItems: 16
invert boolean
Invert specifies whether the value match result will be inverted. Do not set this field when Type="Distinct", implying matching on any/all unique values within the header.
name string required
Name of the HTTP header. The header name is case-insensitive unless PreserveHeaderCase is set to true. For example, "Foo" and "foo" are considered the same header.
minLength: 1
maxLength: 256
type string
Type specifies how to match against the value of the header.
enum: Exact, RegularExpression, Distinct
value string
Value within the HTTP header. Do not set this field when Type="Distinct", implying matching on any/all unique values within the header.
maxLength: 1024
methods []object
Methods is a list of request methods to match. Multiple method values are ORed together, meaning, a request can match any one of the specified methods. If not specified, it matches all methods.
invert boolean
Invert specifies whether the value match result will be inverted.
value string required
Value specifies the HTTP method.
enum: GET, HEAD, POST, PUT, DELETE, CONNECT, OPTIONS, TRACE, PATCH
path object
Path is the request path to match. Support Exact, PathPrefix and RegularExpression match types.
invert boolean
Invert specifies whether the value match result will be inverted.
type string
Type specifies how to match against the value of the path.
enum: Exact, PathPrefix, RegularExpression
value string required
Value specifies the HTTP path.
maxLength: 1024
queryParams []object
QueryParams is a list of query parameters to match. Multiple query parameter values are ANDed together, meaning, a request MUST match all the specified query parameters.
maxItems: 16
invert boolean
Invert specifies whether the value match result will be inverted. Do not set this field when Type="Distinct", implying matching on any/all unique values within the query parameter.
name string required
Name of the query parameter.
minLength: 1
maxLength: 256
type string
Type specifies how to match against the value of the query parameter.
enum: Exact, RegularExpression, Distinct
value string
Value of the query parameter. Do not set this field when Type="Distinct", implying matching on any/all unique values within the query parameter.
maxLength: 1024
sourceCIDR object
SourceCIDR is the client IP Address range to match on.
type string
enum: Exact, Distinct
value string required
Value is the IP CIDR that represents the range of Source IP Addresses of the client. These could also be the intermediate addresses through which the request has flown through and is part of the `X-Forwarded-For` header. For example, `192.168.0.1/32`, `192.168.0.0/24`, `001:db8::/64`.
minLength: 1
maxLength: 256
cost object
Cost specifies the cost of requests and responses for the rule. This is optional and if not specified, the default behavior is to reduce the rate limit counters by 1 on the request path and do not reduce the rate limit counters on the response path.
request object
Request specifies the number to reduce the rate limit counters on the request path. If this is not specified, the default behavior is to reduce the rate limit counters by 1. When Envoy receives a request that matches the rule, it tries to reduce the rate limit counters by the specified number. If the counter doesn't have enough capacity, the request is rate limited.
from string required
From specifies where to get the rate limit cost. Currently, only "Number" and "Metadata" are supported.
enum: Number, Metadata
metadata object
Metadata specifies the per-request metadata to retrieve the usage number from.
key string required
Key is the key to retrieve the usage number from the filter metadata.
namespace string required
Namespace is the namespace of the dynamic metadata.
number integer
Number specifies the fixed usage number to reduce the rate limit counters. Using zero can be used to only check the rate limit counters without reducing them.
format: int64
response object
Response specifies the number to reduce the rate limit counters after the response is sent back to the client or the request stream is closed. The cost is used to reduce the rate limit counters for the matching requests. Since the reduction happens after the request stream is complete, the rate limit won't be enforced for the current request, but for the subsequent matching requests. This is optional and if not specified, the rate limit counters are not reduced on the response path. Currently, this is only supported for HTTP Global Rate Limits.
from string required
From specifies where to get the rate limit cost. Currently, only "Number" and "Metadata" are supported.
enum: Number, Metadata
metadata object
Metadata specifies the per-request metadata to retrieve the usage number from.
key string required
Key is the key to retrieve the usage number from the filter metadata.
namespace string required
Namespace is the namespace of the dynamic metadata.
number integer
Number specifies the fixed usage number to reduce the rate limit counters. Using zero can be used to only check the rate limit counters without reducing them.
format: int64
limit object required
Limit holds the rate limit values. This limit is applied for traffic flows when the selectors compute to True, causing the request to be counted towards the limit. The limit is enforced and the request is ratelimited, i.e. a response with 429 HTTP status code is sent back to the client when the selected requests have reached the limit.
requests integer required
unit string required
RateLimitUnit specifies the intervals for setting rate limits. Valid RateLimitUnit values are "Second", "Minute", "Hour", "Day", "Month" and "Year".
enum: Second, Minute, Hour, Day, Month, Year
shadowMode boolean
ShadowMode indicates whether this rate-limit rule runs in shadow mode. When enabled, all rate-limiting operations are performed (cache lookups, counter updates, telemetry generation), but the outcome is never enforced. The request always succeeds, even if the configured limit is exceeded. Only supported for Global Rate Limits.
shared boolean
Shared determines whether this rate limit rule applies across all the policy targets. If set to true, the rule is treated as a common bucket and is shared across all policy targets (xRoutes). Default: false.
local object
Local defines local rate limit configuration.
rules []object
Rules are a list of RateLimit selectors and limits. If a request matches multiple rules, the strictest limit is applied. For example, if a request matches two rules, one with 10rps and one with 20rps, the final limit will be based on the rule with 10rps.
maxItems: 16
clientSelectors []object
ClientSelectors holds the list of select conditions to select specific clients using attributes from the traffic flow. All individual select conditions must hold True for this rule and its limit to be applied. If no client selectors are specified, the rule applies to all traffic of the targeted Route. If the policy targets a Gateway, the rule applies to each Route of the Gateway. Please note that each Route has its own rate limit counters. For example, if a Gateway has two Routes, and the policy has a rule with limit 10rps, each Route will have its own 10rps limit.
maxItems: 8
headers []object
Headers is a list of request headers to match. Multiple header values are ANDed together, meaning, a request MUST match all the specified headers.
maxItems: 16
invert boolean
Invert specifies whether the value match result will be inverted. Do not set this field when Type="Distinct", implying matching on any/all unique values within the header.
name string required
Name of the HTTP header. The header name is case-insensitive unless PreserveHeaderCase is set to true. For example, "Foo" and "foo" are considered the same header.
minLength: 1
maxLength: 256
type string
Type specifies how to match against the value of the header.
enum: Exact, RegularExpression, Distinct
value string
Value within the HTTP header. Do not set this field when Type="Distinct", implying matching on any/all unique values within the header.
maxLength: 1024
methods []object
Methods is a list of request methods to match. Multiple method values are ORed together, meaning, a request can match any one of the specified methods. If not specified, it matches all methods.
invert boolean
Invert specifies whether the value match result will be inverted.
value string required
Value specifies the HTTP method.
enum: GET, HEAD, POST, PUT, DELETE, CONNECT, OPTIONS, TRACE, PATCH
path object
Path is the request path to match. Support Exact, PathPrefix and RegularExpression match types.
invert boolean
Invert specifies whether the value match result will be inverted.
type string
Type specifies how to match against the value of the path.
enum: Exact, PathPrefix, RegularExpression
value string required
Value specifies the HTTP path.
maxLength: 1024
queryParams []object
QueryParams is a list of query parameters to match. Multiple query parameter values are ANDed together, meaning, a request MUST match all the specified query parameters.
maxItems: 16
invert boolean
Invert specifies whether the value match result will be inverted. Do not set this field when Type="Distinct", implying matching on any/all unique values within the query parameter.
name string required
Name of the query parameter.
minLength: 1
maxLength: 256
type string
Type specifies how to match against the value of the query parameter.
enum: Exact, RegularExpression, Distinct
value string
Value of the query parameter. Do not set this field when Type="Distinct", implying matching on any/all unique values within the query parameter.
maxLength: 1024
sourceCIDR object
SourceCIDR is the client IP Address range to match on.
type string
enum: Exact, Distinct
value string required
Value is the IP CIDR that represents the range of Source IP Addresses of the client. These could also be the intermediate addresses through which the request has flown through and is part of the `X-Forwarded-For` header. For example, `192.168.0.1/32`, `192.168.0.0/24`, `001:db8::/64`.
minLength: 1
maxLength: 256
cost object
Cost specifies the cost of requests and responses for the rule. This is optional and if not specified, the default behavior is to reduce the rate limit counters by 1 on the request path and do not reduce the rate limit counters on the response path.
request object
Request specifies the number to reduce the rate limit counters on the request path. If this is not specified, the default behavior is to reduce the rate limit counters by 1. When Envoy receives a request that matches the rule, it tries to reduce the rate limit counters by the specified number. If the counter doesn't have enough capacity, the request is rate limited.
from string required
From specifies where to get the rate limit cost. Currently, only "Number" and "Metadata" are supported.
enum: Number, Metadata
metadata object
Metadata specifies the per-request metadata to retrieve the usage number from.
key string required
Key is the key to retrieve the usage number from the filter metadata.
namespace string required
Namespace is the namespace of the dynamic metadata.
number integer
Number specifies the fixed usage number to reduce the rate limit counters. Using zero can be used to only check the rate limit counters without reducing them.
format: int64
response object
Response specifies the number to reduce the rate limit counters after the response is sent back to the client or the request stream is closed. The cost is used to reduce the rate limit counters for the matching requests. Since the reduction happens after the request stream is complete, the rate limit won't be enforced for the current request, but for the subsequent matching requests. This is optional and if not specified, the rate limit counters are not reduced on the response path. Currently, this is only supported for HTTP Global Rate Limits.
from string required
From specifies where to get the rate limit cost. Currently, only "Number" and "Metadata" are supported.
enum: Number, Metadata
metadata object
Metadata specifies the per-request metadata to retrieve the usage number from.
key string required
Key is the key to retrieve the usage number from the filter metadata.
namespace string required
Namespace is the namespace of the dynamic metadata.
number integer
Number specifies the fixed usage number to reduce the rate limit counters. Using zero can be used to only check the rate limit counters without reducing them.
format: int64
limit object required
Limit holds the rate limit values. This limit is applied for traffic flows when the selectors compute to True, causing the request to be counted towards the limit. The limit is enforced and the request is ratelimited, i.e. a response with 429 HTTP status code is sent back to the client when the selected requests have reached the limit.
requests integer required
unit string required
RateLimitUnit specifies the intervals for setting rate limits. Valid RateLimitUnit values are "Second", "Minute", "Hour", "Day", "Month" and "Year".
enum: Second, Minute, Hour, Day, Month, Year
shadowMode boolean
ShadowMode indicates whether this rate-limit rule runs in shadow mode. When enabled, all rate-limiting operations are performed (cache lookups, counter updates, telemetry generation), but the outcome is never enforced. The request always succeeds, even if the configured limit is exceeded. Only supported for Global Rate Limits.
shared boolean
Shared determines whether this rate limit rule applies across all the policy targets. If set to true, the rule is treated as a common bucket and is shared across all policy targets (xRoutes). Default: false.
type string
Type decides the scope for the RateLimits. Valid RateLimitType values are "Global" or "Local". Deprecated: Use Global and/or Local fields directly instead. Both can be specified simultaneously for combined rate limiting.
enum: Global, Local
requestBuffer object
RequestBuffer allows the gateway to buffer and fully receive each request from a client before continuing to send the request upstream to the backends. This can be helpful to shield your backend servers from slow clients, and also to enforce a maximum size per request as any requests larger than the buffer size will be rejected. This can have a negative performance impact so should only be enabled when necessary. When enabling this option, you should also configure your connection buffer size to account for these request buffers. There will also be an increase in memory usage for Envoy that should be accounted for in your deployment settings.
limit object
Limit specifies the maximum allowed size in bytes for each incoming request buffer. If exceeded, the request will be rejected with HTTP 413 Content Too Large. Accepts values in resource.Quantity format (e.g., "10Mi", "500Ki").
responseOverride []object
ResponseOverride defines the configuration to override specific responses with a custom one. If multiple configurations are specified, the first one to match wins.
match object required
Match configuration.
statusCodes []object required
Status code to match on. The match evaluates to true if any of the matches are successful.
minItems: 1
maxItems: 50
range object
Range contains the range of status codes.
end integer required
End of the range, including the end value.
start integer required
Start of the range, including the start value.
type string required
Type is the type of value. Valid values are Value and Range, default is Value.
value integer
Value contains the value of the status code.
redirect object
Redirect configuration
hostname string
Hostname is the hostname to be used in the value of the `Location` header in the response. When empty, the hostname in the `Host` header of the request is used.
pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$
minLength: 1
maxLength: 253
path object
Path defines parameters used to modify the path of the incoming request. The modified path is then used to construct the `Location` header. When empty, the request path is used as-is. Only ReplaceFullPath path modifier is supported currently.
replaceFullPath string
ReplaceFullPath specifies the value with which to replace the full path of a request during a rewrite or redirect.
maxLength: 1024
replacePrefixMatch string
ReplacePrefixMatch specifies the value with which to replace the prefix match of a request during a rewrite or redirect. For example, a request to "/foo/bar" with a prefix match of "/foo" and a ReplacePrefixMatch of "/xyz" would be modified to "/xyz/bar". Note that this matches the behavior of the PathPrefix match type. This matches full path elements. A path element refers to the list of labels in the path split by the `/` separator. When specified, a trailing `/` is ignored. For example, the paths `/abc`, `/abc/`, and `/abc/def` would all match the prefix `/abc`, but the path `/abcd` would not. ReplacePrefixMatch is only compatible with a `PathPrefix` HTTPRouteMatch. Using any other HTTPRouteMatch type on the same HTTPRouteRule will result in the implementation setting the Accepted Condition for the Route to `status: False`. Request Path | Prefix Match | Replace Prefix | Modified Path
maxLength: 1024
type string required
Type defines the type of path modifier. Additional types may be added in a future release of the API. Note that values may be added to this enum, implementations must ensure that unknown values will not cause a crash. Unknown values here must result in the implementation setting the Accepted Condition for the Route to `status: False`, with a Reason of `UnsupportedValue`.
enum: ReplaceFullPath, ReplacePrefixMatch
port integer
Port is the port to be used in the value of the `Location` header in the response. If redirect scheme is not-empty, the well-known port associated with the redirect scheme will be used. Specifically "http" to port 80 and "https" to port 443. If the redirect scheme does not have a well-known port or redirect scheme is empty, the listener port of the Gateway will be used. Port will not be added in the 'Location' header if scheme is HTTP and port is 80 or scheme is HTTPS and port is 443.
format: int32
scheme string
Scheme is the scheme to be used in the value of the `Location` header in the response. When empty, the scheme of the request is used.
enum: http, https
statusCode integer
StatusCode is the HTTP status code to be used in response.
enum: 301, 302
response object
Response configuration.
body object
Body of the Custom Response Supports Envoy command operators for dynamic content (see https://www.envoyproxy.io/docs/envoy/latest/configuration/observability/access_log/usage#command-operators).
inline string
Inline contains the value as an inline string.
type string required
Type is the type of method to use to read the body value. Valid values are Inline and ValueRef, default is Inline.
valueRef object
ValueRef contains the contents of the body specified as a local object reference. Only a reference to ConfigMap is supported. The value of key `response.body` in the ConfigMap will be used as the response body. If the key is not found, the first value in the ConfigMap will be used.
group string required
Group is the group of the referent. For example, "gateway.networking.k8s.io". When unspecified or empty string, core API group is inferred.
pattern: ^$|^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$
maxLength: 253
kind string required
Kind is kind of the referent. For example "HTTPRoute" or "Service".
pattern: ^[a-zA-Z]([-a-zA-Z0-9]*[a-zA-Z0-9])?$
minLength: 1
maxLength: 63
name string required
Name is the name of the referent.
minLength: 1
maxLength: 253
contentType string
Content Type of the response. This will be set in the Content-Type header.
header object
Header defines headers to add, set or remove from the response. This allows the response policy to append, add or override headers of the final response before it is sent to a downstream client. Note: Header removal is not supported for responseOverride.
add []object
Add adds the given header(s) (name, value) to the request before the action. It appends to any existing values associated with the header name. Input: GET /foo HTTP/1.1 my-header: foo Config: add: - name: "my-header" value: "bar,baz" Output: GET /foo HTTP/1.1 my-header: foo,bar,baz
maxItems: 16
name string required
Name is the name of the HTTP Header to be matched. Name matching MUST be case-insensitive. (See https://tools.ietf.org/html/rfc7230#section-3.2). If multiple entries specify equivalent header names, the first entry with an equivalent name MUST be considered for a match. Subsequent entries with an equivalent header name MUST be ignored. Due to the case-insensitivity of header names, "foo" and "Foo" are considered equivalent.
pattern: ^[A-Za-z0-9!#$%&'*+\-.^_\x60|~]+$
minLength: 1
maxLength: 256
value string required
Value is the value of HTTP Header to be matched.
minLength: 1
maxLength: 4096
remove []string
Remove the given header(s) from the HTTP request before the action. The value of Remove is a list of HTTP header names. Note that the header names are case-insensitive (see https://datatracker.ietf.org/doc/html/rfc2616#section-4.2). Input: GET /foo HTTP/1.1 my-header1: foo my-header2: bar my-header3: baz Config: remove: ["my-header1", "my-header3"] Output: GET /foo HTTP/1.1 my-header2: bar
maxItems: 16
set []object
Set overwrites the request with the given header (name, value) before the action. Input: GET /foo HTTP/1.1 my-header: foo Config: set: - name: "my-header" value: "bar" Output: GET /foo HTTP/1.1 my-header: bar
maxItems: 16
name string required
Name is the name of the HTTP Header to be matched. Name matching MUST be case-insensitive. (See https://tools.ietf.org/html/rfc7230#section-3.2). If multiple entries specify equivalent header names, the first entry with an equivalent name MUST be considered for a match. Subsequent entries with an equivalent header name MUST be ignored. Due to the case-insensitivity of header names, "foo" and "Foo" are considered equivalent.
pattern: ^[A-Za-z0-9!#$%&'*+\-.^_\x60|~]+$
minLength: 1
maxLength: 256
value string required
Value is the value of HTTP Header to be matched.
minLength: 1
maxLength: 4096
statusCode integer
Status Code of the Custom Response If unset, does not override the status of response.
retry object
Retry provides more advanced usage, allowing users to customize the number of retries, retry fallback strategy, and retry triggering conditions. If not set, retry will be disabled.
numAttemptsPerPriority integer
NumAttemptsPerPriority defines the number of requests (initial attempt + retries) that should be sent to the same priority before switching to a different one. If not specified or set to 0, all requests are sent to the highest priority that is healthy.
format: int32
numRetries integer
NumRetries is the number of retries to be attempted. Defaults to 2.
format: int32
minimum: 0
perRetry object
PerRetry is the retry policy to be applied per retry attempt.
backOff object
Backoff is the backoff policy to be applied per retry attempt. gateway uses a fully jittered exponential back-off algorithm for retries. For additional details, see https://www.envoyproxy.io/docs/envoy/latest/configuration/http/http_filters/router_filter#config-http-filters-router-x-envoy-max-retries
baseInterval string
BaseInterval is the base interval between retries.
pattern: ^([0-9]{1,5}(h|m|s|ms)){1,4}$
maxInterval string
MaxInterval is the maximum interval between retries. This parameter is optional, but must be greater than or equal to the base_interval if set. The default is 10 times the base_interval
pattern: ^([0-9]{1,5}(h|m|s|ms)){1,4}$
timeout string
Timeout is the timeout per retry attempt.
pattern: ^([0-9]{1,5}(h|m|s|ms)){1,4}$
retryOn object
RetryOn specifies the retry trigger condition. If not specified, the default is to retry on connect-failure,refused-stream,unavailable,cancelled,retriable-status-codes(503).
httpStatusCodes []integer
HttpStatusCodes specifies the http status codes to be retried. The retriable-status-codes trigger must also be configured for these status codes to trigger a retry.
triggers []string
Triggers specifies the retry trigger condition(Http/Grpc).
routingType string
RoutingType can be set to "Service" to use the Service Cluster IP for routing to the backend, or it can be set to "Endpoint" to use Endpoint routing. When specified, this overrides the EnvoyProxy-level setting for the relevant targeRefs. If not specified, the EnvoyProxy-level setting is used.
targetRef object
TargetRef is the name of the resource this policy is being attached to. This policy and the TargetRef MUST be in the same namespace for this Policy to have effect Deprecated: use targetRefs/targetSelectors instead
group string required
Group is the group of the target resource.
pattern: ^$|^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$
maxLength: 253
kind string required
Kind is kind of the target resource.
pattern: ^[a-zA-Z]([-a-zA-Z0-9]*[a-zA-Z0-9])?$
minLength: 1
maxLength: 63
name string required
Name is the name of the target resource.
minLength: 1
maxLength: 253
sectionName string
SectionName is the name of a section within the target resource. When unspecified, this targetRef targets the entire resource. In the following resources, SectionName is interpreted as the following: * Gateway: Listener name * HTTPRoute: HTTPRouteRule name * Service: Port name If a SectionName is specified, but does not exist on the targeted object, the Policy must fail to attach, and the policy implementation should record a `ResolvedRefs` or similar Condition in the Policy's status.
pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$
minLength: 1
maxLength: 253
targetRefs []object
TargetRefs are the names of the Gateway resources this policy is being attached to.
group string required
Group is the group of the target resource.
pattern: ^$|^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$
maxLength: 253
kind string required
Kind is kind of the target resource.
pattern: ^[a-zA-Z]([-a-zA-Z0-9]*[a-zA-Z0-9])?$
minLength: 1
maxLength: 63
name string required
Name is the name of the target resource.
minLength: 1
maxLength: 253
sectionName string
SectionName is the name of a section within the target resource. When unspecified, this targetRef targets the entire resource. In the following resources, SectionName is interpreted as the following: * Gateway: Listener name * HTTPRoute: HTTPRouteRule name * Service: Port name If a SectionName is specified, but does not exist on the targeted object, the Policy must fail to attach, and the policy implementation should record a `ResolvedRefs` or similar Condition in the Policy's status.
pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$
minLength: 1
maxLength: 253
targetSelectors []object
TargetSelectors allow targeting resources for this policy based on labels
group string
Group is the group that this selector targets. Defaults to gateway.networking.k8s.io
pattern: ^$|^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$
maxLength: 253
kind string required
Kind is the resource kind that this selector targets.
pattern: ^[a-zA-Z]([-a-zA-Z0-9]*[a-zA-Z0-9])?$
minLength: 1
maxLength: 63
matchExpressions []object
MatchExpressions is a list of label selector requirements. The requirements are ANDed.
key string required
key is the label key that the selector applies to.
operator string required
operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist.
values []string
values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch.
matchLabels object
MatchLabels are the set of label selectors for identifying the targeted resource
tcpKeepalive object
TcpKeepalive settings associated with the upstream client connection. Disabled by default.
idleTime string
The duration a connection needs to be idle before keep-alive probes start being sent. The duration format is Defaults to `7200s`.
pattern: ^([0-9]{1,5}(h|m|s|ms)){1,4}$
interval string
The duration between keep-alive probes. Defaults to `75s`.
pattern: ^([0-9]{1,5}(h|m|s|ms)){1,4}$
probes integer
The total number of unacknowledged probes to send before deciding the connection is dead. Defaults to 9.
format: int32
telemetry object
Telemetry configures the telemetry settings for the policy target (Gateway or xRoute). This will override the telemetry settings in the EnvoyProxy resource.
metrics object
Metrics defines metrics configuration for the backend or Route.
routeStatName string
RouteStatName defines the value of the Route stat_prefix, determining how the route stats are named. For more details, see envoy docs: https://www.envoyproxy.io/docs/envoy/latest/api-v3/config/route/v3/route_components.proto#config-route-v3-route The supported operators for this pattern are: %ROUTE_NAME%: name of Gateway API xRoute resource %ROUTE_NAMESPACE%: namespace of Gateway API xRoute resource %ROUTE_KIND%: kind of Gateway API xRoute resource Example: %ROUTE_KIND%/%ROUTE_NAMESPACE%/%ROUTE_NAME% => httproute/my-ns/my-route Disabled by default.
tracing object
Tracing configures the tracing settings for the backend or HTTPRoute. This takes precedence over EnvoyProxy tracing when set.
customTags object
CustomTags defines the custom tags to add to each span. If provider is kubernetes, pod name and namespace are added by default. Deprecated: Use Tags instead.
samplingFraction object
SamplingFraction represents the fraction of requests that should be selected for tracing if no prior sampling decision has been made.
denominator integer
format: int32
minimum: 1
numerator integer required
format: int32
minimum: 0
spanName object
SpanName defines the name of the span which will be used for tracing. Envoy [command operators](https://www.envoyproxy.io/docs/envoy/latest/configuration/observability/access_log/usage#command-operators) may be used in the value. The [format string documentation](https://www.envoyproxy.io/docs/envoy/latest/configuration/observability/access_log/usage#config-access-log-format-strings) provides more information. If not set, the span name is provider specific. e.g. Datadog use `ingress` as the default client span name, and `router <UPSTREAM_CLUSTER> egress` as the server span name.
client string required
Client defines operation name of the span which will be used for tracing.
server string required
Server defines the operation name of the upstream span which will be used for tracing.
tags object
Tags defines the custom tags to add to each span. Envoy [command operators](https://www.envoyproxy.io/docs/envoy/latest/configuration/observability/access_log/usage#command-operators) may be used in the value. The [format string documentation](https://www.envoyproxy.io/docs/envoy/latest/configuration/observability/access_log/usage#config-access-log-format-strings) provides more information. If provider is kubernetes, pod name and namespace are added by default. Same keys take precedence over CustomTags.
timeout object
Timeout settings for the backend connections.
http object
Timeout settings for HTTP.
connectionIdleTimeout string
The idle timeout for an HTTP connection. Idle time is defined as a period in which there are no active requests in the connection. Default: 1 hour.
pattern: ^([0-9]{1,5}(h|m|s|ms)){1,4}$
maxConnectionDuration string
The maximum duration of an HTTP connection. Default: unlimited.
pattern: ^([0-9]{1,5}(h|m|s|ms)){1,4}$
maxStreamDuration string
MaxStreamDuration is the maximum duration for a stream to complete. This timeout measures the time from when the request is sent until the response stream is fully consumed and does not apply to non-streaming requests. When set to "0s", no max duration is applied and streams can run indefinitely.
pattern: ^([0-9]{1,5}(h|m|s|ms)){1,4}$
requestTimeout string
RequestTimeout is the time until which entire response is received from the upstream.
pattern: ^([0-9]{1,5}(h|m|s|ms)){1,4}$
tcp object
Timeout settings for TCP.
connectTimeout string
The timeout for network connection establishment, including TCP and TLS handshakes. Default: 10 seconds.
pattern: ^([0-9]{1,5}(h|m|s|ms)){1,4}$
useClientProtocol boolean
UseClientProtocol configures Envoy to prefer sending requests to backends using the same HTTP protocol that the incoming request used. Defaults to false, which means that Envoy will use the protocol indicated by the attached BackendRef.
status object
status defines the current status of BackendTrafficPolicy.
ancestors []object required
Ancestors is a list of ancestor resources (usually Gateways) that are associated with the policy, and the status of the policy with respect to each ancestor. When this policy attaches to a parent, the controller that manages the parent and the ancestors MUST add an entry to this list when the controller first sees the policy and SHOULD update the entry as appropriate when the relevant ancestor is modified. Note that choosing the relevant ancestor is left to the Policy designers; an important part of Policy design is designing the right object level at which to namespace this status. Note also that implementations MUST ONLY populate ancestor status for the Ancestor resources they are responsible for. Implementations MUST use the ControllerName field to uniquely identify the entries in this list that they are responsible for. Note that to achieve this, the list of PolicyAncestorStatus structs MUST be treated as a map with a composite key, made up of the AncestorRef and ControllerName fields combined. A maximum of 16 ancestors will be represented in this list. An empty list means the Policy is not relevant for any ancestors. If this slice is full, implementations MUST NOT add further entries. Instead they MUST consider the policy unimplementable and signal that on any related resources such as the ancestor that would be referenced here. For example, if this list was full on BackendTLSPolicy, no additional Gateways would be able to reference the Service targeted by the BackendTLSPolicy.
maxItems: 16
ancestorRef object required
AncestorRef corresponds with a ParentRef in the spec that this PolicyAncestorStatus struct describes the status of.
group string
Group is the group of the referent. When unspecified, "gateway.networking.k8s.io" is inferred. To set the core API group (such as for a "Service" kind referent), Group must be explicitly set to "" (empty string). Support: Core
pattern: ^$|^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$
maxLength: 253
kind string
Kind is kind of the referent. There are two kinds of parent resources with "Core" support: * Gateway (Gateway conformance profile) * Service (Mesh conformance profile, ClusterIP Services only) Support for other resources is Implementation-Specific.
pattern: ^[a-zA-Z]([-a-zA-Z0-9]*[a-zA-Z0-9])?$
minLength: 1
maxLength: 63
name string required
Name is the name of the referent. Support: Core
minLength: 1
maxLength: 253
namespace string
Namespace is the namespace of the referent. When unspecified, this refers to the local namespace of the Route. Note that there are specific rules for ParentRefs which cross namespace boundaries. Cross-namespace references are only valid if they are explicitly allowed by something in the namespace they are referring to. For example: Gateway has the AllowedRoutes field, and ReferenceGrant provides a generic way to enable any other kind of cross-namespace reference. <gateway:experimental:description> ParentRefs from a Route to a Service in the same namespace are "producer" routes, which apply default routing rules to inbound connections from any namespace to the Service. ParentRefs from a Route to a Service in a different namespace are "consumer" routes, and these routing rules are only applied to outbound connections originating from the same namespace as the Route, for which the intended destination of the connections are a Service targeted as a ParentRef of the Route. </gateway:experimental:description> Support: Core
pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$
minLength: 1
maxLength: 63
port integer
Port is the network port this Route targets. It can be interpreted differently based on the type of parent resource. When the parent resource is a Gateway, this targets all listeners listening on the specified port that also support this kind of Route(and select this Route). It's not recommended to set `Port` unless the networking behaviors specified in a Route must apply to a specific port as opposed to a listener(s) whose port(s) may be changed. When both Port and SectionName are specified, the name and port of the selected listener must match both specified values. <gateway:experimental:description> When the parent resource is a Service, this targets a specific port in the Service spec. When both Port (experimental) and SectionName are specified, the name and port of the selected port must match both specified values. </gateway:experimental:description> Implementations MAY choose to support other parent resources. Implementations supporting other types of parent resources MUST clearly document how/if Port is interpreted. For the purpose of status, an attachment is considered successful as long as the parent resource accepts it partially. For example, Gateway listeners can restrict which Routes can attach to them by Route kind, namespace, or hostname. If 1 of 2 Gateway listeners accept attachment from the referencing Route, the Route MUST be considered successfully attached. If no Gateway listeners accept attachment from this Route, the Route MUST be considered detached from the Gateway. Support: Extended
format: int32
minimum: 1
maximum: 65535
sectionName string
SectionName is the name of a section within the target resource. In the following resources, SectionName is interpreted as the following: * Gateway: Listener name. When both Port (experimental) and SectionName are specified, the name and port of the selected listener must match both specified values. * Service: Port name. When both Port (experimental) and SectionName are specified, the name and port of the selected listener must match both specified values. Implementations MAY choose to support attaching Routes to other resources. If that is the case, they MUST clearly document how SectionName is interpreted. When unspecified (empty string), this will reference the entire resource. For the purpose of status, an attachment is considered successful if at least one section in the parent resource accepts it. For example, Gateway listeners can restrict which Routes can attach to them by Route kind, namespace, or hostname. If 1 of 2 Gateway listeners accept attachment from the referencing Route, the Route MUST be considered successfully attached. If no Gateway listeners accept attachment from this Route, the Route MUST be considered detached from the Gateway. Support: Core
pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$
minLength: 1
maxLength: 253
conditions []object required
Conditions describes the status of the Policy with respect to the given Ancestor. <gateway:util:excludeFromCRD> Notes for implementors: Conditions are a listType `map`, which means that they function like a map with a key of the `type` field _in the k8s apiserver_. This means that implementations must obey some rules when updating this section. * Implementations MUST perform a read-modify-write cycle on this field before modifying it. That is, when modifying this field, implementations must be confident they have fetched the most recent version of this field, and ensure that changes they make are on that recent version. * Implementations MUST NOT remove or reorder Conditions that they are not directly responsible for. For example, if an implementation sees a Condition with type `special.io/SomeField`, it MUST NOT remove, change or update that Condition. * Implementations MUST always _merge_ changes into Conditions of the same Type, rather than creating more than one Condition of the same Type. * Implementations MUST always update the `observedGeneration` field of the Condition to the `metadata.generation` of the Gateway at the time of update creation. * If the `observedGeneration` of a Condition is _greater than_ the value the implementation knows about, then it MUST NOT perform the update on that Condition, but must wait for a future reconciliation and status update. (The assumption is that the implementation's copy of the object is stale and an update will be re-triggered if relevant.) </gateway:util:excludeFromCRD>
minItems: 1
maxItems: 8
lastTransitionTime string required
lastTransitionTime is the last time the condition transitioned from one status to another. This should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable.
format: date-time
message string required
message is a human readable message indicating details about the transition. This may be an empty string.
maxLength: 32768
observedGeneration integer
observedGeneration represents the .metadata.generation that the condition was set based upon. For instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date with respect to the current state of the instance.
format: int64
minimum: 0
reason string required
reason contains a programmatic identifier indicating the reason for the condition's last transition. Producers of specific condition types may define expected values and meanings for this field, and whether the values are considered a guaranteed API. The value should be a CamelCase string. This field may not be empty.
pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$
minLength: 1
maxLength: 1024
status string required
status of the condition, one of True, False, Unknown.
enum: True, False, Unknown
type string required
type of condition in CamelCase or in foo.example.com/CamelCase.
pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$
maxLength: 316
controllerName string required
ControllerName is a domain/path string that indicates the name of the controller that wrote this status. This corresponds with the controllerName field on GatewayClass. Example: "example.net/gateway-controller". The format of this field is DOMAIN "/" PATH, where DOMAIN and PATH are valid Kubernetes names (https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names). Controllers MUST populate this field when writing status. Controllers should ensure that entries to status populated with their ControllerName are cleaned up when they are no longer necessary.
pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*\/[A-Za-z0-9\/\-._~%!$&'()*+,;=:]+$
minLength: 1
maxLength: 253
Copied!