Skip to content

projectcontour.v1.httpProxy

"HTTPProxy is an Ingress CRD specification."

Index

Fields

fn new

new(name)

new returns an instance of HTTPProxy

obj metadata

"ObjectMeta is metadata that all persisted resources must have, which includes all objects users must create."

fn metadata.withAnnotations

withAnnotations(annotations)

"Annotations is an unstructured key value map stored with a resource that may be set by external tools to store and retrieve arbitrary metadata. They are not queryable and should be preserved when modifying objects. More info: http://kubernetes.io/docs/user-guide/annotations"

fn metadata.withAnnotationsMixin

withAnnotationsMixin(annotations)

"Annotations is an unstructured key value map stored with a resource that may be set by external tools to store and retrieve arbitrary metadata. They are not queryable and should be preserved when modifying objects. More info: http://kubernetes.io/docs/user-guide/annotations"

Note: This function appends passed data to existing values

fn metadata.withClusterName

withClusterName(clusterName)

"The name of the cluster which the object belongs to. This is used to distinguish resources with same name and namespace in different clusters. This field is not set anywhere right now and apiserver is going to ignore it if set in create or update request."

fn metadata.withCreationTimestamp

withCreationTimestamp(creationTimestamp)

"Time is a wrapper around time.Time which supports correct marshaling to YAML and JSON. Wrappers are provided for many of the factory methods that the time package offers."

fn metadata.withDeletionGracePeriodSeconds

withDeletionGracePeriodSeconds(deletionGracePeriodSeconds)

"Number of seconds allowed for this object to gracefully terminate before it will be removed from the system. Only set when deletionTimestamp is also set. May only be shortened. Read-only."

fn metadata.withDeletionTimestamp

withDeletionTimestamp(deletionTimestamp)

"Time is a wrapper around time.Time which supports correct marshaling to YAML and JSON. Wrappers are provided for many of the factory methods that the time package offers."

fn metadata.withFinalizers

withFinalizers(finalizers)

"Must be empty before the object is deleted from the registry. Each entry is an identifier for the responsible component that will remove the entry from the list. If the deletionTimestamp of the object is non-nil, entries in this list can only be removed. Finalizers may be processed and removed in any order. Order is NOT enforced because it introduces significant risk of stuck finalizers. finalizers is a shared field, any actor with permission can reorder it. If the finalizer list is processed in order, then this can lead to a situation in which the component responsible for the first finalizer in the list is waiting for a signal (field value, external system, or other) produced by a component responsible for a finalizer later in the list, resulting in a deadlock. Without enforced ordering finalizers are free to order amongst themselves and are not vulnerable to ordering changes in the list."

fn metadata.withFinalizersMixin

withFinalizersMixin(finalizers)

"Must be empty before the object is deleted from the registry. Each entry is an identifier for the responsible component that will remove the entry from the list. If the deletionTimestamp of the object is non-nil, entries in this list can only be removed. Finalizers may be processed and removed in any order. Order is NOT enforced because it introduces significant risk of stuck finalizers. finalizers is a shared field, any actor with permission can reorder it. If the finalizer list is processed in order, then this can lead to a situation in which the component responsible for the first finalizer in the list is waiting for a signal (field value, external system, or other) produced by a component responsible for a finalizer later in the list, resulting in a deadlock. Without enforced ordering finalizers are free to order amongst themselves and are not vulnerable to ordering changes in the list."

Note: This function appends passed data to existing values

fn metadata.withGenerateName

withGenerateName(generateName)

"GenerateName is an optional prefix, used by the server, to generate a unique name ONLY IF the Name field has not been provided. If this field is used, the name returned to the client will be different than the name passed. This value will also be combined with a unique suffix. The provided value has the same validation rules as the Name field, and may be truncated by the length of the suffix required to make the value unique on the server.\n\nIf this field is specified and the generated name exists, the server will NOT return a 409 - instead, it will either return 201 Created or 500 with Reason ServerTimeout indicating a unique name could not be found in the time allotted, and the client should retry (optionally after the time indicated in the Retry-After header).\n\nApplied only if Name is not specified. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#idempotency"

fn metadata.withGeneration

withGeneration(generation)

"A sequence number representing a specific generation of the desired state. Populated by the system. Read-only."

fn metadata.withLabels

withLabels(labels)

"Map of string keys and values that can be used to organize and categorize (scope and select) objects. May match selectors of replication controllers and services. More info: http://kubernetes.io/docs/user-guide/labels"

fn metadata.withLabelsMixin

withLabelsMixin(labels)

"Map of string keys and values that can be used to organize and categorize (scope and select) objects. May match selectors of replication controllers and services. More info: http://kubernetes.io/docs/user-guide/labels"

Note: This function appends passed data to existing values

fn metadata.withName

withName(name)

"Name must be unique within a namespace. Is required when creating resources, although some resources may allow a client to request the generation of an appropriate name automatically. Name is primarily intended for creation idempotence and configuration definition. Cannot be updated. More info: http://kubernetes.io/docs/user-guide/identifiers#names"

fn metadata.withNamespace

withNamespace(namespace)

"Namespace defines the space within which each name must be unique. An empty namespace is equivalent to the \"default\" namespace, but \"default\" is the canonical representation. Not all objects are required to be scoped to a namespace - the value of this field for those objects will be empty.\n\nMust be a DNS_LABEL. Cannot be updated. More info: http://kubernetes.io/docs/user-guide/namespaces"

fn metadata.withOwnerReferences

withOwnerReferences(ownerReferences)

"List of objects depended by this object. If ALL objects in the list have been deleted, this object will be garbage collected. If this object is managed by a controller, then an entry in this list will point to this controller, with the controller field set to true. There cannot be more than one managing controller."

fn metadata.withOwnerReferencesMixin

withOwnerReferencesMixin(ownerReferences)

"List of objects depended by this object. If ALL objects in the list have been deleted, this object will be garbage collected. If this object is managed by a controller, then an entry in this list will point to this controller, with the controller field set to true. There cannot be more than one managing controller."

Note: This function appends passed data to existing values

fn metadata.withResourceVersion

withResourceVersion(resourceVersion)

"An opaque value that represents the internal version of this object that can be used by clients to determine when objects have changed. May be used for optimistic concurrency, change detection, and the watch operation on a resource or set of resources. Clients must treat these values as opaque and passed unmodified back to the server. They may only be valid for a particular resource or set of resources.\n\nPopulated by the system. Read-only. Value must be treated as opaque by clients and . More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency"

withSelfLink(selfLink)

"SelfLink is a URL representing this object. Populated by the system. Read-only.\n\nDEPRECATED Kubernetes will stop propagating this field in 1.20 release and the field is planned to be removed in 1.21 release."

fn metadata.withUid

withUid(uid)

"UID is the unique in time and space value for this object. It is typically generated by the server on successful creation of a resource and is not allowed to change on PUT operations.\n\nPopulated by the system. Read-only. More info: http://kubernetes.io/docs/user-guide/identifiers#uids"

obj spec

"HTTPProxySpec defines the spec of the CRD."

fn spec.withIncludes

withIncludes(includes)

"Includes allow for specific routing configuration to be included from another HTTPProxy, possibly in another namespace."

fn spec.withIncludesMixin

withIncludesMixin(includes)

"Includes allow for specific routing configuration to be included from another HTTPProxy, possibly in another namespace."

Note: This function appends passed data to existing values

fn spec.withIngressClassName

withIngressClassName(ingressClassName)

"IngressClassName optionally specifies the ingress class to use for this HTTPProxy. This replaces the deprecated kubernetes.io/ingress.class annotation. For backwards compatibility, when that annotation is set, it is given precedence over this field."

fn spec.withRoutes

withRoutes(routes)

"Routes are the ingress routes. If TCPProxy is present, Routes is ignored."

fn spec.withRoutesMixin

withRoutesMixin(routes)

"Routes are the ingress routes. If TCPProxy is present, Routes is ignored."

Note: This function appends passed data to existing values

obj spec.includes

"Includes allow for specific routing configuration to be included from another HTTPProxy, possibly in another namespace."

fn spec.includes.withConditions

withConditions(conditions)

"Conditions are a set of rules that are applied to included HTTPProxies. In effect, they are added onto the Conditions of included HTTPProxy Route structs. When applied, they are merged using AND, with one exception: There can be only one Prefix MatchCondition per Conditions slice. More than one Prefix, or contradictory Conditions, will make the include invalid."

fn spec.includes.withConditionsMixin

withConditionsMixin(conditions)

"Conditions are a set of rules that are applied to included HTTPProxies. In effect, they are added onto the Conditions of included HTTPProxy Route structs. When applied, they are merged using AND, with one exception: There can be only one Prefix MatchCondition per Conditions slice. More than one Prefix, or contradictory Conditions, will make the include invalid."

Note: This function appends passed data to existing values

fn spec.includes.withName

withName(name)

"Name of the HTTPProxy"

fn spec.includes.withNamespace

withNamespace(namespace)

"Namespace of the HTTPProxy to include. Defaults to the current namespace if not supplied."

obj spec.includes.conditions

"Conditions are a set of rules that are applied to included HTTPProxies. In effect, they are added onto the Conditions of included HTTPProxy Route structs. When applied, they are merged using AND, with one exception: There can be only one Prefix MatchCondition per Conditions slice. More than one Prefix, or contradictory Conditions, will make the include invalid."

fn spec.includes.conditions.withPrefix

withPrefix(prefix)

"Prefix defines a prefix match for a request."

obj spec.includes.conditions.header

"Header specifies the header condition to match."

fn spec.includes.conditions.header.withContains

withContains(contains)

"Contains specifies a substring that must be present in the header value."

fn spec.includes.conditions.header.withExact

withExact(exact)

"Exact specifies a string that the header value must be equal to."

fn spec.includes.conditions.header.withName

withName(name)

"Name is the name of the header to match against. Name is required. Header names are case insensitive."

fn spec.includes.conditions.header.withNotcontains

withNotcontains(notcontains)

"NotContains specifies a substring that must not be present in the header value."

fn spec.includes.conditions.header.withNotexact

withNotexact(notexact)

"NoExact specifies a string that the header value must not be equal to. The condition is true if the header has any other value."

fn spec.includes.conditions.header.withNotpresent

withNotpresent(notpresent)

"NotPresent specifies that condition is true when the named header is not present. Note that setting NotPresent to false does not make the condition true if the named header is present."

fn spec.includes.conditions.header.withPresent

withPresent(present)

"Present specifies that condition is true when the named header is present, regardless of its value. Note that setting Present to false does not make the condition true if the named header is absent."

obj spec.routes

"Routes are the ingress routes. If TCPProxy is present, Routes is ignored."

fn spec.routes.withConditions

withConditions(conditions)

"Conditions are a set of rules that are applied to a Route. When applied, they are merged using AND, with one exception: There can be only one Prefix MatchCondition per Conditions slice. More than one Prefix, or contradictory Conditions, will make the route invalid."

fn spec.routes.withConditionsMixin

withConditionsMixin(conditions)

"Conditions are a set of rules that are applied to a Route. When applied, they are merged using AND, with one exception: There can be only one Prefix MatchCondition per Conditions slice. More than one Prefix, or contradictory Conditions, will make the route invalid."

Note: This function appends passed data to existing values

fn spec.routes.withEnableWebsockets

withEnableWebsockets(enableWebsockets)

"Enables websocket support for the route."

fn spec.routes.withPermitInsecure

withPermitInsecure(permitInsecure)

"Allow this path to respond to insecure requests over HTTP which are normally not permitted when a virtualhost.tls block is present."

fn spec.routes.withServices

withServices(services)

"Services are the services to proxy traffic."

fn spec.routes.withServicesMixin

withServicesMixin(services)

"Services are the services to proxy traffic."

Note: This function appends passed data to existing values

obj spec.routes.authPolicy

"AuthPolicy updates the authorization policy that was set on the root HTTPProxy object for client requests that match this route."

fn spec.routes.authPolicy.withContext

withContext(context)

"Context is a set of key/value pairs that are sent to the authentication server in the check request. If a context is provided at an enclosing scope, the entries are merged such that the inner scope overrides matching keys from the outer scope."

fn spec.routes.authPolicy.withContextMixin

withContextMixin(context)

"Context is a set of key/value pairs that are sent to the authentication server in the check request. If a context is provided at an enclosing scope, the entries are merged such that the inner scope overrides matching keys from the outer scope."

Note: This function appends passed data to existing values

fn spec.routes.authPolicy.withDisabled

withDisabled(disabled)

"When true, this field disables client request authentication for the scope of the policy."

obj spec.routes.conditions

"Conditions are a set of rules that are applied to a Route. When applied, they are merged using AND, with one exception: There can be only one Prefix MatchCondition per Conditions slice. More than one Prefix, or contradictory Conditions, will make the route invalid."

fn spec.routes.conditions.withPrefix

withPrefix(prefix)

"Prefix defines a prefix match for a request."

obj spec.routes.conditions.header

"Header specifies the header condition to match."

fn spec.routes.conditions.header.withContains

withContains(contains)

"Contains specifies a substring that must be present in the header value."

fn spec.routes.conditions.header.withExact

withExact(exact)

"Exact specifies a string that the header value must be equal to."

fn spec.routes.conditions.header.withName

withName(name)

"Name is the name of the header to match against. Name is required. Header names are case insensitive."

fn spec.routes.conditions.header.withNotcontains

withNotcontains(notcontains)

"NotContains specifies a substring that must not be present in the header value."

fn spec.routes.conditions.header.withNotexact

withNotexact(notexact)

"NoExact specifies a string that the header value must not be equal to. The condition is true if the header has any other value."

fn spec.routes.conditions.header.withNotpresent

withNotpresent(notpresent)

"NotPresent specifies that condition is true when the named header is not present. Note that setting NotPresent to false does not make the condition true if the named header is present."

fn spec.routes.conditions.header.withPresent

withPresent(present)

"Present specifies that condition is true when the named header is present, regardless of its value. Note that setting Present to false does not make the condition true if the named header is absent."

obj spec.routes.healthCheckPolicy

"The health check policy for this route."

fn spec.routes.healthCheckPolicy.withHealthyThresholdCount

withHealthyThresholdCount(healthyThresholdCount)

"The number of healthy health checks required before a host is marked healthy"

fn spec.routes.healthCheckPolicy.withHost

withHost(host)

"The value of the host header in the HTTP health check request. If left empty (default value), the name \"contour-envoy-healthcheck\" will be used."

fn spec.routes.healthCheckPolicy.withIntervalSeconds

withIntervalSeconds(intervalSeconds)

"The interval (seconds) between health checks"

fn spec.routes.healthCheckPolicy.withPath

withPath(path)

"HTTP endpoint used to perform health checks on upstream service"

fn spec.routes.healthCheckPolicy.withTimeoutSeconds

withTimeoutSeconds(timeoutSeconds)

"The time to wait (seconds) for a health check response"

fn spec.routes.healthCheckPolicy.withUnhealthyThresholdCount

withUnhealthyThresholdCount(unhealthyThresholdCount)

"The number of unhealthy health checks required before a host is marked unhealthy"

obj spec.routes.loadBalancerPolicy

"The load balancing policy for this route."

fn spec.routes.loadBalancerPolicy.withRequestHashPolicies

withRequestHashPolicies(requestHashPolicies)

"RequestHashPolicies contains a list of hash policies to apply when the RequestHash load balancing strategy is chosen. If an element of the supplied list of hash policies is invalid, it will be ignored. If the list of hash policies is empty after validation, the load balancing strategy will fall back the the default RoundRobin."

fn spec.routes.loadBalancerPolicy.withRequestHashPoliciesMixin

withRequestHashPoliciesMixin(requestHashPolicies)

"RequestHashPolicies contains a list of hash policies to apply when the RequestHash load balancing strategy is chosen. If an element of the supplied list of hash policies is invalid, it will be ignored. If the list of hash policies is empty after validation, the load balancing strategy will fall back the the default RoundRobin."

Note: This function appends passed data to existing values

fn spec.routes.loadBalancerPolicy.withStrategy

withStrategy(strategy)

"Strategy specifies the policy used to balance requests across the pool of backend pods. Valid policy names are Random, RoundRobin, WeightedLeastRequest, Cookie, and RequestHash. If an unknown strategy name is specified or no policy is supplied, the default RoundRobin policy is used."

obj spec.routes.loadBalancerPolicy.requestHashPolicies

"RequestHashPolicies contains a list of hash policies to apply when the RequestHash load balancing strategy is chosen. If an element of the supplied list of hash policies is invalid, it will be ignored. If the list of hash policies is empty after validation, the load balancing strategy will fall back the the default RoundRobin."

fn spec.routes.loadBalancerPolicy.requestHashPolicies.withTerminal

withTerminal(terminal)

"Terminal is a flag that allows for short-circuiting computing of a hash for a given request. If set to true, and the request attribute specified in the attribute hash options is present, no further hash policies will be used to calculate a hash for the request."

obj spec.routes.loadBalancerPolicy.requestHashPolicies.headerHashOptions

"HeaderHashOptions should be set when request header hash based load balancing is desired. It must be the only hash option field set, otherwise this request hash policy object will be ignored."

fn spec.routes.loadBalancerPolicy.requestHashPolicies.headerHashOptions.withHeaderName

withHeaderName(headerName)

"HeaderName is the name of the HTTP request header that will be used to calculate the hash key. If the header specified is not present on a request, no hash will be produced."

obj spec.routes.pathRewritePolicy

"The policy for rewriting the path of the request URL after the request has been routed to a Service."

fn spec.routes.pathRewritePolicy.withReplacePrefix

withReplacePrefix(replacePrefix)

"ReplacePrefix describes how the path prefix should be replaced."

fn spec.routes.pathRewritePolicy.withReplacePrefixMixin

withReplacePrefixMixin(replacePrefix)

"ReplacePrefix describes how the path prefix should be replaced."

Note: This function appends passed data to existing values

obj spec.routes.pathRewritePolicy.replacePrefix

"ReplacePrefix describes how the path prefix should be replaced."

fn spec.routes.pathRewritePolicy.replacePrefix.withPrefix

withPrefix(prefix)

"Prefix specifies the URL path prefix to be replaced. \n If Prefix is specified, it must exactly match the MatchCondition prefix that is rendered by the chain of including HTTPProxies and only that path prefix will be replaced by Replacement. This allows HTTPProxies that are included through multiple roots to only replace specific path prefixes, leaving others unmodified. \n If Prefix is not specified, all routing prefixes rendered by the include chain will be replaced."

fn spec.routes.pathRewritePolicy.replacePrefix.withReplacement

withReplacement(replacement)

"Replacement is the string that the routing path prefix will be replaced with. This must not be empty."

obj spec.routes.rateLimitPolicy

"The policy for rate limiting on the route."

obj spec.routes.rateLimitPolicy.global

"Global defines global rate limiting parameters, i.e. parameters defining descriptors that are sent to an external rate limit service (RLS) for a rate limit decision on each request."

fn spec.routes.rateLimitPolicy.global.withDescriptors

withDescriptors(descriptors)

"Descriptors defines the list of descriptors that will be generated and sent to the rate limit service. Each descriptor contains 1+ key-value pair entries."

fn spec.routes.rateLimitPolicy.global.withDescriptorsMixin

withDescriptorsMixin(descriptors)

"Descriptors defines the list of descriptors that will be generated and sent to the rate limit service. Each descriptor contains 1+ key-value pair entries."

Note: This function appends passed data to existing values

obj spec.routes.rateLimitPolicy.global.descriptors

"Descriptors defines the list of descriptors that will be generated and sent to the rate limit service. Each descriptor contains 1+ key-value pair entries."

fn spec.routes.rateLimitPolicy.global.descriptors.withEntries

withEntries(entries)

"Entries is the list of key-value pair generators."

fn spec.routes.rateLimitPolicy.global.descriptors.withEntriesMixin

withEntriesMixin(entries)

"Entries is the list of key-value pair generators."

Note: This function appends passed data to existing values

obj spec.routes.rateLimitPolicy.global.descriptors.entries

"Entries is the list of key-value pair generators."

fn spec.routes.rateLimitPolicy.global.descriptors.entries.withRemoteAddress

withRemoteAddress(remoteAddress)

"RemoteAddress defines a descriptor entry with a key of \"remote_address\" and a value equal to the client's IP address (from x-forwarded-for)."

fn spec.routes.rateLimitPolicy.global.descriptors.entries.withRemoteAddressMixin

withRemoteAddressMixin(remoteAddress)

"RemoteAddress defines a descriptor entry with a key of \"remote_address\" and a value equal to the client's IP address (from x-forwarded-for)."

Note: This function appends passed data to existing values

obj spec.routes.rateLimitPolicy.global.descriptors.entries.genericKey

"GenericKey defines a descriptor entry with a static key and value."

fn spec.routes.rateLimitPolicy.global.descriptors.entries.genericKey.withKey

withKey(key)

"Key defines the key of the descriptor entry. If not set, the key is set to \"generic_key\"."

fn spec.routes.rateLimitPolicy.global.descriptors.entries.genericKey.withValue

withValue(value)

"Value defines the value of the descriptor entry."

obj spec.routes.rateLimitPolicy.global.descriptors.entries.requestHeader

"RequestHeader defines a descriptor entry that's populated only if a given header is present on the request. The descriptor key is static, and the descriptor value is equal to the value of the header."

fn spec.routes.rateLimitPolicy.global.descriptors.entries.requestHeader.withDescriptorKey

withDescriptorKey(descriptorKey)

"DescriptorKey defines the key to use on the descriptor entry."

fn spec.routes.rateLimitPolicy.global.descriptors.entries.requestHeader.withHeaderName

withHeaderName(headerName)

"HeaderName defines the name of the header to look for on the request."

obj spec.routes.rateLimitPolicy.global.descriptors.entries.requestHeaderValueMatch

"RequestHeaderValueMatch defines a descriptor entry that's populated if the request's headers match a set of 1+ match criteria. The descriptor key is \"header_match\", and the descriptor value is static."

fn spec.routes.rateLimitPolicy.global.descriptors.entries.requestHeaderValueMatch.withExpectMatch

withExpectMatch(expectMatch)

"ExpectMatch defines whether the request must positively match the match criteria in order to generate a descriptor entry (i.e. true), or not match the match criteria in order to generate a descriptor entry (i.e. false). The default is true."

fn spec.routes.rateLimitPolicy.global.descriptors.entries.requestHeaderValueMatch.withHeaders

withHeaders(headers)

"Headers is a list of 1+ match criteria to apply against the request to determine whether to populate the descriptor entry or not."

fn spec.routes.rateLimitPolicy.global.descriptors.entries.requestHeaderValueMatch.withHeadersMixin

withHeadersMixin(headers)

"Headers is a list of 1+ match criteria to apply against the request to determine whether to populate the descriptor entry or not."

Note: This function appends passed data to existing values

fn spec.routes.rateLimitPolicy.global.descriptors.entries.requestHeaderValueMatch.withValue

withValue(value)

"Value defines the value of the descriptor entry."

obj spec.routes.rateLimitPolicy.global.descriptors.entries.requestHeaderValueMatch.headers

"Headers is a list of 1+ match criteria to apply against the request to determine whether to populate the descriptor entry or not."

fn spec.routes.rateLimitPolicy.global.descriptors.entries.requestHeaderValueMatch.headers.withContains

withContains(contains)

"Contains specifies a substring that must be present in the header value."

fn spec.routes.rateLimitPolicy.global.descriptors.entries.requestHeaderValueMatch.headers.withExact

withExact(exact)

"Exact specifies a string that the header value must be equal to."

fn spec.routes.rateLimitPolicy.global.descriptors.entries.requestHeaderValueMatch.headers.withName

withName(name)

"Name is the name of the header to match against. Name is required. Header names are case insensitive."

fn spec.routes.rateLimitPolicy.global.descriptors.entries.requestHeaderValueMatch.headers.withNotcontains

withNotcontains(notcontains)

"NotContains specifies a substring that must not be present in the header value."

fn spec.routes.rateLimitPolicy.global.descriptors.entries.requestHeaderValueMatch.headers.withNotexact

withNotexact(notexact)

"NoExact specifies a string that the header value must not be equal to. The condition is true if the header has any other value."

fn spec.routes.rateLimitPolicy.global.descriptors.entries.requestHeaderValueMatch.headers.withNotpresent

withNotpresent(notpresent)

"NotPresent specifies that condition is true when the named header is not present. Note that setting NotPresent to false does not make the condition true if the named header is present."

fn spec.routes.rateLimitPolicy.global.descriptors.entries.requestHeaderValueMatch.headers.withPresent

withPresent(present)

"Present specifies that condition is true when the named header is present, regardless of its value. Note that setting Present to false does not make the condition true if the named header is absent."

obj spec.routes.rateLimitPolicy.local

"Local defines local rate limiting parameters, i.e. parameters for rate limiting that occurs within each Envoy pod as requests are handled."

fn spec.routes.rateLimitPolicy.local.withBurst

withBurst(burst)

"Burst defines the number of requests above the requests per unit that should be allowed within a short period of time."

fn spec.routes.rateLimitPolicy.local.withRequests

withRequests(requests)

"Requests defines how many requests per unit of time should be allowed before rate limiting occurs."

fn spec.routes.rateLimitPolicy.local.withResponseHeadersToAdd

withResponseHeadersToAdd(responseHeadersToAdd)

"ResponseHeadersToAdd is an optional list of response headers to set when a request is rate-limited."

fn spec.routes.rateLimitPolicy.local.withResponseHeadersToAddMixin

withResponseHeadersToAddMixin(responseHeadersToAdd)

"ResponseHeadersToAdd is an optional list of response headers to set when a request is rate-limited."

Note: This function appends passed data to existing values

fn spec.routes.rateLimitPolicy.local.withResponseStatusCode

withResponseStatusCode(responseStatusCode)

"ResponseStatusCode is the HTTP status code to use for responses to rate-limited requests. Codes must be in the 400-599 range (inclusive). If not specified, the Envoy default of 429 (Too Many Requests) is used."

fn spec.routes.rateLimitPolicy.local.withUnit

withUnit(unit)

"Unit defines the period of time within which requests over the limit will be rate limited. Valid values are \"second\", \"minute\" and \"hour\"."

obj spec.routes.rateLimitPolicy.local.responseHeadersToAdd

"ResponseHeadersToAdd is an optional list of response headers to set when a request is rate-limited."

fn spec.routes.rateLimitPolicy.local.responseHeadersToAdd.withName

withName(name)

"Name represents a key of a header"

fn spec.routes.rateLimitPolicy.local.responseHeadersToAdd.withValue

withValue(value)

"Value represents the value of a header specified by a key"

obj spec.routes.requestHeadersPolicy

"The policy for managing request headers during proxying."

fn spec.routes.requestHeadersPolicy.withRemove

withRemove(remove)

"Remove specifies a list of HTTP header names to remove."

fn spec.routes.requestHeadersPolicy.withRemoveMixin

withRemoveMixin(remove)

"Remove specifies a list of HTTP header names to remove."

Note: This function appends passed data to existing values

fn spec.routes.requestHeadersPolicy.withSet

withSet(set)

"Set specifies a list of HTTP header values that will be set in the HTTP header. If the header does not exist it will be added, otherwise it will be overwritten with the new value."

fn spec.routes.requestHeadersPolicy.withSetMixin

withSetMixin(set)

"Set specifies a list of HTTP header values that will be set in the HTTP header. If the header does not exist it will be added, otherwise it will be overwritten with the new value."

Note: This function appends passed data to existing values

obj spec.routes.requestHeadersPolicy.set

"Set specifies a list of HTTP header values that will be set in the HTTP header. If the header does not exist it will be added, otherwise it will be overwritten with the new value."

fn spec.routes.requestHeadersPolicy.set.withName

withName(name)

"Name represents a key of a header"

fn spec.routes.requestHeadersPolicy.set.withValue

withValue(value)

"Value represents the value of a header specified by a key"

obj spec.routes.responseHeadersPolicy

"The policy for managing response headers during proxying. Rewriting the 'Host' header is not supported."

fn spec.routes.responseHeadersPolicy.withRemove

withRemove(remove)

"Remove specifies a list of HTTP header names to remove."

fn spec.routes.responseHeadersPolicy.withRemoveMixin

withRemoveMixin(remove)

"Remove specifies a list of HTTP header names to remove."

Note: This function appends passed data to existing values

fn spec.routes.responseHeadersPolicy.withSet

withSet(set)

"Set specifies a list of HTTP header values that will be set in the HTTP header. If the header does not exist it will be added, otherwise it will be overwritten with the new value."

fn spec.routes.responseHeadersPolicy.withSetMixin

withSetMixin(set)

"Set specifies a list of HTTP header values that will be set in the HTTP header. If the header does not exist it will be added, otherwise it will be overwritten with the new value."

Note: This function appends passed data to existing values

obj spec.routes.responseHeadersPolicy.set

"Set specifies a list of HTTP header values that will be set in the HTTP header. If the header does not exist it will be added, otherwise it will be overwritten with the new value."

fn spec.routes.responseHeadersPolicy.set.withName

withName(name)

"Name represents a key of a header"

fn spec.routes.responseHeadersPolicy.set.withValue

withValue(value)

"Value represents the value of a header specified by a key"

obj spec.routes.retryPolicy

"The retry policy for this route."

fn spec.routes.retryPolicy.withCount

withCount(count)

"NumRetries is maximum allowed number of retries. If set to -1, then retries are disabled. If set to 0 or not supplied, the value is set to the Envoy default of 1."

fn spec.routes.retryPolicy.withPerTryTimeout

withPerTryTimeout(perTryTimeout)

"PerTryTimeout specifies the timeout per retry attempt. Ignored if NumRetries is not supplied."

fn spec.routes.retryPolicy.withRetriableStatusCodes

withRetriableStatusCodes(retriableStatusCodes)

"RetriableStatusCodes specifies the HTTP status codes that should be retried. \n This field is only respected when you include retriable-status-codes in the RetryOn field."

fn spec.routes.retryPolicy.withRetriableStatusCodesMixin

withRetriableStatusCodesMixin(retriableStatusCodes)

"RetriableStatusCodes specifies the HTTP status codes that should be retried. \n This field is only respected when you include retriable-status-codes in the RetryOn field."

Note: This function appends passed data to existing values

fn spec.routes.retryPolicy.withRetryOn

withRetryOn(retryOn)

"RetryOn specifies the conditions on which to retry a request. \n Supported HTTP conditions: \n - 5xx - gateway-error - reset - connect-failure - retriable-4xx - refused-stream - retriable-status-codes - retriable-headers \n Supported gRPC conditions: \n - cancelled - deadline-exceeded - internal - resource-exhausted - unavailable"

fn spec.routes.retryPolicy.withRetryOnMixin

withRetryOnMixin(retryOn)

"RetryOn specifies the conditions on which to retry a request. \n Supported HTTP conditions: \n - 5xx - gateway-error - reset - connect-failure - retriable-4xx - refused-stream - retriable-status-codes - retriable-headers \n Supported gRPC conditions: \n - cancelled - deadline-exceeded - internal - resource-exhausted - unavailable"

Note: This function appends passed data to existing values

obj spec.routes.services

"Services are the services to proxy traffic."

fn spec.routes.services.withMirror

withMirror(mirror)

"If Mirror is true the Service will receive a read only mirror of the traffic for this route."

fn spec.routes.services.withName

withName(name)

"Name is the name of Kubernetes service to proxy traffic. Names defined here will be used to look up corresponding endpoints which contain the ips to route."

fn spec.routes.services.withPort

withPort(port)

"Port (defined as Integer) to proxy traffic to since a service can have multiple defined."

fn spec.routes.services.withProtocol

withProtocol(protocol)

"Protocol may be used to specify (or override) the protocol used to reach this Service. Values may be tls, h2, h2c. If omitted, protocol-selection falls back on Service annotations."

fn spec.routes.services.withWeight

withWeight(weight)

"Weight defines percentage of traffic to balance traffic"

obj spec.routes.services.requestHeadersPolicy

"The policy for managing request headers during proxying. Rewriting the 'Host' header is not supported."

fn spec.routes.services.requestHeadersPolicy.withRemove

withRemove(remove)

"Remove specifies a list of HTTP header names to remove."

fn spec.routes.services.requestHeadersPolicy.withRemoveMixin

withRemoveMixin(remove)

"Remove specifies a list of HTTP header names to remove."

Note: This function appends passed data to existing values

fn spec.routes.services.requestHeadersPolicy.withSet

withSet(set)

"Set specifies a list of HTTP header values that will be set in the HTTP header. If the header does not exist it will be added, otherwise it will be overwritten with the new value."

fn spec.routes.services.requestHeadersPolicy.withSetMixin

withSetMixin(set)

"Set specifies a list of HTTP header values that will be set in the HTTP header. If the header does not exist it will be added, otherwise it will be overwritten with the new value."

Note: This function appends passed data to existing values

obj spec.routes.services.requestHeadersPolicy.set

"Set specifies a list of HTTP header values that will be set in the HTTP header. If the header does not exist it will be added, otherwise it will be overwritten with the new value."

fn spec.routes.services.requestHeadersPolicy.set.withName

withName(name)

"Name represents a key of a header"

fn spec.routes.services.requestHeadersPolicy.set.withValue

withValue(value)

"Value represents the value of a header specified by a key"

obj spec.routes.services.responseHeadersPolicy

"The policy for managing response headers during proxying. Rewriting the 'Host' header is not supported."

fn spec.routes.services.responseHeadersPolicy.withRemove

withRemove(remove)

"Remove specifies a list of HTTP header names to remove."

fn spec.routes.services.responseHeadersPolicy.withRemoveMixin

withRemoveMixin(remove)

"Remove specifies a list of HTTP header names to remove."

Note: This function appends passed data to existing values

fn spec.routes.services.responseHeadersPolicy.withSet

withSet(set)

"Set specifies a list of HTTP header values that will be set in the HTTP header. If the header does not exist it will be added, otherwise it will be overwritten with the new value."

fn spec.routes.services.responseHeadersPolicy.withSetMixin

withSetMixin(set)

"Set specifies a list of HTTP header values that will be set in the HTTP header. If the header does not exist it will be added, otherwise it will be overwritten with the new value."

Note: This function appends passed data to existing values

obj spec.routes.services.responseHeadersPolicy.set

"Set specifies a list of HTTP header values that will be set in the HTTP header. If the header does not exist it will be added, otherwise it will be overwritten with the new value."

fn spec.routes.services.responseHeadersPolicy.set.withName

withName(name)

"Name represents a key of a header"

fn spec.routes.services.responseHeadersPolicy.set.withValue

withValue(value)

"Value represents the value of a header specified by a key"

obj spec.routes.services.validation

"UpstreamValidation defines how to verify the backend service's certificate"

fn spec.routes.services.validation.withCaSecret

withCaSecret(caSecret)

"Name or namespaced name of the Kubernetes secret used to validate the certificate presented by the backend"

fn spec.routes.services.validation.withSubjectName

withSubjectName(subjectName)

"Key which is expected to be present in the 'subjectAltName' of the presented certificate"

obj spec.routes.timeoutPolicy

"The timeout policy for this route."

fn spec.routes.timeoutPolicy.withIdle

withIdle(idle)

"Timeout after which, if there are no active requests for this route, the connection between Envoy and the backend or Envoy and the external client will be closed. If not specified, there is no per-route idle timeout, though a connection manager-wide stream_idle_timeout default of 5m still applies."

fn spec.routes.timeoutPolicy.withResponse

withResponse(response)

"Timeout for receiving a response from the server after processing a request from client. If not supplied, Envoy's default value of 15s applies."

obj spec.tcpproxy

"TCPProxy holds TCP proxy information."

fn spec.tcpproxy.withServices

withServices(services)

"Services are the services to proxy traffic"

fn spec.tcpproxy.withServicesMixin

withServicesMixin(services)

"Services are the services to proxy traffic"

Note: This function appends passed data to existing values

obj spec.tcpproxy.healthCheckPolicy

"The health check policy for this tcp proxy"

fn spec.tcpproxy.healthCheckPolicy.withHealthyThresholdCount

withHealthyThresholdCount(healthyThresholdCount)

"The number of healthy health checks required before a host is marked healthy"

fn spec.tcpproxy.healthCheckPolicy.withIntervalSeconds

withIntervalSeconds(intervalSeconds)

"The interval (seconds) between health checks"

fn spec.tcpproxy.healthCheckPolicy.withTimeoutSeconds

withTimeoutSeconds(timeoutSeconds)

"The time to wait (seconds) for a health check response"

fn spec.tcpproxy.healthCheckPolicy.withUnhealthyThresholdCount

withUnhealthyThresholdCount(unhealthyThresholdCount)

"The number of unhealthy health checks required before a host is marked unhealthy"

obj spec.tcpproxy.include

"Include specifies that this tcpproxy should be delegated to another HTTPProxy."

fn spec.tcpproxy.include.withName

withName(name)

"Name of the child HTTPProxy"

fn spec.tcpproxy.include.withNamespace

withNamespace(namespace)

"Namespace of the HTTPProxy to include. Defaults to the current namespace if not supplied."

obj spec.tcpproxy.includes

"IncludesDeprecated allow for specific routing configuration to be appended to another HTTPProxy in another namespace. \n Exists due to a mistake when developing HTTPProxy and the field was marked plural when it should have been singular. This field should stay to not break backwards compatibility to v1 users."

fn spec.tcpproxy.includes.withName

withName(name)

"Name of the child HTTPProxy"

fn spec.tcpproxy.includes.withNamespace

withNamespace(namespace)

"Namespace of the HTTPProxy to include. Defaults to the current namespace if not supplied."

obj spec.tcpproxy.loadBalancerPolicy

"The load balancing policy for the backend services. Note that the Cookie and RequestHash load balancing strategies cannot be used here."

fn spec.tcpproxy.loadBalancerPolicy.withRequestHashPolicies

withRequestHashPolicies(requestHashPolicies)

"RequestHashPolicies contains a list of hash policies to apply when the RequestHash load balancing strategy is chosen. If an element of the supplied list of hash policies is invalid, it will be ignored. If the list of hash policies is empty after validation, the load balancing strategy will fall back the the default RoundRobin."

fn spec.tcpproxy.loadBalancerPolicy.withRequestHashPoliciesMixin

withRequestHashPoliciesMixin(requestHashPolicies)

"RequestHashPolicies contains a list of hash policies to apply when the RequestHash load balancing strategy is chosen. If an element of the supplied list of hash policies is invalid, it will be ignored. If the list of hash policies is empty after validation, the load balancing strategy will fall back the the default RoundRobin."

Note: This function appends passed data to existing values

fn spec.tcpproxy.loadBalancerPolicy.withStrategy

withStrategy(strategy)

"Strategy specifies the policy used to balance requests across the pool of backend pods. Valid policy names are Random, RoundRobin, WeightedLeastRequest, Cookie, and RequestHash. If an unknown strategy name is specified or no policy is supplied, the default RoundRobin policy is used."

obj spec.tcpproxy.loadBalancerPolicy.requestHashPolicies

"RequestHashPolicies contains a list of hash policies to apply when the RequestHash load balancing strategy is chosen. If an element of the supplied list of hash policies is invalid, it will be ignored. If the list of hash policies is empty after validation, the load balancing strategy will fall back the the default RoundRobin."

fn spec.tcpproxy.loadBalancerPolicy.requestHashPolicies.withTerminal

withTerminal(terminal)

"Terminal is a flag that allows for short-circuiting computing of a hash for a given request. If set to true, and the request attribute specified in the attribute hash options is present, no further hash policies will be used to calculate a hash for the request."

obj spec.tcpproxy.loadBalancerPolicy.requestHashPolicies.headerHashOptions

"HeaderHashOptions should be set when request header hash based load balancing is desired. It must be the only hash option field set, otherwise this request hash policy object will be ignored."

fn spec.tcpproxy.loadBalancerPolicy.requestHashPolicies.headerHashOptions.withHeaderName

withHeaderName(headerName)

"HeaderName is the name of the HTTP request header that will be used to calculate the hash key. If the header specified is not present on a request, no hash will be produced."

obj spec.tcpproxy.services

"Services are the services to proxy traffic"

fn spec.tcpproxy.services.withMirror

withMirror(mirror)

"If Mirror is true the Service will receive a read only mirror of the traffic for this route."

fn spec.tcpproxy.services.withName

withName(name)

"Name is the name of Kubernetes service to proxy traffic. Names defined here will be used to look up corresponding endpoints which contain the ips to route."

fn spec.tcpproxy.services.withPort

withPort(port)

"Port (defined as Integer) to proxy traffic to since a service can have multiple defined."

fn spec.tcpproxy.services.withProtocol

withProtocol(protocol)

"Protocol may be used to specify (or override) the protocol used to reach this Service. Values may be tls, h2, h2c. If omitted, protocol-selection falls back on Service annotations."

fn spec.tcpproxy.services.withWeight

withWeight(weight)

"Weight defines percentage of traffic to balance traffic"

obj spec.tcpproxy.services.requestHeadersPolicy

"The policy for managing request headers during proxying. Rewriting the 'Host' header is not supported."

fn spec.tcpproxy.services.requestHeadersPolicy.withRemove

withRemove(remove)

"Remove specifies a list of HTTP header names to remove."

fn spec.tcpproxy.services.requestHeadersPolicy.withRemoveMixin

withRemoveMixin(remove)

"Remove specifies a list of HTTP header names to remove."

Note: This function appends passed data to existing values

fn spec.tcpproxy.services.requestHeadersPolicy.withSet

withSet(set)

"Set specifies a list of HTTP header values that will be set in the HTTP header. If the header does not exist it will be added, otherwise it will be overwritten with the new value."

fn spec.tcpproxy.services.requestHeadersPolicy.withSetMixin

withSetMixin(set)

"Set specifies a list of HTTP header values that will be set in the HTTP header. If the header does not exist it will be added, otherwise it will be overwritten with the new value."

Note: This function appends passed data to existing values

obj spec.tcpproxy.services.requestHeadersPolicy.set

"Set specifies a list of HTTP header values that will be set in the HTTP header. If the header does not exist it will be added, otherwise it will be overwritten with the new value."

fn spec.tcpproxy.services.requestHeadersPolicy.set.withName

withName(name)

"Name represents a key of a header"

fn spec.tcpproxy.services.requestHeadersPolicy.set.withValue

withValue(value)

"Value represents the value of a header specified by a key"

obj spec.tcpproxy.services.responseHeadersPolicy

"The policy for managing response headers during proxying. Rewriting the 'Host' header is not supported."

fn spec.tcpproxy.services.responseHeadersPolicy.withRemove

withRemove(remove)

"Remove specifies a list of HTTP header names to remove."

fn spec.tcpproxy.services.responseHeadersPolicy.withRemoveMixin

withRemoveMixin(remove)

"Remove specifies a list of HTTP header names to remove."

Note: This function appends passed data to existing values

fn spec.tcpproxy.services.responseHeadersPolicy.withSet

withSet(set)

"Set specifies a list of HTTP header values that will be set in the HTTP header. If the header does not exist it will be added, otherwise it will be overwritten with the new value."

fn spec.tcpproxy.services.responseHeadersPolicy.withSetMixin

withSetMixin(set)

"Set specifies a list of HTTP header values that will be set in the HTTP header. If the header does not exist it will be added, otherwise it will be overwritten with the new value."

Note: This function appends passed data to existing values

obj spec.tcpproxy.services.responseHeadersPolicy.set

"Set specifies a list of HTTP header values that will be set in the HTTP header. If the header does not exist it will be added, otherwise it will be overwritten with the new value."

fn spec.tcpproxy.services.responseHeadersPolicy.set.withName

withName(name)

"Name represents a key of a header"

fn spec.tcpproxy.services.responseHeadersPolicy.set.withValue

withValue(value)

"Value represents the value of a header specified by a key"

obj spec.tcpproxy.services.validation

"UpstreamValidation defines how to verify the backend service's certificate"

fn spec.tcpproxy.services.validation.withCaSecret

withCaSecret(caSecret)

"Name or namespaced name of the Kubernetes secret used to validate the certificate presented by the backend"

fn spec.tcpproxy.services.validation.withSubjectName

withSubjectName(subjectName)

"Key which is expected to be present in the 'subjectAltName' of the presented certificate"

obj spec.virtualhost

"Virtualhost appears at most once. If it is present, the object is considered to be a \"root\" HTTPProxy."

fn spec.virtualhost.withFqdn

withFqdn(fqdn)

"The fully qualified domain name of the root of the ingress tree all leaves of the DAG rooted at this object relate to the fqdn."

obj spec.virtualhost.authorization

"This field configures an extension service to perform authorization for this virtual host. Authorization can only be configured on virtual hosts that have TLS enabled. If the TLS configuration requires client certificate validation, the client certificate is always included in the authentication check request."

fn spec.virtualhost.authorization.withFailOpen

withFailOpen(failOpen)

"If FailOpen is true, the client request is forwarded to the upstream service even if the authorization server fails to respond. This field should not be set in most cases. It is intended for use only while migrating applications from internal authorization to Contour external authorization."

fn spec.virtualhost.authorization.withResponseTimeout

withResponseTimeout(responseTimeout)

"ResponseTimeout configures maximum time to wait for a check response from the authorization server. Timeout durations are expressed in the Go Duration format. Valid time units are \"ns\", \"us\" (or \"µs\"), \"ms\", \"s\", \"m\", \"h\". The string \"infinity\" is also a valid input and specifies no timeout."

obj spec.virtualhost.authorization.authPolicy

"AuthPolicy sets a default authorization policy for client requests. This policy will be used unless overridden by individual routes."

fn spec.virtualhost.authorization.authPolicy.withContext

withContext(context)

"Context is a set of key/value pairs that are sent to the authentication server in the check request. If a context is provided at an enclosing scope, the entries are merged such that the inner scope overrides matching keys from the outer scope."

fn spec.virtualhost.authorization.authPolicy.withContextMixin

withContextMixin(context)

"Context is a set of key/value pairs that are sent to the authentication server in the check request. If a context is provided at an enclosing scope, the entries are merged such that the inner scope overrides matching keys from the outer scope."

Note: This function appends passed data to existing values

fn spec.virtualhost.authorization.authPolicy.withDisabled

withDisabled(disabled)

"When true, this field disables client request authentication for the scope of the policy."

obj spec.virtualhost.authorization.extensionRef

"ExtensionServiceRef specifies the extension resource that will authorize client requests."

fn spec.virtualhost.authorization.extensionRef.withApiVersion

withApiVersion(apiVersion)

"API version of the referent. If this field is not specified, the default \"projectcontour.io/v1alpha1\" will be used"

fn spec.virtualhost.authorization.extensionRef.withName

withName(name)

"Name of the referent. \n More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names"

fn spec.virtualhost.authorization.extensionRef.withNamespace

withNamespace(namespace)

"Namespace of the referent. If this field is not specifies, the namespace of the resource that targets the referent will be used. \n More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/"

obj spec.virtualhost.corsPolicy

"Specifies the cross-origin policy to apply to the VirtualHost."

fn spec.virtualhost.corsPolicy.withAllowCredentials

withAllowCredentials(allowCredentials)

"Specifies whether the resource allows credentials."

fn spec.virtualhost.corsPolicy.withAllowHeaders

withAllowHeaders(allowHeaders)

"AllowHeaders specifies the content for the access-control-allow-headers header."

fn spec.virtualhost.corsPolicy.withAllowHeadersMixin

withAllowHeadersMixin(allowHeaders)

"AllowHeaders specifies the content for the access-control-allow-headers header."

Note: This function appends passed data to existing values

fn spec.virtualhost.corsPolicy.withAllowMethods

withAllowMethods(allowMethods)

"AllowMethods specifies the content for the access-control-allow-methods header."

fn spec.virtualhost.corsPolicy.withAllowMethodsMixin

withAllowMethodsMixin(allowMethods)

"AllowMethods specifies the content for the access-control-allow-methods header."

Note: This function appends passed data to existing values

fn spec.virtualhost.corsPolicy.withAllowOrigin

withAllowOrigin(allowOrigin)

"AllowOrigin specifies the origins that will be allowed to do CORS requests. \"*\" means allow any origin."

fn spec.virtualhost.corsPolicy.withAllowOriginMixin

withAllowOriginMixin(allowOrigin)

"AllowOrigin specifies the origins that will be allowed to do CORS requests. \"*\" means allow any origin."

Note: This function appends passed data to existing values

fn spec.virtualhost.corsPolicy.withExposeHeaders

withExposeHeaders(exposeHeaders)

"ExposeHeaders Specifies the content for the access-control-expose-headers header."

fn spec.virtualhost.corsPolicy.withExposeHeadersMixin

withExposeHeadersMixin(exposeHeaders)

"ExposeHeaders Specifies the content for the access-control-expose-headers header."

Note: This function appends passed data to existing values

fn spec.virtualhost.corsPolicy.withMaxAge

withMaxAge(maxAge)

"MaxAge indicates for how long the results of a preflight request can be cached. MaxAge durations are expressed in the Go Duration format. Valid time units are \"ns\", \"us\" (or \"µs\"), \"ms\", \"s\", \"m\", \"h\". Only positive values are allowed while 0 disables the cache requiring a preflight OPTIONS check for all cross-origin requests."

obj spec.virtualhost.rateLimitPolicy

"The policy for rate limiting on the virtual host."

obj spec.virtualhost.rateLimitPolicy.global

"Global defines global rate limiting parameters, i.e. parameters defining descriptors that are sent to an external rate limit service (RLS) for a rate limit decision on each request."

fn spec.virtualhost.rateLimitPolicy.global.withDescriptors

withDescriptors(descriptors)

"Descriptors defines the list of descriptors that will be generated and sent to the rate limit service. Each descriptor contains 1+ key-value pair entries."

fn spec.virtualhost.rateLimitPolicy.global.withDescriptorsMixin

withDescriptorsMixin(descriptors)

"Descriptors defines the list of descriptors that will be generated and sent to the rate limit service. Each descriptor contains 1+ key-value pair entries."

Note: This function appends passed data to existing values

obj spec.virtualhost.rateLimitPolicy.global.descriptors

"Descriptors defines the list of descriptors that will be generated and sent to the rate limit service. Each descriptor contains 1+ key-value pair entries."

fn spec.virtualhost.rateLimitPolicy.global.descriptors.withEntries

withEntries(entries)

"Entries is the list of key-value pair generators."

fn spec.virtualhost.rateLimitPolicy.global.descriptors.withEntriesMixin

withEntriesMixin(entries)

"Entries is the list of key-value pair generators."

Note: This function appends passed data to existing values

obj spec.virtualhost.rateLimitPolicy.global.descriptors.entries

"Entries is the list of key-value pair generators."

fn spec.virtualhost.rateLimitPolicy.global.descriptors.entries.withRemoteAddress

withRemoteAddress(remoteAddress)

"RemoteAddress defines a descriptor entry with a key of \"remote_address\" and a value equal to the client's IP address (from x-forwarded-for)."

fn spec.virtualhost.rateLimitPolicy.global.descriptors.entries.withRemoteAddressMixin

withRemoteAddressMixin(remoteAddress)

"RemoteAddress defines a descriptor entry with a key of \"remote_address\" and a value equal to the client's IP address (from x-forwarded-for)."

Note: This function appends passed data to existing values

obj spec.virtualhost.rateLimitPolicy.global.descriptors.entries.genericKey

"GenericKey defines a descriptor entry with a static key and value."

fn spec.virtualhost.rateLimitPolicy.global.descriptors.entries.genericKey.withKey

withKey(key)

"Key defines the key of the descriptor entry. If not set, the key is set to \"generic_key\"."

fn spec.virtualhost.rateLimitPolicy.global.descriptors.entries.genericKey.withValue

withValue(value)

"Value defines the value of the descriptor entry."

obj spec.virtualhost.rateLimitPolicy.global.descriptors.entries.requestHeader

"RequestHeader defines a descriptor entry that's populated only if a given header is present on the request. The descriptor key is static, and the descriptor value is equal to the value of the header."

fn spec.virtualhost.rateLimitPolicy.global.descriptors.entries.requestHeader.withDescriptorKey

withDescriptorKey(descriptorKey)

"DescriptorKey defines the key to use on the descriptor entry."

fn spec.virtualhost.rateLimitPolicy.global.descriptors.entries.requestHeader.withHeaderName

withHeaderName(headerName)

"HeaderName defines the name of the header to look for on the request."

obj spec.virtualhost.rateLimitPolicy.global.descriptors.entries.requestHeaderValueMatch

"RequestHeaderValueMatch defines a descriptor entry that's populated if the request's headers match a set of 1+ match criteria. The descriptor key is \"header_match\", and the descriptor value is static."

fn spec.virtualhost.rateLimitPolicy.global.descriptors.entries.requestHeaderValueMatch.withExpectMatch

withExpectMatch(expectMatch)

"ExpectMatch defines whether the request must positively match the match criteria in order to generate a descriptor entry (i.e. true), or not match the match criteria in order to generate a descriptor entry (i.e. false). The default is true."

fn spec.virtualhost.rateLimitPolicy.global.descriptors.entries.requestHeaderValueMatch.withHeaders

withHeaders(headers)

"Headers is a list of 1+ match criteria to apply against the request to determine whether to populate the descriptor entry or not."

fn spec.virtualhost.rateLimitPolicy.global.descriptors.entries.requestHeaderValueMatch.withHeadersMixin

withHeadersMixin(headers)

"Headers is a list of 1+ match criteria to apply against the request to determine whether to populate the descriptor entry or not."

Note: This function appends passed data to existing values

fn spec.virtualhost.rateLimitPolicy.global.descriptors.entries.requestHeaderValueMatch.withValue

withValue(value)

"Value defines the value of the descriptor entry."

obj spec.virtualhost.rateLimitPolicy.global.descriptors.entries.requestHeaderValueMatch.headers

"Headers is a list of 1+ match criteria to apply against the request to determine whether to populate the descriptor entry or not."

fn spec.virtualhost.rateLimitPolicy.global.descriptors.entries.requestHeaderValueMatch.headers.withContains

withContains(contains)

"Contains specifies a substring that must be present in the header value."

fn spec.virtualhost.rateLimitPolicy.global.descriptors.entries.requestHeaderValueMatch.headers.withExact

withExact(exact)

"Exact specifies a string that the header value must be equal to."

fn spec.virtualhost.rateLimitPolicy.global.descriptors.entries.requestHeaderValueMatch.headers.withName

withName(name)

"Name is the name of the header to match against. Name is required. Header names are case insensitive."

fn spec.virtualhost.rateLimitPolicy.global.descriptors.entries.requestHeaderValueMatch.headers.withNotcontains

withNotcontains(notcontains)

"NotContains specifies a substring that must not be present in the header value."

fn spec.virtualhost.rateLimitPolicy.global.descriptors.entries.requestHeaderValueMatch.headers.withNotexact

withNotexact(notexact)

"NoExact specifies a string that the header value must not be equal to. The condition is true if the header has any other value."

fn spec.virtualhost.rateLimitPolicy.global.descriptors.entries.requestHeaderValueMatch.headers.withNotpresent

withNotpresent(notpresent)

"NotPresent specifies that condition is true when the named header is not present. Note that setting NotPresent to false does not make the condition true if the named header is present."

fn spec.virtualhost.rateLimitPolicy.global.descriptors.entries.requestHeaderValueMatch.headers.withPresent

withPresent(present)

"Present specifies that condition is true when the named header is present, regardless of its value. Note that setting Present to false does not make the condition true if the named header is absent."

obj spec.virtualhost.rateLimitPolicy.local

"Local defines local rate limiting parameters, i.e. parameters for rate limiting that occurs within each Envoy pod as requests are handled."

fn spec.virtualhost.rateLimitPolicy.local.withBurst

withBurst(burst)

"Burst defines the number of requests above the requests per unit that should be allowed within a short period of time."

fn spec.virtualhost.rateLimitPolicy.local.withRequests

withRequests(requests)

"Requests defines how many requests per unit of time should be allowed before rate limiting occurs."

fn spec.virtualhost.rateLimitPolicy.local.withResponseHeadersToAdd

withResponseHeadersToAdd(responseHeadersToAdd)

"ResponseHeadersToAdd is an optional list of response headers to set when a request is rate-limited."

fn spec.virtualhost.rateLimitPolicy.local.withResponseHeadersToAddMixin

withResponseHeadersToAddMixin(responseHeadersToAdd)

"ResponseHeadersToAdd is an optional list of response headers to set when a request is rate-limited."

Note: This function appends passed data to existing values

fn spec.virtualhost.rateLimitPolicy.local.withResponseStatusCode

withResponseStatusCode(responseStatusCode)

"ResponseStatusCode is the HTTP status code to use for responses to rate-limited requests. Codes must be in the 400-599 range (inclusive). If not specified, the Envoy default of 429 (Too Many Requests) is used."

fn spec.virtualhost.rateLimitPolicy.local.withUnit

withUnit(unit)

"Unit defines the period of time within which requests over the limit will be rate limited. Valid values are \"second\", \"minute\" and \"hour\"."

obj spec.virtualhost.rateLimitPolicy.local.responseHeadersToAdd

"ResponseHeadersToAdd is an optional list of response headers to set when a request is rate-limited."

fn spec.virtualhost.rateLimitPolicy.local.responseHeadersToAdd.withName

withName(name)

"Name represents a key of a header"

fn spec.virtualhost.rateLimitPolicy.local.responseHeadersToAdd.withValue

withValue(value)

"Value represents the value of a header specified by a key"

obj spec.virtualhost.tls

"If present the fields describes TLS properties of the virtual host. The SNI names that will be matched on are described in fqdn, the tls.secretName secret must contain a certificate that itself contains a name that matches the FQDN."

fn spec.virtualhost.tls.withEnableFallbackCertificate

withEnableFallbackCertificate(enableFallbackCertificate)

"EnableFallbackCertificate defines if the vhost should allow a default certificate to be applied which handles all requests which don't match the SNI defined in this vhost."

fn spec.virtualhost.tls.withMinimumProtocolVersion

withMinimumProtocolVersion(minimumProtocolVersion)

"MinimumProtocolVersion is the minimum TLS version this vhost should negotiate. Valid options are 1.2 (default) and 1.3. Any other value defaults to TLS 1.2."

fn spec.virtualhost.tls.withPassthrough

withPassthrough(passthrough)

"Passthrough defines whether the encrypted TLS handshake will be passed through to the backing cluster. Either Passthrough or SecretName must be specified, but not both."

fn spec.virtualhost.tls.withSecretName

withSecretName(secretName)

"SecretName is the name of a TLS secret in the current namespace. Either SecretName or Passthrough must be specified, but not both. If specified, the named secret must contain a matching certificate for the virtual host's FQDN."

obj spec.virtualhost.tls.clientValidation

"ClientValidation defines how to verify the client certificate when an external client establishes a TLS connection to Envoy. \n This setting: \n 1. Enables TLS client certificate validation. 2. Specifies how the client certificate will be validated (i.e. validation required or skipped). \n Note: Setting client certificate validation to be skipped should be only used in conjunction with an external authorization server that performs client validation as Contour will ensure client certificates are passed along."

fn spec.virtualhost.tls.clientValidation.withCaSecret

withCaSecret(caSecret)

"Name of a Kubernetes secret that contains a CA certificate bundle. The client certificate must validate against the certificates in the bundle. If specified and SkipClientCertValidation is true, client certificates will be required on requests."

fn spec.virtualhost.tls.clientValidation.withSkipClientCertValidation

withSkipClientCertValidation(skipClientCertValidation)

"SkipClientCertValidation disables downstream client certificate validation. Defaults to false. This field is intended to be used in conjunction with external authorization in order to enable the external authorization server to validate client certificates. When this field is set to true, client certificates are requested but not verified by Envoy. If CACertificate is specified, client certificates are required on requests, but not verified. If external authorization is in use, they are presented to the external authorization server."