projectcontour.v1.httpProxy
"HTTPProxy is an Ingress CRD specification."
Index
fn new(name)obj metadatafn withAnnotations(annotations)fn withAnnotationsMixin(annotations)fn withClusterName(clusterName)fn withCreationTimestamp(creationTimestamp)fn withDeletionGracePeriodSeconds(deletionGracePeriodSeconds)fn withDeletionTimestamp(deletionTimestamp)fn withFinalizers(finalizers)fn withFinalizersMixin(finalizers)fn withGenerateName(generateName)fn withGeneration(generation)fn withLabels(labels)fn withLabelsMixin(labels)fn withName(name)fn withNamespace(namespace)fn withOwnerReferences(ownerReferences)fn withOwnerReferencesMixin(ownerReferences)fn withResourceVersion(resourceVersion)fn withSelfLink(selfLink)fn withUid(uid)
obj specfn withIncludes(includes)fn withIncludesMixin(includes)fn withIngressClassName(ingressClassName)fn withRoutes(routes)fn withRoutesMixin(routes)obj spec.includesobj spec.routesfn withConditions(conditions)fn withConditionsMixin(conditions)fn withCookieRewritePolicies(cookieRewritePolicies)fn withCookieRewritePoliciesMixin(cookieRewritePolicies)fn withEnableWebsockets(enableWebsockets)fn withIpAllowPolicy(ipAllowPolicy)fn withIpAllowPolicyMixin(ipAllowPolicy)fn withIpDenyPolicy(ipDenyPolicy)fn withIpDenyPolicyMixin(ipDenyPolicy)fn withPermitInsecure(permitInsecure)fn withServices(services)fn withServicesMixin(services)obj spec.routes.authPolicyobj spec.routes.conditionsobj spec.routes.cookieRewritePoliciesobj spec.routes.directResponsePolicyobj spec.routes.healthCheckPolicyobj spec.routes.internalRedirectPolicyobj spec.routes.ipAllowPolicyobj spec.routes.ipDenyPolicyobj spec.routes.jwtVerificationPolicyobj spec.routes.loadBalancerPolicyobj spec.routes.pathRewritePolicyobj spec.routes.rateLimitPolicyobj spec.routes.rateLimitPolicy.globalfn withDescriptors(descriptors)fn withDescriptorsMixin(descriptors)obj spec.routes.rateLimitPolicy.global.descriptorsfn withEntries(entries)fn withEntriesMixin(entries)obj spec.routes.rateLimitPolicy.global.descriptors.entriesfn withRemoteAddress(remoteAddress)fn withRemoteAddressMixin(remoteAddress)obj spec.routes.rateLimitPolicy.global.descriptors.entries.genericKeyobj spec.routes.rateLimitPolicy.global.descriptors.entries.requestHeaderobj spec.routes.rateLimitPolicy.global.descriptors.entries.requestHeaderValueMatch
obj spec.routes.rateLimitPolicy.local
obj spec.routes.requestHeadersPolicyobj spec.routes.requestRedirectPolicyobj spec.routes.responseHeadersPolicyobj spec.routes.retryPolicyobj spec.routes.servicesfn withCookieRewritePolicies(cookieRewritePolicies)fn withCookieRewritePoliciesMixin(cookieRewritePolicies)fn withHealthPort(healthPort)fn withMirror(mirror)fn withName(name)fn withPort(port)fn withProtocol(protocol)fn withWeight(weight)obj spec.routes.services.cookieRewritePoliciesobj spec.routes.services.requestHeadersPolicyobj spec.routes.services.responseHeadersPolicyobj spec.routes.services.slowStartPolicyobj spec.routes.services.validation
obj spec.routes.timeoutPolicy
obj spec.tcpproxyfn withServices(services)fn withServicesMixin(services)obj spec.tcpproxy.healthCheckPolicyobj spec.tcpproxy.includeobj spec.tcpproxy.includesobj spec.tcpproxy.loadBalancerPolicyobj spec.tcpproxy.servicesfn withCookieRewritePolicies(cookieRewritePolicies)fn withCookieRewritePoliciesMixin(cookieRewritePolicies)fn withHealthPort(healthPort)fn withMirror(mirror)fn withName(name)fn withPort(port)fn withProtocol(protocol)fn withWeight(weight)obj spec.tcpproxy.services.cookieRewritePoliciesobj spec.tcpproxy.services.requestHeadersPolicyobj spec.tcpproxy.services.responseHeadersPolicyobj spec.tcpproxy.services.slowStartPolicyobj spec.tcpproxy.services.validation
obj spec.virtualhostfn withFqdn(fqdn)fn withIpAllowPolicy(ipAllowPolicy)fn withIpAllowPolicyMixin(ipAllowPolicy)fn withIpDenyPolicy(ipDenyPolicy)fn withIpDenyPolicyMixin(ipDenyPolicy)fn withJwtProviders(jwtProviders)fn withJwtProvidersMixin(jwtProviders)obj spec.virtualhost.authorizationobj spec.virtualhost.corsPolicyfn withAllowCredentials(allowCredentials)fn withAllowHeaders(allowHeaders)fn withAllowHeadersMixin(allowHeaders)fn withAllowMethods(allowMethods)fn withAllowMethodsMixin(allowMethods)fn withAllowOrigin(allowOrigin)fn withAllowOriginMixin(allowOrigin)fn withAllowPrivateNetwork(allowPrivateNetwork)fn withExposeHeaders(exposeHeaders)fn withExposeHeadersMixin(exposeHeaders)fn withMaxAge(maxAge)
obj spec.virtualhost.ipAllowPolicyobj spec.virtualhost.ipDenyPolicyobj spec.virtualhost.jwtProvidersobj spec.virtualhost.rateLimitPolicyobj spec.virtualhost.rateLimitPolicy.globalfn withDescriptors(descriptors)fn withDescriptorsMixin(descriptors)obj spec.virtualhost.rateLimitPolicy.global.descriptorsfn withEntries(entries)fn withEntriesMixin(entries)obj spec.virtualhost.rateLimitPolicy.global.descriptors.entriesfn withRemoteAddress(remoteAddress)fn withRemoteAddressMixin(remoteAddress)obj spec.virtualhost.rateLimitPolicy.global.descriptors.entries.genericKeyobj spec.virtualhost.rateLimitPolicy.global.descriptors.entries.requestHeaderobj spec.virtualhost.rateLimitPolicy.global.descriptors.entries.requestHeaderValueMatch
obj spec.virtualhost.rateLimitPolicy.local
obj spec.virtualhost.tlsfn withEnableFallbackCertificate(enableFallbackCertificate)fn withMinimumProtocolVersion(minimumProtocolVersion)fn withPassthrough(passthrough)fn withSecretName(secretName)obj spec.virtualhost.tls.clientValidation
Fields
fn new
new(name)
new returns an instance of HTTPProxy
obj metadata
"ObjectMeta is metadata that all persisted resources must have, which includes all objects users must create."
fn metadata.withAnnotations
withAnnotations(annotations)
"Annotations is an unstructured key value map stored with a resource that may be set by external tools to store and retrieve arbitrary metadata. They are not queryable and should be preserved when modifying objects. More info: http://kubernetes.io/docs/user-guide/annotations"
fn metadata.withAnnotationsMixin
withAnnotationsMixin(annotations)
"Annotations is an unstructured key value map stored with a resource that may be set by external tools to store and retrieve arbitrary metadata. They are not queryable and should be preserved when modifying objects. More info: http://kubernetes.io/docs/user-guide/annotations"
Note: This function appends passed data to existing values
fn metadata.withClusterName
withClusterName(clusterName)
"The name of the cluster which the object belongs to. This is used to distinguish resources with same name and namespace in different clusters. This field is not set anywhere right now and apiserver is going to ignore it if set in create or update request."
fn metadata.withCreationTimestamp
withCreationTimestamp(creationTimestamp)
"Time is a wrapper around time.Time which supports correct marshaling to YAML and JSON. Wrappers are provided for many of the factory methods that the time package offers."
fn metadata.withDeletionGracePeriodSeconds
withDeletionGracePeriodSeconds(deletionGracePeriodSeconds)
"Number of seconds allowed for this object to gracefully terminate before it will be removed from the system. Only set when deletionTimestamp is also set. May only be shortened. Read-only."
fn metadata.withDeletionTimestamp
withDeletionTimestamp(deletionTimestamp)
"Time is a wrapper around time.Time which supports correct marshaling to YAML and JSON. Wrappers are provided for many of the factory methods that the time package offers."
fn metadata.withFinalizers
withFinalizers(finalizers)
"Must be empty before the object is deleted from the registry. Each entry is an identifier for the responsible component that will remove the entry from the list. If the deletionTimestamp of the object is non-nil, entries in this list can only be removed. Finalizers may be processed and removed in any order. Order is NOT enforced because it introduces significant risk of stuck finalizers. finalizers is a shared field, any actor with permission can reorder it. If the finalizer list is processed in order, then this can lead to a situation in which the component responsible for the first finalizer in the list is waiting for a signal (field value, external system, or other) produced by a component responsible for a finalizer later in the list, resulting in a deadlock. Without enforced ordering finalizers are free to order amongst themselves and are not vulnerable to ordering changes in the list."
fn metadata.withFinalizersMixin
withFinalizersMixin(finalizers)
"Must be empty before the object is deleted from the registry. Each entry is an identifier for the responsible component that will remove the entry from the list. If the deletionTimestamp of the object is non-nil, entries in this list can only be removed. Finalizers may be processed and removed in any order. Order is NOT enforced because it introduces significant risk of stuck finalizers. finalizers is a shared field, any actor with permission can reorder it. If the finalizer list is processed in order, then this can lead to a situation in which the component responsible for the first finalizer in the list is waiting for a signal (field value, external system, or other) produced by a component responsible for a finalizer later in the list, resulting in a deadlock. Without enforced ordering finalizers are free to order amongst themselves and are not vulnerable to ordering changes in the list."
Note: This function appends passed data to existing values
fn metadata.withGenerateName
withGenerateName(generateName)
"GenerateName is an optional prefix, used by the server, to generate a unique name ONLY IF the Name field has not been provided. If this field is used, the name returned to the client will be different than the name passed. This value will also be combined with a unique suffix. The provided value has the same validation rules as the Name field, and may be truncated by the length of the suffix required to make the value unique on the server.\n\nIf this field is specified and the generated name exists, the server will NOT return a 409 - instead, it will either return 201 Created or 500 with Reason ServerTimeout indicating a unique name could not be found in the time allotted, and the client should retry (optionally after the time indicated in the Retry-After header).\n\nApplied only if Name is not specified. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#idempotency"
fn metadata.withGeneration
withGeneration(generation)
"A sequence number representing a specific generation of the desired state. Populated by the system. Read-only."
fn metadata.withLabels
withLabels(labels)
"Map of string keys and values that can be used to organize and categorize (scope and select) objects. May match selectors of replication controllers and services. More info: http://kubernetes.io/docs/user-guide/labels"
fn metadata.withLabelsMixin
withLabelsMixin(labels)
"Map of string keys and values that can be used to organize and categorize (scope and select) objects. May match selectors of replication controllers and services. More info: http://kubernetes.io/docs/user-guide/labels"
Note: This function appends passed data to existing values
fn metadata.withName
withName(name)
"Name must be unique within a namespace. Is required when creating resources, although some resources may allow a client to request the generation of an appropriate name automatically. Name is primarily intended for creation idempotence and configuration definition. Cannot be updated. More info: http://kubernetes.io/docs/user-guide/identifiers#names"
fn metadata.withNamespace
withNamespace(namespace)
"Namespace defines the space within which each name must be unique. An empty namespace is equivalent to the \"default\" namespace, but \"default\" is the canonical representation. Not all objects are required to be scoped to a namespace - the value of this field for those objects will be empty.\n\nMust be a DNS_LABEL. Cannot be updated. More info: http://kubernetes.io/docs/user-guide/namespaces"
fn metadata.withOwnerReferences
withOwnerReferences(ownerReferences)
"List of objects depended by this object. If ALL objects in the list have been deleted, this object will be garbage collected. If this object is managed by a controller, then an entry in this list will point to this controller, with the controller field set to true. There cannot be more than one managing controller."
fn metadata.withOwnerReferencesMixin
withOwnerReferencesMixin(ownerReferences)
"List of objects depended by this object. If ALL objects in the list have been deleted, this object will be garbage collected. If this object is managed by a controller, then an entry in this list will point to this controller, with the controller field set to true. There cannot be more than one managing controller."
Note: This function appends passed data to existing values
fn metadata.withResourceVersion
withResourceVersion(resourceVersion)
"An opaque value that represents the internal version of this object that can be used by clients to determine when objects have changed. May be used for optimistic concurrency, change detection, and the watch operation on a resource or set of resources. Clients must treat these values as opaque and passed unmodified back to the server. They may only be valid for a particular resource or set of resources.\n\nPopulated by the system. Read-only. Value must be treated as opaque by clients and . More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency"
fn metadata.withSelfLink
withSelfLink(selfLink)
"SelfLink is a URL representing this object. Populated by the system. Read-only.\n\nDEPRECATED Kubernetes will stop propagating this field in 1.20 release and the field is planned to be removed in 1.21 release."
fn metadata.withUid
withUid(uid)
"UID is the unique in time and space value for this object. It is typically generated by the server on successful creation of a resource and is not allowed to change on PUT operations.\n\nPopulated by the system. Read-only. More info: http://kubernetes.io/docs/user-guide/identifiers#uids"
obj spec
"HTTPProxySpec defines the spec of the CRD."
fn spec.withIncludes
withIncludes(includes)
"Includes allow for specific routing configuration to be included from another HTTPProxy, possibly in another namespace."
fn spec.withIncludesMixin
withIncludesMixin(includes)
"Includes allow for specific routing configuration to be included from another HTTPProxy, possibly in another namespace."
Note: This function appends passed data to existing values
fn spec.withIngressClassName
withIngressClassName(ingressClassName)
"IngressClassName optionally specifies the ingress class to use for this HTTPProxy. This replaces the deprecated kubernetes.io/ingress.class annotation. For backwards compatibility, when that annotation is set, it is given precedence over this field."
fn spec.withRoutes
withRoutes(routes)
"Routes are the ingress routes. If TCPProxy is present, Routes is ignored."
fn spec.withRoutesMixin
withRoutesMixin(routes)
"Routes are the ingress routes. If TCPProxy is present, Routes is ignored."
Note: This function appends passed data to existing values
obj spec.includes
"Includes allow for specific routing configuration to be included from another HTTPProxy, possibly in another namespace."
fn spec.includes.withConditions
withConditions(conditions)
"Conditions are a set of rules that are applied to included HTTPProxies. In effect, they are added onto the Conditions of included HTTPProxy Route structs. When applied, they are merged using AND, with one exception: There can be only one Prefix MatchCondition per Conditions slice. More than one Prefix, or contradictory Conditions, will make the include invalid."
fn spec.includes.withConditionsMixin
withConditionsMixin(conditions)
"Conditions are a set of rules that are applied to included HTTPProxies. In effect, they are added onto the Conditions of included HTTPProxy Route structs. When applied, they are merged using AND, with one exception: There can be only one Prefix MatchCondition per Conditions slice. More than one Prefix, or contradictory Conditions, will make the include invalid."
Note: This function appends passed data to existing values
fn spec.includes.withName
withName(name)
"Name of the HTTPProxy"
fn spec.includes.withNamespace
withNamespace(namespace)
"Namespace of the HTTPProxy to include. Defaults to the current namespace if not supplied."
obj spec.includes.conditions
"Conditions are a set of rules that are applied to included HTTPProxies. In effect, they are added onto the Conditions of included HTTPProxy Route structs. When applied, they are merged using AND, with one exception: There can be only one Prefix MatchCondition per Conditions slice. More than one Prefix, or contradictory Conditions, will make the include invalid."
fn spec.includes.conditions.withExact
withExact(exact)
"Exact defines a exact match for a request. This field is not allowed in include match conditions."
fn spec.includes.conditions.withPrefix
withPrefix(prefix)
"Prefix defines a prefix match for a request."
obj spec.includes.conditions.header
"Header specifies the header condition to match."
fn spec.includes.conditions.header.withContains
withContains(contains)
"Contains specifies a substring that must be present in the header value."
fn spec.includes.conditions.header.withExact
withExact(exact)
"Exact specifies a string that the header value must be equal to."
fn spec.includes.conditions.header.withName
withName(name)
"Name is the name of the header to match against. Name is required. Header names are case insensitive."
fn spec.includes.conditions.header.withNotcontains
withNotcontains(notcontains)
"NotContains specifies a substring that must not be present in the header value."
fn spec.includes.conditions.header.withNotexact
withNotexact(notexact)
"NoExact specifies a string that the header value must not be equal to. The condition is true if the header has any other value."
fn spec.includes.conditions.header.withNotpresent
withNotpresent(notpresent)
"NotPresent specifies that condition is true when the named header is not present. Note that setting NotPresent to false does not make the condition true if the named header is present."
fn spec.includes.conditions.header.withPresent
withPresent(present)
"Present specifies that condition is true when the named header is present, regardless of its value. Note that setting Present to false does not make the condition true if the named header is absent."
obj spec.includes.conditions.queryParameter
"QueryParameter specifies the query parameter condition to match."
fn spec.includes.conditions.queryParameter.withContains
withContains(contains)
"Contains specifies a substring that must be present in the query parameter value."
fn spec.includes.conditions.queryParameter.withExact
withExact(exact)
"Exact specifies a string that the query parameter value must be equal to."
fn spec.includes.conditions.queryParameter.withIgnoreCase
withIgnoreCase(ignoreCase)
"IgnoreCase specifies that string matching should be case insensitive. Note that this has no effect on the Regex parameter."
fn spec.includes.conditions.queryParameter.withName
withName(name)
"Name is the name of the query parameter to match against. Name is required. Query parameter names are case insensitive."
fn spec.includes.conditions.queryParameter.withPrefix
withPrefix(prefix)
"Prefix defines a prefix match for the query parameter value."
fn spec.includes.conditions.queryParameter.withPresent
withPresent(present)
"Present specifies that condition is true when the named query parameter is present, regardless of its value. Note that setting Present to false does not make the condition true if the named query parameter is absent."
fn spec.includes.conditions.queryParameter.withRegex
withRegex(regex)
"Regex specifies a regular expression pattern that must match the query parameter value."
fn spec.includes.conditions.queryParameter.withSuffix
withSuffix(suffix)
"Suffix defines a suffix match for a query parameter value."
obj spec.routes
"Routes are the ingress routes. If TCPProxy is present, Routes is ignored."
fn spec.routes.withConditions
withConditions(conditions)
"Conditions are a set of rules that are applied to a Route. When applied, they are merged using AND, with one exception: There can be only one Prefix MatchCondition per Conditions slice. More than one Prefix, or contradictory Conditions, will make the route invalid."
fn spec.routes.withConditionsMixin
withConditionsMixin(conditions)
"Conditions are a set of rules that are applied to a Route. When applied, they are merged using AND, with one exception: There can be only one Prefix MatchCondition per Conditions slice. More than one Prefix, or contradictory Conditions, will make the route invalid."
Note: This function appends passed data to existing values
fn spec.routes.withCookieRewritePolicies
withCookieRewritePolicies(cookieRewritePolicies)
"The policies for rewriting Set-Cookie header attributes. Note that rewritten cookie names must be unique in this list. Order rewrite policies are specified in does not matter."
fn spec.routes.withCookieRewritePoliciesMixin
withCookieRewritePoliciesMixin(cookieRewritePolicies)
"The policies for rewriting Set-Cookie header attributes. Note that rewritten cookie names must be unique in this list. Order rewrite policies are specified in does not matter."
Note: This function appends passed data to existing values
fn spec.routes.withEnableWebsockets
withEnableWebsockets(enableWebsockets)
"Enables websocket support for the route."
fn spec.routes.withIpAllowPolicy
withIpAllowPolicy(ipAllowPolicy)
"IPAllowFilterPolicy is a list of ipv4/6 filter rules for which matching requests should be allowed. All other requests will be denied. Only one of IPAllowFilterPolicy and IPDenyFilterPolicy can be defined. The rules defined here override any rules set on the root HTTPProxy."
fn spec.routes.withIpAllowPolicyMixin
withIpAllowPolicyMixin(ipAllowPolicy)
"IPAllowFilterPolicy is a list of ipv4/6 filter rules for which matching requests should be allowed. All other requests will be denied. Only one of IPAllowFilterPolicy and IPDenyFilterPolicy can be defined. The rules defined here override any rules set on the root HTTPProxy."
Note: This function appends passed data to existing values
fn spec.routes.withIpDenyPolicy
withIpDenyPolicy(ipDenyPolicy)
"IPDenyFilterPolicy is a list of ipv4/6 filter rules for which matching requests should be denied. All other requests will be allowed. Only one of IPAllowFilterPolicy and IPDenyFilterPolicy can be defined. The rules defined here override any rules set on the root HTTPProxy."
fn spec.routes.withIpDenyPolicyMixin
withIpDenyPolicyMixin(ipDenyPolicy)
"IPDenyFilterPolicy is a list of ipv4/6 filter rules for which matching requests should be denied. All other requests will be allowed. Only one of IPAllowFilterPolicy and IPDenyFilterPolicy can be defined. The rules defined here override any rules set on the root HTTPProxy."
Note: This function appends passed data to existing values
fn spec.routes.withPermitInsecure
withPermitInsecure(permitInsecure)
"Allow this path to respond to insecure requests over HTTP which are normally not permitted when a virtualhost.tls block is present."
fn spec.routes.withServices
withServices(services)
"Services are the services to proxy traffic."
fn spec.routes.withServicesMixin
withServicesMixin(services)
"Services are the services to proxy traffic."
Note: This function appends passed data to existing values
obj spec.routes.authPolicy
"AuthPolicy updates the authorization policy that was set on the root HTTPProxy object for client requests that match this route."
fn spec.routes.authPolicy.withContext
withContext(context)
"Context is a set of key/value pairs that are sent to the authentication server in the check request. If a context is provided at an enclosing scope, the entries are merged such that the inner scope overrides matching keys from the outer scope."
fn spec.routes.authPolicy.withContextMixin
withContextMixin(context)
"Context is a set of key/value pairs that are sent to the authentication server in the check request. If a context is provided at an enclosing scope, the entries are merged such that the inner scope overrides matching keys from the outer scope."
Note: This function appends passed data to existing values
fn spec.routes.authPolicy.withDisabled
withDisabled(disabled)
"When true, this field disables client request authentication for the scope of the policy."
obj spec.routes.conditions
"Conditions are a set of rules that are applied to a Route. When applied, they are merged using AND, with one exception: There can be only one Prefix MatchCondition per Conditions slice. More than one Prefix, or contradictory Conditions, will make the route invalid."
fn spec.routes.conditions.withExact
withExact(exact)
"Exact defines a exact match for a request. This field is not allowed in include match conditions."
fn spec.routes.conditions.withPrefix
withPrefix(prefix)
"Prefix defines a prefix match for a request."
obj spec.routes.conditions.header
"Header specifies the header condition to match."
fn spec.routes.conditions.header.withContains
withContains(contains)
"Contains specifies a substring that must be present in the header value."
fn spec.routes.conditions.header.withExact
withExact(exact)
"Exact specifies a string that the header value must be equal to."
fn spec.routes.conditions.header.withName
withName(name)
"Name is the name of the header to match against. Name is required. Header names are case insensitive."
fn spec.routes.conditions.header.withNotcontains
withNotcontains(notcontains)
"NotContains specifies a substring that must not be present in the header value."
fn spec.routes.conditions.header.withNotexact
withNotexact(notexact)
"NoExact specifies a string that the header value must not be equal to. The condition is true if the header has any other value."
fn spec.routes.conditions.header.withNotpresent
withNotpresent(notpresent)
"NotPresent specifies that condition is true when the named header is not present. Note that setting NotPresent to false does not make the condition true if the named header is present."
fn spec.routes.conditions.header.withPresent
withPresent(present)
"Present specifies that condition is true when the named header is present, regardless of its value. Note that setting Present to false does not make the condition true if the named header is absent."
obj spec.routes.conditions.queryParameter
"QueryParameter specifies the query parameter condition to match."
fn spec.routes.conditions.queryParameter.withContains
withContains(contains)
"Contains specifies a substring that must be present in the query parameter value."
fn spec.routes.conditions.queryParameter.withExact
withExact(exact)
"Exact specifies a string that the query parameter value must be equal to."
fn spec.routes.conditions.queryParameter.withIgnoreCase
withIgnoreCase(ignoreCase)
"IgnoreCase specifies that string matching should be case insensitive. Note that this has no effect on the Regex parameter."
fn spec.routes.conditions.queryParameter.withName
withName(name)
"Name is the name of the query parameter to match against. Name is required. Query parameter names are case insensitive."
fn spec.routes.conditions.queryParameter.withPrefix
withPrefix(prefix)
"Prefix defines a prefix match for the query parameter value."
fn spec.routes.conditions.queryParameter.withPresent
withPresent(present)
"Present specifies that condition is true when the named query parameter is present, regardless of its value. Note that setting Present to false does not make the condition true if the named query parameter is absent."
fn spec.routes.conditions.queryParameter.withRegex
withRegex(regex)
"Regex specifies a regular expression pattern that must match the query parameter value."
fn spec.routes.conditions.queryParameter.withSuffix
withSuffix(suffix)
"Suffix defines a suffix match for a query parameter value."
obj spec.routes.cookieRewritePolicies
"The policies for rewriting Set-Cookie header attributes. Note that rewritten cookie names must be unique in this list. Order rewrite policies are specified in does not matter."
fn spec.routes.cookieRewritePolicies.withName
withName(name)
"Name is the name of the cookie for which attributes will be rewritten."
fn spec.routes.cookieRewritePolicies.withSameSite
withSameSite(sameSite)
"SameSite enables rewriting the Set-Cookie SameSite element. If not set, SameSite attribute will not be rewritten."
fn spec.routes.cookieRewritePolicies.withSecure
withSecure(secure)
"Secure enables rewriting the Set-Cookie Secure element. If not set, Secure attribute will not be rewritten."
obj spec.routes.cookieRewritePolicies.domainRewrite
"DomainRewrite enables rewriting the Set-Cookie Domain element. If not set, Domain will not be rewritten."
fn spec.routes.cookieRewritePolicies.domainRewrite.withValue
withValue(value)
"Value is the value to rewrite the Domain attribute to. For now this is required."
obj spec.routes.cookieRewritePolicies.pathRewrite
"PathRewrite enables rewriting the Set-Cookie Path element. If not set, Path will not be rewritten."
fn spec.routes.cookieRewritePolicies.pathRewrite.withValue
withValue(value)
"Value is the value to rewrite the Path attribute to. For now this is required."
obj spec.routes.directResponsePolicy
"DirectResponsePolicy returns an arbitrary HTTP response directly."
fn spec.routes.directResponsePolicy.withBody
withBody(body)
"Body is the content of the response body. If this setting is omitted, no body is included in the generated response. \n Note: Body is not recommended to set too long otherwise it can have significant resource usage impacts."
fn spec.routes.directResponsePolicy.withStatusCode
withStatusCode(statusCode)
"StatusCode is the HTTP response status to be returned."
obj spec.routes.healthCheckPolicy
"The health check policy for this route."
fn spec.routes.healthCheckPolicy.withHealthyThresholdCount
withHealthyThresholdCount(healthyThresholdCount)
"The number of healthy health checks required before a host is marked healthy"
fn spec.routes.healthCheckPolicy.withHost
withHost(host)
"The value of the host header in the HTTP health check request. If left empty (default value), the name \"contour-envoy-healthcheck\" will be used."
fn spec.routes.healthCheckPolicy.withIntervalSeconds
withIntervalSeconds(intervalSeconds)
"The interval (seconds) between health checks"
fn spec.routes.healthCheckPolicy.withPath
withPath(path)
"HTTP endpoint used to perform health checks on upstream service"
fn spec.routes.healthCheckPolicy.withTimeoutSeconds
withTimeoutSeconds(timeoutSeconds)
"The time to wait (seconds) for a health check response"
fn spec.routes.healthCheckPolicy.withUnhealthyThresholdCount
withUnhealthyThresholdCount(unhealthyThresholdCount)
"The number of unhealthy health checks required before a host is marked unhealthy"
obj spec.routes.internalRedirectPolicy
"The policy to define when to handle redirects responses internally."
fn spec.routes.internalRedirectPolicy.withAllowCrossSchemeRedirect
withAllowCrossSchemeRedirect(allowCrossSchemeRedirect)
"AllowCrossSchemeRedirect Allow internal redirect to follow a target URI with a different scheme than the value of x-forwarded-proto. SafeOnly allows same scheme redirect and safe cross scheme redirect, which means if the downstream scheme is HTTPS, both HTTPS and HTTP redirect targets are allowed, but if the downstream scheme is HTTP, only HTTP redirect targets are allowed."
fn spec.routes.internalRedirectPolicy.withDenyRepeatedRouteRedirect
withDenyRepeatedRouteRedirect(denyRepeatedRouteRedirect)
"If DenyRepeatedRouteRedirect is true, rejects redirect targets that are pointing to a route that has been followed by a previous redirect from the current route."
fn spec.routes.internalRedirectPolicy.withMaxInternalRedirects
withMaxInternalRedirects(maxInternalRedirects)
"MaxInternalRedirects An internal redirect is not handled, unless the number of previous internal redirects that a downstream request has encountered is lower than this value."
fn spec.routes.internalRedirectPolicy.withRedirectResponseCodes
withRedirectResponseCodes(redirectResponseCodes)
"RedirectResponseCodes If unspecified, only 302 will be treated as internal redirect. Only 301, 302, 303, 307 and 308 are valid values."
fn spec.routes.internalRedirectPolicy.withRedirectResponseCodesMixin
withRedirectResponseCodesMixin(redirectResponseCodes)
"RedirectResponseCodes If unspecified, only 302 will be treated as internal redirect. Only 301, 302, 303, 307 and 308 are valid values."
Note: This function appends passed data to existing values
obj spec.routes.ipAllowPolicy
"IPAllowFilterPolicy is a list of ipv4/6 filter rules for which matching requests should be allowed. All other requests will be denied. Only one of IPAllowFilterPolicy and IPDenyFilterPolicy can be defined. The rules defined here override any rules set on the root HTTPProxy."
fn spec.routes.ipAllowPolicy.withCidr
withCidr(cidr)
"CIDR is a CIDR block of ipv4 or ipv6 addresses to filter on. This can also be a bare IP address (without a mask) to filter on exactly one address."
fn spec.routes.ipAllowPolicy.withSource
withSource(source)
"Source indicates how to determine the ip address to filter on, and can be one of two values: - Remote filters on the ip address of the client, accounting for PROXY and X-Forwarded-For as needed. - Peer filters on the ip of the network request, ignoring PROXY and X-Forwarded-For."
obj spec.routes.ipDenyPolicy
"IPDenyFilterPolicy is a list of ipv4/6 filter rules for which matching requests should be denied. All other requests will be allowed. Only one of IPAllowFilterPolicy and IPDenyFilterPolicy can be defined. The rules defined here override any rules set on the root HTTPProxy."
fn spec.routes.ipDenyPolicy.withCidr
withCidr(cidr)
"CIDR is a CIDR block of ipv4 or ipv6 addresses to filter on. This can also be a bare IP address (without a mask) to filter on exactly one address."
fn spec.routes.ipDenyPolicy.withSource
withSource(source)
"Source indicates how to determine the ip address to filter on, and can be one of two values: - Remote filters on the ip address of the client, accounting for PROXY and X-Forwarded-For as needed. - Peer filters on the ip of the network request, ignoring PROXY and X-Forwarded-For."
obj spec.routes.jwtVerificationPolicy
"The policy for verifying JWTs for requests to this route."
fn spec.routes.jwtVerificationPolicy.withDisabled
withDisabled(disabled)
"Disabled defines whether to disable all JWT verification for this route. This can be used to opt specific routes out of the default JWT provider for the HTTPProxy. At most one of this field or the \"require\" field can be specified."
fn spec.routes.jwtVerificationPolicy.withRequire
withRequire(require)
"Require names a specific JWT provider (defined in the virtual host) to require for the route. If specified, this field overrides the default provider if one exists. If this field is not specified, the default provider will be required if one exists. At most one of this field or the \"disabled\" field can be specified."
obj spec.routes.loadBalancerPolicy
"The load balancing policy for this route."
fn spec.routes.loadBalancerPolicy.withRequestHashPolicies
withRequestHashPolicies(requestHashPolicies)
"RequestHashPolicies contains a list of hash policies to apply when the RequestHash load balancing strategy is chosen. If an element of the supplied list of hash policies is invalid, it will be ignored. If the list of hash policies is empty after validation, the load balancing strategy will fall back to the default RoundRobin."
fn spec.routes.loadBalancerPolicy.withRequestHashPoliciesMixin
withRequestHashPoliciesMixin(requestHashPolicies)
"RequestHashPolicies contains a list of hash policies to apply when the RequestHash load balancing strategy is chosen. If an element of the supplied list of hash policies is invalid, it will be ignored. If the list of hash policies is empty after validation, the load balancing strategy will fall back to the default RoundRobin."
Note: This function appends passed data to existing values
fn spec.routes.loadBalancerPolicy.withStrategy
withStrategy(strategy)
"Strategy specifies the policy used to balance requests across the pool of backend pods. Valid policy names are Random, RoundRobin, WeightedLeastRequest, Cookie, and RequestHash. If an unknown strategy name is specified or no policy is supplied, the default RoundRobin policy is used."
obj spec.routes.loadBalancerPolicy.requestHashPolicies
"RequestHashPolicies contains a list of hash policies to apply when the RequestHash load balancing strategy is chosen. If an element of the supplied list of hash policies is invalid, it will be ignored. If the list of hash policies is empty after validation, the load balancing strategy will fall back to the default RoundRobin."
fn spec.routes.loadBalancerPolicy.requestHashPolicies.withHashSourceIP
withHashSourceIP(hashSourceIP)
"HashSourceIP should be set to true when request source IP hash based load balancing is desired. It must be the only hash option field set, otherwise this request hash policy object will be ignored."
fn spec.routes.loadBalancerPolicy.requestHashPolicies.withTerminal
withTerminal(terminal)
"Terminal is a flag that allows for short-circuiting computing of a hash for a given request. If set to true, and the request attribute specified in the attribute hash options is present, no further hash policies will be used to calculate a hash for the request."
obj spec.routes.loadBalancerPolicy.requestHashPolicies.headerHashOptions
"HeaderHashOptions should be set when request header hash based load balancing is desired. It must be the only hash option field set, otherwise this request hash policy object will be ignored."
fn spec.routes.loadBalancerPolicy.requestHashPolicies.headerHashOptions.withHeaderName
withHeaderName(headerName)
"HeaderName is the name of the HTTP request header that will be used to calculate the hash key. If the header specified is not present on a request, no hash will be produced."
obj spec.routes.loadBalancerPolicy.requestHashPolicies.queryParameterHashOptions
"QueryParameterHashOptions should be set when request query parameter hash based load balancing is desired. It must be the only hash option field set, otherwise this request hash policy object will be ignored."
fn spec.routes.loadBalancerPolicy.requestHashPolicies.queryParameterHashOptions.withParameterName
withParameterName(parameterName)
"ParameterName is the name of the HTTP request query parameter that will be used to calculate the hash key. If the query parameter specified is not present on a request, no hash will be produced."
obj spec.routes.pathRewritePolicy
"The policy for rewriting the path of the request URL after the request has been routed to a Service."
fn spec.routes.pathRewritePolicy.withReplacePrefix
withReplacePrefix(replacePrefix)
"ReplacePrefix describes how the path prefix should be replaced."
fn spec.routes.pathRewritePolicy.withReplacePrefixMixin
withReplacePrefixMixin(replacePrefix)
"ReplacePrefix describes how the path prefix should be replaced."
Note: This function appends passed data to existing values
obj spec.routes.pathRewritePolicy.replacePrefix
"ReplacePrefix describes how the path prefix should be replaced."
fn spec.routes.pathRewritePolicy.replacePrefix.withPrefix
withPrefix(prefix)
"Prefix specifies the URL path prefix to be replaced. \n If Prefix is specified, it must exactly match the MatchCondition prefix that is rendered by the chain of including HTTPProxies and only that path prefix will be replaced by Replacement. This allows HTTPProxies that are included through multiple roots to only replace specific path prefixes, leaving others unmodified. \n If Prefix is not specified, all routing prefixes rendered by the include chain will be replaced."
fn spec.routes.pathRewritePolicy.replacePrefix.withReplacement
withReplacement(replacement)
"Replacement is the string that the routing path prefix will be replaced with. This must not be empty."
obj spec.routes.rateLimitPolicy
"The policy for rate limiting on the route."
obj spec.routes.rateLimitPolicy.global
"Global defines global rate limiting parameters, i.e. parameters defining descriptors that are sent to an external rate limit service (RLS) for a rate limit decision on each request."
fn spec.routes.rateLimitPolicy.global.withDescriptors
withDescriptors(descriptors)
"Descriptors defines the list of descriptors that will be generated and sent to the rate limit service. Each descriptor contains 1+ key-value pair entries."
fn spec.routes.rateLimitPolicy.global.withDescriptorsMixin
withDescriptorsMixin(descriptors)
"Descriptors defines the list of descriptors that will be generated and sent to the rate limit service. Each descriptor contains 1+ key-value pair entries."
Note: This function appends passed data to existing values
obj spec.routes.rateLimitPolicy.global.descriptors
"Descriptors defines the list of descriptors that will be generated and sent to the rate limit service. Each descriptor contains 1+ key-value pair entries."
fn spec.routes.rateLimitPolicy.global.descriptors.withEntries
withEntries(entries)
"Entries is the list of key-value pair generators."
fn spec.routes.rateLimitPolicy.global.descriptors.withEntriesMixin
withEntriesMixin(entries)
"Entries is the list of key-value pair generators."
Note: This function appends passed data to existing values
obj spec.routes.rateLimitPolicy.global.descriptors.entries
"Entries is the list of key-value pair generators."
fn spec.routes.rateLimitPolicy.global.descriptors.entries.withRemoteAddress
withRemoteAddress(remoteAddress)
"RemoteAddress defines a descriptor entry with a key of \"remote_address\" and a value equal to the client's IP address (from x-forwarded-for)."
fn spec.routes.rateLimitPolicy.global.descriptors.entries.withRemoteAddressMixin
withRemoteAddressMixin(remoteAddress)
"RemoteAddress defines a descriptor entry with a key of \"remote_address\" and a value equal to the client's IP address (from x-forwarded-for)."
Note: This function appends passed data to existing values
obj spec.routes.rateLimitPolicy.global.descriptors.entries.genericKey
"GenericKey defines a descriptor entry with a static key and value."
fn spec.routes.rateLimitPolicy.global.descriptors.entries.genericKey.withKey
withKey(key)
"Key defines the key of the descriptor entry. If not set, the key is set to \"generic_key\"."
fn spec.routes.rateLimitPolicy.global.descriptors.entries.genericKey.withValue
withValue(value)
"Value defines the value of the descriptor entry."
obj spec.routes.rateLimitPolicy.global.descriptors.entries.requestHeader
"RequestHeader defines a descriptor entry that's populated only if a given header is present on the request. The descriptor key is static, and the descriptor value is equal to the value of the header."
fn spec.routes.rateLimitPolicy.global.descriptors.entries.requestHeader.withDescriptorKey
withDescriptorKey(descriptorKey)
"DescriptorKey defines the key to use on the descriptor entry."
fn spec.routes.rateLimitPolicy.global.descriptors.entries.requestHeader.withHeaderName
withHeaderName(headerName)
"HeaderName defines the name of the header to look for on the request."
obj spec.routes.rateLimitPolicy.global.descriptors.entries.requestHeaderValueMatch
"RequestHeaderValueMatch defines a descriptor entry that's populated if the request's headers match a set of 1+ match criteria. The descriptor key is \"header_match\", and the descriptor value is static."
fn spec.routes.rateLimitPolicy.global.descriptors.entries.requestHeaderValueMatch.withExpectMatch
withExpectMatch(expectMatch)
"ExpectMatch defines whether the request must positively match the match criteria in order to generate a descriptor entry (i.e. true), or not match the match criteria in order to generate a descriptor entry (i.e. false). The default is true."
fn spec.routes.rateLimitPolicy.global.descriptors.entries.requestHeaderValueMatch.withHeaders
withHeaders(headers)
"Headers is a list of 1+ match criteria to apply against the request to determine whether to populate the descriptor entry or not."
fn spec.routes.rateLimitPolicy.global.descriptors.entries.requestHeaderValueMatch.withHeadersMixin
withHeadersMixin(headers)
"Headers is a list of 1+ match criteria to apply against the request to determine whether to populate the descriptor entry or not."
Note: This function appends passed data to existing values
fn spec.routes.rateLimitPolicy.global.descriptors.entries.requestHeaderValueMatch.withValue
withValue(value)
"Value defines the value of the descriptor entry."
obj spec.routes.rateLimitPolicy.global.descriptors.entries.requestHeaderValueMatch.headers
"Headers is a list of 1+ match criteria to apply against the request to determine whether to populate the descriptor entry or not."
fn spec.routes.rateLimitPolicy.global.descriptors.entries.requestHeaderValueMatch.headers.withContains
withContains(contains)
"Contains specifies a substring that must be present in the header value."
fn spec.routes.rateLimitPolicy.global.descriptors.entries.requestHeaderValueMatch.headers.withExact
withExact(exact)
"Exact specifies a string that the header value must be equal to."
fn spec.routes.rateLimitPolicy.global.descriptors.entries.requestHeaderValueMatch.headers.withName
withName(name)
"Name is the name of the header to match against. Name is required. Header names are case insensitive."
fn spec.routes.rateLimitPolicy.global.descriptors.entries.requestHeaderValueMatch.headers.withNotcontains
withNotcontains(notcontains)
"NotContains specifies a substring that must not be present in the header value."
fn spec.routes.rateLimitPolicy.global.descriptors.entries.requestHeaderValueMatch.headers.withNotexact
withNotexact(notexact)
"NoExact specifies a string that the header value must not be equal to. The condition is true if the header has any other value."
fn spec.routes.rateLimitPolicy.global.descriptors.entries.requestHeaderValueMatch.headers.withNotpresent
withNotpresent(notpresent)
"NotPresent specifies that condition is true when the named header is not present. Note that setting NotPresent to false does not make the condition true if the named header is present."
fn spec.routes.rateLimitPolicy.global.descriptors.entries.requestHeaderValueMatch.headers.withPresent
withPresent(present)
"Present specifies that condition is true when the named header is present, regardless of its value. Note that setting Present to false does not make the condition true if the named header is absent."
obj spec.routes.rateLimitPolicy.local
"Local defines local rate limiting parameters, i.e. parameters for rate limiting that occurs within each Envoy pod as requests are handled."
fn spec.routes.rateLimitPolicy.local.withBurst
withBurst(burst)
"Burst defines the number of requests above the requests per unit that should be allowed within a short period of time."
fn spec.routes.rateLimitPolicy.local.withRequests
withRequests(requests)
"Requests defines how many requests per unit of time should be allowed before rate limiting occurs."
fn spec.routes.rateLimitPolicy.local.withResponseHeadersToAdd
withResponseHeadersToAdd(responseHeadersToAdd)
"ResponseHeadersToAdd is an optional list of response headers to set when a request is rate-limited."
fn spec.routes.rateLimitPolicy.local.withResponseHeadersToAddMixin
withResponseHeadersToAddMixin(responseHeadersToAdd)
"ResponseHeadersToAdd is an optional list of response headers to set when a request is rate-limited."
Note: This function appends passed data to existing values
fn spec.routes.rateLimitPolicy.local.withResponseStatusCode
withResponseStatusCode(responseStatusCode)
"ResponseStatusCode is the HTTP status code to use for responses to rate-limited requests. Codes must be in the 400-599 range (inclusive). If not specified, the Envoy default of 429 (Too Many Requests) is used."
fn spec.routes.rateLimitPolicy.local.withUnit
withUnit(unit)
"Unit defines the period of time within which requests over the limit will be rate limited. Valid values are \"second\", \"minute\" and \"hour\"."
obj spec.routes.rateLimitPolicy.local.responseHeadersToAdd
"ResponseHeadersToAdd is an optional list of response headers to set when a request is rate-limited."
fn spec.routes.rateLimitPolicy.local.responseHeadersToAdd.withName
withName(name)
"Name represents a key of a header"
fn spec.routes.rateLimitPolicy.local.responseHeadersToAdd.withValue
withValue(value)
"Value represents the value of a header specified by a key"
obj spec.routes.requestHeadersPolicy
"The policy for managing request headers during proxying."
fn spec.routes.requestHeadersPolicy.withRemove
withRemove(remove)
"Remove specifies a list of HTTP header names to remove."
fn spec.routes.requestHeadersPolicy.withRemoveMixin
withRemoveMixin(remove)
"Remove specifies a list of HTTP header names to remove."
Note: This function appends passed data to existing values
fn spec.routes.requestHeadersPolicy.withSet
withSet(set)
"Set specifies a list of HTTP header values that will be set in the HTTP header. If the header does not exist it will be added, otherwise it will be overwritten with the new value."
fn spec.routes.requestHeadersPolicy.withSetMixin
withSetMixin(set)
"Set specifies a list of HTTP header values that will be set in the HTTP header. If the header does not exist it will be added, otherwise it will be overwritten with the new value."
Note: This function appends passed data to existing values
obj spec.routes.requestHeadersPolicy.set
"Set specifies a list of HTTP header values that will be set in the HTTP header. If the header does not exist it will be added, otherwise it will be overwritten with the new value."
fn spec.routes.requestHeadersPolicy.set.withName
withName(name)
"Name represents a key of a header"
fn spec.routes.requestHeadersPolicy.set.withValue
withValue(value)
"Value represents the value of a header specified by a key"
obj spec.routes.requestRedirectPolicy
"RequestRedirectPolicy defines an HTTP redirection."
fn spec.routes.requestRedirectPolicy.withHostname
withHostname(hostname)
"Hostname is the precise hostname to be used in the value of the Location header in the response. When empty, the hostname of the request is used. No wildcards are allowed."
fn spec.routes.requestRedirectPolicy.withPath
withPath(path)
"Path allows for redirection to a different path from the original on the request. The path must start with a leading slash. \n Note: Only one of Path or Prefix can be defined."
fn spec.routes.requestRedirectPolicy.withPort
withPort(port)
"Port is the port to be used in the value of the Location header in the response. When empty, port (if specified) of the request is used."
fn spec.routes.requestRedirectPolicy.withPrefix
withPrefix(prefix)
"Prefix defines the value to swap the matched prefix or path with. The prefix must start with a leading slash. \n Note: Only one of Path or Prefix can be defined."
fn spec.routes.requestRedirectPolicy.withScheme
withScheme(scheme)
"Scheme is the scheme to be used in the value of the Location header in the response. When empty, the scheme of the request is used."
fn spec.routes.requestRedirectPolicy.withStatusCode
withStatusCode(statusCode)
"StatusCode is the HTTP status code to be used in response."
obj spec.routes.responseHeadersPolicy
"The policy for managing response headers during proxying. Rewriting the 'Host' header is not supported."
fn spec.routes.responseHeadersPolicy.withRemove
withRemove(remove)
"Remove specifies a list of HTTP header names to remove."
fn spec.routes.responseHeadersPolicy.withRemoveMixin
withRemoveMixin(remove)
"Remove specifies a list of HTTP header names to remove."
Note: This function appends passed data to existing values
fn spec.routes.responseHeadersPolicy.withSet
withSet(set)
"Set specifies a list of HTTP header values that will be set in the HTTP header. If the header does not exist it will be added, otherwise it will be overwritten with the new value."
fn spec.routes.responseHeadersPolicy.withSetMixin
withSetMixin(set)
"Set specifies a list of HTTP header values that will be set in the HTTP header. If the header does not exist it will be added, otherwise it will be overwritten with the new value."
Note: This function appends passed data to existing values
obj spec.routes.responseHeadersPolicy.set
"Set specifies a list of HTTP header values that will be set in the HTTP header. If the header does not exist it will be added, otherwise it will be overwritten with the new value."
fn spec.routes.responseHeadersPolicy.set.withName
withName(name)
"Name represents a key of a header"
fn spec.routes.responseHeadersPolicy.set.withValue
withValue(value)
"Value represents the value of a header specified by a key"
obj spec.routes.retryPolicy
"The retry policy for this route."
fn spec.routes.retryPolicy.withCount
withCount(count)
"NumRetries is maximum allowed number of retries. If set to -1, then retries are disabled. If set to 0 or not supplied, the value is set to the Envoy default of 1."
fn spec.routes.retryPolicy.withPerTryTimeout
withPerTryTimeout(perTryTimeout)
"PerTryTimeout specifies the timeout per retry attempt. Ignored if NumRetries is not supplied."
fn spec.routes.retryPolicy.withRetriableStatusCodes
withRetriableStatusCodes(retriableStatusCodes)
"RetriableStatusCodes specifies the HTTP status codes that should be retried. \n This field is only respected when you include retriable-status-codes in the RetryOn field."
fn spec.routes.retryPolicy.withRetriableStatusCodesMixin
withRetriableStatusCodesMixin(retriableStatusCodes)
"RetriableStatusCodes specifies the HTTP status codes that should be retried. \n This field is only respected when you include retriable-status-codes in the RetryOn field."
Note: This function appends passed data to existing values
fn spec.routes.retryPolicy.withRetryOn
withRetryOn(retryOn)
"RetryOn specifies the conditions on which to retry a request. \n Supported HTTP conditions: \n - 5xx - gateway-error - reset - connect-failure - retriable-4xx - refused-stream - retriable-status-codes - retriable-headers \n Supported gRPC conditions: \n - cancelled - deadline-exceeded - internal - resource-exhausted - unavailable"
fn spec.routes.retryPolicy.withRetryOnMixin
withRetryOnMixin(retryOn)
"RetryOn specifies the conditions on which to retry a request. \n Supported HTTP conditions: \n - 5xx - gateway-error - reset - connect-failure - retriable-4xx - refused-stream - retriable-status-codes - retriable-headers \n Supported gRPC conditions: \n - cancelled - deadline-exceeded - internal - resource-exhausted - unavailable"
Note: This function appends passed data to existing values
obj spec.routes.services
"Services are the services to proxy traffic."
fn spec.routes.services.withCookieRewritePolicies
withCookieRewritePolicies(cookieRewritePolicies)
"The policies for rewriting Set-Cookie header attributes."
fn spec.routes.services.withCookieRewritePoliciesMixin
withCookieRewritePoliciesMixin(cookieRewritePolicies)
"The policies for rewriting Set-Cookie header attributes."
Note: This function appends passed data to existing values
fn spec.routes.services.withHealthPort
withHealthPort(healthPort)
"HealthPort is the port for this service healthcheck. If not specified, Port is used for service healthchecks."
fn spec.routes.services.withMirror
withMirror(mirror)
"If Mirror is true the Service will receive a read only mirror of the traffic for this route."
fn spec.routes.services.withName
withName(name)
"Name is the name of Kubernetes service to proxy traffic. Names defined here will be used to look up corresponding endpoints which contain the ips to route."
fn spec.routes.services.withPort
withPort(port)
"Port (defined as Integer) to proxy traffic to since a service can have multiple defined."
fn spec.routes.services.withProtocol
withProtocol(protocol)
"Protocol may be used to specify (or override) the protocol used to reach this Service. Values may be tls, h2, h2c. If omitted, protocol-selection falls back on Service annotations."
fn spec.routes.services.withWeight
withWeight(weight)
"Weight defines percentage of traffic to balance traffic"
obj spec.routes.services.cookieRewritePolicies
"The policies for rewriting Set-Cookie header attributes."
fn spec.routes.services.cookieRewritePolicies.withName
withName(name)
"Name is the name of the cookie for which attributes will be rewritten."
fn spec.routes.services.cookieRewritePolicies.withSameSite
withSameSite(sameSite)
"SameSite enables rewriting the Set-Cookie SameSite element. If not set, SameSite attribute will not be rewritten."
fn spec.routes.services.cookieRewritePolicies.withSecure
withSecure(secure)
"Secure enables rewriting the Set-Cookie Secure element. If not set, Secure attribute will not be rewritten."
obj spec.routes.services.cookieRewritePolicies.domainRewrite
"DomainRewrite enables rewriting the Set-Cookie Domain element. If not set, Domain will not be rewritten."
fn spec.routes.services.cookieRewritePolicies.domainRewrite.withValue
withValue(value)
"Value is the value to rewrite the Domain attribute to. For now this is required."
obj spec.routes.services.cookieRewritePolicies.pathRewrite
"PathRewrite enables rewriting the Set-Cookie Path element. If not set, Path will not be rewritten."
fn spec.routes.services.cookieRewritePolicies.pathRewrite.withValue
withValue(value)
"Value is the value to rewrite the Path attribute to. For now this is required."
obj spec.routes.services.requestHeadersPolicy
"The policy for managing request headers during proxying."
fn spec.routes.services.requestHeadersPolicy.withRemove
withRemove(remove)
"Remove specifies a list of HTTP header names to remove."
fn spec.routes.services.requestHeadersPolicy.withRemoveMixin
withRemoveMixin(remove)
"Remove specifies a list of HTTP header names to remove."
Note: This function appends passed data to existing values
fn spec.routes.services.requestHeadersPolicy.withSet
withSet(set)
"Set specifies a list of HTTP header values that will be set in the HTTP header. If the header does not exist it will be added, otherwise it will be overwritten with the new value."
fn spec.routes.services.requestHeadersPolicy.withSetMixin
withSetMixin(set)
"Set specifies a list of HTTP header values that will be set in the HTTP header. If the header does not exist it will be added, otherwise it will be overwritten with the new value."
Note: This function appends passed data to existing values
obj spec.routes.services.requestHeadersPolicy.set
"Set specifies a list of HTTP header values that will be set in the HTTP header. If the header does not exist it will be added, otherwise it will be overwritten with the new value."
fn spec.routes.services.requestHeadersPolicy.set.withName
withName(name)
"Name represents a key of a header"
fn spec.routes.services.requestHeadersPolicy.set.withValue
withValue(value)
"Value represents the value of a header specified by a key"
obj spec.routes.services.responseHeadersPolicy
"The policy for managing response headers during proxying. Rewriting the 'Host' header is not supported."
fn spec.routes.services.responseHeadersPolicy.withRemove
withRemove(remove)
"Remove specifies a list of HTTP header names to remove."
fn spec.routes.services.responseHeadersPolicy.withRemoveMixin
withRemoveMixin(remove)
"Remove specifies a list of HTTP header names to remove."
Note: This function appends passed data to existing values
fn spec.routes.services.responseHeadersPolicy.withSet
withSet(set)
"Set specifies a list of HTTP header values that will be set in the HTTP header. If the header does not exist it will be added, otherwise it will be overwritten with the new value."
fn spec.routes.services.responseHeadersPolicy.withSetMixin
withSetMixin(set)
"Set specifies a list of HTTP header values that will be set in the HTTP header. If the header does not exist it will be added, otherwise it will be overwritten with the new value."
Note: This function appends passed data to existing values
obj spec.routes.services.responseHeadersPolicy.set
"Set specifies a list of HTTP header values that will be set in the HTTP header. If the header does not exist it will be added, otherwise it will be overwritten with the new value."
fn spec.routes.services.responseHeadersPolicy.set.withName
withName(name)
"Name represents a key of a header"
fn spec.routes.services.responseHeadersPolicy.set.withValue
withValue(value)
"Value represents the value of a header specified by a key"
obj spec.routes.services.slowStartPolicy
"Slow start will gradually increase amount of traffic to a newly added endpoint."
fn spec.routes.services.slowStartPolicy.withAggression
withAggression(aggression)
"The speed of traffic increase over the slow start window. Defaults to 1.0, so that endpoint would get linearly increasing amount of traffic. When increasing the value for this parameter, the speed of traffic ramp-up increases non-linearly. The value of aggression parameter should be greater than 0.0. \n More info: https://www.envoyproxy.io/docs/envoy/latest/intro/arch_overview/upstream/load_balancing/slow_start"
fn spec.routes.services.slowStartPolicy.withMinWeightPercent
withMinWeightPercent(minWeightPercent)
"The minimum or starting percentage of traffic to send to new endpoints. A non-zero value helps avoid a too small initial weight, which may cause endpoints in slow start mode to receive no traffic in the beginning of the slow start window. If not specified, the default is 10%."
fn spec.routes.services.slowStartPolicy.withWindow
withWindow(window)
"The duration of slow start window. Duration is expressed in the Go Duration format. Valid time units are \"ns\", \"us\" (or \"µs\"), \"ms\", \"s\", \"m\", \"h\"."
obj spec.routes.services.validation
"UpstreamValidation defines how to verify the backend service's certificate"
fn spec.routes.services.validation.withCaSecret
withCaSecret(caSecret)
"Name or namespaced name of the Kubernetes secret used to validate the certificate presented by the backend. The secret must contain key named ca.crt."
fn spec.routes.services.validation.withSubjectName
withSubjectName(subjectName)
"Key which is expected to be present in the 'subjectAltName' of the presented certificate."
obj spec.routes.timeoutPolicy
"The timeout policy for this route."
fn spec.routes.timeoutPolicy.withIdle
withIdle(idle)
"Timeout for how long the proxy should wait while there is no activity during single request/response (for HTTP/1.1) or stream (for HTTP/2). Timeout will not trigger while HTTP/1.1 connection is idle between two consecutive requests. If not specified, there is no per-route idle timeout, though a connection manager-wide stream_idle_timeout default of 5m still applies."
fn spec.routes.timeoutPolicy.withIdleConnection
withIdleConnection(idleConnection)
"Timeout for how long connection from the proxy to the upstream service is kept when there are no active requests. If not supplied, Envoy's default value of 1h applies."
fn spec.routes.timeoutPolicy.withResponse
withResponse(response)
"Timeout for receiving a response from the server after processing a request from client. If not supplied, Envoy's default value of 15s applies."
obj spec.tcpproxy
"TCPProxy holds TCP proxy information."
fn spec.tcpproxy.withServices
withServices(services)
"Services are the services to proxy traffic"
fn spec.tcpproxy.withServicesMixin
withServicesMixin(services)
"Services are the services to proxy traffic"
Note: This function appends passed data to existing values
obj spec.tcpproxy.healthCheckPolicy
"The health check policy for this tcp proxy"
fn spec.tcpproxy.healthCheckPolicy.withHealthyThresholdCount
withHealthyThresholdCount(healthyThresholdCount)
"The number of healthy health checks required before a host is marked healthy"
fn spec.tcpproxy.healthCheckPolicy.withIntervalSeconds
withIntervalSeconds(intervalSeconds)
"The interval (seconds) between health checks"
fn spec.tcpproxy.healthCheckPolicy.withTimeoutSeconds
withTimeoutSeconds(timeoutSeconds)
"The time to wait (seconds) for a health check response"
fn spec.tcpproxy.healthCheckPolicy.withUnhealthyThresholdCount
withUnhealthyThresholdCount(unhealthyThresholdCount)
"The number of unhealthy health checks required before a host is marked unhealthy"
obj spec.tcpproxy.include
"Include specifies that this tcpproxy should be delegated to another HTTPProxy."
fn spec.tcpproxy.include.withName
withName(name)
"Name of the child HTTPProxy"
fn spec.tcpproxy.include.withNamespace
withNamespace(namespace)
"Namespace of the HTTPProxy to include. Defaults to the current namespace if not supplied."
obj spec.tcpproxy.includes
"IncludesDeprecated allow for specific routing configuration to be appended to another HTTPProxy in another namespace. \n Exists due to a mistake when developing HTTPProxy and the field was marked plural when it should have been singular. This field should stay to not break backwards compatibility to v1 users."
fn spec.tcpproxy.includes.withName
withName(name)
"Name of the child HTTPProxy"
fn spec.tcpproxy.includes.withNamespace
withNamespace(namespace)
"Namespace of the HTTPProxy to include. Defaults to the current namespace if not supplied."
obj spec.tcpproxy.loadBalancerPolicy
"The load balancing policy for the backend services. Note that the Cookie and RequestHash load balancing strategies cannot be used here."
fn spec.tcpproxy.loadBalancerPolicy.withRequestHashPolicies
withRequestHashPolicies(requestHashPolicies)
"RequestHashPolicies contains a list of hash policies to apply when the RequestHash load balancing strategy is chosen. If an element of the supplied list of hash policies is invalid, it will be ignored. If the list of hash policies is empty after validation, the load balancing strategy will fall back to the default RoundRobin."
fn spec.tcpproxy.loadBalancerPolicy.withRequestHashPoliciesMixin
withRequestHashPoliciesMixin(requestHashPolicies)
"RequestHashPolicies contains a list of hash policies to apply when the RequestHash load balancing strategy is chosen. If an element of the supplied list of hash policies is invalid, it will be ignored. If the list of hash policies is empty after validation, the load balancing strategy will fall back to the default RoundRobin."
Note: This function appends passed data to existing values
fn spec.tcpproxy.loadBalancerPolicy.withStrategy
withStrategy(strategy)
"Strategy specifies the policy used to balance requests across the pool of backend pods. Valid policy names are Random, RoundRobin, WeightedLeastRequest, Cookie, and RequestHash. If an unknown strategy name is specified or no policy is supplied, the default RoundRobin policy is used."
obj spec.tcpproxy.loadBalancerPolicy.requestHashPolicies
"RequestHashPolicies contains a list of hash policies to apply when the RequestHash load balancing strategy is chosen. If an element of the supplied list of hash policies is invalid, it will be ignored. If the list of hash policies is empty after validation, the load balancing strategy will fall back to the default RoundRobin."
fn spec.tcpproxy.loadBalancerPolicy.requestHashPolicies.withHashSourceIP
withHashSourceIP(hashSourceIP)
"HashSourceIP should be set to true when request source IP hash based load balancing is desired. It must be the only hash option field set, otherwise this request hash policy object will be ignored."
fn spec.tcpproxy.loadBalancerPolicy.requestHashPolicies.withTerminal
withTerminal(terminal)
"Terminal is a flag that allows for short-circuiting computing of a hash for a given request. If set to true, and the request attribute specified in the attribute hash options is present, no further hash policies will be used to calculate a hash for the request."
obj spec.tcpproxy.loadBalancerPolicy.requestHashPolicies.headerHashOptions
"HeaderHashOptions should be set when request header hash based load balancing is desired. It must be the only hash option field set, otherwise this request hash policy object will be ignored."
fn spec.tcpproxy.loadBalancerPolicy.requestHashPolicies.headerHashOptions.withHeaderName
withHeaderName(headerName)
"HeaderName is the name of the HTTP request header that will be used to calculate the hash key. If the header specified is not present on a request, no hash will be produced."
obj spec.tcpproxy.loadBalancerPolicy.requestHashPolicies.queryParameterHashOptions
"QueryParameterHashOptions should be set when request query parameter hash based load balancing is desired. It must be the only hash option field set, otherwise this request hash policy object will be ignored."
fn spec.tcpproxy.loadBalancerPolicy.requestHashPolicies.queryParameterHashOptions.withParameterName
withParameterName(parameterName)
"ParameterName is the name of the HTTP request query parameter that will be used to calculate the hash key. If the query parameter specified is not present on a request, no hash will be produced."
obj spec.tcpproxy.services
"Services are the services to proxy traffic"
fn spec.tcpproxy.services.withCookieRewritePolicies
withCookieRewritePolicies(cookieRewritePolicies)
"The policies for rewriting Set-Cookie header attributes."
fn spec.tcpproxy.services.withCookieRewritePoliciesMixin
withCookieRewritePoliciesMixin(cookieRewritePolicies)
"The policies for rewriting Set-Cookie header attributes."
Note: This function appends passed data to existing values
fn spec.tcpproxy.services.withHealthPort
withHealthPort(healthPort)
"HealthPort is the port for this service healthcheck. If not specified, Port is used for service healthchecks."
fn spec.tcpproxy.services.withMirror
withMirror(mirror)
"If Mirror is true the Service will receive a read only mirror of the traffic for this route."
fn spec.tcpproxy.services.withName
withName(name)
"Name is the name of Kubernetes service to proxy traffic. Names defined here will be used to look up corresponding endpoints which contain the ips to route."
fn spec.tcpproxy.services.withPort
withPort(port)
"Port (defined as Integer) to proxy traffic to since a service can have multiple defined."
fn spec.tcpproxy.services.withProtocol
withProtocol(protocol)
"Protocol may be used to specify (or override) the protocol used to reach this Service. Values may be tls, h2, h2c. If omitted, protocol-selection falls back on Service annotations."
fn spec.tcpproxy.services.withWeight
withWeight(weight)
"Weight defines percentage of traffic to balance traffic"
obj spec.tcpproxy.services.cookieRewritePolicies
"The policies for rewriting Set-Cookie header attributes."
fn spec.tcpproxy.services.cookieRewritePolicies.withName
withName(name)
"Name is the name of the cookie for which attributes will be rewritten."
fn spec.tcpproxy.services.cookieRewritePolicies.withSameSite
withSameSite(sameSite)
"SameSite enables rewriting the Set-Cookie SameSite element. If not set, SameSite attribute will not be rewritten."
fn spec.tcpproxy.services.cookieRewritePolicies.withSecure
withSecure(secure)
"Secure enables rewriting the Set-Cookie Secure element. If not set, Secure attribute will not be rewritten."
obj spec.tcpproxy.services.cookieRewritePolicies.domainRewrite
"DomainRewrite enables rewriting the Set-Cookie Domain element. If not set, Domain will not be rewritten."
fn spec.tcpproxy.services.cookieRewritePolicies.domainRewrite.withValue
withValue(value)
"Value is the value to rewrite the Domain attribute to. For now this is required."
obj spec.tcpproxy.services.cookieRewritePolicies.pathRewrite
"PathRewrite enables rewriting the Set-Cookie Path element. If not set, Path will not be rewritten."
fn spec.tcpproxy.services.cookieRewritePolicies.pathRewrite.withValue
withValue(value)
"Value is the value to rewrite the Path attribute to. For now this is required."
obj spec.tcpproxy.services.requestHeadersPolicy
"The policy for managing request headers during proxying."
fn spec.tcpproxy.services.requestHeadersPolicy.withRemove
withRemove(remove)
"Remove specifies a list of HTTP header names to remove."
fn spec.tcpproxy.services.requestHeadersPolicy.withRemoveMixin
withRemoveMixin(remove)
"Remove specifies a list of HTTP header names to remove."
Note: This function appends passed data to existing values
fn spec.tcpproxy.services.requestHeadersPolicy.withSet
withSet(set)
"Set specifies a list of HTTP header values that will be set in the HTTP header. If the header does not exist it will be added, otherwise it will be overwritten with the new value."
fn spec.tcpproxy.services.requestHeadersPolicy.withSetMixin
withSetMixin(set)
"Set specifies a list of HTTP header values that will be set in the HTTP header. If the header does not exist it will be added, otherwise it will be overwritten with the new value."
Note: This function appends passed data to existing values
obj spec.tcpproxy.services.requestHeadersPolicy.set
"Set specifies a list of HTTP header values that will be set in the HTTP header. If the header does not exist it will be added, otherwise it will be overwritten with the new value."
fn spec.tcpproxy.services.requestHeadersPolicy.set.withName
withName(name)
"Name represents a key of a header"
fn spec.tcpproxy.services.requestHeadersPolicy.set.withValue
withValue(value)
"Value represents the value of a header specified by a key"
obj spec.tcpproxy.services.responseHeadersPolicy
"The policy for managing response headers during proxying. Rewriting the 'Host' header is not supported."
fn spec.tcpproxy.services.responseHeadersPolicy.withRemove
withRemove(remove)
"Remove specifies a list of HTTP header names to remove."
fn spec.tcpproxy.services.responseHeadersPolicy.withRemoveMixin
withRemoveMixin(remove)
"Remove specifies a list of HTTP header names to remove."
Note: This function appends passed data to existing values
fn spec.tcpproxy.services.responseHeadersPolicy.withSet
withSet(set)
"Set specifies a list of HTTP header values that will be set in the HTTP header. If the header does not exist it will be added, otherwise it will be overwritten with the new value."
fn spec.tcpproxy.services.responseHeadersPolicy.withSetMixin
withSetMixin(set)
"Set specifies a list of HTTP header values that will be set in the HTTP header. If the header does not exist it will be added, otherwise it will be overwritten with the new value."
Note: This function appends passed data to existing values
obj spec.tcpproxy.services.responseHeadersPolicy.set
"Set specifies a list of HTTP header values that will be set in the HTTP header. If the header does not exist it will be added, otherwise it will be overwritten with the new value."
fn spec.tcpproxy.services.responseHeadersPolicy.set.withName
withName(name)
"Name represents a key of a header"
fn spec.tcpproxy.services.responseHeadersPolicy.set.withValue
withValue(value)
"Value represents the value of a header specified by a key"
obj spec.tcpproxy.services.slowStartPolicy
"Slow start will gradually increase amount of traffic to a newly added endpoint."
fn spec.tcpproxy.services.slowStartPolicy.withAggression
withAggression(aggression)
"The speed of traffic increase over the slow start window. Defaults to 1.0, so that endpoint would get linearly increasing amount of traffic. When increasing the value for this parameter, the speed of traffic ramp-up increases non-linearly. The value of aggression parameter should be greater than 0.0. \n More info: https://www.envoyproxy.io/docs/envoy/latest/intro/arch_overview/upstream/load_balancing/slow_start"
fn spec.tcpproxy.services.slowStartPolicy.withMinWeightPercent
withMinWeightPercent(minWeightPercent)
"The minimum or starting percentage of traffic to send to new endpoints. A non-zero value helps avoid a too small initial weight, which may cause endpoints in slow start mode to receive no traffic in the beginning of the slow start window. If not specified, the default is 10%."
fn spec.tcpproxy.services.slowStartPolicy.withWindow
withWindow(window)
"The duration of slow start window. Duration is expressed in the Go Duration format. Valid time units are \"ns\", \"us\" (or \"µs\"), \"ms\", \"s\", \"m\", \"h\"."
obj spec.tcpproxy.services.validation
"UpstreamValidation defines how to verify the backend service's certificate"
fn spec.tcpproxy.services.validation.withCaSecret
withCaSecret(caSecret)
"Name or namespaced name of the Kubernetes secret used to validate the certificate presented by the backend. The secret must contain key named ca.crt."
fn spec.tcpproxy.services.validation.withSubjectName
withSubjectName(subjectName)
"Key which is expected to be present in the 'subjectAltName' of the presented certificate."
obj spec.virtualhost
"Virtualhost appears at most once. If it is present, the object is considered to be a \"root\" HTTPProxy."
fn spec.virtualhost.withFqdn
withFqdn(fqdn)
"The fully qualified domain name of the root of the ingress tree all leaves of the DAG rooted at this object relate to the fqdn."
fn spec.virtualhost.withIpAllowPolicy
withIpAllowPolicy(ipAllowPolicy)
"IPAllowFilterPolicy is a list of ipv4/6 filter rules for which matching requests should be allowed. All other requests will be denied. Only one of IPAllowFilterPolicy and IPDenyFilterPolicy can be defined. The rules defined here may be overridden in a Route."
fn spec.virtualhost.withIpAllowPolicyMixin
withIpAllowPolicyMixin(ipAllowPolicy)
"IPAllowFilterPolicy is a list of ipv4/6 filter rules for which matching requests should be allowed. All other requests will be denied. Only one of IPAllowFilterPolicy and IPDenyFilterPolicy can be defined. The rules defined here may be overridden in a Route."
Note: This function appends passed data to existing values
fn spec.virtualhost.withIpDenyPolicy
withIpDenyPolicy(ipDenyPolicy)
"IPDenyFilterPolicy is a list of ipv4/6 filter rules for which matching requests should be denied. All other requests will be allowed. Only one of IPAllowFilterPolicy and IPDenyFilterPolicy can be defined. The rules defined here may be overridden in a Route."
fn spec.virtualhost.withIpDenyPolicyMixin
withIpDenyPolicyMixin(ipDenyPolicy)
"IPDenyFilterPolicy is a list of ipv4/6 filter rules for which matching requests should be denied. All other requests will be allowed. Only one of IPAllowFilterPolicy and IPDenyFilterPolicy can be defined. The rules defined here may be overridden in a Route."
Note: This function appends passed data to existing values
fn spec.virtualhost.withJwtProviders
withJwtProviders(jwtProviders)
"Providers to use for verifying JSON Web Tokens (JWTs) on the virtual host."
fn spec.virtualhost.withJwtProvidersMixin
withJwtProvidersMixin(jwtProviders)
"Providers to use for verifying JSON Web Tokens (JWTs) on the virtual host."
Note: This function appends passed data to existing values
obj spec.virtualhost.authorization
"This field configures an extension service to perform authorization for this virtual host. Authorization can only be configured on virtual hosts that have TLS enabled. If the TLS configuration requires client certificate validation, the client certificate is always included in the authentication check request."
fn spec.virtualhost.authorization.withFailOpen
withFailOpen(failOpen)
"If FailOpen is true, the client request is forwarded to the upstream service even if the authorization server fails to respond. This field should not be set in most cases. It is intended for use only while migrating applications from internal authorization to Contour external authorization."
fn spec.virtualhost.authorization.withResponseTimeout
withResponseTimeout(responseTimeout)
"ResponseTimeout configures maximum time to wait for a check response from the authorization server. Timeout durations are expressed in the Go Duration format. Valid time units are \"ns\", \"us\" (or \"µs\"), \"ms\", \"s\", \"m\", \"h\". The string \"infinity\" is also a valid input and specifies no timeout."
obj spec.virtualhost.authorization.authPolicy
"AuthPolicy sets a default authorization policy for client requests. This policy will be used unless overridden by individual routes."
fn spec.virtualhost.authorization.authPolicy.withContext
withContext(context)
"Context is a set of key/value pairs that are sent to the authentication server in the check request. If a context is provided at an enclosing scope, the entries are merged such that the inner scope overrides matching keys from the outer scope."
fn spec.virtualhost.authorization.authPolicy.withContextMixin
withContextMixin(context)
"Context is a set of key/value pairs that are sent to the authentication server in the check request. If a context is provided at an enclosing scope, the entries are merged such that the inner scope overrides matching keys from the outer scope."
Note: This function appends passed data to existing values
fn spec.virtualhost.authorization.authPolicy.withDisabled
withDisabled(disabled)
"When true, this field disables client request authentication for the scope of the policy."
obj spec.virtualhost.authorization.extensionRef
"ExtensionServiceRef specifies the extension resource that will authorize client requests."
fn spec.virtualhost.authorization.extensionRef.withApiVersion
withApiVersion(apiVersion)
"API version of the referent. If this field is not specified, the default \"projectcontour.io/v1alpha1\" will be used"
fn spec.virtualhost.authorization.extensionRef.withName
withName(name)
"Name of the referent. \n More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names"
fn spec.virtualhost.authorization.extensionRef.withNamespace
withNamespace(namespace)
"Namespace of the referent. If this field is not specifies, the namespace of the resource that targets the referent will be used. \n More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/"
obj spec.virtualhost.authorization.withRequestBody
"WithRequestBody specifies configuration for sending the client request's body to authorization server."
fn spec.virtualhost.authorization.withRequestBody.withAllowPartialMessage
withAllowPartialMessage(allowPartialMessage)
"If AllowPartialMessage is true, then Envoy will buffer the body until MaxRequestBytes are reached."
fn spec.virtualhost.authorization.withRequestBody.withMaxRequestBytes
withMaxRequestBytes(maxRequestBytes)
"MaxRequestBytes sets the maximum size of message body ExtAuthz filter will hold in-memory."
fn spec.virtualhost.authorization.withRequestBody.withPackAsBytes
withPackAsBytes(packAsBytes)
"If PackAsBytes is true, the body sent to Authorization Server is in raw bytes."
obj spec.virtualhost.corsPolicy
"Specifies the cross-origin policy to apply to the VirtualHost."
fn spec.virtualhost.corsPolicy.withAllowCredentials
withAllowCredentials(allowCredentials)
"Specifies whether the resource allows credentials."
fn spec.virtualhost.corsPolicy.withAllowHeaders
withAllowHeaders(allowHeaders)
"AllowHeaders specifies the content for the access-control-allow-headers header."
fn spec.virtualhost.corsPolicy.withAllowHeadersMixin
withAllowHeadersMixin(allowHeaders)
"AllowHeaders specifies the content for the access-control-allow-headers header."
Note: This function appends passed data to existing values
fn spec.virtualhost.corsPolicy.withAllowMethods
withAllowMethods(allowMethods)
"AllowMethods specifies the content for the access-control-allow-methods header."
fn spec.virtualhost.corsPolicy.withAllowMethodsMixin
withAllowMethodsMixin(allowMethods)
"AllowMethods specifies the content for the access-control-allow-methods header."
Note: This function appends passed data to existing values
fn spec.virtualhost.corsPolicy.withAllowOrigin
withAllowOrigin(allowOrigin)
"AllowOrigin specifies the origins that will be allowed to do CORS requests. Allowed values include \"\" which signifies any origin is allowed, an exact origin of the form \"scheme://host[:port]\" (where port is optional), or a valid regex pattern. Note that regex patterns are validated and a simple \"glob\" pattern (e.g. .foo.com) will be rejected or produce unexpected matches when applied as a regex."
fn spec.virtualhost.corsPolicy.withAllowOriginMixin
withAllowOriginMixin(allowOrigin)
"AllowOrigin specifies the origins that will be allowed to do CORS requests. Allowed values include \"\" which signifies any origin is allowed, an exact origin of the form \"scheme://host[:port]\" (where port is optional), or a valid regex pattern. Note that regex patterns are validated and a simple \"glob\" pattern (e.g. .foo.com) will be rejected or produce unexpected matches when applied as a regex."
Note: This function appends passed data to existing values
fn spec.virtualhost.corsPolicy.withAllowPrivateNetwork
withAllowPrivateNetwork(allowPrivateNetwork)
"AllowPrivateNetwork specifies whether to allow private network requests. See https://developer.chrome.com/blog/private-network-access-preflight."
fn spec.virtualhost.corsPolicy.withExposeHeaders
withExposeHeaders(exposeHeaders)
"ExposeHeaders Specifies the content for the access-control-expose-headers header."
fn spec.virtualhost.corsPolicy.withExposeHeadersMixin
withExposeHeadersMixin(exposeHeaders)
"ExposeHeaders Specifies the content for the access-control-expose-headers header."
Note: This function appends passed data to existing values
fn spec.virtualhost.corsPolicy.withMaxAge
withMaxAge(maxAge)
"MaxAge indicates for how long the results of a preflight request can be cached. MaxAge durations are expressed in the Go Duration format. Valid time units are \"ns\", \"us\" (or \"µs\"), \"ms\", \"s\", \"m\", \"h\". Only positive values are allowed while 0 disables the cache requiring a preflight OPTIONS check for all cross-origin requests."
obj spec.virtualhost.ipAllowPolicy
"IPAllowFilterPolicy is a list of ipv4/6 filter rules for which matching requests should be allowed. All other requests will be denied. Only one of IPAllowFilterPolicy and IPDenyFilterPolicy can be defined. The rules defined here may be overridden in a Route."
fn spec.virtualhost.ipAllowPolicy.withCidr
withCidr(cidr)
"CIDR is a CIDR block of ipv4 or ipv6 addresses to filter on. This can also be a bare IP address (without a mask) to filter on exactly one address."
fn spec.virtualhost.ipAllowPolicy.withSource
withSource(source)
"Source indicates how to determine the ip address to filter on, and can be one of two values: - Remote filters on the ip address of the client, accounting for PROXY and X-Forwarded-For as needed. - Peer filters on the ip of the network request, ignoring PROXY and X-Forwarded-For."
obj spec.virtualhost.ipDenyPolicy
"IPDenyFilterPolicy is a list of ipv4/6 filter rules for which matching requests should be denied. All other requests will be allowed. Only one of IPAllowFilterPolicy and IPDenyFilterPolicy can be defined. The rules defined here may be overridden in a Route."
fn spec.virtualhost.ipDenyPolicy.withCidr
withCidr(cidr)
"CIDR is a CIDR block of ipv4 or ipv6 addresses to filter on. This can also be a bare IP address (without a mask) to filter on exactly one address."
fn spec.virtualhost.ipDenyPolicy.withSource
withSource(source)
"Source indicates how to determine the ip address to filter on, and can be one of two values: - Remote filters on the ip address of the client, accounting for PROXY and X-Forwarded-For as needed. - Peer filters on the ip of the network request, ignoring PROXY and X-Forwarded-For."
obj spec.virtualhost.jwtProviders
"Providers to use for verifying JSON Web Tokens (JWTs) on the virtual host."
fn spec.virtualhost.jwtProviders.withAudiences
withAudiences(audiences)
"Audiences that JWTs are allowed to have in the \"aud\" field. If not provided, JWT audiences are not checked."
fn spec.virtualhost.jwtProviders.withAudiencesMixin
withAudiencesMixin(audiences)
"Audiences that JWTs are allowed to have in the \"aud\" field. If not provided, JWT audiences are not checked."
Note: This function appends passed data to existing values
fn spec.virtualhost.jwtProviders.withDefault
withDefault(default)
"Whether the provider should apply to all routes in the HTTPProxy/its includes by default. At most one provider can be marked as the default. If no provider is marked as the default, individual routes must explicitly identify the provider they require."
fn spec.virtualhost.jwtProviders.withForwardJWT
withForwardJWT(forwardJWT)
"Whether the JWT should be forwarded to the backend service after successful verification. By default, the JWT is not forwarded."
fn spec.virtualhost.jwtProviders.withIssuer
withIssuer(issuer)
"Issuer that JWTs are required to have in the \"iss\" field. If not provided, JWT issuers are not checked."
fn spec.virtualhost.jwtProviders.withName
withName(name)
"Unique name for the provider."
obj spec.virtualhost.jwtProviders.remoteJWKS
"Remote JWKS to use for verifying JWT signatures."
fn spec.virtualhost.jwtProviders.remoteJWKS.withCacheDuration
withCacheDuration(cacheDuration)
"How long to cache the JWKS locally. If not specified, Envoy's default of 5m applies."
fn spec.virtualhost.jwtProviders.remoteJWKS.withDnsLookupFamily
withDnsLookupFamily(dnsLookupFamily)
"The DNS IP address resolution policy for the JWKS URI. When configured as \"v4\", the DNS resolver will only perform a lookup for addresses in the IPv4 family. If \"v6\" is configured, the DNS resolver will only perform a lookup for addresses in the IPv6 family. If \"all\" is configured, the DNS resolver will perform a lookup for addresses in both the IPv4 and IPv6 family. If \"auto\" is configured, the DNS resolver will first perform a lookup for addresses in the IPv6 family and fallback to a lookup for addresses in the IPv4 family. If not specified, the Contour-wide setting defined in the config file or ContourConfiguration applies (defaults to \"auto\"). \n See https://www.envoyproxy.io/docs/envoy/latest/api-v3/config/cluster/v3/cluster.proto.html#envoy-v3-api-enum-config-cluster-v3-cluster-dnslookupfamily for more information."
fn spec.virtualhost.jwtProviders.remoteJWKS.withTimeout
withTimeout(timeout)
"How long to wait for a response from the URI. If not specified, a default of 1s applies."
fn spec.virtualhost.jwtProviders.remoteJWKS.withUri
withUri(uri)
"The URI for the JWKS."
obj spec.virtualhost.jwtProviders.remoteJWKS.validation
"UpstreamValidation defines how to verify the JWKS's TLS certificate."
fn spec.virtualhost.jwtProviders.remoteJWKS.validation.withCaSecret
withCaSecret(caSecret)
"Name or namespaced name of the Kubernetes secret used to validate the certificate presented by the backend. The secret must contain key named ca.crt."
fn spec.virtualhost.jwtProviders.remoteJWKS.validation.withSubjectName
withSubjectName(subjectName)
"Key which is expected to be present in the 'subjectAltName' of the presented certificate."
obj spec.virtualhost.rateLimitPolicy
"The policy for rate limiting on the virtual host."
obj spec.virtualhost.rateLimitPolicy.global
"Global defines global rate limiting parameters, i.e. parameters defining descriptors that are sent to an external rate limit service (RLS) for a rate limit decision on each request."
fn spec.virtualhost.rateLimitPolicy.global.withDescriptors
withDescriptors(descriptors)
"Descriptors defines the list of descriptors that will be generated and sent to the rate limit service. Each descriptor contains 1+ key-value pair entries."
fn spec.virtualhost.rateLimitPolicy.global.withDescriptorsMixin
withDescriptorsMixin(descriptors)
"Descriptors defines the list of descriptors that will be generated and sent to the rate limit service. Each descriptor contains 1+ key-value pair entries."
Note: This function appends passed data to existing values
obj spec.virtualhost.rateLimitPolicy.global.descriptors
"Descriptors defines the list of descriptors that will be generated and sent to the rate limit service. Each descriptor contains 1+ key-value pair entries."
fn spec.virtualhost.rateLimitPolicy.global.descriptors.withEntries
withEntries(entries)
"Entries is the list of key-value pair generators."
fn spec.virtualhost.rateLimitPolicy.global.descriptors.withEntriesMixin
withEntriesMixin(entries)
"Entries is the list of key-value pair generators."
Note: This function appends passed data to existing values
obj spec.virtualhost.rateLimitPolicy.global.descriptors.entries
"Entries is the list of key-value pair generators."
fn spec.virtualhost.rateLimitPolicy.global.descriptors.entries.withRemoteAddress
withRemoteAddress(remoteAddress)
"RemoteAddress defines a descriptor entry with a key of \"remote_address\" and a value equal to the client's IP address (from x-forwarded-for)."
fn spec.virtualhost.rateLimitPolicy.global.descriptors.entries.withRemoteAddressMixin
withRemoteAddressMixin(remoteAddress)
"RemoteAddress defines a descriptor entry with a key of \"remote_address\" and a value equal to the client's IP address (from x-forwarded-for)."
Note: This function appends passed data to existing values
obj spec.virtualhost.rateLimitPolicy.global.descriptors.entries.genericKey
"GenericKey defines a descriptor entry with a static key and value."
fn spec.virtualhost.rateLimitPolicy.global.descriptors.entries.genericKey.withKey
withKey(key)
"Key defines the key of the descriptor entry. If not set, the key is set to \"generic_key\"."
fn spec.virtualhost.rateLimitPolicy.global.descriptors.entries.genericKey.withValue
withValue(value)
"Value defines the value of the descriptor entry."
obj spec.virtualhost.rateLimitPolicy.global.descriptors.entries.requestHeader
"RequestHeader defines a descriptor entry that's populated only if a given header is present on the request. The descriptor key is static, and the descriptor value is equal to the value of the header."
fn spec.virtualhost.rateLimitPolicy.global.descriptors.entries.requestHeader.withDescriptorKey
withDescriptorKey(descriptorKey)
"DescriptorKey defines the key to use on the descriptor entry."
fn spec.virtualhost.rateLimitPolicy.global.descriptors.entries.requestHeader.withHeaderName
withHeaderName(headerName)
"HeaderName defines the name of the header to look for on the request."
obj spec.virtualhost.rateLimitPolicy.global.descriptors.entries.requestHeaderValueMatch
"RequestHeaderValueMatch defines a descriptor entry that's populated if the request's headers match a set of 1+ match criteria. The descriptor key is \"header_match\", and the descriptor value is static."
fn spec.virtualhost.rateLimitPolicy.global.descriptors.entries.requestHeaderValueMatch.withExpectMatch
withExpectMatch(expectMatch)
"ExpectMatch defines whether the request must positively match the match criteria in order to generate a descriptor entry (i.e. true), or not match the match criteria in order to generate a descriptor entry (i.e. false). The default is true."
fn spec.virtualhost.rateLimitPolicy.global.descriptors.entries.requestHeaderValueMatch.withHeaders
withHeaders(headers)
"Headers is a list of 1+ match criteria to apply against the request to determine whether to populate the descriptor entry or not."
fn spec.virtualhost.rateLimitPolicy.global.descriptors.entries.requestHeaderValueMatch.withHeadersMixin
withHeadersMixin(headers)
"Headers is a list of 1+ match criteria to apply against the request to determine whether to populate the descriptor entry or not."
Note: This function appends passed data to existing values
fn spec.virtualhost.rateLimitPolicy.global.descriptors.entries.requestHeaderValueMatch.withValue
withValue(value)
"Value defines the value of the descriptor entry."
obj spec.virtualhost.rateLimitPolicy.global.descriptors.entries.requestHeaderValueMatch.headers
"Headers is a list of 1+ match criteria to apply against the request to determine whether to populate the descriptor entry or not."
fn spec.virtualhost.rateLimitPolicy.global.descriptors.entries.requestHeaderValueMatch.headers.withContains
withContains(contains)
"Contains specifies a substring that must be present in the header value."
fn spec.virtualhost.rateLimitPolicy.global.descriptors.entries.requestHeaderValueMatch.headers.withExact
withExact(exact)
"Exact specifies a string that the header value must be equal to."
fn spec.virtualhost.rateLimitPolicy.global.descriptors.entries.requestHeaderValueMatch.headers.withName
withName(name)
"Name is the name of the header to match against. Name is required. Header names are case insensitive."
fn spec.virtualhost.rateLimitPolicy.global.descriptors.entries.requestHeaderValueMatch.headers.withNotcontains
withNotcontains(notcontains)
"NotContains specifies a substring that must not be present in the header value."
fn spec.virtualhost.rateLimitPolicy.global.descriptors.entries.requestHeaderValueMatch.headers.withNotexact
withNotexact(notexact)
"NoExact specifies a string that the header value must not be equal to. The condition is true if the header has any other value."
fn spec.virtualhost.rateLimitPolicy.global.descriptors.entries.requestHeaderValueMatch.headers.withNotpresent
withNotpresent(notpresent)
"NotPresent specifies that condition is true when the named header is not present. Note that setting NotPresent to false does not make the condition true if the named header is present."
fn spec.virtualhost.rateLimitPolicy.global.descriptors.entries.requestHeaderValueMatch.headers.withPresent
withPresent(present)
"Present specifies that condition is true when the named header is present, regardless of its value. Note that setting Present to false does not make the condition true if the named header is absent."
obj spec.virtualhost.rateLimitPolicy.local
"Local defines local rate limiting parameters, i.e. parameters for rate limiting that occurs within each Envoy pod as requests are handled."
fn spec.virtualhost.rateLimitPolicy.local.withBurst
withBurst(burst)
"Burst defines the number of requests above the requests per unit that should be allowed within a short period of time."
fn spec.virtualhost.rateLimitPolicy.local.withRequests
withRequests(requests)
"Requests defines how many requests per unit of time should be allowed before rate limiting occurs."
fn spec.virtualhost.rateLimitPolicy.local.withResponseHeadersToAdd
withResponseHeadersToAdd(responseHeadersToAdd)
"ResponseHeadersToAdd is an optional list of response headers to set when a request is rate-limited."
fn spec.virtualhost.rateLimitPolicy.local.withResponseHeadersToAddMixin
withResponseHeadersToAddMixin(responseHeadersToAdd)
"ResponseHeadersToAdd is an optional list of response headers to set when a request is rate-limited."
Note: This function appends passed data to existing values
fn spec.virtualhost.rateLimitPolicy.local.withResponseStatusCode
withResponseStatusCode(responseStatusCode)
"ResponseStatusCode is the HTTP status code to use for responses to rate-limited requests. Codes must be in the 400-599 range (inclusive). If not specified, the Envoy default of 429 (Too Many Requests) is used."
fn spec.virtualhost.rateLimitPolicy.local.withUnit
withUnit(unit)
"Unit defines the period of time within which requests over the limit will be rate limited. Valid values are \"second\", \"minute\" and \"hour\"."
obj spec.virtualhost.rateLimitPolicy.local.responseHeadersToAdd
"ResponseHeadersToAdd is an optional list of response headers to set when a request is rate-limited."
fn spec.virtualhost.rateLimitPolicy.local.responseHeadersToAdd.withName
withName(name)
"Name represents a key of a header"
fn spec.virtualhost.rateLimitPolicy.local.responseHeadersToAdd.withValue
withValue(value)
"Value represents the value of a header specified by a key"
obj spec.virtualhost.tls
"If present the fields describes TLS properties of the virtual host. The SNI names that will be matched on are described in fqdn, the tls.secretName secret must contain a certificate that itself contains a name that matches the FQDN."
fn spec.virtualhost.tls.withEnableFallbackCertificate
withEnableFallbackCertificate(enableFallbackCertificate)
"EnableFallbackCertificate defines if the vhost should allow a default certificate to be applied which handles all requests which don't match the SNI defined in this vhost."
fn spec.virtualhost.tls.withMinimumProtocolVersion
withMinimumProtocolVersion(minimumProtocolVersion)
"MinimumProtocolVersion is the minimum TLS version this vhost should negotiate. Valid options are 1.2 (default) and 1.3. Any other value defaults to TLS 1.2."
fn spec.virtualhost.tls.withPassthrough
withPassthrough(passthrough)
"Passthrough defines whether the encrypted TLS handshake will be passed through to the backing cluster. Either Passthrough or SecretName must be specified, but not both."
fn spec.virtualhost.tls.withSecretName
withSecretName(secretName)
"SecretName is the name of a TLS secret in the current namespace. Either SecretName or Passthrough must be specified, but not both. If specified, the named secret must contain a matching certificate for the virtual host's FQDN."
obj spec.virtualhost.tls.clientValidation
"ClientValidation defines how to verify the client certificate when an external client establishes a TLS connection to Envoy. \n This setting: \n 1. Enables TLS client certificate validation. 2. Specifies how the client certificate will be validated (i.e. validation required or skipped). \n Note: Setting client certificate validation to be skipped should be only used in conjunction with an external authorization server that performs client validation as Contour will ensure client certificates are passed along."
fn spec.virtualhost.tls.clientValidation.withCaSecret
withCaSecret(caSecret)
"Name of a Kubernetes secret that contains a CA certificate bundle. The secret must contain key named ca.crt. The client certificate must validate against the certificates in the bundle. If specified and SkipClientCertValidation is true, client certificates will be required on requests."
fn spec.virtualhost.tls.clientValidation.withCrlOnlyVerifyLeafCert
withCrlOnlyVerifyLeafCert(crlOnlyVerifyLeafCert)
"If this option is set to true, only the certificate at the end of the certificate chain will be subject to validation by CRL."
fn spec.virtualhost.tls.clientValidation.withCrlSecret
withCrlSecret(crlSecret)
"Name of a Kubernetes opaque secret that contains a concatenated list of PEM encoded CRLs. The secret must contain key named crl.pem. This field will be used to verify that a client certificate has not been revoked. CRLs must be available from all CAs, unless crlOnlyVerifyLeafCert is true. Large CRL lists are not supported since individual secrets are limited to 1MiB in size."
fn spec.virtualhost.tls.clientValidation.withOptionalClientCertificate
withOptionalClientCertificate(optionalClientCertificate)
"OptionalClientCertificate when set to true will request a client certificate but allow the connection to continue if the client does not provide one. If a client certificate is sent, it will be verified according to the other properties, which includes disabling validation if SkipClientCertValidation is set. Defaults to false."
fn spec.virtualhost.tls.clientValidation.withSkipClientCertValidation
withSkipClientCertValidation(skipClientCertValidation)
"SkipClientCertValidation disables downstream client certificate validation. Defaults to false. This field is intended to be used in conjunction with external authorization in order to enable the external authorization server to validate client certificates. When this field is set to true, client certificates are requested but not verified by Envoy. If CACertificate is specified, client certificates are required on requests, but not verified. If external authorization is in use, they are presented to the external authorization server."
obj spec.virtualhost.tls.clientValidation.forwardClientCertificate
"ForwardClientCertificate adds the selected data from the passed client TLS certificate to the x-forwarded-client-cert header."
fn spec.virtualhost.tls.clientValidation.forwardClientCertificate.withCert
withCert(cert)
"Client cert in URL encoded PEM format."
fn spec.virtualhost.tls.clientValidation.forwardClientCertificate.withChain
withChain(chain)
"Client cert chain (including the leaf cert) in URL encoded PEM format."
fn spec.virtualhost.tls.clientValidation.forwardClientCertificate.withDns
withDns(dns)
"DNS type Subject Alternative Names of the client cert."
fn spec.virtualhost.tls.clientValidation.forwardClientCertificate.withSubject
withSubject(subject)
"Subject of the client cert."
fn spec.virtualhost.tls.clientValidation.forwardClientCertificate.withUri
withUri(uri)
"URI type Subject Alternative Name of the client cert."