projectcontour.v1.httpProxy
"HTTPProxy is an Ingress CRD specification."
Index
fn new(name)obj metadatafn withAnnotations(annotations)fn withAnnotationsMixin(annotations)fn withClusterName(clusterName)fn withCreationTimestamp(creationTimestamp)fn withDeletionGracePeriodSeconds(deletionGracePeriodSeconds)fn withDeletionTimestamp(deletionTimestamp)fn withFinalizers(finalizers)fn withFinalizersMixin(finalizers)fn withGenerateName(generateName)fn withGeneration(generation)fn withLabels(labels)fn withLabelsMixin(labels)fn withName(name)fn withNamespace(namespace)fn withOwnerReferences(ownerReferences)fn withOwnerReferencesMixin(ownerReferences)fn withResourceVersion(resourceVersion)fn withSelfLink(selfLink)fn withUid(uid)
obj specfn withIncludes(includes)fn withIncludesMixin(includes)fn withIngressClassName(ingressClassName)fn withRoutes(routes)fn withRoutesMixin(routes)obj spec.includesobj spec.routesfn withConditions(conditions)fn withConditionsMixin(conditions)fn withCookieRewritePolicies(cookieRewritePolicies)fn withCookieRewritePoliciesMixin(cookieRewritePolicies)fn withEnableWebsockets(enableWebsockets)fn withIpAllowPolicy(ipAllowPolicy)fn withIpAllowPolicyMixin(ipAllowPolicy)fn withIpDenyPolicy(ipDenyPolicy)fn withIpDenyPolicyMixin(ipDenyPolicy)fn withPermitInsecure(permitInsecure)fn withServices(services)fn withServicesMixin(services)obj spec.routes.authPolicyobj spec.routes.conditionsobj spec.routes.cookieRewritePoliciesobj spec.routes.directResponsePolicyobj spec.routes.healthCheckPolicyfn withExpectedStatuses(expectedStatuses)fn withExpectedStatusesMixin(expectedStatuses)fn withHealthyThresholdCount(healthyThresholdCount)fn withHost(host)fn withIntervalSeconds(intervalSeconds)fn withPath(path)fn withTimeoutSeconds(timeoutSeconds)fn withUnhealthyThresholdCount(unhealthyThresholdCount)obj spec.routes.healthCheckPolicy.expectedStatuses
obj spec.routes.internalRedirectPolicyobj spec.routes.ipAllowPolicyobj spec.routes.ipDenyPolicyobj spec.routes.jwtVerificationPolicyobj spec.routes.loadBalancerPolicyobj spec.routes.pathRewritePolicyobj spec.routes.rateLimitPolicyobj spec.routes.rateLimitPolicy.globalfn withDescriptors(descriptors)fn withDescriptorsMixin(descriptors)fn withDisabled(disabled)obj spec.routes.rateLimitPolicy.global.descriptorsfn withEntries(entries)fn withEntriesMixin(entries)obj spec.routes.rateLimitPolicy.global.descriptors.entriesfn withRemoteAddress(remoteAddress)fn withRemoteAddressMixin(remoteAddress)obj spec.routes.rateLimitPolicy.global.descriptors.entries.genericKeyobj spec.routes.rateLimitPolicy.global.descriptors.entries.requestHeaderobj spec.routes.rateLimitPolicy.global.descriptors.entries.requestHeaderValueMatch
obj spec.routes.rateLimitPolicy.local
obj spec.routes.requestHeadersPolicyobj spec.routes.requestRedirectPolicyobj spec.routes.responseHeadersPolicyobj spec.routes.retryPolicyobj spec.routes.servicesfn withCookieRewritePolicies(cookieRewritePolicies)fn withCookieRewritePoliciesMixin(cookieRewritePolicies)fn withHealthPort(healthPort)fn withMirror(mirror)fn withName(name)fn withPort(port)fn withProtocol(protocol)fn withWeight(weight)obj spec.routes.services.cookieRewritePoliciesobj spec.routes.services.requestHeadersPolicyobj spec.routes.services.responseHeadersPolicyobj spec.routes.services.slowStartPolicyobj spec.routes.services.validation
obj spec.routes.timeoutPolicy
obj spec.tcpproxyfn withServices(services)fn withServicesMixin(services)obj spec.tcpproxy.healthCheckPolicyobj spec.tcpproxy.includeobj spec.tcpproxy.includesobj spec.tcpproxy.loadBalancerPolicyobj spec.tcpproxy.servicesfn withCookieRewritePolicies(cookieRewritePolicies)fn withCookieRewritePoliciesMixin(cookieRewritePolicies)fn withHealthPort(healthPort)fn withMirror(mirror)fn withName(name)fn withPort(port)fn withProtocol(protocol)fn withWeight(weight)obj spec.tcpproxy.services.cookieRewritePoliciesobj spec.tcpproxy.services.requestHeadersPolicyobj spec.tcpproxy.services.responseHeadersPolicyobj spec.tcpproxy.services.slowStartPolicyobj spec.tcpproxy.services.validation
obj spec.virtualhostfn withFqdn(fqdn)fn withIpAllowPolicy(ipAllowPolicy)fn withIpAllowPolicyMixin(ipAllowPolicy)fn withIpDenyPolicy(ipDenyPolicy)fn withIpDenyPolicyMixin(ipDenyPolicy)fn withJwtProviders(jwtProviders)fn withJwtProvidersMixin(jwtProviders)obj spec.virtualhost.authorizationobj spec.virtualhost.corsPolicyfn withAllowCredentials(allowCredentials)fn withAllowHeaders(allowHeaders)fn withAllowHeadersMixin(allowHeaders)fn withAllowMethods(allowMethods)fn withAllowMethodsMixin(allowMethods)fn withAllowOrigin(allowOrigin)fn withAllowOriginMixin(allowOrigin)fn withAllowPrivateNetwork(allowPrivateNetwork)fn withExposeHeaders(exposeHeaders)fn withExposeHeadersMixin(exposeHeaders)fn withMaxAge(maxAge)
obj spec.virtualhost.ipAllowPolicyobj spec.virtualhost.ipDenyPolicyobj spec.virtualhost.jwtProvidersfn withAudiences(audiences)fn withAudiencesMixin(audiences)fn withDefault(default)fn withForwardJWT(forwardJWT)fn withIssuer(issuer)fn withName(name)obj spec.virtualhost.jwtProviders.remoteJWKS
obj spec.virtualhost.rateLimitPolicyobj spec.virtualhost.rateLimitPolicy.globalfn withDescriptors(descriptors)fn withDescriptorsMixin(descriptors)fn withDisabled(disabled)obj spec.virtualhost.rateLimitPolicy.global.descriptorsfn withEntries(entries)fn withEntriesMixin(entries)obj spec.virtualhost.rateLimitPolicy.global.descriptors.entriesfn withRemoteAddress(remoteAddress)fn withRemoteAddressMixin(remoteAddress)obj spec.virtualhost.rateLimitPolicy.global.descriptors.entries.genericKeyobj spec.virtualhost.rateLimitPolicy.global.descriptors.entries.requestHeaderobj spec.virtualhost.rateLimitPolicy.global.descriptors.entries.requestHeaderValueMatch
obj spec.virtualhost.rateLimitPolicy.local
obj spec.virtualhost.tlsfn withEnableFallbackCertificate(enableFallbackCertificate)fn withMaximumProtocolVersion(maximumProtocolVersion)fn withMinimumProtocolVersion(minimumProtocolVersion)fn withPassthrough(passthrough)fn withSecretName(secretName)obj spec.virtualhost.tls.clientValidation
Fields
fn new
new(name)
new returns an instance of HTTPProxy
obj metadata
"ObjectMeta is metadata that all persisted resources must have, which includes all objects users must create."
fn metadata.withAnnotations
withAnnotations(annotations)
"Annotations is an unstructured key value map stored with a resource that may be set by external tools to store and retrieve arbitrary metadata. They are not queryable and should be preserved when modifying objects. More info: http://kubernetes.io/docs/user-guide/annotations"
fn metadata.withAnnotationsMixin
withAnnotationsMixin(annotations)
"Annotations is an unstructured key value map stored with a resource that may be set by external tools to store and retrieve arbitrary metadata. They are not queryable and should be preserved when modifying objects. More info: http://kubernetes.io/docs/user-guide/annotations"
Note: This function appends passed data to existing values
fn metadata.withClusterName
withClusterName(clusterName)
"The name of the cluster which the object belongs to. This is used to distinguish resources with same name and namespace in different clusters. This field is not set anywhere right now and apiserver is going to ignore it if set in create or update request."
fn metadata.withCreationTimestamp
withCreationTimestamp(creationTimestamp)
"Time is a wrapper around time.Time which supports correct marshaling to YAML and JSON. Wrappers are provided for many of the factory methods that the time package offers."
fn metadata.withDeletionGracePeriodSeconds
withDeletionGracePeriodSeconds(deletionGracePeriodSeconds)
"Number of seconds allowed for this object to gracefully terminate before it will be removed from the system. Only set when deletionTimestamp is also set. May only be shortened. Read-only."
fn metadata.withDeletionTimestamp
withDeletionTimestamp(deletionTimestamp)
"Time is a wrapper around time.Time which supports correct marshaling to YAML and JSON. Wrappers are provided for many of the factory methods that the time package offers."
fn metadata.withFinalizers
withFinalizers(finalizers)
"Must be empty before the object is deleted from the registry. Each entry is an identifier for the responsible component that will remove the entry from the list. If the deletionTimestamp of the object is non-nil, entries in this list can only be removed. Finalizers may be processed and removed in any order. Order is NOT enforced because it introduces significant risk of stuck finalizers. finalizers is a shared field, any actor with permission can reorder it. If the finalizer list is processed in order, then this can lead to a situation in which the component responsible for the first finalizer in the list is waiting for a signal (field value, external system, or other) produced by a component responsible for a finalizer later in the list, resulting in a deadlock. Without enforced ordering finalizers are free to order amongst themselves and are not vulnerable to ordering changes in the list."
fn metadata.withFinalizersMixin
withFinalizersMixin(finalizers)
"Must be empty before the object is deleted from the registry. Each entry is an identifier for the responsible component that will remove the entry from the list. If the deletionTimestamp of the object is non-nil, entries in this list can only be removed. Finalizers may be processed and removed in any order. Order is NOT enforced because it introduces significant risk of stuck finalizers. finalizers is a shared field, any actor with permission can reorder it. If the finalizer list is processed in order, then this can lead to a situation in which the component responsible for the first finalizer in the list is waiting for a signal (field value, external system, or other) produced by a component responsible for a finalizer later in the list, resulting in a deadlock. Without enforced ordering finalizers are free to order amongst themselves and are not vulnerable to ordering changes in the list."
Note: This function appends passed data to existing values
fn metadata.withGenerateName
withGenerateName(generateName)
"GenerateName is an optional prefix, used by the server, to generate a unique name ONLY IF the Name field has not been provided. If this field is used, the name returned to the client will be different than the name passed. This value will also be combined with a unique suffix. The provided value has the same validation rules as the Name field, and may be truncated by the length of the suffix required to make the value unique on the server.\n\nIf this field is specified and the generated name exists, the server will NOT return a 409 - instead, it will either return 201 Created or 500 with Reason ServerTimeout indicating a unique name could not be found in the time allotted, and the client should retry (optionally after the time indicated in the Retry-After header).\n\nApplied only if Name is not specified. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#idempotency"
fn metadata.withGeneration
withGeneration(generation)
"A sequence number representing a specific generation of the desired state. Populated by the system. Read-only."
fn metadata.withLabels
withLabels(labels)
"Map of string keys and values that can be used to organize and categorize (scope and select) objects. May match selectors of replication controllers and services. More info: http://kubernetes.io/docs/user-guide/labels"
fn metadata.withLabelsMixin
withLabelsMixin(labels)
"Map of string keys and values that can be used to organize and categorize (scope and select) objects. May match selectors of replication controllers and services. More info: http://kubernetes.io/docs/user-guide/labels"
Note: This function appends passed data to existing values
fn metadata.withName
withName(name)
"Name must be unique within a namespace. Is required when creating resources, although some resources may allow a client to request the generation of an appropriate name automatically. Name is primarily intended for creation idempotence and configuration definition. Cannot be updated. More info: http://kubernetes.io/docs/user-guide/identifiers#names"
fn metadata.withNamespace
withNamespace(namespace)
"Namespace defines the space within which each name must be unique. An empty namespace is equivalent to the \"default\" namespace, but \"default\" is the canonical representation. Not all objects are required to be scoped to a namespace - the value of this field for those objects will be empty.\n\nMust be a DNS_LABEL. Cannot be updated. More info: http://kubernetes.io/docs/user-guide/namespaces"
fn metadata.withOwnerReferences
withOwnerReferences(ownerReferences)
"List of objects depended by this object. If ALL objects in the list have been deleted, this object will be garbage collected. If this object is managed by a controller, then an entry in this list will point to this controller, with the controller field set to true. There cannot be more than one managing controller."
fn metadata.withOwnerReferencesMixin
withOwnerReferencesMixin(ownerReferences)
"List of objects depended by this object. If ALL objects in the list have been deleted, this object will be garbage collected. If this object is managed by a controller, then an entry in this list will point to this controller, with the controller field set to true. There cannot be more than one managing controller."
Note: This function appends passed data to existing values
fn metadata.withResourceVersion
withResourceVersion(resourceVersion)
"An opaque value that represents the internal version of this object that can be used by clients to determine when objects have changed. May be used for optimistic concurrency, change detection, and the watch operation on a resource or set of resources. Clients must treat these values as opaque and passed unmodified back to the server. They may only be valid for a particular resource or set of resources.\n\nPopulated by the system. Read-only. Value must be treated as opaque by clients and . More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency"
fn metadata.withSelfLink
withSelfLink(selfLink)
"SelfLink is a URL representing this object. Populated by the system. Read-only.\n\nDEPRECATED Kubernetes will stop propagating this field in 1.20 release and the field is planned to be removed in 1.21 release."
fn metadata.withUid
withUid(uid)
"UID is the unique in time and space value for this object. It is typically generated by the server on successful creation of a resource and is not allowed to change on PUT operations.\n\nPopulated by the system. Read-only. More info: http://kubernetes.io/docs/user-guide/identifiers#uids"
obj spec
"HTTPProxySpec defines the spec of the CRD."
fn spec.withIncludes
withIncludes(includes)
"Includes allow for specific routing configuration to be included from another HTTPProxy,\npossibly in another namespace."
fn spec.withIncludesMixin
withIncludesMixin(includes)
"Includes allow for specific routing configuration to be included from another HTTPProxy,\npossibly in another namespace."
Note: This function appends passed data to existing values
fn spec.withIngressClassName
withIngressClassName(ingressClassName)
"IngressClassName optionally specifies the ingress class to use for this\nHTTPProxy. This replaces the deprecated kubernetes.io/ingress.class\nannotation. For backwards compatibility, when that annotation is set, it\nis given precedence over this field."
fn spec.withRoutes
withRoutes(routes)
"Routes are the ingress routes. If TCPProxy is present, Routes is ignored."
fn spec.withRoutesMixin
withRoutesMixin(routes)
"Routes are the ingress routes. If TCPProxy is present, Routes is ignored."
Note: This function appends passed data to existing values
obj spec.includes
"Includes allow for specific routing configuration to be included from another HTTPProxy,\npossibly in another namespace."
fn spec.includes.withConditions
withConditions(conditions)
"Conditions are a set of rules that are applied to included HTTPProxies.\nIn effect, they are added onto the Conditions of included HTTPProxy Route\nstructs.\nWhen applied, they are merged using AND, with one exception:\nThere can be only one Prefix MatchCondition per Conditions slice.\nMore than one Prefix, or contradictory Conditions, will make the\ninclude invalid. Exact and Regex match conditions are not allowed\non includes."
fn spec.includes.withConditionsMixin
withConditionsMixin(conditions)
"Conditions are a set of rules that are applied to included HTTPProxies.\nIn effect, they are added onto the Conditions of included HTTPProxy Route\nstructs.\nWhen applied, they are merged using AND, with one exception:\nThere can be only one Prefix MatchCondition per Conditions slice.\nMore than one Prefix, or contradictory Conditions, will make the\ninclude invalid. Exact and Regex match conditions are not allowed\non includes."
Note: This function appends passed data to existing values
fn spec.includes.withName
withName(name)
"Name of the HTTPProxy"
fn spec.includes.withNamespace
withNamespace(namespace)
"Namespace of the HTTPProxy to include. Defaults to the current namespace if not supplied."
obj spec.includes.conditions
"Conditions are a set of rules that are applied to included HTTPProxies.\nIn effect, they are added onto the Conditions of included HTTPProxy Route\nstructs.\nWhen applied, they are merged using AND, with one exception:\nThere can be only one Prefix MatchCondition per Conditions slice.\nMore than one Prefix, or contradictory Conditions, will make the\ninclude invalid. Exact and Regex match conditions are not allowed\non includes."
fn spec.includes.conditions.withExact
withExact(exact)
"Exact defines a exact match for a request.\nThis field is not allowed in include match conditions."
fn spec.includes.conditions.withPrefix
withPrefix(prefix)
"Prefix defines a prefix match for a request."
fn spec.includes.conditions.withRegex
withRegex(regex)
"Regex defines a regex match for a request.\nThis field is not allowed in include match conditions."
obj spec.includes.conditions.header
"Header specifies the header condition to match."
fn spec.includes.conditions.header.withContains
withContains(contains)
"Contains specifies a substring that must be present in\nthe header value."
fn spec.includes.conditions.header.withExact
withExact(exact)
"Exact specifies a string that the header value must be equal to."
fn spec.includes.conditions.header.withIgnoreCase
withIgnoreCase(ignoreCase)
"IgnoreCase specifies that string matching should be case insensitive.\nNote that this has no effect on the Regex parameter."
fn spec.includes.conditions.header.withName
withName(name)
"Name is the name of the header to match against. Name is required.\nHeader names are case insensitive."
fn spec.includes.conditions.header.withNotcontains
withNotcontains(notcontains)
"NotContains specifies a substring that must not be present\nin the header value."
fn spec.includes.conditions.header.withNotexact
withNotexact(notexact)
"NoExact specifies a string that the header value must not be\nequal to. The condition is true if the header has any other value."
fn spec.includes.conditions.header.withNotpresent
withNotpresent(notpresent)
"NotPresent specifies that condition is true when the named header\nis not present. Note that setting NotPresent to false does not\nmake the condition true if the named header is present."
fn spec.includes.conditions.header.withPresent
withPresent(present)
"Present specifies that condition is true when the named header\nis present, regardless of its value. Note that setting Present\nto false does not make the condition true if the named header\nis absent."
fn spec.includes.conditions.header.withRegex
withRegex(regex)
"Regex specifies a regular expression pattern that must match the header\nvalue."
fn spec.includes.conditions.header.withTreatMissingAsEmpty
withTreatMissingAsEmpty(treatMissingAsEmpty)
"TreatMissingAsEmpty specifies if the header match rule specified header\ndoes not exist, this header value will be treated as empty. Defaults to false.\nUnlike the underlying Envoy implementation this is only supported for\nnegative matches (e.g. NotContains, NotExact)."
obj spec.includes.conditions.queryParameter
"QueryParameter specifies the query parameter condition to match."
fn spec.includes.conditions.queryParameter.withContains
withContains(contains)
"Contains specifies a substring that must be present in\nthe query parameter value."
fn spec.includes.conditions.queryParameter.withExact
withExact(exact)
"Exact specifies a string that the query parameter value must be equal to."
fn spec.includes.conditions.queryParameter.withIgnoreCase
withIgnoreCase(ignoreCase)
"IgnoreCase specifies that string matching should be case insensitive.\nNote that this has no effect on the Regex parameter."
fn spec.includes.conditions.queryParameter.withName
withName(name)
"Name is the name of the query parameter to match against. Name is required.\nQuery parameter names are case insensitive."
fn spec.includes.conditions.queryParameter.withPrefix
withPrefix(prefix)
"Prefix defines a prefix match for the query parameter value."
fn spec.includes.conditions.queryParameter.withPresent
withPresent(present)
"Present specifies that condition is true when the named query parameter\nis present, regardless of its value. Note that setting Present\nto false does not make the condition true if the named query parameter\nis absent."
fn spec.includes.conditions.queryParameter.withRegex
withRegex(regex)
"Regex specifies a regular expression pattern that must match the query\nparameter value."
fn spec.includes.conditions.queryParameter.withSuffix
withSuffix(suffix)
"Suffix defines a suffix match for a query parameter value."
obj spec.routes
"Routes are the ingress routes. If TCPProxy is present, Routes is ignored."
fn spec.routes.withConditions
withConditions(conditions)
"Conditions are a set of rules that are applied to a Route.\nWhen applied, they are merged using AND, with one exception:\nThere can be only one Prefix, Exact or Regex MatchCondition\nper Conditions slice. More than one of these condition types,\nor contradictory Conditions, will make the route invalid."
fn spec.routes.withConditionsMixin
withConditionsMixin(conditions)
"Conditions are a set of rules that are applied to a Route.\nWhen applied, they are merged using AND, with one exception:\nThere can be only one Prefix, Exact or Regex MatchCondition\nper Conditions slice. More than one of these condition types,\nor contradictory Conditions, will make the route invalid."
Note: This function appends passed data to existing values
fn spec.routes.withCookieRewritePolicies
withCookieRewritePolicies(cookieRewritePolicies)
"The policies for rewriting Set-Cookie header attributes. Note that\nrewritten cookie names must be unique in this list. Order rewrite\npolicies are specified in does not matter."
fn spec.routes.withCookieRewritePoliciesMixin
withCookieRewritePoliciesMixin(cookieRewritePolicies)
"The policies for rewriting Set-Cookie header attributes. Note that\nrewritten cookie names must be unique in this list. Order rewrite\npolicies are specified in does not matter."
Note: This function appends passed data to existing values
fn spec.routes.withEnableWebsockets
withEnableWebsockets(enableWebsockets)
"Enables websocket support for the route."
fn spec.routes.withIpAllowPolicy
withIpAllowPolicy(ipAllowPolicy)
"IPAllowFilterPolicy is a list of ipv4/6 filter rules for which matching\nrequests should be allowed. All other requests will be denied.\nOnly one of IPAllowFilterPolicy and IPDenyFilterPolicy can be defined.\nThe rules defined here override any rules set on the root HTTPProxy."
fn spec.routes.withIpAllowPolicyMixin
withIpAllowPolicyMixin(ipAllowPolicy)
"IPAllowFilterPolicy is a list of ipv4/6 filter rules for which matching\nrequests should be allowed. All other requests will be denied.\nOnly one of IPAllowFilterPolicy and IPDenyFilterPolicy can be defined.\nThe rules defined here override any rules set on the root HTTPProxy."
Note: This function appends passed data to existing values
fn spec.routes.withIpDenyPolicy
withIpDenyPolicy(ipDenyPolicy)
"IPDenyFilterPolicy is a list of ipv4/6 filter rules for which matching\nrequests should be denied. All other requests will be allowed.\nOnly one of IPAllowFilterPolicy and IPDenyFilterPolicy can be defined.\nThe rules defined here override any rules set on the root HTTPProxy."
fn spec.routes.withIpDenyPolicyMixin
withIpDenyPolicyMixin(ipDenyPolicy)
"IPDenyFilterPolicy is a list of ipv4/6 filter rules for which matching\nrequests should be denied. All other requests will be allowed.\nOnly one of IPAllowFilterPolicy and IPDenyFilterPolicy can be defined.\nThe rules defined here override any rules set on the root HTTPProxy."
Note: This function appends passed data to existing values
fn spec.routes.withPermitInsecure
withPermitInsecure(permitInsecure)
"Allow this path to respond to insecure requests over HTTP which are normally\nnot permitted when a virtualhost.tls block is present."
fn spec.routes.withServices
withServices(services)
"Services are the services to proxy traffic."
fn spec.routes.withServicesMixin
withServicesMixin(services)
"Services are the services to proxy traffic."
Note: This function appends passed data to existing values
obj spec.routes.authPolicy
"AuthPolicy updates the authorization policy that was set\non the root HTTPProxy object for client requests that\nmatch this route."
fn spec.routes.authPolicy.withContext
withContext(context)
"Context is a set of key/value pairs that are sent to the\nauthentication server in the check request. If a context\nis provided at an enclosing scope, the entries are merged\nsuch that the inner scope overrides matching keys from the\nouter scope."
fn spec.routes.authPolicy.withContextMixin
withContextMixin(context)
"Context is a set of key/value pairs that are sent to the\nauthentication server in the check request. If a context\nis provided at an enclosing scope, the entries are merged\nsuch that the inner scope overrides matching keys from the\nouter scope."
Note: This function appends passed data to existing values
fn spec.routes.authPolicy.withDisabled
withDisabled(disabled)
"When true, this field disables client request authentication\nfor the scope of the policy."
obj spec.routes.conditions
"Conditions are a set of rules that are applied to a Route.\nWhen applied, they are merged using AND, with one exception:\nThere can be only one Prefix, Exact or Regex MatchCondition\nper Conditions slice. More than one of these condition types,\nor contradictory Conditions, will make the route invalid."
fn spec.routes.conditions.withExact
withExact(exact)
"Exact defines a exact match for a request.\nThis field is not allowed in include match conditions."
fn spec.routes.conditions.withPrefix
withPrefix(prefix)
"Prefix defines a prefix match for a request."
fn spec.routes.conditions.withRegex
withRegex(regex)
"Regex defines a regex match for a request.\nThis field is not allowed in include match conditions."
obj spec.routes.conditions.header
"Header specifies the header condition to match."
fn spec.routes.conditions.header.withContains
withContains(contains)
"Contains specifies a substring that must be present in\nthe header value."
fn spec.routes.conditions.header.withExact
withExact(exact)
"Exact specifies a string that the header value must be equal to."
fn spec.routes.conditions.header.withIgnoreCase
withIgnoreCase(ignoreCase)
"IgnoreCase specifies that string matching should be case insensitive.\nNote that this has no effect on the Regex parameter."
fn spec.routes.conditions.header.withName
withName(name)
"Name is the name of the header to match against. Name is required.\nHeader names are case insensitive."
fn spec.routes.conditions.header.withNotcontains
withNotcontains(notcontains)
"NotContains specifies a substring that must not be present\nin the header value."
fn spec.routes.conditions.header.withNotexact
withNotexact(notexact)
"NoExact specifies a string that the header value must not be\nequal to. The condition is true if the header has any other value."
fn spec.routes.conditions.header.withNotpresent
withNotpresent(notpresent)
"NotPresent specifies that condition is true when the named header\nis not present. Note that setting NotPresent to false does not\nmake the condition true if the named header is present."
fn spec.routes.conditions.header.withPresent
withPresent(present)
"Present specifies that condition is true when the named header\nis present, regardless of its value. Note that setting Present\nto false does not make the condition true if the named header\nis absent."
fn spec.routes.conditions.header.withRegex
withRegex(regex)
"Regex specifies a regular expression pattern that must match the header\nvalue."
fn spec.routes.conditions.header.withTreatMissingAsEmpty
withTreatMissingAsEmpty(treatMissingAsEmpty)
"TreatMissingAsEmpty specifies if the header match rule specified header\ndoes not exist, this header value will be treated as empty. Defaults to false.\nUnlike the underlying Envoy implementation this is only supported for\nnegative matches (e.g. NotContains, NotExact)."
obj spec.routes.conditions.queryParameter
"QueryParameter specifies the query parameter condition to match."
fn spec.routes.conditions.queryParameter.withContains
withContains(contains)
"Contains specifies a substring that must be present in\nthe query parameter value."
fn spec.routes.conditions.queryParameter.withExact
withExact(exact)
"Exact specifies a string that the query parameter value must be equal to."
fn spec.routes.conditions.queryParameter.withIgnoreCase
withIgnoreCase(ignoreCase)
"IgnoreCase specifies that string matching should be case insensitive.\nNote that this has no effect on the Regex parameter."
fn spec.routes.conditions.queryParameter.withName
withName(name)
"Name is the name of the query parameter to match against. Name is required.\nQuery parameter names are case insensitive."
fn spec.routes.conditions.queryParameter.withPrefix
withPrefix(prefix)
"Prefix defines a prefix match for the query parameter value."
fn spec.routes.conditions.queryParameter.withPresent
withPresent(present)
"Present specifies that condition is true when the named query parameter\nis present, regardless of its value. Note that setting Present\nto false does not make the condition true if the named query parameter\nis absent."
fn spec.routes.conditions.queryParameter.withRegex
withRegex(regex)
"Regex specifies a regular expression pattern that must match the query\nparameter value."
fn spec.routes.conditions.queryParameter.withSuffix
withSuffix(suffix)
"Suffix defines a suffix match for a query parameter value."
obj spec.routes.cookieRewritePolicies
"The policies for rewriting Set-Cookie header attributes. Note that\nrewritten cookie names must be unique in this list. Order rewrite\npolicies are specified in does not matter."
fn spec.routes.cookieRewritePolicies.withName
withName(name)
"Name is the name of the cookie for which attributes will be rewritten."
fn spec.routes.cookieRewritePolicies.withSameSite
withSameSite(sameSite)
"SameSite enables rewriting the Set-Cookie SameSite element.\nIf not set, SameSite attribute will not be rewritten."
fn spec.routes.cookieRewritePolicies.withSecure
withSecure(secure)
"Secure enables rewriting the Set-Cookie Secure element.\nIf not set, Secure attribute will not be rewritten."
obj spec.routes.cookieRewritePolicies.domainRewrite
"DomainRewrite enables rewriting the Set-Cookie Domain element.\nIf not set, Domain will not be rewritten."
fn spec.routes.cookieRewritePolicies.domainRewrite.withValue
withValue(value)
"Value is the value to rewrite the Domain attribute to.\nFor now this is required."
obj spec.routes.cookieRewritePolicies.pathRewrite
"PathRewrite enables rewriting the Set-Cookie Path element.\nIf not set, Path will not be rewritten."
fn spec.routes.cookieRewritePolicies.pathRewrite.withValue
withValue(value)
"Value is the value to rewrite the Path attribute to.\nFor now this is required."
obj spec.routes.directResponsePolicy
"DirectResponsePolicy returns an arbitrary HTTP response directly."
fn spec.routes.directResponsePolicy.withBody
withBody(body)
"Body is the content of the response body.\nIf this setting is omitted, no body is included in the generated response.\nNote: Body is not recommended to set too long\notherwise it can have significant resource usage impacts."
fn spec.routes.directResponsePolicy.withStatusCode
withStatusCode(statusCode)
"StatusCode is the HTTP response status to be returned."
obj spec.routes.healthCheckPolicy
"The health check policy for this route."
fn spec.routes.healthCheckPolicy.withExpectedStatuses
withExpectedStatuses(expectedStatuses)
"The ranges of HTTP response statuses considered healthy. Follow half-open\nsemantics, i.e. for each range the start is inclusive and the end is exclusive.\nMust be within the range [100,600). If not specified, only a 200 response status\nis considered healthy."
fn spec.routes.healthCheckPolicy.withExpectedStatusesMixin
withExpectedStatusesMixin(expectedStatuses)
"The ranges of HTTP response statuses considered healthy. Follow half-open\nsemantics, i.e. for each range the start is inclusive and the end is exclusive.\nMust be within the range [100,600). If not specified, only a 200 response status\nis considered healthy."
Note: This function appends passed data to existing values
fn spec.routes.healthCheckPolicy.withHealthyThresholdCount
withHealthyThresholdCount(healthyThresholdCount)
"The number of healthy health checks required before a host is marked healthy"
fn spec.routes.healthCheckPolicy.withHost
withHost(host)
"The value of the host header in the HTTP health check request.\nIf left empty (default value), the name \"contour-envoy-healthcheck\"\nwill be used."
fn spec.routes.healthCheckPolicy.withIntervalSeconds
withIntervalSeconds(intervalSeconds)
"The interval (seconds) between health checks"
fn spec.routes.healthCheckPolicy.withPath
withPath(path)
"HTTP endpoint used to perform health checks on upstream service"
fn spec.routes.healthCheckPolicy.withTimeoutSeconds
withTimeoutSeconds(timeoutSeconds)
"The time to wait (seconds) for a health check response"
fn spec.routes.healthCheckPolicy.withUnhealthyThresholdCount
withUnhealthyThresholdCount(unhealthyThresholdCount)
"The number of unhealthy health checks required before a host is marked unhealthy"
obj spec.routes.healthCheckPolicy.expectedStatuses
"The ranges of HTTP response statuses considered healthy. Follow half-open\nsemantics, i.e. for each range the start is inclusive and the end is exclusive.\nMust be within the range [100,600). If not specified, only a 200 response status\nis considered healthy."
fn spec.routes.healthCheckPolicy.expectedStatuses.withEnd
withEnd(end)
"The end (exclusive) of a range of HTTP status codes."
fn spec.routes.healthCheckPolicy.expectedStatuses.withStart
withStart(start)
"The start (inclusive) of a range of HTTP status codes."
obj spec.routes.internalRedirectPolicy
"The policy to define when to handle redirects responses internally."
fn spec.routes.internalRedirectPolicy.withAllowCrossSchemeRedirect
withAllowCrossSchemeRedirect(allowCrossSchemeRedirect)
"AllowCrossSchemeRedirect Allow internal redirect to follow a target URI with a different scheme\nthan the value of x-forwarded-proto.\nSafeOnly allows same scheme redirect and safe cross scheme redirect, which means if the downstream\nscheme is HTTPS, both HTTPS and HTTP redirect targets are allowed, but if the downstream scheme\nis HTTP, only HTTP redirect targets are allowed."
fn spec.routes.internalRedirectPolicy.withDenyRepeatedRouteRedirect
withDenyRepeatedRouteRedirect(denyRepeatedRouteRedirect)
"If DenyRepeatedRouteRedirect is true, rejects redirect targets that are pointing to a route that has\nbeen followed by a previous redirect from the current route."
fn spec.routes.internalRedirectPolicy.withMaxInternalRedirects
withMaxInternalRedirects(maxInternalRedirects)
"MaxInternalRedirects An internal redirect is not handled, unless the number of previous internal\nredirects that a downstream request has encountered is lower than this value."
fn spec.routes.internalRedirectPolicy.withRedirectResponseCodes
withRedirectResponseCodes(redirectResponseCodes)
"RedirectResponseCodes If unspecified, only 302 will be treated as internal redirect.\nOnly 301, 302, 303, 307 and 308 are valid values."
fn spec.routes.internalRedirectPolicy.withRedirectResponseCodesMixin
withRedirectResponseCodesMixin(redirectResponseCodes)
"RedirectResponseCodes If unspecified, only 302 will be treated as internal redirect.\nOnly 301, 302, 303, 307 and 308 are valid values."
Note: This function appends passed data to existing values
obj spec.routes.ipAllowPolicy
"IPAllowFilterPolicy is a list of ipv4/6 filter rules for which matching\nrequests should be allowed. All other requests will be denied.\nOnly one of IPAllowFilterPolicy and IPDenyFilterPolicy can be defined.\nThe rules defined here override any rules set on the root HTTPProxy."
fn spec.routes.ipAllowPolicy.withCidr
withCidr(cidr)
"CIDR is a CIDR block of ipv4 or ipv6 addresses to filter on. This can also be\na bare IP address (without a mask) to filter on exactly one address."
fn spec.routes.ipAllowPolicy.withSource
withSource(source)
"Source indicates how to determine the ip address to filter on, and can be\none of two values:\n - Remote filters on the ip address of the client, accounting for PROXY and\n X-Forwarded-For as needed.\n - Peer filters on the ip of the network request, ignoring PROXY and\n X-Forwarded-For."
obj spec.routes.ipDenyPolicy
"IPDenyFilterPolicy is a list of ipv4/6 filter rules for which matching\nrequests should be denied. All other requests will be allowed.\nOnly one of IPAllowFilterPolicy and IPDenyFilterPolicy can be defined.\nThe rules defined here override any rules set on the root HTTPProxy."
fn spec.routes.ipDenyPolicy.withCidr
withCidr(cidr)
"CIDR is a CIDR block of ipv4 or ipv6 addresses to filter on. This can also be\na bare IP address (without a mask) to filter on exactly one address."
fn spec.routes.ipDenyPolicy.withSource
withSource(source)
"Source indicates how to determine the ip address to filter on, and can be\none of two values:\n - Remote filters on the ip address of the client, accounting for PROXY and\n X-Forwarded-For as needed.\n - Peer filters on the ip of the network request, ignoring PROXY and\n X-Forwarded-For."
obj spec.routes.jwtVerificationPolicy
"The policy for verifying JWTs for requests to this route."
fn spec.routes.jwtVerificationPolicy.withDisabled
withDisabled(disabled)
"Disabled defines whether to disable all JWT verification for this\nroute. This can be used to opt specific routes out of the default\nJWT provider for the HTTPProxy. At most one of this field or the\n\"require\" field can be specified."
fn spec.routes.jwtVerificationPolicy.withRequire
withRequire(require)
"Require names a specific JWT provider (defined in the virtual host)\nto require for the route. If specified, this field overrides the\ndefault provider if one exists. If this field is not specified,\nthe default provider will be required if one exists. At most one of\nthis field or the \"disabled\" field can be specified."
obj spec.routes.loadBalancerPolicy
"The load balancing policy for this route."
fn spec.routes.loadBalancerPolicy.withRequestHashPolicies
withRequestHashPolicies(requestHashPolicies)
"RequestHashPolicies contains a list of hash policies to apply when the\nRequestHash load balancing strategy is chosen. If an element of the\nsupplied list of hash policies is invalid, it will be ignored. If the\nlist of hash policies is empty after validation, the load balancing\nstrategy will fall back to the default RoundRobin."
fn spec.routes.loadBalancerPolicy.withRequestHashPoliciesMixin
withRequestHashPoliciesMixin(requestHashPolicies)
"RequestHashPolicies contains a list of hash policies to apply when the\nRequestHash load balancing strategy is chosen. If an element of the\nsupplied list of hash policies is invalid, it will be ignored. If the\nlist of hash policies is empty after validation, the load balancing\nstrategy will fall back to the default RoundRobin."
Note: This function appends passed data to existing values
fn spec.routes.loadBalancerPolicy.withStrategy
withStrategy(strategy)
"Strategy specifies the policy used to balance requests\nacross the pool of backend pods. Valid policy names are\nRandom, RoundRobin, WeightedLeastRequest, Cookie,\nand RequestHash. If an unknown strategy name is specified\nor no policy is supplied, the default RoundRobin policy\nis used."
obj spec.routes.loadBalancerPolicy.requestHashPolicies
"RequestHashPolicies contains a list of hash policies to apply when the\nRequestHash load balancing strategy is chosen. If an element of the\nsupplied list of hash policies is invalid, it will be ignored. If the\nlist of hash policies is empty after validation, the load balancing\nstrategy will fall back to the default RoundRobin."
fn spec.routes.loadBalancerPolicy.requestHashPolicies.withHashSourceIP
withHashSourceIP(hashSourceIP)
"HashSourceIP should be set to true when request source IP hash based\nload balancing is desired. It must be the only hash option field set,\notherwise this request hash policy object will be ignored."
fn spec.routes.loadBalancerPolicy.requestHashPolicies.withTerminal
withTerminal(terminal)
"Terminal is a flag that allows for short-circuiting computing of a hash\nfor a given request. If set to true, and the request attribute specified\nin the attribute hash options is present, no further hash policies will\nbe used to calculate a hash for the request."
obj spec.routes.loadBalancerPolicy.requestHashPolicies.headerHashOptions
"HeaderHashOptions should be set when request header hash based load\nbalancing is desired. It must be the only hash option field set,\notherwise this request hash policy object will be ignored."
fn spec.routes.loadBalancerPolicy.requestHashPolicies.headerHashOptions.withHeaderName
withHeaderName(headerName)
"HeaderName is the name of the HTTP request header that will be used to\ncalculate the hash key. If the header specified is not present on a\nrequest, no hash will be produced."
obj spec.routes.loadBalancerPolicy.requestHashPolicies.queryParameterHashOptions
"QueryParameterHashOptions should be set when request query parameter hash based load\nbalancing is desired. It must be the only hash option field set,\notherwise this request hash policy object will be ignored."
fn spec.routes.loadBalancerPolicy.requestHashPolicies.queryParameterHashOptions.withParameterName
withParameterName(parameterName)
"ParameterName is the name of the HTTP request query parameter that will be used to\ncalculate the hash key. If the query parameter specified is not present on a\nrequest, no hash will be produced."
obj spec.routes.pathRewritePolicy
"The policy for rewriting the path of the request URL\nafter the request has been routed to a Service."
fn spec.routes.pathRewritePolicy.withReplacePrefix
withReplacePrefix(replacePrefix)
"ReplacePrefix describes how the path prefix should be replaced."
fn spec.routes.pathRewritePolicy.withReplacePrefixMixin
withReplacePrefixMixin(replacePrefix)
"ReplacePrefix describes how the path prefix should be replaced."
Note: This function appends passed data to existing values
obj spec.routes.pathRewritePolicy.replacePrefix
"ReplacePrefix describes how the path prefix should be replaced."
fn spec.routes.pathRewritePolicy.replacePrefix.withPrefix
withPrefix(prefix)
"Prefix specifies the URL path prefix to be replaced.\nIf Prefix is specified, it must exactly match the MatchCondition\nprefix that is rendered by the chain of including HTTPProxies\nand only that path prefix will be replaced by Replacement.\nThis allows HTTPProxies that are included through multiple\nroots to only replace specific path prefixes, leaving others\nunmodified.\nIf Prefix is not specified, all routing prefixes rendered\nby the include chain will be replaced."
fn spec.routes.pathRewritePolicy.replacePrefix.withReplacement
withReplacement(replacement)
"Replacement is the string that the routing path prefix\nwill be replaced with. This must not be empty."
obj spec.routes.rateLimitPolicy
"The policy for rate limiting on the route."
obj spec.routes.rateLimitPolicy.global
"Global defines global rate limiting parameters, i.e. parameters\ndefining descriptors that are sent to an external rate limit\nservice (RLS) for a rate limit decision on each request."
fn spec.routes.rateLimitPolicy.global.withDescriptors
withDescriptors(descriptors)
"Descriptors defines the list of descriptors that will\nbe generated and sent to the rate limit service. Each\ndescriptor contains 1+ key-value pair entries."
fn spec.routes.rateLimitPolicy.global.withDescriptorsMixin
withDescriptorsMixin(descriptors)
"Descriptors defines the list of descriptors that will\nbe generated and sent to the rate limit service. Each\ndescriptor contains 1+ key-value pair entries."
Note: This function appends passed data to existing values
fn spec.routes.rateLimitPolicy.global.withDisabled
withDisabled(disabled)
"Disabled configures the HTTPProxy to not use\nthe default global rate limit policy defined by the Contour configuration."
obj spec.routes.rateLimitPolicy.global.descriptors
"Descriptors defines the list of descriptors that will\nbe generated and sent to the rate limit service. Each\ndescriptor contains 1+ key-value pair entries."
fn spec.routes.rateLimitPolicy.global.descriptors.withEntries
withEntries(entries)
"Entries is the list of key-value pair generators."
fn spec.routes.rateLimitPolicy.global.descriptors.withEntriesMixin
withEntriesMixin(entries)
"Entries is the list of key-value pair generators."
Note: This function appends passed data to existing values
obj spec.routes.rateLimitPolicy.global.descriptors.entries
"Entries is the list of key-value pair generators."
fn spec.routes.rateLimitPolicy.global.descriptors.entries.withRemoteAddress
withRemoteAddress(remoteAddress)
"RemoteAddress defines a descriptor entry with a key of \"remote_address\"\nand a value equal to the client's IP address (from x-forwarded-for)."
fn spec.routes.rateLimitPolicy.global.descriptors.entries.withRemoteAddressMixin
withRemoteAddressMixin(remoteAddress)
"RemoteAddress defines a descriptor entry with a key of \"remote_address\"\nand a value equal to the client's IP address (from x-forwarded-for)."
Note: This function appends passed data to existing values
obj spec.routes.rateLimitPolicy.global.descriptors.entries.genericKey
"GenericKey defines a descriptor entry with a static key and value."
fn spec.routes.rateLimitPolicy.global.descriptors.entries.genericKey.withKey
withKey(key)
"Key defines the key of the descriptor entry. If not set, the\nkey is set to \"generic_key\"."
fn spec.routes.rateLimitPolicy.global.descriptors.entries.genericKey.withValue
withValue(value)
"Value defines the value of the descriptor entry."
obj spec.routes.rateLimitPolicy.global.descriptors.entries.requestHeader
"RequestHeader defines a descriptor entry that's populated only if\na given header is present on the request. The descriptor key is static,\nand the descriptor value is equal to the value of the header."
fn spec.routes.rateLimitPolicy.global.descriptors.entries.requestHeader.withDescriptorKey
withDescriptorKey(descriptorKey)
"DescriptorKey defines the key to use on the descriptor entry."
fn spec.routes.rateLimitPolicy.global.descriptors.entries.requestHeader.withHeaderName
withHeaderName(headerName)
"HeaderName defines the name of the header to look for on the request."
obj spec.routes.rateLimitPolicy.global.descriptors.entries.requestHeaderValueMatch
"RequestHeaderValueMatch defines a descriptor entry that's populated\nif the request's headers match a set of 1+ match criteria. The\ndescriptor key is \"header_match\", and the descriptor value is static."
fn spec.routes.rateLimitPolicy.global.descriptors.entries.requestHeaderValueMatch.withExpectMatch
withExpectMatch(expectMatch)
"ExpectMatch defines whether the request must positively match the match\ncriteria in order to generate a descriptor entry (i.e. true), or not\nmatch the match criteria in order to generate a descriptor entry (i.e. false).\nThe default is true."
fn spec.routes.rateLimitPolicy.global.descriptors.entries.requestHeaderValueMatch.withHeaders
withHeaders(headers)
"Headers is a list of 1+ match criteria to apply against the request\nto determine whether to populate the descriptor entry or not."
fn spec.routes.rateLimitPolicy.global.descriptors.entries.requestHeaderValueMatch.withHeadersMixin
withHeadersMixin(headers)
"Headers is a list of 1+ match criteria to apply against the request\nto determine whether to populate the descriptor entry or not."
Note: This function appends passed data to existing values
fn spec.routes.rateLimitPolicy.global.descriptors.entries.requestHeaderValueMatch.withValue
withValue(value)
"Value defines the value of the descriptor entry."
obj spec.routes.rateLimitPolicy.global.descriptors.entries.requestHeaderValueMatch.headers
"Headers is a list of 1+ match criteria to apply against the request\nto determine whether to populate the descriptor entry or not."
fn spec.routes.rateLimitPolicy.global.descriptors.entries.requestHeaderValueMatch.headers.withContains
withContains(contains)
"Contains specifies a substring that must be present in\nthe header value."
fn spec.routes.rateLimitPolicy.global.descriptors.entries.requestHeaderValueMatch.headers.withExact
withExact(exact)
"Exact specifies a string that the header value must be equal to."
fn spec.routes.rateLimitPolicy.global.descriptors.entries.requestHeaderValueMatch.headers.withIgnoreCase
withIgnoreCase(ignoreCase)
"IgnoreCase specifies that string matching should be case insensitive.\nNote that this has no effect on the Regex parameter."
fn spec.routes.rateLimitPolicy.global.descriptors.entries.requestHeaderValueMatch.headers.withName
withName(name)
"Name is the name of the header to match against. Name is required.\nHeader names are case insensitive."
fn spec.routes.rateLimitPolicy.global.descriptors.entries.requestHeaderValueMatch.headers.withNotcontains
withNotcontains(notcontains)
"NotContains specifies a substring that must not be present\nin the header value."
fn spec.routes.rateLimitPolicy.global.descriptors.entries.requestHeaderValueMatch.headers.withNotexact
withNotexact(notexact)
"NoExact specifies a string that the header value must not be\nequal to. The condition is true if the header has any other value."
fn spec.routes.rateLimitPolicy.global.descriptors.entries.requestHeaderValueMatch.headers.withNotpresent
withNotpresent(notpresent)
"NotPresent specifies that condition is true when the named header\nis not present. Note that setting NotPresent to false does not\nmake the condition true if the named header is present."
fn spec.routes.rateLimitPolicy.global.descriptors.entries.requestHeaderValueMatch.headers.withPresent
withPresent(present)
"Present specifies that condition is true when the named header\nis present, regardless of its value. Note that setting Present\nto false does not make the condition true if the named header\nis absent."
fn spec.routes.rateLimitPolicy.global.descriptors.entries.requestHeaderValueMatch.headers.withRegex
withRegex(regex)
"Regex specifies a regular expression pattern that must match the header\nvalue."
fn spec.routes.rateLimitPolicy.global.descriptors.entries.requestHeaderValueMatch.headers.withTreatMissingAsEmpty
withTreatMissingAsEmpty(treatMissingAsEmpty)
"TreatMissingAsEmpty specifies if the header match rule specified header\ndoes not exist, this header value will be treated as empty. Defaults to false.\nUnlike the underlying Envoy implementation this is only supported for\nnegative matches (e.g. NotContains, NotExact)."
obj spec.routes.rateLimitPolicy.local
"Local defines local rate limiting parameters, i.e. parameters\nfor rate limiting that occurs within each Envoy pod as requests\nare handled."
fn spec.routes.rateLimitPolicy.local.withBurst
withBurst(burst)
"Burst defines the number of requests above the requests per\nunit that should be allowed within a short period of time."
fn spec.routes.rateLimitPolicy.local.withRequests
withRequests(requests)
"Requests defines how many requests per unit of time should\nbe allowed before rate limiting occurs."
fn spec.routes.rateLimitPolicy.local.withResponseHeadersToAdd
withResponseHeadersToAdd(responseHeadersToAdd)
"ResponseHeadersToAdd is an optional list of response headers to\nset when a request is rate-limited."
fn spec.routes.rateLimitPolicy.local.withResponseHeadersToAddMixin
withResponseHeadersToAddMixin(responseHeadersToAdd)
"ResponseHeadersToAdd is an optional list of response headers to\nset when a request is rate-limited."
Note: This function appends passed data to existing values
fn spec.routes.rateLimitPolicy.local.withResponseStatusCode
withResponseStatusCode(responseStatusCode)
"ResponseStatusCode is the HTTP status code to use for responses\nto rate-limited requests. Codes must be in the 400-599 range\n(inclusive). If not specified, the Envoy default of 429 (Too\nMany Requests) is used."
fn spec.routes.rateLimitPolicy.local.withUnit
withUnit(unit)
"Unit defines the period of time within which requests\nover the limit will be rate limited. Valid values are\n\"second\", \"minute\" and \"hour\"."
obj spec.routes.rateLimitPolicy.local.responseHeadersToAdd
"ResponseHeadersToAdd is an optional list of response headers to\nset when a request is rate-limited."
fn spec.routes.rateLimitPolicy.local.responseHeadersToAdd.withName
withName(name)
"Name represents a key of a header"
fn spec.routes.rateLimitPolicy.local.responseHeadersToAdd.withValue
withValue(value)
"Value represents the value of a header specified by a key"
obj spec.routes.requestHeadersPolicy
"The policy for managing request headers during proxying.\nYou may dynamically rewrite the Host header to be forwarded\nupstream to the content of a request header using\nthe below format \"%REQ(X-Header-Name)%\". If the value of the header\nis empty, it is ignored.\nNOTE: Pay attention to the potential security implications of using this option.\nProvided header must come from trusted source.\n*NOTE: The header rewrite is only done while forwarding and has no bearing\non the routing decision."
fn spec.routes.requestHeadersPolicy.withRemove
withRemove(remove)
"Remove specifies a list of HTTP header names to remove."
fn spec.routes.requestHeadersPolicy.withRemoveMixin
withRemoveMixin(remove)
"Remove specifies a list of HTTP header names to remove."
Note: This function appends passed data to existing values
fn spec.routes.requestHeadersPolicy.withSet
withSet(set)
"Set specifies a list of HTTP header values that will be set in the HTTP header.\nIf the header does not exist it will be added, otherwise it will be overwritten with the new value."
fn spec.routes.requestHeadersPolicy.withSetMixin
withSetMixin(set)
"Set specifies a list of HTTP header values that will be set in the HTTP header.\nIf the header does not exist it will be added, otherwise it will be overwritten with the new value."
Note: This function appends passed data to existing values
obj spec.routes.requestHeadersPolicy.set
"Set specifies a list of HTTP header values that will be set in the HTTP header.\nIf the header does not exist it will be added, otherwise it will be overwritten with the new value."
fn spec.routes.requestHeadersPolicy.set.withName
withName(name)
"Name represents a key of a header"
fn spec.routes.requestHeadersPolicy.set.withValue
withValue(value)
"Value represents the value of a header specified by a key"
obj spec.routes.requestRedirectPolicy
"RequestRedirectPolicy defines an HTTP redirection."
fn spec.routes.requestRedirectPolicy.withHostname
withHostname(hostname)
"Hostname is the precise hostname to be used in the value of the Location\nheader in the response.\nWhen empty, the hostname of the request is used.\nNo wildcards are allowed."
fn spec.routes.requestRedirectPolicy.withPath
withPath(path)
"Path allows for redirection to a different path from the\noriginal on the request. The path must start with a\nleading slash.\nNote: Only one of Path or Prefix can be defined."
fn spec.routes.requestRedirectPolicy.withPort
withPort(port)
"Port is the port to be used in the value of the Location\nheader in the response.\nWhen empty, port (if specified) of the request is used."
fn spec.routes.requestRedirectPolicy.withPrefix
withPrefix(prefix)
"Prefix defines the value to swap the matched prefix or path with.\nThe prefix must start with a leading slash.\nNote: Only one of Path or Prefix can be defined."
fn spec.routes.requestRedirectPolicy.withScheme
withScheme(scheme)
"Scheme is the scheme to be used in the value of the Location\nheader in the response.\nWhen empty, the scheme of the request is used."
fn spec.routes.requestRedirectPolicy.withStatusCode
withStatusCode(statusCode)
"StatusCode is the HTTP status code to be used in response."
obj spec.routes.responseHeadersPolicy
"The policy for managing response headers during proxying.\nRewriting the 'Host' header is not supported."
fn spec.routes.responseHeadersPolicy.withRemove
withRemove(remove)
"Remove specifies a list of HTTP header names to remove."
fn spec.routes.responseHeadersPolicy.withRemoveMixin
withRemoveMixin(remove)
"Remove specifies a list of HTTP header names to remove."
Note: This function appends passed data to existing values
fn spec.routes.responseHeadersPolicy.withSet
withSet(set)
"Set specifies a list of HTTP header values that will be set in the HTTP header.\nIf the header does not exist it will be added, otherwise it will be overwritten with the new value."
fn spec.routes.responseHeadersPolicy.withSetMixin
withSetMixin(set)
"Set specifies a list of HTTP header values that will be set in the HTTP header.\nIf the header does not exist it will be added, otherwise it will be overwritten with the new value."
Note: This function appends passed data to existing values
obj spec.routes.responseHeadersPolicy.set
"Set specifies a list of HTTP header values that will be set in the HTTP header.\nIf the header does not exist it will be added, otherwise it will be overwritten with the new value."
fn spec.routes.responseHeadersPolicy.set.withName
withName(name)
"Name represents a key of a header"
fn spec.routes.responseHeadersPolicy.set.withValue
withValue(value)
"Value represents the value of a header specified by a key"
obj spec.routes.retryPolicy
"The retry policy for this route."
fn spec.routes.retryPolicy.withCount
withCount(count)
"NumRetries is maximum allowed number of retries.\nIf set to -1, then retries are disabled.\nIf set to 0 or not supplied, the value is set\nto the Envoy default of 1."
fn spec.routes.retryPolicy.withPerTryTimeout
withPerTryTimeout(perTryTimeout)
"PerTryTimeout specifies the timeout per retry attempt.\nIgnored if NumRetries is not supplied."
fn spec.routes.retryPolicy.withRetriableStatusCodes
withRetriableStatusCodes(retriableStatusCodes)
"RetriableStatusCodes specifies the HTTP status codes that should be retried.\nThis field is only respected when you include retriable-status-codes in the RetryOn field."
fn spec.routes.retryPolicy.withRetriableStatusCodesMixin
withRetriableStatusCodesMixin(retriableStatusCodes)
"RetriableStatusCodes specifies the HTTP status codes that should be retried.\nThis field is only respected when you include retriable-status-codes in the RetryOn field."
Note: This function appends passed data to existing values
fn spec.routes.retryPolicy.withRetryOn
withRetryOn(retryOn)
"RetryOn specifies the conditions on which to retry a request.\nSupported HTTP conditions:\n- 5xx\n- gateway-error\n- reset\n- connect-failure\n- retriable-4xx\n- refused-stream\n- retriable-status-codes\n- retriable-headers\nSupported gRPC conditions:\n- cancelled\n- deadline-exceeded\n- internal\n- resource-exhausted\n- unavailable"
fn spec.routes.retryPolicy.withRetryOnMixin
withRetryOnMixin(retryOn)
"RetryOn specifies the conditions on which to retry a request.\nSupported HTTP conditions:\n- 5xx\n- gateway-error\n- reset\n- connect-failure\n- retriable-4xx\n- refused-stream\n- retriable-status-codes\n- retriable-headers\nSupported gRPC conditions:\n- cancelled\n- deadline-exceeded\n- internal\n- resource-exhausted\n- unavailable"
Note: This function appends passed data to existing values
obj spec.routes.services
"Services are the services to proxy traffic."
fn spec.routes.services.withCookieRewritePolicies
withCookieRewritePolicies(cookieRewritePolicies)
"The policies for rewriting Set-Cookie header attributes."
fn spec.routes.services.withCookieRewritePoliciesMixin
withCookieRewritePoliciesMixin(cookieRewritePolicies)
"The policies for rewriting Set-Cookie header attributes."
Note: This function appends passed data to existing values
fn spec.routes.services.withHealthPort
withHealthPort(healthPort)
"HealthPort is the port for this service healthcheck.\nIf not specified, Port is used for service healthchecks."
fn spec.routes.services.withMirror
withMirror(mirror)
"If Mirror is true the Service will receive a read only mirror of the traffic for this route.\nIf Mirror is true, then fractional mirroring can be enabled by optionally setting the Weight\nfield. Legal values for Weight are 1-100. Omitting the Weight field will result in 100% mirroring.\nNOTE: Setting Weight explicitly to 0 will unexpectedly result in 100% traffic mirroring. This\noccurs since we cannot distinguish omitted fields from those explicitly set to their default\nvalues"
fn spec.routes.services.withName
withName(name)
"Name is the name of Kubernetes service to proxy traffic.\nNames defined here will be used to look up corresponding endpoints which contain the ips to route."
fn spec.routes.services.withPort
withPort(port)
"Port (defined as Integer) to proxy traffic to since a service can have multiple defined."
fn spec.routes.services.withProtocol
withProtocol(protocol)
"Protocol may be used to specify (or override) the protocol used to reach this Service.\nValues may be tls, h2, h2c. If omitted, protocol-selection falls back on Service annotations."
fn spec.routes.services.withWeight
withWeight(weight)
"Weight defines percentage of traffic to balance traffic"
obj spec.routes.services.cookieRewritePolicies
"The policies for rewriting Set-Cookie header attributes."
fn spec.routes.services.cookieRewritePolicies.withName
withName(name)
"Name is the name of the cookie for which attributes will be rewritten."
fn spec.routes.services.cookieRewritePolicies.withSameSite
withSameSite(sameSite)
"SameSite enables rewriting the Set-Cookie SameSite element.\nIf not set, SameSite attribute will not be rewritten."
fn spec.routes.services.cookieRewritePolicies.withSecure
withSecure(secure)
"Secure enables rewriting the Set-Cookie Secure element.\nIf not set, Secure attribute will not be rewritten."
obj spec.routes.services.cookieRewritePolicies.domainRewrite
"DomainRewrite enables rewriting the Set-Cookie Domain element.\nIf not set, Domain will not be rewritten."
fn spec.routes.services.cookieRewritePolicies.domainRewrite.withValue
withValue(value)
"Value is the value to rewrite the Domain attribute to.\nFor now this is required."
obj spec.routes.services.cookieRewritePolicies.pathRewrite
"PathRewrite enables rewriting the Set-Cookie Path element.\nIf not set, Path will not be rewritten."
fn spec.routes.services.cookieRewritePolicies.pathRewrite.withValue
withValue(value)
"Value is the value to rewrite the Path attribute to.\nFor now this is required."
obj spec.routes.services.requestHeadersPolicy
"The policy for managing request headers during proxying."
fn spec.routes.services.requestHeadersPolicy.withRemove
withRemove(remove)
"Remove specifies a list of HTTP header names to remove."
fn spec.routes.services.requestHeadersPolicy.withRemoveMixin
withRemoveMixin(remove)
"Remove specifies a list of HTTP header names to remove."
Note: This function appends passed data to existing values
fn spec.routes.services.requestHeadersPolicy.withSet
withSet(set)
"Set specifies a list of HTTP header values that will be set in the HTTP header.\nIf the header does not exist it will be added, otherwise it will be overwritten with the new value."
fn spec.routes.services.requestHeadersPolicy.withSetMixin
withSetMixin(set)
"Set specifies a list of HTTP header values that will be set in the HTTP header.\nIf the header does not exist it will be added, otherwise it will be overwritten with the new value."
Note: This function appends passed data to existing values
obj spec.routes.services.requestHeadersPolicy.set
"Set specifies a list of HTTP header values that will be set in the HTTP header.\nIf the header does not exist it will be added, otherwise it will be overwritten with the new value."
fn spec.routes.services.requestHeadersPolicy.set.withName
withName(name)
"Name represents a key of a header"
fn spec.routes.services.requestHeadersPolicy.set.withValue
withValue(value)
"Value represents the value of a header specified by a key"
obj spec.routes.services.responseHeadersPolicy
"The policy for managing response headers during proxying.\nRewriting the 'Host' header is not supported."
fn spec.routes.services.responseHeadersPolicy.withRemove
withRemove(remove)
"Remove specifies a list of HTTP header names to remove."
fn spec.routes.services.responseHeadersPolicy.withRemoveMixin
withRemoveMixin(remove)
"Remove specifies a list of HTTP header names to remove."
Note: This function appends passed data to existing values
fn spec.routes.services.responseHeadersPolicy.withSet
withSet(set)
"Set specifies a list of HTTP header values that will be set in the HTTP header.\nIf the header does not exist it will be added, otherwise it will be overwritten with the new value."
fn spec.routes.services.responseHeadersPolicy.withSetMixin
withSetMixin(set)
"Set specifies a list of HTTP header values that will be set in the HTTP header.\nIf the header does not exist it will be added, otherwise it will be overwritten with the new value."
Note: This function appends passed data to existing values
obj spec.routes.services.responseHeadersPolicy.set
"Set specifies a list of HTTP header values that will be set in the HTTP header.\nIf the header does not exist it will be added, otherwise it will be overwritten with the new value."
fn spec.routes.services.responseHeadersPolicy.set.withName
withName(name)
"Name represents a key of a header"
fn spec.routes.services.responseHeadersPolicy.set.withValue
withValue(value)
"Value represents the value of a header specified by a key"
obj spec.routes.services.slowStartPolicy
"Slow start will gradually increase amount of traffic to a newly added endpoint."
fn spec.routes.services.slowStartPolicy.withAggression
withAggression(aggression)
"The speed of traffic increase over the slow start window.\nDefaults to 1.0, so that endpoint would get linearly increasing amount of traffic.\nWhen increasing the value for this parameter, the speed of traffic ramp-up increases non-linearly.\nThe value of aggression parameter should be greater than 0.0.\nMore info: https://www.envoyproxy.io/docs/envoy/latest/intro/arch_overview/upstream/load_balancing/slow_start"
fn spec.routes.services.slowStartPolicy.withMinWeightPercent
withMinWeightPercent(minWeightPercent)
"The minimum or starting percentage of traffic to send to new endpoints.\nA non-zero value helps avoid a too small initial weight, which may cause endpoints in slow start mode to receive no traffic in the beginning of the slow start window.\nIf not specified, the default is 10%."
fn spec.routes.services.slowStartPolicy.withWindow
withWindow(window)
"The duration of slow start window.\nDuration is expressed in the Go Duration format.\nValid time units are \"ns\", \"us\" (or \"µs\"), \"ms\", \"s\", \"m\", \"h\"."
obj spec.routes.services.validation
"UpstreamValidation defines how to verify the backend service's certificate"
fn spec.routes.services.validation.withCaSecret
withCaSecret(caSecret)
"Name or namespaced name of the Kubernetes secret used to validate the certificate presented by the backend.\nThe secret must contain key named ca.crt.\nThe name can be optionally prefixed with namespace \"namespace/name\".\nWhen cross-namespace reference is used, TLSCertificateDelegation resource must exist in the namespace to grant access to the secret.\nMax length should be the actual max possible length of a namespaced name (63 + 253 + 1 = 317)"
fn spec.routes.services.validation.withSubjectName
withSubjectName(subjectName)
"Key which is expected to be present in the 'subjectAltName' of the presented certificate.\nDeprecated: migrate to using the plural field subjectNames."
fn spec.routes.services.validation.withSubjectNames
withSubjectNames(subjectNames)
"List of keys, of which at least one is expected to be present in the 'subjectAltName of the\npresented certificate."
fn spec.routes.services.validation.withSubjectNamesMixin
withSubjectNamesMixin(subjectNames)
"List of keys, of which at least one is expected to be present in the 'subjectAltName of the\npresented certificate."
Note: This function appends passed data to existing values
obj spec.routes.timeoutPolicy
"The timeout policy for this route."
fn spec.routes.timeoutPolicy.withIdle
withIdle(idle)
"Timeout for how long the proxy should wait while there is no activity during single request/response (for HTTP/1.1) or stream (for HTTP/2).\nTimeout will not trigger while HTTP/1.1 connection is idle between two consecutive requests.\nIf not specified, there is no per-route idle timeout, though a connection manager-wide\nstream_idle_timeout default of 5m still applies."
fn spec.routes.timeoutPolicy.withIdleConnection
withIdleConnection(idleConnection)
"Timeout for how long connection from the proxy to the upstream service is kept when there are no active requests.\nIf not supplied, Envoy's default value of 1h applies."
fn spec.routes.timeoutPolicy.withResponse
withResponse(response)
"Timeout for receiving a response from the server after processing a request from client.\nIf not supplied, Envoy's default value of 15s applies."
obj spec.tcpproxy
"TCPProxy holds TCP proxy information."
fn spec.tcpproxy.withServices
withServices(services)
"Services are the services to proxy traffic"
fn spec.tcpproxy.withServicesMixin
withServicesMixin(services)
"Services are the services to proxy traffic"
Note: This function appends passed data to existing values
obj spec.tcpproxy.healthCheckPolicy
"The health check policy for this tcp proxy"
fn spec.tcpproxy.healthCheckPolicy.withHealthyThresholdCount
withHealthyThresholdCount(healthyThresholdCount)
"The number of healthy health checks required before a host is marked healthy"
fn spec.tcpproxy.healthCheckPolicy.withIntervalSeconds
withIntervalSeconds(intervalSeconds)
"The interval (seconds) between health checks"
fn spec.tcpproxy.healthCheckPolicy.withTimeoutSeconds
withTimeoutSeconds(timeoutSeconds)
"The time to wait (seconds) for a health check response"
fn spec.tcpproxy.healthCheckPolicy.withUnhealthyThresholdCount
withUnhealthyThresholdCount(unhealthyThresholdCount)
"The number of unhealthy health checks required before a host is marked unhealthy"
obj spec.tcpproxy.include
"Include specifies that this tcpproxy should be delegated to another HTTPProxy."
fn spec.tcpproxy.include.withName
withName(name)
"Name of the child HTTPProxy"
fn spec.tcpproxy.include.withNamespace
withNamespace(namespace)
"Namespace of the HTTPProxy to include. Defaults to the current namespace if not supplied."
obj spec.tcpproxy.includes
"IncludesDeprecated allow for specific routing configuration to be appended to another HTTPProxy in another namespace.\nExists due to a mistake when developing HTTPProxy and the field was marked plural\nwhen it should have been singular. This field should stay to not break backwards compatibility to v1 users."
fn spec.tcpproxy.includes.withName
withName(name)
"Name of the child HTTPProxy"
fn spec.tcpproxy.includes.withNamespace
withNamespace(namespace)
"Namespace of the HTTPProxy to include. Defaults to the current namespace if not supplied."
obj spec.tcpproxy.loadBalancerPolicy
"The load balancing policy for the backend services. Note that the\nCookie and RequestHash load balancing strategies cannot be used\nhere."
fn spec.tcpproxy.loadBalancerPolicy.withRequestHashPolicies
withRequestHashPolicies(requestHashPolicies)
"RequestHashPolicies contains a list of hash policies to apply when the\nRequestHash load balancing strategy is chosen. If an element of the\nsupplied list of hash policies is invalid, it will be ignored. If the\nlist of hash policies is empty after validation, the load balancing\nstrategy will fall back to the default RoundRobin."
fn spec.tcpproxy.loadBalancerPolicy.withRequestHashPoliciesMixin
withRequestHashPoliciesMixin(requestHashPolicies)
"RequestHashPolicies contains a list of hash policies to apply when the\nRequestHash load balancing strategy is chosen. If an element of the\nsupplied list of hash policies is invalid, it will be ignored. If the\nlist of hash policies is empty after validation, the load balancing\nstrategy will fall back to the default RoundRobin."
Note: This function appends passed data to existing values
fn spec.tcpproxy.loadBalancerPolicy.withStrategy
withStrategy(strategy)
"Strategy specifies the policy used to balance requests\nacross the pool of backend pods. Valid policy names are\nRandom, RoundRobin, WeightedLeastRequest, Cookie,\nand RequestHash. If an unknown strategy name is specified\nor no policy is supplied, the default RoundRobin policy\nis used."
obj spec.tcpproxy.loadBalancerPolicy.requestHashPolicies
"RequestHashPolicies contains a list of hash policies to apply when the\nRequestHash load balancing strategy is chosen. If an element of the\nsupplied list of hash policies is invalid, it will be ignored. If the\nlist of hash policies is empty after validation, the load balancing\nstrategy will fall back to the default RoundRobin."
fn spec.tcpproxy.loadBalancerPolicy.requestHashPolicies.withHashSourceIP
withHashSourceIP(hashSourceIP)
"HashSourceIP should be set to true when request source IP hash based\nload balancing is desired. It must be the only hash option field set,\notherwise this request hash policy object will be ignored."
fn spec.tcpproxy.loadBalancerPolicy.requestHashPolicies.withTerminal
withTerminal(terminal)
"Terminal is a flag that allows for short-circuiting computing of a hash\nfor a given request. If set to true, and the request attribute specified\nin the attribute hash options is present, no further hash policies will\nbe used to calculate a hash for the request."
obj spec.tcpproxy.loadBalancerPolicy.requestHashPolicies.headerHashOptions
"HeaderHashOptions should be set when request header hash based load\nbalancing is desired. It must be the only hash option field set,\notherwise this request hash policy object will be ignored."
fn spec.tcpproxy.loadBalancerPolicy.requestHashPolicies.headerHashOptions.withHeaderName
withHeaderName(headerName)
"HeaderName is the name of the HTTP request header that will be used to\ncalculate the hash key. If the header specified is not present on a\nrequest, no hash will be produced."
obj spec.tcpproxy.loadBalancerPolicy.requestHashPolicies.queryParameterHashOptions
"QueryParameterHashOptions should be set when request query parameter hash based load\nbalancing is desired. It must be the only hash option field set,\notherwise this request hash policy object will be ignored."
fn spec.tcpproxy.loadBalancerPolicy.requestHashPolicies.queryParameterHashOptions.withParameterName
withParameterName(parameterName)
"ParameterName is the name of the HTTP request query parameter that will be used to\ncalculate the hash key. If the query parameter specified is not present on a\nrequest, no hash will be produced."
obj spec.tcpproxy.services
"Services are the services to proxy traffic"
fn spec.tcpproxy.services.withCookieRewritePolicies
withCookieRewritePolicies(cookieRewritePolicies)
"The policies for rewriting Set-Cookie header attributes."
fn spec.tcpproxy.services.withCookieRewritePoliciesMixin
withCookieRewritePoliciesMixin(cookieRewritePolicies)
"The policies for rewriting Set-Cookie header attributes."
Note: This function appends passed data to existing values
fn spec.tcpproxy.services.withHealthPort
withHealthPort(healthPort)
"HealthPort is the port for this service healthcheck.\nIf not specified, Port is used for service healthchecks."
fn spec.tcpproxy.services.withMirror
withMirror(mirror)
"If Mirror is true the Service will receive a read only mirror of the traffic for this route.\nIf Mirror is true, then fractional mirroring can be enabled by optionally setting the Weight\nfield. Legal values for Weight are 1-100. Omitting the Weight field will result in 100% mirroring.\nNOTE: Setting Weight explicitly to 0 will unexpectedly result in 100% traffic mirroring. This\noccurs since we cannot distinguish omitted fields from those explicitly set to their default\nvalues"
fn spec.tcpproxy.services.withName
withName(name)
"Name is the name of Kubernetes service to proxy traffic.\nNames defined here will be used to look up corresponding endpoints which contain the ips to route."
fn spec.tcpproxy.services.withPort
withPort(port)
"Port (defined as Integer) to proxy traffic to since a service can have multiple defined."
fn spec.tcpproxy.services.withProtocol
withProtocol(protocol)
"Protocol may be used to specify (or override) the protocol used to reach this Service.\nValues may be tls, h2, h2c. If omitted, protocol-selection falls back on Service annotations."
fn spec.tcpproxy.services.withWeight
withWeight(weight)
"Weight defines percentage of traffic to balance traffic"
obj spec.tcpproxy.services.cookieRewritePolicies
"The policies for rewriting Set-Cookie header attributes."
fn spec.tcpproxy.services.cookieRewritePolicies.withName
withName(name)
"Name is the name of the cookie for which attributes will be rewritten."
fn spec.tcpproxy.services.cookieRewritePolicies.withSameSite
withSameSite(sameSite)
"SameSite enables rewriting the Set-Cookie SameSite element.\nIf not set, SameSite attribute will not be rewritten."
fn spec.tcpproxy.services.cookieRewritePolicies.withSecure
withSecure(secure)
"Secure enables rewriting the Set-Cookie Secure element.\nIf not set, Secure attribute will not be rewritten."
obj spec.tcpproxy.services.cookieRewritePolicies.domainRewrite
"DomainRewrite enables rewriting the Set-Cookie Domain element.\nIf not set, Domain will not be rewritten."
fn spec.tcpproxy.services.cookieRewritePolicies.domainRewrite.withValue
withValue(value)
"Value is the value to rewrite the Domain attribute to.\nFor now this is required."
obj spec.tcpproxy.services.cookieRewritePolicies.pathRewrite
"PathRewrite enables rewriting the Set-Cookie Path element.\nIf not set, Path will not be rewritten."
fn spec.tcpproxy.services.cookieRewritePolicies.pathRewrite.withValue
withValue(value)
"Value is the value to rewrite the Path attribute to.\nFor now this is required."
obj spec.tcpproxy.services.requestHeadersPolicy
"The policy for managing request headers during proxying."
fn spec.tcpproxy.services.requestHeadersPolicy.withRemove
withRemove(remove)
"Remove specifies a list of HTTP header names to remove."
fn spec.tcpproxy.services.requestHeadersPolicy.withRemoveMixin
withRemoveMixin(remove)
"Remove specifies a list of HTTP header names to remove."
Note: This function appends passed data to existing values
fn spec.tcpproxy.services.requestHeadersPolicy.withSet
withSet(set)
"Set specifies a list of HTTP header values that will be set in the HTTP header.\nIf the header does not exist it will be added, otherwise it will be overwritten with the new value."
fn spec.tcpproxy.services.requestHeadersPolicy.withSetMixin
withSetMixin(set)
"Set specifies a list of HTTP header values that will be set in the HTTP header.\nIf the header does not exist it will be added, otherwise it will be overwritten with the new value."
Note: This function appends passed data to existing values
obj spec.tcpproxy.services.requestHeadersPolicy.set
"Set specifies a list of HTTP header values that will be set in the HTTP header.\nIf the header does not exist it will be added, otherwise it will be overwritten with the new value."
fn spec.tcpproxy.services.requestHeadersPolicy.set.withName
withName(name)
"Name represents a key of a header"
fn spec.tcpproxy.services.requestHeadersPolicy.set.withValue
withValue(value)
"Value represents the value of a header specified by a key"
obj spec.tcpproxy.services.responseHeadersPolicy
"The policy for managing response headers during proxying.\nRewriting the 'Host' header is not supported."
fn spec.tcpproxy.services.responseHeadersPolicy.withRemove
withRemove(remove)
"Remove specifies a list of HTTP header names to remove."
fn spec.tcpproxy.services.responseHeadersPolicy.withRemoveMixin
withRemoveMixin(remove)
"Remove specifies a list of HTTP header names to remove."
Note: This function appends passed data to existing values
fn spec.tcpproxy.services.responseHeadersPolicy.withSet
withSet(set)
"Set specifies a list of HTTP header values that will be set in the HTTP header.\nIf the header does not exist it will be added, otherwise it will be overwritten with the new value."
fn spec.tcpproxy.services.responseHeadersPolicy.withSetMixin
withSetMixin(set)
"Set specifies a list of HTTP header values that will be set in the HTTP header.\nIf the header does not exist it will be added, otherwise it will be overwritten with the new value."
Note: This function appends passed data to existing values
obj spec.tcpproxy.services.responseHeadersPolicy.set
"Set specifies a list of HTTP header values that will be set in the HTTP header.\nIf the header does not exist it will be added, otherwise it will be overwritten with the new value."
fn spec.tcpproxy.services.responseHeadersPolicy.set.withName
withName(name)
"Name represents a key of a header"
fn spec.tcpproxy.services.responseHeadersPolicy.set.withValue
withValue(value)
"Value represents the value of a header specified by a key"
obj spec.tcpproxy.services.slowStartPolicy
"Slow start will gradually increase amount of traffic to a newly added endpoint."
fn spec.tcpproxy.services.slowStartPolicy.withAggression
withAggression(aggression)
"The speed of traffic increase over the slow start window.\nDefaults to 1.0, so that endpoint would get linearly increasing amount of traffic.\nWhen increasing the value for this parameter, the speed of traffic ramp-up increases non-linearly.\nThe value of aggression parameter should be greater than 0.0.\nMore info: https://www.envoyproxy.io/docs/envoy/latest/intro/arch_overview/upstream/load_balancing/slow_start"
fn spec.tcpproxy.services.slowStartPolicy.withMinWeightPercent
withMinWeightPercent(minWeightPercent)
"The minimum or starting percentage of traffic to send to new endpoints.\nA non-zero value helps avoid a too small initial weight, which may cause endpoints in slow start mode to receive no traffic in the beginning of the slow start window.\nIf not specified, the default is 10%."
fn spec.tcpproxy.services.slowStartPolicy.withWindow
withWindow(window)
"The duration of slow start window.\nDuration is expressed in the Go Duration format.\nValid time units are \"ns\", \"us\" (or \"µs\"), \"ms\", \"s\", \"m\", \"h\"."
obj spec.tcpproxy.services.validation
"UpstreamValidation defines how to verify the backend service's certificate"
fn spec.tcpproxy.services.validation.withCaSecret
withCaSecret(caSecret)
"Name or namespaced name of the Kubernetes secret used to validate the certificate presented by the backend.\nThe secret must contain key named ca.crt.\nThe name can be optionally prefixed with namespace \"namespace/name\".\nWhen cross-namespace reference is used, TLSCertificateDelegation resource must exist in the namespace to grant access to the secret.\nMax length should be the actual max possible length of a namespaced name (63 + 253 + 1 = 317)"
fn spec.tcpproxy.services.validation.withSubjectName
withSubjectName(subjectName)
"Key which is expected to be present in the 'subjectAltName' of the presented certificate.\nDeprecated: migrate to using the plural field subjectNames."
fn spec.tcpproxy.services.validation.withSubjectNames
withSubjectNames(subjectNames)
"List of keys, of which at least one is expected to be present in the 'subjectAltName of the\npresented certificate."
fn spec.tcpproxy.services.validation.withSubjectNamesMixin
withSubjectNamesMixin(subjectNames)
"List of keys, of which at least one is expected to be present in the 'subjectAltName of the\npresented certificate."
Note: This function appends passed data to existing values
obj spec.virtualhost
"Virtualhost appears at most once. If it is present, the object is considered\nto be a \"root\" HTTPProxy."
fn spec.virtualhost.withFqdn
withFqdn(fqdn)
"The fully qualified domain name of the root of the ingress tree\nall leaves of the DAG rooted at this object relate to the fqdn."
fn spec.virtualhost.withIpAllowPolicy
withIpAllowPolicy(ipAllowPolicy)
"IPAllowFilterPolicy is a list of ipv4/6 filter rules for which matching\nrequests should be allowed. All other requests will be denied.\nOnly one of IPAllowFilterPolicy and IPDenyFilterPolicy can be defined.\nThe rules defined here may be overridden in a Route."
fn spec.virtualhost.withIpAllowPolicyMixin
withIpAllowPolicyMixin(ipAllowPolicy)
"IPAllowFilterPolicy is a list of ipv4/6 filter rules for which matching\nrequests should be allowed. All other requests will be denied.\nOnly one of IPAllowFilterPolicy and IPDenyFilterPolicy can be defined.\nThe rules defined here may be overridden in a Route."
Note: This function appends passed data to existing values
fn spec.virtualhost.withIpDenyPolicy
withIpDenyPolicy(ipDenyPolicy)
"IPDenyFilterPolicy is a list of ipv4/6 filter rules for which matching\nrequests should be denied. All other requests will be allowed.\nOnly one of IPAllowFilterPolicy and IPDenyFilterPolicy can be defined.\nThe rules defined here may be overridden in a Route."
fn spec.virtualhost.withIpDenyPolicyMixin
withIpDenyPolicyMixin(ipDenyPolicy)
"IPDenyFilterPolicy is a list of ipv4/6 filter rules for which matching\nrequests should be denied. All other requests will be allowed.\nOnly one of IPAllowFilterPolicy and IPDenyFilterPolicy can be defined.\nThe rules defined here may be overridden in a Route."
Note: This function appends passed data to existing values
fn spec.virtualhost.withJwtProviders
withJwtProviders(jwtProviders)
"Providers to use for verifying JSON Web Tokens (JWTs) on the virtual host."
fn spec.virtualhost.withJwtProvidersMixin
withJwtProvidersMixin(jwtProviders)
"Providers to use for verifying JSON Web Tokens (JWTs) on the virtual host."
Note: This function appends passed data to existing values
obj spec.virtualhost.authorization
"This field configures an extension service to perform\nauthorization for this virtual host. Authorization can\nonly be configured on virtual hosts that have TLS enabled.\nIf the TLS configuration requires client certificate\nvalidation, the client certificate is always included in the\nauthentication check request."
fn spec.virtualhost.authorization.withFailOpen
withFailOpen(failOpen)
"If FailOpen is true, the client request is forwarded to the upstream service\neven if the authorization server fails to respond. This field should not be\nset in most cases. It is intended for use only while migrating applications\nfrom internal authorization to Contour external authorization."
fn spec.virtualhost.authorization.withResponseTimeout
withResponseTimeout(responseTimeout)
"ResponseTimeout configures maximum time to wait for a check response from the authorization server.\nTimeout durations are expressed in the Go Duration format.\nValid time units are \"ns\", \"us\" (or \"µs\"), \"ms\", \"s\", \"m\", \"h\".\nThe string \"infinity\" is also a valid input and specifies no timeout."
obj spec.virtualhost.authorization.authPolicy
"AuthPolicy sets a default authorization policy for client requests.\nThis policy will be used unless overridden by individual routes."
fn spec.virtualhost.authorization.authPolicy.withContext
withContext(context)
"Context is a set of key/value pairs that are sent to the\nauthentication server in the check request. If a context\nis provided at an enclosing scope, the entries are merged\nsuch that the inner scope overrides matching keys from the\nouter scope."
fn spec.virtualhost.authorization.authPolicy.withContextMixin
withContextMixin(context)
"Context is a set of key/value pairs that are sent to the\nauthentication server in the check request. If a context\nis provided at an enclosing scope, the entries are merged\nsuch that the inner scope overrides matching keys from the\nouter scope."
Note: This function appends passed data to existing values
fn spec.virtualhost.authorization.authPolicy.withDisabled
withDisabled(disabled)
"When true, this field disables client request authentication\nfor the scope of the policy."
obj spec.virtualhost.authorization.extensionRef
"ExtensionServiceRef specifies the extension resource that will authorize client requests."
fn spec.virtualhost.authorization.extensionRef.withApiVersion
withApiVersion(apiVersion)
"API version of the referent.\nIf this field is not specified, the default \"projectcontour.io/v1alpha1\" will be used"
fn spec.virtualhost.authorization.extensionRef.withName
withName(name)
"Name of the referent.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names"
fn spec.virtualhost.authorization.extensionRef.withNamespace
withNamespace(namespace)
"Namespace of the referent.\nIf this field is not specifies, the namespace of the resource that targets the referent will be used.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/"
obj spec.virtualhost.authorization.withRequestBody
"WithRequestBody specifies configuration for sending the client request's body to authorization server."
fn spec.virtualhost.authorization.withRequestBody.withAllowPartialMessage
withAllowPartialMessage(allowPartialMessage)
"If AllowPartialMessage is true, then Envoy will buffer the body until MaxRequestBytes are reached."
fn spec.virtualhost.authorization.withRequestBody.withMaxRequestBytes
withMaxRequestBytes(maxRequestBytes)
"MaxRequestBytes sets the maximum size of message body ExtAuthz filter will hold in-memory."
fn spec.virtualhost.authorization.withRequestBody.withPackAsBytes
withPackAsBytes(packAsBytes)
"If PackAsBytes is true, the body sent to Authorization Server is in raw bytes."
obj spec.virtualhost.corsPolicy
"Specifies the cross-origin policy to apply to the VirtualHost."
fn spec.virtualhost.corsPolicy.withAllowCredentials
withAllowCredentials(allowCredentials)
"Specifies whether the resource allows credentials."
fn spec.virtualhost.corsPolicy.withAllowHeaders
withAllowHeaders(allowHeaders)
"AllowHeaders specifies the content for the access-control-allow-headers header."
fn spec.virtualhost.corsPolicy.withAllowHeadersMixin
withAllowHeadersMixin(allowHeaders)
"AllowHeaders specifies the content for the access-control-allow-headers header."
Note: This function appends passed data to existing values
fn spec.virtualhost.corsPolicy.withAllowMethods
withAllowMethods(allowMethods)
"AllowMethods specifies the content for the access-control-allow-methods header."
fn spec.virtualhost.corsPolicy.withAllowMethodsMixin
withAllowMethodsMixin(allowMethods)
"AllowMethods specifies the content for the access-control-allow-methods header."
Note: This function appends passed data to existing values
fn spec.virtualhost.corsPolicy.withAllowOrigin
withAllowOrigin(allowOrigin)
"AllowOrigin specifies the origins that will be allowed to do CORS requests.\nAllowed values include \"\" which signifies any origin is allowed, an exact\norigin of the form \"scheme://host[:port]\" (where port is optional), or a valid\nregex pattern.\nNote that regex patterns are validated and a simple \"glob\" pattern (e.g. .foo.com)\nwill be rejected or produce unexpected matches when applied as a regex."
fn spec.virtualhost.corsPolicy.withAllowOriginMixin
withAllowOriginMixin(allowOrigin)
"AllowOrigin specifies the origins that will be allowed to do CORS requests.\nAllowed values include \"\" which signifies any origin is allowed, an exact\norigin of the form \"scheme://host[:port]\" (where port is optional), or a valid\nregex pattern.\nNote that regex patterns are validated and a simple \"glob\" pattern (e.g. .foo.com)\nwill be rejected or produce unexpected matches when applied as a regex."
Note: This function appends passed data to existing values
fn spec.virtualhost.corsPolicy.withAllowPrivateNetwork
withAllowPrivateNetwork(allowPrivateNetwork)
"AllowPrivateNetwork specifies whether to allow private network requests.\nSee https://developer.chrome.com/blog/private-network-access-preflight."
fn spec.virtualhost.corsPolicy.withExposeHeaders
withExposeHeaders(exposeHeaders)
"ExposeHeaders Specifies the content for the access-control-expose-headers header."
fn spec.virtualhost.corsPolicy.withExposeHeadersMixin
withExposeHeadersMixin(exposeHeaders)
"ExposeHeaders Specifies the content for the access-control-expose-headers header."
Note: This function appends passed data to existing values
fn spec.virtualhost.corsPolicy.withMaxAge
withMaxAge(maxAge)
"MaxAge indicates for how long the results of a preflight request can be cached.\nMaxAge durations are expressed in the Go Duration format.\nValid time units are \"ns\", \"us\" (or \"µs\"), \"ms\", \"s\", \"m\", \"h\".\nOnly positive values are allowed while 0 disables the cache requiring a preflight OPTIONS\ncheck for all cross-origin requests."
obj spec.virtualhost.ipAllowPolicy
"IPAllowFilterPolicy is a list of ipv4/6 filter rules for which matching\nrequests should be allowed. All other requests will be denied.\nOnly one of IPAllowFilterPolicy and IPDenyFilterPolicy can be defined.\nThe rules defined here may be overridden in a Route."
fn spec.virtualhost.ipAllowPolicy.withCidr
withCidr(cidr)
"CIDR is a CIDR block of ipv4 or ipv6 addresses to filter on. This can also be\na bare IP address (without a mask) to filter on exactly one address."
fn spec.virtualhost.ipAllowPolicy.withSource
withSource(source)
"Source indicates how to determine the ip address to filter on, and can be\none of two values:\n - Remote filters on the ip address of the client, accounting for PROXY and\n X-Forwarded-For as needed.\n - Peer filters on the ip of the network request, ignoring PROXY and\n X-Forwarded-For."
obj spec.virtualhost.ipDenyPolicy
"IPDenyFilterPolicy is a list of ipv4/6 filter rules for which matching\nrequests should be denied. All other requests will be allowed.\nOnly one of IPAllowFilterPolicy and IPDenyFilterPolicy can be defined.\nThe rules defined here may be overridden in a Route."
fn spec.virtualhost.ipDenyPolicy.withCidr
withCidr(cidr)
"CIDR is a CIDR block of ipv4 or ipv6 addresses to filter on. This can also be\na bare IP address (without a mask) to filter on exactly one address."
fn spec.virtualhost.ipDenyPolicy.withSource
withSource(source)
"Source indicates how to determine the ip address to filter on, and can be\none of two values:\n - Remote filters on the ip address of the client, accounting for PROXY and\n X-Forwarded-For as needed.\n - Peer filters on the ip of the network request, ignoring PROXY and\n X-Forwarded-For."
obj spec.virtualhost.jwtProviders
"Providers to use for verifying JSON Web Tokens (JWTs) on the virtual host."
fn spec.virtualhost.jwtProviders.withAudiences
withAudiences(audiences)
"Audiences that JWTs are allowed to have in the \"aud\" field.\nIf not provided, JWT audiences are not checked."
fn spec.virtualhost.jwtProviders.withAudiencesMixin
withAudiencesMixin(audiences)
"Audiences that JWTs are allowed to have in the \"aud\" field.\nIf not provided, JWT audiences are not checked."
Note: This function appends passed data to existing values
fn spec.virtualhost.jwtProviders.withDefault
withDefault(default)
"Whether the provider should apply to all\nroutes in the HTTPProxy/its includes by\ndefault. At most one provider can be marked\nas the default. If no provider is marked\nas the default, individual routes must explicitly\nidentify the provider they require."
fn spec.virtualhost.jwtProviders.withForwardJWT
withForwardJWT(forwardJWT)
"Whether the JWT should be forwarded to the backend\nservice after successful verification. By default,\nthe JWT is not forwarded."
fn spec.virtualhost.jwtProviders.withIssuer
withIssuer(issuer)
"Issuer that JWTs are required to have in the \"iss\" field.\nIf not provided, JWT issuers are not checked."
fn spec.virtualhost.jwtProviders.withName
withName(name)
"Unique name for the provider."
obj spec.virtualhost.jwtProviders.remoteJWKS
"Remote JWKS to use for verifying JWT signatures."
fn spec.virtualhost.jwtProviders.remoteJWKS.withCacheDuration
withCacheDuration(cacheDuration)
"How long to cache the JWKS locally. If not specified,\nEnvoy's default of 5m applies."
fn spec.virtualhost.jwtProviders.remoteJWKS.withDnsLookupFamily
withDnsLookupFamily(dnsLookupFamily)
"The DNS IP address resolution policy for the JWKS URI.\nWhen configured as \"v4\", the DNS resolver will only perform a lookup\nfor addresses in the IPv4 family. If \"v6\" is configured, the DNS resolver\nwill only perform a lookup for addresses in the IPv6 family.\nIf \"all\" is configured, the DNS resolver\nwill perform a lookup for addresses in both the IPv4 and IPv6 family.\nIf \"auto\" is configured, the DNS resolver will first perform a lookup\nfor addresses in the IPv6 family and fallback to a lookup for addresses\nin the IPv4 family. If not specified, the Contour-wide setting defined\nin the config file or ContourConfiguration applies (defaults to \"auto\").\nSee https://www.envoyproxy.io/docs/envoy/latest/api-v3/config/cluster/v3/cluster.proto.html#envoy-v3-api-enum-config-cluster-v3-cluster-dnslookupfamily\nfor more information."
fn spec.virtualhost.jwtProviders.remoteJWKS.withTimeout
withTimeout(timeout)
"How long to wait for a response from the URI.\nIf not specified, a default of 1s applies."
fn spec.virtualhost.jwtProviders.remoteJWKS.withUri
withUri(uri)
"The URI for the JWKS."
obj spec.virtualhost.jwtProviders.remoteJWKS.validation
"UpstreamValidation defines how to verify the JWKS's TLS certificate."
fn spec.virtualhost.jwtProviders.remoteJWKS.validation.withCaSecret
withCaSecret(caSecret)
"Name or namespaced name of the Kubernetes secret used to validate the certificate presented by the backend.\nThe secret must contain key named ca.crt.\nThe name can be optionally prefixed with namespace \"namespace/name\".\nWhen cross-namespace reference is used, TLSCertificateDelegation resource must exist in the namespace to grant access to the secret.\nMax length should be the actual max possible length of a namespaced name (63 + 253 + 1 = 317)"
fn spec.virtualhost.jwtProviders.remoteJWKS.validation.withSubjectName
withSubjectName(subjectName)
"Key which is expected to be present in the 'subjectAltName' of the presented certificate.\nDeprecated: migrate to using the plural field subjectNames."
fn spec.virtualhost.jwtProviders.remoteJWKS.validation.withSubjectNames
withSubjectNames(subjectNames)
"List of keys, of which at least one is expected to be present in the 'subjectAltName of the\npresented certificate."
fn spec.virtualhost.jwtProviders.remoteJWKS.validation.withSubjectNamesMixin
withSubjectNamesMixin(subjectNames)
"List of keys, of which at least one is expected to be present in the 'subjectAltName of the\npresented certificate."
Note: This function appends passed data to existing values
obj spec.virtualhost.rateLimitPolicy
"The policy for rate limiting on the virtual host."
obj spec.virtualhost.rateLimitPolicy.global
"Global defines global rate limiting parameters, i.e. parameters\ndefining descriptors that are sent to an external rate limit\nservice (RLS) for a rate limit decision on each request."
fn spec.virtualhost.rateLimitPolicy.global.withDescriptors
withDescriptors(descriptors)
"Descriptors defines the list of descriptors that will\nbe generated and sent to the rate limit service. Each\ndescriptor contains 1+ key-value pair entries."
fn spec.virtualhost.rateLimitPolicy.global.withDescriptorsMixin
withDescriptorsMixin(descriptors)
"Descriptors defines the list of descriptors that will\nbe generated and sent to the rate limit service. Each\ndescriptor contains 1+ key-value pair entries."
Note: This function appends passed data to existing values
fn spec.virtualhost.rateLimitPolicy.global.withDisabled
withDisabled(disabled)
"Disabled configures the HTTPProxy to not use\nthe default global rate limit policy defined by the Contour configuration."
obj spec.virtualhost.rateLimitPolicy.global.descriptors
"Descriptors defines the list of descriptors that will\nbe generated and sent to the rate limit service. Each\ndescriptor contains 1+ key-value pair entries."
fn spec.virtualhost.rateLimitPolicy.global.descriptors.withEntries
withEntries(entries)
"Entries is the list of key-value pair generators."
fn spec.virtualhost.rateLimitPolicy.global.descriptors.withEntriesMixin
withEntriesMixin(entries)
"Entries is the list of key-value pair generators."
Note: This function appends passed data to existing values
obj spec.virtualhost.rateLimitPolicy.global.descriptors.entries
"Entries is the list of key-value pair generators."
fn spec.virtualhost.rateLimitPolicy.global.descriptors.entries.withRemoteAddress
withRemoteAddress(remoteAddress)
"RemoteAddress defines a descriptor entry with a key of \"remote_address\"\nand a value equal to the client's IP address (from x-forwarded-for)."
fn spec.virtualhost.rateLimitPolicy.global.descriptors.entries.withRemoteAddressMixin
withRemoteAddressMixin(remoteAddress)
"RemoteAddress defines a descriptor entry with a key of \"remote_address\"\nand a value equal to the client's IP address (from x-forwarded-for)."
Note: This function appends passed data to existing values
obj spec.virtualhost.rateLimitPolicy.global.descriptors.entries.genericKey
"GenericKey defines a descriptor entry with a static key and value."
fn spec.virtualhost.rateLimitPolicy.global.descriptors.entries.genericKey.withKey
withKey(key)
"Key defines the key of the descriptor entry. If not set, the\nkey is set to \"generic_key\"."
fn spec.virtualhost.rateLimitPolicy.global.descriptors.entries.genericKey.withValue
withValue(value)
"Value defines the value of the descriptor entry."
obj spec.virtualhost.rateLimitPolicy.global.descriptors.entries.requestHeader
"RequestHeader defines a descriptor entry that's populated only if\na given header is present on the request. The descriptor key is static,\nand the descriptor value is equal to the value of the header."
fn spec.virtualhost.rateLimitPolicy.global.descriptors.entries.requestHeader.withDescriptorKey
withDescriptorKey(descriptorKey)
"DescriptorKey defines the key to use on the descriptor entry."
fn spec.virtualhost.rateLimitPolicy.global.descriptors.entries.requestHeader.withHeaderName
withHeaderName(headerName)
"HeaderName defines the name of the header to look for on the request."
obj spec.virtualhost.rateLimitPolicy.global.descriptors.entries.requestHeaderValueMatch
"RequestHeaderValueMatch defines a descriptor entry that's populated\nif the request's headers match a set of 1+ match criteria. The\ndescriptor key is \"header_match\", and the descriptor value is static."
fn spec.virtualhost.rateLimitPolicy.global.descriptors.entries.requestHeaderValueMatch.withExpectMatch
withExpectMatch(expectMatch)
"ExpectMatch defines whether the request must positively match the match\ncriteria in order to generate a descriptor entry (i.e. true), or not\nmatch the match criteria in order to generate a descriptor entry (i.e. false).\nThe default is true."
fn spec.virtualhost.rateLimitPolicy.global.descriptors.entries.requestHeaderValueMatch.withHeaders
withHeaders(headers)
"Headers is a list of 1+ match criteria to apply against the request\nto determine whether to populate the descriptor entry or not."
fn spec.virtualhost.rateLimitPolicy.global.descriptors.entries.requestHeaderValueMatch.withHeadersMixin
withHeadersMixin(headers)
"Headers is a list of 1+ match criteria to apply against the request\nto determine whether to populate the descriptor entry or not."
Note: This function appends passed data to existing values
fn spec.virtualhost.rateLimitPolicy.global.descriptors.entries.requestHeaderValueMatch.withValue
withValue(value)
"Value defines the value of the descriptor entry."
obj spec.virtualhost.rateLimitPolicy.global.descriptors.entries.requestHeaderValueMatch.headers
"Headers is a list of 1+ match criteria to apply against the request\nto determine whether to populate the descriptor entry or not."
fn spec.virtualhost.rateLimitPolicy.global.descriptors.entries.requestHeaderValueMatch.headers.withContains
withContains(contains)
"Contains specifies a substring that must be present in\nthe header value."
fn spec.virtualhost.rateLimitPolicy.global.descriptors.entries.requestHeaderValueMatch.headers.withExact
withExact(exact)
"Exact specifies a string that the header value must be equal to."
fn spec.virtualhost.rateLimitPolicy.global.descriptors.entries.requestHeaderValueMatch.headers.withIgnoreCase
withIgnoreCase(ignoreCase)
"IgnoreCase specifies that string matching should be case insensitive.\nNote that this has no effect on the Regex parameter."
fn spec.virtualhost.rateLimitPolicy.global.descriptors.entries.requestHeaderValueMatch.headers.withName
withName(name)
"Name is the name of the header to match against. Name is required.\nHeader names are case insensitive."
fn spec.virtualhost.rateLimitPolicy.global.descriptors.entries.requestHeaderValueMatch.headers.withNotcontains
withNotcontains(notcontains)
"NotContains specifies a substring that must not be present\nin the header value."
fn spec.virtualhost.rateLimitPolicy.global.descriptors.entries.requestHeaderValueMatch.headers.withNotexact
withNotexact(notexact)
"NoExact specifies a string that the header value must not be\nequal to. The condition is true if the header has any other value."
fn spec.virtualhost.rateLimitPolicy.global.descriptors.entries.requestHeaderValueMatch.headers.withNotpresent
withNotpresent(notpresent)
"NotPresent specifies that condition is true when the named header\nis not present. Note that setting NotPresent to false does not\nmake the condition true if the named header is present."
fn spec.virtualhost.rateLimitPolicy.global.descriptors.entries.requestHeaderValueMatch.headers.withPresent
withPresent(present)
"Present specifies that condition is true when the named header\nis present, regardless of its value. Note that setting Present\nto false does not make the condition true if the named header\nis absent."
fn spec.virtualhost.rateLimitPolicy.global.descriptors.entries.requestHeaderValueMatch.headers.withRegex
withRegex(regex)
"Regex specifies a regular expression pattern that must match the header\nvalue."
fn spec.virtualhost.rateLimitPolicy.global.descriptors.entries.requestHeaderValueMatch.headers.withTreatMissingAsEmpty
withTreatMissingAsEmpty(treatMissingAsEmpty)
"TreatMissingAsEmpty specifies if the header match rule specified header\ndoes not exist, this header value will be treated as empty. Defaults to false.\nUnlike the underlying Envoy implementation this is only supported for\nnegative matches (e.g. NotContains, NotExact)."
obj spec.virtualhost.rateLimitPolicy.local
"Local defines local rate limiting parameters, i.e. parameters\nfor rate limiting that occurs within each Envoy pod as requests\nare handled."
fn spec.virtualhost.rateLimitPolicy.local.withBurst
withBurst(burst)
"Burst defines the number of requests above the requests per\nunit that should be allowed within a short period of time."
fn spec.virtualhost.rateLimitPolicy.local.withRequests
withRequests(requests)
"Requests defines how many requests per unit of time should\nbe allowed before rate limiting occurs."
fn spec.virtualhost.rateLimitPolicy.local.withResponseHeadersToAdd
withResponseHeadersToAdd(responseHeadersToAdd)
"ResponseHeadersToAdd is an optional list of response headers to\nset when a request is rate-limited."
fn spec.virtualhost.rateLimitPolicy.local.withResponseHeadersToAddMixin
withResponseHeadersToAddMixin(responseHeadersToAdd)
"ResponseHeadersToAdd is an optional list of response headers to\nset when a request is rate-limited."
Note: This function appends passed data to existing values
fn spec.virtualhost.rateLimitPolicy.local.withResponseStatusCode
withResponseStatusCode(responseStatusCode)
"ResponseStatusCode is the HTTP status code to use for responses\nto rate-limited requests. Codes must be in the 400-599 range\n(inclusive). If not specified, the Envoy default of 429 (Too\nMany Requests) is used."
fn spec.virtualhost.rateLimitPolicy.local.withUnit
withUnit(unit)
"Unit defines the period of time within which requests\nover the limit will be rate limited. Valid values are\n\"second\", \"minute\" and \"hour\"."
obj spec.virtualhost.rateLimitPolicy.local.responseHeadersToAdd
"ResponseHeadersToAdd is an optional list of response headers to\nset when a request is rate-limited."
fn spec.virtualhost.rateLimitPolicy.local.responseHeadersToAdd.withName
withName(name)
"Name represents a key of a header"
fn spec.virtualhost.rateLimitPolicy.local.responseHeadersToAdd.withValue
withValue(value)
"Value represents the value of a header specified by a key"
obj spec.virtualhost.tls
"If present the fields describes TLS properties of the virtual\nhost. The SNI names that will be matched on are described in fqdn,\nthe tls.secretName secret must contain a certificate that itself\ncontains a name that matches the FQDN."
fn spec.virtualhost.tls.withEnableFallbackCertificate
withEnableFallbackCertificate(enableFallbackCertificate)
"EnableFallbackCertificate defines if the vhost should allow a default certificate to\nbe applied which handles all requests which don't match the SNI defined in this vhost."
fn spec.virtualhost.tls.withMaximumProtocolVersion
withMaximumProtocolVersion(maximumProtocolVersion)
"MaximumProtocolVersion is the maximum TLS version this vhost should\nnegotiate. Valid options are 1.2 and 1.3 (default). Any other value\ndefaults to TLS 1.3."
fn spec.virtualhost.tls.withMinimumProtocolVersion
withMinimumProtocolVersion(minimumProtocolVersion)
"MinimumProtocolVersion is the minimum TLS version this vhost should\nnegotiate. Valid options are 1.2 (default) and 1.3. Any other value\ndefaults to TLS 1.2."
fn spec.virtualhost.tls.withPassthrough
withPassthrough(passthrough)
"Passthrough defines whether the encrypted TLS handshake will be\npassed through to the backing cluster. Either Passthrough or\nSecretName must be specified, but not both."
fn spec.virtualhost.tls.withSecretName
withSecretName(secretName)
"SecretName is the name of a TLS secret.\nEither SecretName or Passthrough must be specified, but not both.\nIf specified, the named secret must contain a matching certificate\nfor the virtual host's FQDN.\nThe name can be optionally prefixed with namespace \"namespace/name\".\nWhen cross-namespace reference is used, TLSCertificateDelegation resource must exist in the namespace to grant access to the secret."
obj spec.virtualhost.tls.clientValidation
"ClientValidation defines how to verify the client certificate\nwhen an external client establishes a TLS connection to Envoy.\nThis setting:\n1. Enables TLS client certificate validation.\n2. Specifies how the client certificate will be validated (i.e.\n validation required or skipped).\nNote: Setting client certificate validation to be skipped should\nbe only used in conjunction with an external authorization server that\nperforms client validation as Contour will ensure client certificates\nare passed along."
fn spec.virtualhost.tls.clientValidation.withCaSecret
withCaSecret(caSecret)
"Name of a Kubernetes secret that contains a CA certificate bundle.\nThe secret must contain key named ca.crt.\nThe client certificate must validate against the certificates in the bundle.\nIf specified and SkipClientCertValidation is true, client certificates will\nbe required on requests.\nThe name can be optionally prefixed with namespace \"namespace/name\".\nWhen cross-namespace reference is used, TLSCertificateDelegation resource must exist in the namespace to grant access to the secret."
fn spec.virtualhost.tls.clientValidation.withCrlOnlyVerifyLeafCert
withCrlOnlyVerifyLeafCert(crlOnlyVerifyLeafCert)
"If this option is set to true, only the certificate at the end of the\ncertificate chain will be subject to validation by CRL."
fn spec.virtualhost.tls.clientValidation.withCrlSecret
withCrlSecret(crlSecret)
"Name of a Kubernetes opaque secret that contains a concatenated list of PEM encoded CRLs.\nThe secret must contain key named crl.pem.\nThis field will be used to verify that a client certificate has not been revoked.\nCRLs must be available from all CAs, unless crlOnlyVerifyLeafCert is true.\nLarge CRL lists are not supported since individual secrets are limited to 1MiB in size.\nThe name can be optionally prefixed with namespace \"namespace/name\".\nWhen cross-namespace reference is used, TLSCertificateDelegation resource must exist in the namespace to grant access to the secret."
fn spec.virtualhost.tls.clientValidation.withOptionalClientCertificate
withOptionalClientCertificate(optionalClientCertificate)
"OptionalClientCertificate when set to true will request a client certificate\nbut allow the connection to continue if the client does not provide one.\nIf a client certificate is sent, it will be verified according to the\nother properties, which includes disabling validation if\nSkipClientCertValidation is set. Defaults to false."
fn spec.virtualhost.tls.clientValidation.withSkipClientCertValidation
withSkipClientCertValidation(skipClientCertValidation)
"SkipClientCertValidation disables downstream client certificate\nvalidation. Defaults to false. This field is intended to be used in\nconjunction with external authorization in order to enable the external\nauthorization server to validate client certificates. When this field\nis set to true, client certificates are requested but not verified by\nEnvoy. If CACertificate is specified, client certificates are required on\nrequests, but not verified. If external authorization is in use, they are\npresented to the external authorization server."
obj spec.virtualhost.tls.clientValidation.forwardClientCertificate
"ForwardClientCertificate adds the selected data from the passed client TLS certificate\nto the x-forwarded-client-cert header."
fn spec.virtualhost.tls.clientValidation.forwardClientCertificate.withCert
withCert(cert)
"Client cert in URL encoded PEM format."
fn spec.virtualhost.tls.clientValidation.forwardClientCertificate.withChain
withChain(chain)
"Client cert chain (including the leaf cert) in URL encoded PEM format."
fn spec.virtualhost.tls.clientValidation.forwardClientCertificate.withDns
withDns(dns)
"DNS type Subject Alternative Names of the client cert."
fn spec.virtualhost.tls.clientValidation.forwardClientCertificate.withSubject
withSubject(subject)
"Subject of the client cert."
fn spec.virtualhost.tls.clientValidation.forwardClientCertificate.withUri
withUri(uri)
"URI type Subject Alternative Name of the client cert."