This is the multi-page printable view of this section. Click here to print.

Return to the regular view of this page.

API

This section includes APIs of Envoy Gateway.

1: Config APIs
2: Extension APIs

1 - Config APIs

Packages

config.gateway.envoyproxy.io/v1alpha1

config.gateway.envoyproxy.io/v1alpha1

Package v1alpha1 contains API schema definitions for the config.gateway.envoyproxy.io API group.

Resource Types

EnvoyGateway

EnvoyGateway is the schema for the envoygateways API.

Field	Description
`apiVersion` string	`config.gateway.envoyproxy.io/v1alpha1`
`kind` string	`EnvoyGateway`
`EnvoyGatewaySpec` EnvoyGatewaySpec	EnvoyGatewaySpec defines the desired state of EnvoyGateway.

EnvoyGatewaySpec

EnvoyGatewaySpec defines the desired state of Envoy Gateway.

Appears in:

EnvoyGateway

Field	Description
`gateway` Gateway	Gateway defines desired Gateway API specific configuration. If unset, default configuration parameters will apply.
`provider` Provider	Provider defines the desired provider and provider-specific configuration. If unspecified, the Kubernetes provider is used with default configuration parameters.
`rateLimit` RateLimit	RateLimit defines the configuration associated with the Rate Limit service deployed by Envoy Gateway required to implement the Global Rate limiting functionality. The specific rate limit service used here is the reference implementation in Envoy. For more details visit https://github.com/envoyproxy/ratelimit. This configuration is unneeded for “Local” rate limiting.

EnvoyProxy

EnvoyProxy is the schema for the envoyproxies API.

Field	Description
`apiVersion` string	`config.gateway.envoyproxy.io/v1alpha1`
`kind` string	`EnvoyProxy`
`metadata` ObjectMeta	Refer to Kubernetes API documentation for fields of `metadata`.
`spec` EnvoyProxySpec	EnvoyProxySpec defines the desired state of EnvoyProxy.

EnvoyProxySpec

EnvoyProxySpec defines the desired state of EnvoyProxy.

Appears in:

EnvoyProxy

Field	Description
`provider` ResourceProvider	Provider defines the desired resource provider and provider-specific configuration. If unspecified, the “Kubernetes” resource provider is used with default configuration parameters.
`logging` ProxyLogging	Logging defines logging parameters for managed proxies. If unspecified, default settings apply. This type is not implemented until https://github.com/envoyproxy/gateway/issues/280 is fixed.

FileProvider

FileProvider defines configuration for the File provider.

Appears in:

Provider

Gateway

Gateway defines the desired Gateway API configuration of Envoy Gateway.

Appears in:

EnvoyGatewaySpec

Field	Description
`controllerName` string	ControllerName defines the name of the Gateway API controller. If unspecified, defaults to “gateway.envoyproxy.io/gatewayclass-controller”. See the following for additional details: https://gateway-api.sigs.k8s.io/reference/spec/#gateway.networking.k8s.io/v1.GatewayClass

KubernetesDeploymentSpec

KubernetesDeploymentSpec defines the desired state of the Kubernetes deployment resource.

Appears in:

KubernetesResourceProvider

Field	Description
`replicas` integer	Replicas is the number of desired pods. Defaults to 1.

KubernetesProvider

KubernetesProvider defines configuration for the Kubernetes provider.

Appears in:

Provider

KubernetesResourceProvider

KubernetesResourceProvider defines configuration for the Kubernetes resource provider.

Appears in:

ResourceProvider

Field	Description
`envoyDeployment` KubernetesDeploymentSpec	EnvoyDeployment defines the desired state of the Envoy deployment resource. If unspecified, default settings for the managed Envoy deployment resource are applied.

LogComponent

Underlying type: string

LogComponent defines a component that supports a configured logging level. This type is not implemented until https://github.com/envoyproxy/gateway/issues/280 is fixed.

Appears in:

ProxyLogging

LogLevel

Underlying type: string

LogLevel defines a log level for system logs. This type is not implemented until https://github.com/envoyproxy/gateway/issues/280 is fixed.

Appears in:

ProxyLogging

Provider

Provider defines the desired configuration of a provider.

Appears in:

EnvoyGatewaySpec

Field	Description
`type` ProviderType	Type is the type of provider to use. Supported types are “Kubernetes”.
`kubernetes` KubernetesProvider	Kubernetes defines the configuration of the Kubernetes provider. Kubernetes provides runtime configuration via the Kubernetes API.
`file` FileProvider	File defines the configuration of the File provider. File provides runtime configuration defined by one or more files. This type is not implemented until https://github.com/envoyproxy/gateway/issues/1001 is fixed.

ProviderType

Underlying type: string

ProviderType defines the types of providers supported by Envoy Gateway.

Appears in:

ProxyLogging

ProxyLogging defines logging parameters for managed proxies. This type is not implemented until https://github.com/envoyproxy/gateway/issues/280 is fixed.

Appears in:

EnvoyProxySpec

Field	Description
`level` object (keys:LogComponent, values:LogLevel)	Level is a map of logging level per component, where the component is the key and the log level is the value. If unspecified, defaults to “System: Info”.

RateLimit

RateLimit defines the configuration associated with the Rate Limit Service used for Global Rate Limiting.

Appears in:

EnvoyGatewaySpec

Field	Description
`backend` RateLimitDatabaseBackend	Backend holds the configuration associated with the database backend used by the rate limit service to store state associated with global ratelimiting.

RateLimitDatabaseBackend

RateLimitDatabaseBackend defines the configuration associated with the database backend used by the rate limit service.

Appears in:

RateLimit

Field	Description
`type` RateLimitDatabaseBackendType	Type is the type of database backend to use. Supported types are: * Redis: Connects to a Redis database.
`redis` RateLimitRedisSettings	Redis defines the settings needed to connect to a Redis database.

RateLimitDatabaseBackendType

Underlying type: string

RateLimitDatabaseBackendType specifies the types of database backend to be used by the rate limit service.

Appears in:

RateLimitDatabaseBackend

RateLimitRedisSettings

RateLimitRedisSettings defines the configuration for connecting to a Redis database.

Appears in:

RateLimitDatabaseBackend

Field	Description
`url` string	URL of the Redis Database.

ResourceProvider

ResourceProvider defines the desired state of a resource provider.

Appears in:

EnvoyProxySpec

Field	Description
`type` ProviderType	Type is the type of resource provider to use. A resource provider provides infrastructure resources for running the data plane, e.g. Envoy proxy, and optional auxiliary control planes. Supported types are “Kubernetes”.
`kubernetes` KubernetesResourceProvider	Kubernetes defines the desired state of the Kubernetes resource provider. Kubernetes provides infrastructure resources for running the data plane, e.g. Envoy proxy. If unspecified and type is “Kubernetes”, default settings for managed Kubernetes resources are applied.

2 - Extension APIs

Packages

gateway.envoyproxy.io/v1alpha1

gateway.envoyproxy.io/v1alpha1

Package v1alpha1 contains API schema definitions for the gateway.envoyproxy.io API group.

Resource Types

AuthenticationFilter

Field	Description
`apiVersion` string	`gateway.envoyproxy.io/v1alpha1`
`kind` string	`AuthenticationFilter`
`metadata` ObjectMeta	Refer to Kubernetes API documentation for fields of `metadata`.
`spec` AuthenticationFilterSpec	Spec defines the desired state of the AuthenticationFilter type.

AuthenticationFilterSpec

AuthenticationFilterSpec defines the desired state of the AuthenticationFilter type.

Appears in:

AuthenticationFilter

Field	Description
`type` AuthenticationFilterType	Type defines the type of authentication provider to use. Supported provider types are “JWT”.
`jwtProviders` JwtAuthenticationFilterProvider array	JWT defines the JSON Web Token (JWT) authentication provider type. When multiple jwtProviders are specified, the JWT is considered valid if any of the providers successfully validate the JWT. For additional details, see https://www.envoyproxy.io/docs/envoy/latest/configuration/http/http_filters/jwt_authn_filter.html.

AuthenticationFilterType

Underlying type: string

AuthenticationFilterType is a type of authentication provider.

Appears in:

AuthenticationFilterSpec

GlobalRateLimit

GlobalRateLimit defines global rate limit configuration.

Appears in:

RateLimitFilterSpec

Field	Description
`rules` RateLimitRule array	Rules are a list of RateLimit selectors and limits. Each rule and its associated limit is applied in a mutually exclusive way i.e. if multiple rules get selected, each of their associated limits get applied, so a single traffic request might increase the rate limit counters for multiple rules if selected.

HeaderMatch

HeaderMatch defines the match attributes within the HTTP Headers of the request.

Appears in:

RateLimitSelectCondition

Field	Description
`type` HeaderMatchType	Type specifies how to match against the value of the header.
`name` string	Name of the HTTP header.
`value` string	Value within the HTTP header. Due to the case-insensitivity of header names, “foo” and “Foo” are considered equivalent. Do not set this field when Type=“Distinct”, implying matching on any/all unique values within the header.

HeaderMatchType

Underlying type: string

HeaderMatchType specifies the semantics of how HTTP header values should be compared. Valid HeaderMatchType values are “Exact”, “RegularExpression”, and “Distinct”.

Appears in:

HeaderMatch

JwtAuthenticationFilterProvider

JwtAuthenticationFilterProvider defines the JSON Web Token (JWT) authentication provider type and how JWTs should be verified:

Appears in:

AuthenticationFilterSpec

Field	Description
`name` string	Name defines a unique name for the JWT provider. A name can have a variety of forms, including RFC1123 subdomains, RFC 1123 labels, or RFC 1035 labels.
`issuer` string	Issuer is the principal that issued the JWT and takes the form of a URL or email address. For additional details, see https://tools.ietf.org/html/rfc7519#section-4.1.1 for URL format and https://rfc-editor.org/rfc/rfc5322.html for email format. If not provided, the JWT issuer is not checked.
`audiences` string array	Audiences is a list of JWT audiences allowed access. For additional details, see https://tools.ietf.org/html/rfc7519#section-4.1.3. If not provided, JWT audiences are not checked.
`remoteJWKS` RemoteJWKS	RemoteJWKS defines how to fetch and cache JSON Web Key Sets (JWKS) from a remote HTTP/HTTPS endpoint.

RateLimitFilter

RateLimitFilter allows the user to limit the number of incoming requests to a predefined value based on attributes within the traffic flow.

Field	Description
`apiVersion` string	`gateway.envoyproxy.io/v1alpha1`
`kind` string	`RateLimitFilter`
`metadata` ObjectMeta	Refer to Kubernetes API documentation for fields of `metadata`.
`spec` RateLimitFilterSpec	Spec defines the desired state of RateLimitFilter.

RateLimitFilterSpec

RateLimitFilterSpec defines the desired state of RateLimitFilter.

Appears in:

RateLimitFilter

Field	Description
`type` RateLimitType	Type decides the scope for the RateLimits. Valid RateLimitType values are “Global”.
`global` GlobalRateLimit	Global defines global rate limit configuration.

RateLimitRule

RateLimitRule defines the semantics for matching attributes from the incoming requests, and setting limits for them.

Appears in:

GlobalRateLimit

Field	Description
`clientSelectors` RateLimitSelectCondition array	ClientSelectors holds the list of select conditions to select specific clients using attributes from the traffic flow. All individual select conditions must hold True for this rule and its limit to be applied. If this field is empty, it is equivalent to True, and the limit is applied.
`limit` RateLimitValue	Limit holds the rate limit values. This limit is applied for traffic flows when the selectors compute to True, causing the request to be counted towards the limit. The limit is enforced and the request is ratelimited, i.e. a response with 429 HTTP status code is sent back to the client when the selected requests have reached the limit.

RateLimitSelectCondition

RateLimitSelectCondition specifies the attributes within the traffic flow that can be used to select a subset of clients to be ratelimited. All the individual conditions must hold True for the overall condition to hold True.

Appears in:

RateLimitRule

Field	Description
`headers` HeaderMatch array	Headers is a list of request headers to match. Multiple header values are ANDed together, meaning, a request MUST match all the specified headers.

RateLimitType

Underlying type: string

RateLimitType specifies the types of RateLimiting.

Appears in:

RateLimitFilterSpec

RateLimitUnit

Underlying type: string

RateLimitUnit specifies the intervals for setting rate limits. Valid RateLimitUnit values are “Second”, “Minute”, “Hour”, and “Day”.

Appears in:

RateLimitValue

RateLimitValue

RateLimitValue defines the limits for rate limiting.

Appears in:

RateLimitRule

Field	Description
`requests` integer
`unit` RateLimitUnit

RemoteJWKS

RemoteJWKS defines how to fetch and cache JSON Web Key Sets (JWKS) from a remote HTTP/HTTPS endpoint.

Appears in:

JwtAuthenticationFilterProvider

Field	Description
`uri` string	URI is the HTTPS URI to fetch the JWKS. Envoy’s system trust bundle is used to validate the server certificate.