This is the multi-page printable view of this section. Click here to print.

Return to the regular view of this page.

API

This section includes APIs of Envoy Gateway.

1 - Config APIs

Packages

config.gateway.envoyproxy.io/v1alpha1

Package v1alpha1 contains API schema definitions for the config.gateway.envoyproxy.io API group.

Resource Types

EnvoyGateway

EnvoyGateway is the schema for the envoygateways API.

FieldDescription
apiVersion stringconfig.gateway.envoyproxy.io/v1alpha1
kind stringEnvoyGateway
EnvoyGatewaySpec EnvoyGatewaySpecEnvoyGatewaySpec defines the desired state of EnvoyGateway.

EnvoyGatewaySpec

EnvoyGatewaySpec defines the desired state of Envoy Gateway.

Appears in:

FieldDescription
gateway GatewayGateway defines desired Gateway API specific configuration. If unset, default configuration parameters will apply.
provider ProviderProvider defines the desired provider and provider-specific configuration. If unspecified, the Kubernetes provider is used with default configuration parameters.
rateLimit RateLimitRateLimit defines the configuration associated with the Rate Limit service deployed by Envoy Gateway required to implement the Global Rate limiting functionality. The specific rate limit service used here is the reference implementation in Envoy. For more details visit https://github.com/envoyproxy/ratelimit. This configuration is unneeded for “Local” rate limiting.

EnvoyProxy

EnvoyProxy is the schema for the envoyproxies API.

FieldDescription
apiVersion stringconfig.gateway.envoyproxy.io/v1alpha1
kind stringEnvoyProxy
metadata ObjectMetaRefer to Kubernetes API documentation for fields of metadata.
spec EnvoyProxySpecEnvoyProxySpec defines the desired state of EnvoyProxy.

EnvoyProxySpec

EnvoyProxySpec defines the desired state of EnvoyProxy.

Appears in:

FieldDescription
provider ResourceProviderProvider defines the desired resource provider and provider-specific configuration. If unspecified, the “Kubernetes” resource provider is used with default configuration parameters.
logging ProxyLoggingLogging defines logging parameters for managed proxies. If unspecified, default settings apply. This type is not implemented until https://github.com/envoyproxy/gateway/issues/280 is fixed.

FileProvider

FileProvider defines configuration for the File provider.

Appears in:

Gateway

Gateway defines the desired Gateway API configuration of Envoy Gateway.

Appears in:

FieldDescription
controllerName stringControllerName defines the name of the Gateway API controller. If unspecified, defaults to “gateway.envoyproxy.io/gatewayclass-controller”. See the following for additional details: https://gateway-api.sigs.k8s.io/reference/spec/#gateway.networking.k8s.io/v1.GatewayClass

KubernetesDeploymentSpec

KubernetesDeploymentSpec defines the desired state of the Kubernetes deployment resource.

Appears in:

FieldDescription
replicas integerReplicas is the number of desired pods. Defaults to 1.

KubernetesProvider

KubernetesProvider defines configuration for the Kubernetes provider.

Appears in:

KubernetesResourceProvider

KubernetesResourceProvider defines configuration for the Kubernetes resource provider.

Appears in:

FieldDescription
envoyDeployment KubernetesDeploymentSpecEnvoyDeployment defines the desired state of the Envoy deployment resource. If unspecified, default settings for the managed Envoy deployment resource are applied.

LogComponent

Underlying type: string

LogComponent defines a component that supports a configured logging level. This type is not implemented until https://github.com/envoyproxy/gateway/issues/280 is fixed.

Appears in:

LogLevel

Underlying type: string

LogLevel defines a log level for system logs. This type is not implemented until https://github.com/envoyproxy/gateway/issues/280 is fixed.

Appears in:

Provider

Provider defines the desired configuration of a provider.

Appears in:

FieldDescription
type ProviderTypeType is the type of provider to use. Supported types are “Kubernetes”.
kubernetes KubernetesProviderKubernetes defines the configuration of the Kubernetes provider. Kubernetes provides runtime configuration via the Kubernetes API.
file FileProviderFile defines the configuration of the File provider. File provides runtime configuration defined by one or more files. This type is not implemented until https://github.com/envoyproxy/gateway/issues/1001 is fixed.

ProviderType

Underlying type: string

ProviderType defines the types of providers supported by Envoy Gateway.

Appears in:

ProxyLogging

ProxyLogging defines logging parameters for managed proxies. This type is not implemented until https://github.com/envoyproxy/gateway/issues/280 is fixed.

Appears in:

FieldDescription
level object (keys:LogComponent, values:LogLevel)Level is a map of logging level per component, where the component is the key and the log level is the value. If unspecified, defaults to “System: Info”.

RateLimit

RateLimit defines the configuration associated with the Rate Limit Service used for Global Rate Limiting.

Appears in:

FieldDescription
backend RateLimitDatabaseBackendBackend holds the configuration associated with the database backend used by the rate limit service to store state associated with global ratelimiting.

RateLimitDatabaseBackend

RateLimitDatabaseBackend defines the configuration associated with the database backend used by the rate limit service.

Appears in:

FieldDescription
type RateLimitDatabaseBackendTypeType is the type of database backend to use. Supported types are: * Redis: Connects to a Redis database.
redis RateLimitRedisSettingsRedis defines the settings needed to connect to a Redis database.

RateLimitDatabaseBackendType

Underlying type: string

RateLimitDatabaseBackendType specifies the types of database backend to be used by the rate limit service.

Appears in:

RateLimitRedisSettings

RateLimitRedisSettings defines the configuration for connecting to a Redis database.

Appears in:

FieldDescription
url stringURL of the Redis Database.

ResourceProvider

ResourceProvider defines the desired state of a resource provider.

Appears in:

FieldDescription
type ProviderTypeType is the type of resource provider to use. A resource provider provides infrastructure resources for running the data plane, e.g. Envoy proxy, and optional auxiliary control planes. Supported types are “Kubernetes”.
kubernetes KubernetesResourceProviderKubernetes defines the desired state of the Kubernetes resource provider. Kubernetes provides infrastructure resources for running the data plane, e.g. Envoy proxy. If unspecified and type is “Kubernetes”, default settings for managed Kubernetes resources are applied.

2 - Extension APIs

Packages

gateway.envoyproxy.io/v1alpha1

Package v1alpha1 contains API schema definitions for the gateway.envoyproxy.io API group.

Resource Types

AuthenticationFilter

FieldDescription
apiVersion stringgateway.envoyproxy.io/v1alpha1
kind stringAuthenticationFilter
metadata ObjectMetaRefer to Kubernetes API documentation for fields of metadata.
spec AuthenticationFilterSpecSpec defines the desired state of the AuthenticationFilter type.

AuthenticationFilterSpec

AuthenticationFilterSpec defines the desired state of the AuthenticationFilter type.

Appears in:

FieldDescription
type AuthenticationFilterTypeType defines the type of authentication provider to use. Supported provider types are “JWT”.
jwtProviders JwtAuthenticationFilterProvider arrayJWT defines the JSON Web Token (JWT) authentication provider type. When multiple jwtProviders are specified, the JWT is considered valid if any of the providers successfully validate the JWT. For additional details, see https://www.envoyproxy.io/docs/envoy/latest/configuration/http/http_filters/jwt_authn_filter.html.

AuthenticationFilterType

Underlying type: string

AuthenticationFilterType is a type of authentication provider.

Appears in:

GlobalRateLimit

GlobalRateLimit defines global rate limit configuration.

Appears in:

FieldDescription
rules RateLimitRule arrayRules are a list of RateLimit selectors and limits. Each rule and its associated limit is applied in a mutually exclusive way i.e. if multiple rules get selected, each of their associated limits get applied, so a single traffic request might increase the rate limit counters for multiple rules if selected.

HeaderMatch

HeaderMatch defines the match attributes within the HTTP Headers of the request.

Appears in:

FieldDescription
type HeaderMatchTypeType specifies how to match against the value of the header.
name stringName of the HTTP header.
value stringValue within the HTTP header. Due to the case-insensitivity of header names, “foo” and “Foo” are considered equivalent. Do not set this field when Type=“Distinct”, implying matching on any/all unique values within the header.

HeaderMatchType

Underlying type: string

HeaderMatchType specifies the semantics of how HTTP header values should be compared. Valid HeaderMatchType values are “Exact”, “RegularExpression”, and “Distinct”.

Appears in:

JwtAuthenticationFilterProvider

JwtAuthenticationFilterProvider defines the JSON Web Token (JWT) authentication provider type and how JWTs should be verified:

Appears in:

FieldDescription
name stringName defines a unique name for the JWT provider. A name can have a variety of forms, including RFC1123 subdomains, RFC 1123 labels, or RFC 1035 labels.
issuer stringIssuer is the principal that issued the JWT and takes the form of a URL or email address. For additional details, see https://tools.ietf.org/html/rfc7519#section-4.1.1 for URL format and https://rfc-editor.org/rfc/rfc5322.html for email format. If not provided, the JWT issuer is not checked.
audiences string arrayAudiences is a list of JWT audiences allowed access. For additional details, see https://tools.ietf.org/html/rfc7519#section-4.1.3. If not provided, JWT audiences are not checked.
remoteJWKS RemoteJWKSRemoteJWKS defines how to fetch and cache JSON Web Key Sets (JWKS) from a remote HTTP/HTTPS endpoint.

RateLimitFilter

RateLimitFilter allows the user to limit the number of incoming requests to a predefined value based on attributes within the traffic flow.

FieldDescription
apiVersion stringgateway.envoyproxy.io/v1alpha1
kind stringRateLimitFilter
metadata ObjectMetaRefer to Kubernetes API documentation for fields of metadata.
spec RateLimitFilterSpecSpec defines the desired state of RateLimitFilter.

RateLimitFilterSpec

RateLimitFilterSpec defines the desired state of RateLimitFilter.

Appears in:

FieldDescription
type RateLimitTypeType decides the scope for the RateLimits. Valid RateLimitType values are “Global”.
global GlobalRateLimitGlobal defines global rate limit configuration.

RateLimitRule

RateLimitRule defines the semantics for matching attributes from the incoming requests, and setting limits for them.

Appears in:

FieldDescription
clientSelectors RateLimitSelectCondition arrayClientSelectors holds the list of select conditions to select specific clients using attributes from the traffic flow. All individual select conditions must hold True for this rule and its limit to be applied. If this field is empty, it is equivalent to True, and the limit is applied.
limit RateLimitValueLimit holds the rate limit values. This limit is applied for traffic flows when the selectors compute to True, causing the request to be counted towards the limit. The limit is enforced and the request is ratelimited, i.e. a response with 429 HTTP status code is sent back to the client when the selected requests have reached the limit.

RateLimitSelectCondition

RateLimitSelectCondition specifies the attributes within the traffic flow that can be used to select a subset of clients to be ratelimited. All the individual conditions must hold True for the overall condition to hold True.

Appears in:

FieldDescription
headers HeaderMatch arrayHeaders is a list of request headers to match. Multiple header values are ANDed together, meaning, a request MUST match all the specified headers.

RateLimitType

Underlying type: string

RateLimitType specifies the types of RateLimiting.

Appears in:

RateLimitUnit

Underlying type: string

RateLimitUnit specifies the intervals for setting rate limits. Valid RateLimitUnit values are “Second”, “Minute”, “Hour”, and “Day”.

Appears in:

RateLimitValue

RateLimitValue defines the limits for rate limiting.

Appears in:

FieldDescription
requests integer
unit RateLimitUnit

RemoteJWKS

RemoteJWKS defines how to fetch and cache JSON Web Key Sets (JWKS) from a remote HTTP/HTTPS endpoint.

Appears in:

FieldDescription
uri stringURI is the HTTPS URI to fetch the JWKS. Envoy’s system trust bundle is used to validate the server certificate.