DefaultEnvoyGateway returns a new EnvoyGateway with default configuration parameters.

DefaultEnvoyGatewayAdmin returns a new EnvoyGatewayAdmin with default configuration parameters.

DefaultEnvoyGatewayAdminAddress returns a new EnvoyGatewayAdminAddress with default configuration parameters.

DefaultEnvoyGatewayKubeProvider returns a new EnvoyGatewayKubernetesProvider with default settings.

DefaultEnvoyGatewayLogging returns a new EnvoyGatewayLogging with default configuration parameters.

DefaultEnvoyGatewayMetrics returns a new EnvoyGatewayMetrics with default configuration parameters.

DefaultEnvoyGatewayPrometheus returns a new EnvoyGatewayMetrics with default configuration parameters.

DefaultEnvoyGatewayProvider returns a new EnvoyGatewayProvider with default configuration parameters.

DefaultEnvoyGatewayTelemetry returns a new EnvoyGatewayTelemetry with default configuration parameters.

DefaultEnvoyProxyKubeProvider returns a new EnvoyProxyKubernetesProvider with default settings.

DefaultEnvoyProxyProvider returns a new EnvoyProxyProvider with default settings.

DefaultGateway returns a new Gateway with default configuration parameters.

DefaultKubernetesContainer returns a new KubernetesContainerSpec with default settings.

DefaultKubernetesContainerImage returns the default envoyproxy image.

DefaultKubernetesDaemonSet returns a new DefaultKubernetesDaemonSet with default settings.

DefaultKubernetesDaemonSetStrategy returns the default daemonset strategy settings.

DefaultKubernetesDeployment returns a new KubernetesDeploymentSpec with default settings.

DefaultKubernetesDeploymentStrategy returns the default deployment strategy settings.

DefaultKubernetesPod returns a new KubernetesPodSpec with default settings.

DefaultKubernetesService returns a new KubernetesServiceSpec with default settings.

DefaultKubernetesServiceType returns a new KubernetesServiceType with default settings.

DefaultLeaderElection returns a new LeaderElection with default configuration parameters.

DefaultResourceRequirements returns a new ResourceRequirements with default settings.

DefaultShutdownManagerContainerResourceRequirements returns a new ResourceRequirements with default settings.

GetKubernetesServiceType returns the KubernetesServiceType pointer.

ActiveHealthCheckerTypeHTTP defines the HTTP type of health checking.

ActiveHealthCheckerTypeTCP defines the TCP type of health checking.

ActiveHealthCheckPayloadTypeBinary defines the Binary type payload.

ActiveHealthCheckPayloadTypeText defines the Text type payload.

ALSEnvoyProxyAccessLogTypeHTTP defines the HTTP access log type and will populate StreamAccessLogsMessage.http_logs.

ALSEnvoyProxyAccessLogTypeTCP defines the TCP access log type and will populate StreamAccessLogsMessage.tcp_logs.

AppProtocolTypeH2C defines the HTTP/2 application protocol.

AppProtocolTypeWS defines the WebSocket over HTTP protocol.

AppProtocolTypeWSS defines the WebSocket over HTTPS protocol.

AuthorizationActionAllow is the action to allow the request.

AuthorizationActionDeny is the action to deny the request.

BackendConditionAccepted indicates whether the backend has been accepted or rejected by a targeted resource, and why.

BackendReasonAccepted is used with the "Accepted" condition when the backend has been accepted by the targeted resource.

BackendReasonInvalid is used with the "Accepted" condition when the backend is syntactically or semantically invalid.

Merge merges the provided bootstrap with the default one.

Replace replaces the default bootstrap with the provided one.

BufferedExtProcBodyProcessingMode will buffer the message body in memory and send the entire body at once.

BufferedPartialExtBodyHeaderProcessingMode will buffer the message body in memory and send the entire body in one chunk.

The gRPC status code in the response headers is “cancelled”.

ClusterEnvoyResourceType defines the Type URL of the Cluster resource.

ClusterLoadAssignmentEnvoyResourceType defines the Type URL of the ClusterLoadAssignment resource.

Connection failure to the upstream server (connect timeout, etc.).

ConsistentHashLoadBalancerType load balancer policy.

CookieConsistentHashType hashes based on a cookie.

CustomTagTypeEnvironment adds value from environment variable to each span.

CustomTagTypeLiteral adds hard-coded value to each span.

CustomTagTypeRequestHeader adds value from request header to each span.

The gRPC status code in the response headers is “deadline-exceeded”.

DefaultDeploymentCPUResourceRequests for deployment cpu resource.

DefaultDeploymentMemoryResourceRequests for deployment memory resource.

DefaultDeploymentReplicas is the default number of deployment replicas.

DefaultEnvoyProxyImage is the default image used by envoyproxy.

DefaultRateLimitImage is the default image used by ratelimit.

DefaultShutdownManagerCPUResourceRequests for shutdown manager cpu resource.

DefaultShutdownManagerImage is the default image used for the shutdown manager.

DefaultShutdownManagerMemoryResourceRequests for shutdown manager memory resource.

EndpointRoutingType is the RoutingType for Endpoint routing.

EnvoyFilterBasicAuthn defines the Envoy HTTP basic authentication filter.

EnvoyFilterCORS defines the Envoy HTTP CORS filter.

EnvoyFilterExtAuthz defines the Envoy HTTP external authorization filter.

EnvoyFilterExtProc defines the Envoy HTTP external process filter.

EnvoyFilterFault defines the Envoy HTTP fault filter.

EnvoyFilterJWTAuthn defines the Envoy HTTP JWT authentication filter.

EnvoyFilterLocalRateLimit defines the Envoy HTTP local rate limit filter.

EnvoyFilterOAuth2 defines the Envoy HTTP OAuth2 filter.

EnvoyFilterRateLimit defines the Envoy HTTP rate limit filter.

EnvoyFilterRBAC defines the Envoy RBAC filter.

EnvoyFilterRouter defines the Envoy HTTP router filter.

EnvoyFilterWasm defines the Envoy HTTP WebAssembly filter.

The upstream server responds with any 5xx response code, or does not respond at all (disconnect/reset/read timeout).

GatewayAdminHost is the host of envoy gateway admin server.

GatewayAdminPort is the port which envoy gateway admin server is listening on.

GatewayControllerName is the name of the GatewayClass controller.

The response is a gateway error (502,503 or 504).

GatewayMetricsHost is the host of envoy gateway metrics server.

GatewayMetricsPort is the port which envoy gateway metrics server is listening on.

GlobalRateLimitType allows the rate limits to be applied across all Envoy proxy instances.

GRPCProtocol is the common-used grpc protocol.

HeaderConsistentHashType hashes based on a request header.

HeaderMatchDistinct matches any and all possible unique values encountered in the specified HTTP Header.

HeaderMatchExact matches the exact value of the Value field against the value of the specified HTTP Header.

HeaderMatchRegularExpression matches a regular expression against the value of the specified HTTP Header.

HTTPProtocol is the common-used http protocol.

HTTPProtocolVersion1_0 specifies that HTTP/1.0 should be negotiable with ALPN.

HTTPProtocolVersion1_1 specifies that HTTP/1.1 should be negotiable with ALPN.

HTTPProtocolVersion2 specifies that HTTP/2 should be negotiable with ALPN.

HTTPWasmCodeSourceType allows the user to specify the Wasm code in an HTTP URL.

ImagePullPolicyAlways will pull the image when the EnvoyExtension resource version changes.

ImagePullPolicyIfNotPresent will only pull the image if it does not already exist in the EG cache.

ImageWasmCodeSourceType allows the user to specify the Wasm code in an OCI image.

InfrastructureProviderTypeHost defines the "Host" provider.

The gRPC status code in the response headers is “internal”.

JSONMerge indicates a JSON merge patch type.

JSONPatchEnvoyPatchType allows the user to patch the generated xDS resources using JSONPatch semantics.

KeepUnchangedAction keeps escaped slashes as they arrive without changes.

KindBackend is the name of the Backend kind.

KindBackendTrafficPolicy is the name of the BackendTrafficPolicy kind.

KindClientTrafficPolicy is the name of the ClientTrafficPolicy kind.

KindEnvoyExtensionPolicy is the name of the EnvoyExtensionPolicy kind.

KindEnvoyGateway is the name of the EnvoyGateway kind.

KindEnvoyPatchPolicy is the name of the EnvoyPatchPolicy kind.

KindEnvoyProxy is the name of the EnvoyProxy kind.

KindSecurityPolicy is the name of the SecurityPolicy kind.

KubernetesWatchModeTypeNamespaces indicates that the namespace watch mode is used.

KubernetesWatchModeTypeNamespaceSelector indicates that namespaceSelector watch mode is used.

LeastRequestLoadBalancerType load balancer policy.

ListenerEnvoyResourceType defines the Type URL of the Listener resource.

LocalRateLimitType allows the rate limits to be applied on a per Envoy proxy instance basis.

LogComponentAdmin defines the "admin" logging component.

LogComponentClient defines the "client" logging component.

LogComponentConnection defines the "connection" logging component.

LogComponentDefault defines the default logging component.

LogComponentFilter defines the "filter" logging component.

LogComponentGatewayAPIRunner defines the "gateway-api" runner component.

LogComponentGatewayDefault defines the "default"-wide logging component.

LogComponentGlobalRateLimitRunner defines the "global-ratelimit" runner component.

LogComponentHTTP defines the "http" logging component.

LogComponentInfrastructureRunner defines the "infrastructure" runner component.

LogComponentMain defines the "main" logging component.

LogComponentProviderRunner defines the "provider" runner component.

LogComponentRouter defines the "router" logging component.

LogComponentRuntime defines the "runtime" logging component.

LogComponentUpstream defines the "upstream" logging component.

LogComponentXdsServerRunner defines the "xds-server" runner component.

LogComponentXdsTranslatorRunner defines the "xds-translator" runner component.

LogLevelDebug defines the "debug" logging level.

LogLevelError defines the "Error" logging level.

LogLevelInfo defines the "Info" logging level.

LogLevelWarn defines the "Warn" logging level.

PolicyConditionOverridden indicates whether the policy has completely attached to all the sections within the target or not.

PolicyConditionProgrammed indicates whether the policy has been translated and ready to be programmed into the data plane.

PolicyReasonDisabled is used with the "Accepted" condition when the policy feature is disabled by the configuration.

PolicyReasonInvalid is used with the "Programmed" condition when the patch is syntactically or semantically invalid.

PolicyReasonOverridden is used with the "Overridden" condition when the policy has been overridden by another policy targeting a section within the same target.

PolicyReasonProgrammed is used with the "Programmed" condition when the policy is ready to be programmed into the data plane.

PolicyReasonResourceNotFound is used with the "Programmed" condition when the policy cannot find the resource type to patch to.

ProviderTypeFile defines the "File" provider.

ProviderTypeKubernetes defines the "Kubernetes" provider.

ProxyAccessLogFormatTypeJSON defines the JSON accesslog format.

ProxyAccessLogFormatTypeText defines the text accesslog format.

ProxyAccessLogSinkTypeALS defines the gRPC Access Log Service (ALS) sink.

ProxyAccessLogSinkTypeFile defines the file accesslog sink.

ProxyAccessLogSinkTypeOpenTelemetry defines the OpenTelemetry accesslog sink.

ProxyProtocolVersionV1 is the PROXY protocol version 1 (human readable format).

ProxyProtocolVersionV2 is the PROXY protocol version 2 (binary format).

RandomLoadBalancerType load balancer policy.

RateLimitUnitDay specifies the rate limit interval to be 1 day.

RateLimitUnitHour specifies the rate limit interval to be 1 hour.

RateLimitUnitMinute specifies the rate limit interval to be 1 minute.

RateLimitUnitSecond specifies the rate limit interval to be 1 second.

RedisBackendType uses a redis database for the rate limit service.

The upstream server resets the stream with a REFUSED_STREAM error code.

RejectRequestAction rejects client requests containing escaped slashes with a 400 status.

The upstream server does not respond at all (disconnect/reset/read timeout.).

The gRPC status code in the response headers is “resource-exhausted”.

ResourceProviderTypeFile defines the "File" provider.

The upstream server responds with a retriable 4xx response code.

The upstream server responds with any response code matching one defined in the RetriableStatusCodes.

RoundRobinLoadBalancerType load balancer policy.

RouteConfigurationEnvoyResourceType defines the Type URL of the RouteConfiguration resource.

ServiceExternalTrafficPolicyCluster routes traffic to all endpoints.

ServiceExternalTrafficPolicyLocal preserves the source IP of the traffic by routing only to endpoints on the same node as the traffic was received on (dropping the traffic if there are no local endpoints).

ServiceRoutingType is the RoutingType for Service Cluster IP routing.

ServiceTypeClusterIP means a service will only be accessible inside the cluster, via the cluster IP.

ServiceTypeLoadBalancer means a service will be exposed via an external load balancer (if the cloud provider supports it).

ServiceTypeNodePort means a service will be exposed on each Kubernetes Node at a static Port, common across all Nodes.

SourceIPConsistentHashType hashes based on the source IP address.

SourceMatchDistinct Each IP Address within the specified Source IP CIDR is treated as a distinct client selector and uses a separate rate limit bucket/counter.

SourceMatchExact All IP Addresses within the specified Source IP CIDR are treated as a single client selector and share the same rate limit bucket.

StrategicMerge indicates a strategic merge patch type.

StreamedExtProcBodyProcessingMode will stream the body to the server in pieces as they arrive at the proxy.

StringMatchExact :the input string must match exactly the match value.

StringMatchPrefix :the input string must start with the match value.

StringMatchRegularExpression :The input string must match the regular expression specified in the match value.

StringMatchSuffix :the input string must end with the match value.

TLSAuto allows Envoy to choose the optimal TLS Version.

TLS1.0 specifies TLS version 1.0.

TLS1.1 specifies TLS version 1.1.

TLSv1.2 specifies TLS version 1.2.

TLSv1.3 specifies TLS version 1.3.

The gRPC status code in the response headers is “unavailable”.

UnescapeAndForward unescapes %2F and %5C sequences and forwards the request.

UnescapeAndRedirect unescapes %2F and %5C sequences and redirects to the new path if these sequences were present.

WithUnderscoresActionAllow allows headers with underscores to be passed through.

WithUnderscoresActionDropHeader drops the client header with name containing underscores.

WithUnderscoresActionRejectRequest rejects the client request.

XFCCCertDataCert is the entire client certificate in URL encoded PEM format.

XFCCCertDataChain is the entire client certificate chain (including the leaf certificate) in URL encoded PEM format.

XFCCCertDataDNS is the DNS type Subject Alternative Name field of the current client certificate.

XFCCCertDataSubject is the Subject field of the current client certificate.

XFCCCertDataURI is the URI type Subject Alternative Name field of the current client certificate.

XFCCForwardModeAlwaysForwardOnly always forwards the XFCC header in the request, regardless of whether the client connection is mTLS.

XFCCForwardModeAppendForward appends the client certificate information to the request’s XFCC header and forward it if the client connection is mTLS.

XFCCForwardModeForwardOnly forwards the XFCC header in the request if the client connection is mTLS.

XFCCForwardModeSanitize removes the XFCC header from the request.

XFCCForwardModeSanitizeSet resets the XFCC header with the client certificate information and forward it if the client connection is mTLS.

AddToScheme adds the types in this group-version to the given scheme.

GroupVersion is group version used to register these objects.

SchemeBuilder is used to add go types to the GroupVersionKind scheme.

ActiveHealthCheck defines the active health check configuration.

ActiveHealthCheckPayload defines the encoding of the payload bytes in the payload.

ALSEnvoyProxyAccessLog defines the gRPC Access Log Service (ALS) sink.

Authorization defines the authorization configuration.

AuthorizationRule defines a single authorization rule.

Backend allows the user to configure the endpoints of a backend and the behavior of the connection from Envoy Proxy to the backend.

BackendConnection allows users to configure connection-level settings of backend.

BackendEndpoint describes a backend endpoint, which can be either a fully-qualified domain name, IP address or unix domain socket corresponding to Envoy's Address: https://www.envoyproxy.io/docs/envoy/latest/api-v3/config/core/v3/address.proto#config-core-v3-address +kubebuilder:validation:XValidation:rule="(has(self.fqdn) || has(self.ip) || has(self.unix))",message="one of fqdn, ip or unix must be specified" +kubebuilder:validation:XValidation:rule="((has(self.fqdn) && !(has(self.ip) || has(self.unix))) || (has(self.ip) && !(has(self.fqdn) || has(self.unix))) || (has(self.unix) && !(has(self.ip) || has(self.fqdn))))",message="only one of fqdn, ip or unix can be specified".

BackendList contains a list of Backend resources.

BackendRef defines how an ObjectReference that is specific to BackendRef.

BackendSpec describes the desired state of BackendSpec.

BackendStatus defines the state of Backend.

BackendTLSConfig describes the BackendTLS configuration for Envoy Proxy.

BackendTrafficPolicy allows the user to configure the behavior of the connection between the Envoy Proxy listener and the backend service.

BackendTrafficPolicyConnection allows users to configure connection-level settings of backend.

BackendTrafficPolicyList contains a list of BackendTrafficPolicy resources.

+kubebuilder:validation:XValidation:rule="(has(self.targetRef) && !has(self.targetRefs)) || (!has(self.targetRef) && has(self.targetRefs)) || (has(self.targetSelectors) && self.targetSelectors.size() > 0) ", message="either targetRef or targetRefs must be used" +kubebuilder:validation:XValidation:rule="has(self.targetRef) ? self.targetRef.group == 'gateway.networking.k8s.io' : true ", message="this policy can only have a targetRef.group of gateway.networking.k8s.io" +kubebuilder:validation:XValidation:rule="has(self.targetRef) ? self.targetRef.kind in ['Gateway', 'HTTPRoute', 'GRPCRoute', 'UDPRoute', 'TCPRoute', 'TLSRoute'] : true", message="this policy can only have a targetRef.kind of Gateway/HTTPRoute/GRPCRoute/TCPRoute/UDPRoute/TLSRoute" +kubebuilder:validation:XValidation:rule="has(self.targetRef) ? !has(self.targetRef.sectionName) : true",message="this policy does not yet support the sectionName field" +kubebuilder:validation:XValidation:rule="has(self.targetRefs) ? self.targetRefs.all(ref, ref.group == 'gateway.networking.k8s.io') : true ", message="this policy can only have a targetRefs[*].group of gateway.networking.k8s.io" +kubebuilder:validation:XValidation:rule="has(self.targetRefs) ? self.targetRefs.all(ref, ref.kind in ['Gateway', 'HTTPRoute', 'GRPCRoute', 'UDPRoute', 'TCPRoute', 'TLSRoute']) : true ", message="this policy can only have a targetRefs[*].kind of Gateway/HTTPRoute/GRPCRoute/TCPRoute/UDPRoute/TLSRoute" +kubebuilder:validation:XValidation:rule="has(self.targetRefs) ? self.targetRefs.all(ref, !has(ref.sectionName)) : true",message="this policy does not yet support the sectionName field" BackendTrafficPolicySpec defines the desired state of BackendTrafficPolicy.

BasicAuth defines the configuration for the HTTP Basic Authentication.

CircuitBreaker defines the Circuit Breaker configuration.

ClaimToHeader defines a configuration to convert JWT claims into HTTP headers.

ClientConnection allows users to configure connection-level settings of client.

ClientIPDetectionSettings provides configuration for determining the original client IP address for requests.

ClientTrafficPolicy allows the user to configure the behavior of the connection between the downstream client and Envoy Proxy listener.

ClientTrafficPolicyList contains a list of ClientTrafficPolicy resources.

+kubebuilder:validation:XValidation:rule="(has(self.targetRef) && !has(self.targetRefs)) || (!has(self.targetRef) && has(self.targetRefs)) || (has(self.targetSelectors) && self.targetSelectors.size() > 0) ", message="either targetRef or targetRefs must be used" +kubebuilder:validation:XValidation:rule="has(self.targetRef) ? self.targetRef.group == 'gateway.networking.k8s.io' : true", message="this policy can only have a targetRef.group of gateway.networking.k8s.io" +kubebuilder:validation:XValidation:rule="has(self.targetRef) ? self.targetRef.kind == 'Gateway' : true", message="this policy can only have a targetRef.kind of Gateway" +kubebuilder:validation:XValidation:rule="has(self.targetRefs) ? self.targetRefs.all(ref, ref.group == 'gateway.networking.k8s.io') : true", message="this policy can only have a targetRefs[*].group of gateway.networking.k8s.io" +kubebuilder:validation:XValidation:rule="has(self.targetRefs) ? self.targetRefs.all(ref, ref.kind == 'Gateway') : true", message="this policy can only have a targetRefs[*].kind of Gateway" ClientTrafficPolicySpec defines the desired state of ClientTrafficPolicy.

ClientValidationContext holds configuration that can be used to validate the client initiating the TLS connection to the Gateway.

Compression defines the config of enabling compression.

ConsistentHash defines the configuration related to the consistent hash load balancer policy.

Cookie defines the cookie hashing configuration for consistent hash based load balancing.

CORS defines the configuration for Cross-Origin Resource Sharing (CORS).

CustomHeaderExtensionSettings provides configuration for determining the client IP address for a request based on a trusted custom HTTP header.

EnvironmentCustomTag adds value from environment variable to each span.

EnvoyExtensionPolicy allows the user to configure various envoy extensibility options for the Gateway.

EnvoyExtensionPolicyList contains a list of EnvoyExtensionPolicy resources.

+kubebuilder:validation:XValidation:rule="(has(self.targetRef) && !has(self.targetRefs)) || (!has(self.targetRef) && has(self.targetRefs)) || (has(self.targetSelectors) && self.targetSelectors.size() > 0) ", message="either targetRef or targetRefs must be used" +kubebuilder:validation:XValidation:rule="has(self.targetRef) ? self.targetRef.group == 'gateway.networking.k8s.io' : true", message="this policy can only have a targetRef.group of gateway.networking.k8s.io" +kubebuilder:validation:XValidation:rule="has(self.targetRef) ? self.targetRef.kind in ['Gateway', 'HTTPRoute', 'GRPCRoute', 'UDPRoute', 'TCPRoute', 'TLSRoute'] : true", message="this policy can only have a targetRef.kind of Gateway/HTTPRoute/GRPCRoute/TCPRoute/UDPRoute/TLSRoute" +kubebuilder:validation:XValidation:rule="has(self.targetRef) ? !has(self.targetRef.sectionName) : true",message="this policy does not yet support the sectionName field" +kubebuilder:validation:XValidation:rule="has(self.targetRefs) ? self.targetRefs.all(ref, ref.group == 'gateway.networking.k8s.io') : true ", message="this policy can only have a targetRefs[*].group of gateway.networking.k8s.io" +kubebuilder:validation:XValidation:rule="has(self.targetRefs) ? self.targetRefs.all(ref, ref.kind in ['Gateway', 'HTTPRoute', 'GRPCRoute', 'UDPRoute', 'TCPRoute', 'TLSRoute']) : true ", message="this policy can only have a targetRefs[*].kind of Gateway/HTTPRoute/GRPCRoute/TCPRoute/UDPRoute/TLSRoute" +kubebuilder:validation:XValidation:rule="has(self.targetRefs) ? self.targetRefs.all(ref, !has(ref.sectionName)) : true",message="this policy does not yet support the sectionName field" EnvoyExtensionPolicySpec defines the desired state of EnvoyExtensionPolicy.

EnvoyGateway is the schema for the envoygateways API.

EnvoyGatewayAdmin defines the Envoy Gateway Admin configuration.

EnvoyGatewayAdminAddress defines the Envoy Gateway Admin Address configuration.

EnvoyGatewayCustomProvider defines configuration for the Custom provider.

EnvoyGatewayFileResourceProvider defines configuration for the File Resource provider.

EnvoyGatewayHostInfrastructureProvider defines configuration for the Host Infrastructure provider.

EnvoyGatewayInfrastructureProvider defines configuration for the Custom Infrastructure provider.

EnvoyGatewayKubernetesProvider defines configuration for the Kubernetes provider.

EnvoyGatewayLogging defines logging for Envoy Gateway.

EnvoyGatewayMetrics defines control plane push/pull metrics configurations.

EnvoyGatewayMetricSink defines control plane metric sinks where metrics are sent to.

EnvoyGatewayPrometheusProvider will expose prometheus endpoint in pull mode.

EnvoyGatewayProvider defines the desired configuration of a provider.

EnvoyGatewayResourceProvider defines configuration for the Custom Resource provider.

EnvoyGatewaySpec defines the desired state of Envoy Gateway.

EnvoyGatewayTelemetry defines telemetry configurations for envoy gateway control plane.

EnvoyJSONPatchConfig defines the configuration for patching a Envoy xDS Resource using JSONPatch semantic.

EnvoyPatchPolicy allows the user to modify the generated Envoy xDS resources by Envoy Gateway using this patch API.

EnvoyPatchPolicyList contains a list of EnvoyPatchPolicy resources.

EnvoyPatchPolicySpec defines the desired state of EnvoyPatchPolicy.

EnvoyProxy is the schema for the envoyproxies API.

+kubebuilder:validation:XValidation:rule="((has(self.envoyDeployment) && !has(self.envoyDaemonSet)) || (!has(self.envoyDeployment) && has(self.envoyDaemonSet))) || (!has(self.envoyDeployment) && !has(self.envoyDaemonSet))",message="only one of envoyDeployment or envoyDaemonSet can be specified" +kubebuilder:validation:XValidation:rule="((has(self.envoyHpa) && !has(self.envoyDaemonSet)) || (!has(self.envoyHpa) && has(self.envoyDaemonSet))) || (!has(self.envoyHpa) && !has(self.envoyDaemonSet))",message="cannot use envoyHpa if envoyDaemonSet is used" EnvoyProxyKubernetesProvider defines configuration for the Kubernetes resource provider.

EnvoyProxyList contains a list of EnvoyProxy.

EnvoyProxyProvider defines the desired state of a resource provider.

EnvoyProxySpec defines the desired state of EnvoyProxy.

EnvoyProxyStatus defines the observed state of EnvoyProxy.

ExtAuth defines the configuration for External Authorization.

ExtensionAPISettings defines the settings specific to Gateway API Extensions.

ExtensionHooks defines extension hooks across all supported runners.

ExtensionManager defines the configuration for registering an extension manager to the Envoy Gateway control plane.

ExtensionService defines the configuration for connecting to a registered extension service.

ExtensionTLS defines the TLS configuration when connecting to an extension service.

ExtProc defines the configuration for External Processing filter.

ExtProcProcessingMode defines if and how headers and bodies are sent to the service.

FaultInjection defines the fault injection policy to be applied.

FaultInjectionAbort defines the abort fault injection configuration +union +kubebuilder:validation:XValidation:rule=" !(has(self.httpStatus) && has(self.grpcStatus)) ",message="httpStatus and grpcStatus cannot be simultaneously defined." +kubebuilder:validation:XValidation:rule=" has(self.httpStatus) || has(self.grpcStatus) ",message="httpStatus and grpcStatus are set at least one.".

FaultInjectionDelay defines the delay fault injection configuration.

FilterPosition defines the position of an Envoy HTTP filter in the filter chain.

FQDNEndpoint describes TCP/UDP socket address, corresponding to Envoy's Socket Address https://www.envoyproxy.io/docs/envoy/latest/api-v3/config/core/v3/address.proto#config-core-v3-socketaddress.

Gateway defines the desired Gateway API configuration of Envoy Gateway.

GlobalRateLimit defines global rate limit configuration.

GroupVersionKind unambiguously identifies a Kind.

GRPCExtAuthService defines the gRPC External Authorization service The authorization request message is defined in https://www.envoyproxy.io/docs/envoy/latest/api-v3/service/auth/v3/external_auth.proto +kubebuilder:validation:XValidation:message="backendRef or backendRefs needs to be set",rule="has(self.backendRef) || self.backendRefs.size() > 0".

GzipCompressor defines the config for the Gzip compressor.

Header defines the header hashing configuration for consistent hash based load balancing.

HeaderMatch defines the match attributes within the HTTP Headers of the request.

HeaderSettings provides configuration options for headers on the listener.

HealthCheck configuration to decide which endpoints are healthy and can be used for routing.

HealthCheckSettings provides HealthCheck configuration on the HTTP/HTTPS listener.

HTTP10Settings provides HTTP/1.0 configuration on the listener.

HTTP1Settings provides HTTP/1 configuration on the listener.

HTTP2Settings provides HTTP/2 configuration on the listener.

HTTP3Settings provides HTTP/3 configuration on the listener.

HTTPActiveHealthChecker defines the settings of http health check.

HTTPExtAuthService defines the HTTP External Authorization service +kubebuilder:validation:XValidation:message="backendRef or backendRefs needs to be set",rule="has(self.backendRef) || self.backendRefs.size() > 0".

HTTPWasmCodeSource defines the HTTP URL containing the Wasm code.

ImageWasmCodeSource defines the OCI image containing the Wasm code.

IPEndpoint describes TCP/UDP socket address, corresponding to Envoy's Socket Address https://www.envoyproxy.io/docs/envoy/latest/api-v3/config/core/v3/address.proto#config-core-v3-socketaddress.

JSONPatchOperation defines the JSON Patch Operation as defined in https://datatracker.ietf.org/doc/html/rfc6902.

JWT defines the configuration for JSON Web Token (JWT) authentication.

JWTExtractor defines a custom JWT token extraction from HTTP request.

JWTHeaderExtractor defines an HTTP header location to extract JWT token.

JWTProvider defines how a JSON Web Token (JWT) can be verified.

KubernetesContainerSpec defines the desired state of the Kubernetes container resource.

KubernetesDaemonsetSpec defines the desired state of the Kubernetes daemonset resource.

KubernetesDeploymentSpec defines the desired state of the Kubernetes deployment resource.

KubernetesDeployMode holds configuration for how to deploy managed resources such as the Envoy Proxy data plane fleet.

KubernetesHorizontalPodAutoscalerSpec defines Kubernetes Horizontal Pod Autoscaler settings of Envoy Proxy Deployment.

KubernetesPatchSpec defines how to perform the patch operation.

KubernetesPodDisruptionBudgetSpec defines Kubernetes PodDisruptionBudget settings of Envoy Proxy Deployment.

KubernetesPodSpec defines the desired state of the Kubernetes pod resource.

KubernetesServiceSpec defines the desired state of the Kubernetes service resource.

KubernetesWatchMode holds the configuration for which input resources to watch and reconcile.

LeaderElection defines the desired leader election settings.

LiteralCustomTag adds hard-coded value to each span.

LoadBalancer defines the load balancer policy to be applied.

LocalRateLimit defines local rate limit configuration.

OIDC defines the configuration for the OpenID Connect (OIDC) authentication.

OIDCCookieNames defines the names of cookies to use in the Envoy OIDC filter.

OIDCProvider defines the OIDC Provider configuration.

OpenTelemetryEnvoyProxyAccessLog defines the OpenTelemetry access log sink.

PassiveHealthCheck defines the configuration for passive health checks in the context of Envoy's Outlier Detection, see https://www.envoyproxy.io/docs/envoy/latest/intro/arch_overview/upstream/outlier.

PathSettings provides settings that managing how the incoming path set by clients is handled.

Principal specifies the client identity of a request.

ProcessingModeOptions defines if headers or body should be processed by the external service.

ProxyAccessLogFormat defines the format of accesslog.

ProxyAccessLogSink defines the sink of accesslog.

ProxyBootstrap defines Envoy Bootstrap configuration.

ProxyLogging defines logging parameters for managed proxies.

ProxyMetricSink defines the sink of metrics.

ProxyOpenTelemetrySink defines the configuration for OpenTelemetry sink.

ProxyProtocol defines the configuration related to the proxy protocol when communicating with the backend.

RateLimit defines the configuration associated with the Rate Limit Service used for Global Rate Limiting.

RateLimitDatabaseBackend defines the configuration associated with the database backend used by the rate limit service.

RateLimitRedisSettings defines the configuration for connecting to redis database.

RateLimitRule defines the semantics for matching attributes from the incoming requests, and setting limits for them.

RateLimitSelectCondition specifies the attributes within the traffic flow that can be used to select a subset of clients to be ratelimited.

RateLimitSpec defines the desired state of RateLimitSpec.

RateLimitTracingProvider defines the tracing provider configuration of RateLimit.

RateLimitValue defines the limits for rate limiting.

RedisTLSSettings defines the TLS configuration for connecting to redis database.

RemoteJWKS defines how to fetch and cache JSON Web Key Sets (JWKS) from a remote HTTP/HTTPS endpoint.

RequestHeaderCustomTag adds value from request header to each span.

Retry defines the retry strategy to be applied.

SecurityPolicy allows the user to configure various security settings for a Gateway.

SecurityPolicyList contains a list of SecurityPolicy resources.

+kubebuilder:validation:XValidation:rule="(has(self.targetRef) && !has(self.targetRefs)) || (!has(self.targetRef) && has(self.targetRefs)) || (has(self.targetSelectors) && self.targetSelectors.size() > 0) ", message="either targetRef or targetRefs must be used" +kubebuilder:validation:XValidation:rule="has(self.targetRef) ? self.targetRef.group == 'gateway.networking.k8s.io' : true", message="this policy can only have a targetRef.group of gateway.networking.k8s.io" +kubebuilder:validation:XValidation:rule="has(self.targetRef) ? self.targetRef.kind in ['Gateway', 'HTTPRoute', 'GRPCRoute'] : true", message="this policy can only have a targetRef.kind of Gateway/HTTPRoute/GRPCRoute" +kubebuilder:validation:XValidation:rule="has(self.targetRef) ? !has(self.targetRef.sectionName) : true",message="this policy does not yet support the sectionName field" +kubebuilder:validation:XValidation:rule="has(self.targetRefs) ? self.targetRefs.all(ref, ref.group == 'gateway.networking.k8s.io') : true ", message="this policy can only have a targetRefs[*].group of gateway.networking.k8s.io" +kubebuilder:validation:XValidation:rule="has(self.targetRefs) ? self.targetRefs.all(ref, ref.kind in ['Gateway', 'HTTPRoute', 'GRPCRoute']) : true ", message="this policy can only have a targetRefs[*].kind of Gateway/HTTPRoute/GRPCRoute" +kubebuilder:validation:XValidation:rule="has(self.targetRefs) ? self.targetRefs.all(ref, !has(ref.sectionName)) : true",message="this policy does not yet support the sectionName field" SecurityPolicySpec defines the desired state of SecurityPolicy.

ShutdownConfig defines configuration for graceful envoy shutdown process.

ShutdownManager defines the configuration for the shutdown manager.

SlowStart defines the configuration related to the slow start load balancer policy.

StringMatch defines how to match any strings.

+kubebuilder:validation:XValidation:rule="has(self.group) ? self.group == 'gateway.networking.k8s.io' : true ", message="group must be gateway.networking.k8s.io".

TCPActiveHealthChecker defines the settings of tcp health check.

TCPClientTimeout only provides timeout configuration on the listener whose protocol is TCP or TLS.

TCPKeepalive define the TCP Keepalive configuration.

Timeout defines configuration for timeouts related to connections.

+kubebuilder:validation:XValidation:rule="has(self.minVersion) && self.minVersion == '1.3' ? !has(self.ciphers) : true", message="setting ciphers has no effect if the minimum possible TLS version is 1.3" +kubebuilder:validation:XValidation:rule="has(self.minVersion) && has(self.maxVersion) ? {\"Auto\":0,\"1.0\":1,\"1.1\":2,\"1.2\":3,\"1.3\":4}[self.minVersion] <= {\"1.0\":1,\"1.1\":2,\"1.2\":3,\"1.3\":4,\"Auto\":5}[self.maxVersion] : !has(self.minVersion) && has(self.maxVersion) ? 3 <= {\"1.0\":1,\"1.1\":2,\"1.2\":3,\"1.3\":4,\"Auto\":5}[self.maxVersion] : true", message="minVersion must be smaller or equal to maxVersion".

TracingProvider defines the tracing provider configuration.

UnixSocket describes TCP/UDP unix domain socket address, corresponding to Envoy's Pipe https://www.envoyproxy.io/docs/envoy/latest/api-v3/config/core/v3/address.proto#config-core-v3-pipe.

Wasm defines a Wasm extension.

WasmCodeSource defines the source of the Wasm code.

XDSTranslatorHooks contains all the pre and post hooks for the xds-translator runner.

XForwardedClientCert configures how Envoy Proxy handle the x-forwarded-client-cert (XFCC) HTTP header.

XForwardedForSettings provides configuration for using X-Forwarded-For headers for determining the client IP address.

ZipkinTracingProvider defines the Zipkin tracing provider configuration.

ActiveHealthCheckerType is the type of health checker.

ActiveHealthCheckPayloadType is the type of the payload.

ALPNProtocol specifies the protocol to be negotiated using ALPN +kubebuilder:validation:Enum=http/1.0;http/1.1;h2.

AppProtocolType defines various backend applications protocols supported by Envoy Gateway +kubebuilder:validation:Enum=gateway.envoyproxy.io/h2c;gateway.envoyproxy.io/ws;gateway.envoyproxy.io/wss.

AuthorizationAction defines the action to be taken if a rule matches.

BackendConditionReason is a reason for a backend condition.

BackendConditionType is a type of condition for a backend.

BootstrapType defines the types of bootstrap supported by Envoy Gateway.

CIDR defines a CIDR Address range.

CompressorType defines the types of compressor library supported by Envoy Gateway.

ConsistentHashType defines the type of input to hash on.

EnvoyFilter defines the type of Envoy HTTP filter.

EnvoyGatewayLogComponent defines a component that supports a configured logging level.

EnvoyPatchType specifies the types of Envoy patching mechanisms.

EnvoyResourceType specifies the type URL of the Envoy resource.

+kubebuilder:validation:Enum=Streamed;Buffered;BufferedPartial.

HeaderMatchType specifies the semantics of how HTTP header values should be compared.

HTTPStatus defines the http status code.

ImagePullPolicy defines the policy to use when pulling an OIC image.

InfrastructureProviderType defines the types of custom infrastructure providers supported by Envoy Gateway.

JSONPatchOperationType specifies the JSON Patch operations that can be performed.

KubernetesWatchModeType defines the type of KubernetesWatchMode.

LoadBalancerType specifies the types of LoadBalancer.

LogLevel defines a log level for Envoy Gateway and EnvoyProxy system logs.

MergeType defines the type of merge operation.

Origin is defined by the scheme (protocol), hostname (domain), and port of the URL used to access it.

PathEscapedSlashAction determines the action for requests that contain %2F, %2f, %5C, or %5c sequences in the URI path.

ProviderType defines the types of providers supported by Envoy Gateway.

ProxyLogComponent defines a component that supports a configured logging level.

ProxyProtocolVersion defines the version of the Proxy Protocol to use.

RateLimitDatabaseBackendType specifies the types of database backend to be used by the rate limit service.

RateLimitType specifies the types of RateLimiting.

RateLimitUnit specifies the intervals for setting rate limits.

ResourceProviderType defines the types of custom resource providers supported by Envoy Gateway.

RoutingType defines the type of routing of this Envoy proxy.

ServiceExternalTrafficPolicy describes how nodes distribute service traffic they receive on one of the Service's "externally-facing" addresses (NodePorts, ExternalIPs, and LoadBalancer IPs.

ServiceType string describes ingress methods for a service +enum +kubebuilder:validation:Enum=ClusterIP;LoadBalancer;NodePort.

+kubebuilder:validation:Enum=Exact;Distinct.

StringMatchType specifies the semantics of how a string value should be compared.

TLSVersion specifies the TLS version +kubebuilder:validation:Enum=Auto;"1.0";"1.1";"1.2";"1.3".

TriggerEnum specifies the conditions that trigger retries.

WasmCodeSourceType specifies the types of sources for the Wasm code.

WithUnderscoresAction configures the action to take when an HTTP header with underscores is encountered.

XDSTranslatorHook defines the types of hooks that an Envoy Gateway extension may support for the xds-translator +kubebuilder:validation:Enum=VirtualHost;Route;HTTPListener;Translation.

XFCCCertData specifies the fields in the client certificate to be forwarded in the XFCC header.

XFCCForwardMode defines how XFCC header is handled by Envoy Proxy.