Application Gateway for Containers API specification for Kubernetes

Packages

Package v1 is the v1 version of the API.

alb.networking.azure.io/v1

This document defines each of the resource types for alb.networking.azure.io/v1.

Resource Types:

AffinityType (string alias)

(Appears on:SessionAffinity)

AffinityType defines the affinity type for the Service

Value	Description
"application-cookie"	AffinityTypeApplicationCookie is a session affinity type for an application cookie
"managed-cookie"	AffinityTypeManagedCookie is a session affinity type for a managed cookie

AlbConditionReason (string alias)

AlbConditionReason defines the set of reasons that explain why a particular condition type are raised by the Application Gateway for Containers resource.

Value	Description
"Accepted"	AlbReasonAccepted indicates that the Application Gateway for Containers resource are accepted by the controller.
"Ready"	AlbReasonDeploymentReady indicates the Application Gateway for Containers resource deployment status.
"InProgress"	AlbReasonInProgress indicates whether the Application Gateway for Containers resource is in the process of being created, updated or deleted.

AlbConditionType (string alias)

AlbConditionType is a type of condition associated with an Application Gateway for Containers resource. This type should be used with the AlbStatus.Conditions field.

Value	Description
"Accepted"	AlbConditionTypeAccepted indicates whether the Application Gateway for Containers resource are accepted by the controller.
"Deployment"	AlbConditionTypeDeployment indicates the deployment status of the Application Gateway for Containers resource.

AlbSpec

(Appears on:ApplicationLoadBalancer)

AlbSpec defines the specifications for the Application Gateway for Containers resource.

Field	Description
associations []string	Associations are subnet resource IDs the Application Gateway for Containers resource are associated with.

AlbStatus

(Appears on:ApplicationLoadBalancer)

AlbStatus defines the observed state of Application Gateway for Containers resource.

Field	Description
conditions []Kubernetes meta/v1.Condition	(Optional) Known condition types are: “Accepted” “Ready”

ApplicationLoadBalancer

ApplicationLoadBalancer is the schema for the Application Gateway for Containers resource.

Field	Description
metadata Kubernetes meta/v1.ObjectMeta	(Optional) Object’s metadata. Refer to the Kubernetes API documentation for the fields of the metadata field.
spec AlbSpec	Spec is the specifications for Application Gateway for Containers resource. associations []string Associations are subnet resource IDs the Application Gateway for Containers resource are associated with.
status AlbStatus	Status defines the current state of Application Gateway for Containers resource.

BackendTLSPolicy

BackendTLSPolicy is the schema for the BackendTLSPolicys API

Field	Description
metadata Kubernetes meta/v1.ObjectMeta	(Optional) Object’s metadata. Refer to the Kubernetes API documentation for the fields of the metadata field.
spec BackendTLSPolicySpec	Spec is the BackendTLSPolicy specification. targetRef CustomTargetRef TargetRef identifies an API object to apply policy to. override BackendTLSPolicyConfig (Optional) Override defines policy configuration that should override policy configuration attached below the targeted resource in the hierarchy. Note: Override is currently not supported and will result in a validation error. Support for Override will be added in a future release. default BackendTLSPolicyConfig (Optional) Default defines default policy configuration for the targeted resource.
status BackendTLSPolicyStatus	Status defines the current state of BackendTLSPolicy.

BackendTLSPolicyConditionReason (string alias)

BackendTLSPolicyConditionReason defines the set of reasons that explain why a particular BackendTLSPolicy condition type is raised.

Value	Description
"Accepted"	BackendTLSPolicyReasonAccepted is used to set the BackendTLSPolicyConditionReason to Accepted When the given BackendTLSPolicy is correctly configured
"InvalidBackendTLSPolicy"	BackendTLSPolicyReasonInvalid is the reason when the BackendTLSPolicy isn’t Accepted
"InvalidCertificateRef"	BackendTLSPolicyReasonInvalidCertificateRef is used when an invalid certificate is referenced
"InvalidGroup"	BackendTLSPolicyReasonInvalidGroup is used when the group is invalid
"InvalidKind"	BackendTLSPolicyReasonInvalidKind is used when the kind/group is invalid
"InvalidName"	BackendTLSPolicyReasonInvalidName is used when the name is invalid
"InvalidSecret"	BackendTLSPolicyReasonInvalidSecret is used when the Secret is invalid
"InvalidService"	BackendTLSPolicyReasonInvalidService is used when the Service is invalid
"NoTargetReference"	BackendTLSPolicyReasonNoTargetReference is used when there’s no target reference
"OverrideNotSupported"	BackendTLSPolicyReasonOverrideNotSupported is used when the override isn’t supported
"RefNotPermitted"	BackendTLSPolicyReasonRefNotPermitted is used when the ref isn’t permitted
"SectionNamesNotPermitted"	BackendTLSPolicyReasonSectionNamesNotPermitted is used when the section names aren’t permitted

BackendTLSPolicyConditionType (string alias)

BackendTLSPolicyConditionType is a type of condition associated with a BackendTLSPolicy. This type should be used with the BackendTLSPolicyStatus.Conditions field.

Value	Description
"Accepted"	BackendTLSPolicyConditionAccepted is used to set the BackendTLSPolicyConditionType to Accepted
"ResolvedRefs"	BackendTLSPolicyConditionResolvedRefs is used to set the BackendTLSPolicyCondition to ResolvedRefs

BackendTLSPolicyConfig

(Appears on:BackendTLSPolicySpec)

BackendTLSPolicyConfig defines the policy specification for the Backend TLS Policy.

Field	Description
CommonTLSPolicy CommonTLSPolicy	(Members of CommonTLSPolicy are embedded into this type.)
sni string	(Optional) Sni is the server name to use for the TLS connection to the backend.
ports []BackendTLSPolicyPort	Ports specifies the list of ports where the policy is applied.
clientCertificateRef Gateway API .SecretObjectReference	(Optional) ClientCertificateRef is the reference to the client certificate to use for the TLS connection to the backend.

BackendTLSPolicyPort

(Appears on:BackendTLSPolicyConfig)

BackendTLSPolicyPort defines the port to use for the TLS connection to the backend

Field	Description
port int	Port is the port to use for the TLS connection to the backend

BackendTLSPolicySpec

(Appears on:BackendTLSPolicy)

BackendTLSPolicySpec defines the desired state of BackendTLSPolicy

Field	Description
targetRef CustomTargetRef	TargetRef identifies an API object to apply policy to.
override BackendTLSPolicyConfig	(Optional) Override defines policy configuration that should override policy configuration attached below the targeted resource in the hierarchy. Note: Override is currently not supported and will result in a validation error. Support for Override will be added in a future release.
default BackendTLSPolicyConfig	(Optional) Default defines default policy configuration for the targeted resource.

BackendTLSPolicyStatus

(Appears on:BackendTLSPolicy)

BackendTLSPolicyStatus defines the observed state of BackendTLSPolicy.

Field	Description
conditions []Kubernetes meta/v1.Condition	(Optional) Conditions describe the current conditions of the BackendTLSPolicy. Implementations should prefer to express BackendTLSPolicy conditions using the BackendTLSPolicyConditionType and BackendTLSPolicyConditionReason constants so that operators and tools can converge on a common vocabulary to describe BackendTLSPolicy state. Known condition types are: “Accepted”

CommonTLSPolicy

(Appears on:BackendTLSPolicyConfig)

CommonTLSPolicy is the schema for the CommonTLSPolicy API

Field	Description
verify CommonTLSPolicyVerify	(Optional) Verify provides the options to verify the backend certificate

CommonTLSPolicyVerify

(Appears on:CommonTLSPolicy)

CommonTLSPolicyVerify defines the schema for the CommonTLSPolicyVerify API

Field	Description
caCertificateRef Gateway API .SecretObjectReference	CaCertificateRef is the CA certificate used to verify peer certificate of the backend.
subjectAltName string	SubjectAltName is the subject alternative name used to verify peer certificate of the backend.

CustomTargetRef

(Appears on:BackendTLSPolicySpec, FrontendTLSPolicySpec, HealthCheckPolicySpec, RoutePolicySpec)

CustomTargetRef is a reference to a custom resource that isn’t part of the Kubernetes core API.

Field	Description
PolicyTargetReference Gateway API .PolicyTargetReference	(Members of PolicyTargetReference are embedded into this type.)
sectionNames []string	(Optional) SectionNames is the name of the section within the target resource. When unspecified, this targetRef targets the entire resource. In the following resources, SectionNames is interpreted as the following: Gateway: Listener Name Service: Port Name If a SectionNames is specified, but does not exist on the targeted object, the Policy will fail to attach, and the policy implementation will record a ResolvedRefs or similar Condition in the Policy’s status.

FrontendTLSPolicy

FrontendTLSPolicy is the schema for the FrontendTLSPolicy API

Field	Description
metadata Kubernetes meta/v1.ObjectMeta	(Optional) Object’s metadata. Refer to the Kubernetes API documentation for the fields of the metadata field.
spec FrontendTLSPolicySpec	Spec is the FrontendTLSPolicy specification. targetRef CustomTargetRef TargetRef identifies an API object to apply policy to. default FrontendTLSPolicyConfig (Optional) Default defines default policy configuration for the targeted resource. override FrontendTLSPolicyConfig (Optional) Override defines policy configuration that should override policy configuration attached below the targeted resource in the hierarchy. Note: Override is currently not supported and will result in a validation error. Support for Override will be added in a future release.
status FrontendTLSPolicyStatus	Status defines the current state of FrontendTLSPolicy.

FrontendTLSPolicyConditionReason (string alias)

FrontendTLSPolicyConditionReason defines the set of reasons that explain why a particular FrontendTLSPolicy condition type is raised.

Value	Description
"Accepted"	FrontendTLSPolicyReasonAccepted is used to set the FrontendTLSPolicyConditionReason to Accepted When the given FrontendTLSPolicy is correctly configured
"InvalidFrontendTLSPolicy"	FrontendTLSPolicyReasonInvalid is the reason when the FrontendTLSPolicy isn’t Accepted
"InvalidGateway"	FrontendTLSPolicyReasonInvalidGateway is used when the gateway is invalid
"InvalidGroup"	FrontendTLSPolicyReasonInvalidGroup is used when the group is invalid
"InvalidKind"	FrontendTLSPolicyReasonInvalidKind is used when the kind/group is invalid
"InvalidName"	FrontendTLSPolicyReasonInvalidName is used when the name is invalid
"InvalidPolicyName"	FrontendTLSPolicyReasonInvalidPolicyName is used when the policy name is invalid
"InvalidPolicyType"	FrontendTLSPolicyReasonInvalidPolicyType is used when the policy type is invalid
"NoTargetReference"	FrontendTLSPolicyReasonNoTargetReference is used when there’s no target reference
"OverrideNotSupported"	FrontendTLSPolicyReasonOverrideNotSupported is used when the override isn’t supported
"RefNotPermitted"	FrontendTLSPolicyReasonRefNotPermitted is used when the ref isn’t permitted
"SectionNamesNotPermitted"	FrontendTLSPolicyReasonSectionNamesNotPermitted is used when the section names aren’t permitted

FrontendTLSPolicyConditionType (string alias)

FrontendTLSPolicyConditionType is a type of condition associated with a FrontendTLSPolicy. This type should be used with the FrontendTLSPolicyStatus.Conditions field.

Value	Description
"Accepted"	FrontendTLSPolicyConditionAccepted is used to set the FrontendTLSPolicyCondition to Accepted
"ResolvedRefs"	FrontendTLSPolicyConditionResolvedRefs is used to set the FrontendTLSPolicyCondition to ResolvedRefs

FrontendTLSPolicyConfig

(Appears on:FrontendTLSPolicySpec)

FrontendTLSPolicyConfig defines the policy specification for the Frontend TLS Policy.

Field	Description
policyType PolicyType	Type is the type of the policy.

FrontendTLSPolicySpec

(Appears on:FrontendTLSPolicy)

FrontendTLSPolicySpec defines the desired state of FrontendTLSPolicy

Field	Description
targetRef CustomTargetRef	TargetRef identifies an API object to apply policy to.
default FrontendTLSPolicyConfig	(Optional) Default defines default policy configuration for the targeted resource.
override FrontendTLSPolicyConfig	(Optional) Override defines policy configuration that should override policy configuration attached below the targeted resource in the hierarchy. Note: Override is currently not supported and will result in a validation error. Support for Override will be added in a future release.

FrontendTLSPolicyStatus

(Appears on:FrontendTLSPolicy)

FrontendTLSPolicyStatus defines the observed state of FrontendTLSPolicy.

Field	Description
conditions []Kubernetes meta/v1.Condition	(Optional) Conditions describe the current conditions of the FrontendTLSPolicy. Implementations should prefer to express FrontendTLSPolicy conditions using the FrontendTLSPolicyConditionType and FrontendTLSPolicyConditionReason constants so that operators and tools can converge on a common vocabulary to describe FrontendTLSPolicy state. Known condition types are: “Accepted”

FrontendTLSPolicyType (string alias)

(Appears on:PolicyType)

FrontendTLSPolicyType is the type of the Frontend TLS Policy.

Value	Description
"predefined"	PredefinedFrontendTLSPolicyType is the type of the predefined Frontend TLS Policy.

FrontendTLSPolicyTypeName (string alias)

(Appears on:PolicyType)

FrontendTLSPolicyTypeName is the name of the Frontend TLS Policy.

Value	Description
"2023-06"	PredefinedPolicy202306 is the name of the predefined Frontend TLS Policy for the policy “2023-06”.
"2023-06-S"	PredefinedPolicy202306Strict is the name of the predefined Frontend TLS Policy for the policy “2023-06-S”. This is a strict version of the policy “2023-06”.

HTTPHeader

(Appears on:HeaderFilter)

HTTPHeader represents an HTTP Header name and value as defined by RFC 7230.

Field	Description
name HTTPHeaderName	Name is the name of the HTTP Header to be matched. Name matching MUST be case insensitive. (See https://tools.ietf.org/html/rfc7230#section-3.2). If multiple entries specify equivalent header names, the first entry with an equivalent name MUST be considered for a match. Subsequent entries with an equivalent header name MUST be ignored. Due to the case-insensitivity of header names, “foo” and “Foo” are considered equivalent.
value string	Value is the value of HTTP Header to be matched.

HTTPHeaderName (string alias)

(Appears on:HTTPHeader)

HTTPHeaderName is the name of an HTTP header.

Valid values include:

• “Authorization”
• “Set-Cookie”

Invalid values include:

• ”:method” - “:” is an invalid character. This means that HTTP/2 pseudo headers aren’t currently supported by this type.
• ”/invalid” - “/ ” is an invalid character

HTTPMatch

(Appears on:HTTPSpecifiers)

HTTPMatch defines the HTTP matchers to use for HealthCheck checks.

Field	Description
body string	(Optional) Body defines the HTTP body matchers to use for HealthCheck checks.
statusCodes []StatusCodes	(Optional) StatusCodes defines the HTTP status code matchers to use for HealthCheck checks.

HTTPPathModifier

(Appears on:Redirect, URLRewriteFilter)

HTTPPathModifier defines configuration for path modifiers.

Field	Description
type HTTPPathModifierType	Type defines the type of path modifier. More types may be added in a future release of the API. Values may be added to this enum, implementations must ensure unknown values won’t cause a crash. Unknown values here must result in the implementation setting the Accepted Condition for the rule to be false
replaceFullPath string	(Optional) ReplaceFullPath specifies the value with which to replace the full path of a request during a rewrite or redirect.
replacePrefixMatch string	(Optional) ReplacePrefixMatch specifies the value with which to replace the prefix match of a request during a rewrite or redirect. For example, a request to “/foo/bar” with a prefix match of “/foo” and a ReplacePrefixMatch of “/xyz” would be modified to “/xyz/bar”. This matches the behavior of the PathPrefix match type. This matches full path elements. A path element refers to the list of labels in the path split by the / separator. When specified, a trailing / is ignored. For example, the paths /abc, /abc/, and /abc/def would all match the prefix /abc, but the path /abcd wouldn’t. ReplacePrefixMatch is only compatible with a PathPrefix HTTPRouteMatch. Using any other HTTPRouteMatch type on the same HTTPRouteRule results in the implementation setting the Accepted Condition for the Route to status: False. Request Path Prefix Match Replace Prefix Modified Path /foo/bar /foo /xyz /xyz/bar /foo/bar /foo /xyz/ /xyz/bar /foo/bar /foo/ /xyz /xyz/bar /foo/bar /foo/ /xyz/ /xyz/bar /foo /foo /xyz /xyz /foo/ /foo /xyz /xyz/ /foo/bar /foo   /bar /foo/ /foo   / /foo /foo   / /foo/ /foo / / /foo /foo / /

HTTPPathModifierType (string alias)

(Appears on:HTTPPathModifier)

HTTPPathModifierType defines the type of path redirect or rewrite.

Value	Description
"ReplaceFullPath"	FullPathHTTPPathModifier replaces the full path with the specified value.
"ReplacePrefixMatch"	PrefixMatchHTTPPathModifier replaces any prefix path with the substitution value. For example, a path with a prefix match of “/foo” and a ReplacePrefixMatch substitution of “/bar” replace “/foo” with “/bar” in matching requests. This matches the behavior of the PathPrefix match type. This matches full path elements. A path element refers to the list of labels in the path split by the / separator. When specified, a trailing / is ignored. For example, the paths /abc, /abc/, and /abc/def would all match the prefix /abc, but the path /abcd wouldn’t.

HTTPSpecifiers

(Appears on:HealthCheckPolicyConfig)

HTTPSpecifiers defines the schema for HTTP HealthCheck check specification

Field	Description
host string	(Optional) Host is the host header value to use for HealthCheck checks.
path string	(Optional) Path is the path to use for HealthCheck checks.
match HTTPMatch	(Optional) Match defines the HTTP matchers to use for HealthCheck checks.

HeaderFilter

(Appears on:IngressRewrites)

HeaderFilter defines a filter that modifies the headers of an HTTP request or response. Only one action for a given header name is permitted. Filters specifying multiple actions of the same or different type for any one header name are invalid and will be rejected. Configuration to set or add multiple values for a header must use RFC 7230 header value formatting, separating each value with a comma.

Field	Description
set []HTTPHeader	(Optional) Set overwrites the request with the given header (name, value) before the action. Input: GET /foo HTTP/1.1 my-header: foo Config: set: - name: “my-header” value: “bar” Output: GET /foo HTTP/1.1 my-header: bar
add []HTTPHeader	(Optional) Add adds the given header(s) (name, value) to the request before the action. It appends to any existing values associated with the header name. Input: GET /foo HTTP/1.1 my-header: foo Config: add: - name: “my-header” value: “bar,baz” Output: GET /foo HTTP/1.1 my-header: foo,bar,baz
remove []string	(Optional) Remove the given header(s) from the HTTP request before the action. The value of Remove is a list of HTTP header names. Header names are case-insensitive (see https://datatracker.ietf.org/doc/html/rfc2616#section-4.2). Input: GET /foo HTTP/1.1 my-header1: foo my-header2: bar my-header3: baz Config: remove: [“my-header1”, “my-header3”] Output: GET /foo HTTP/1.1 my-header2: bar

HeaderName (string alias)

HeaderName is the name of a header or query parameter.

HealthCheckPolicy

HealthCheckPolicy is the schema for the HealthCheckPolicy API

Field	Description
metadata Kubernetes meta/v1.ObjectMeta	(Optional) Object’s metadata. Refer to the Kubernetes API documentation for the fields of the metadata field.
spec HealthCheckPolicySpec	Spec is the HealthCheckPolicy specification. targetRef CustomTargetRef TargetRef identifies an API object to apply policy to. override HealthCheckPolicyConfig (Optional) Override defines policy configuration that should override policy configuration attached below the targeted resource in the hierarchy. Note: Override is currently not supported and will result in a validation error. Support for Override will be added in a future release. default HealthCheckPolicyConfig (Optional) Default defines default policy configuration for the targeted resource.
status HealthCheckPolicyStatus	Status defines the current state of HealthCheckPolicy.

HealthCheckPolicyConditionReason (string alias)

HealthCheckPolicyConditionReason defines the set of reasons that explain why a particular HealthCheckPolicy condition type is raised.

Value	Description
"Accepted"	HealthCheckPolicyReasonAccepted is used to set the HealthCheckPolicyConditionReason to Accepted When the given HealthCheckPolicy is correctly configured
"InvalidHealthCheckPolicy"	HealthCheckPolicyReasonInvalid is the reason when the HealthCheckPolicy isn’t Accepted
"InvalidGroup"	HealthCheckPolicyReasonInvalidGroup is used when the group is invalid
"InvalidKind"	HealthCheckPolicyReasonInvalidKind is used when the kind/group is invalid
"InvalidName"	HealthCheckPolicyReasonInvalidName is used when the name is invalid
"InvalidPort"	HealthCheckPolicyReasonInvalidPort is used when the port is invalid
"InvalidService"	HealthCheckPolicyReasonInvalidService is used when the Service is invalid
"NoTargetReference"	HealthCheckPolicyReasonNoTargetReference is used when there’s no target reference
"OverrideNotSupported"	HealthCheckPolicyReasonOverrideNotSupported is used when the override isn’t supported
"RefNotPermitted"	HealthCheckPolicyReasonRefNotPermitted is used when the ref isn’t permitted
"SectionNamesNotPermitted"	HealthCheckPolicyReasonSectionNamesNotPermitted is used when the section names aren’t permitted

HealthCheckPolicyConditionType (string alias)

HealthCheckPolicyConditionType is a type of condition associated with a HealthCheckPolicy. This type should be used with the HealthCheckPolicyStatus.Conditions field.

Value	Description
"Accepted"	HealthCheckPolicyConditionAccepted is used to set the HealthCheckPolicyConditionType to Accepted
"ResolvedRefs"	HealthCheckPolicyConditionResolvedRefs is used to set the HealthCheckPolicyCondition to ResolvedRefs

HealthCheckPolicyConfig

(Appears on:HealthCheckPolicySpec)

HealthCheckPolicyConfig defines the schema for HealthCheck check specification

Field	Description
interval Kubernetes meta/v1.Duration	(Optional) Interval is the number of seconds between HealthCheck checks.
timeout Kubernetes meta/v1.Duration	(Optional) Timeout is the number of seconds after which the HealthCheck check is considered failed.
unhealthyThreshold int32	(Optional) UnhealthyThreshold is the number of consecutive failed HealthCheck checks
healthyThreshold int32	(Optional) HealthyThreshold is the number of consecutive successful HealthCheck checks
http HTTPSpecifiers	(Optional) HTTP defines the HTTP constraint specification for the HealthCheck of a target resource.

HealthCheckPolicySpec

(Appears on:HealthCheckPolicy)

HealthCheckPolicySpec defines the desired state of HealthCheckPolicy

Field	Description
targetRef CustomTargetRef	TargetRef identifies an API object to apply policy to.
override HealthCheckPolicyConfig	(Optional) Override defines policy configuration that should override policy configuration attached below the targeted resource in the hierarchy. Note: Override is currently not supported and will result in a validation error. Support for Override will be added in a future release.
default HealthCheckPolicyConfig	(Optional) Default defines default policy configuration for the targeted resource.

HealthCheckPolicyStatus

(Appears on:HealthCheckPolicy)

HealthCheckPolicyStatus defines the observed state of HealthCheckPolicy.

Field	Description
conditions []Kubernetes meta/v1.Condition	(Optional) Conditions describe the current conditions of the HealthCheckPolicy. Implementations should prefer to express HealthCheckPolicy conditions using the HealthCheckPolicyConditionType and HealthCheckPolicyConditionReason constants so that operators and tools can converge on a common vocabulary to describe HealthCheckPolicy state. Known condition types are: “Accepted”

IngressBackendPort

(Appears on:IngressBackendSettings)

IngressBackendPort describes a port on a backend. Only one of Name/Number should be defined.

Field	Description
port int32	(Optional) Port indicates the port on the backend service
name string	(Optional) Name must refer to a name on a port on the backend service
protocol Protocol	Protocol should be one of “HTTP”, “HTTPS”

IngressBackendSettingStatus

(Appears on:IngressExtensionStatus)

IngressBackendSettingStatus describes the state of a BackendSetting

Field	Description
service string	Service identifies the BackendSetting this status describes
validationErrors []string	(Optional) Errors are a list of errors relating to this setting
valid bool	Valid indicates that there are no validation errors present on this BackendSetting

IngressBackendSettings

(Appears on:IngressExtensionSpec)

IngressBackendSettings provides extended configuration options for a backend service

Field	Description
service string	Service is the name of a backend service that this configuration applies to
ports []IngressBackendPort	(Optional) Ports can be used to indicate if the backend service is listening on HTTP or HTTPS
trustedRootCertificate string	(Optional) TrustedRootCertificate can be used to supply a certificate for the gateway to trust when communicating to the backend on a port specified as https
sessionAffinity SessionAffinity	(Optional) SessionAffinity allows client requests to be consistently given to the same backend
timeouts IngressTimeouts	(Optional) Timeouts define a set of timeout parameters to be applied to an Ingress

IngressExtension

IngressExtension is the schema for the IngressExtension API

Field	Description
metadata Kubernetes meta/v1.ObjectMeta	(Optional) Object’s metadata. Refer to the Kubernetes API documentation for the fields of the metadata field.
spec IngressExtensionSpec	Spec is the IngressExtension specification. rules []IngressRuleSetting (Optional) Rules define the rules per host backendSettings []IngressBackendSettings (Optional) BackendSettings defines a set of configuration options for Ingress service backends
status IngressExtensionStatus

IngressExtensionConditionReason (string alias)

IngressExtensionConditionReason defines the set of reasons that explain why a particular IngressExtension condition type is raised.

Value	Description
"Accepted"	IngressExtensionReasonAccepted is used to set the IngressExtensionConditionAccepted to Accepted
"HasValidationErrors"	IngressExtensionReasonHasErrors indicates there are some validation errors
"NoValidationErrors"	IngressExtensionReasonNoErrors indicates there are no validation errors
"PartiallyAcceptedWithErrors"	IngressExtensionReasonPartiallyAccepted is used to set the IngressExtensionConditionAccepted to Accepted, but with nonfatal validation errors

IngressExtensionConditionType (string alias)

IngressExtensionConditionType is a type of condition associated with a IngressExtension. This type should be used with the IngressExtensionStatus.Conditions field.

Value	Description
"Accepted"	IngressExtensionConditionAccepted indicates if the IngressExtension is accepted (reconciled) by the controller
"Errors"	IngressExtensionConditionErrors indicates if there are validation or build errors on the extension

IngressExtensionSpec

(Appears on:IngressExtension)

IngressExtensionSpec defines the desired configuration of IngressExtension

Field	Description
rules []IngressRuleSetting	(Optional) Rules define the rules per host
backendSettings []IngressBackendSettings	(Optional) BackendSettings defines a set of configuration options for Ingress service backends

IngressExtensionStatus

(Appears on:IngressExtension)

IngressExtensionStatus describes the current state of the IngressExtension

Field	Description
rules []IngressRuleStatus	(Optional) Rules have detailed status information regarding each Rule
backendSettings []IngressBackendSettingStatus	(Optional) BackendSettings has detailed status information regarding each BackendSettings
conditions []Kubernetes meta/v1.Condition	(Optional) Conditions describe the current conditions of the IngressExtension. Known condition types are: “Accepted” “Errors”

IngressRewrites

(Appears on:IngressRuleSetting)

IngressRewrites provides the various rewrites supported on a rule

Field	Description
type RewriteType	Type identifies the type of rewrite
requestHeaderModifier HeaderFilter	(Optional) RequestHeaderModifier defines a schema that modifies request headers.
responseHeaderModifier HeaderFilter	(Optional) RequestHeaderModifier defines a schema that modifies response headers.
urlRewrite URLRewriteFilter	(Optional) URLRewrite defines a schema that modifies a request during forwarding.

IngressRuleSetting

(Appears on:IngressExtensionSpec)

IngressRuleSetting provides configuration options for rules

Field	Description
host string	Host is used to match against Ingress rules with the same hostname in order to identify which rules affect these settings
additionalHostnames []string	(Optional) AdditionalHostnames specifies more hostnames to listen on
rewrites []IngressRewrites	(Optional) Rewrites defines the rewrites for the rule
requestRedirect Redirect	(Optional) RequestRedirect defines the redirect behavior for the rule

IngressRuleStatus

(Appears on:IngressExtensionStatus)

IngressRuleStatus describes the state of a rule

Field	Description
host string	Host identifies the rule this status describes
validationErrors []string	(Optional) Errors are a list of errors relating to this setting
valid bool	(Optional) Valid indicates that there are no validation errors present on this rule

IngressTimeouts

(Appears on:IngressBackendSettings)

IngressTimeouts can be used to configure timeout properties for an Ingress

Field	Description
requestTimeout Kubernetes meta/v1.Duration	(Optional) RequestTimeout defines the timeout used by the load balancer when forwarding requests to a backend service

PolicyType

(Appears on:FrontendTLSPolicyConfig)

PolicyType is the type of the policy.

Field	Description
name FrontendTLSPolicyTypeName	Name is the name of the policy.
type FrontendTLSPolicyType	PredefinedFrontendTLSPolicyType is the type of the predefined Frontend TLS Policy.

PortNumber (int32 alias)

(Appears on:Redirect)

PortNumber defines a network port.

PreciseHostname (string alias)

(Appears on:Redirect, URLRewriteFilter)

PreciseHostname is the fully qualified domain name of a network host. This matches the RFC 1123 definition of a hostname with one notable exception that numeric IP addresses aren’t allowed.

Per RFC1035 and RFC1123, a label must consist of lower case alphanumeric characters or ‘-’, and must start and end with an alphanumeric character. No other punctuation is allowed.

Protocol (string alias)

(Appears on:IngressBackendPort)

Protocol defines the protocol used for certain properties. Valid Protocol values are:

• HTTP
• HTTPS
• TCP

Value	Description
"HTTP"	HTTP implies that the service uses HTTP
"HTTPS"	HTTPS implies that the service uses HTTPS
"TCP"	TCP implies that the service uses plain TCP

Redirect

(Appears on:IngressRuleSetting)

Redirect defines a filter that redirects a request. This MUST NOT be used on the same rule that also has a URLRewriteFilter.

Field	Description
scheme string	(Optional) Scheme is the scheme to be used in the value of the Location header in the response. When empty, the scheme of the request is used.
hostname PreciseHostname	(Optional) Hostname is the hostname to be used in the value of the Location header in the response. When empty, the hostname in the Host header of the request is used.
path HTTPPathModifier	(Optional) Path defines parameters used to modify the path of the incoming request. The modified path is then used to construct the Location header. When empty, the request path is used as-is.
port PortNumber	(Optional) Port is the port to be used in the value of the Location header in the response. If no port is specified, the redirect port MUST be derived using the following rules: If redirect scheme is not-empty, the redirect port MUST be the well-known port associated with the redirect scheme. Specifically “http” to port 80 and “https” to port 443. If the redirect scheme doesn’t have a well-known port, the listener port of the Gateway SHOULD be used. If redirect scheme is empty, the redirect port MUST be the Gateway Listener port. Implementations SHOULD NOT add the port number in the ‘Location’ header in the following cases: A Location header that uses HTTP (whether that is determined via the Listener protocol or the Scheme field) and use port 80. A Location header that uses HTTPS (whether that is determined via the Listener protocol or the Scheme field) and use port 443.
statusCode int	(Optional) StatusCode is the HTTP status code to be used in response. Values may be added to this enum, implementations must ensure that unknown values won’t cause a crash.

RewriteType (string alias)

(Appears on:IngressRewrites)

RewriteType identifies the rewrite type

Value	Description
"RequestHeaderModifier"	RequestHeaderModifier can be used to add or remove an HTTP header from an HTTP request before it’s sent to the upstream target.
"ResponseHeaderModifier"	ResponseHeaderModifier can be used to add or remove an HTTP header from an HTTP response before it’s sent to the client.
"URLRewrite"	URLRewrite can be used to modify a request during forwarding.

RoutePolicy

RoutePolicy is the schema for the RoutePolicy API

Field	Description
metadata Kubernetes meta/v1.ObjectMeta	(Optional) Object’s metadata. Refer to the Kubernetes API documentation for the fields of the metadata field.
spec RoutePolicySpec	Spec is the RoutePolicy specification. targetRef CustomTargetRef TargetRef identifies an API object to apply policy to. override RoutePolicyConfig (Optional) Override defines policy configuration that should override policy configuration attached below the targeted resource in the hierarchy. Note: Override is currently not supported and will result in a validation error. Support for Override will be added in a future release. default RoutePolicyConfig (Optional) Default defines default policy configuration for the targeted resource.
status RoutePolicyStatus	Status defines the current state of RoutePolicy.

RoutePolicyConditionReason (string alias)

RoutePolicyConditionReason defines the set of reasons that explain why a particular RoutePolicy condition type is raised.

Value	Description
"Accepted"	RoutePolicyReasonAccepted is used to set the RoutePolicyConditionReason to Accepted When the given RoutePolicy is correctly configured
"InvalidRoutePolicy"	RoutePolicyReasonInvalid is the reason when the RoutePolicy isn’t Accepted
"InvalidGroup"	RoutePolicyReasonInvalidGroup is used when the group is invalid
"InvalidHTTPRoute"	RoutePolicyReasonInvalidHTTPRoute is used when the HTTPRoute is invalid
"InvalidKind"	RoutePolicyReasonInvalidKind is used when the kind/group is invalid
"InvalidName"	RoutePolicyReasonInvalidName is used when the name is invalid
"NoTargetReference"	RoutePolicyReasonNoTargetReference is used when there’s no target reference
"OverrideNotSupported"	RoutePolicyReasonOverrideNotSupported is used when the override isn’t supported
"RefNotPermitted"	RoutePolicyReasonRefNotPermitted is used when the ref isn’t permitted
"SectionNamesNotPermitted"	RoutePolicyReasonSectionNamesNotPermitted is used when the section names aren’t permitted

RoutePolicyConditionType (string alias)

RoutePolicyConditionType is a type of condition associated with a RoutePolicy. This type should be used with the RoutePolicyStatus.Conditions field.

Value	Description
"Accepted"	RoutePolicyConditionAccepted is used to set the RoutePolicyConditionType to Accepted
"ResolvedRefs"	RoutePolicyConditionResolvedRefs is used to set the RoutePolicyCondition to ResolvedRefs

RoutePolicyConfig

(Appears on:RoutePolicySpec)

RoutePolicyConfig defines the schema for RoutePolicy specification. This allows the specification of the following attributes: * Timeouts * Session Affinity

Field	Description
timeouts RouteTimeouts	(Optional) Custom Timeouts Timeout for the target resource.
sessionAffinity SessionAffinity	SessionAffinity defines the schema for Session Affinity specification

RoutePolicySpec

(Appears on:RoutePolicy)

RoutePolicySpec defines the desired state of RoutePolicy

Field	Description
targetRef CustomTargetRef	TargetRef identifies an API object to apply policy to.
override RoutePolicyConfig	(Optional) Override defines policy configuration that should override policy configuration attached below the targeted resource in the hierarchy. Note: Override is currently not supported and will result in a validation error. Support for Override will be added in a future release.
default RoutePolicyConfig	(Optional) Default defines default policy configuration for the targeted resource.

RoutePolicyStatus

(Appears on:RoutePolicy)

RoutePolicyStatus defines the observed state of RoutePolicy.

Field	Description
conditions []Kubernetes meta/v1.Condition	(Optional) Conditions describe the current conditions of the RoutePolicy. Implementations should prefer to express RoutePolicy conditions using the RoutePolicyConditionType and RoutePolicyConditionReason constants so that operators and tools can converge on a common vocabulary to describe RoutePolicy state. Known condition types are: “Accepted”

RouteTimeouts

(Appears on:RoutePolicyConfig)

RouteTimeouts defines the schema for Timeouts specification

Field	Description
routeTimeout Kubernetes meta/v1.Duration	(Optional) RouteTimeout is the timeout for the route.

SessionAffinity

(Appears on:IngressBackendSettings, RoutePolicyConfig)

SessionAffinity defines the schema for Session Affinity specification

Field	Description
affinityType AffinityType
cookieName string	(Optional)
cookieDuration Kubernetes meta/v1.Duration	(Optional)

StatusCodes

(Appears on:HTTPMatch)

StatusCodes defines the HTTP status code matchers to use for HealthCheck checks.

Field	Description
start int32	(Optional) Start defines the start of the range of status codes to use for HealthCheck checks. This is inclusive.
end int32	(Optional) End defines the end of the range of status codes to use for HealthCheck checks. This is inclusive.

URLRewriteFilter

(Appears on:IngressRewrites)

URLRewriteFilter defines a filter that modifies a request during forwarding. At most one of these filters may be used on a rule. This MUST NOT be used on the same rule having an sslRedirect.

Field	Description
hostname PreciseHostname	(Optional) Hostname is the value to be used to replace the Host header value during forwarding.
path HTTPPathModifier	(Optional) Path defines a path rewrite.