GatewayParameters
microgateway.airlock.com/v1alpha1
GatewayParameters defines the configuration settings for deploying a Gateway in a Kubernetes, including options for logging, service type, deployment strategy, and resource management. It can be referenced by either a GatewayClass or a Gateway.
Note: More specific GatewayParameters takes precedence, e.g., if a Gateway references GatewayParameters, the parameters from its associated GatewayClass are completely overridden without merging.
---
config:
theme: base
themeVariables:
secondaryColor: '#ffffff'
---
block
columns 7
classDef al_ref_box fill:#F2F2F2,stroke:#555;
classDef al_mgw_box fill:#70991F,stroke:#555;
classDef al_gwapi_box fill:#326CE5,stroke:#555;
classDef al_std_box fill:#808B8F,stroke:#555;
classDef al_self_box fill:#70991F,stroke:#777,stroke-width:5px;
block:RefBy:1
columns 1
Gateway["<a href='../../../gateway-api/gateway/v1'> Gateway </a>"]
GatewayClass["<a href='../../../gateway-api/gateway-class/v1'> GatewayClass </a>"]
space:1
class Gateway,GatewayClass al_gwapi_box
end
class RefBy al_ref_box
space:2
GatewayParameters["<a href='../../../microgateway/gateway-parameters/v1alpha1'> <b>GatewayParameters</b> </a>"]
class GatewayParameters al_self_box
space:2
block:Ref:1
columns 1
CustomResponse["<a href='../../../microgateway/custom-response/v1alpha1'> CustomResponse </a>"]
SessionHandling["<a href='../../../microgateway/session-handling/v1alpha1'> SessionHandling </a>"]
Telemetry["<a href='../../../microgateway/telemetry/v1alpha1'> Telemetry </a>"]
class CustomResponse,SessionHandling,Telemetry al_mgw_box
end
class Ref al_ref_box
RefBy -- "<br><i>references</i>" --> GatewayParameters
GatewayParameters -- "<br><i>references</i>" --> Ref
GatewayParameters
| Field | Description | Type | Required | Default | Allowed Values |
|---|---|---|---|---|---|
| metadata | defines the resource’s metadata | ObjectMeta | yes | ||
| spec | defines the desired Gateway configuration parameters values. | object | yes |
GatewayParameters.spec
| Field | Description | Type | Required | Default | Allowed Values |
|---|---|---|---|---|---|
| defaults | specifies default configurations and policies for the Gateway. | object | no | ||
| experimental | specifies configurations and policies for the Gateway. Note: Experimental contains Gateway API settings which are not graduated yet. Therefore, they are subject to change or might be removed in future releases. |
object | no | ||
| features | specifies which optional features are enabled for the Gateway. | object | no | ||
| kubernetes | defines the configuration for Kubernetes resources provisioned for the Gateway. | object | no | ||
| logging | specifies Envoy system logging settings for the Gateway. | object | no |
GatewayParameters.spec.defaults
| Field | Description | Type | Required | Default | Allowed Values |
|---|---|---|---|---|---|
| contentSecurity | defines the default ContentSecurity configuration for the Gateway. | object | no | unsecured{...} |
secured{}, unsecured{} |
| customResponses | configures response replacement for the Gateway. | object | no | ||
| downstream | defines the downstream configuration for the Gateway. | object | no | ||
| sessionHandlingRef | selects the default SessionHandling configuration for the Gateway. | object | no | ||
| telemetryRef | selects the default Telemetry configuration (logging, metrics, and tracing) for the Gateway. | object | no |
GatewayParameters.spec.defaults.contentSecurity
| Field | Description | Type | Required | Default | Allowed Values |
|---|---|---|---|---|---|
| secured | enables WAF processing in general with the default configuration of filter and mutation rules. This default can be customized on a per-route basis by attaching a ContentSecurityPolicy. |
object | no | {} |
|
| unsecured | disables all WAF functionality and therefore protection for the upstream applications. | object | no | {} |
GatewayParameters.spec.defaults.customResponses
| Field | Description | Type | Required | Default | Allowed Values |
|---|---|---|---|---|---|
| local | defines a list of rules for customizing direct responses originating from the Gateway itself during its processing (i.e., not from the upstream/backend). The rules are processed as follows:
text/html, application/json and text/plain (fallback):
|
object[] | no | ||
| upstream | defines a list of rules for replacing upstream responses with custom responses. The rules are processed as follows:
|
object[] | no |
GatewayParameters.spec.defaults.customResponses.local[]
| Field | Description | Type | Required | Default | Allowed Values |
|---|---|---|---|---|---|
| customResponseRef | selects the custom response to send. | object | yes | ||
| statusCodeCondition | specifies a condition which the status code of the original local response must satisfy in order for this custom response to be sent. | object | yes |
GatewayParameters.spec.defaults.customResponses.local[].customResponseRef
| Field | Description | Type | Required | Default | Allowed Values |
|---|---|---|---|---|---|
| name | of the CustomResponse resource | string | yes |
GatewayParameters.spec.defaults.customResponses.local[].statusCodeCondition
| Field | Description | Type | Required | Default | Allowed Values |
|---|---|---|---|---|---|
| matcher | matches one or more status codes. | object | yes | exact{}, range{} |
GatewayParameters.spec.defaults.customResponses.local[].statusCodeCondition.matcher
| Field | Description | Type | Required | Default | Allowed Values |
|---|---|---|---|---|---|
| exact | matches a specific status code. | int32 | no | [100, 599] |
|
| range | matches an inclusive range of status codes. | object | no |
GatewayParameters.spec.defaults.customResponses.local[].statusCodeCondition.matcher.range
| Field | Description | Type | Required | Default | Allowed Values |
|---|---|---|---|---|---|
| end | of the range (inclusive). | int32 | yes | [100, 599] |
|
| start | of the range (inclusive). | int32 | yes | [100, 599] |
GatewayParameters.spec.defaults.customResponses.upstream[]
| Field | Description | Type | Required | Default | Allowed Values |
|---|---|---|---|---|---|
| customResponseRef | selects the custom response to send. | object | yes | ||
| responseConditions | specifies conditions which the upstream response must all satisfy in order for this custom response to be sent. | object | yes |
GatewayParameters.spec.defaults.customResponses.upstream[].customResponseRef
| Field | Description | Type | Required | Default | Allowed Values |
|---|---|---|---|---|---|
| name | of the CustomResponse resource | string | yes |
GatewayParameters.spec.defaults.customResponses.upstream[].responseConditions
| Field | Description | Type | Required | Default | Allowed Values |
|---|---|---|---|---|---|
| statusCode | specifies a condition on the original upstream response’s status code. | object | yes |
GatewayParameters.spec.defaults.customResponses.upstream[].responseConditions.statusCode
| Field | Description | Type | Required | Default | Allowed Values |
|---|---|---|---|---|---|
| matcher | matches one or more status codes. | object | yes | exact{}, range{} |
GatewayParameters.spec.defaults.customResponses.upstream[].responseConditions.statusCode.matcher
| Field | Description | Type | Required | Default | Allowed Values |
|---|---|---|---|---|---|
| exact | matches a specific status code. | int32 | no | [100, 599] |
|
| range | matches an inclusive range of status codes. | object | no |
GatewayParameters.spec.defaults.customResponses.upstream[].responseConditions.statusCode.matcher.range
| Field | Description | Type | Required | Default | Allowed Values |
|---|---|---|---|---|---|
| end | of the range (inclusive). | int32 | yes | [100, 599] |
|
| start | of the range (inclusive). | int32 | yes | [100, 599] |
GatewayParameters.spec.defaults.downstream
| Field | Description | Type | Required | Default | Allowed Values |
|---|---|---|---|---|---|
| remoteIP | defines how the remote IP of a client is propagated. Default: connectionIP: {…} |
object | no | connectionIP{...} |
connectionIP{}, customHeader{}, proxyProtocol{}, xff{} |
GatewayParameters.spec.defaults.downstream.remoteIP
| Field | Description | Type | Required | Default | Allowed Values |
|---|---|---|---|---|---|
| connectionIP | configures to use the source IP address of the direct downstream connection. | object | no | {} |
|
| customHeader | specifies to use a custom header for remote IP extraction. | object | no | ||
| proxyProtocol | configures to use the proxy protocol connection header for IP extraction. The proxy protocol adds a header to TCP connections to preserve the client’s IP address. For more details, refer to the protocol specification. Note: When this field is set, all incoming connections must use the proxy protocol, otherwise, the connection will be closed. |
object | no | ||
| xff | configures to use the standard ‘X-Forwarded-For’ header for IP extraction. | object | no | numTrustedHops{...} |
numTrustedHops{}, trustedCIDRRanges{} |
GatewayParameters.spec.defaults.downstream.remoteIP.customHeader
| Field | Description | Type | Required | Default | Allowed Values |
|---|---|---|---|---|---|
| headerName | specifies the name of the custom header containing the remote IP. | string | yes | ||
| required | specifies if the custom header is required. If true and not available the request will be rejected with 403. | bool | no | true |
true, false |
GatewayParameters.spec.defaults.downstream.remoteIP.proxyProtocol
| Field | Description | Type | Required | Default | Allowed Values |
|---|---|---|---|---|---|
| version | specifies the version of the proxy protocol. If unspecified, all versions are accepted. | enum | no | V1, V2 |
GatewayParameters.spec.defaults.downstream.remoteIP.xff
| Field | Description | Type | Required | Default | Allowed Values |
|---|---|---|---|---|---|
| numTrustedHops | specifies to extract the client’s originating IP from the nth rightmost entry in the X-Forwarded-For header. With the default value of 1, the IP is extracted from the rightmost entry. Only one of numTrustedHops and trustedCIDRRanges can be set. Default: 1 |
int32 | no | 1 |
[1, 2147483647] |
| trustedCIDRRanges | specifies the IPv4 or IPv6 CIDR ranges, e.g. 196.148.3.128/26 or 2001:db8::/28 to trust when evaluating the remote IP address to determine the original client’s IP address. When the remote IP address matches a trusted CIDR and the X-Forwarded-For header was sent, each entry in the X-Forwarded-For header is evaluated from right to left and the first non-trusted address is used as the original client address. If all addresses in X-Forwarded-For are within the trusted list, the first (leftmost) entry is used. Only one of numTrustedHops and trustedCIDRRanges can be set. |
string[] | no |
GatewayParameters.spec.defaults.sessionHandlingRef
| Field | Description | Type | Required | Default | Allowed Values |
|---|---|---|---|---|---|
| name | of the SessionHandling resource | string | yes |
GatewayParameters.spec.defaults.telemetryRef
| Field | Description | Type | Required | Default | Allowed Values |
|---|---|---|---|---|---|
| name | of the Telemetry resource | string | yes |
GatewayParameters.spec.experimental
| Field | Description | Type | Required | Default | Allowed Values |
|---|---|---|---|---|---|
| tls | specifies frontend and backend tls configuration for the entire Gateway. Note: If .spec.tls.frontend is specified in the Gateway resource, the frontend configuration here in GatewayParameters will be ignored. Note: If .spec.tls.backend is specified in the Gateway resource, the backend configuration here in GatewayParameters will be ignored. |
object | no |
GatewayParameters.spec.experimental.tls
| Field | Description | Type | Required | Default | Allowed Values |
|---|---|---|---|---|---|
| backend | describes the TLS configuration for the Gateway when connecting to backends. Note: This contains only details for the Gateway as a TLS client and does not imply behavior about how to choose which backend should get a TLS connection. That is determined by the presence of a BackendTLSPolicy. More info: https://gateway-api.sigs.k8s.io/reference/api-types/policy/backendtlspolicy/ Note: If .spec.tls.backend is specified in the Gateway resource, this field will be ignored. |
object | no | ||
| frontend | describes the TLS configuration when a client connects to the Gateway. Note: If .spec.tls.frontend is specified in the Gateway resource, this field will be ignored. |
object | no |
GatewayParameters.spec.experimental.tls.backend
| Field | Description | Type | Required | Default | Allowed Values |
|---|---|---|---|---|---|
| clientCertificateRef | is a reference to an object that contains a Client Certificate under the key ’tls.crt’ and the associated private key ’tls.key’. It can reference to the standard Kubernetes Secret resource of type ‘kubernetes.io/tls’. |
object | no |
GatewayParameters.spec.experimental.tls.backend.clientCertificateRef
| Field | Description | Type | Required | Default | Allowed Values |
|---|---|---|---|---|---|
| group | is the group of the referent. For example, “gateway.networking.k8s.io”. When unspecified or empty string, core API group is inferred. |
string | no | "" |
|
| kind | is kind of the referent. For example “Secret”. | string | no | Secret |
|
| name | is the name of the referent. | string | yes | ||
| namespace | is the namespace of the referenced object. When unspecified, the local namespace is inferred. Note that when a namespace different than the local namespace is specified, a ReferenceGrant object is required in the referent namespace to allow that namespace’s owner to accept the reference. See the ReferenceGrant documentation for details. |
string | no |
GatewayParameters.spec.experimental.tls.frontend
| Field | Description | Type | Required | Default | Allowed Values |
|---|---|---|---|---|---|
| default | specifies the default client certificate validation configuration for all Listeners handling HTTPS traffic, unless a per-port configuration is defined. | object | yes | ||
| perPort | specifies the TLS configuration assigned per port. Once set, this configuration overrides the default configuration for all Listeners handling HTTPS traffic that match this port. Each override port requires a unique TLS configuration. |
object[] | no |
GatewayParameters.spec.experimental.tls.frontend.default
| Field | Description | Type | Required | Default | Allowed Values |
|---|---|---|---|---|---|
| validation | holds configuration information for validating the frontend (client). Setting this field will result in mutual authentication when connecting to the Gateway. In browsers this may result in a dialog appearing that requests a user to specify the client certificate. |
object | no |
GatewayParameters.spec.experimental.tls.frontend.default.validation
| Field | Description | Type | Required | Default | Allowed Values |
|---|---|---|---|---|---|
| caCertificateRefs | contains one or more references to Kubernetes objects (ConfigMap or Secret) that contain TLS certificates of the Certificate Authorities (CA) that can be used as a trust anchor to validate the certificates presented by the client. The CA certificate must be in a key named ‘ca.crt’. References to a resource in a different namespace are invalid UNLESS there is a ReferenceGrant in the target namespace that allows the certificate to be attached. |
object[] | yes | ||
| mode | defines the mode for validating the client certificate. There are two possible modes:
|
enum | no | AllowValidOnly |
AllowInsecureFallback, AllowValidOnly |
GatewayParameters.spec.experimental.tls.frontend.default.validation.caCertificateRefs[]
| Field | Description | Type | Required | Default | Allowed Values |
|---|---|---|---|---|---|
| group | is the group of the referent. For example, “gateway.networking.k8s.io”. When set to the empty string, core API group is inferred. |
string | yes | ||
| kind | is kind of the referent. For example “ConfigMap” or “Service”. | string | yes | ||
| name | is the name of the referent. | string | yes | ||
| namespace | is the namespace of the referenced object. When unspecified, the local namespace is inferred. Note that when a namespace different than the local namespace is specified, a ReferenceGrant object is required in the referent namespace to allow that namespace’s owner to accept the reference. See the ReferenceGrant documentation for details. |
string | no |
GatewayParameters.spec.experimental.tls.frontend.perPort[]
| Field | Description | Type | Required | Default | Allowed Values |
|---|---|---|---|---|---|
| port | indicates the Port Number to which the TLS configuration will be applied. This configuration will be applied to all Listeners handling HTTPS traffic that match this port. |
int64 | yes | [1, 65535] |
|
| tls | stores the configuration that will be applied to all Listeners handling HTTPS traffic and matching the given port. | object | yes |
GatewayParameters.spec.experimental.tls.frontend.perPort[].tls
| Field | Description | Type | Required | Default | Allowed Values |
|---|---|---|---|---|---|
| validation | holds configuration information for validating the frontend (client). Setting this field will result in mutual authentication when connecting to the Gateway. In browsers this may result in a dialog appearing that requests a user to specify the client certificate. |
object | no |
GatewayParameters.spec.experimental.tls.frontend.perPort[].tls.validation
| Field | Description | Type | Required | Default | Allowed Values |
|---|---|---|---|---|---|
| caCertificateRefs | contains one or more references to Kubernetes objects (ConfigMap or Secret) that contain TLS certificates of the Certificate Authorities (CA) that can be used as a trust anchor to validate the certificates presented by the client. The CA certificate must be in a key named ‘ca.crt’. References to a resource in a different namespace are invalid UNLESS there is a ReferenceGrant in the target namespace that allows the certificate to be attached. |
object[] | yes | ||
| mode | defines the mode for validating the client certificate. There are two possible modes:
|
enum | no | AllowValidOnly |
AllowInsecureFallback, AllowValidOnly |
GatewayParameters.spec.experimental.tls.frontend.perPort[].tls.validation.caCertificateRefs[]
| Field | Description | Type | Required | Default | Allowed Values |
|---|---|---|---|---|---|
| group | is the group of the referent. For example, “gateway.networking.k8s.io”. When set to the empty string, core API group is inferred. |
string | yes | ||
| kind | is kind of the referent. For example “ConfigMap” or “Service”. | string | yes | ||
| name | is the name of the referent. | string | yes | ||
| namespace | is the namespace of the referenced object. When unspecified, the local namespace is inferred. Note that when a namespace different than the local namespace is specified, a ReferenceGrant object is required in the referent namespace to allow that namespace’s owner to accept the reference. See the ReferenceGrant documentation for details. |
string | no |
GatewayParameters.spec.features
| Field | Description | Type | Required | Default | Allowed Values |
|---|---|---|---|---|---|
| envoyExtensionPolicyEnabled | specifies whether the controller processes EnvoyExtensionPolicy resources for HTTPRoutes attached to the Gateway. Use EnvoyExtensionPolicy only if the features of Airlock Microgateway and Kubernetes Gateway API do not provide this functionality. If you identify missing features or use cases, please report them to help improve our product. Note: Invalid or malformed Envoy configurations may prevent the Gateway’s configuration from being updated. |
bool | no | false |
true, false |
| externalNameServicesAllowed | specifies whether the controller allows Kubernetes Services of type ExternalName to be used as backend references. This setting is disabled by default due to security concerns (CVE-2021-25740). Allowing ExternalName services may enable workloads to send traffic to destinations they would not otherwise have access to, potentially enabling confused deputy attacks (CVE-2021-25740) and weakening namespace isolation. Because ExternalName services can reference arbitrary CNAME DNS records, they may also redirect traffic to unintended external targets. Enable this option with caution. To mitigate risks, ensure TLS validation is enforced for all backends, use trusted DNS resolvers, apply appropriate NetworkPolicies, and separate Gateways serving internal and external traffic. |
bool | no | false |
true, false |
| httpRouteRegexPathMatchEnabled | specifies whether HTTPRoutes are accepted when using path matching of type RegularExpression. Google’s RE2 regex engine is used. Path matching precedence order (from highest to lowest priority):
If multiple applicable HTTPRoutes exist, the precedence is determined by the following criteria, in order:
|
bool | no | false |
true, false |
| insecureTLSAllowed | specifies whether the Gateway accepts BackendTLSPolicies that disable certificate validation. Allowing insecure TLS may expose the Gateway to man-in-the-middle attacks and other vulnerabilities. THIS IS INSECURE AND SHOULD ONLY BE USED FOR TESTING. |
bool | no | false |
true, false |
| unrestrictedEnvoyAdminInterface | specifies whether the Gateway exposes all paths of the Envoy admin interface. By default, access is restricted to a minimal set of read-only endpoints. The admin interface can expose sensitive configuration and operational endpoints (e.g., modifying runtime settings, draining listeners, or retrieving secrets), which may be abused if reachable from untrusted networks. Enable this option with caution and only for testing or debugging purposes. |
bool | no | false |
true, false |
GatewayParameters.spec.kubernetes
| Field | Description | Type | Required | Default | Allowed Values |
|---|---|---|---|---|---|
| deployment | configures the Kubernetes Deployment provisioned for the Gateway. | object | no | ||
| service | configures the Kubernetes Service provisioned for the Gateway. | object | no |
GatewayParameters.spec.kubernetes.deployment
| Field | Description | Type | Required | Default | Allowed Values |
|---|---|---|---|---|---|
| automountServiceAccountToken | configures whether a service account token should be automatically mounted. Set this to true only if a sidecar that requires a service account token (e.g., OpenShift ServiceMesh) is injected to the Gateway Deployment. |
bool | no | false |
true, false |
| engineContainer | configures the container running the Airlock Microgateway Engine. | object | no | ||
| imagePullSecrets | configures the list of references to secrets in the same namespace, which will be used in the Gateway deployment for pulling any of the images. More info: https://kubernetes.io/docs/concepts/containers/images#specifying-imagepullsecrets-on-a-pod |
LocalObjectReference[] | no | ||
| placement | configures scheduling of the Airlock Microgateway Engine pod. | object | no | ||
| replicas | sets the number of Gateway Deployment replicas. If undefined, the number of replicas either defaults to 1 and is managed by the Kubernetes control plane, or is managed by a HorizontalPodAutoscaler (HPA) targeting the Gateway deployment. |
int32 | no | [1, 2147483647] |
|
| strategy | configures the deployment strategy which is used to replace existing Airlock Microgateway Engine pods with new ones. If undefined, default settings (RollingUpdate) are applied. |
DeploymentStrategy | no | ||
| volumes | specify the list of Kubernetes Volumes that can be mounted by EngineContainer belonging to the Gateway deployment. | Volume[] | no |
GatewayParameters.spec.kubernetes.deployment.engineContainer
| Field | Description | Type | Required | Default | Allowed Values |
|---|---|---|---|---|---|
| resources | specifies the compute resources required for this container. If undefined, default resource settings are applied: {"requests":{"cpu":"100m","memory":"256Mi"}}. Setting this field overrides the defaults entirely, values are not merged. See https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ for details. |
ResourceRequirements | no | ||
| securityContext | specifies the security configuration that will be applied to the EngineContainer. | object | no | ||
| volumeMounts | specifies the list of volumes to mount into the EngineContainer’s filesystem. | Volume[] | no |
GatewayParameters.spec.kubernetes.deployment.engineContainer.securityContext
| Field | Description | Type | Required | Default | Allowed Values |
|---|---|---|---|---|---|
| capabilities | specifies the set of POSIX capabilities of the EngineContainer. All capabilities are dropped by default. |
object | no |
GatewayParameters.spec.kubernetes.deployment.engineContainer.securityContext.capabilities
| Field | Description | Type | Required | Default | Allowed Values |
|---|---|---|---|---|---|
| add | specifies the POSIX capabilities that should be granted to the EngineContainer. Since all capabilities are dropped first, this list represents the full set of capabilities the container will run with. |
Capabilities[] | no |
GatewayParameters.spec.kubernetes.deployment.placement
| Field | Description | Type | Required | Default | Allowed Values |
|---|---|---|---|---|---|
| affinity | specifies affinity and anti-affinity rules for the Airlock Microgateway Engine pods. | Affinity | no | ||
| nodeSelector | is a selector which must be true for the Airlock Microgateway Engine pods to fit on a node. | map[string]string | no | ||
| tolerations | allows scheduling of Airlock Microgateway Engine pods on tainted nodes. | Toleration[] | no | ||
| topologySpreadConstraints | describes how the Airlock Microgateway Engine pods ought to spread across topology domains (e.g., nodes, zones). If the label selector of the constraints is undefined, the label selector of the deployment will be used instead. |
TopologySpreadConstraint[] | no |
GatewayParameters.spec.kubernetes.service
| Field | Description | Type | Required | Default | Allowed Values |
|---|---|---|---|---|---|
| allocateLoadBalancerNodePorts | defines if NodePorts will be automatically allocated for services with type LoadBalancer. If undefined, the default is true. It may be set to false if the cluster load-balancer does not rely on NodePorts. |
bool | no | true, false |
|
| annotations | specifies additional annotations for the Service, e.g., for configuring cloud LoadBalancers. | map[string]string | no | ||
| externalTrafficPolicy | describes how nodes distribute service traffic they receive on one of the Service’s “externally-facing” addresses (NodePorts, and LoadBalancer IPs). Meaning of the possible values:
Local policy is applied. |
ServiceExternalTrafficPolicy | no | Cluster, Local |
|
| loadBalancerClass | describes which load balancer implementation is responsible for this Service. If undefined, the default load balancer implementation is used (typically provided by the cloud provider). Note: This field is immutable once the service type is LoadBalancer (which it is by default). To set loadBalancerClass, ensure that the GatewayParameters configuring a loadBalancerClass are already referenced by the Gateway during its initial creation. If possible, it is recommended to avoid setting loadBalancerClass and configuring the LoadBalancer over annotations instead. WARNING:
|
string | no | ||
| sessionAffinity | describes how client requests are associated with service endpoints. Meaning of the possible values:
None. |
ServiceAffinity | no | ClientIP, None |
|
| sessionAffinityConfig | contains the configurations of session affinity. | ServiceAffinityConfig | no | ||
| trafficDistribution | offers a way to express preferences for how traffic is distributed to Service endpoints. If undefined, default routing is applied. |
enum | no | PreferClose, PreferSameNode, PreferSameZone |
|
| type | specifies how the Service of the Gateway is exposed. | ServiceType | no | LoadBalancer |
ClusterIP, LoadBalancer, NodePort |
GatewayParameters.spec.logging
| Field | Description | Type | Required | Default | Allowed Values |
|---|---|---|---|---|---|
| level | specifies the logging level for the Envoy system logs of the Airlock Microgateway Engine. | enum | no | info |
off, critical, error, warn, info, debug, trace |