EnvoyExtensionPolicy
microgateway.airlock.com/v1alpha1
EnvoyExtensionPolicy is a Direct Attached Policy for the Kubernetes Gateway API.
It allows extending the raw Envoy configuration of the Airlock Microgateway Engine with e.g., custom filters or clusters.
Note: The Gateway of the targeted HTTPRoutes must be configured to allow EnvoyExtensionPolicy in its GatewayParameters or this Policy will have no effect.
apiVersion: microgateway.airlock.com/v1alpha1
kind: EnvoyExtensionPolicy
metadata:
name: envoy-extension-policy-example
spec:
targetRefs:
- group: gateway.networking.k8s.io
kind: HTTPRoute
name: backend
envoyHTTPFilterRefs:
prepend:
- name: envoy-httpfilter-ext-authz
append:
- name: lua-transform-request
envoyClusterRefs:
- name: envoy-cluster-ext-authzEnvoyExtensionPolicy
| Field | Description | Type | Required | Default | Allowed Values |
|---|---|---|---|---|---|
| metadata | defines the resource’s metadata | ObjectMeta | yes | ||
| spec | defines the desired envoy extension configuration. | object | yes | ||
| status | describes the current status of the EnvoyExtensionPolicy. | PolicyStatus | no |
EnvoyExtensionPolicy.spec
| Field | Description | Type | Required | Default | Allowed Values |
|---|---|---|---|---|---|
| envoyClusterRefs | extends the Airlock Microgateway Engine configuration with additional Envoy clusters. | object[] | no | ||
| envoyHTTPFilterRefs | extends the Airlock Microgateway Engine configuration with additional Envoy HTTP filters. | object | no | ||
| targetRefs | are the resources this policy is being attached to. Referenced resources must be in the same namespace as the policy. Support: HTTPRoute. |
LocalPolicyTargetReference[] | yes |
EnvoyExtensionPolicy.spec.envoyClusterRefs[]
| Field | Description | Type | Required | Default | Allowed Values |
|---|---|---|---|---|---|
| name | of the resource | string | yes |
EnvoyExtensionPolicy.spec.envoyHTTPFilterRefs
| Field | Description | Type | Required | Default | Allowed Values |
|---|---|---|---|---|---|
| append | specifies EnvoyHTTPFilters to insert after the Airlock filters (i.e., after auth, deny rule filtering, header rewrites, etc.). | object[] | no | ||
| prepend | specifies EnvoyHTTPFilters to insert before the Airlock filters (i.e., before auth, deny rule filtering, header rewrites, etc.). | object[] | no |
EnvoyExtensionPolicy.spec.envoyHTTPFilterRefs.append[]
| Field | Description | Type | Required | Default | Allowed Values |
|---|---|---|---|---|---|
| name | of the resource | string | yes |
EnvoyExtensionPolicy.spec.envoyHTTPFilterRefs.prepend[]
| Field | Description | Type | Required | Default | Allowed Values |
|---|---|---|---|---|---|
| name | of the resource | string | yes |