EnvoyExtensionPolicy
microgateway.airlock.com/v1alpha1
EnvoyExtensionPolicy is a Direct Attached Policy for the Kubernetes Gateway API.
It allows extending the raw Envoy configuration of the Airlock Microgateway Engine with e.g., custom filters or clusters.
Note: The Gateway of the targeted HTTPRoutes must be configured to allow EnvoyExtensionPolicy in its GatewayParameters or this Policy will have no effect.
apiVersion: microgateway.airlock.com/v1alpha1
kind: EnvoyExtensionPolicy
metadata:
name: envoy-extension-policy-example
spec:
targetRefs:
- group: gateway.networking.k8s.io
kind: HTTPRoute
name: backend
envoyHTTPFilterRefs:
prepend:
- name: geoip-blocker
append:
- name: lua-transform-request
envoyClusterRefs:
- name: geoip-serverapiVersion: microgateway.airlock.com/v1alpha1
kind: EnvoyExtensionPolicy
metadata:
name: defaultEnvoyExtensionPolicy
| Field | Type | Description | Required | Default | Allowed Values |
|---|---|---|---|---|---|
metadata |
ObjectMeta | Refer to Kubernetes API documentation for fields of metadata |
yes | ||
| spec | object | Spec defines the desired state of the EnvoyExtensionPolicy. | yes | ||
status |
PolicyStatus | Status describes the current status of the EnvoyExtensionPolicy. | no |
EnvoyExtensionPolicy.spec
| Field | Type | Description | Required | Default | Allowed Values |
|---|---|---|---|---|---|
| envoyClusterRefs | object[] | EnvoyClusterRefs extends the Airlock Microgateway Engine configuration with additional Envoy clusters. | no | ||
| envoyHTTPFilterRefs | object | EnvoyHTTPFilterRefs extends the Airlock Microgateway Engine configuration with additional Envoy HTTP filters. | no | ||
targetRefs |
PolicyTargetReference[] | TargetRefs are the resources this policy is being attached to. Referenced resources must be in the same namespace as the policy. Support: HTTPRoute. |
yes |
EnvoyExtensionPolicy.spec.envoyClusterRefs[]
| Field | Type | Description | Required | Default | Allowed Values |
|---|---|---|---|---|---|
name |
string | Name of the resource | yes |
EnvoyExtensionPolicy.spec.envoyHTTPFilterRefs
| Field | Type | Description | Required | Default | Allowed Values |
|---|---|---|---|---|---|
| append | object[] | Append specifies EnvoyHTTPFilters to insert after the Airlock filters (i.e., after auth, deny rule filtering, header rewrites, etc.). | no | ||
| prepend | object[] | Prepend specifies EnvoyHTTPFilters to insert before the Airlock filters (i.e., before auth, deny rule filtering, header rewrites, etc.). | no |
EnvoyExtensionPolicy.spec.envoyHTTPFilterRefs.append[]
| Field | Type | Description | Required | Default | Allowed Values |
|---|---|---|---|---|---|
name |
string | Name of the resource | yes |
EnvoyExtensionPolicy.spec.envoyHTTPFilterRefs.prepend[]
| Field | Type | Description | Required | Default | Allowed Values |
|---|---|---|---|---|---|
name |
string | Name of the resource | yes |