{ "description": "HTTPRouteFilter is a custom Envoy Gateway HTTPRouteFilter which provides extended\ntraffic processing options such as path regex rewrite, direct response and more.", "properties": { "apiVersion": { "description": "APIVersion defines the versioned schema of this representation of an object.\nServers should convert recognized schemas to the latest internal value, and\nmay reject unrecognized values.\nMore info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", "type": "string" }, "kind": { "description": "Kind is a string value representing the REST resource this object represents.\nServers may infer this from the endpoint the client submits requests to.\nCannot be updated.\nIn CamelCase.\nMore info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", "type": "string" }, "metadata": { "type": "object" }, "spec": { "description": "Spec defines the desired state of HTTPRouteFilter.", "properties": { "credentialInjection": { "description": "HTTPCredentialInjectionFilter defines the configuration to inject credentials into the request.\nThis is useful when the backend service requires credentials in the request, and the original\nrequest does not contain them. The filter can inject credentials into the request before forwarding\nit to the backend service.", "properties": { "credential": { "description": "Credential is the credential to be injected.", "properties": { "valueRef": { "description": "ValueRef is a reference to the secret containing the credentials to be injected.\nThis is an Opaque secret. The credential should be stored in the key\n\"credential\", and the value should be the credential to be injected.\nFor example, for basic authentication, the value should be \"Basic \".\nfor bearer token, the value should be \"Bearer \".\nNote: The secret must be in the same namespace as the HTTPRouteFilter.", "properties": { "group": { "default": "", "description": "Group is the group of the referent. For example, \"gateway.networking.k8s.io\".\nWhen unspecified or empty string, core API group is inferred.", "maxLength": 253, "pattern": "^$|^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$", "type": "string" }, "kind": { "default": "Secret", "description": "Kind is kind of the referent. For example \"Secret\".", "maxLength": 63, "minLength": 1, "pattern": "^[a-zA-Z]([-a-zA-Z0-9]*[a-zA-Z0-9])?$", "type": "string" }, "name": { "description": "Name is the name of the referent.", "maxLength": 253, "minLength": 1, "type": "string" }, "namespace": { "description": "Namespace is the namespace of the referenced object. When unspecified, the local\nnamespace is inferred.\n\nNote that when a namespace different than the local namespace is specified,\na ReferenceGrant object is required in the referent namespace to allow that\nnamespace's owner to accept the reference. See the ReferenceGrant\ndocumentation for details.\n\nSupport: Core", "maxLength": 63, "minLength": 1, "pattern": "^[a-z0-9]([-a-z0-9]*[a-z0-9])?$", "type": "string" } }, "required": [ "name" ], "type": "object", "additionalProperties": false } }, "required": [ "valueRef" ], "type": "object", "additionalProperties": false }, "header": { "description": "Header is the name of the header where the credentials are injected.\nIf not specified, the credentials are injected into the Authorization header.", "type": "string" }, "overwrite": { "description": "Whether to overwrite the value or not if the injected headers already exist.\nIf not specified, the default value is false.", "type": "boolean" } }, "required": [ "credential" ], "type": "object", "additionalProperties": false }, "directResponse": { "description": "HTTPDirectResponseFilter defines the configuration to return a fixed response.", "properties": { "body": { "description": "Body of the direct response.", "properties": { "inline": { "description": "Inline contains the value as an inline string.", "type": "string" }, "type": { "allOf": [ { "enum": [ "Inline", "ValueRef" ] }, { "enum": [ "Inline", "ValueRef" ] } ], "default": "Inline", "description": "Type is the type of method to use to read the body value.\nValid values are Inline and ValueRef, default is Inline.", "type": "string" }, "valueRef": { "description": "ValueRef contains the contents of the body\nspecified as a local object reference.\nOnly a reference to ConfigMap is supported.\n\nThe value of key `response.body` in the ConfigMap will be used as the response body.\nIf the key is not found, the first value in the ConfigMap will be used.", "properties": { "group": { "description": "Group is the group of the referent. For example, \"gateway.networking.k8s.io\".\nWhen unspecified or empty string, core API group is inferred.", "maxLength": 253, "pattern": "^$|^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$", "type": "string" }, "kind": { "description": "Kind is kind of the referent. For example \"HTTPRoute\" or \"Service\".", "maxLength": 63, "minLength": 1, "pattern": "^[a-zA-Z]([-a-zA-Z0-9]*[a-zA-Z0-9])?$", "type": "string" }, "name": { "description": "Name is the name of the referent.", "maxLength": 253, "minLength": 1, "type": "string" } }, "required": [ "group", "kind", "name" ], "type": "object", "additionalProperties": false } }, "required": [ "type" ], "type": "object", "x-kubernetes-validations": [ { "message": "inline must be set for type Inline", "rule": "(!has(self.type) || self.type == 'Inline')? has(self.inline) : true" }, { "message": "valueRef must be set for type ValueRef", "rule": "(has(self.type) && self.type == 'ValueRef')? has(self.valueRef) : true" }, { "message": "only ConfigMap is supported for ValueRef", "rule": "has(self.valueRef) ? self.valueRef.kind == 'ConfigMap' : true" } ], "additionalProperties": false }, "contentType": { "description": "Content Type of the direct response. This will be set in the Content-Type header.", "type": "string" }, "header": { "description": "Header defines the headers of the direct response.", "properties": { "add": { "description": "Add adds the given header(s) (name, value) to the request\nbefore the action. It appends to any existing values associated\nwith the header name.\n\nInput:\n GET /foo HTTP/1.1\n my-header: foo\n\nConfig:\n add:\n - name: \"my-header\"\n value: \"bar,baz\"\n\nOutput:\n GET /foo HTTP/1.1\n my-header: foo,bar,baz", "items": { "description": "HTTPHeader represents an HTTP Header name and value as defined by RFC 7230.", "properties": { "name": { "description": "Name is the name of the HTTP Header to be matched. Name matching MUST be\ncase-insensitive. (See https://tools.ietf.org/html/rfc7230#section-3.2).\n\nIf multiple entries specify equivalent header names, the first entry with\nan equivalent name MUST be considered for a match. Subsequent entries\nwith an equivalent header name MUST be ignored. Due to the\ncase-insensitivity of header names, \"foo\" and \"Foo\" are considered\nequivalent.", "maxLength": 256, "minLength": 1, "pattern": "^[A-Za-z0-9!#$%&'*+\\-.^_\\x60|~]+$", "type": "string" }, "value": { "description": "Value is the value of HTTP Header to be matched.", "maxLength": 4096, "minLength": 1, "type": "string" } }, "required": [ "name", "value" ], "type": "object", "additionalProperties": false }, "maxItems": 16, "type": "array", "x-kubernetes-list-map-keys": [ "name" ], "x-kubernetes-list-type": "map" }, "remove": { "description": "Remove the given header(s) from the HTTP request before the action. The\nvalue of Remove is a list of HTTP header names. Note that the header\nnames are case-insensitive (see\nhttps://datatracker.ietf.org/doc/html/rfc2616#section-4.2).\n\nInput:\n GET /foo HTTP/1.1\n my-header1: foo\n my-header2: bar\n my-header3: baz\n\nConfig:\n remove: [\"my-header1\", \"my-header3\"]\n\nOutput:\n GET /foo HTTP/1.1\n my-header2: bar", "items": { "type": "string" }, "maxItems": 16, "type": "array", "x-kubernetes-list-type": "set" }, "set": { "description": "Set overwrites the request with the given header (name, value)\nbefore the action.\n\nInput:\n GET /foo HTTP/1.1\n my-header: foo\n\nConfig:\n set:\n - name: \"my-header\"\n value: \"bar\"\n\nOutput:\n GET /foo HTTP/1.1\n my-header: bar", "items": { "description": "HTTPHeader represents an HTTP Header name and value as defined by RFC 7230.", "properties": { "name": { "description": "Name is the name of the HTTP Header to be matched. Name matching MUST be\ncase-insensitive. (See https://tools.ietf.org/html/rfc7230#section-3.2).\n\nIf multiple entries specify equivalent header names, the first entry with\nan equivalent name MUST be considered for a match. Subsequent entries\nwith an equivalent header name MUST be ignored. Due to the\ncase-insensitivity of header names, \"foo\" and \"Foo\" are considered\nequivalent.", "maxLength": 256, "minLength": 1, "pattern": "^[A-Za-z0-9!#$%&'*+\\-.^_\\x60|~]+$", "type": "string" }, "value": { "description": "Value is the value of HTTP Header to be matched.", "maxLength": 4096, "minLength": 1, "type": "string" } }, "required": [ "name", "value" ], "type": "object", "additionalProperties": false }, "maxItems": 16, "type": "array", "x-kubernetes-list-map-keys": [ "name" ], "x-kubernetes-list-type": "map" } }, "type": "object", "x-kubernetes-validations": [ { "message": "header.remove is not supported for DirectResponse", "rule": "!has(self.remove) || size(self.remove) == 0" } ], "additionalProperties": false }, "statusCode": { "description": "Status Code of the HTTP response\nIf unset, defaults to 200.", "type": "integer" } }, "type": "object", "additionalProperties": false }, "matches": { "description": "Matches defines additional matching criteria for the HTTPRoute rule.\nAs with HTTPRouteRule.Matches, the rule is matched if any one match applies.\nWhen both HTTPRouteRule.Matches and HTTPRouteFilter.Matches are set, the\neffective matching is the logical AND of the two sets.", "items": { "description": "HTTPRouteMatchFilter defines additional matching criteria for the HTTPRoute rule.\nAt least one matcher must be specified.", "minProperties": 1, "properties": { "cookies": { "description": "Cookies is a list of cookie matchers evaluated against the HTTP request.\nAll specified matchers must match.", "items": { "description": "HTTPCookieMatch defines how to match a single cookie.", "properties": { "name": { "description": "Name is the cookie name to evaluate.", "maxLength": 256, "minLength": 1, "type": "string" }, "type": { "default": "Exact", "description": "Type specifies how to match against the value of the cookie.", "enum": [ "Exact", "RegularExpression" ], "type": "string" }, "value": { "description": "Value is the cookie value to be matched.", "maxLength": 4096, "minLength": 1, "type": "string" } }, "required": [ "name", "value" ], "type": "object", "additionalProperties": false }, "maxItems": 16, "minItems": 1, "type": "array" } }, "type": "object", "additionalProperties": false }, "maxItems": 8, "type": "array" }, "urlRewrite": { "description": "HTTPURLRewriteFilter define rewrites of HTTP URL components such as path and host", "properties": { "hostname": { "description": "Hostname is the value to be used to replace the Host header value during\nforwarding.", "properties": { "header": { "description": "Header is the name of the header whose value would be used to rewrite the Host header", "type": "string" }, "type": { "description": "HTTPPathModifierType defines the type of Hostname rewrite.", "enum": [ "Header", "Backend" ], "type": "string" } }, "required": [ "type" ], "type": "object", "x-kubernetes-validations": [ { "message": "header must be nil if the type is not Header", "rule": "!(has(self.header) && self.type != 'Header')" }, { "message": "header must be specified for Header type", "rule": "!(!has(self.header) && self.type == 'Header')" } ], "additionalProperties": false }, "path": { "description": "Path defines a path rewrite.", "properties": { "replaceRegexMatch": { "description": "ReplaceRegexMatch defines a path regex rewrite. The path portions matched by the regex pattern are replaced by the defined substitution.\nhttps://www.envoyproxy.io/docs/envoy/latest/api-v3/config/route/v3/route_components.proto#envoy-v3-api-field-config-route-v3-routeaction-regex-rewrite\nSome examples:\n(1) replaceRegexMatch:\n pattern: ^/service/([^/]+)(/.*)$\n substitution: \\2/instance/\\1\n Would transform /service/foo/v1/api into /v1/api/instance/foo.\n(2) replaceRegexMatch:\n pattern: one\n substitution: two\n Would transform /xxx/one/yyy/one/zzz into /xxx/two/yyy/two/zzz.\n(3) replaceRegexMatch:\n pattern: ^(.*?)one(.*)$\n substitution: \\1two\\2\n Would transform /xxx/one/yyy/one/zzz into /xxx/two/yyy/one/zzz.\n(3) replaceRegexMatch:\n pattern: (?i)/xxx/\n substitution: /yyy/\n Would transform path /aaa/XxX/bbb into /aaa/yyy/bbb (case-insensitive).", "properties": { "pattern": { "description": "Pattern matches a regular expression against the value of the HTTP Path.The regex string must\nadhere to the syntax documented in https://github.com/google/re2/wiki/Syntax.", "minLength": 1, "type": "string" }, "substitution": { "description": "Substitution is an expression that replaces the matched portion.The expression may include numbered\ncapture groups that adhere to syntax documented in https://github.com/google/re2/wiki/Syntax.", "type": "string" } }, "required": [ "pattern", "substitution" ], "type": "object", "additionalProperties": false }, "type": { "description": "HTTPPathModifierType defines the type of path redirect or rewrite.", "enum": [ "ReplaceRegexMatch" ], "type": "string" } }, "required": [ "type" ], "type": "object", "x-kubernetes-validations": [ { "message": "If HTTPPathModifier type is ReplaceRegexMatch, replaceRegexMatch field needs to be set.", "rule": "self.type == 'ReplaceRegexMatch' ? has(self.replaceRegexMatch) : !has(self.replaceRegexMatch)" } ], "additionalProperties": false } }, "type": "object", "additionalProperties": false } }, "type": "object", "additionalProperties": false } }, "required": [ "spec" ], "type": "object" }