gateway.proto

Package: gateway.solo.io

Types:

Source File: github.com/solo-io/gloo/projects/gateway/api/v1/gateway.proto

Gateway

A Gateway describes a single Listener (bind address:port) and the routing configuration to upstreams that are reachable via a specific port on the Gateway Proxy itself.

"ssl": bool
"bindAddress": string
"bindPort": int
"options": .gloo.solo.io.ListenerOptions
"namespacedStatuses": .core.solo.io.NamespacedStatuses
"metadata": .core.solo.io.Metadata
"useProxyProto": .google.protobuf.BoolValue
"httpGateway": .gateway.solo.io.HttpGateway
"tcpGateway": .gateway.solo.io.TcpGateway
"hybridGateway": .gateway.solo.io.HybridGateway
"proxyNames": []string
"routeOptions": .gloo.solo.io.RouteConfigurationOptions

Field Type Description
ssl bool if set to false, only use virtual services without ssl configured. if set to true, only use virtual services with ssl configured. this field is ignored if GatewayType is HybridGateway.
bindAddress string the bind address the gateway should serve traffic on.
bindPort int bind ports must not conflict across gateways for a single proxy.
options .gloo.solo.io.ListenerOptions top level optional configuration for all routes on the gateway.
namespacedStatuses .core.solo.io.NamespacedStatuses NamespacedStatuses indicates the validation status of this resource. NamespacedStatuses is read-only by clients, and set by gateway during validation.
metadata .core.solo.io.Metadata Metadata contains the object metadata for this resource.
useProxyProto .google.protobuf.BoolValue Enable ProxyProtocol support for this listener. Deprecated: prefer setting the listener option. If configured, the listener option (filter config) overrides any setting here.
httpGateway .gateway.solo.io.HttpGateway Only one of httpGateway, tcpGateway, or hybridGateway can be set.
tcpGateway .gateway.solo.io.TcpGateway Only one of tcpGateway, httpGateway, or hybridGateway can be set.
hybridGateway .gateway.solo.io.HybridGateway Only one of hybridGateway, httpGateway, or tcpGateway can be set.
proxyNames []string Names of the Proxy resources to generate from this gateway. If other gateways exist which point to the same proxy, Gloo will join them together. Proxies have a one-to-many relationship with Envoy bootstrap configuration. In order to connect to Gloo, the Envoy bootstrap configuration sets a role in the node metadata Envoy instances announce their role to Gloo, which maps to the {{ .Namespace }}~{{ .Name }} of the Proxy resource. The template for this value can be seen in the Gloo Helm chart Note: this field also accepts fields written in camel-case. They will be converted to kebab-case in the Proxy name. This allows use of the Gateway Name Helm value for this field Defaults to ["gateway-proxy"].
routeOptions .gloo.solo.io.RouteConfigurationOptions Route configuration options that live under Envoy’s RouteConfigurationOptions.

TcpGateway

"tcpHosts": []gloo.solo.io.TcpHost
"options": .gloo.solo.io.TcpListenerOptions

Field Type Description
tcpHosts []gloo.solo.io.TcpHost TCP hosts that the gateway can route to.
options .gloo.solo.io.TcpListenerOptions TCP Gateway configuration.

HybridGateway

"matchedGateways": []gateway.solo.io.MatchedGateway
"delegatedHttpGateways": .gateway.solo.io.DelegatedHttpGateway
"delegatedTcpGateways": .gateway.solo.io.DelegatedTcpGateway

Field Type Description
matchedGateways []gateway.solo.io.MatchedGateway MatchedGateways can be used to define both HttpGateways and TcpGateways directly on the Gateway resource. If MatchedGateways is provided, then DelegatedHttpGateways and DelegatedTcpGateways are ignored.
delegatedHttpGateways .gateway.solo.io.DelegatedHttpGateway DelegatedHttpGateways can be used to configure multiple HttpGateways using the MatchableHttpGateway CR and select them on this Gateway using a resourceRef or label selection. If MatchedGateways is provided, then DelegatedHttpGateways is ignored.
delegatedTcpGateways .gateway.solo.io.DelegatedTcpGateway DelegatedTcpGateways can be used to configure multiple TcpGateways using the MatchableTcpGateway CR and select them on this Gateway using a resourceRef or label selection. If MatchedGateways is provided, then DelegatedTcpGateways is ignored.

DelegatedHttpGateway

"ref": .core.solo.io.ResourceRef
"selector": .selectors.core.gloo.solo.io.Selector
"preventChildOverrides": bool
"httpConnectionManagerSettings": .hcm.options.gloo.solo.io.HttpConnectionManagerSettings
"sslConfig": .gloo.solo.io.SslConfig

Field Type Description
ref .core.solo.io.ResourceRef Delegate to the resource with the given name and namespace. Only one of reforselector` can be set.
selector .selectors.core.gloo.solo.io.Selector Delegate to the MatchableHttpGateways that match the given selector. Only one of selector or ref can be set.
preventChildOverrides bool Used as a meta modifier to the http_connection_manager_settings and ssl_config fields in a DelegatedHttpGateway. When set, provided ancestor config cannot be overriden by matched HttpGateways. Useful in a multi-team context, where a controlling team managing a primary Gateway file may want to lock down specific functionality from other teams. For example: (DelegatedHttpGateway, MatchableHttpGateway) = {“a”: “a1”, “b”: “b1”}, {“b”: “b2”, “c”: “c2”} When true: get_config(MatchableHttpGateway) –> {“a”: “a1”, “b”: “b1”, “c”: “c2”} When false: get_config(MatchableHttpGateway) –> {“a”: “a1”, “b”: “b2”, “c”: “c2”}.
httpConnectionManagerSettings .hcm.options.gloo.solo.io.HttpConnectionManagerSettings Anscestry-level HTTP Gateway configuration. Options specified here will be passed down to each MatchableHttpGateway that is matched via selector or ref. Ultimately, said options will be consumed by instances of MatchableHttpGateway.http_gateway.
sslConfig .gloo.solo.io.SslConfig Anscestry-level TLS/SSL traffic configuration. Options specified here will be passed down to each MatchableHttpGateway that is matched via selector or ref. From there, they are passed to all VirtualServices associated with said MatchableHttpGateways.

DelegatedTcpGateway

"ref": .core.solo.io.ResourceRef
"selector": .selectors.core.gloo.solo.io.Selector

Field Type Description
ref .core.solo.io.ResourceRef Delegate to the resource with the given name and namespace. Only one of reforselector` can be set.
selector .selectors.core.gloo.solo.io.Selector Delegate to the MatchableTcpGateways that match the given selector. Only one of selector or ref can be set.

MatchedGateway

"matcher": .gateway.solo.io.Matcher
"httpGateway": .gateway.solo.io.HttpGateway
"tcpGateway": .gateway.solo.io.TcpGateway

Field Type Description
matcher .gateway.solo.io.Matcher Matchers are used to define unique matching criteria for each MatchedGateway Each MatchedGateway within a HybridGateway must have a unique Matcher If multiple matchers in a HybridGateway are identical, the HybridGateway will not be accepted Empty Matchers are effectively catch-alls, and there can be no more than one empty Matcher per HybridGateway.
httpGateway .gateway.solo.io.HttpGateway Only one of httpGateway or tcpGateway can be set.
tcpGateway .gateway.solo.io.TcpGateway Only one of tcpGateway or httpGateway can be set.

Matcher

"sslConfig": .gloo.solo.io.SslConfig
"sourcePrefixRanges": []solo.io.envoy.config.core.v3.CidrRange
"passthroughCipherSuites": []string

Field Type Description
sslConfig .gloo.solo.io.SslConfig Gloo use SNI domains as matching criteria for Gateway selection The other ssl_config properties will be applied to the outputFilterChain’s transport socket SslConfig from VirtualServices will be ignored in a MatchedGateway.
sourcePrefixRanges []solo.io.envoy.config.core.v3.CidrRange CidrRange specifies an IP Address and a prefix length to construct the subnet mask for a CIDR range. See https://www.envoyproxy.io/docs/envoy/latest/api-v3/config/core/v3/address.proto#envoy-v3-api-msg-config-core-v3-cidrrange.
passthroughCipherSuites []string Enterprise-only: Passthrough cipher suites is an allow-list of OpenSSL cipher suite names for which TLS passthrough will be enabled. If a client does not support any ciphers that are natively supported by Envoy, but does support one of the ciphers in the passthrough list, then traffic will be routed via TCP Proxy to a destination specified by the TcpGateway, where TLS can then be terminated. This field is only applicable to TcpGateways.