matchable_tcp_gateway.proto
Package: gateway.solo.io
Types:
- MatchableTcpGateway Top-Level Resource
- Matcher
Source File: github.com/solo-io/gloo/projects/gateway/api/v1/matchable_tcp_gateway.proto
MatchableTcpGateway
A MatchableTcpGateway describes a single FilterChain configured with the TcpProxy network filter and a matcher.
A Gateway CR may select one or more MatchableTcpGateways on a single listener. This enables separate teams to own Listener configuration (Gateway CR) and FilterChain configuration (MatchableTcpGateway CR).
"namespacedStatuses": .core.solo.io.NamespacedStatuses
"metadata": .core.solo.io.Metadata
"matcher": .gateway.solo.io.MatchableTcpGateway.Matcher
"tcpGateway": .gateway.solo.io.TcpGateway
Field | Type | Description |
---|---|---|
namespacedStatuses |
.core.solo.io.NamespacedStatuses | NamespacedStatuses indicates the validation status of this resource. NamespacedStatuses is read-only by clients, and set by gateway during validation. |
metadata |
.core.solo.io.Metadata | Metadata contains the object metadata for this resource. |
matcher |
.gateway.solo.io.MatchableTcpGateway.Matcher | Matcher creates a FilterChainMatch and TransportSocket for a FilterChain For each MatchableTcpGateway on a Gateway CR, the matcher must be unique. If there are any identical matchers, the Gateway will be rejected. An empty matcher will produce an empty FilterChainMatch (https://www.envoyproxy.io/docs/envoy/latest/api-v3/config/listener/v3/listener_components.proto#envoy-v3-api-msg-config-listener-v3-filterchainmatch) effectively matching all incoming connections. |
tcpGateway |
.gateway.solo.io.TcpGateway | TcpGateway creates a FilterChain with a TcpProxy. |
Matcher
"sourcePrefixRanges": []solo.io.envoy.config.core.v3.CidrRange
"sslConfig": .gloo.solo.io.SslConfig
"passthroughCipherSuites": []string
Field | Type | Description |
---|---|---|
sourcePrefixRanges |
[]solo.io.envoy.config.core.v3.CidrRange | CidrRange specifies an IP Address and a prefix length to construct the subnet mask for a CIDR range. See https://www.envoyproxy.io/docs/envoy/latest/api-v3/config/core/v3/address.proto#envoy-v3-api-msg-config-core-v3-cidrrange. |
sslConfig |
.gloo.solo.io.SslConfig | Ssl configuration applied to the FilterChain, if using passthrough should not include secrets : - FilterChainMatch: https://www.envoyproxy.io/docs/envoy/latest/api-v3/config/listener/v3/listener_components.proto#config-listener-v3-filterchainmatch) - TransportSocket: https://www.envoyproxy.io/docs/envoy/latest/api-v3/config/core/v3/base.proto#envoy-v3-api-msg-config-core-v3-transportsocket. |
passthroughCipherSuites |
[]string |
Enterprise-only: Passthrough cipher suites is an allow-list of OpenSSL cipher suite names for which TLS passthrough will be enabled. If a client does not support any ciphers that are natively supported by Envoy, but does support one of the ciphers in the passthrough list, then traffic will be routed via TCP Proxy to a destination specified by the TcpGateway, where TLS can then be terminated. |