VirtualHostOptions

Package: gloo.solo.io

Types:

Source File: github.com/solo-io/gloo/projects/gloo/api/v1/virtual_host_options.proto


VirtualHostOptions

Optional, feature-specific configuration that lives on virtual hosts. Each VirtualHostOptions object contains configuration for a specific feature. Note to developers: new Virtual Host plugins must be added to this struct to be usable by Gloo. (plugins currently need to be compiled into Gloo)

"extensions": .gloo.solo.io.Extensions
"retries": .retries.options.gloo.solo.io.RetryPolicy
"stats": .stats.options.gloo.solo.io.Stats
"headerManipulation": .headers.options.gloo.solo.io.HeaderManipulation
"cors": .cors.options.gloo.solo.io.CorsPolicy
"transformations": .transformation.options.gloo.solo.io.Transformations
"ratelimitBasic": .ratelimit.options.gloo.solo.io.IngressRateLimit
"ratelimitEarly": .ratelimit.options.gloo.solo.io.RateLimitVhostExtension
"rateLimitEarlyConfigs": .ratelimit.options.gloo.solo.io.RateLimitConfigRefs
"ratelimit": .ratelimit.options.gloo.solo.io.RateLimitVhostExtension
"rateLimitConfigs": .ratelimit.options.gloo.solo.io.RateLimitConfigRefs
"ratelimitRegular": .ratelimit.options.gloo.solo.io.RateLimitVhostExtension
"rateLimitRegularConfigs": .ratelimit.options.gloo.solo.io.RateLimitConfigRefs
"waf": .waf.options.gloo.solo.io.Settings
"jwt": .jwt.options.gloo.solo.io.VhostExtension
"jwtStaged": .jwt.options.gloo.solo.io.JwtStagedVhostExtension
"rbac": .rbac.options.gloo.solo.io.ExtensionSettings
"extauth": .enterprise.gloo.solo.io.ExtAuthExtension
"dlp": .dlp.options.gloo.solo.io.Config
"bufferPerRoute": .solo.io.envoy.extensions.filters.http.buffer.v3.BufferPerRoute
"csrf": .solo.io.envoy.extensions.filters.http.csrf.v3.CsrfPolicy
"includeRequestAttemptCount": .google.protobuf.BoolValue
"includeAttemptCountInResponse": .google.protobuf.BoolValue
"stagedTransformations": .transformation.options.gloo.solo.io.TransformationStages
"extProc": .extproc.options.gloo.solo.io.RouteSettings
"corsPolicyMergeSettings": .cors.options.gloo.solo.io.CorsPolicyMergeSettings

Field Type Description
extensions .gloo.solo.io.Extensions Extensions will be passed along from Listeners, Gateways, VirtualServices, Routes, and Route tables to the underlying Proxy, making them useful for controllers, validation tools, etc. which interact with kubernetes yaml. Some sample use cases: * controllers, deployment pipelines, helm charts, etc. which wish to use extensions as a kind of opaque metadata. * In the future, Gloo may support gRPC-based plugins which communicate with the Gloo translator out-of-process. Opaque Extensions enables development of out-of-process plugins without requiring recompiling & redeploying Gloo’s API.
retries .retries.options.gloo.solo.io.RetryPolicy
stats .stats.options.gloo.solo.io.Stats
headerManipulation .headers.options.gloo.solo.io.HeaderManipulation Append/Remove headers on Requests or Responses on all routes contained in this Virtual Host.
cors .cors.options.gloo.solo.io.CorsPolicy Defines a CORS policy for the virtual host. If a CORS policy is also defined on the route matched by the request, the route policy overrides the virtual host policy for any configured field unless CorsPolicyMergeSettings are specified that define an alternate behavior.
transformations .transformation.options.gloo.solo.io.Transformations Transformations to apply. Note: this field is superseded by staged_transformations. If staged_transformations.regular is set, this field will be ignored.
ratelimitBasic .ratelimit.options.gloo.solo.io.IngressRateLimit Enterprise-only: Config for GlooE rate-limiting using simplified (gloo-specific) API.
ratelimitEarly .ratelimit.options.gloo.solo.io.RateLimitVhostExtension Enterprise-only: Partial config for GlooE rate-limiting based on Envoy’s rate-limit service; supports Envoy’s rate-limit service API. (reference here: https://github.com/lyft/ratelimit#configuration) Configure rate-limit actions here, which define how request characteristics get translated into descriptors used by the rate-limit service for rate-limiting. Configure rate-limit descriptors and their associated limits on the Gloo settings. Only one of ratelimit_early or rate_limit_early_configs can be set. Only one of ratelimitEarly or rateLimitEarlyConfigs can be set.
rateLimitEarlyConfigs .ratelimit.options.gloo.solo.io.RateLimitConfigRefs References to RateLimitConfig resources. This is used to configure the GlooE rate limit server. Only one of ratelimit_early or rate_limit_early_configs can be set. Only one of rateLimitEarlyConfigs or ratelimitEarly can be set.
ratelimit .ratelimit.options.gloo.solo.io.RateLimitVhostExtension Enterprise-only: Partial config for GlooE rate-limiting based on Envoy’s rate-limit service; supports Envoy’s rate-limit service API. (reference here: https://github.com/lyft/ratelimit#configuration) Configure rate-limit actions here, which define how request characteristics get translated into descriptors used by the rate-limit service for rate-limiting. Configure rate-limit descriptors and their associated limits on the Gloo settings. Only one of ratelimit or rate_limit_configs can be set. Only one of ratelimit or rateLimitConfigs can be set.
rateLimitConfigs .ratelimit.options.gloo.solo.io.RateLimitConfigRefs References to RateLimitConfig resources. This is used to configure the GlooE rate limit server. Only one of ratelimit or rate_limit_configs can be set. Only one of rateLimitConfigs or ratelimit can be set.
ratelimitRegular .ratelimit.options.gloo.solo.io.RateLimitVhostExtension Enterprise-only: Partial config for GlooE rate-limiting based on Envoy’s rate-limit service; supports Envoy’s rate-limit service API. (reference here: https://github.com/lyft/ratelimit#configuration) Configure rate-limit actions here, which define how request characteristics get translated into descriptors used by the rate-limit service for rate-limiting. Configure rate-limit descriptors and their associated limits on the Gloo settings. Only one of ratelimit_regular or rate_limit_regular_configs can be set. Only one of ratelimitRegular or rateLimitRegularConfigs can be set.
rateLimitRegularConfigs .ratelimit.options.gloo.solo.io.RateLimitConfigRefs References to RateLimitConfig resources. This is used to configure the GlooE rate limit server. Only one of ratelimit_regular or rate_limit_regular_configs can be set. Only one of rateLimitRegularConfigs or ratelimitRegular can be set.
waf .waf.options.gloo.solo.io.Settings Enterprise-only: Config for Web Application Firewall (WAF), supporting the popular ModSecurity 3.0 ruleset.
jwt .jwt.options.gloo.solo.io.VhostExtension Enterprise-only: Config for reading and verifying JWTs. Copy verifiable information from JWTs into other headers to make routing decisions or combine with RBAC for fine-grained access control. This has been deprecated in favor of staged jwt. The same configuration can be achieved through staged jwt using AfterExtAuth. Only one of jwt or jwtStaged can be set.
jwtStaged .jwt.options.gloo.solo.io.JwtStagedVhostExtension Enterprise-only: Config for reading and verifying JWTs. Copy verifiable information from JWTs into other headers to make routing decisions or combine with RBAC for fine-grained access control. JWT configuration has stages “BeforeExtAuth” and “AfterExtAuth”. BeforeExtAuth JWT validation runs before the external authentication service. This is useful when JWT is used in conjunction with other auth mechanisms specified in the boolean expression Extauth API. AfterExtAuth validation runs after external authentication service, which is useful for verifying JWTs obtained during extauth (e.g. oauth/oidc). Only one of jwtStaged or jwt can be set.
rbac .rbac.options.gloo.solo.io.ExtensionSettings Enterprise-only: Config for RBAC (currently only supports RBAC based on JWT claims).
extauth .enterprise.gloo.solo.io.ExtAuthExtension Enterprise-only: Authentication configuration.
dlp .dlp.options.gloo.solo.io.Config Enterprise-only: Config for data loss prevention.
bufferPerRoute .solo.io.envoy.extensions.filters.http.buffer.v3.BufferPerRoute BufferPerRoute can be used to set the maximum request size that the filter will buffer before the connection manager will stop buffering and return a 413 response. Note: If you have not set a global config (at the gateway level), this override will not do anything by itself.
csrf .solo.io.envoy.extensions.filters.http.csrf.v3.CsrfPolicy Csrf can be used to set percent of requests for which the CSRF filter is enabled, enable shadow-only mode where policies will be evaluated and tracked, but not enforced and add additional source origins that will be allowed in addition to the destination origin. For more, see https://www.envoyproxy.io/docs/envoy/latest/api-v2/config/filter/http/csrf/v2/csrf.proto.
includeRequestAttemptCount .google.protobuf.BoolValue IncludeRequestAttemptCount decides whether the x-envoy-attempt-count header should be included in the upstream request. Setting this option will cause it to override any existing header value, so in the case of two Envoys on the request path with this option enabled, the upstream will see the attempt count as perceived by the second Envoy. Defaults to false.
includeAttemptCountInResponse .google.protobuf.BoolValue IncludeAttemptCountInResponse decides whether the x-envoy-attempt-count header should be included in the downstream response. Setting this option will cause the router to override any existing header value, so in the case of two Envoys on the request path with this option enabled, the downstream will see the attempt count as perceived by the Envoy closest upstream from itself. Defaults to false.
stagedTransformations .transformation.options.gloo.solo.io.TransformationStages Early transformations stage. These transformations run before most other options are processed. If the regular field is set in here, the transformations field is ignored.
extProc .extproc.options.gloo.solo.io.RouteSettings Enterprise-only: External Processing filter settings for the virtual host. This can be used to override certain HttpListenerOptions settings, and can be overridden by RouteOptions settings.
corsPolicyMergeSettings .cors.options.gloo.solo.io.CorsPolicyMergeSettings Settings for determining merge strategy for CORS settings when present at both Route and VirtualHost levels.