RouteTable
RouteTable API reference.
Proto: route_table.proto
Package: networking.gloo.solo.io
DelegateAction
DelegateActions are used to delegate routing decisions to other resources, for example RouteTables.
Field | Description |
---|---|
routeTables | (repeated common.gloo.solo.io.ObjectSelector )Delegate to the RouteTables that match the given selectors. Selected route tables are ordered by creation time stamp in ascending order to guarantee consistent ordering. Route tables will be selected from the pool of route tables defined within the current workspace, as well as any imported into the workspace. |
allowedRoutes | (repeated common.gloo.solo.io.RouteFilter )Optional: Restrict delegation to the RouteTables that match the set of route filter criteria specified. If omitted, any route will be allowed to be referenced by this RouteTable. |
sortMethod | (DelegateAction.SortMethod )How routes should be sorted |
DirectResponseAction
DirectResponseAction is copied directly from https://github.com/envoyproxy/envoy/blob/master/api/envoy/api/v2/route/route.proto
Field | Description |
---|---|
status | (uint32 )Required: Specifies an HTTP response status between 100-599 inclusive to be returned. |
body | (string )Specifies the content of the response body. If omitted, no body is included in the generated response. Note: Headers can be specified using the Header Modification feature in the enclosing Route, ConnectionHandler, or Gateway options. |
ForwardToAction
When a client request matches a route, Gloo forwards the request to the destination that you specify in this forwardTo
action.
Field | Description |
---|---|
destinations | (repeated common.gloo.solo.io.DestinationReference )Define the upstream destination to route the request to. Some destinations require additional configuration for the route. For example, to forward requests to a CloudProvider for an AWS Lambda, you must also set a function . HTTP routes support all destinations types. TCP routes support only Kubernetes services and Gloo VirtualDestinations. |
pathRewrite | (string )Replace the path specified in the matcher with this value before forwarding the request to the upstream destination. When a prefix matcher is used, only the prefix portion of the path is rewritten. When an exact matcher is used, the whole path is replaced. Rewriting the path when a regex matcher is used is currently unsupported. Note that path rewrites are available for HTTP routes only and are not supported for TCP routes. |
regexRewrite | (envoy.type.matcher.v3.RegexMatchAndSubstitute )During forwarding, portions of the path that match the pattern are rewritten, even allowing the substitution of capture groups from the pattern into the new path as specified by the rewrite substitution string. This substitution is useful to allow application paths to be rewritten in a way that is aware of segments with variable content like identifiers. Note that regex rewrites are available for RE2 syntax and HTTP routes only. |
hostRewrite | (string )Replace the Authority/Host header with this value before forwarding the request to the upstream destination. Note that host rewrites are available for HTTP routes only and are not supported for TCP routes. |
autoHostRewrite | (bool )Automatically replace the Authority/Host header with the hostname of the upstream destination. Note that host rewrites are available for HTTP routes only and are not supported for TCP routes. |
GraphQLAction
Field | Description |
---|---|
schema | (core.skv2.solo.io.ClusterObjectRef )Reference to a GraphQLSchema resource that contains the configuration for this subschema. |
stitchedSchema | (core.skv2.solo.io.ClusterObjectRef )Reference to a GraphQLStitchedSchema resource that contains the configuration for this subschema. |
options | (GraphQLAction.Options )Options that apply to this GraphQL Schema. |
GraphQLAction.Options
Field | Description |
---|---|
logSensitiveInfo | (google.protobuf.BoolValue )Include information about request/response in the envoy debug logs. This is helpful for debugging GraphQL. Defaults to false. |
HTTPRoute
Use HTTP routes to control Layer 7 application level traffic to your services. To configure HTTP routes, you pair together
HTTP request matchers
with certain actions. Matchers are criteria such as a route name, port, header, or method to match
with an incoming request. Actions describe what to do with a matching request, such as forwardTo
a destination or delegate
to another route table. When an HTTP request matches your HTTP route, Gloo performs the action for that route. You can add
metadata such as names and labels to your HTTP routes so that you can apply policies, track metrics, and better manage the routes.
Field | Description |
---|---|
name | (string )unique name of the route (within the route table). used to identify the route for metrics |
labels | (repeated HTTPRoute.LabelsEntry )Labels for the route. used to apply policies which implement routeSelectors. |
matchers | (repeated common.gloo.solo.io.HTTPRequestMatcher )The set of request matchers which this route will match on. If none are specified, this route will match any HTTP traffic. On a delegated RouteTable, this route will only match traffic that includes both the parent and child’s matchers. If these sets conflict, the delegating route on the parent will be replaced with a DirectResponseAction indicating the misconfiguration. |
forwardTo | (ForwardToAction )forward traffic to one or more destination services. |
delegate | (DelegateAction )delegate the handling of traffic to one or more HTTP Route Tables. This can be used to delegate a subset of the route table’s traffic to another route table, which may live in an imported workspace, or to separate routing concerns between objects. |
redirect | (RedirectAction )return a redirect response to the downstream client. |
directResponse | (DirectResponseAction )respond directly to the client from the proxy. |
graphql | (GraphQLAction )handle the HTTP request as a GraphQL request, including query validation, and execution of the GraphQL request. The incoming GraphQL request must either be a GET or POST request, see “Serving over HTTP”. |
HTTPRoute.LabelsEntry
Field | Description |
---|---|
key | (string ) |
value | (string ) |
PortalMetadata
With Portal installed as part of Gloo Platform,
you can use route tables to bundle together individual routes into an API product.
When the Portal resource selects your route table, Gloo automatically generates an OpenAPI specification for the API product,
which includes all of the routes. You can use this PortalMetadata
setting to customize details about your API product,
such as by providing a title, description, terms of service, licensing, and lifecycle management information.
After you deploy a frontend application for your portal, your end users can review the metadata in the portal to help them use your API products.
Field | Description |
---|---|
apiProductId | (string )This field is required to enable the Portal feature. Group APIs from multiple route tables together as an API product in the portal. For example, you might have separate route tables that route to different v1 and v2 versions of your billing services that have their own OpenAPI specs. By setting the apiProductId metadata to the same billing-api value in each route table, the /apis endpoint in the portal server returns the same apiProduct in the response. Then, these APIs are grouped together and shown as a single billing API product with multiple v1 and v2 versions in the frontend portal for your end users to discover and use. |
apiProductDisplayName | (string )Optional: Give a name for the API product to display in the frontend portal. If omitted, the apiProductId value is used as the display name. If api_product_display_name is set to a different value in each route table that has the same apiProductId value, then the api_product_display_name value from the route table with the oldest creation timestamp is used. |
apiVersion | (string )This field is required to enable the Portal feature. The version of the API in context of the api product. You cannot have multiple apiVersion values for the same apiProductId value, and you must set apiProductId to use apiVersion . For example, if you have two route tables that both set apiProductId to billing-api , then one route table can also set apiVersion to v1 and the other to v2 . But both route tables cannot set the apiVersion to v1 . |
title | (string )The title of the openAPI specification for this API. |
description | (string )The description of the openAPI specification for this API. |
termsOfService | (string )The terms of service of the openAPI specification for this API. |
contact | (string )The contact information of the openAPI specification for this API. |
license | (string )The license of the openAPI specification for this API. |
lifecycle | (string )Describes the current lifecycle stage of the API. |
customMetadata | (repeated PortalMetadata.CustomMetadataEntry )Provide key-value pairs of any custom metadata that you want to show end users in the frontend portal for this API product. In particular, you might provide information about your API lifecycle management policies, such as phase=supported , phase=deprecated , compatibility=backwards , or other product information. Furthermore, the key-value pairs are added to the API Usage & Analytics data for incoming requests to this API product. |
PortalMetadata.CustomMetadataEntry
Field | Description |
---|---|
key | (string ) |
value | (string ) |
RedirectAction
Notice: RedirectAction is copied directly from https://github.com/envoyproxy/envoy/blob/master/api/envoy/api/v2/route/route.proto
Field | Description |
---|---|
hostRedirect | (string )The host portion of the URL will be swapped with this value. |
pathRedirect | (string )The entire path portion of the URL will be overwritten with this value. |
responseCode | (RedirectAction.RedirectResponseCode )The HTTP status code to use in the redirect response. The default response code is MOVED_PERMANENTLY (301). |
RouteTableReport
Field | Description |
---|---|
workspaces | (repeated RouteTableReport.WorkspacesEntry ) |
appliedRoutePolicies | (repeated RouteTableReport.AppliedRoutePoliciesEntry )A map of policy GVK to policy references for all policies that are applied on this resource. |
parentRouteTables | (repeated common.gloo.solo.io.ObjectReference )A list of the parents route tables for this route table, if it is a delegated route table. |
ownerWorkspace | (string )The name of the workspace that owns the route table. |
allowedVirtualGateways | (repeated common.gloo.solo.io.ObjectReference )A list of allowed virtual gateways that this route table can select. |
delegatedToRouteTables | (repeated RouteTableReport.DelegatedRouteTableReference )A list of routes delegated to by delegated routes in this RouteTable. Only tracks direct delegates of this RouteTable; delegates of delegate routes are not included. |
RouteTableReport.AppliedRoutePoliciesEntry
Field | Description |
---|---|
key | (string ) |
value | (common.gloo.solo.io.AppliedRoutePolicies ) |
RouteTableReport.DelegatedRouteTableReference
Field | Description |
---|---|
routeIndex | (int32 )The index of the route in the parent RouteTable that delegates to the listed RouteTable. |
routeTable | (common.gloo.solo.io.ObjectReference )The reference to the RouteTable being delegated to by the parent RouteTable. |
RouteTableReport.WorkspacesEntry
Field | Description |
---|---|
key | (string ) |
value | (common.gloo.solo.io.Report ) |
RouteTableSpec
RouteTables
define one or more hosts and a set of traffic route rules that describe how to handle traffic for these hosts.
Route tables support two types of routes: HTTP and TCP.
For more information, see see the Routing overview concept docs.
You can delegate HTTP routes to other route tables based on one or more matching hosts and specific route paths. If your “parent” route table delegates some traffic rules to another “child” route table, the child route table must be in the same workspace or imported to the parent route table’s workspace.
You can match traffic that originates from an ingress gateway (north-south), Istio mesh gateway (east-west),
or directly from the sidecars of workloads in your service mesh (east-west),
depending on the configuration of the virtualGateways
field.
The following example defines route configuration for the ‘uk.bookinfo.com’ and ’eu.bookinfo.com’ hosts.
Traffic arrives at the my-gateway
virtual gateway in the my-gateway-ws
workspace.
The route table sets up several different matchers to direct HTTP traffic.
- When the cookie in the header matches to
user=dev-123
, HTTP traffic is forwarded to the port7777
of thev1
ofreviews.qa
service. - When the path matches exactly to
/reviews/
, 80% traffic is forwarded to port 9080 of thereviews.prod
service and 20% traffic is forwarded to port 9080 of thereviews.qa
service. - All other HTTP traffic is sent to the default destination, which is port 9080 of
reviews.prod
service in thebookinfo
workspace.
apiVersion: networking.gloo.solo.io/v2
kind: RouteTable
metadata:
name: bookinfo-root-routes
namespace: bookinfo
spec:
hosts:
- 'uk.bookinfo.com'
- 'eu.bookinfo.com'
virtualGateways:
- name: my-gateway
namespace: my-gateway-ws
defaultDestination:
ref:
name: reviews
namespace: prod
port:
number: 9080
http:
- name: reviews-qa
matchers:
- headers:
- name: cookie
value: 'user=dev-123'
forwardTo:
destinations:
- ref:
name: reviews
namespace: qa
subset:
version: v1
port:
number: 7777
- name: reviews
matchers:
- name: review-prefix
uri:
exact: /reviews/
forwardTo:
destinations:
- weight: 80
- ref:
name: reviews
namespace: qa
port:
number: 9080
weight: 20
The following example defines route configuration for the ‘uk.bookinfo.com’ and ’eu.bookinfo.com’ hosts.
Traffic arrives at the my-gateway
virtual gateway in the my-gateway-ws
workspace. The route table sends traffic to an external cloud function.
- When the HTTP route path matches the prefix
/lambda
, traffic is forwarded to the backingaws-provider
CloudProvider. - The associated
aws-provider
CloudResources resource describes an AWS Lambda service namedlogicalName: aws-dest
. - The
"SYNC"
option indicates that the AWS Lambda function is invoked synchronously, which is also the default behavior.
apiVersion: networking.gloo.solo.io/v2
kind: RouteTable
metadata:
name: bookinfo-root-routes
namespace: bookinfo
spec:
hosts:
- 'uk.bookinfo.com'
- 'eu.bookinfo.com'
virtualGateways:
- name: my-gateway
namespace: my-gateway-ws
defaultDestination:
ref:
name: reviews
namespace: prod
port:
number: 9080
http:
- name: lambda
matchers:
- uri:
prefix: /lambda
labels:
route: lambda
forwardTo:
destinations:
- awsLambda:
cloudProvider:
name: aws-provider
namespace: bookinfo
cluster: cluster-1
function: aws-dest
options:
invocationStyle: SYNC
The following example defines route configuration for the ‘uk.bookinfo.com’ and ’eu.bookinfo.com’ hosts.
Traffic arrives at the my-gateway
virtual gateway in the my-gateway-ws
workspace. The route table sends traffic to an external cloud function.
- When the HTTP route path matches the prefix
/lambda
, traffic is forwarded to the delegated route table for handling requests to AWS Lambdas. - The
allowedRoutes
restrict the usage of CloudProvider functionality, which routes to cloud functionsbackend-function-*
in regionus-east-2
and which assumes thedev-team-B-*
IAM role in AWS to invoke the function.
apiVersion: networking.gloo.solo.io/v2
kind: RouteTable
metadata:
name: bookinfo-root-routes
namespace: bookinfo
spec:
hosts:
- 'uk.bookinfo.com'
- 'eu.bookinfo.com'
virtualGateways:
- name: my-gateway
namespace: my-gateway-ws
defaultDestination:
ref:
name: reviews
namespace: prod
port:
number: 9080
http:
- name: lambda
matchers:
- uri:
prefix: /lambda
labels:
route: lambda
delegate:
allowedRoutes:
- cloudProvider:
aws:
lambda_function:
- backend-function-.*
iam_roles:
- dev-team-B-.*
regions:
- us-east-2
routeTables:
- labels:
table: lambda
Field | Description |
---|---|
hosts | (repeated string )Optional: One or more hosts for which this route table will route traffic. Supports wildcards. To avoid potential misconfigurations, it is recommended to always use fully qualified domain names over short names. Note: It must be empty for a delegated RouteTable. |
virtualGateways | (repeated common.gloo.solo.io.ObjectReference )Optional: A list of references to the virtual gateways which should serve this route table. Only valid for route tables which define at least one host. Note: This field must be empty for a delegated RouteTable. When not specified, the route table applies to either all the sidecars in the workspace or only sidecars for selected workloads (via the workloadSelectors field) in the workspace where the route table is deployed or imported.The following applies to sidecars of all the workloads for the workspace where the route table is deployed or imported: set virtualGateways to null and workloadSelectors to [] .The following applies to the my-gateway virtual gateway in the gateway workspace and no sidecars: set virtualGateways.name to my-gateway , virtualGateways.namespace to gateway , and workloadSelectors to [] .The following applies to the my-gateway virtual gateway in the gateway workspace and sidecars of all the workloads for the workspace where the route table is deployed or imported: set virtualGateways.name to my-gateway , virtualGateways.namespace to gateway , and workloadSelectors to {} .The following applies to sidecars of all the app: foo workloads for the workspace where the route table is deployed or imported: set virtualGateways to null and workloadSelectors.selector.labels to app: foo .The following applies to the my-gateway virtual gateway in the gateway workspace and sidecars of all the app: foo workloads for the workspace where the route table is deployed or imported: set virtualGateways.name to my-gateway , virtualGateways.namespace to gateway , and workloadSelectors.selector.labels to app: foo . |
workloadSelectors | (repeated common.gloo.solo.io.WorkloadSelector )Optional: Selectors for source workloads (with sidecars) which route traffic for this route table. Only valid for route tables which define at least one host. If no workloadSelectors or virtualGateways are specified, all workloads in the workspace are automatically selected. If virtualGateways are specified, set workloadSelectors: - {} to select all workloads in the workspace.Note: This field must be empty for a delegated route table. Note: Selection of external workloads (VMs) is currently not supported. Note: You can select workloads by using labels only. Selecting workloads by using other references, such as the name, namespace, or cluster is not supported. |
applyToDestinations | (repeated common.gloo.solo.io.DestinationSelector )Optional: Selectors for destinations that shall route traffic by this route table via producer-side side policy (e.g on waypoints) Applying an ambient-backed destinations means that any traffic that reaches the destination, regardless of its origin (mesh, outside mesh), will be subject to the RouteTable’s policy. To select all ambient destinations in the workspace, set applyToDestinations: - {} .Note: applyToDestinations is an alpha API currently implemented only for ambient-enabled meshes. Note: For delegated route tables this field should be empty, as the values from the parent will always be used for destination selection. Note: Selection of external workloads (VMs), external services, and Destinations with sidecars is currently not supported. |
defaultDestination | (common.gloo.solo.io.DestinationReference )Optional: Routes that do not specify a destination will forward traffic to this destination. |
http | (repeated HTTPRoute )The set of HTTP routes for this route table to serve. If no routes match the client request, the client gets back a 404. For more information on supported HTTP features, see the Routing overview concept docs. |
tcp | (repeated TCPRoute )The set of TCP routes for this route table to serve. TCP routes are available only for internal traffic within the cluster, not for ingress gateway traffic. For more information on supported TCP features see the Routing overview concept docs. |
tls | (repeated TLSRoute )The set of TLS routes for this route table to serve. For more information on supported TLS features see the Routing overview concept docs. |
weight | (int32 )Weight is used when sorting route tables in delegate action or routes when sorted by specificity. Higher integer values are considered higher priority. The default value is 0. |
portalMetadata | (PortalMetadata )Optional: If this route table bundles APIs that you want to expose in a developer portal, you can set portal metadata. Portal metadata is a set of key-value pairs that describe your APIs. Later, your developer portal displays this information in the end-user facing API documentation. |
RouteTableStatus
Field | Description |
---|---|
common | (common.gloo.solo.io.Status )The state and workspace conditions of the applied resource. |
numAppliedRoutePolicies | (repeated RouteTableStatus.NumAppliedRoutePoliciesEntry )A map of policy GVK to the number of policies that are applied on this resource, sorted by GVK. |
numParentRouteTables | (uint32 )The number of parent route tables for this route table, if it is a delegated route table. |
ownedByWorkspace | (string )The name of the workspace that this route table belongs to. |
numAllowedVirtualGateways | (uint32 )The number virtual gateways that this route table can select. |
RouteTableStatus.NumAppliedRoutePoliciesEntry
Field | Description |
---|---|
key | (string ) |
value | (uint32 ) |
TCPRoute
Use TCP routes to control lower-level, connection-based traffic to services such as a local database.
TCP routes are available only for internal traffic within the cluster, not for ingress gateway traffic.
To configure TCP routes, you pair together TCP request matchers
with certain actions.
Matchers are criteria such as a port to match with an incoming request.
Actions describe what to do with a matching request, such as forwardTo
a destination.
When a TCP request matches your TCP route, Gloo performs the action for that route.
Field | Description |
---|---|
matchers | (repeated common.gloo.solo.io.TCPRequestMatcher )The set of request matchers for this route to match on. |
forwardTo | (ForwardToAction )Forward traffic to one or more destination services. Note that some forwardTo actions, such as path or host rewrite, are not supported for TCP routes. |
TLSRoute
Use TLS routes to route unterminated TLS traffic (TLS/HTTPS) through an ingress gateway or within the cluster, such as for pass-through SNI-routing. You must specify an SNI host in the matcher, and optionally a port on the host.
Field | Description |
---|---|
matchers | (repeated common.gloo.solo.io.TLSRequestMatcher )The set of request matchers for this route to match on. |
forwardTo | (TLSRoute.TLSForwardToAction )Forward traffic to one or more destination services. |
TLSRoute.TLSForwardToAction
When a client request matches a route, Gloo forwards the request to the destination that you specify in this forwardTo
action.
Field | Description |
---|---|
destinations | (repeated common.gloo.solo.io.DestinationReference )Define the upstream destination to route the request to. |
DelegateAction.SortMethod
Name | Number | Description |
---|---|---|
TABLE_WEIGHT | 0 | Routes are kept in the order that they appear relative to their tables, but tables are sorted by weight. Tables that have the same weight will stay in the same order that they are listed in, which is the list order when given as a reference and by creation timestamp when selected. |
ROUTE_SPECIFICITY | 1 | After processing all routes, including additional route tables delegated to, the resulting routes are sorted by specificity to reduce the chance that a more specific route will be short-circuited by a general route. Matchers with exact path matchers are considered more specific than regex path patchers, which are more specific than prefix path matchers. For prefix and exact, matchers of the same type are sorted by length of the path in descending order. For regex matchers they are all treated equal when sorted. For sort ties, table weights are used across tables & within tables user specified order is preserved. Only the most specific matcher on each route is used. For example, consider the following two sub-tables that are sorted by specificity and the resulting route list. Sub-table A, with a table weight of 1 in case of sort ties:
2 in case of sort ties:
|
RedirectAction.RedirectResponseCode
Name | Number | Description |
---|---|---|
MOVED_PERMANENTLY | 0 | Moved Permanently HTTP Status Code - 301. |
FOUND | 1 | Found HTTP Status Code - 302. |
SEE_OTHER | 2 | See Other HTTP Status Code - 303. |
TEMPORARY_REDIRECT | 3 | Temporary Redirect HTTP Status Code - 307. |
PERMANENT_REDIRECT | 4 | Permanent Redirect HTTP Status Code - 308. |