RouteTable

Proto: route_table.proto

Package: networking.gloo.solo.io

Types:

DelegateAction

DelegateActions are used to delegate routing decisions to other resources, for example RouteTables.

Field Description
routeTables (repeated common.gloo.solo.io.ObjectSelector)

Delegate to the RouteTables that match the given selectors. Selected route tables are ordered by creation time stamp in ascending order to guarantee consistent ordering. Route tables will be selected from the pool of route tables defined within the current workspace, as well as any imported into the workspace.
allowedRoutes (repeated common.gloo.solo.io.RouteFilter)

Optional: Restrict delegation to the RouteTables that match the set of route filter criteria specified. If omitted, any route will be allowed to be referenced by this RouteTable.
sortMethod (DelegateAction.SortMethod)

How routes should be sorted

DirectResponseAction

DirectResponseAction is copied directly from https://github.com/envoyproxy/envoy/blob/master/api/envoy/api/v2/route/route.proto

Field Description
status (uint32)

Required: Specifies an HTTP response status between 100-599 inclusive to be returned.
body (string)

Specifies the content of the response body. If omitted, no body is included in the generated response.
Note: Headers can be specified using the Header Modification feature in the enclosing Route, ConnectionHandler, or Gateway options.

ForwardToAction

When a client request matches a route, Gloo forwards the request to the destination that you specify in this forwardTo action.

Field Description
destinations (repeated common.gloo.solo.io.DestinationReference)

Define the upstream destination to route the request to. Some destinations require additional configuration for the route. For example, to forward requests to a CloudProvider for an AWS Lambda, you must also set a function. HTTP routes support all destinations types. TCP routes support only Kubernetes services and Gloo VirtualDestinations.
pathRewrite (string)

Replace the path specified in the matcher with this value before forwarding the request to the upstream destination. When a prefix matcher is used, only the prefix portion of the path is rewritten. When an exact matcher is used, the whole path is replaced. Rewriting the path when a regex matcher is used is currently unsupported. Note that path rewrites are available for HTTP routes only and are not supported for TCP routes.
regexRewrite (envoy.type.matcher.v3.RegexMatchAndSubstitute)

During forwarding, portions of the path that match the pattern are rewritten, even allowing the substitution of capture groups from the pattern into the new path as specified by the rewrite substitution string. This substitution is useful to allow application paths to be rewritten in a way that is aware of segments with variable content like identifiers. Note that regex rewrites are available for RE2 syntax and HTTP routes only.
hostRewrite (string)

Replace the Authority/Host header with this value before forwarding the request to the upstream destination. Note that host rewrites are available for HTTP routes only and are not supported for TCP routes.
autoHostRewrite (bool)

Automatically replace the Authority/Host header with the hostname of the upstream destination. Note that host rewrites are available for HTTP routes only and are not supported for TCP routes.

GraphQLAction

Field Description
schema (core.skv2.solo.io.ClusterObjectRef)

Reference to a GraphQLSchema resource that contains the configuration for this subschema.
stitchedSchema (core.skv2.solo.io.ClusterObjectRef)

Reference to a GraphQLStitchedSchema resource that contains the configuration for this subschema.
options (GraphQLAction.Options)

Options that apply to this GraphQL Schema.

GraphQLAction.Options

Field Description
logSensitiveInfo (google.protobuf.BoolValue)

Include information about request/response in the envoy debug logs. This is helpful for debugging GraphQL. Defaults to false.

HTTPRoute

Use HTTP routes to control Layer 7 application level traffic to your services. To configure HTTP routes, you pair together HTTP request matchers with certain actions. Matchers are criteria such as a route name, port, header, or method to match with an incoming request. Actions describe what to do with a matching request, such as forwardTo a destination or delegate to another route table. When an HTTP request matches your HTTP route, Gloo performs the action for that route. You can add metadata such as names and labels to your HTTP routes so that you can apply policies, track metrics, and better manage the routes.

Field Description
name (string)

unique name of the route (within the route table). used to identify the route for metrics
labels (repeated HTTPRoute.LabelsEntry)

Labels for the route, which you can use to apply policies that support routeSelectors.
For enhanced security, include the special label “gateway.gloo.solo.io/require_auth=true” on the route. To activate this security feature, enable the “gatewayDefaultDenyAllHTTPRequests” feature flag for your Gloo installation. When both the label and feature flag are in place, Gloo requires an authentication policy, such as ExtAuthPolicy or JWTPolicy, to be applied to the route. If the authentication policy is removed or has an error, Gloo rejects all requests to the route.
matchers (repeated common.gloo.solo.io.HTTPRequestMatcher)

The set of request matchers which this route will match on. If none are specified, this route will match any HTTP traffic. On a delegated RouteTable, this route will only match traffic that includes both the parent and child's matchers. If these sets conflict, the delegating route on the parent will be replaced with a DirectResponseAction indicating the misconfiguration.
forwardTo (ForwardToAction)

forward traffic to one or more destination services.
delegate (DelegateAction)

delegate the handling of traffic to one or more HTTP Route Tables. This can be used to delegate a subset of the route table's traffic to another route table, which may live in an imported workspace, or to separate routing concerns between objects.
redirect (RedirectAction)

return a redirect response to the downstream client.
directResponse (DirectResponseAction)

respond directly to the client from the proxy.
graphql (GraphQLAction)

handle the HTTP request as a GraphQL request, including query validation, and execution of the GraphQL request. The incoming GraphQL request must either be a GET or POST request, see “Serving over HTTP”.

HTTPRoute.LabelsEntry

Field Description
key (string)

value (string)

PortalMetadata

With Portal installed as part of Gloo Platform, you can use route tables to bundle together individual routes into an API product. When the Portal resource selects your route table, Gloo automatically generates an OpenAPI specification for the API product, which includes all of the routes. You can use this PortalMetadata setting to customize details about your API product, such as by providing a title, description, terms of service, licensing, and lifecycle management information. After you deploy a frontend application for your portal, your end users can review the metadata in the portal to help them use your API products.

Field Description
apiProductId (string)

This field is required to enable the Portal feature. Group APIs from multiple route tables together as an API product in the portal. For example, you might have separate route tables that route to different v1 and v2 versions of your billing services that have their own OpenAPI specs. By setting the apiProductId metadata to the same billing-api value in each route table, the /apis endpoint in the portal server returns the same apiProduct in the response. Then, these APIs are grouped together and shown as a single billing API product with multiple v1 and v2 versions in the frontend portal for your end users to discover and use.
apiProductDisplayName (string)

Optional: Give a name for the API product to display in the frontend portal. If omitted, the apiProductId value is used as the display name. If api_product_display_name is set to a different value in each route table that has the same apiProductId value, then the api_product_display_name value from the route table with the oldest creation timestamp is used.
apiVersion (string)

This field is required to enable the Portal feature. The version of the API in context of the api product. You cannot have multiple apiVersion values for the same apiProductId value, and you must set apiProductId to use apiVersion. For example, if you have two route tables that both set apiProductId to billing-api, then one route table can also set apiVersion to v1 and the other to v2. But both route tables cannot set the apiVersion to v1.
title (string)

The title of the openAPI specification for this API.
description (string)

The description of the openAPI specification for this API.
termsOfService (string)

The terms of service of the openAPI specification for this API.
contact (string)

The contact information of the openAPI specification for this API.
license (string)

The license of the openAPI specification for this API.
lifecycle (string)

Describes the current lifecycle stage of the API.
customMetadata (repeated PortalMetadata.CustomMetadataEntry)

Provide key-value pairs of any custom metadata that you want to show end users in the frontend portal for this API product. In particular, you might provide information about your API lifecycle management policies, such as phase=supported, phase=deprecated, compatibility=backwards, or other product information. Furthermore, the key-value pairs are added to the API Usage & Analytics data for incoming requests to this API product.

PortalMetadata.CustomMetadataEntry

Field Description
key (string)

value (string)

RedirectAction

Notice: RedirectAction is copied directly from https://github.com/envoyproxy/envoy/blob/master/api/envoy/api/v2/route/route.proto

Field Description
hostRedirect (string)

The host portion of the URL will be swapped with this value.
pathRedirect (string)

The entire path portion of the URL will be overwritten with this value.
responseCode (RedirectAction.RedirectResponseCode)

The HTTP status code to use in the redirect response. The default response code is MOVED_PERMANENTLY (301).

RouteTableReport

Field Description
workspaces (repeated RouteTableReport.WorkspacesEntry)

appliedRoutePolicies (repeated RouteTableReport.AppliedRoutePoliciesEntry)

A map of policy GVK to policy references for all policies that are applied on this resource.
parentRouteTables (repeated common.gloo.solo.io.ObjectReference)

A list of the parents route tables for this route table, if it is a delegated route table.
ownerWorkspace (string)

The name of the workspace that owns the route table.
allowedVirtualGateways (repeated common.gloo.solo.io.ObjectReference)

A list of allowed virtual gateways that this route table can select.
delegatedToRouteTables (repeated RouteTableReport.DelegatedRouteTableReference)

A list of routes delegated to by delegated routes in this RouteTable. Only tracks direct delegates of this RouteTable; delegates of delegate routes are not included.

RouteTableReport.AppliedRoutePoliciesEntry

Field Description
key (string)

value (common.gloo.solo.io.AppliedRoutePolicies)

RouteTableReport.DelegatedRouteTableReference

Field Description
routeIndex (int32)

The index of the route in the parent RouteTable that delegates to the listed RouteTable.
routeTable (common.gloo.solo.io.ObjectReference)

The reference to the RouteTable being delegated to by the parent RouteTable.

RouteTableReport.WorkspacesEntry

Field Description
key (string)

value (common.gloo.solo.io.Report)

RouteTableSpec

RouteTables define one or more hosts and a set of traffic route rules that describe how to handle traffic for these hosts. Route tables support two types of routes: HTTP and TCP. For more information, see see the Routing overview concept docs.

You can delegate HTTP routes to other route tables based on one or more matching hosts and specific route paths. If your “parent” route table delegates some traffic rules to another “child” route table, the child route table must be in the same workspace or imported to the parent route table's workspace.

You can match traffic that originates from an ingress gateway (north-south), Istio mesh gateway (east-west), or directly from the sidecars of workloads in your service mesh (east-west), depending on the configuration of the virtualGateways field.

The following example defines route configuration for the ‘uk.bookinfo.com’ and ‘eu.bookinfo.com’ hosts. Traffic arrives at the my-gateway virtual gateway in the my-gateway-ws workspace. The route table sets up several different matchers to direct HTTP traffic.

apiVersion: networking.gloo.solo.io/v2
kind: RouteTable
metadata:
  name: bookinfo-root-routes
  namespace: bookinfo
spec:
  hosts:
    - 'uk.bookinfo.com'
    - 'eu.bookinfo.com'
  virtualGateways:
    - name: my-gateway
      namespace: my-gateway-ws
  defaultDestination:
    ref:
      name: reviews
      namespace: prod
    port:
      number: 9080
  http:
    - name: reviews-qa
      matchers:
        - headers:
            - name: cookie
              value: 'user=dev-123'
      forwardTo:
        destinations:
          - ref:
              name: reviews
              namespace: qa
            subset:
              version: v1
            port:
              number: 7777
    - name: reviews
      matchers:
        - name: review-prefix
          uri:
            exact: /reviews/
      forwardTo:
        destinations:
          - weight: 80
          - ref:
              name: reviews
              namespace: qa
            port:
              number: 9080
            weight: 20

The following example defines route configuration for the ‘uk.bookinfo.com’ and ‘eu.bookinfo.com’ hosts. Traffic arrives at the my-gateway virtual gateway in the my-gateway-ws workspace. The route table sends traffic to an external cloud function.

apiVersion: networking.gloo.solo.io/v2
kind: RouteTable
metadata:
  name: bookinfo-root-routes
  namespace: bookinfo
spec:
  hosts:
    - 'uk.bookinfo.com'
    - 'eu.bookinfo.com'
  virtualGateways:
    - name: my-gateway
      namespace: my-gateway-ws
  defaultDestination:
    ref:
      name: reviews
      namespace: prod
    port:
      number: 9080
  http:
    - name: lambda
      matchers:
        - uri:
            prefix: /lambda
      labels:
        route: lambda
      forwardTo:
        destinations:
          - awsLambda:
              cloudProvider:
                name: aws-provider
                namespace: bookinfo
                cluster: cluster-1
              function: aws-dest
              options:
                invocationStyle: SYNC

The following example defines route configuration for the ‘uk.bookinfo.com’ and ‘eu.bookinfo.com’ hosts. Traffic arrives at the my-gateway virtual gateway in the my-gateway-ws workspace. The route table sends traffic to an external cloud function.

apiVersion: networking.gloo.solo.io/v2
kind: RouteTable
metadata:
  name: bookinfo-root-routes
  namespace: bookinfo
spec:
  hosts:
    - 'uk.bookinfo.com'
    - 'eu.bookinfo.com'
  virtualGateways:
    - name: my-gateway
      namespace: my-gateway-ws
  defaultDestination:
    ref:
      name: reviews
      namespace: prod
    port:
      number: 9080
  http:
    - name: lambda
      matchers:
        - uri:
            prefix: /lambda
      labels:
        route: lambda
      delegate:
        allowedRoutes:
          - cloudProvider:
              aws:
                lambda_function:
                  - backend-function-.*
                iam_roles:
                  - dev-team-B-.*
                regions:
                  - us-east-2
        routeTables:
          - labels:
              table: lambda
Field Description
hosts (repeated string)

Optional: One or more hosts for which this route table will route traffic. Supports wildcards. To avoid potential misconfigurations, it is recommended to always use fully qualified domain names over short names.
Note: It must be empty for a delegated RouteTable.
virtualGateways (repeated common.gloo.solo.io.ObjectReference)

Optional: A list of references to the virtual gateways which should serve this route table. Only valid for route tables which define at least one host. Note: This field must be empty for a delegated RouteTable.
When not specified, the route table applies to either all the sidecars in the workspace or only sidecars for selected workloads (via the workloadSelectors field) in the workspace where the route table is deployed or imported.
The following applies to sidecars of all the workloads for the workspace where the route table is deployed or imported: set virtualGateways to null and workloadSelectors to [].
The following applies to the my-gateway virtual gateway in the gateway workspace and no sidecars: set virtualGateways.name to my-gateway, virtualGateways.namespace to gateway, and workloadSelectors to [].
The following applies to the my-gateway virtual gateway in the gateway workspace and sidecars of all the workloads for the workspace where the route table is deployed or imported: set virtualGateways.name to my-gateway, virtualGateways.namespace to gateway, and workloadSelectors to {}.
The following applies to sidecars of all the app: foo workloads for the workspace where the route table is deployed or imported: set virtualGateways to null and workloadSelectors.selector.labels to app: foo.
The following applies to the my-gateway virtual gateway in the gateway workspace and sidecars of all the app: foo workloads for the workspace where the route table is deployed or imported: set virtualGateways.name to my-gateway, virtualGateways.namespace to gateway, and workloadSelectors.selector.labels to app: foo.
workloadSelectors (repeated common.gloo.solo.io.WorkloadSelector)

Optional: Selectors for source workloads (with sidecars) which will route traffic by this route table. Only valid for route tables which define at least one host. If no workloadSelectors or virtualGateways are specified, all workloads in the workspace will automatically be selected. If VirtualGateways are specified, set workloadSelectors: - {} to select all workloads in the workspace. Note: This field must be empty for a delegated RouteTable. Note: Selection of external workloads (VMs) is currently not supported.
applyToDestinations (repeated common.gloo.solo.io.DestinationSelector)

Optional: Selectors for destinations that shall route traffic by this route table via producer-side side policy (e.g on waypoints)
Applying an ambient-backed destinations means that any traffic that reaches the destination, regardless of its origin (mesh, outside mesh), will be subject to the RouteTable's policy.
To select all ambient destinations in the workspace, set applyToDestinations: - {}.
Note: applyToDestinations is an alpha API currently implemented only for ambient-enabled meshes. Note: For delegated route tables this field should be empty, as the values from the parent will always be used for destination selection. Note: Selection of external workloads (VMs), external services, and Destinations with sidecars is currently not supported.
defaultDestination (common.gloo.solo.io.DestinationReference)

Optional: Routes that do not specify a destination will forward traffic to this destination.
http (repeated HTTPRoute)

The set of HTTP routes for this route table to serve. If no routes match the client request, the client gets back a 404. For more information on supported HTTP features, see the Routing overview concept docs.
tcp (repeated TCPRoute)

The set of TCP routes for this route table to serve. TCP routes are available only for internal traffic within the cluster, not for ingress gateway traffic. For more information on supported TCP features see the Routing overview concept docs.
tls (repeated TLSRoute)

The set of TLS routes for this route table to serve. For more information on supported TLS features see the Routing overview concept docs.
weight (int32)

Weight is used when sorting route tables in delegate action or routes when sorted by specificity. Higher integer values are considered higher priority. The default value is 0.
portalMetadata (PortalMetadata)

Optional: If this route table bundles APIs that you want to expose in a developer portal, you can set portal metadata. Portal metadata is a set of key-value pairs that describe your APIs. Later, your developer portal displays this information in the end-user facing API documentation.

RouteTableStatus

Field Description
common (common.gloo.solo.io.Status)

The state and workspace conditions of the applied resource.
numAppliedRoutePolicies (repeated RouteTableStatus.NumAppliedRoutePoliciesEntry)

A map of policy GVK to the number of policies that are applied on this resource, sorted by GVK.
numParentRouteTables (uint32)

The number of parent route tables for this route table, if it is a delegated route table.
ownedByWorkspace (string)

The name of the workspace that this route table belongs to.
numAllowedVirtualGateways (uint32)

The number virtual gateways that this route table can select.

RouteTableStatus.NumAppliedRoutePoliciesEntry

Field Description
key (string)

value (uint32)

TCPRoute

Use TCP routes to control lower-level, connection-based traffic to services such as a local database. TCP routes are available only for internal traffic within the cluster, not for ingress gateway traffic. To configure TCP routes, you pair together TCP request matchers with certain actions. Matchers are criteria such as a port to match with an incoming request. Actions describe what to do with a matching request, such as forwardTo a destination. When a TCP request matches your TCP route, Gloo performs the action for that route.

Field Description
matchers (repeated common.gloo.solo.io.TCPRequestMatcher)

The set of request matchers for this route to match on.
forwardTo (ForwardToAction)

Forward traffic to one or more destination services. Note that some forwardTo actions, such as path or host rewrite, are not supported for TCP routes.

TLSRoute

Use TLS routes to route unterminated TLS traffic (TLS/HTTPS) through an ingress gateway or within the cluster, such as for pass-through SNI-routing. You must specify an SNI host in the matcher, and optionally a port on the host.

Field Description
matchers (repeated common.gloo.solo.io.TLSRequestMatcher)

The set of request matchers for this route to match on.
forwardTo (TLSRoute.TLSForwardToAction)

Forward traffic to one or more destination services.

TLSRoute.TLSForwardToAction

When a client request matches a route, Gloo forwards the request to the destination that you specify in this forwardTo action.

Field Description
destinations (repeated common.gloo.solo.io.DestinationReference)

Define the upstream destination to route the request to.

DelegateAction.SortMethod

Name Number Description
TABLE_WEIGHT 0 Routes are kept in the order that they appear relative to their tables, but tables are sorted by weight. Tables that have the same weight will stay in the same order that they are listed in, which is the list order when given as a reference and by creation timestamp when selected.
ROUTE_SPECIFICITY 1 After processing all routes, including additional route tables delegated to, the resulting routes are sorted by specificity to reduce the chance that a more specific route will be short-circuited by a general route. Matchers with exact path matchers are considered more specific than regex path patchers, which are more specific than prefix path matchers. For prefix and exact, matchers of the same type are sorted by length of the path in descending order. For regex matchers they are all treated equal when sorted. For sort ties, table weights are used across tables & within tables user specified order is preserved. Only the most specific matcher on each route is used.
For example, consider the following two sub-tables that are sorted by specificity and the resulting route list.
Sub-table A, with a table weight of 1 in case of sort ties:
  • prefix: /foo
  • prefix: /foo/more/specific
  • prefix: /foo/even/more/specific
  • exact: /foo/exact
  • exact: /foo/another/exact
  • regex: /foo/*
  • regex: /fooo/*
Sub-table B, with a table weight of 2 in case of sort ties:
  • prefix: /bar
  • prefix: /bar/more/specific
  • prefix: /bar/even/more/specific
  • exact: /bar/exact
  • regex: /bar/*
The resulting routes are sorted in this order:
  • exact: /foo/another/exact
  • exact: /bar/exact
  • exact: /foo/exact
  • regex: /bar/*
  • regex: /foo/*
  • regex: /fooo/*
  • prefix: /bar/even/more/specific
  • prefix: /foo/even/more/specific
  • prefix: /bar/more/specific
  • prefix: /foo/more/specific
  • prefix: /bar
  • prefix: /foo

RedirectAction.RedirectResponseCode

Name Number Description
MOVED_PERMANENTLY 0 Moved Permanently HTTP Status Code - 301.
FOUND 1 Found HTTP Status Code - 302.
SEE_OTHER 2 See Other HTTP Status Code - 303.
TEMPORARY_REDIRECT 3 Temporary Redirect HTTP Status Code - 307.
PERMANENT_REDIRECT 4 Permanent Redirect HTTP Status Code - 308.