Skip to content
home
2.1.x
About
Policies
You are viewing the latest documentation for Solo Enterprise for kgateway, formerly known as Gloo Gateway. To access the documentation for older Gloo Gateway versions, such as 2.0 and 1.x, use the version switcher.

ListenerPolicy

Page as Markdown
You can use a ListenerPolicy resource to attach policies to all gateway listeners.
Policy attachment

All listeners on a gateway

You can apply a policy to all the listeners that are defined on the gateway by using the spec.targetRef section in the ListenerPolicy resource.
The following ListenerPolicy resource sets a request read and write buffer limit and applies this policy to a Gateway resource that is named http.
kubectl apply -f- <<EOF
apiVersion: gateway.kgateway.dev/v1alpha1
kind: ListenerPolicy
metadata:
  name: bufferlimits
  namespace: kgateway-system
spec:
  targetRefs:
  - group: gateway.networking.k8s.io
    kind: Gateway
    name: http
  default:
    perConnectionBufferLimitBytes: 1024
EOF
Specific port

Instead of attaching a policy to all the listeners that are defined on the gateway, you can target a particular port by using the spec.perPort field in the ListenerPolicy resource.
The following Gateway resource defines two listeners, an HTTP (http) and HTTPS (https) listener.
kind: Gateway
apiVersion: gateway.networking.k8s.io/v1
metadata:
  name: http
spec:
  gatewayClassName: enterprise-kgateway
  listeners:
  - name: http
    protocol: HTTP
    port: 8080
    allowedRoutes:
      namespaces:
        from: All
    hostname: www.example.com
  - name: https
    port: 443
    protocol: HTTPS
    hostname: https.example.com
    tls:
      mode: Terminate
      certificateRefs:
        - name: https
          kind: Secret
    allowedRoutes:
      namespaces:
        from: All
To apply the policy to only the https listener, you specify the port in the spec.perPort field in the ListenerPolicy resource as shown in the following example.
apiVersion: gateway.kgateway.dev/v1alpha1
kind: ListenerPolicy
metadata:
  name: access-logs
  namespace: kgateway-system
spec:
  targetRefs:
  - group: gateway.networking.k8s.io
    kind: Gateway
    name: http
  perPort: 
    - port: 443
      listener: 
        perConnectionBufferLimitBytes: 1024
Conflicting policies

If you create multiple ListenerPolicy resources that define the same type of top-level policy, and attach them to the same gateway by using the targetRefs option, only the ListenerPolicy that was last applied is enforced.
HTTPListenerPolicyGlobal policy attachment