Package v1 contains API Schema definitions for the konghq.com v1 API group.
KongClusterPlugin is the Schema for the kongclusterplugins API.
| Field | Description |
|---|---|
apiVersion string |
configuration.konghq.com/v1 |
kind string |
KongClusterPlugin |
metadata ObjectMeta |
Refer to Kubernetes API documentation for fields of metadata. |
consumerRef string |
ConsumerRef is a reference to a particular consumer. |
disabled boolean |
Disabled set if the plugin is disabled or not. |
config JSON |
Config contains the plugin configuration. It's a list of keys and values required to configure the plugin. Please read the documentation of the plugin being configured to set values in here. For any plugin in Kong, anything that goes in the config JSON key in the Admin API request, goes into this property. Only one of config or configFrom may be used in a KongClusterPlugin, not both at once. |
configFrom NamespacedConfigSource |
ConfigFrom references a secret containing the plugin configuration. This should be used when the plugin configuration contains sensitive information, such as AWS credentials in the Lambda plugin or the client secret in the OIDC plugin. Only one of config or configFrom may be used in a KongClusterPlugin, not both at once. |
configPatches NamespacedConfigPatch array |
ConfigPatches represents JSON patches to the configuration of the plugin. Each item means a JSON patch to add something in the configuration, where path is specified in path and value is in valueFrom referencing a key in a secret. When Config is specified, patches will be applied to the configuration in Config. Otherwise, patches will be applied to an empty object. |
plugin string |
PluginName is the name of the plugin to which to apply the config. |
run_on string |
RunOn configures the plugin to run on the first or the second or both nodes in case of a service mesh deployment. |
protocols KongProtocol array |
Protocols configures plugin to run on requests received on specific protocols. |
ordering PluginOrdering |
Ordering overrides the normal plugin execution order. It's only available on Kong Enterprise. <phase> is a request processing phase (for example, access or body_filter) and <plugin> is the name of the plugin that will run before or after the KongPlugin. For example, a KongPlugin with plugin: rate-limiting and before.access: ["key-auth"] will create a rate limiting plugin that limits requests before they are authenticated. |
instance_name string |
InstanceName is an optional custom name to identify an instance of the plugin. This is useful when running the same plugin in multiple contexts, for example, on multiple services. |
KongConsumer is the Schema for the kongconsumers API.
| Field | Description |
|---|---|
apiVersion string |
configuration.konghq.com/v1 |
kind string |
KongConsumer |
metadata ObjectMeta |
Refer to Kubernetes API documentation for fields of metadata. |
username string |
Username is a Kong cluster-unique username of the consumer. |
custom_id string |
CustomID is a Kong cluster-unique existing ID for the consumer - useful for mapping Kong with users in your existing database. |
credentials string array |
Credentials are references to secrets containing a credential to be provisioned in Kong. |
consumerGroups string array |
ConsumerGroups are references to consumer groups (that consumer wants to be part of) provisioned in Kong. |
spec KongConsumerSpec |
KongIngress is the Schema for the kongingresses API.
| Field | Description |
|---|---|
apiVersion string |
configuration.konghq.com/v1 |
kind string |
KongIngress |
metadata ObjectMeta |
Refer to Kubernetes API documentation for fields of metadata. |
upstream KongIngressUpstream |
Upstream represents a virtual hostname and can be used to loadbalance incoming requests over multiple targets (e.g. Kubernetes Services can be a target, OR Endpoints can be targets). |
proxy KongIngressService |
Proxy defines additional connection options for the routes to be configured in the Kong Gateway, e.g. connection_timeout, retries, etc. |
route KongIngressRoute |
Route define rules to match client requests. Each Route is associated with a Service, and a Service may have multiple Routes associated to it. |
KongPlugin is the Schema for the kongplugins API.
| Field | Description |
|---|---|
apiVersion string |
configuration.konghq.com/v1 |
kind string |
KongPlugin |
metadata ObjectMeta |
Refer to Kubernetes API documentation for fields of metadata. |
consumerRef string |
ConsumerRef is a reference to a particular consumer. |
disabled boolean |
Disabled set if the plugin is disabled or not. |
config JSON |
Config contains the plugin configuration. It's a list of keys and values required to configure the plugin. Please read the documentation of the plugin being configured to set values in here. For any plugin in Kong, anything that goes in the config JSON key in the Admin API request, goes into this property. Only one of config or configFrom may be used in a KongPlugin, not both at once. |
configFrom ConfigSource |
ConfigFrom references a secret containing the plugin configuration. This should be used when the plugin configuration contains sensitive information, such as AWS credentials in the Lambda plugin or the client secret in the OIDC plugin. Only one of config or configFrom may be used in a KongPlugin, not both at once. |
configPatches ConfigPatch array |
ConfigPatches represents JSON patches to the configuration of the plugin. Each item means a JSON patch to add something in the configuration, where path is specified in path and value is in valueFrom referencing a key in a secret. When Config is specified, patches will be applied to the configuration in Config. Otherwise, patches will be applied to an empty object. |
plugin string |
PluginName is the name of the plugin to which to apply the config. |
run_on string |
RunOn configures the plugin to run on the first or the second or both nodes in case of a service mesh deployment. |
protocols KongProtocol array |
Protocols configures plugin to run on requests received on specific protocols. |
ordering PluginOrdering |
Ordering overrides the normal plugin execution order. It's only available on Kong Enterprise. <phase> is a request processing phase (for example, access or body_filter) and <plugin> is the name of the plugin that will run before or after the KongPlugin. For example, a KongPlugin with plugin: rate-limiting and before.access: ["key-auth"] will create a rate limiting plugin that limits requests before they are authenticated. |
instance_name string |
InstanceName is an optional custom name to identify an instance of the plugin. This is useful when running the same plugin in multiple contexts, for example, on multiple services. |
In this section you will find types that the CRDs rely on.
ConfigPatch is a JSON patch (RFC6902) to add values from Secret to the generated configuration.
It is an equivalent of the following patch:
{"op": "add", "path": {.Path}, "value": {.ComputedValueFrom}}.
| Field | Description |
|---|---|
path string |
Path is the JSON-Pointer value (RFC6901) that references a location within the target configuration. |
valueFrom ConfigSource |
ValueFrom is the reference to a key of a secret where the patched value comes from. |
Appears in:
ConfigSource is a wrapper around SecretValueFromSource.
| Field | Description |
|---|---|
secretKeyRef SecretValueFromSource |
Specifies a name and a key of a secret to refer to. The namespace is implicitly set to the one of referring object. |
Appears in:
KongConsumerSpec defines the specification of the KongConsumer.
| Field | Description |
|---|---|
controlPlaneRef ControlPlaneRef |
ControlPlaneRef is a reference to a ControlPlane this Consumer is associated with. |
tags Tags |
Tags is an optional set of tags applied to the consumer. |
Appears in:
KongIngressRoute contains KongIngress route configuration.
It contains the subset of go-kong.kong.Route fields supported by kongstate.Route.overrideByKongIngress.
Deprecated: use Ingress' annotations instead.
| Field | Description |
|---|---|
methods string array |
Methods is a list of HTTP methods that match this Route. Deprecated: use Ingress' "konghq.com/methods" annotation instead. |
headers object (keys:string, values:string array) |
Headers contains one or more lists of values indexed by header name that will cause this Route to match if present in the request. The Host header cannot be used with this attribute. Deprecated: use Ingress' "konghq.com/headers" annotation instead. |
protocols KongProtocol array |
Protocols is an array of the protocols this Route should allow. Deprecated: use Ingress' "konghq.com/protocols" annotation instead. |
regex_priority integer |
RegexPriority is a number used to choose which route resolves a given request when several routes match it using regexes simultaneously. Deprecated: use Ingress' "konghq.com/regex-priority" annotation instead. |
strip_path boolean |
StripPath sets When matching a Route via one of the paths strip the matching prefix from the upstream request URL. Deprecated: use Ingress' "konghq.com/strip-path" annotation instead. |
preserve_host boolean |
PreserveHost sets When matching a Route via one of the hosts domain names, use the request Host header in the upstream request headers. If set to false, the upstream Host header will be that of the Service’s host. Deprecated: use Ingress' "konghq.com/preserve-host" annotation instead. |
https_redirect_status_code integer |
HTTPSRedirectStatusCode is the status code Kong responds with when all properties of a Route match except the protocol. Deprecated: use Ingress' "ingress.kubernetes.io/force-ssl-redirect" or "konghq.com/https-redirect-status-code" annotations instead. |
path_handling string |
PathHandling controls how the Service path, Route path and requested path are combined when sending a request to the upstream. Deprecated: use Ingress' "konghq.com/path-handling" annotation instead. |
snis string array |
SNIs is a list of SNIs that match this Route when using stream routing. Deprecated: use Ingress' "konghq.com/snis" annotation instead. |
request_buffering boolean |
RequestBuffering sets whether to enable request body buffering or not. Deprecated: use Ingress' "konghq.com/request-buffering" annotation instead. |
response_buffering boolean |
ResponseBuffering sets whether to enable response body buffering or not. Deprecated: use Ingress' "konghq.com/response-buffering" annotation instead. |
Appears in:
KongIngressService contains KongIngress service configuration. It contains the subset of go-kong.kong.Service fields supported by kongstate.Service.overrideByKongIngress. Deprecated: use Service's annotations instead.
| Field | Description |
|---|---|
protocol string |
The protocol used to communicate with the upstream. Deprecated: use Service's "konghq.com/protocol" annotation instead. |
path string |
(optional) The path to be used in requests to the upstream server. Deprecated: use Service's "konghq.com/path" annotation instead. |
retries integer |
The number of retries to execute upon failure to proxy. Deprecated: use Service's "konghq.com/retries" annotation instead. |
connect_timeout integer |
The timeout in milliseconds for establishing a connection to the upstream server. Deprecated: use Service's "konghq.com/connect-timeout" annotation instead. |
read_timeout integer |
The timeout in milliseconds between two successive read operations for transmitting a request to the upstream server. Deprecated: use Service's "konghq.com/read-timeout" annotation instead. |
write_timeout integer |
The timeout in milliseconds between two successive write operations for transmitting a request to the upstream server. Deprecated: use Service's "konghq.com/write-timeout" annotation instead. |
Appears in:
KongIngressUpstream contains KongIngress upstream configuration.
It contains the subset of go-kong.kong.Upstream fields supported by kongstate.Upstream.overrideByKongIngress.
| Field | Description |
|---|---|
host_header string |
HostHeader is The hostname to be used as Host header when proxying requests through Kong. |
algorithm string |
Algorithm is the load balancing algorithm to use. Accepted values are: "round-robin", "consistent-hashing", "least-connections", "latency". |
slots integer |
Slots is the number of slots in the load balancer algorithm. |
healthchecks Healthcheck |
Healthchecks defines the health check configurations in Kong. |
hash_on string |
HashOn defines what to use as hashing input. Accepted values are: "none", "consumer", "ip", "header", "cookie", "path", "query_arg", "uri_capture". |
hash_fallback string |
HashFallback defines What to use as hashing input if the primary hash_on does not return a hash. Accepted values are: "none", "consumer", "ip", "header", "cookie". |
hash_on_header string |
HashOnHeader defines the header name to take the value from as hash input. Only required when "hash_on" is set to "header". |
hash_fallback_header string |
HashFallbackHeader is the header name to take the value from as hash input. Only required when "hash_fallback" is set to "header". |
hash_on_cookie string |
The cookie name to take the value from as hash input. Only required when "hash_on" or "hash_fallback" is set to "cookie". |
hash_on_cookie_path string |
The cookie path to set in the response headers. Only required when "hash_on" or "hash_fallback" is set to "cookie". |
hash_on_query_arg string |
HashOnQueryArg is the query string parameter whose value is the hash input when "hash_on" is set to "query_arg". |
hash_fallback_query_arg string |
HashFallbackQueryArg is the "hash_fallback" version of HashOnQueryArg. |
hash_on_uri_capture string |
HashOnURICapture is the name of the capture group whose value is the hash input when "hash_on" is set to "uri_capture". |
hash_fallback_uri_capture string |
HashFallbackURICapture is the "hash_fallback" version of HashOnURICapture. |
Appears in:
Underlying type: string
KongProtocol is a valid Kong protocol. This alias is necessary to deal with kubernetes-sigs/controller-tools#342
Appears in:
NamespacedConfigPatch is a JSON patch to add values from secrets to KongClusterPlugin to the generated configuration of plugin in Kong.
| Field | Description |
|---|---|
path string |
Path is the JSON path to add the patch. |
valueFrom NamespacedConfigSource |
ValueFrom is the reference to a key of a secret where the patched value comes from. |
Appears in:
NamespacedConfigSource is a wrapper around NamespacedSecretValueFromSource.
| Field | Description |
|---|---|
secretKeyRef NamespacedSecretValueFromSource |
Specifies a name, a namespace, and a key of a secret to refer to. |
Appears in:
NamespacedSecretValueFromSource represents the source of a secret value specifying the secret namespace.
| Field | Description |
|---|---|
namespace string |
The namespace containing the secret. |
name string |
The secret containing the key. |
key string |
The key containing the value. |
Appears in:
SecretValueFromSource represents the source of a secret value.
| Field | Description |
|---|---|
name string |
The secret containing the key. |
key string |
The key containing the value. |
Appears in:
Package v1alpha1 contains API Schema definitions for the configuration.konghq.com v1alpha1 API group.
- IngressClassParameters
- KongCACertificate
- KongCertificate
- KongCredentialACL
- KongCredentialAPIKey
- KongCredentialBasicAuth
- KongCredentialHMAC
- KongCredentialJWT
- KongCustomEntity
- KongDataPlaneClientCertificate
- KongKey
- KongKeySet
- KongLicense
- KongPluginBinding
- KongRoute
- KongSNI
- KongService
- KongTarget
- KongUpstream
- KongVault
IngressClassParameters is the Schema for the IngressClassParameters API.
| Field | Description |
|---|---|
apiVersion string |
configuration.konghq.com/v1alpha1 |
kind string |
IngressClassParameters |
metadata ObjectMeta |
Refer to Kubernetes API documentation for fields of metadata. |
spec IngressClassParametersSpec |
Spec is the IngressClassParameters specification. |
KongCACertificate is the schema for CACertificate API which defines a Kong CA Certificate.
| Field | Description |
|---|---|
apiVersion string |
configuration.konghq.com/v1alpha1 |
kind string |
KongCACertificate |
metadata ObjectMeta |
Refer to Kubernetes API documentation for fields of metadata. |
spec KongCACertificateSpec |
KongCertificate is the schema for Certificate API which defines a Kong Certificate.
| Field | Description |
|---|---|
apiVersion string |
configuration.konghq.com/v1alpha1 |
kind string |
KongCertificate |
metadata ObjectMeta |
Refer to Kubernetes API documentation for fields of metadata. |
spec KongCertificateSpec |
KongCredentialACL is the schema for ACL credentials API which defines a ACL credential for consumers.
| Field | Description |
|---|---|
apiVersion string |
configuration.konghq.com/v1alpha1 |
kind string |
KongCredentialACL |
metadata ObjectMeta |
Refer to Kubernetes API documentation for fields of metadata. |
spec KongCredentialACLSpec |
Spec contains the ACL credential specification. |
KongCredentialAPIKey is the schema for API key credentials API which defines a API key credential for consumers.
| Field | Description |
|---|---|
apiVersion string |
configuration.konghq.com/v1alpha1 |
kind string |
KongCredentialAPIKey |
metadata ObjectMeta |
Refer to Kubernetes API documentation for fields of metadata. |
spec KongCredentialAPIKeySpec |
Spec contains the API Key credential specification. |
KongCredentialBasicAuth is the schema for BasicAuth credentials API which defines a BasicAuth credential for consumers.
| Field | Description |
|---|---|
apiVersion string |
configuration.konghq.com/v1alpha1 |
kind string |
KongCredentialBasicAuth |
metadata ObjectMeta |
Refer to Kubernetes API documentation for fields of metadata. |
spec KongCredentialBasicAuthSpec |
Spec contains the BasicAuth credential specification. |
KongCredentialHMAC is the schema for HMAC credentials API which defines a HMAC credential for consumers.
| Field | Description |
|---|---|
apiVersion string |
configuration.konghq.com/v1alpha1 |
kind string |
KongCredentialHMAC |
metadata ObjectMeta |
Refer to Kubernetes API documentation for fields of metadata. |
spec KongCredentialHMACSpec |
Spec contains the HMAC credential specification. |
KongCredentialJWT is the schema for JWT credentials API which defines a JWT credential for consumers.
| Field | Description |
|---|---|
apiVersion string |
configuration.konghq.com/v1alpha1 |
kind string |
KongCredentialJWT |
metadata ObjectMeta |
Refer to Kubernetes API documentation for fields of metadata. |
spec KongCredentialJWTSpec |
Spec contains the JWT credential specification. |
KongCustomEntity defines a "custom" Kong entity that KIC cannot support the entity type directly.
| Field | Description |
|---|---|
apiVersion string |
configuration.konghq.com/v1alpha1 |
kind string |
KongCustomEntity |
metadata ObjectMeta |
Refer to Kubernetes API documentation for fields of metadata. |
spec KongCustomEntitySpec |
KongDataPlaneClientCertificate is the schema for KongDataPlaneClientCertificate API which defines a KongDataPlaneClientCertificate entity.
| Field | Description |
|---|---|
apiVersion string |
configuration.konghq.com/v1alpha1 |
kind string |
KongDataPlaneClientCertificate |
metadata ObjectMeta |
Refer to Kubernetes API documentation for fields of metadata. |
spec KongDataPlaneClientCertificateSpec |
KongKey is the schema for KongKey API which defines a KongKey entity.
| Field | Description |
|---|---|
apiVersion string |
configuration.konghq.com/v1alpha1 |
kind string |
KongKey |
metadata ObjectMeta |
Refer to Kubernetes API documentation for fields of metadata. |
spec KongKeySpec |
KongKeySet is the schema for KongKeySet API which defines a KongKeySet entity.
| Field | Description |
|---|---|
apiVersion string |
configuration.konghq.com/v1alpha1 |
kind string |
KongKeySet |
metadata ObjectMeta |
Refer to Kubernetes API documentation for fields of metadata. |
spec KongKeySetSpec |
KongLicense stores a Kong enterprise license to apply to managed Kong gateway instances.
| Field | Description |
|---|---|
apiVersion string |
configuration.konghq.com/v1alpha1 |
kind string |
KongLicense |
metadata ObjectMeta |
Refer to Kubernetes API documentation for fields of metadata. |
rawLicenseString string |
RawLicenseString is a string with the raw content of the license. |
enabled boolean |
Enabled is set to true to let controllers (like KIC or KGO) to reconcile it. Default value is true to apply the license by default. |
KongPluginBinding is the schema for Plugin Bindings API which defines a Kong Plugin Binding.
| Field | Description |
|---|---|
apiVersion string |
configuration.konghq.com/v1alpha1 |
kind string |
KongPluginBinding |
metadata ObjectMeta |
Refer to Kubernetes API documentation for fields of metadata. |
spec KongPluginBindingSpec |
KongRoute is the schema for Routes API which defines a Kong Route.
| Field | Description |
|---|---|
apiVersion string |
configuration.konghq.com/v1alpha1 |
kind string |
KongRoute |
metadata ObjectMeta |
Refer to Kubernetes API documentation for fields of metadata. |
spec KongRouteSpec |
KongSNI is the schema for SNI API which defines a Kong SNI.
| Field | Description |
|---|---|
apiVersion string |
configuration.konghq.com/v1alpha1 |
kind string |
KongSNI |
metadata ObjectMeta |
Refer to Kubernetes API documentation for fields of metadata. |
spec KongSNISpec |
KongService is the schema for Services API which defines a Kong Service.
| Field | Description |
|---|---|
apiVersion string |
configuration.konghq.com/v1alpha1 |
kind string |
KongService |
metadata ObjectMeta |
Refer to Kubernetes API documentation for fields of metadata. |
spec KongServiceSpec |
KongTarget is the schema for Target API which defines a Kong Target attached to a Kong Upstream.
| Field | Description |
|---|---|
apiVersion string |
configuration.konghq.com/v1alpha1 |
kind string |
KongTarget |
metadata ObjectMeta |
Refer to Kubernetes API documentation for fields of metadata. |
spec KongTargetSpec |
KongUpstream is the schema for Upstream API which defines a Kong Upstream.
| Field | Description |
|---|---|
apiVersion string |
configuration.konghq.com/v1alpha1 |
kind string |
KongUpstream |
metadata ObjectMeta |
Refer to Kubernetes API documentation for fields of metadata. |
spec KongUpstreamSpec |
KongVault is the schema for kongvaults API which defines a custom Kong vault. A Kong vault is a storage to store sensitive data, where the values can be referenced in configuration of plugins. See: https://docs.konghq.com/gateway/latest/kong-enterprise/secrets-management/
| Field | Description |
|---|---|
apiVersion string |
configuration.konghq.com/v1alpha1 |
kind string |
KongVault |
metadata ObjectMeta |
Refer to Kubernetes API documentation for fields of metadata. |
spec KongVaultSpec |
In this section you will find types that the CRDs rely on.
ControlPlaneRef is the schema for the ControlPlaneRef type. It is used to reference a Control Plane entity.
| Field | Description |
|---|---|
type string |
Type indicates the type of the control plane being referenced. Allowed values: - konnectID - konnectNamespacedRef - kic The default is kic, which implies that the Control Plane is KIC. |
konnectID string |
KonnectID is the schema for the KonnectID type. This field is required when the Type is konnectID. |
konnectNamespacedRef KonnectNamespacedRef |
KonnectNamespacedRef is a reference to a Konnect Control Plane entity inside the cluster. It contains the name of the Konnect Control Plane. This field is required when the Type is konnectNamespacedRef. |
Appears in:
- KongCACertificateSpec
- KongCertificateSpec
- KongConsumerGroupSpec
- KongConsumerSpec
- KongDataPlaneClientCertificateSpec
- KongKeySetSpec
- KongKeySpec
- KongPluginBindingSpec
- KongRouteSpec
- KongServiceSpec
- KongUpstreamSpec
- KongVaultSpec
ControllerReference is a reference to a controller that reconciles the KongLicense.
| Field | Description |
|---|---|
group Group |
Group is the group of referent. It should be empty if the referent is in "core" group (like pod). |
kind Kind |
Kind is the kind of the referent. By default the nil kind means kind Pod. |
namespace Namespace |
Namespace is the namespace of the referent. It should be empty if the referent is cluster scoped. |
name ObjectName |
Name is the name of the referent. |
Appears in:
Underlying type: string
Group refers to a Kubernetes Group. It must either be an empty string or a RFC 1123 subdomain.
Appears in:
IngressClassParametersSpec defines the desired state of IngressClassParameters.
| Field | Description |
|---|---|
serviceUpstream boolean |
Offload load-balancing to kube-proxy or sidecar. |
enableLegacyRegexDetection boolean |
EnableLegacyRegexDetection automatically detects if ImplementationSpecific Ingress paths are regular expression paths using the legacy 2.x heuristic. The controller adds the "~" prefix to those paths if the Kong version is 3.0 or higher. |
Appears in:
KeySetNamespacedRef is the schema for the KeySetNamespacedRef type.
| Field | Description |
|---|---|
name string |
Name is the name of the KeySet object. |
Appears in:
KeySetRef is the schema for the KeySetRef type. It is used to reference a KeySet entity.
| Field | Description |
|---|---|
type KeySetRefType |
Type defines type of the KeySet object reference. It can be one of: - konnectID - namespacedRef |
konnectID string |
KonnectID is the schema for the KonnectID type. This field is required when the Type is konnectID. |
namespacedRef KeySetNamespacedRef |
NamespacedRef is a reference to a KeySet entity inside the cluster. This field is required when the Type is namespacedRef. |
Appears in:
Underlying type: string
KeySetRefType is the enum type for the KeySetRef.
Appears in:
Underlying type: string
Kind refers to a Kubernetes kind.
Appears in:
KongCACertificateAPISpec contains the API specification for the KongCACertificate.
| Field | Description |
|---|---|
cert string |
Cert is the PEM-encoded CA certificate. |
tags Tags |
Tags is an optional set of tags applied to the certificate. |
Appears in:
KongCACertificateSpec contains the specification for the KongCACertificate.
| Field | Description |
|---|---|
controlPlaneRef ControlPlaneRef |
ControlPlaneRef references the Konnect Control Plane that this KongCACertificate should be created in. |
cert string |
Cert is the PEM-encoded CA certificate. |
tags Tags |
Tags is an optional set of tags applied to the certificate. |
Appears in:
KongCertificateAPISpec contains the API specification for the KongCertificate.
| Field | Description |
|---|---|
cert string |
Cert is the PEM-encoded certificate. |
cert_alt string |
CertAlt is the PEM-encoded certificate. This should only be set if you have both RSA and ECDSA types of certificate available and would like Kong to prefer serving using ECDSA certs when client advertises support for it. |
key string |
Key is the PEM-encoded private key. |
key_alt string |
KeyAlt is the PEM-encoded private key. This should only be set if you have both RSA and ECDSA types of certificate available and would like Kong to prefer serving using ECDSA certs when client advertises support for it. |
tags Tags |
Tags is an optional set of tags applied to the certificate. |
Appears in:
KongCertificateSpec contains the specification for the KongCertificate.
| Field | Description |
|---|---|
controlPlaneRef ControlPlaneRef |
ControlPlaneRef references the Konnect Control Plane that this KongCertificate should be created in. |
cert string |
Cert is the PEM-encoded certificate. |
cert_alt string |
CertAlt is the PEM-encoded certificate. This should only be set if you have both RSA and ECDSA types of certificate available and would like Kong to prefer serving using ECDSA certs when client advertises support for it. |
key string |
Key is the PEM-encoded private key. |
key_alt string |
KeyAlt is the PEM-encoded private key. This should only be set if you have both RSA and ECDSA types of certificate available and would like Kong to prefer serving using ECDSA certs when client advertises support for it. |
tags Tags |
Tags is an optional set of tags applied to the certificate. |
Appears in:
KongCredentialACLAPISpec defines specification of an ACL credential.
| Field | Description |
|---|---|
group string |
Group is the name for the ACL credential. |
tags Tags |
Tags is a list of tags for the ACL credential. |
Appears in:
KongCredentialACLSpec defines specification of Kong ACL.
| Field | Description |
|---|---|
consumerRef LocalObjectReference |
ConsumerRef is a reference to a Consumer this KongCredentialACL is associated with. |
group string |
Group is the name for the ACL credential. |
tags Tags |
Tags is a list of tags for the ACL credential. |
Appears in:
KongCredentialAPIKeyAPISpec defines specification of an API Key credential.
| Field | Description |
|---|---|
key string |
Key is the key for the API Key credential. |
tags Tags |
Tags is a list of tags for the API Key credential. |
Appears in:
KongCredentialAPIKeySpec defines specification of a Kong Route.
| Field | Description |
|---|---|
consumerRef LocalObjectReference |
ConsumerRef is a reference to a Consumer this KongCredentialAPIKey is associated with. |
key string |
Key is the key for the API Key credential. |
tags Tags |
Tags is a list of tags for the API Key credential. |
Appears in:
KongCredentialBasicAuthAPISpec defines specification of a BasicAuth credential.
| Field | Description |
|---|---|
password string |
Password is the password for the BasicAuth credential. |
tags Tags |
Tags is a list of tags for the BasicAuth credential. |
username string |
Username is the username for the BasicAuth credential. |
Appears in:
KongCredentialBasicAuthSpec defines specification of a Kong Route.
| Field | Description |
|---|---|
consumerRef LocalObjectReference |
ConsumerRef is a reference to a Consumer this CredentialBasicAuth is associated with. |
password string |
Password is the password for the BasicAuth credential. |
tags Tags |
Tags is a list of tags for the BasicAuth credential. |
username string |
Username is the username for the BasicAuth credential. |
Appears in:
KongCredentialHMACAPISpec defines specification of an HMAC credential.
| Field | Description |
|---|---|
id string |
ID is the unique identifier for the HMAC credential. |
secret string |
Secret is the secret for the HMAC credential. |
tags Tags |
Tags is a list of tags for the HMAC credential. |
username string |
Username is the username for the HMAC credential. |
Appears in:
KongCredentialHMACSpec defines specification of a Kong Route.
| Field | Description |
|---|---|
consumerRef LocalObjectReference |
ConsumerRef is a reference to a Consumer this KongCredentialHMAC is associated with. |
id string |
ID is the unique identifier for the HMAC credential. |
secret string |
Secret is the secret for the HMAC credential. |
tags Tags |
Tags is a list of tags for the HMAC credential. |
username string |
Username is the username for the HMAC credential. |
Appears in:
KongCredentialJWTAPISpec defines specification of an JWT credential.
| Field | Description |
|---|---|
algorithm string |
Algorithm is the algorithm used to sign the JWT token. |
id string |
ID is the unique identifier for the JWT credential. |
key string |
Key is the key for the JWT credential. |
rsa_public_key string |
RSA PublicKey is the RSA public key for the JWT credential. |
secret string |
Secret is the secret for the JWT credential. |
tags Tags |
Tags is a list of tags for the JWT credential. |
Appears in:
KongCredentialJWTSpec defines specification of a Kong Route.
| Field | Description |
|---|---|
consumerRef LocalObjectReference |
ConsumerRef is a reference to a Consumer this KongCredentialJWT is associated with. |
algorithm string |
Algorithm is the algorithm used to sign the JWT token. |
id string |
ID is the unique identifier for the JWT credential. |
key string |
Key is the key for the JWT credential. |
rsa_public_key string |
RSA PublicKey is the RSA public key for the JWT credential. |
secret string |
Secret is the secret for the JWT credential. |
tags Tags |
Tags is a list of tags for the JWT credential. |
Appears in:
KongCustomEntitySpec defines the specification of the KongCustomEntity.
| Field | Description |
|---|---|
type string |
EntityType is the type of the Kong entity. The type is used in generating declarative configuration. |
fields JSON |
Fields defines the fields of the Kong entity itself. |
controllerName string |
ControllerName specifies the controller that should reconcile it, like ingress class. |
parentRef ObjectReference |
ParentRef references the kubernetes resource it attached to when its scope is "attached". Currently only KongPlugin/KongClusterPlugin allowed. This will make the custom entity to be attached to the entity(service/route/consumer) where the plugin is attached. |
Appears in:
KongDataPlaneClientCertificateAPISpec defines the attributes of a Kong DP certificate.
| Field | Description |
|---|---|
cert string |
Cert is the certificate in PEM format. Once the certificate gets programmed this field becomes immutable. |
Appears in:
KongDataPlaneClientCertificateSpec defines the spec for a KongDataPlaneClientCertificate.
| Field | Description |
|---|---|
controlPlaneRef ControlPlaneRef |
ControlPlaneRef is a reference to a Konnect ControlPlane this KongDataPlaneClientCertificate is associated with. |
cert string |
Cert is the certificate in PEM format. Once the certificate gets programmed this field becomes immutable. |
Appears in:
KongKeyAPISpec defines the attributes of a Kong Key.
| Field | Description |
|---|---|
kid string |
KID is a unique identifier for a key. When JWK is provided, KID has to match the KID in the JWK. |
name string |
Name is an optional name to associate with the given key. |
jwk string |
JWK is a JSON Web Key represented as a string. The JWK must contain a KID field that matches the KID in the KongKey. Either JWK or PEM must be set. |
pem PEMKeyPair |
PEM is a keypair in PEM format. Either JWK or PEM must be set. |
tags Tags |
Tags is an optional set of strings associated with the Key for grouping and filtering. |
Appears in:
KongKeySetAPISpec defines the attributes of a Kong KeySet.
| Field | Description |
|---|---|
name string |
Name is a name of the KeySet. |
tags Tags |
Tags is an optional set of strings associated with the KeySet for grouping and filtering. |
Appears in:
KongKeySetSpec defines the spec for a KongKeySet.
| Field | Description |
|---|---|
controlPlaneRef ControlPlaneRef |
ControlPlaneRef is a reference to a Konnect ControlPlane with which KongKeySet is associated. |
name string |
Name is a name of the KeySet. |
tags Tags |
Tags is an optional set of strings associated with the KeySet for grouping and filtering. |
Appears in:
KongKeySpec defines the spec for a KongKey.
| Field | Description |
|---|---|
controlPlaneRef ControlPlaneRef |
ControlPlaneRef is a reference to a Konnect ControlPlane this KongKey is associated with. |
keySetRef KeySetRef |
KeySetRef is a reference to a KongKeySet this KongKey is attached to. ControlPlane referenced by a KongKeySet must be the same as the ControlPlane referenced by the KongKey. |
kid string |
KID is a unique identifier for a key. When JWK is provided, KID has to match the KID in the JWK. |
name string |
Name is an optional name to associate with the given key. |
jwk string |
JWK is a JSON Web Key represented as a string. The JWK must contain a KID field that matches the KID in the KongKey. Either JWK or PEM must be set. |
pem PEMKeyPair |
PEM is a keypair in PEM format. Either JWK or PEM must be set. |
tags Tags |
Tags is an optional set of strings associated with the Key for grouping and filtering. |
Appears in:
KongLicenseControllerStatus is the status of owning KongLicense being processed identified by the controllerName field.
| Field | Description |
|---|---|
controllerName string |
ControllerName is an identifier of the controller to reconcile this KongLicense. Should be unique in the list of controller statuses. |
controllerRef ControllerReference |
ControllerRef is the reference of the controller to reconcile this KongLicense. It is usually the name of (KIC/KGO) pod that reconciles it. |
conditions Condition array |
Conditions describe the current conditions of the KongLicense on the controller. |
Appears in:
KongObjectRef is a reference to another object representing a Kong entity with deterministic type.
| Field | Description |
|---|---|
name string |
Name is the name of the entity. |
Appears in:
Underlying type: string
KongPluginBindingScope defines the scope of the plugin binding. Allowed values are:
- OnlyTargets
- GlobalInControlPlane
Appears in:
KongPluginBindingSpec defines specification of a KongPluginBinding.
| Field | Description |
|---|---|
pluginRef PluginRef |
PluginReference is a reference to the KongPlugin or KongClusterPlugin resource. |
targets KongPluginBindingTargets |
Targets contains the targets references. It is possible to set multiple combinations of references, as described in https://docs.konghq.com/gateway/latest/key-concepts/plugins/#precedence The complete set of allowed combinations and their order of precedence for plugins configured to multiple entities is: 1. Consumer + route + service 2. Consumer group + service + route 3. Consumer + route 4. Consumer + service 5. Consumer group + route 6. Consumer group + service 7. Route + service 8. Consumer 9. Consumer group 10. Route 11. Service |
controlPlaneRef ControlPlaneRef |
ControlPlaneRef is a reference to a ControlPlane this KongPluginBinding is associated with. |
scope KongPluginBindingScope |
Scope defines the scope of the plugin binding. |
Appears in:
KongPluginBindingTargets contains the targets references.
| Field | Description |
|---|---|
routeRef TargetRefWithGroupKind |
RouteReference can be used to reference one of the following resouces: - networking.k8s.io/Ingress - gateway.networking.k8s.io/HTTPRoute - gateway.networking.k8s.io/GRPCRoute - configuration.konghq.com/KongRoute |
serviceRef TargetRefWithGroupKind |
ServiceReference can be used to reference one of the following resouces: - core/Service or /Service - configuration.konghq.com/KongService |
consumerRef TargetRef |
ConsumerReference is used to reference a configuration.konghq.com/Consumer resource. The group/kind is fixed, therefore the reference is performed only by name. |
consumerGroupRef TargetRef |
ConsumerGroupReference is used to reference a configuration.konghq.com/ConsumerGroup resource. The group/kind is fixed, therefore the reference is performed only by name. |
Appears in:
KongRouteAPISpec represents the configuration of a Route in Kong as defined by the Konnect API.
These fields are mostly copied from sdk-konnect-go but some modifications have been made
to make the code generation required for Kubernetes CRDs work.
| Field | Description |
|---|---|
destinations Destinations array |
A list of IP destinations of incoming connections that match this Route when using stream routing. Each entry is an object with fields "ip" (optionally in CIDR range notation) and/or "port". |
headers object (keys:string, values:string array) |
One or more lists of values indexed by header name that will cause this Route to match if present in the request. The Host header cannot be used with this attribute: hosts should be specified using the hosts attribute. When headers contains only one value and that value starts with the special prefix ~*, the value is interpreted as a regular expression. |
hosts string array |
A list of domain names that match this Route. Note that the hosts value is case sensitive. |
https_redirect_status_code HTTPSRedirectStatusCode |
The status code Kong responds with when all properties of a Route match except the protocol i.e. if the protocol of the request is HTTP instead of HTTPS. Location header is injected by Kong if the field is set to 301, 302, 307 or 308. Note: This config applies only if the Route is configured to only accept the https protocol. |
methods string array |
A list of HTTP methods that match this Route. |
name string |
The name of the Route. Route names must be unique, and they are case sensitive. For example, there can be two different Routes named "test" and "Test". |
path_handling PathHandling |
Controls how the Service path, Route path and requested path are combined when sending a request to the upstream. See above for a detailed description of each behavior. |
paths string array |
A list of paths that match this Route. |
preserve_host boolean |
When matching a Route via one of the hosts domain names, use the request Host header in the upstream request headers. If set to false, the upstream Host header will be that of the Service's host. |
protocols RouteProtocols array |
An array of the protocols this Route should allow. See KongRoute for a list of accepted protocols. When set to only "https", HTTP requests are answered with an upgrade error. When set to only "http", HTTPS requests are answered with an error. |
regex_priority integer |
A number used to choose which route resolves a given request when several routes match it using regexes simultaneously. When two routes match the path and have the same regex_priority, the older one (lowest created_at) is used. Note that the priority for non-regex routes is different (longer non-regex routes are matched before shorter ones). |
request_buffering boolean |
Whether to enable request body buffering or not. With HTTP 1.1, it may make sense to turn this off on services that receive data with chunked transfer encoding. |
response_buffering boolean |
Whether to enable response body buffering or not. With HTTP 1.1, it may make sense to turn this off on services that send data with chunked transfer encoding. |
snis string array |
A list of SNIs that match this Route when using stream routing. |
sources Sources array |
A list of IP sources of incoming connections that match this Route when using stream routing. Each entry is an object with fields "ip" (optionally in CIDR range notation) and/or "port". |
strip_path boolean |
When matching a Route via one of the paths, strip the matching prefix from the upstream request URL. |
tags Tags |
An optional set of strings associated with the Route for grouping and filtering. |
Appears in:
KongRouteSpec defines spec of a Kong Route.
| Field | Description |
|---|---|
controlPlaneRef ControlPlaneRef |
ControlPlaneRef is a reference to a ControlPlane this KongRoute is associated with. Route can either specify a ControlPlaneRef and be 'serviceless' route or specify a ServiceRef and be associated with a Service. |
serviceRef ServiceRef |
ServiceRef is a reference to a Service this KongRoute is associated with. Route can either specify a ControlPlaneRef and be 'serviceless' route or specify a ServiceRef and be associated with a Service. |
destinations Destinations array |
A list of IP destinations of incoming connections that match this Route when using stream routing. Each entry is an object with fields "ip" (optionally in CIDR range notation) and/or "port". |
headers object (keys:string, values:string array) |
One or more lists of values indexed by header name that will cause this Route to match if present in the request. The Host header cannot be used with this attribute: hosts should be specified using the hosts attribute. When headers contains only one value and that value starts with the special prefix ~*, the value is interpreted as a regular expression. |
hosts string array |
A list of domain names that match this Route. Note that the hosts value is case sensitive. |
https_redirect_status_code HTTPSRedirectStatusCode |
The status code Kong responds with when all properties of a Route match except the protocol i.e. if the protocol of the request is HTTP instead of HTTPS. Location header is injected by Kong if the field is set to 301, 302, 307 or 308. Note: This config applies only if the Route is configured to only accept the https protocol. |
methods string array |
A list of HTTP methods that match this Route. |
name string |
The name of the Route. Route names must be unique, and they are case sensitive. For example, there can be two different Routes named "test" and "Test". |
path_handling PathHandling |
Controls how the Service path, Route path and requested path are combined when sending a request to the upstream. See above for a detailed description of each behavior. |
paths string array |
A list of paths that match this Route. |
preserve_host boolean |
When matching a Route via one of the hosts domain names, use the request Host header in the upstream request headers. If set to false, the upstream Host header will be that of the Service's host. |
protocols RouteProtocols array |
An array of the protocols this Route should allow. See KongRoute for a list of accepted protocols. When set to only "https", HTTP requests are answered with an upgrade error. When set to only "http", HTTPS requests are answered with an error. |
regex_priority integer |
A number used to choose which route resolves a given request when several routes match it using regexes simultaneously. When two routes match the path and have the same regex_priority, the older one (lowest created_at) is used. Note that the priority for non-regex routes is different (longer non-regex routes are matched before shorter ones). |
request_buffering boolean |
Whether to enable request body buffering or not. With HTTP 1.1, it may make sense to turn this off on services that receive data with chunked transfer encoding. |
response_buffering boolean |
Whether to enable response body buffering or not. With HTTP 1.1, it may make sense to turn this off on services that send data with chunked transfer encoding. |
snis string array |
A list of SNIs that match this Route when using stream routing. |
sources Sources array |
A list of IP sources of incoming connections that match this Route when using stream routing. Each entry is an object with fields "ip" (optionally in CIDR range notation) and/or "port". |
strip_path boolean |
When matching a Route via one of the paths, strip the matching prefix from the upstream request URL. |
tags Tags |
An optional set of strings associated with the Route for grouping and filtering. |
Appears in:
KongSNIAPISpec defines the spec of an SNI.
| Field | Description |
|---|---|
name string |
Name is the name of the SNI. Required and must be a host or wildcard host. |
tags Tags |
Tags is an optional set of strings associated with the SNI for grouping and filtering. |
Appears in:
KongSNISpec defines specification of a Kong SNI.
| Field | Description |
|---|---|
certificateRef KongObjectRef |
CertificateRef is the reference to the certificate to which the KongSNI is attached. |
name string |
Name is the name of the SNI. Required and must be a host or wildcard host. |
tags Tags |
Tags is an optional set of strings associated with the SNI for grouping and filtering. |
Appears in:
KongServiceAPISpec defines the specification of a Kong Service.
| Field | Description |
|---|---|
url string |
Helper field to set protocol, host, port and path using a URL. This field is write-only and is not returned in responses. |
connect_timeout integer |
The timeout in milliseconds for establishing a connection to the upstream server. |
enabled boolean |
Whether the Service is active. If set to false, the proxy behavior will be as if any routes attached to it do not exist (404). Default: true. |
host string |
The host of the upstream server. Note that the host value is case sensitive. |
name string |
The Service name. |
path string |
The path to be used in requests to the upstream server. |
port integer |
The upstream server port. |
protocol Protocol |
The protocol used to communicate with the upstream. |
read_timeout integer |
The timeout in milliseconds between two successive read operations for transmitting a request to the upstream server. |
retries integer |
The number of retries to execute upon failure to proxy. |
tags Tags |
An optional set of strings associated with the Service for grouping and filtering. |
tls_verify boolean |
Whether to enable verification of upstream server TLS certificate. If set to null, then the Nginx default is respected. |
tls_verify_depth integer |
Maximum depth of chain while verifying Upstream server's TLS certificate. If set to null, then the Nginx default is respected. |
write_timeout integer |
The timeout in milliseconds between two successive write operations for transmitting a request to the upstream server. |
Appears in:
KongServiceSpec defines specification of a Kong Service.
| Field | Description |
|---|---|
controlPlaneRef ControlPlaneRef |
ControlPlaneRef is a reference to a ControlPlane this KongService is associated with. |
url string |
Helper field to set protocol, host, port and path using a URL. This field is write-only and is not returned in responses. |
connect_timeout integer |
The timeout in milliseconds for establishing a connection to the upstream server. |
enabled boolean |
Whether the Service is active. If set to false, the proxy behavior will be as if any routes attached to it do not exist (404). Default: true. |
host string |
The host of the upstream server. Note that the host value is case sensitive. |
name string |
The Service name. |
path string |
The path to be used in requests to the upstream server. |
port integer |
The upstream server port. |
protocol Protocol |
The protocol used to communicate with the upstream. |
read_timeout integer |
The timeout in milliseconds between two successive read operations for transmitting a request to the upstream server. |
retries integer |
The number of retries to execute upon failure to proxy. |
tags Tags |
An optional set of strings associated with the Service for grouping and filtering. |
tls_verify boolean |
Whether to enable verification of upstream server TLS certificate. If set to null, then the Nginx default is respected. |
tls_verify_depth integer |
Maximum depth of chain while verifying Upstream server's TLS certificate. If set to null, then the Nginx default is respected. |
write_timeout integer |
The timeout in milliseconds between two successive write operations for transmitting a request to the upstream server. |
Appears in:
KongTargetAPISpec are the attributes of the Kong Target itself.
| Field | Description |
|---|---|
target string |
Target is the target address of the upstream. |
weight integer |
Weight is the weight this target gets within the upstream loadbalancer. |
tags Tags |
Tags is an optional set of strings associated with the Target for grouping and filtering. |
Appears in:
KongTargetSpec defines the spec of KongTarget.
| Field | Description |
|---|---|
upstreamRef TargetRef |
UpstreamRef is a reference to a KongUpstream this KongTarget is attached to. |
target string |
Target is the target address of the upstream. |
weight integer |
Weight is the weight this target gets within the upstream loadbalancer. |
tags Tags |
Tags is an optional set of strings associated with the Target for grouping and filtering. |
Appears in:
KongUpstreamAPISpec defines specification of a Kong Upstream.
| Field | Description |
|---|---|
algorithm UpstreamAlgorithm |
Which load balancing algorithm to use. |
client_certificate UpstreamClientCertificate |
If set, the certificate to be used as client certificate while TLS handshaking to the upstream server. |
hash_fallback HashFallback |
What to use as hashing input if the primary hash_on does not return a hash (eg. header is missing, or no Consumer identified). Not available if hash_on is set to cookie. |
hash_fallback_header string |
The header name to take the value from as hash input. Only required when hash_fallback is set to header. |
hash_fallback_query_arg string |
The name of the query string argument to take the value from as hash input. Only required when hash_fallback is set to query_arg. |
hash_fallback_uri_capture string |
The name of the route URI capture to take the value from as hash input. Only required when hash_fallback is set to uri_capture. |
hash_on HashOn |
What to use as hashing input. Using none results in a weighted-round-robin scheme with no hashing. |
hash_on_cookie string |
The cookie name to take the value from as hash input. Only required when hash_on or hash_fallback is set to cookie. If the specified cookie is not in the request, Kong will generate a value and set the cookie in the response. |
hash_on_cookie_path string |
The cookie path to set in the response headers. Only required when hash_on or hash_fallback is set to cookie. |
hash_on_header string |
The header name to take the value from as hash input. Only required when hash_on is set to header. |
hash_on_query_arg string |
The name of the query string argument to take the value from as hash input. Only required when hash_on is set to query_arg. |
hash_on_uri_capture string |
The name of the route URI capture to take the value from as hash input. Only required when hash_on is set to uri_capture. |
healthchecks Healthchecks |
|
host_header string |
The hostname to be used as Host header when proxying requests through Kong. |
name string |
This is a hostname, which must be equal to the host of a Service. |
slots integer |
The number of slots in the load balancer algorithm. If algorithm is set to round-robin, this setting determines the maximum number of slots. If algorithm is set to consistent-hashing, this setting determines the actual number of slots in the algorithm. Accepts an integer in the range 10-65536. |
tags Tags |
An optional set of strings associated with the Upstream for grouping and filtering. |
use_srv_name boolean |
If set, the balancer will use SRV hostname(if DNS Answer has SRV record) as the proxy upstream Host. |
Appears in:
KongUpstreamSpec defines the spec of Kong Upstream.
| Field | Description |
|---|---|
controlPlaneRef ControlPlaneRef |
ControlPlaneRef is a reference to a ControlPlane this KongUpstream is associated with. |
algorithm UpstreamAlgorithm |
Which load balancing algorithm to use. |
client_certificate UpstreamClientCertificate |
If set, the certificate to be used as client certificate while TLS handshaking to the upstream server. |
hash_fallback HashFallback |
What to use as hashing input if the primary hash_on does not return a hash (eg. header is missing, or no Consumer identified). Not available if hash_on is set to cookie. |
hash_fallback_header string |
The header name to take the value from as hash input. Only required when hash_fallback is set to header. |
hash_fallback_query_arg string |
The name of the query string argument to take the value from as hash input. Only required when hash_fallback is set to query_arg. |
hash_fallback_uri_capture string |
The name of the route URI capture to take the value from as hash input. Only required when hash_fallback is set to uri_capture. |
hash_on HashOn |
What to use as hashing input. Using none results in a weighted-round-robin scheme with no hashing. |
hash_on_cookie string |
The cookie name to take the value from as hash input. Only required when hash_on or hash_fallback is set to cookie. If the specified cookie is not in the request, Kong will generate a value and set the cookie in the response. |
hash_on_cookie_path string |
The cookie path to set in the response headers. Only required when hash_on or hash_fallback is set to cookie. |
hash_on_header string |
The header name to take the value from as hash input. Only required when hash_on is set to header. |
hash_on_query_arg string |
The name of the query string argument to take the value from as hash input. Only required when hash_on is set to query_arg. |
hash_on_uri_capture string |
The name of the route URI capture to take the value from as hash input. Only required when hash_on is set to uri_capture. |
healthchecks Healthchecks |
|
host_header string |
The hostname to be used as Host header when proxying requests through Kong. |
name string |
This is a hostname, which must be equal to the host of a Service. |
slots integer |
The number of slots in the load balancer algorithm. If algorithm is set to round-robin, this setting determines the maximum number of slots. If algorithm is set to consistent-hashing, this setting determines the actual number of slots in the algorithm. Accepts an integer in the range 10-65536. |
tags Tags |
An optional set of strings associated with the Upstream for grouping and filtering. |
use_srv_name boolean |
If set, the balancer will use SRV hostname(if DNS Answer has SRV record) as the proxy upstream Host. |
Appears in:
KongVaultSpec defines specification of a custom Kong vault.
| Field | Description |
|---|---|
backend string |
Backend is the type of the backend storing the secrets in the vault. The supported backends of Kong is listed here: https://docs.konghq.com/gateway/latest/kong-enterprise/secrets-management/backends/ |
prefix string |
Prefix is the prefix of vault URI for referencing values in the vault. It is immutable after created. |
description string |
Description is the additional information about the vault. |
config JSON |
Config is the configuration of the vault. Varies for different backends. |
tags Tags |
Tags are the tags associated to the vault for grouping and filtering. |
controlPlaneRef ControlPlaneRef |
ControlPlaneRef is a reference to a Konnect ControlPlane this KongVault is associated with. |
Appears in:
KonnectNamespacedRef is the schema for the KonnectNamespacedRef type.
| Field | Description |
|---|---|
name string |
Name is the name of the Konnect Control Plane. |
namespace string |
Namespace is the namespace where the Konnect Control Plane is in. Currently only cluster scoped resources (KongVault) are allowed to set konnectNamespacedRef.namespace. |
Appears in:
Underlying type: string
Namespace refers to a Kubernetes namespace. It must be a RFC 1123 label.
Appears in:
Underlying type: string
ObjectName refers to the name of a Kubernetes object. Object names can have a variety of forms, including RFC1123 subdomains, RFC 1123 labels, or RFC 1035 labels.
Appears in:
ObjectReference defines reference of a kubernetes object.
| Field | Description |
|---|---|
group string |
Group defines the API group of the referred object. |
kind string |
Kind defines the kind of the referred object. |
namespace string |
Empty namespace means the same namespace of the owning object. |
name string |
Name defines the name of the referred object. |
Appears in:
PEMKeyPair defines a keypair in PEM format.
| Field | Description |
|---|---|
private_key string |
The private key in PEM format. |
public_key string |
The public key in PEM format. |
Appears in:
PluginRef is a reference to a KongPlugin or KongClusterPlugin resource.
| Field | Description |
|---|---|
name string |
Name is the name of the KongPlugin or KongClusterPlugin resource. |
kind string |
Kind can be KongPlugin or KongClusterPlugin. If not set, it is assumed to be KongPlugin. |
Appears in:
ServiceRef is a reference to a KongService.
| Field | Description |
|---|---|
type string |
Type can be one of: - namespacedRef |
namespacedRef KongObjectRef |
NamespacedRef is a reference to a KongService. |
Appears in:
TargetRef is a reference based on the object's name.
| Field | Description |
|---|---|
name string |
Name is the name of the entity. |
Appears in:
TargetRefWithGroupKind is a reference based on the object's group, kind, and name.
| Field | Description |
|---|---|
name string |
Name is the name of the entity. |
kind string |
|
group string |
Appears in:
Package v1beta1 contains API Schema definitions for the configuration.konghq.com v1beta1 API group.
KongConsumerGroup is the Schema for the kongconsumergroups API.
| Field | Description |
|---|---|
apiVersion string |
configuration.konghq.com/v1beta1 |
kind string |
KongConsumerGroup |
metadata ObjectMeta |
Refer to Kubernetes API documentation for fields of metadata. |
spec KongConsumerGroupSpec |
KongUpstreamPolicy allows configuring algorithm that should be used for load balancing traffic between Kong
Upstream's Targets. It also allows configuring health checks for Kong Upstream's Targets.
Its configuration is similar to Kong Upstream object (https://docs.konghq.com/gateway/latest/admin-api/#upstream-object),
and it is applied to Kong Upstream objects created by the controller.
It can be attached to Services. To attach it to a Service, it has to be annotated with
konghq.com/upstream-policy: <name>, where <name> is the name of the KongUpstreamPolicy
object in the same namespace as the Service.
When attached to a Service, it will affect all Kong Upstreams created for the Service.
When attached to a Service used in a Gateway API *Route rule with multiple BackendRefs, all of its Services MUST
be configured with the same KongUpstreamPolicy. Otherwise, the controller will ignore the KongUpstreamPolicy.
Note: KongUpstreamPolicy doesn't implement Gateway API's GEP-713 strictly.
In particular, it doesn't use the TargetRef for attaching to Services and Gateway API *Routes - annotations are
used instead. This is to allow reusing the same KongUpstreamPolicy for multiple Services and Gateway API *Routes.
| Field | Description |
|---|---|
apiVersion string |
configuration.konghq.com/v1beta1 |
kind string |
KongUpstreamPolicy |
metadata ObjectMeta |
Refer to Kubernetes API documentation for fields of metadata. |
spec KongUpstreamPolicySpec |
Spec contains the configuration of the Kong upstream. |
TCPIngress is the Schema for the tcpingresses API.
| Field | Description |
|---|---|
apiVersion string |
configuration.konghq.com/v1beta1 |
kind string |
TCPIngress |
metadata ObjectMeta |
Refer to Kubernetes API documentation for fields of metadata. |
spec TCPIngressSpec |
Spec is the TCPIngress specification. |
UDPIngress is the Schema for the udpingresses API.
| Field | Description |
|---|---|
apiVersion string |
configuration.konghq.com/v1beta1 |
kind string |
UDPIngress |
metadata ObjectMeta |
Refer to Kubernetes API documentation for fields of metadata. |
spec UDPIngressSpec |
Spec is the UDPIngress specification. |
In this section you will find types that the CRDs rely on.
Underlying type: integer
HTTPStatus is an HTTP status code.
Appears in:
Underlying type: string
HashInput is the input for consistent-hashing load balancing algorithm. Can be one of: "ip", "consumer", "path".
Appears in:
IngressBackend describes all endpoints for a given service and port.
| Field | Description |
|---|---|
serviceName string |
Specifies the name of the referenced service. |
servicePort integer |
Specifies the port of the referenced service. |
Appears in:
IngressRule represents a rule to apply against incoming requests. Matching is performed based on an (optional) SNI and port.
| Field | Description |
|---|---|
host string |
Host is the fully qualified domain name of a network host, as defined by RFC 3986. If a Host is not specified, then port-based TCP routing is performed. Kong doesn't care about the content of the TCP stream in this case. If a Host is specified, the protocol must be TLS over TCP. A plain-text TCP request cannot be routed based on Host. It can only be routed based on Port. |
port integer |
Port is the port on which to accept TCP or TLS over TCP sessions and route. It is a required field. If a Host is not specified, the requested are routed based only on Port. |
backend IngressBackend |
Backend defines the referenced service endpoint to which the traffic will be forwarded to. |
Appears in:
IngressTLS describes the transport layer security.
| Field | Description |
|---|---|
hosts string array |
Hosts are a list of hosts included in the TLS certificate. The values in this list must match the name/s used in the tlsSecret. Defaults to the wildcard host setting for the loadbalancer controller fulfilling this Ingress, if left unspecified. |
secretName string |
SecretName is the name of the secret used to terminate SSL traffic. |
Appears in:
KongConsumerGroupSpec defines the desired state of KongConsumerGroup.
| Field | Description |
|---|---|
name string |
Name is the name of the ConsumerGroup in Kong. |
controlPlaneRef ControlPlaneRef |
ControlPlaneRef is a reference to a ControlPlane this ConsumerGroup is associated with. |
tags Tags |
Tags is an optional set of tags applied to the ConsumerGroup. |
Appears in:
KongUpstreamActiveHealthcheck configures active health check probing.
| Field | Description |
|---|---|
type string |
Type determines whether to perform active health checks using HTTP or HTTPS, or just attempt a TCP connection. Accepted values are "http", "https", "tcp", "grpc", "grpcs". |
concurrency integer |
Concurrency is the number of targets to check concurrently. |
healthy KongUpstreamHealthcheckHealthy |
Healthy configures thresholds and HTTP status codes to mark targets healthy for an upstream. |
unhealthy KongUpstreamHealthcheckUnhealthy |
Unhealthy configures thresholds and HTTP status codes to mark targets unhealthy for an upstream. |
httpPath string |
HTTPPath is the path to use in GET HTTP request to run as a probe. |
httpsSni string |
HTTPSSNI is the SNI to use in GET HTTPS request to run as a probe. |
httpsVerifyCertificate boolean |
HTTPSVerifyCertificate is a boolean value that indicates if the certificate should be verified. |
timeout integer |
Timeout is the probe timeout in seconds. |
headers object (keys:string, values:string array) |
Headers is a list of HTTP headers to add to the probe request. |
Appears in:
KongUpstreamHash defines how to calculate hash for consistent-hashing load balancing algorithm. Only one of the fields must be set.
| Field | Description |
|---|---|
input HashInput |
Input allows using one of the predefined inputs (ip, consumer, path). For other parametrized inputs, use one of the fields below. |
header string |
Header is the name of the header to use as hash input. |
cookie string |
Cookie is the name of the cookie to use as hash input. |
cookiePath string |
CookiePath is cookie path to set in the response headers. |
queryArg string |
QueryArg is the name of the query argument to use as hash input. |
uriCapture string |
URICapture is the name of the URI capture group to use as hash input. |
Appears in:
KongUpstreamHealthcheck represents a health-check config of an Upstream in Kong.
| Field | Description |
|---|---|
active KongUpstreamActiveHealthcheck |
Active configures active health check probing. |
passive KongUpstreamPassiveHealthcheck |
Passive configures passive health check probing. |
threshold integer |
Threshold is the minimum percentage of the upstream’s targets’ weight that must be available for the whole upstream to be considered healthy. |
Appears in:
KongUpstreamHealthcheckHealthy configures thresholds and HTTP status codes to mark targets healthy for an upstream.
| Field | Description |
|---|---|
httpStatuses HTTPStatus array |
HTTPStatuses is a list of HTTP status codes that Kong considers a success. |
interval integer |
Interval is the interval between active health checks for an upstream in seconds when in a healthy state. |
successes integer |
Successes is the number of successes to consider a target healthy. |
Appears in:
KongUpstreamHealthcheckUnhealthy configures thresholds and HTTP status codes to mark targets unhealthy.
| Field | Description |
|---|---|
httpFailures integer |
HTTPFailures is the number of failures to consider a target unhealthy. |
httpStatuses HTTPStatus array |
HTTPStatuses is a list of HTTP status codes that Kong considers a failure. |
tcpFailures integer |
TCPFailures is the number of TCP failures in a row to consider a target unhealthy. |
timeouts integer |
Timeouts is the number of timeouts in a row to consider a target unhealthy. |
interval integer |
Interval is the interval between active health checks for an upstream in seconds when in an unhealthy state. |
Appears in:
KongUpstreamPassiveHealthcheck configures passive checks around passive health checks.
| Field | Description |
|---|---|
type string |
Type determines whether to perform passive health checks interpreting HTTP/HTTPS statuses, or just check for TCP connection success. Accepted values are "http", "https", "tcp", "grpc", "grpcs". |
healthy KongUpstreamHealthcheckHealthy |
Healthy configures thresholds and HTTP status codes to mark targets healthy for an upstream. |
unhealthy KongUpstreamHealthcheckUnhealthy |
Unhealthy configures thresholds and HTTP status codes to mark targets unhealthy. |
Appears in:
KongUpstreamPolicySpec contains the specification for KongUpstreamPolicy.
| Field | Description |
|---|---|
algorithm string |
Algorithm is the load balancing algorithm to use. Accepted values are: "round-robin", "consistent-hashing", "least-connections", "latency". |
slots integer |
Slots is the number of slots in the load balancer algorithm. If not set, the default value in Kong for the algorithm is used. |
hashOn KongUpstreamHash |
HashOn defines how to calculate hash for consistent-hashing load balancing algorithm. Algorithm must be set to "consistent-hashing" for this field to have effect. |
hashOnFallback KongUpstreamHash |
HashOnFallback defines how to calculate hash for consistent-hashing load balancing algorithm if the primary hash function fails. Algorithm must be set to "consistent-hashing" for this field to have effect. |
healthchecks KongUpstreamHealthcheck |
Healthchecks defines the health check configurations in Kong. |
Appears in:
TCPIngressSpec defines the desired state of TCPIngress.
| Field | Description |
|---|---|
rules IngressRule array |
A list of rules used to configure the Ingress. |
tls IngressTLS array |
TLS configuration. This is similar to the tls section in the Ingress resource in networking.v1beta1 group. The mapping of SNIs to TLS cert-key pair defined here will be used for HTTP Ingress rules as well. Once can define the mapping in this resource or the original Ingress resource, both have the same effect. |
Appears in:
UDPIngressRule represents a rule to apply against incoming requests wherein no Host matching is available for request routing, only the port is used to match requests.
| Field | Description |
|---|---|
port integer |
Port indicates the port for the Kong proxy to accept incoming traffic on, which will then be routed to the service Backend. |
backend IngressBackend |
Backend defines the Kubernetes service which accepts traffic from the listening Port defined above. |
Appears in:
UDPIngressSpec defines the desired state of UDPIngress.
| Field | Description |
|---|---|
rules UDPIngressRule array |
A list of rules used to configure the Ingress. |
Appears in: