Edit

Share via

Application Gateway for Containers API specification for Kubernetes

Packages

Package v1 is the v1 version of the API.

alb.networking.azure.io/v1

This document defines each of the resource types for alb.networking.azure.io/v1.

Resource Types:

AffinityType (string alias)

(Appears on:SessionAffinity)

AffinityType defines the affinity type for the Service

Value Description

"application-cookie"

AffinityTypeApplicationCookie is a session affinity type for an application cookie

"managed-cookie"

AffinityTypeManagedCookie is a session affinity type for a managed cookie

AlbConditionReason (string alias)

AlbConditionReason defines the set of reasons that explain why a particular condition type are raised by the Application Gateway for Containers resource.

Value Description

"Accepted"

AlbReasonAccepted indicates that the Application Gateway for Containers resource are accepted by the controller.

"Ready"

AlbReasonDeploymentReady indicates the Application Gateway for Containers resource deployment status.

"InProgress"

AlbReasonInProgress indicates whether the Application Gateway for Containers resource is in the process of being created, updated, or deleted.

AlbConditionType (string alias)

AlbConditionType is a type of condition associated with an Application Gateway for Containers resource. This type should be used with the AlbStatus.Conditions field.

Value Description

"Accepted"

AlbConditionTypeAccepted indicates whether the Application Gateway for Containers resource are accepted by the controller.

"Deployment"

AlbConditionTypeDeployment indicates the deployment status of the Application Gateway for Containers resource.

AlbSpec

(Appears on:ApplicationLoadBalancer)

AlbSpec defines the specifications for the Application Gateway for Containers resource.

Field Description
associations
[]string

Associations are subnet resource IDs the Application Gateway for Containers resource are associated with.

AlbStatus

(Appears on:ApplicationLoadBalancer)

AlbStatus defines the observed state of Application Gateway for Containers resource.

Field Description
conditions
[]Kubernetes meta/v1.Condition 		(Optional)

Known condition types are:

  • “Accepted”
  • “Ready”

ApplicationLoadBalancer

ApplicationLoadBalancer is the schema for the Application Gateway for Containers resource.

Field Description
metadata
Kubernetes meta/v1.ObjectMeta 		(Optional)

Object’s metadata.

Refer to the Kubernetes API documentation for the fields of the metadata field.
spec
AlbSpec

Spec is the specifications for Application Gateway for Containers resource.



associations
[]string

Associations are subnet resource IDs the Application Gateway for Containers resource are associated with.
status
AlbStatus

Status defines the current state of Application Gateway for Containers resource.

BackendLoadBalancingPolicy

BackendLoadBalancingPolicy represents the configuration for backend load balancing.

Field Description
metadata
Kubernetes meta/v1.ObjectMeta 		(Optional)

Object’s metadata.

Refer to the Kubernetes API documentation for the fields of the metadata field.
spec
BackendLoadBalancingPolicySpec

Spec is the BackendLoadBalancingPolicy specification.



targetRefs
[]TargetRefSpec

TargetRefs identifies a list of API objects to apply policy to.
loadBalancing
LoadBalancingConfig 		(Optional)

LoadBalancing defines the schema for configuring Load Balancing options
status
BackendLoadBalancingPolicyStatus

Status defines the current state of BackendLoadBalancingPolicy.

BackendLoadBalancingPolicyConditionReason (string alias)

BackendLoadBalancingPolicyConditionReason defines the set of reasons that explain why a particular BackendLoadBalancingPolicy condition type is raised.

Value Description

"Accepted"

BackendLoadBalancingPolicyReasonAccepted is used to set the BackendLoadBalancingPolicyConditionReason to Accepted When the given BackendLoadBalancingPolicy is correctly configured

"Conflicted"

BackendLoadBalancingPolicyReasonConflicted is used when the target ref conflicts with a pre-existing policy target

"InvalidBackendLoadBalancingPolicy"

BackendLoadBalancingPolicyReasonInvalid is the reason when the BackendLoadBalancingPolicy isn’t Accepted

"InvalidGroup"

BackendLoadBalancingPolicyReasonInvalidGroup is used when the group is invalid

"InvalidKind"

BackendLoadBalancingPolicyReasonInvalidKind is used when the kind/group is invalid

"InvalidName"

BackendLoadBalancingPolicyReasonInvalidName is used when the name is invalid

"InvalidService"

BackendLoadBalancingPolicyReasonInvalidService is used when the Service is invalid

"NoTargetReference"

BackendLoadBalancingPolicyReasonNoTargetReference is used when there’s no target reference

"RefNotPermitted"

BackendLoadBalancingPolicyReasonRefNotPermitted is used when the ref isn’t permitted

"ResolvedRefs"

BackendLoadBalancingPolicyReasonResolvedRefs is used to set the BackendLoadBalancingPolicyConditionReason to ResolvedRefs when the given BackendLoadBalancingPolicy has correct references

BackendLoadBalancingPolicyConditionType (string alias)

BackendLoadBalancingPolicyConditionType is a type of condition associated with a BackendLoadBalancingPolicy. This type should be used with the BackendLoadBalancingPolicyStatus.Conditions field.

Value Description

"Accepted"

BackendLoadBalancingPolicyConditionAccepted is used to set the BackendLoadBalancingPolicyConditionType to Accepted

"ResolvedRefs"

BackendLoadBalancingPolicyConditionResolvedRefs is used to set the BackendLoadBalancingPolicyCondition to ResolvedRefs

BackendLoadBalancingPolicyPort

(Appears on:TargetRefSpec)

BackendLoadBalancingPolicyPort defines the port configuration for the backend load balancing policy.

Field Description
port
int32

Port is the port to use for connection to the backend

BackendLoadBalancingPolicySpec

(Appears on:BackendLoadBalancingPolicy, IngressBackendSettings)

BackendLoadBalancingPolicySpec defines the specification for BackendLoadBalancingPolicy.

Field Description
targetRefs
[]TargetRefSpec

TargetRefs identifies a list of API objects to apply policy to.
loadBalancing
LoadBalancingConfig 		(Optional)

LoadBalancing defines the schema for configuring Load Balancing options

BackendLoadBalancingPolicyStatus

(Appears on:BackendLoadBalancingPolicy)

BackendLoadBalancingPolicyStatus defines the observed state of BackendLoadBalancingPolicy.

Field Description
targets
[]BackendLoadBalancingPolicyTargetStatus

BackendLoadBalancingPolicyTargetStatus

(Appears on:BackendLoadBalancingPolicyStatus)

BackendLoadBalancingPolicyTargetStatus defines the observed status for a target ref

Field Description
targetRef
CustomTargetRef
conditions
[]Kubernetes meta/v1.Condition

BackendTLSPolicy

BackendTLSPolicy is the schema for the BackendTLSPolicies API.

Field Description
metadata
Kubernetes meta/v1.ObjectMeta 		(Optional)

Object’s metadata.

Refer to the Kubernetes API documentation for the fields of the metadata field.
spec
BackendTLSPolicySpec

Spec is the BackendTLSPolicy specification.



targetRef
CustomTargetRef

TargetRef identifies an API object to apply policy to.
override
BackendTLSPolicyConfig 		(Optional)

Override defines policy configuration that should override policy configuration attached below the targeted resource in the hierarchy.

Note: Override is currently not supported and result in a validation error. Support for Override will be added in a future release.
default
BackendTLSPolicyConfig 		(Optional)

Default defines default policy configuration for the targeted resource.
status
BackendTLSPolicyStatus

Status defines the current state of BackendTLSPolicy.

BackendTLSPolicyConfig

(Appears on:BackendTLSPolicySpec)

BackendTLSPolicyConfig defines the policy specification for the Backend TLS Policy.

Field Description
CommonTLSPolicy
CommonTLSPolicy

(Members of CommonTLSPolicy are embedded into this type.)

sni
string 		(Optional)

Sni is the server name to use for the TLS connection to the backend.
ports
[]BackendTLSPolicyPort

Ports specifies the list of ports where the policy is applied.
clientCertificateRef
Gateway API .SecretObjectReference 		(Optional)

ClientCertificateRef is the reference to the client certificate to use for the TLS connection to the backend.

BackendTLSPolicyPort

(Appears on:BackendTLSPolicyConfig)

BackendTLSPolicyPort defines the port to use for the TLS connection to the backend

Field Description
port
int

Port is the port to use for the TLS connection to the backend

BackendTLSPolicySpec

(Appears on:BackendTLSPolicy)

BackendTLSPolicySpec defines the desired state of BackendTLSPolicy.

Field Description
targetRef
CustomTargetRef

TargetRef identifies an API object to apply policy to.
override
BackendTLSPolicyConfig 		(Optional)

Override defines policy configuration that should override policy configuration attached below the targeted resource in the hierarchy.

Note: Override is currently not supported and result in a validation error. Support for Override will be added in a future release.
default
BackendTLSPolicyConfig 		(Optional)

Default defines default policy configuration for the targeted resource.

BackendTLSPolicyStatus

(Appears on:BackendTLSPolicy)

BackendTLSPolicyStatus defines the observed state of BackendTLSPolicy.

Field Description
conditions
[]Kubernetes meta/v1.Condition 		(Optional)

Conditions describe the current conditions of the BackendTLSPolicy.

Implementations should prefer to express BackendTLSPolicy conditions using the BackendTLSPolicyConditionType and BackendTLSPolicyConditionReason constants so that operators and tools can converge on a common vocabulary to describe BackendTLSPolicy state.

Known condition types are:

  • “Accepted”
  • “ResolvedRefs”

CommonTLSPolicy

(Appears on:BackendTLSPolicyConfig)

CommonTLSPolicy is the schema for the CommonTLSPolicy API.

Field Description
verify
CommonTLSPolicyVerify 		(Optional)

Verify provides the options to verify the peer certificate.

CommonTLSPolicyVerify

(Appears on:CommonTLSPolicy)

CommonTLSPolicyVerify defines the schema for the CommonTLSPolicyVerify API.

Field Description
caCertificateRef
Gateway API .SecretObjectReference

CaCertificateRef is the CA certificate used to verify peer certificate.
subjectAltName
string 		(Optional)

SubjectAltName is the subject alternative name used to verify peer certificate.

CustomTargetRef

(Appears on:BackendLoadBalancingPolicyTargetStatus, BackendTLSPolicySpec, FrontendTLSPolicySpec, HealthCheckPolicySpec, PolicyRefStatus, RoutePolicySpec, TargetRefSpec, WebApplicationFirewallPolicySpec)

CustomTargetRef is a reference to a custom resource that isn’t part of the Kubernetes core API.

Field Description
NamespacedPolicyTargetReference
Gateway API alpha2.NamespacedPolicyTargetReference

(Members of NamespacedPolicyTargetReference are embedded into this type.)

sectionNames
[]string 		(Optional)

SectionNames is the name of the section within the target resource. When unspecified, this targetRef targets the entire resource. In the following resources, SectionNames is interpreted as the following:

  • Gateway: Listener Name
  • Service: Port Name

If a SectionNames is specified, but doesn’t exist on the targeted object, the Policy fails to attach, and the policy implementation will record a ResolvedRefs or similar Condition in the Policy’s status.

FrontendTLSPolicy

FrontendTLSPolicy is the schema for the FrontendTLSPolicy API

Field Description
metadata
Kubernetes meta/v1.ObjectMeta 		(Optional)

Object’s metadata.

Refer to the Kubernetes API documentation for the fields of the metadata field.
spec
FrontendTLSPolicySpec

Spec is the FrontendTLSPolicy specification.



targetRef
CustomTargetRef

TargetRef identifies an API object to apply policy to.
default
FrontendTLSPolicyConfig 		(Optional)

Default defines default policy configuration for the targeted resource.
override
FrontendTLSPolicyConfig 		(Optional)

Override defines policy configuration that should override policy configuration attached below the targeted resource in the hierarchy.

Note: Override is currently not supported and result in a validation error. Support for Override will be added in a future release.
status
FrontendTLSPolicyStatus

Status defines the current state of FrontendTLSPolicy.

FrontendTLSPolicyConfig

(Appears on:FrontendTLSPolicySpec)

FrontendTLSPolicyConfig defines the policy specification for the Frontend TLS Policy.

Field Description
verify
MTLSPolicyVerify 		(Optional)

Verify provides the options to verify the peer certificate.
policyType
PolicyType 		(Optional)

Type is the type of the policy.

FrontendTLSPolicySpec

(Appears on:FrontendTLSPolicy)

FrontendTLSPolicySpec defines the desired state of FrontendTLSPolicy

Field Description
targetRef
CustomTargetRef

TargetRef identifies an API object to apply policy to.
default
FrontendTLSPolicyConfig 		(Optional)

Default defines default policy configuration for the targeted resource.
override
FrontendTLSPolicyConfig 		(Optional)

Override defines policy configuration that should override policy configuration attached below the targeted resource in the hierarchy.

Note: Override is currently not supported and result in a validation error. Support for Override will be added in a future release.

FrontendTLSPolicyStatus

(Appears on:FrontendTLSPolicy)

FrontendTLSPolicyStatus defines the observed state of FrontendTLSPolicy.

Field Description
conditions
[]Kubernetes meta/v1.Condition 		(Optional)

Conditions describe the current conditions of the FrontendTLSPolicy.

Implementations should prefer to express FrontendTLSPolicy conditions using the FrontendTLSPolicyConditionType and FrontendTLSPolicyConditionReason constants so that operators and tools can converge on a common vocabulary to describe FrontendTLSPolicy state.

Known condition types are:

  • “Accepted”

FrontendTLSPolicyType (string alias)

(Appears on:PolicyType)

FrontendTLSPolicyType is the type of the Frontend TLS Policy.

Value Description

"predefined"

PredefinedFrontendTLSPolicyType is the type of the predefined Frontend TLS Policy.

FrontendTLSPolicyTypeName (string alias)

(Appears on:PolicyType)

FrontendTLSPolicyTypeName is the name of the Frontend TLS Policy.

Value Description

"2023-06"

PredefinedPolicy202306 is the name of the predefined Frontend TLS Policy for the policy “2023-06”.

"2023-06-S"

PredefinedPolicy202306Strict is the name of the predefined Frontend TLS Policy for the policy “2023-06-S”. This is a strict version of the policy “2023-06”.

GRPCSpecifiers

(Appears on:HealthCheckPolicyConfig)

GRPCSpecifiers defines the schema for GRPC HealthCheck.

Field Description
authority
string 		(Optional)

Authority if present is used as the value of the Authority header in the health check.
service
string 		(Optional)

Service allows the configuration of a Health check registered under a different service name.

HTTPHeader

(Appears on:HeaderFilter)

HTTPHeader represents an HTTP Header name and value as defined by RFC 7230.

Field Description
name
HTTPHeaderName

Name is the name of the HTTP Header to be matched. Name matching MUST be case insensitive. (See https://tools.ietf.org/html/rfc7230#section-3.2).

If multiple entries specify equivalent header names, the first entry with an equivalent name MUST be considered for a match. Subsequent entries with an equivalent header name MUST be ignored. Due to the case-insensitivity of header names, “foo” and “Foo” are considered equivalent.
value
string

Value is the value of HTTP Header to be matched.

HTTPHeaderName (string alias)

(Appears on:HTTPHeader)

HTTPHeaderName is the name of an HTTP header.

Valid values include:

  • “Authorization”
  • “Set-Cookie”

Invalid values include:

  • ”:method” - “:” is an invalid character. This means that HTTP/2 pseudo headers aren’t currently supported by this type.
  • ”/invalid” - “/ ” is an invalid character

HTTPMatch

(Appears on:HTTPSpecifiers)

HTTPMatch defines the HTTP matchers to use for HealthCheck checks.

Field Description
body
string 		(Optional)

Body defines the HTTP body matchers to use for HealthCheck checks.
statusCodes
[]StatusCodes 		(Optional)

StatusCodes defines the HTTP status code matchers to use for HealthCheck checks.

HTTPPathModifier

(Appears on:Redirect, URLRewriteFilter)

HTTPPathModifier defines configuration for path modifiers.

Field Description
type
HTTPPathModifierType

Type defines the type of path modifier. More types may be added in a future release of the API.

Values may be added to this enum, implementations must ensure unknown values won’t cause a crash.

Unknown values here must result in the implementation setting the Accepted Condition for the rule to be false
replaceFullPath
string 		(Optional)

ReplaceFullPath specifies the value with which to replace the full path of a request during a rewrite or redirect.
replacePrefixMatch
string 		(Optional)

ReplacePrefixMatch specifies the value with which to replace the prefix match of a request during a rewrite or redirect. For example, a request to “/foo/bar” with a prefix match of “/foo” and a ReplacePrefixMatch of “/xyz” would be modified to “/xyz/bar”.

This matches the behavior of the PathPrefix match type. This matches full path elements. A path element refers to the list of labels in the path split by the / separator. When specified, a trailing / is ignored. For example, the paths /abc, /abc/, and /abc/def would all match the prefix /abc, but the path /abcd wouldn’t.

ReplacePrefixMatch is only compatible with a PathPrefix HTTPRouteMatch. Using any other HTTPRouteMatch type on the same HTTPRouteRule results in the implementation setting the Accepted Condition for the Route to status: False.

Request Path Prefix Match Replace Prefix Modified Path
/foo/bar /foo /xyz /xyz/bar
/foo/bar /foo /xyz/ /xyz/bar
/foo/bar /foo/ /xyz /xyz/bar
/foo/bar /foo/ /xyz/ /xyz/bar
/foo /foo /xyz /xyz
/foo/ /foo /xyz /xyz/
/foo/bar /foo