GatewayClassConfig Resource Configuration

This topic provides full details about the GatewayClassConfig resource.

Introduction

The GatewayClassConfig object contains Consul API Gateway-related configuration parameters. Apply the parameters by adding the GatewayClass object to your Kubernetes values file and specifying the name of the GatewayClassConfig.

Configuration model

The following outline shows how to format the configurations in the GatewayClassConfig object. Click on a property name to view details about the configuration.

• consul: object | optional
  • address: string | optional
  • authentication: object | optional
    • account: string | optional
    • managed: bool | optional
    • method: string | optional
    • namespace: string | optional
  • ports: object | optional
    • grpc: integer | optional
    • http: integer | optional
  • scheme: string | optional
• copyAnnotations: object | optional
  • service: array of strings | optional
• deployment: object | optional
  • defaultInstances: integer | optional
  • maxInstances: integer | optional
  • minInstances: integer | optional
• image: object | optional
  • consulAPIGateway: string | optional
  • envoy: string | optional
• logLevel: string | optional
• nodeSelector: string | optional
• serviceType: string | optional
• useHostPorts: boolean | optional

Specification

This topic provides details about the configuration parameters.

consul

Specifies configurations that enable an instance of Consul API Gateway to interact with Consul.

• Type: object
• Required: optional

consul.address

Specifies the address of the Consul server that the Gateway communicates with in the gateway pod. If unspecified, the pod attempts to use a local agent on the host where the pod is running.

• Type: string
• Required: optional
• Default: local agent

consul.authentication.account

Specifies the Kubernetes service account to use for authentication.

• Type: string
• Required: optional

consul.authentication.managed

Set to true to enable deployments to run with managed service accounts created by the gateway controller. The consul.authentication.account field is ignored when this option is enabled.

• Type: boolean
• Required: optional
• Default: false

consul.authentication.method

Specifies the Consul auth method used for initial authentication by Consul API Gateway.

• Type: string
• Required: optional

consul.authentication.namespace

Specifies the Consul namespace to use for authentication.

• Type: string
• Required: optional

consul.ports.grpc

Specifies the gRPC port for Consul’s xDS server.

• Type: integer
• Required: optional
• Default: 8502

consul.ports.http

Specifies the Consul HTTP port to use for authentication.

• Type: integer
• Required: optional
• Default: 8500

consul.scheme

Specifies the scheme to use for connecting to Consul.

• Type: string
• Required: optional
• Default: http

You can specify the following strings:

• http
• https

copyAnnotations.service

Specifies an array of Kubernetes annotations to copy to the gateway service.

• Type: Array of strings
• Required: optional

deployment.defaultInstances

Specifies the number of gateway instances to deploy per gateway configuration.

• Type: Integer
• Required: optional
• Default: 1

deployment.maxInstances

Specifies the maximum allowed number of gateway instances per gateway configuration.

• Type: Integer
• Required: optional
• Default: 8

deployment.minInstances

Specifies the minimum allowed number of gateway instances per gateway configuration.

• Type: Integer
• Required: optional
• Default: 1

image.consulAPIGateway

Specifies the Docker image to use for the consul-api-gateway container. View available image tags on DockerHub.

The default value is suitable for most deployments, but you may require a specific version of the Consul API Gateway depending on your environment.

• Type: string
• Required: optional
• Default: "hashicorp/consul-api-gateway:RELEASE_VERSION"

image.envoy

Specifies the Docker image to use for the Envoy proxy container. View available image tags on DockerHub.

The default value is suitable for most deployments, but you may require a specific version of Envoy depending on your environment.

• Type: string
• Required: optional
• Default: "envoyproxy/envoy:RELEASE_VERSION"

logLevel

Specifies the error reporting level for logs.

• Type: string
• Required: optional
• Default: info

You can specify the following strings:

• error
• warning
• info
• debug
• trace

nodeSelector

Pods normally run on multiple nodes. You can specify a set of parameters in the nodeSelector that constrain the nodes on which the pod can run, enabling the pod to fit on a node. The selector must match a node’s labels for the pod to be scheduled on that node. Refer to the Kubernetes documentation for additional information.

• Type: string
• Required: optional

serviceType

Specifies the ingress methods for the gateway’s Kubernetes service.

• Type: string
• Required: optional

You can specify the following strings:

• ClusterIP: The gateway is only accessible from inside the cluster.
• NodePort: The gateway is exposed on each Kubernetes node at a static port.
• LoadBalancer: The gateway is exposed to external traffic by a load balancer.

For more on Kubernetes services, see Publishing Services.

useHostPorts

If set to true, then the Envoy container ports are mapped to host ports.

• Type: boolean
• Required: optional
• Default: false

Example Configuration

The following example creates a gateway class configuration called example-gateway-class-config. Traffic that passes through gateways created from the class configuration authenticates with Consul over HTTPS on port 8501. Consul client agents communicate with server agents on port 8502:

gateway.yaml

apiVersion: api-gateway.consul.hashicorp.com/v1alpha1
kind: GatewayClassConfig
metadata:
  name: example-gateway-class-config
spec:
  useHostPorts: true
  logLevel: 'trace'
  consul:
    scheme: 'https'
    ports:
      http: 8501
      grpc: 8502

Refer to the Consul API Gateway repository for the complete specification.