Name defines the name of the backend.

Port defines the specification for the backend’s port.

TLS defines the specification for the backend’s TLS configuration.

TCP specifies the TCP level connection settings. Applies to both TCP and HTTP connections.

HTTP specifies the HTTP level connection settings.

Object’s metadata

Spec is the Egress policy specification

Kind defines the kind for the source in the Egress policy, ex. ServiceAccount.

Name defines the name of the source for the given Kind.

Namespace defines the namespace for the given source.

Sources defines the list of sources the Egress policy applies to.

Hosts defines the list of external hosts the Egress policy will allow access to.

• For HTTP traffic, the HTTP Host/Authority header is matched against the list of Hosts specified.

• For HTTPS traffic, the Server Name Indication (SNI) indicated by the client in the TLS handshake is matched against the list of Hosts specified.

• For non-HTTP(s) based protocols, the Hosts field is ignored.

IPAddresses defines the list of external IP address ranges the Egress policy applies to. The destination IP address of the traffic is matched against the list of IPAddresses specified as a CIDR range.

Ports defines the list of ports the Egress policy is applies to. The destination port of the traffic is matched against the list of Ports specified.

Matches defines the list of object references the Egress policy should match on.

MaxRequests specifies the maximum number of parallel requests allowed to the upstream host. Defaults to 4294967295 (2^32 - 1) if not specified.

MaxRequestsPerConnection specifies the maximum number of requests per connection allowed to the upstream host. Defaults to unlimited if not specified.

MaxPendingRequests specifies the maximum number of pending HTTP requests allowed to the upstream host. For HTTP/2 connections, if maxRequestsPerConnection is not configured, all requests will be multiplexed over the same connection so this circuit breaker will only be hit when no connection is already established. Defaults to 4294967295 (2^32 - 1) if not specified.

MaxRetries specifies the maximum number of parallel retries allowed to the upstream host. Defaults to 4294967295 (2^32 - 1) if not specified.

Name defines the name of the HTTP header.

Value defines the value of the header corresponding to the name key.

Requests defines the number of requests allowed per unit of time before rate limiting occurs.

Unit defines the period of time within which requests over the limit will be rate limited. Valid values are “second”, “minute” and “hour”.

Burst defines the number of requests above the baseline rate that are allowed in a short period of time.

ResponseStatusCode defines the HTTP status code to use for responses to rate limited requests. Code must be in the 400-599 (inclusive) error range. If not specified, a default of 429 (Too Many Requests) is used. See https://www.envoyproxy.io/docs/envoy/latest/api-v3/type/v3/http_status.proto#enum-type-v3-statuscode for the list of HTTP status codes supported by Envoy.

ResponseHeadersToAdd defines the list of HTTP headers that should be added to each response for requests that have been rate limited.

Local defines the local rate limiting specification applied per HTTP route.

Path defines the HTTP path.

RateLimit defines the HTTP rate limiting specification for the specified HTTP route.

Object’s metadata

Spec is the Ingress backend policy specification

Status is the status of the IngressBackend configuration.

Backends defines the list of backends the IngressBackend policy applies to.

Sources defines the list of sources the IngressBackend policy applies to.

Matches defines the list of object references the IngressBackend policy should match on.

CurrentStatus defines the current status of an IngressBackend resource.

Reason defines the reason for the current status of an IngressBackend resource.

Kind defines the kind for the source in the IngressBackend policy. Must be one of: Service, AuthenticatedPrincipal, IPRange

Name defines the name of the source for the given Kind.

Namespace defines the namespace for the given source.

TCP defines the local rate limiting specification at the network level. This is a token bucket rate limiter where each connection consumes a single token. If the token is available, the connection will be allowed. If no tokens are available, the connection will be immediately closed.

HTTP defines the local rate limiting specification for HTTP traffic. This is a token bucket rate limiter where each request consumes a single token. If the token is available, the request will be allowed. If no tokens are available, the request will receive the configured rate limit status.

Number defines the port number.

Protocol defines the protocol served by the port.

Local specified the local rate limiting specification for the upstream host. Local rate limiting is enforced directly by the upstream host without any involvement of a global rate limiting service. This is applied as a token bucket rate limiter.

Object’s metadata

Spec is the Retry policy specification

RetryOn defines the policies to retry on, delimited by comma.

PerTryTimeout defines the time allowed for a retry before it’s considered a failed attempt.

NumRetries defines the max number of retries to attempt.

RetryBackoffBaseInterval defines the base interval for exponential retry backoff.

Source defines the source the Retry policy applies to.

Destinations defines the list of destinations the Retry policy applies to.

RetryPolicy defines the retry policy the Retry policy applies.

Kind defines the kind for the Src/Dst in the Retry policy.

Name defines the name of the Src/Dst for the given Kind.

Namespace defines the namespace for the given Src/Dst.

MaxConnections specifies the maximum number of TCP connections allowed to the upstream host. Defaults to 4294967295 (2^32 - 1) if not specified.

ConnectTimeout specifies the TCP connection timeout. Defaults to 5s if not specified.

Connections defines the number of connections allowed per unit of time before rate limiting occurs.

Unit defines the period of time within which connections over the limit will be rate limited. Valid values are “second”, “minute” and “hour”.

Burst defines the number of connections above the baseline rate that are allowed in a short period of time.

SkipClientCertValidation defines whether the backend should skip validating the certificate presented by the client.

SNIHosts defines the SNI hostnames that the backend allows the client to connect to.

Object’s metadata

Spec is the UpstreamTrafficSetting policy specification

Status is the status of the UpstreamTrafficSetting resource.

Host the upstream traffic is directed to. Must either be an FQDN corresponding to the upstream service or the name of the upstream service. If only the service name is specified, the FQDN is derived from the service name and the namespace of the UpstreamTrafficSetting rule.

ConnectionSettings specifies the connection settings for traffic directed to the upstream host.

RateLimit specifies the rate limit settings for the traffic directed to the upstream host. If HTTP rate limiting is specified, the rate limiting is applied at the VirtualHost level applicable to all routes within the VirtualHost.

HTTPRoutes defines the list of HTTP routes settings for the upstream host. Settings are applied at a per route level.

CurrentStatus defines the current status of an UpstreamTrafficSetting resource.

Reason defines the reason for the current status of an UpstreamTrafficSetting resource.