github.com/projectcontour/contour@v1.28.2/site/content/docs/1.20/config/api-reference.html

<p>Packages:</p>
<ul>
<li>
<a href="#projectcontour.io%2fv1">projectcontour.io/v1</a>
</li>
<li>
<a href="#projectcontour.io%2fv1alpha1">projectcontour.io/v1alpha1</a>
</li>
</ul>
<h2 id="projectcontour.io/v1">projectcontour.io/v1</h2>
<p>
<p>Package v1 holds the specification for the projectcontour.io Custom Resource Definitions (CRDs).</p>
<p>In building this CRD, we&rsquo;ve inadvertently overloaded the word &ldquo;Condition&rdquo;, so we&rsquo;ve tried to make
this spec clear as to which types of condition are which.</p>
<p><code>MatchConditions</code> are used by <code>Routes</code> and <code>Includes</code> to specify rules to match requests against for either
routing or inclusion.</p>
<p><code>DetailedConditions</code> are used in the <code>Status</code> of these objects to hold information about the relevant
state of the object and the world around it.</p>
<p><code>SubConditions</code> are used underneath <code>DetailedConditions</code> to give more detail to errors or warnings.</p>
</p>
Resource Types:
<ul><li>
<a href="#projectcontour.io/v1.HTTPProxy">HTTPProxy</a>
</li><li>
<a href="#projectcontour.io/v1.TLSCertificateDelegation">TLSCertificateDelegation</a>
</li></ul>
<h3 id="projectcontour.io/v1.HTTPProxy">HTTPProxy
</h3>
<p>
<p>HTTPProxy is an Ingress CRD specification.</p>
</p>
<table class="table table-striped table-borderless" style="border:none">
<thead class="border-bottom">
<tr>
<th>Field</th>
<th>Description</th>
</tr>
</thead>
<tbody class="border-top">
<tr>
<td>
<code>apiVersion</code>
<br>
string</td>
<td>
<code>
projectcontour.io/v1
</code>
</td>
</tr>
<tr>
<td>
<code>kind</code>
<br>
string
</td>
<td><code>HTTPProxy</code></td>
</tr>
<tr>
<td style="white-space:nowrap">
<code>metadata</code>
<br>
<em>
<a href="https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.18/#objectmeta-v1-meta">
Kubernetes meta/v1.ObjectMeta
</a>
</em>
</td>
<td>
Refer to the Kubernetes API documentation for the fields of the
<code>metadata</code> field.
</td>
</tr>
<tr>
<td style="white-space:nowrap">
<code>spec</code>
<br>
<em>
<a href="#projectcontour.io/v1.HTTPProxySpec">
HTTPProxySpec
</a>
</em>
</td>
<td>
<br>
<br>
<table style="border:none">
<tr>
<td style="white-space:nowrap">
<code>virtualhost</code>
<br>
<em>
<a href="#projectcontour.io/v1.VirtualHost">
VirtualHost
</a>
</em>
</td>
<td>
<em>(Optional)</em>
<p>Virtualhost appears at most once. If it is present, the object is considered
to be a &ldquo;root&rdquo; HTTPProxy.</p>
</td>
</tr>
<tr>
<td style="white-space:nowrap">
<code>routes</code>
<br>
<em>
<a href="#projectcontour.io/v1.Route">
[]Route
</a>
</em>
</td>
<td>
<em>(Optional)</em>
<p>Routes are the ingress routes. If TCPProxy is present, Routes is ignored.</p>
</td>
</tr>
<tr>
<td style="white-space:nowrap">
<code>tcpproxy</code>
<br>
<em>
<a href="#projectcontour.io/v1.TCPProxy">
TCPProxy
</a>
</em>
</td>
<td>
<em>(Optional)</em>
<p>TCPProxy holds TCP proxy information.</p>
</td>
</tr>
<tr>
<td style="white-space:nowrap">
<code>includes</code>
<br>
<em>
<a href="#projectcontour.io/v1.Include">
[]Include
</a>
</em>
</td>
<td>
<em>(Optional)</em>
<p>Includes allow for specific routing configuration to be included from another HTTPProxy,
possibly in another namespace.</p>
</td>
</tr>
<tr>
<td style="white-space:nowrap">
<code>ingressClassName</code>
<br>
<em>
string
</em>
</td>
<td>
<em>(Optional)</em>
<p>IngressClassName optionally specifies the ingress class to use for this
HTTPProxy. This replaces the deprecated <code>kubernetes.io/ingress.class</code>
annotation. For backwards compatibility, when that annotation is set, it
is given precedence over this field.</p>
</td>
</tr>
</table>
</td>
</tr>
<tr>
<td style="white-space:nowrap">
<code>status</code>
<br>
<em>
<a href="#projectcontour.io/v1.HTTPProxyStatus">
HTTPProxyStatus
</a>
</em>
</td>
<td>
<em>(Optional)</em>
<p>Status is a container for computed information about the HTTPProxy.</p>
</td>
</tr>
</tbody>
</table>
<h3 id="projectcontour.io/v1.TLSCertificateDelegation">TLSCertificateDelegation
</h3>
<p>
<p>TLSCertificateDelegation is an TLS Certificate Delegation CRD specification.
See design/tls-certificate-delegation.md for details.</p>
</p>
<table class="table table-striped table-borderless" style="border:none">
<thead class="border-bottom">
<tr>
<th>Field</th>
<th>Description</th>
</tr>
</thead>
<tbody class="border-top">
<tr>
<td>
<code>apiVersion</code>
<br>
string</td>
<td>
<code>
projectcontour.io/v1
</code>
</td>
</tr>
<tr>
<td>
<code>kind</code>
<br>
string
</td>
<td><code>TLSCertificateDelegation</code></td>
</tr>
<tr>
<td style="white-space:nowrap">
<code>metadata</code>
<br>
<em>
<a href="https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.18/#objectmeta-v1-meta">
Kubernetes meta/v1.ObjectMeta
</a>
</em>
</td>
<td>
Refer to the Kubernetes API documentation for the fields of the
<code>metadata</code> field.
</td>
</tr>
<tr>
<td style="white-space:nowrap">
<code>spec</code>
<br>
<em>
<a href="#projectcontour.io/v1.TLSCertificateDelegationSpec">
TLSCertificateDelegationSpec
</a>
</em>
</td>
<td>
<br>
<br>
<table style="border:none">
<tr>
<td style="white-space:nowrap">
<code>delegations</code>
<br>
<em>
<a href="#projectcontour.io/v1.CertificateDelegation">
[]CertificateDelegation
</a>
</em>
</td>
<td>
</td>
</tr>
</table>
</td>
</tr>
<tr>
<td style="white-space:nowrap">
<code>status</code>
<br>
<em>
<a href="#projectcontour.io/v1.TLSCertificateDelegationStatus">
TLSCertificateDelegationStatus
</a>
</em>
</td>
<td>
<em>(Optional)</em>
</td>
</tr>
</tbody>
</table>
<h3 id="projectcontour.io/v1.AuthorizationPolicy">AuthorizationPolicy
</h3>
<p>
(<em>Appears on:</em>
<a href="#projectcontour.io/v1.AuthorizationServer">AuthorizationServer</a>, 
<a href="#projectcontour.io/v1.Route">Route</a>)
</p>
<p>
<p>AuthorizationPolicy modifies how client requests are authenticated.</p>
</p>
<table class="table table-striped table-borderless" style="border:none">
<thead class="border-bottom">
<tr>
<th>Field</th>
<th>Description</th>
</tr>
</thead>
<tbody class="border-top">
<tr>
<td style="white-space:nowrap">
<code>disabled</code>
<br>
<em>
bool
</em>
</td>
<td>
<em>(Optional)</em>
<p>When true, this field disables client request authentication
for the scope of the policy.</p>
</td>
</tr>
<tr>
<td style="white-space:nowrap">
<code>context</code>
<br>
<em>
map[string]string
</em>
</td>
<td>
<em>(Optional)</em>
<p>Context is a set of key/value pairs that are sent to the
authentication server in the check request. If a context
is provided at an enclosing scope, the entries are merged
such that the inner scope overrides matching keys from the
outer scope.</p>
</td>
</tr>
</tbody>
</table>
<h3 id="projectcontour.io/v1.AuthorizationServer">AuthorizationServer
</h3>
<p>
(<em>Appears on:</em>
<a href="#projectcontour.io/v1.VirtualHost">VirtualHost</a>)
</p>
<p>
<p>AuthorizationServer configures an external server to authenticate
client requests. The external server must implement the v3 Envoy
external authorization GRPC protocol (<a href="https://www.envoyproxy.io/docs/envoy/latest/api-v3/service/auth/v3/external_auth.proto">https://www.envoyproxy.io/docs/envoy/latest/api-v3/service/auth/v3/external_auth.proto</a>).</p>
</p>
<table class="table table-striped table-borderless" style="border:none">
<thead class="border-bottom">
<tr>
<th>Field</th>
<th>Description</th>
</tr>
</thead>
<tbody class="border-top">
<tr>
<td style="white-space:nowrap">
<code>extensionRef</code>
<br>
<em>
<a href="#projectcontour.io/v1.ExtensionServiceReference">
ExtensionServiceReference
</a>
</em>
</td>
<td>
<p>ExtensionServiceRef specifies the extension resource that will authorize client requests.</p>
</td>
</tr>
<tr>
<td style="white-space:nowrap">
<code>authPolicy</code>
<br>
<em>
<a href="#projectcontour.io/v1.AuthorizationPolicy">
AuthorizationPolicy
</a>
</em>
</td>
<td>
<em>(Optional)</em>
<p>AuthPolicy sets a default authorization policy for client requests.
This policy will be used unless overridden by individual routes.</p>
</td>
</tr>
<tr>
<td style="white-space:nowrap">
<code>responseTimeout</code>
<br>
<em>
string
</em>
</td>
<td>
<em>(Optional)</em>
<p>ResponseTimeout configures maximum time to wait for a check response from the authorization server.
Timeout durations are expressed in the Go <a href="https://godoc.org/time#ParseDuration">Duration format</a>.
Valid time units are &ldquo;ns&rdquo;, &ldquo;us&rdquo; (or &ldquo;µs&rdquo;), &ldquo;ms&rdquo;, &ldquo;s&rdquo;, &ldquo;m&rdquo;, &ldquo;h&rdquo;.
The string &ldquo;infinity&rdquo; is also a valid input and specifies no timeout.</p>
</td>
</tr>
<tr>
<td style="white-space:nowrap">
<code>failOpen</code>
<br>
<em>
bool
</em>
</td>
<td>
<em>(Optional)</em>
<p>If FailOpen is true, the client request is forwarded to the upstream service
even if the authorization server fails to respond. This field should not be
set in most cases. It is intended for use only while migrating applications
from internal authorization to Contour external authorization.</p>
</td>
</tr>
<tr>
<td style="white-space:nowrap">
<code>withRequestBody</code>
<br>
<em>
<a href="#projectcontour.io/v1.AuthorizationServerBufferSettings">
AuthorizationServerBufferSettings
</a>
</em>
</td>
<td>
<em>(Optional)</em>
<p>WithRequestBody specifies configuration for sending the client request&rsquo;s body to authorization server.</p>
</td>
</tr>
</tbody>
</table>
<h3 id="projectcontour.io/v1.AuthorizationServerBufferSettings">AuthorizationServerBufferSettings
</h3>
<p>
(<em>Appears on:</em>
<a href="#projectcontour.io/v1.AuthorizationServer">AuthorizationServer</a>)
</p>
<p>
<p>AuthorizationServerBufferSettings enables ExtAuthz filter to buffer client request data and send it as part of authorization request</p>
</p>
<table class="table table-striped table-borderless" style="border:none">
<thead class="border-bottom">
<tr>
<th>Field</th>
<th>Description</th>
</tr>
</thead>
<tbody class="border-top">
<tr>
<td style="white-space:nowrap">
<code>maxRequestBytes</code>
<br>
<em>
uint32
</em>
</td>
<td>
<em>(Optional)</em>
<p>MaxRequestBytes sets the maximum size of message body ExtAuthz filter will hold in-memory.</p>
</td>
</tr>
<tr>
<td style="white-space:nowrap">
<code>allowPartialMessage</code>
<br>
<em>
bool
</em>
</td>
<td>
<em>(Optional)</em>
<p>If AllowPartialMessage is true, then Envoy will buffer the body until MaxRequestBytes are reached.</p>
</td>
</tr>
<tr>
<td style="white-space:nowrap">
<code>packAsBytes</code>
<br>
<em>
bool
</em>
</td>
<td>
<em>(Optional)</em>
<p>If PackAsBytes is true, the body sent to Authorization Server is in raw bytes.</p>
</td>
</tr>
</tbody>
</table>
<h3 id="projectcontour.io/v1.CORSHeaderValue">CORSHeaderValue
(<code>string</code> alias)</h3>
<p>
(<em>Appears on:</em>
<a href="#projectcontour.io/v1.CORSPolicy">CORSPolicy</a>)
</p>
<p>
<p>CORSHeaderValue specifies the value of the string headers returned by a cross-domain request.</p>
</p>
<h3 id="projectcontour.io/v1.CORSPolicy">CORSPolicy
</h3>
<p>
(<em>Appears on:</em>
<a href="#projectcontour.io/v1.VirtualHost">VirtualHost</a>)
</p>
<p>
<p>CORSPolicy allows setting the CORS policy</p>
</p>
<table class="table table-striped table-borderless" style="border:none">
<thead class="border-bottom">
<tr>
<th>Field</th>
<th>Description</th>
</tr>
</thead>
<tbody class="border-top">
<tr>
<td style="white-space:nowrap">
<code>allowCredentials</code>
<br>
<em>
bool
</em>
</td>
<td>
<em>(Optional)</em>
<p>Specifies whether the resource allows credentials.</p>
</td>
</tr>
<tr>
<td style="white-space:nowrap">
<code>allowOrigin</code>
<br>
<em>
[]string
</em>
</td>
<td>
<p>AllowOrigin specifies the origins that will be allowed to do CORS requests. &ldquo;*&rdquo; means
allow any origin.</p>
</td>
</tr>
<tr>
<td style="white-space:nowrap">
<code>allowMethods</code>
<br>
<em>
<a href="#projectcontour.io/v1.CORSHeaderValue">
[]CORSHeaderValue
</a>
</em>
</td>
<td>
<p>AllowMethods specifies the content for the <em>access-control-allow-methods</em> header.</p>
</td>
</tr>
<tr>
<td style="white-space:nowrap">
<code>allowHeaders</code>
<br>
<em>
<a href="#projectcontour.io/v1.CORSHeaderValue">
[]CORSHeaderValue
</a>
</em>
</td>
<td>
<em>(Optional)</em>
<p>AllowHeaders specifies the content for the <em>access-control-allow-headers</em> header.</p>
</td>
</tr>
<tr>
<td style="white-space:nowrap">
<code>exposeHeaders</code>
<br>
<em>
<a href="#projectcontour.io/v1.CORSHeaderValue">
[]CORSHeaderValue
</a>
</em>
</td>
<td>
<em>(Optional)</em>
<p>ExposeHeaders Specifies the content for the <em>access-control-expose-headers</em> header.</p>
</td>
</tr>
<tr>
<td style="white-space:nowrap">
<code>maxAge</code>
<br>
<em>
string
</em>
</td>
<td>
<em>(Optional)</em>
<p>MaxAge indicates for how long the results of a preflight request can be cached.
MaxAge durations are expressed in the Go <a href="https://godoc.org/time#ParseDuration">Duration format</a>.
Valid time units are &ldquo;ns&rdquo;, &ldquo;us&rdquo; (or &ldquo;µs&rdquo;), &ldquo;ms&rdquo;, &ldquo;s&rdquo;, &ldquo;m&rdquo;, &ldquo;h&rdquo;.
Only positive values are allowed while 0 disables the cache requiring a preflight OPTIONS
check for all cross-origin requests.</p>
</td>
</tr>
</tbody>
</table>
<h3 id="projectcontour.io/v1.CertificateDelegation">CertificateDelegation
</h3>
<p>
(<em>Appears on:</em>
<a href="#projectcontour.io/v1.TLSCertificateDelegationSpec">TLSCertificateDelegationSpec</a>)
</p>
<p>
<p>CertificateDelegation maps the authority to reference a secret
in the current namespace to a set of namespaces.</p>
</p>
<table class="table table-striped table-borderless" style="border:none">
<thead class="border-bottom">
<tr>
<th>Field</th>
<th>Description</th>
</tr>
</thead>
<tbody class="border-top">
<tr>
<td style="white-space:nowrap">
<code>secretName</code>
<br>
<em>
string
</em>
</td>
<td>
<p>required, the name of a secret in the current namespace.</p>
</td>
</tr>
<tr>
<td style="white-space:nowrap">
<code>targetNamespaces</code>
<br>
<em>
[]string
</em>
</td>
<td>
<p>required, the namespaces the authority to reference the
the secret will be delegated to.
If TargetNamespaces is nil or empty, the CertificateDelegation&rsquo;
is ignored. If the TargetNamespace list contains the character, &ldquo;*&rdquo;
the secret will be delegated to all namespaces.</p>
</td>
</tr>
</tbody>
</table>
<h3 id="projectcontour.io/v1.CookieDomainRewrite">CookieDomainRewrite
</h3>
<p>
(<em>Appears on:</em>
<a href="#projectcontour.io/v1.CookieRewritePolicy">CookieRewritePolicy</a>)
</p>
<p>
</p>
<table class="table table-striped table-borderless" style="border:none">
<thead class="border-bottom">
<tr>
<th>Field</th>
<th>Description</th>
</tr>
</thead>
<tbody class="border-top">
<tr>
<td style="white-space:nowrap">
<code>value</code>
<br>
<em>
string
</em>
</td>
<td>
<p>Value is the value to rewrite the Domain attribute to.
For now this is required.</p>
</td>
</tr>
</tbody>
</table>
<h3 id="projectcontour.io/v1.CookiePathRewrite">CookiePathRewrite
</h3>
<p>
(<em>Appears on:</em>
<a href="#projectcontour.io/v1.CookieRewritePolicy">CookieRewritePolicy</a>)
</p>
<p>
</p>
<table class="table table-striped table-borderless" style="border:none">
<thead class="border-bottom">
<tr>
<th>Field</th>
<th>Description</th>
</tr>
</thead>
<tbody class="border-top">
<tr>
<td style="white-space:nowrap">
<code>value</code>
<br>
<em>
string
</em>
</td>
<td>
<p>Value is the value to rewrite the Path attribute to.
For now this is required.</p>
</td>
</tr>
</tbody>
</table>
<h3 id="projectcontour.io/v1.CookieRewritePolicy">CookieRewritePolicy
</h3>
<p>
(<em>Appears on:</em>
<a href="#projectcontour.io/v1.Route">Route</a>, 
<a href="#projectcontour.io/v1.Service">Service</a>)
</p>
<p>
</p>
<table class="table table-striped table-borderless" style="border:none">
<thead class="border-bottom">
<tr>
<th>Field</th>
<th>Description</th>
</tr>
</thead>
<tbody class="border-top">
<tr>
<td style="white-space:nowrap">
<code>name</code>
<br>
<em>
string
</em>
</td>
<td>
<p>Name is the name of the cookie for which attributes will be rewritten.</p>
</td>
</tr>
<tr>
<td style="white-space:nowrap">
<code>pathRewrite</code>
<br>
<em>
<a href="#projectcontour.io/v1.CookiePathRewrite">
CookiePathRewrite
</a>
</em>
</td>
<td>
<em>(Optional)</em>
<p>PathRewrite enables rewriting the Set-Cookie Path element.
If not set, Path will not be rewritten.</p>
</td>
</tr>
<tr>
<td style="white-space:nowrap">
<code>domainRewrite</code>
<br>
<em>
<a href="#projectcontour.io/v1.CookieDomainRewrite">
CookieDomainRewrite
</a>
</em>
</td>
<td>
<em>(Optional)</em>
<p>DomainRewrite enables rewriting the Set-Cookie Domain element.
If not set, Domain will not be rewritten.</p>
</td>
</tr>
<tr>
<td style="white-space:nowrap">
<code>secure</code>
<br>
<em>
bool
</em>
</td>
<td>
<em>(Optional)</em>
<p>Secure enables rewriting the Set-Cookie Secure element.
If not set, Secure attribute will not be rewritten.</p>
</td>
</tr>
<tr>
<td style="white-space:nowrap">
<code>sameSite</code>
<br>
<em>
string
</em>
</td>
<td>
<em>(Optional)</em>
<p>SameSite enables rewriting the Set-Cookie SameSite element.
If not set, SameSite attribute will not be rewritten.</p>
</td>
</tr>
</tbody>
</table>
<h3 id="projectcontour.io/v1.DetailedCondition">DetailedCondition
</h3>
<p>
(<em>Appears on:</em>
<a href="#projectcontour.io/v1.HTTPProxyStatus">HTTPProxyStatus</a>, 
<a href="#projectcontour.io/v1.TLSCertificateDelegationStatus">TLSCertificateDelegationStatus</a>, 
<a href="#projectcontour.io/v1alpha1.ContourConfigurationStatus">ContourConfigurationStatus</a>, 
<a href="#projectcontour.io/v1alpha1.ContourDeploymentStatus">ContourDeploymentStatus</a>, 
<a href="#projectcontour.io/v1alpha1.ExtensionServiceStatus">ExtensionServiceStatus</a>)
</p>
<p>
<p>DetailedCondition is an extension of the normal Kubernetes conditions, with two extra
fields to hold sub-conditions, which provide more detailed reasons for the state (True or False)
of the condition.</p>
<p><code>errors</code> holds information about sub-conditions which are fatal to that condition and render its state False.</p>
<p><code>warnings</code> holds information about sub-conditions which are not fatal to that condition and do not force the state to be False.</p>
<p>Remember that Conditions have a type, a status, and a reason.</p>
<p>The type is the type of the condition, the most important one in this CRD set is <code>Valid</code>.
<code>Valid</code> is a positive-polarity condition: when it is <code>status: true</code> there are no problems.</p>
<p>In more detail, <code>status: true</code> means that the object is has been ingested into Contour with no errors.
<code>warnings</code> may still be present, and will be indicated in the Reason field. There must be zero entries in the <code>errors</code>
slice in this case.</p>
<p><code>Valid</code>, <code>status: false</code> means that the object has had one or more fatal errors during processing into Contour.
The details of the errors will be present under the <code>errors</code> field. There must be at least one error in the <code>errors</code>
slice if <code>status</code> is <code>false</code>.</p>
<p>For DetailedConditions of types other than <code>Valid</code>, the Condition must be in the negative polarity.
When they have <code>status</code> <code>true</code>, there is an error. There must be at least one entry in the <code>errors</code> Subcondition slice.
When they have <code>status</code> <code>false</code>, there are no serious errors, and there must be zero entries in the <code>errors</code> slice.
In either case, there may be entries in the <code>warnings</code> slice.</p>
<p>Regardless of the polarity, the <code>reason</code> and <code>message</code> fields must be updated with either the detail of the reason
(if there is one and only one entry in total across both the <code>errors</code> and <code>warnings</code> slices), or
<code>MultipleReasons</code> if there is more than one entry.</p>
</p>
<table class="table table-striped table-borderless" style="border:none">
<thead class="border-bottom">
<tr>
<th>Field</th>
<th>Description</th>
</tr>
</thead>
<tbody class="border-top">
<tr>
<td style="white-space:nowrap">
<code>Condition</code>
<br>
<em>
<a href="https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.18/#condition-v1-meta">
Kubernetes meta/v1.Condition
</a>
</em>
</td>
<td>
<p>
(Members of <code>Condition</code> are embedded into this type.)
</p>
</td>
</tr>
<tr>
<td style="white-space:nowrap">
<code>errors</code>
<br>
<em>
<a href="#projectcontour.io/v1.SubCondition">
[]SubCondition
</a>
</em>
</td>
<td>
<em>(Optional)</em>
<p>Errors contains a slice of relevant error subconditions for this object.</p>
<p>Subconditions are expected to appear when relevant (when there is a error), and disappear when not relevant.
An empty slice here indicates no errors.</p>
</td>
</tr>
<tr>
<td style="white-space:nowrap">
<code>warnings</code>
<br>
<em>
<a href="#projectcontour.io/v1.SubCondition">
[]SubCondition
</a>
</em>
</td>
<td>
<em>(Optional)</em>
<p>Warnings contains a slice of relevant warning subconditions for this object.</p>
<p>Subconditions are expected to appear when relevant (when there is a warning), and disappear when not relevant.
An empty slice here indicates no warnings.</p>
</td>
</tr>
</tbody>
</table>
<h3 id="projectcontour.io/v1.DownstreamValidation">DownstreamValidation
</h3>
<p>
(<em>Appears on:</em>
<a href="#projectcontour.io/v1.TLS">TLS</a>)
</p>
<p>
<p>DownstreamValidation defines how to verify the client certificate.</p>
</p>
<table class="table table-striped table-borderless" style="border:none">
<thead class="border-bottom">
<tr>
<th>Field</th>
<th>Description</th>
</tr>
</thead>
<tbody class="border-top">
<tr>
<td style="white-space:nowrap">
<code>caSecret</code>
<br>
<em>
string
</em>
</td>
<td>
<em>(Optional)</em>
<p>Name of a Kubernetes secret that contains a CA certificate bundle.
The client certificate must validate against the certificates in the bundle.
If specified and SkipClientCertValidation is true, client certificates will
be required on requests.</p>
</td>
</tr>
<tr>
<td style="white-space:nowrap">
<code>skipClientCertValidation</code>
<br>
<em>
bool
</em>
</td>
<td>
<em>(Optional)</em>
<p>SkipClientCertValidation disables downstream client certificate
validation. Defaults to false. This field is intended to be used in
conjunction with external authorization in order to enable the external
authorization server to validate client certificates. When this field
is set to true, client certificates are requested but not verified by
Envoy. If CACertificate is specified, client certificates are required on
requests, but not verified. If external authorization is in use, they are
presented to the external authorization server.</p>
</td>
</tr>
</tbody>
</table>
<h3 id="projectcontour.io/v1.ExtensionServiceReference">ExtensionServiceReference
</h3>
<p>
(<em>Appears on:</em>
<a href="#projectcontour.io/v1.AuthorizationServer">AuthorizationServer</a>)
</p>
<p>
<p>ExtensionServiceReference names an ExtensionService resource.</p>
</p>
<table class="table table-striped table-borderless" style="border:none">
<thead class="border-bottom">
<tr>
<th>Field</th>
<th>Description</th>
</tr>
</thead>
<tbody class="border-top">
<tr>
<td style="white-space:nowrap">
<code>apiVersion</code>
<br>
<em>
string
</em>
</td>
<td>
<em>(Optional)</em>
<p>API version of the referent.
If this field is not specified, the default &ldquo;projectcontour.io/v1alpha1&rdquo; will be used</p>
</td>
</tr>
<tr>
<td style="white-space:nowrap">
<code>namespace</code>
<br>
<em>
string
</em>
</td>
<td>
<em>(Optional)</em>
<p>Namespace of the referent.
If this field is not specifies, the namespace of the resource that targets the referent will be used.</p>
<p>More info: <a href="https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/">https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/</a></p>
</td>
</tr>
<tr>
<td style="white-space:nowrap">
<code>name</code>
<br>
<em>
string
</em>
</td>
<td>
<p>Name of the referent.</p>
<p>More info: <a href="https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names">https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names</a></p>
</td>
</tr>
</tbody>
</table>
<h3 id="projectcontour.io/v1.GenericKeyDescriptor">GenericKeyDescriptor
</h3>
<p>
(<em>Appears on:</em>
<a href="#projectcontour.io/v1.RateLimitDescriptorEntry">RateLimitDescriptorEntry</a>)
</p>
<p>
<p>GenericKeyDescriptor defines a descriptor entry with a static key and
value.</p>
</p>
<table class="table table-striped table-borderless" style="border:none">
<thead class="border-bottom">
<tr>
<th>Field</th>
<th>Description</th>
</tr>
</thead>
<tbody class="border-top">
<tr>
<td style="white-space:nowrap">
<code>key</code>
<br>
<em>
string
</em>
</td>
<td>
<em>(Optional)</em>
<p>Key defines the key of the descriptor entry. If not set, the
key is set to &ldquo;generic_key&rdquo;.</p>
</td>
</tr>
<tr>
<td style="white-space:nowrap">
<code>value</code>
<br>
<em>
string
</em>
</td>
<td>
<p>Value defines the value of the descriptor entry.</p>
</td>
</tr>
</tbody>
</table>
<h3 id="projectcontour.io/v1.GlobalRateLimitPolicy">GlobalRateLimitPolicy
</h3>
<p>
(<em>Appears on:</em>
<a href="#projectcontour.io/v1.RateLimitPolicy">RateLimitPolicy</a>)
</p>
<p>
<p>GlobalRateLimitPolicy defines global rate limiting parameters.</p>
</p>
<table class="table table-striped table-borderless" style="border:none">
<thead class="border-bottom">
<tr>
<th>Field</th>
<th>Description</th>
</tr>
</thead>
<tbody class="border-top">
<tr>
<td style="white-space:nowrap">
<code>descriptors</code>
<br>
<em>
<a href="#projectcontour.io/v1.RateLimitDescriptor">
[]RateLimitDescriptor
</a>
</em>
</td>
<td>
<p>Descriptors defines the list of descriptors that will
be generated and sent to the rate limit service. Each
descriptor contains 1+ key-value pair entries.</p>
</td>
</tr>
</tbody>
</table>
<h3 id="projectcontour.io/v1.HTTPHealthCheckPolicy">HTTPHealthCheckPolicy
</h3>
<p>
(<em>Appears on:</em>
<a href="#projectcontour.io/v1.Route">Route</a>)
</p>
<p>
<p>HTTPHealthCheckPolicy defines health checks on the upstream service.</p>
</p>
<table class="table table-striped table-borderless" style="border:none">
<thead class="border-bottom">
<tr>
<th>Field</th>
<th>Description</th>
</tr>
</thead>
<tbody class="border-top">
<tr>
<td style="white-space:nowrap">
<code>path</code>
<br>
<em>
string
</em>
</td>
<td>
<p>HTTP endpoint used to perform health checks on upstream service</p>
</td>
</tr>
<tr>
<td style="white-space:nowrap">
<code>host</code>
<br>
<em>
string
</em>
</td>
<td>
<p>The value of the host header in the HTTP health check request.
If left empty (default value), the name &ldquo;contour-envoy-healthcheck&rdquo;
will be used.</p>
</td>
</tr>
<tr>
<td style="white-space:nowrap">
<code>intervalSeconds</code>
<br>
<em>
int64
</em>
</td>
<td>
<em>(Optional)</em>
<p>The interval (seconds) between health checks</p>
</td>
</tr>
<tr>
<td style="white-space:nowrap">
<code>timeoutSeconds</code>
<br>
<em>
int64
</em>
</td>
<td>
<em>(Optional)</em>
<p>The time to wait (seconds) for a health check response</p>
</td>
</tr>
<tr>
<td style="white-space:nowrap">
<code>unhealthyThresholdCount</code>
<br>
<em>
int64
</em>
</td>
<td>
<em>(Optional)</em>
<p>The number of unhealthy health checks required before a host is marked unhealthy</p>
</td>
</tr>
<tr>
<td style="white-space:nowrap">
<code>healthyThresholdCount</code>
<br>
<em>
int64
</em>
</td>
<td>
<em>(Optional)</em>
<p>The number of healthy health checks required before a host is marked healthy</p>
</td>
</tr>
</tbody>
</table>
<h3 id="projectcontour.io/v1.HTTPProxySpec">HTTPProxySpec
</h3>
<p>
(<em>Appears on:</em>
<a href="#projectcontour.io/v1.HTTPProxy">HTTPProxy</a>)
</p>
<p>
<p>HTTPProxySpec defines the spec of the CRD.</p>
</p>
<table class="table table-striped table-borderless" style="border:none">
<thead class="border-bottom">
<tr>
<th>Field</th>
<th>Description</th>
</tr>
</thead>
<tbody class="border-top">
<tr>
<td style="white-space:nowrap">
<code>virtualhost</code>
<br>
<em>
<a href="#projectcontour.io/v1.VirtualHost">
VirtualHost
</a>
</em>
</td>
<td>
<em>(Optional)</em>
<p>Virtualhost appears at most once. If it is present, the object is considered
to be a &ldquo;root&rdquo; HTTPProxy.</p>
</td>
</tr>
<tr>
<td style="white-space:nowrap">
<code>routes</code>
<br>
<em>
<a href="#projectcontour.io/v1.Route">
[]Route
</a>
</em>
</td>
<td>
<em>(Optional)</em>
<p>Routes are the ingress routes. If TCPProxy is present, Routes is ignored.</p>
</td>
</tr>
<tr>
<td style="white-space:nowrap">
<code>tcpproxy</code>
<br>
<em>
<a href="#projectcontour.io/v1.TCPProxy">
TCPProxy
</a>
</em>
</td>
<td>
<em>(Optional)</em>
<p>TCPProxy holds TCP proxy information.</p>
</td>
</tr>
<tr>
<td style="white-space:nowrap">
<code>includes</code>
<br>
<em>
<a href="#projectcontour.io/v1.Include">
[]Include
</a>
</em>
</td>
<td>
<em>(Optional)</em>
<p>Includes allow for specific routing configuration to be included from another HTTPProxy,
possibly in another namespace.</p>
</td>
</tr>
<tr>
<td style="white-space:nowrap">
<code>ingressClassName</code>
<br>
<em>
string
</em>
</td>
<td>
<em>(Optional)</em>
<p>IngressClassName optionally specifies the ingress class to use for this
HTTPProxy. This replaces the deprecated <code>kubernetes.io/ingress.class</code>
annotation. For backwards compatibility, when that annotation is set, it
is given precedence over this field.</p>
</td>
</tr>
</tbody>
</table>
<h3 id="projectcontour.io/v1.HTTPProxyStatus">HTTPProxyStatus
</h3>
<p>
(<em>Appears on:</em>
<a href="#projectcontour.io/v1.HTTPProxy">HTTPProxy</a>)
</p>
<p>
<p>HTTPProxyStatus reports the current state of the HTTPProxy.</p>
</p>
<table class="table table-striped table-borderless" style="border:none">
<thead class="border-bottom">
<tr>
<th>Field</th>
<th>Description</th>
</tr>
</thead>
<tbody class="border-top">
<tr>
<td style="white-space:nowrap">
<code>currentStatus</code>
<br>
<em>
string
</em>
</td>
<td>
<em>(Optional)</em>
</td>
</tr>
<tr>
<td style="white-space:nowrap">
<code>description</code>
<br>
<em>
string
</em>
</td>
<td>
<em>(Optional)</em>
</td>
</tr>
<tr>
<td style="white-space:nowrap">
<code>loadBalancer</code>
<br>
<em>
<a href="https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.18/#loadbalancerstatus-v1-core">
Kubernetes core/v1.LoadBalancerStatus
</a>
</em>
</td>
<td>
<em>(Optional)</em>
<p>LoadBalancer contains the current status of the load balancer.</p>
</td>
</tr>
<tr>
<td style="white-space:nowrap">
<code>conditions</code>
<br>
<em>
<a href="#projectcontour.io/v1.DetailedCondition">
[]DetailedCondition
</a>
</em>
</td>
<td>
<em>(Optional)</em>
<p>Conditions contains information about the current status of the HTTPProxy,
in an upstream-friendly container.</p>
<p>Contour will update a single condition, <code>Valid</code>, that is in normal-true polarity.
That is, when <code>currentStatus</code> is <code>valid</code>, the <code>Valid</code> condition will be <code>status: true</code>,
and vice versa.</p>
<p>Contour will leave untouched any other Conditions set in this block,
in case some other controller wants to add a Condition.</p>
<p>If you are another controller owner and wish to add a condition, you <em>should</em>
namespace your condition with a label, like <code>controller.domain.com/ConditionName</code>.</p>
</td>
</tr>
</tbody>
</table>
<h3 id="projectcontour.io/v1.HTTPRequestRedirectPolicy">HTTPRequestRedirectPolicy
</h3>
<p>
(<em>Appears on:</em>
<a href="#projectcontour.io/v1.Route">Route</a>)
</p>
<p>
<p>HTTPRequestRedirectPolicy defines configuration for redirecting a request.</p>
</p>
<table class="table table-striped table-borderless" style="border:none">
<thead class="border-bottom">
<tr>
<th>Field</th>
<th>Description</th>
</tr>
</thead>
<tbody class="border-top">
<tr>
<td style="white-space:nowrap">
<code>scheme</code>
<br>
<em>
string
</em>
</td>
<td>
<em>(Optional)</em>
<p>Scheme is the scheme to be used in the value of the <code>Location</code>
header in the response.
When empty, the scheme of the request is used.</p>
</td>
</tr>
<tr>
<td style="white-space:nowrap">
<code>hostname</code>
<br>
<em>
string
</em>
</td>
<td>
<em>(Optional)</em>
<p>Hostname is the precise hostname to be used in the value of the <code>Location</code>
header in the response.
When empty, the hostname of the request is used.
No wildcards are allowed.</p>
</td>
</tr>
<tr>
<td style="white-space:nowrap">
<code>port</code>
<br>
<em>
int32
</em>
</td>
<td>
<em>(Optional)</em>
<p>Port is the port to be used in the value of the <code>Location</code>
header in the response.
When empty, port (if specified) of the request is used.</p>
</td>
</tr>
<tr>
<td style="white-space:nowrap">
<code>statusCode</code>
<br>
<em>
int
</em>
</td>
<td>
<em>(Optional)</em>
<p>StatusCode is the HTTP status code to be used in response.</p>
</td>
</tr>
<tr>
<td style="white-space:nowrap">
<code>path</code>
<br>
<em>
string
</em>
</td>
<td>
<em>(Optional)</em>
<p>Path allows for redirection to a different path from the
original on the request. The path must start with a
leading slash.</p>
<p>Note: Only one of Path or Prefix can be defined.</p>
</td>
</tr>
<tr>
<td style="white-space:nowrap">
<code>prefix</code>
<br>
<em>
string
</em>
</td>
<td>
<em>(Optional)</em>
<p>Prefix defines the value to swap the matched prefix or path with.
The prefix must start with a leading slash.</p>
<p>Note: Only one of Path or Prefix can be defined.</p>
</td>
</tr>
</tbody>
</table>
<h3 id="projectcontour.io/v1.HeaderHashOptions">HeaderHashOptions
</h3>
<p>
(<em>Appears on:</em>
<a href="#projectcontour.io/v1.RequestHashPolicy">RequestHashPolicy</a>)
</p>
<p>
<p>HeaderHashOptions contains options to configure a HTTP request header hash
policy, used in request attribute hash based load balancing.</p>
</p>
<table class="table table-striped table-borderless" style="border:none">
<thead class="border-bottom">
<tr>
<th>Field</th>
<th>Description</th>
</tr>
</thead>
<tbody class="border-top">
<tr>
<td style="white-space:nowrap">
<code>headerName</code>
<br>
<em>
string
</em>
</td>
<td>
<p>HeaderName is the name of the HTTP request header that will be used to
calculate the hash key. If the header specified is not present on a
request, no hash will be produced.</p>
</td>
</tr>
</tbody>
</table>
<h3 id="projectcontour.io/v1.HeaderMatchCondition">HeaderMatchCondition
</h3>
<p>
(<em>Appears on:</em>
<a href="#projectcontour.io/v1.MatchCondition">MatchCondition</a>, 
<a href="#projectcontour.io/v1.RequestHeaderValueMatchDescriptor">RequestHeaderValueMatchDescriptor</a>)
</p>
<p>
<p>HeaderMatchCondition specifies how to conditionally match against HTTP
headers. The Name field is required, but only one of the remaining
fields should be be provided.</p>
</p>
<table class="table table-striped table-borderless" style="border:none">
<thead class="border-bottom">
<tr>
<th>Field</th>
<th>Description</th>
</tr>
</thead>
<tbody class="border-top">
<tr>
<td style="white-space:nowrap">
<code>name</code>
<br>
<em>
string
</em>
</td>
<td>
<p>Name is the name of the header to match against. Name is required.
Header names are case insensitive.</p>
</td>
</tr>
<tr>
<td style="white-space:nowrap">
<code>present</code>
<br>
<em>
bool
</em>
</td>
<td>
<em>(Optional)</em>
<p>Present specifies that condition is true when the named header
is present, regardless of its value. Note that setting Present
to false does not make the condition true if the named header
is absent.</p>
</td>
</tr>
<tr>
<td style="white-space:nowrap">
<code>notpresent</code>
<br>
<em>
bool
</em>
</td>
<td>
<em>(Optional)</em>
<p>NotPresent specifies that condition is true when the named header
is not present. Note that setting NotPresent to false does not
make the condition true if the named header is present.</p>
</td>
</tr>
<tr>
<td style="white-space:nowrap">
<code>contains</code>
<br>
<em>
string
</em>
</td>
<td>
<em>(Optional)</em>
<p>Contains specifies a substring that must be present in
the header value.</p>
</td>
</tr>
<tr>
<td style="white-space:nowrap">
<code>notcontains</code>
<br>
<em>
string
</em>
</td>
<td>
<em>(Optional)</em>
<p>NotContains specifies a substring that must not be present
in the header value.</p>
</td>
</tr>
<tr>
<td style="white-space:nowrap">
<code>exact</code>
<br>
<em>
string
</em>
</td>
<td>
<em>(Optional)</em>
<p>Exact specifies a string that the header value must be equal to.</p>
</td>
</tr>
<tr>
<td style="white-space:nowrap">
<code>notexact</code>
<br>
<em>
string
</em>
</td>
<td>
<em>(Optional)</em>
<p>NoExact specifies a string that the header value must not be
equal to. The condition is true if the header has any other value.</p>
</td>
</tr>
</tbody>
</table>
<h3 id="projectcontour.io/v1.HeaderValue">HeaderValue
</h3>
<p>
(<em>Appears on:</em>
<a href="#projectcontour.io/v1.HeadersPolicy">HeadersPolicy</a>, 
<a href="#projectcontour.io/v1.LocalRateLimitPolicy">LocalRateLimitPolicy</a>)
</p>
<p>
<p>HeaderValue represents a header name/value pair</p>
</p>
<table class="table table-striped table-borderless" style="border:none">
<thead class="border-bottom">
<tr>
<th>Field</th>
<th>Description</th>
</tr>
</thead>
<tbody class="border-top">
<tr>
<td style="white-space:nowrap">
<code>name</code>
<br>
<em>
string
</em>
</td>
<td>
<p>Name represents a key of a header</p>
</td>
</tr>
<tr>
<td style="white-space:nowrap">
<code>value</code>
<br>
<em>
string
</em>
</td>
<td>
<p>Value represents the value of a header specified by a key</p>
</td>
</tr>
</tbody>
</table>
<h3 id="projectcontour.io/v1.HeadersPolicy">HeadersPolicy
</h3>
<p>
(<em>Appears on:</em>
<a href="#projectcontour.io/v1.Route">Route</a>, 
<a href="#projectcontour.io/v1.Service">Service</a>)
</p>
<p>
<p>HeadersPolicy defines how headers are managed during forwarding.
The <code>Host</code> header is treated specially and if set in a HTTP response
will be used as the SNI server name when forwarding over TLS. It is an
error to attempt to set the <code>Host</code> header in a HTTP response.</p>
</p>
<table class="table table-striped table-borderless" style="border:none">
<thead class="border-bottom">
<tr>
<th>Field</th>
<th>Description</th>
</tr>
</thead>
<tbody class="border-top">
<tr>
<td style="white-space:nowrap">
<code>set</code>
<br>
<em>
<a href="#projectcontour.io/v1.HeaderValue">
[]HeaderValue
</a>
</em>
</td>
<td>
<em>(Optional)</em>
<p>Set specifies a list of HTTP header values that will be set in the HTTP header.
If the header does not exist it will be added, otherwise it will be overwritten with the new value.</p>
</td>
</tr>
<tr>
<td style="white-space:nowrap">
<code>remove</code>
<br>
<em>
[]string
</em>
</td>
<td>
<em>(Optional)</em>
<p>Remove specifies a list of HTTP header names to remove.</p>
</td>
</tr>
</tbody>
</table>
<h3 id="projectcontour.io/v1.Include">Include
</h3>
<p>
(<em>Appears on:</em>
<a href="#projectcontour.io/v1.HTTPProxySpec">HTTPProxySpec</a>)
</p>
<p>
<p>Include describes a set of policies that can be applied to an HTTPProxy in a namespace.</p>
</p>
<table class="table table-striped table-borderless" style="border:none">
<thead class="border-bottom">
<tr>
<th>Field</th>
<th>Description</th>
</tr>
</thead>
<tbody class="border-top">
<tr>
<td style="white-space:nowrap">
<code>name</code>
<br>
<em>
string
</em>
</td>
<td>
<p>Name of the HTTPProxy</p>
</td>
</tr>
<tr>
<td style="white-space:nowrap">
<code>namespace</code>
<br>
<em>
string
</em>
</td>
<td>
<em>(Optional)</em>
<p>Namespace of the HTTPProxy to include. Defaults to the current namespace if not supplied.</p>
</td>
</tr>
<tr>
<td style="white-space:nowrap">
<code>conditions</code>
<br>
<em>
<a href="#projectcontour.io/v1.MatchCondition">
[]MatchCondition
</a>
</em>
</td>
<td>
<em>(Optional)</em>
<p>Conditions are a set of rules that are applied to included HTTPProxies.
In effect, they are added onto the Conditions of included HTTPProxy Route
structs.
When applied, they are merged using AND, with one exception:
There can be only one Prefix MatchCondition per Conditions slice.
More than one Prefix, or contradictory Conditions, will make the
include invalid.</p>
</td>
</tr>
</tbody>
</table>
<h3 id="projectcontour.io/v1.LoadBalancerPolicy">LoadBalancerPolicy
</h3>
<p>
(<em>Appears on:</em>
<a href="#projectcontour.io/v1.Route">Route</a>, 
<a href="#projectcontour.io/v1.TCPProxy">TCPProxy</a>, 
<a href="#projectcontour.io/v1alpha1.ExtensionServiceSpec">ExtensionServiceSpec</a>)
</p>
<p>
<p>LoadBalancerPolicy defines the load balancing policy.</p>
</p>
<table class="table table-striped table-borderless" style="border:none">
<thead class="border-bottom">
<tr>
<th>Field</th>
<th>Description</th>
</tr>
</thead>
<tbody class="border-top">
<tr>
<td style="white-space:nowrap">
<code>strategy</code>
<br>
<em>
string
</em>
</td>
<td>
<p>Strategy specifies the policy used to balance requests
across the pool of backend pods. Valid policy names are
<code>Random</code>, <code>RoundRobin</code>, <code>WeightedLeastRequest</code>, <code>Cookie</code>,
and <code>RequestHash</code>. If an unknown strategy name is specified
or no policy is supplied, the default <code>RoundRobin</code> policy
is used.</p>
</td>
</tr>
<tr>
<td style="white-space:nowrap">
<code>requestHashPolicies</code>
<br>
<em>
<a href="#projectcontour.io/v1.RequestHashPolicy">
[]RequestHashPolicy
</a>
</em>
</td>
<td>
<p>RequestHashPolicies contains a list of hash policies to apply when the
<code>RequestHash</code> load balancing strategy is chosen. If an element of the
supplied list of hash policies is invalid, it will be ignored. If the
list of hash policies is empty after validation, the load balancing
strategy will fall back to the default <code>RoundRobin</code>.</p>
</td>
</tr>
</tbody>
</table>
<h3 id="projectcontour.io/v1.LocalRateLimitPolicy">LocalRateLimitPolicy
</h3>
<p>
(<em>Appears on:</em>
<a href="#projectcontour.io/v1.RateLimitPolicy">RateLimitPolicy</a>)
</p>
<p>
<p>LocalRateLimitPolicy defines local rate limiting parameters.</p>
</p>
<table class="table table-striped table-borderless" style="border:none">
<thead class="border-bottom">
<tr>
<th>Field</th>
<th>Description</th>
</tr>
</thead>
<tbody class="border-top">
<tr>
<td style="white-space:nowrap">
<code>requests</code>
<br>
<em>
uint32
</em>
</td>
<td>
<p>Requests defines how many requests per unit of time should
be allowed before rate limiting occurs.</p>
</td>
</tr>
<tr>
<td style="white-space:nowrap">
<code>unit</code>
<br>
<em>
string
</em>
</td>
<td>
<p>Unit defines the period of time within which requests
over the limit will be rate limited. Valid values are
&ldquo;second&rdquo;, &ldquo;minute&rdquo; and &ldquo;hour&rdquo;.</p>
</td>
</tr>
<tr>
<td style="white-space:nowrap">
<code>burst</code>
<br>
<em>
uint32
</em>
</td>
<td>
<em>(Optional)</em>
<p>Burst defines the number of requests above the requests per
unit that should be allowed within a short period of time.</p>
</td>
</tr>
<tr>
<td style="white-space:nowrap">
<code>responseStatusCode</code>
<br>
<em>
uint32
</em>
</td>
<td>
<em>(Optional)</em>
<p>ResponseStatusCode is the HTTP status code to use for responses
to rate-limited requests. Codes must be in the 400-599 range
(inclusive). If not specified, the Envoy default of 429 (Too
Many Requests) is used.</p>
</td>
</tr>
<tr>
<td style="white-space:nowrap">
<code>responseHeadersToAdd</code>
<br>
<em>
<a href="#projectcontour.io/v1.HeaderValue">
[]HeaderValue
</a>
</em>
</td>
<td>
<em>(Optional)</em>
<p>ResponseHeadersToAdd is an optional list of response headers to
set when a request is rate-limited.</p>
</td>
</tr>
</tbody>
</table>
<h3 id="projectcontour.io/v1.MatchCondition">MatchCondition
</h3>
<p>
(<em>Appears on:</em>
<a href="#projectcontour.io/v1.Include">Include</a>, 
<a href="#projectcontour.io/v1.Route">Route</a>)
</p>
<p>
<p>MatchCondition are a general holder for matching rules for HTTPProxies.
One of Prefix or Header must be provided.</p>
</p>
<table class="table table-striped table-borderless" style="border:none">
<thead class="border-bottom">
<tr>
<th>Field</th>
<th>Description</th>
</tr>
</thead>
<tbody class="border-top">
<tr>
<td style="white-space:nowrap">
<code>prefix</code>
<br>
<em>
string
</em>
</td>
<td>
<em>(Optional)</em>
<p>Prefix defines a prefix match for a request.</p>
</td>
</tr>
<tr>
<td style="white-space:nowrap">
<code>header</code>
<br>
<em>
<a href="#projectcontour.io/v1.HeaderMatchCondition">
HeaderMatchCondition
</a>
</em>
</td>
<td>
<em>(Optional)</em>
<p>Header specifies the header condition to match.</p>
</td>
</tr>
</tbody>
</table>
<h3 id="projectcontour.io/v1.PathRewritePolicy">PathRewritePolicy
</h3>
<p>
(<em>Appears on:</em>
<a href="#projectcontour.io/v1.Route">Route</a>)
</p>
<p>
<p>PathRewritePolicy specifies how a request URL path should be
rewritten. This rewriting takes place after a request is routed
and has no subsequent effects on the proxy&rsquo;s routing decision.
No HTTP headers or body content is rewritten.</p>
<p>Exactly one field in this struct may be specified.</p>
</p>
<table class="table table-striped table-borderless" style="border:none">
<thead class="border-bottom">
<tr>
<th>Field</th>
<th>Description</th>
</tr>
</thead>
<tbody class="border-top">
<tr>
<td style="white-space:nowrap">
<code>replacePrefix</code>
<br>
<em>
<a href="#projectcontour.io/v1.ReplacePrefix">
[]ReplacePrefix
</a>
</em>
</td>
<td>
<em>(Optional)</em>
<p>ReplacePrefix describes how the path prefix should be replaced.</p>
</td>
</tr>
</tbody>
</table>
<h3 id="projectcontour.io/v1.RateLimitDescriptor">RateLimitDescriptor
</h3>
<p>
(<em>Appears on:</em>
<a href="#projectcontour.io/v1.GlobalRateLimitPolicy">GlobalRateLimitPolicy</a>)
</p>
<p>
<p>RateLimitDescriptor defines a list of key-value pair generators.</p>
</p>
<table class="table table-striped table-borderless" style="border:none">
<thead class="border-bottom">
<tr>
<th>Field</th>
<th>Description</th>
</tr>
</thead>
<tbody class="border-top">
<tr>
<td style="white-space:nowrap">
<code>entries</code>
<br>
<em>
<a href="#projectcontour.io/v1.RateLimitDescriptorEntry">
[]RateLimitDescriptorEntry
</a>
</em>
</td>
<td>
<p>Entries is the list of key-value pair generators.</p>
</td>
</tr>
</tbody>
</table>
<h3 id="projectcontour.io/v1.RateLimitDescriptorEntry">RateLimitDescriptorEntry
</h3>
<p>
(<em>Appears on:</em>
<a href="#projectcontour.io/v1.RateLimitDescriptor">RateLimitDescriptor</a>)
</p>
<p>
<p>RateLimitDescriptorEntry is a key-value pair generator. Exactly
one field on this struct must be non-nil.</p>
</p>
<table class="table table-striped table-borderless" style="border:none">
<thead class="border-bottom">
<tr>
<th>Field</th>
<th>Description</th>
</tr>
</thead>
<tbody class="border-top">
<tr>
<td style="white-space:nowrap">
<code>genericKey</code>
<br>
<em>
<a href="#projectcontour.io/v1.GenericKeyDescriptor">
GenericKeyDescriptor
</a>
</em>
</td>
<td>
<em>(Optional)</em>
<p>GenericKey defines a descriptor entry with a static key and value.</p>
</td>
</tr>
<tr>
<td style="white-space:nowrap">
<code>requestHeader</code>
<br>
<em>
<a href="#projectcontour.io/v1.RequestHeaderDescriptor">
RequestHeaderDescriptor
</a>
</em>
</td>
<td>
<em>(Optional)</em>
<p>RequestHeader defines a descriptor entry that&rsquo;s populated only if
a given header is present on the request. The descriptor key is static,
and the descriptor value is equal to the value of the header.</p>
</td>
</tr>
<tr>
<td style="white-space:nowrap">
<code>requestHeaderValueMatch</code>
<br>
<em>
<a href="#projectcontour.io/v1.RequestHeaderValueMatchDescriptor">
RequestHeaderValueMatchDescriptor
</a>
</em>
</td>
<td>
<em>(Optional)</em>
<p>RequestHeaderValueMatch defines a descriptor entry that&rsquo;s populated
if the request&rsquo;s headers match a set of 1+ match criteria. The
descriptor key is &ldquo;header_match&rdquo;, and the descriptor value is static.</p>
</td>
</tr>
<tr>
<td style="white-space:nowrap">
<code>remoteAddress</code>
<br>
<em>
<a href="#projectcontour.io/v1.RemoteAddressDescriptor">
RemoteAddressDescriptor
</a>
</em>
</td>
<td>
<em>(Optional)</em>
<p>RemoteAddress defines a descriptor entry with a key of &ldquo;remote_address&rdquo;
and a value equal to the client&rsquo;s IP address (from x-forwarded-for).</p>
</td>
</tr>
</tbody>
</table>
<h3 id="projectcontour.io/v1.RateLimitPolicy">RateLimitPolicy
</h3>
<p>
(<em>Appears on:</em>
<a href="#projectcontour.io/v1.Route">Route</a>, 
<a href="#projectcontour.io/v1.VirtualHost">VirtualHost</a>)
</p>
<p>
<p>RateLimitPolicy defines rate limiting parameters.</p>
</p>
<table class="table table-striped table-borderless" style="border:none">
<thead class="border-bottom">
<tr>
<th>Field</th>
<th>Description</th>
</tr>
</thead>
<tbody class="border-top">
<tr>
<td style="white-space:nowrap">
<code>local</code>
<br>
<em>
<a href="#projectcontour.io/v1.LocalRateLimitPolicy">
LocalRateLimitPolicy
</a>
</em>
</td>
<td>
<em>(Optional)</em>
<p>Local defines local rate limiting parameters, i.e. parameters
for rate limiting that occurs within each Envoy pod as requests
are handled.</p>
</td>
</tr>
<tr>
<td style="white-space:nowrap">
<code>global</code>
<br>
<em>
<a href="#projectcontour.io/v1.GlobalRateLimitPolicy">
GlobalRateLimitPolicy
</a>
</em>
</td>
<td>
<em>(Optional)</em>
<p>Global defines global rate limiting parameters, i.e. parameters
defining descriptors that are sent to an external rate limit
service (RLS) for a rate limit decision on each request.</p>
</td>
</tr>
</tbody>
</table>
<h3 id="projectcontour.io/v1.RemoteAddressDescriptor">RemoteAddressDescriptor
</h3>
<p>
(<em>Appears on:</em>
<a href="#projectcontour.io/v1.RateLimitDescriptorEntry">RateLimitDescriptorEntry</a>)
</p>
<p>
<p>RemoteAddressDescriptor defines a descriptor entry with a key of
&ldquo;remote_address&rdquo; and a value equal to the client&rsquo;s IP address
(from x-forwarded-for).</p>
</p>
<h3 id="projectcontour.io/v1.ReplacePrefix">ReplacePrefix
</h3>
<p>
(<em>Appears on:</em>
<a href="#projectcontour.io/v1.PathRewritePolicy">PathRewritePolicy</a>)
</p>
<p>
<p>ReplacePrefix describes a path prefix replacement.</p>
</p>
<table class="table table-striped table-borderless" style="border:none">
<thead class="border-bottom">
<tr>
<th>Field</th>
<th>Description</th>
</tr>
</thead>
<tbody class="border-top">
<tr>
<td style="white-space:nowrap">
<code>prefix</code>
<br>
<em>
string
</em>
</td>
<td>
<em>(Optional)</em>
<p>Prefix specifies the URL path prefix to be replaced.</p>
<p>If Prefix is specified, it must exactly match the MatchCondition
prefix that is rendered by the chain of including HTTPProxies
and only that path prefix will be replaced by Replacement.
This allows HTTPProxies that are included through multiple
roots to only replace specific path prefixes, leaving others
unmodified.</p>
<p>If Prefix is not specified, all routing prefixes rendered
by the include chain will be replaced.</p>
</td>
</tr>
<tr>
<td style="white-space:nowrap">
<code>replacement</code>
<br>
<em>
string
</em>
</td>
<td>
<p>Replacement is the string that the routing path prefix
will be replaced with. This must not be empty.</p>
</td>
</tr>
</tbody>
</table>
<h3 id="projectcontour.io/v1.RequestHashPolicy">RequestHashPolicy
</h3>
<p>
(<em>Appears on:</em>
<a href="#projectcontour.io/v1.LoadBalancerPolicy">LoadBalancerPolicy</a>)
</p>
<p>
<p>RequestHashPolicy contains configuration for an individual hash policy
on a request attribute.</p>
</p>
<table class="table table-striped table-borderless" style="border:none">
<thead class="border-bottom">
<tr>
<th>Field</th>
<th>Description</th>
</tr>
</thead>
<tbody class="border-top">
<tr>
<td style="white-space:nowrap">
<code>terminal</code>
<br>
<em>
bool
</em>
</td>
<td>
<p>Terminal is a flag that allows for short-circuiting computing of a hash
for a given request. If set to true, and the request attribute specified
in the attribute hash options is present, no further hash policies will
be used to calculate a hash for the request.</p>
</td>
</tr>
<tr>
<td style="white-space:nowrap">
<code>headerHashOptions</code>
<br>
<em>
<a href="#projectcontour.io/v1.HeaderHashOptions">
HeaderHashOptions
</a>
</em>
</td>
<td>
<em>(Optional)</em>
<p>HeaderHashOptions should be set when request header hash based load
balancing is desired. It must be the only hash option field set,
otherwise this request hash policy object will be ignored.</p>
</td>
</tr>
<tr>
<td style="white-space:nowrap">
<code>hashSourceIP</code>
<br>
<em>
bool
</em>
</td>
<td>
<em>(Optional)</em>
<p>HashSourceIP should be set to true when request source IP hash based
load balancing is desired. It must be the only hash option field set,
otherwise this request hash policy object will be ignored.</p>
</td>
</tr>
</tbody>
</table>
<h3 id="projectcontour.io/v1.RequestHeaderDescriptor">RequestHeaderDescriptor
</h3>
<p>
(<em>Appears on:</em>
<a href="#projectcontour.io/v1.RateLimitDescriptorEntry">RateLimitDescriptorEntry</a>)
</p>
<p>
<p>RequestHeaderDescriptor defines a descriptor entry that&rsquo;s populated only
if a given header is present on the request. The value of the descriptor
entry is equal to the value of the header (if present).</p>
</p>
<table class="table table-striped table-borderless" style="border:none">
<thead class="border-bottom">
<tr>
<th>Field</th>
<th>Description</th>
</tr>
</thead>
<tbody class="border-top">
<tr>
<td style="white-space:nowrap">
<code>headerName</code>
<br>
<em>
string
</em>
</td>
<td>
<p>HeaderName defines the name of the header to look for on the request.</p>
</td>
</tr>
<tr>
<td style="white-space:nowrap">
<code>descriptorKey</code>
<br>
<em>
string
</em>
</td>
<td>
<p>DescriptorKey defines the key to use on the descriptor entry.</p>
</td>
</tr>
</tbody>
</table>
<h3 id="projectcontour.io/v1.RequestHeaderValueMatchDescriptor">RequestHeaderValueMatchDescriptor
</h3>
<p>
(<em>Appears on:</em>
<a href="#projectcontour.io/v1.RateLimitDescriptorEntry">RateLimitDescriptorEntry</a>)
</p>
<p>
<p>RequestHeaderValueMatchDescriptor defines a descriptor entry that&rsquo;s populated
if the request&rsquo;s headers match a set of 1+ match criteria. The descriptor key
is &ldquo;header_match&rdquo;, and the descriptor value is statically defined.</p>
</p>
<table class="table table-striped table-borderless" style="border:none">
<thead class="border-bottom">
<tr>
<th>Field</th>
<th>Description</th>
</tr>
</thead>
<tbody class="border-top">
<tr>
<td style="white-space:nowrap">
<code>headers</code>
<br>
<em>
<a href="#projectcontour.io/v1.HeaderMatchCondition">
[]HeaderMatchCondition
</a>
</em>
</td>
<td>
<p>Headers is a list of 1+ match criteria to apply against the request
to determine whether to populate the descriptor entry or not.</p>
</td>
</tr>
<tr>
<td style="white-space:nowrap">
<code>expectMatch</code>
<br>
<em>
bool
</em>
</td>
<td>
<p>ExpectMatch defines whether the request must positively match the match
criteria in order to generate a descriptor entry (i.e. true), or not
match the match criteria in order to generate a descriptor entry (i.e. false).
The default is true.</p>
</td>
</tr>
<tr>
<td style="white-space:nowrap">
<code>value</code>
<br>
<em>
string
</em>
</td>
<td>
<p>Value defines the value of the descriptor entry.</p>
</td>
</tr>
</tbody>
</table>
<h3 id="projectcontour.io/v1.RetryOn">RetryOn
(<code>string</code> alias)</h3>
<p>
(<em>Appears on:</em>
<a href="#projectcontour.io/v1.RetryPolicy">RetryPolicy</a>)
</p>
<p>
<p>RetryOn is a string type alias with validation to ensure that the value is valid.</p>
</p>
<h3 id="projectcontour.io/v1.RetryPolicy">RetryPolicy
</h3>
<p>
(<em>Appears on:</em>
<a href="#projectcontour.io/v1.Route">Route</a>)
</p>
<p>
<p>RetryPolicy defines the attributes associated with retrying policy.</p>
</p>
<table class="table table-striped table-borderless" style="border:none">
<thead class="border-bottom">
<tr>
<th>Field</th>
<th>Description</th>
</tr>
</thead>
<tbody class="border-top">
<tr>
<td style="white-space:nowrap">
<code>count</code>
<br>
<em>
int64
</em>
</td>
<td>
<em>(Optional)</em>
<p>NumRetries is maximum allowed number of retries.
If set to -1, then retries are disabled.
If set to 0 or not supplied, the value is set
to the Envoy default of 1.</p>
</td>
</tr>
<tr>
<td style="white-space:nowrap">
<code>perTryTimeout</code>
<br>
<em>
string
</em>
</td>
<td>
<em>(Optional)</em>
<p>PerTryTimeout specifies the timeout per retry attempt.
Ignored if NumRetries is not supplied.</p>
</td>
</tr>
<tr>
<td style="white-space:nowrap">
<code>retryOn</code>
<br>
<em>
<a href="#projectcontour.io/v1.RetryOn">
[]RetryOn
</a>
</em>
</td>
<td>
<em>(Optional)</em>
<p>RetryOn specifies the conditions on which to retry a request.</p>
<p>Supported <a href="https://www.envoyproxy.io/docs/envoy/latest/configuration/http/http_filters/router_filter#x-envoy-retry-on">HTTP conditions</a>:</p>
<ul>
<li><code>5xx</code></li>
<li><code>gateway-error</code></li>
<li><code>reset</code></li>
<li><code>connect-failure</code></li>
<li><code>retriable-4xx</code></li>
<li><code>refused-stream</code></li>
<li><code>retriable-status-codes</code></li>
<li><code>retriable-headers</code></li>
</ul>
<p>Supported <a href="https://www.envoyproxy.io/docs/envoy/latest/configuration/http/http_filters/router_filter#x-envoy-retry-grpc-on">gRPC conditions</a>:</p>
<ul>
<li><code>cancelled</code></li>
<li><code>deadline-exceeded</code></li>
<li><code>internal</code></li>
<li><code>resource-exhausted</code></li>
<li><code>unavailable</code></li>
</ul>
</td>
</tr>
<tr>
<td style="white-space:nowrap">
<code>retriableStatusCodes</code>
<br>
<em>
[]uint32
</em>
</td>
<td>
<em>(Optional)</em>
<p>RetriableStatusCodes specifies the HTTP status codes that should be retried.</p>
<p>This field is only respected when you include <code>retriable-status-codes</code> in the <code>RetryOn</code> field.</p>
</td>
</tr>
</tbody>
</table>
<h3 id="projectcontour.io/v1.Route">Route
</h3>
<p>
(<em>Appears on:</em>
<a href="#projectcontour.io/v1.HTTPProxySpec">HTTPProxySpec</a>)
</p>
<p>
<p>Route contains the set of routes for a virtual host.</p>
</p>
<table class="table table-striped table-borderless" style="border:none">
<thead class="border-bottom">
<tr>
<th>Field</th>
<th>Description</th>
</tr>
</thead>
<tbody class="border-top">
<tr>
<td style="white-space:nowrap">
<code>conditions</code>
<br>
<em>
<a href="#projectcontour.io/v1.MatchCondition">
[]MatchCondition
</a>
</em>
</td>
<td>
<em>(Optional)</em>
<p>Conditions are a set of rules that are applied to a Route.
When applied, they are merged using AND, with one exception:
There can be only one Prefix MatchCondition per Conditions slice.
More than one Prefix, or contradictory Conditions, will make the
route invalid.</p>
</td>
</tr>
<tr>
<td style="white-space:nowrap">
<code>services</code>
<br>
<em>
<a href="#projectcontour.io/v1.Service">
[]Service
</a>
</em>
</td>
<td>
<em>(Optional)</em>
<p>Services are the services to proxy traffic.</p>
</td>
</tr>
<tr>
<td style="white-space:nowrap">
<code>enableWebsockets</code>
<br>
<em>
bool
</em>
</td>
<td>
<em>(Optional)</em>
<p>Enables websocket support for the route.</p>
</td>
</tr>
<tr>
<td style="white-space:nowrap">
<code>permitInsecure</code>
<br>
<em>
bool
</em>
</td>
<td>
<em>(Optional)</em>
<p>Allow this path to respond to insecure requests over HTTP which are normally
not permitted when a <code>virtualhost.tls</code> block is present.</p>
</td>
</tr>
<tr>
<td style="white-space:nowrap">
<code>authPolicy</code>
<br>
<em>
<a href="#projectcontour.io/v1.AuthorizationPolicy">
AuthorizationPolicy
</a>
</em>
</td>
<td>
<em>(Optional)</em>
<p>AuthPolicy updates the authorization policy that was set
on the root HTTPProxy object for client requests that
match this route.</p>
</td>
</tr>
<tr>
<td style="white-space:nowrap">
<code>timeoutPolicy</code>
<br>
<em>
<a href="#projectcontour.io/v1.TimeoutPolicy">
TimeoutPolicy
</a>
</em>
</td>
<td>
<em>(Optional)</em>
<p>The timeout policy for this route.</p>
</td>
</tr>
<tr>
<td style="white-space:nowrap">
<code>retryPolicy</code>
<br>
<em>
<a href="#projectcontour.io/v1.RetryPolicy">
RetryPolicy
</a>
</em>
</td>
<td>
<em>(Optional)</em>
<p>The retry policy for this route.</p>
</td>
</tr>
<tr>
<td style="white-space:nowrap">
<code>healthCheckPolicy</code>
<br>
<em>
<a href="#projectcontour.io/v1.HTTPHealthCheckPolicy">
HTTPHealthCheckPolicy
</a>
</em>
</td>
<td>
<em>(Optional)</em>
<p>The health check policy for this route.</p>
</td>
</tr>
<tr>
<td style="white-space:nowrap">
<code>loadBalancerPolicy</code>
<br>
<em>
<a href="#projectcontour.io/v1.LoadBalancerPolicy">
LoadBalancerPolicy
</a>
</em>
</td>
<td>
<em>(Optional)</em>
<p>The load balancing policy for this route.</p>
</td>
</tr>
<tr>
<td style="white-space:nowrap">
<code>pathRewritePolicy</code>
<br>
<em>
<a href="#projectcontour.io/v1.PathRewritePolicy">
PathRewritePolicy
</a>
</em>
</td>
<td>
<em>(Optional)</em>
<p>The policy for rewriting the path of the request URL
after the request has been routed to a Service.</p>
</td>
</tr>
<tr>
<td style="white-space:nowrap">
<code>requestHeadersPolicy</code>
<br>
<em>
<a href="#projectcontour.io/v1.HeadersPolicy">
HeadersPolicy
</a>
</em>
</td>
<td>
<em>(Optional)</em>
<p>The policy for managing request headers during proxying.</p>
</td>
</tr>
<tr>
<td style="white-space:nowrap">
<code>responseHeadersPolicy</code>
<br>
<em>
<a href="#projectcontour.io/v1.HeadersPolicy">
HeadersPolicy
</a>
</em>
</td>
<td>
<em>(Optional)</em>
<p>The policy for managing response headers during proxying.
Rewriting the &lsquo;Host&rsquo; header is not supported.</p>
</td>
</tr>
<tr>
<td style="white-space:nowrap">
<code>cookieRewritePolicies</code>
<br>
<em>
<a href="#projectcontour.io/v1.CookieRewritePolicy">
[]CookieRewritePolicy
</a>
</em>
</td>
<td>
<em>(Optional)</em>
<p>The policies for rewriting Set-Cookie header attributes. Note that
rewritten cookie names must be unique in this list. Order rewrite
policies are specified in does not matter.</p>
</td>
</tr>
<tr>
<td style="white-space:nowrap">
<code>rateLimitPolicy</code>
<br>
<em>
<a href="#projectcontour.io/v1.RateLimitPolicy">
RateLimitPolicy
</a>
</em>
</td>
<td>
<em>(Optional)</em>
<p>The policy for rate limiting on the route.</p>
</td>
</tr>
<tr>
<td style="white-space:nowrap">
<code>requestRedirectPolicy</code>
<br>
<em>
<a href="#projectcontour.io/v1.HTTPRequestRedirectPolicy">
HTTPRequestRedirectPolicy
</a>
</em>
</td>
<td>
<em>(Optional)</em>
<p>RequestRedirectPolicy defines an HTTP redirection.</p>
</td>
</tr>
</tbody>
</table>
<h3 id="projectcontour.io/v1.Service">Service
</h3>
<p>
(<em>Appears on:</em>
<a href="#projectcontour.io/v1.Route">Route</a>, 
<a href="#projectcontour.io/v1.TCPProxy">TCPProxy</a>)
</p>
<p>
<p>Service defines an Kubernetes Service to proxy traffic.</p>
</p>
<table class="table table-striped table-borderless" style="border:none">
<thead class="border-bottom">
<tr>
<th>Field</th>
<th>Description</th>
</tr>
</thead>
<tbody class="border-top">
<tr>
<td style="white-space:nowrap">
<code>name</code>
<br>
<em>
string
</em>
</td>
<td>
<p>Name is the name of Kubernetes service to proxy traffic.
Names defined here will be used to look up corresponding endpoints which contain the ips to route.</p>
</td>
</tr>
<tr>
<td style="white-space:nowrap">
<code>port</code>
<br>
<em>
int
</em>
</td>
<td>
<p>Port (defined as Integer) to proxy traffic to since a service can have multiple defined.</p>
</td>
</tr>
<tr>
<td style="white-space:nowrap">
<code>protocol</code>
<br>
<em>
string
</em>
</td>
<td>
<em>(Optional)</em>
<p>Protocol may be used to specify (or override) the protocol used to reach this Service.
Values may be tls, h2, h2c. If omitted, protocol-selection falls back on Service annotations.</p>
</td>
</tr>
<tr>
<td style="white-space:nowrap">
<code>weight</code>
<br>
<em>
int64
</em>
</td>
<td>
<em>(Optional)</em>
<p>Weight defines percentage of traffic to balance traffic</p>
</td>
</tr>
<tr>
<td style="white-space:nowrap">
<code>validation</code>
<br>
<em>
<a href="#projectcontour.io/v1.UpstreamValidation">
UpstreamValidation
</a>
</em>
</td>
<td>
<em>(Optional)</em>
<p>UpstreamValidation defines how to verify the backend service&rsquo;s certificate</p>
</td>
</tr>
<tr>
<td style="white-space:nowrap">
<code>mirror</code>
<br>
<em>
bool
</em>
</td>
<td>
<p>If Mirror is true the Service will receive a read only mirror of the traffic for this route.</p>
</td>
</tr>
<tr>
<td style="white-space:nowrap">
<code>requestHeadersPolicy</code>
<br>
<em>
<a href="#projectcontour.io/v1.HeadersPolicy">
HeadersPolicy
</a>
</em>
</td>
<td>
<em>(Optional)</em>
<p>The policy for managing request headers during proxying.
Rewriting the &lsquo;Host&rsquo; header is not supported.</p>
</td>
</tr>
<tr>
<td style="white-space:nowrap">
<code>responseHeadersPolicy</code>
<br>
<em>
<a href="#projectcontour.io/v1.HeadersPolicy">
HeadersPolicy
</a>
</em>
</td>
<td>
<em>(Optional)</em>
<p>The policy for managing response headers during proxying.
Rewriting the &lsquo;Host&rsquo; header is not supported.</p>
</td>
</tr>
<tr>
<td style="white-space:nowrap">
<code>cookieRewritePolicies</code>
<br>
<em>
<a href="#projectcontour.io/v1.CookieRewritePolicy">
[]CookieRewritePolicy
</a>
</em>
</td>
<td>
<em>(Optional)</em>
<p>The policies for rewriting Set-Cookie header attributes.</p>
</td>
</tr>
</tbody>
</table>
<h3 id="projectcontour.io/v1.SubCondition">SubCondition
</h3>
<p>
(<em>Appears on:</em>
<a href="#projectcontour.io/v1.DetailedCondition">DetailedCondition</a>)
</p>
<p>
<p>SubCondition is a Condition-like type intended for use as a subcondition inside a DetailedCondition.</p>
<p>It contains a subset of the Condition fields.</p>
<p>It is intended for warnings and errors, so <code>type</code> names should use abnormal-true polarity,
that is, they should be of the form &ldquo;ErrorPresent: true&rdquo;.</p>
<p>The expected lifecycle for these errors is that they should only be present when the error or warning is,
and should be removed when they are not relevant.</p>
</p>
<table class="table table-striped table-borderless" style="border:none">
<thead class="border-bottom">
<tr>
<th>Field</th>
<th>Description</th>
</tr>
</thead>
<tbody class="border-top">
<tr>
<td style="white-space:nowrap">
<code>type</code>
<br>
<em>
string
</em>
</td>
<td>
<p>Type of condition in <code>CamelCase</code> or in <code>foo.example.com/CamelCase</code>.</p>
<p>This must be in abnormal-true polarity, that is, <code>ErrorFound</code> or <code>controller.io/ErrorFound</code>.</p>
<p>The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt)</p>
</td>
</tr>
<tr>
<td style="white-space:nowrap">
<code>status</code>
<br>
<em>
<a href="https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.18/#conditionstatus-v1-meta">
Kubernetes meta/v1.ConditionStatus
</a>
</em>
</td>
<td>
<p>Status of the condition, one of True, False, Unknown.</p>
</td>
</tr>
<tr>
<td style="white-space:nowrap">
<code>reason</code>
<br>
<em>
string
</em>
</td>
<td>
<p>Reason contains a programmatic identifier indicating the reason for the condition&rsquo;s last transition.
Producers of specific condition types may define expected values and meanings for this field,
and whether the values are considered a guaranteed API.</p>
<p>The value should be a CamelCase string.</p>
<p>This field may not be empty.</p>
</td>
</tr>
<tr>
<td style="white-space:nowrap">
<code>message</code>
<br>
<em>
string
</em>
</td>
<td>
<p>Message is a human readable message indicating details about the transition.</p>
<p>This may be an empty string.</p>
</td>
</tr>
</tbody>
</table>
<h3 id="projectcontour.io/v1.TCPHealthCheckPolicy">TCPHealthCheckPolicy
</h3>
<p>
(<em>Appears on:</em>
<a href="#projectcontour.io/v1.TCPProxy">TCPProxy</a>)
</p>
<p>
<p>TCPHealthCheckPolicy defines health checks on the upstream service.</p>
</p>
<table class="table table-striped table-borderless" style="border:none">
<thead class="border-bottom">
<tr>
<th>Field</th>
<th>Description</th>
</tr>
</thead>
<tbody class="border-top">
<tr>
<td style="white-space:nowrap">
<code>intervalSeconds</code>
<br>
<em>
int64
</em>
</td>
<td>
<em>(Optional)</em>
<p>The interval (seconds) between health checks</p>
</td>
</tr>
<tr>
<td style="white-space:nowrap">
<code>timeoutSeconds</code>
<br>
<em>
int64
</em>
</td>
<td>
<em>(Optional)</em>
<p>The time to wait (seconds) for a health check response</p>
</td>
</tr>
<tr>
<td style="white-space:nowrap">
<code>unhealthyThresholdCount</code>
<br>
<em>
uint32
</em>
</td>
<td>
<em>(Optional)</em>
<p>The number of unhealthy health checks required before a host is marked unhealthy</p>
</td>
</tr>
<tr>
<td style="white-space:nowrap">
<code>healthyThresholdCount</code>
<br>
<em>
uint32
</em>
</td>
<td>
<em>(Optional)</em>
<p>The number of healthy health checks required before a host is marked healthy</p>
</td>
</tr>
</tbody>
</table>
<h3 id="projectcontour.io/v1.TCPProxy">TCPProxy
</h3>
<p>
(<em>Appears on:</em>
<a href="#projectcontour.io/v1.HTTPProxySpec">HTTPProxySpec</a>)
</p>
<p>
<p>TCPProxy contains the set of services to proxy TCP connections.</p>
</p>
<table class="table table-striped table-borderless" style="border:none">
<thead class="border-bottom">
<tr>
<th>Field</th>
<th>Description</th>
</tr>
</thead>
<tbody class="border-top">
<tr>
<td style="white-space:nowrap">
<code>loadBalancerPolicy</code>
<br>
<em>
<a href="#projectcontour.io/v1.LoadBalancerPolicy">
LoadBalancerPolicy
</a>
</em>
</td>
<td>
<em>(Optional)</em>
<p>The load balancing policy for the backend services. Note that the
<code>Cookie</code> and <code>RequestHash</code> load balancing strategies cannot be used
here.</p>
</td>
</tr>
<tr>
<td style="white-space:nowrap">
<code>services</code>
<br>
<em>
<a href="#projectcontour.io/v1.Service">
[]Service
</a>
</em>
</td>
<td>
<em>(Optional)</em>
<p>Services are the services to proxy traffic</p>
</td>
</tr>
<tr>
<td style="white-space:nowrap">
<code>include</code>
<br>
<em>
<a href="#projectcontour.io/v1.TCPProxyInclude">
TCPProxyInclude
</a>
</em>
</td>
<td>
<em>(Optional)</em>
<p>Include specifies that this tcpproxy should be delegated to another HTTPProxy.</p>
</td>
</tr>
<tr>
<td style="white-space:nowrap">
<code>includes</code>
<br>
<em>
<a href="#projectcontour.io/v1.TCPProxyInclude">
TCPProxyInclude
</a>
</em>
</td>
<td>
<em>(Optional)</em>
<p>IncludesDeprecated allow for specific routing configuration to be appended to another HTTPProxy in another namespace.</p>
<p>Exists due to a mistake when developing HTTPProxy and the field was marked plural
when it should have been singular. This field should stay to not break backwards compatibility to v1 users.</p>
</td>
</tr>
<tr>
<td style="white-space:nowrap">
<code>healthCheckPolicy</code>
<br>
<em>
<a href="#projectcontour.io/v1.TCPHealthCheckPolicy">
TCPHealthCheckPolicy
</a>
</em>
</td>
<td>
<em>(Optional)</em>
<p>The health check policy for this tcp proxy</p>
</td>
</tr>
</tbody>
</table>
<h3 id="projectcontour.io/v1.TCPProxyInclude">TCPProxyInclude
</h3>
<p>
(<em>Appears on:</em>
<a href="#projectcontour.io/v1.TCPProxy">TCPProxy</a>)
</p>
<p>
<p>TCPProxyInclude describes a target HTTPProxy document which contains the TCPProxy details.</p>
</p>
<table class="table table-striped table-borderless" style="border:none">
<thead class="border-bottom">
<tr>
<th>Field</th>
<th>Description</th>
</tr>
</thead>
<tbody class="border-top">
<tr>
<td style="white-space:nowrap">
<code>name</code>
<br>
<em>
string
</em>
</td>
<td>
<p>Name of the child HTTPProxy</p>
</td>
</tr>
<tr>
<td style="white-space:nowrap">
<code>namespace</code>
<br>
<em>
string
</em>
</td>
<td>
<em>(Optional)</em>
<p>Namespace of the HTTPProxy to include. Defaults to the current namespace if not supplied.</p>
</td>
</tr>
</tbody>
</table>
<h3 id="projectcontour.io/v1.TLS">TLS
</h3>
<p>
(<em>Appears on:</em>
<a href="#projectcontour.io/v1.VirtualHost">VirtualHost</a>)
</p>
<p>
<p>TLS describes tls properties. The SNI names that will be matched on
are described in the HTTPProxy&rsquo;s Spec.VirtualHost.Fqdn field.</p>
</p>
<table class="table table-striped table-borderless" style="border:none">
<thead class="border-bottom">
<tr>
<th>Field</th>
<th>Description</th>
</tr>
</thead>
<tbody class="border-top">
<tr>
<td style="white-space:nowrap">
<code>secretName</code>
<br>
<em>
string
</em>
</td>
<td>
<p>SecretName is the name of a TLS secret in the current namespace.
Either SecretName or Passthrough must be specified, but not both.
If specified, the named secret must contain a matching certificate
for the virtual host&rsquo;s FQDN.</p>
</td>
</tr>
<tr>
<td style="white-space:nowrap">
<code>minimumProtocolVersion</code>
<br>
<em>
string
</em>
</td>
<td>
<em>(Optional)</em>
<p>MinimumProtocolVersion is the minimum TLS version this vhost should
negotiate. Valid options are <code>1.2</code> (default) and <code>1.3</code>. Any other value
defaults to TLS 1.2.</p>
</td>
</tr>
<tr>
<td style="white-space:nowrap">
<code>passthrough</code>
<br>
<em>
bool
</em>
</td>
<td>
<em>(Optional)</em>
<p>Passthrough defines whether the encrypted TLS handshake will be
passed through to the backing cluster. Either Passthrough or
SecretName must be specified, but not both.</p>
</td>
</tr>
<tr>
<td style="white-space:nowrap">
<code>clientValidation</code>
<br>
<em>
<a href="#projectcontour.io/v1.DownstreamValidation">
DownstreamValidation
</a>
</em>
</td>
<td>
<em>(Optional)</em>
<p>ClientValidation defines how to verify the client certificate
when an external client establishes a TLS connection to Envoy.</p>
<p>This setting:</p>
<ol>
<li>Enables TLS client certificate validation.</li>
<li>Specifies how the client certificate will be validated (i.e.
validation required or skipped).</li>
</ol>
<p>Note: Setting client certificate validation to be skipped should
be only used in conjunction with an external authorization server that
performs client validation as Contour will ensure client certificates
are passed along.</p>
</td>
</tr>
<tr>
<td style="white-space:nowrap">
<code>enableFallbackCertificate</code>
<br>
<em>
bool
</em>
</td>
<td>
<p>EnableFallbackCertificate defines if the vhost should allow a default certificate to
be applied which handles all requests which don&rsquo;t match the SNI defined in this vhost.</p>
</td>
</tr>
</tbody>
</table>
<h3 id="projectcontour.io/v1.TLSCertificateDelegationSpec">TLSCertificateDelegationSpec
</h3>
<p>
(<em>Appears on:</em>
<a href="#projectcontour.io/v1.TLSCertificateDelegation">TLSCertificateDelegation</a>)
</p>
<p>
<p>TLSCertificateDelegationSpec defines the spec of the CRD</p>
</p>
<table class="table table-striped table-borderless" style="border:none">
<thead class="border-bottom">
<tr>
<th>Field</th>
<th>Description</th>
</tr>
</thead>
<tbody class="border-top">
<tr>
<td style="white-space:nowrap">
<code>delegations</code>
<br>
<em>
<a href="#projectcontour.io/v1.CertificateDelegation">
[]CertificateDelegation
</a>
</em>
</td>
<td>
</td>
</tr>
</tbody>
</table>
<h3 id="projectcontour.io/v1.TLSCertificateDelegationStatus">TLSCertificateDelegationStatus
</h3>
<p>
(<em>Appears on:</em>
<a href="#projectcontour.io/v1.TLSCertificateDelegation">TLSCertificateDelegation</a>)
</p>
<p>
<p>TLSCertificateDelegationStatus allows for the status of the delegation
to be presented to the user.</p>
</p>
<table class="table table-striped table-borderless" style="border:none">
<thead class="border-bottom">
<tr>
<th>Field</th>
<th>Description</th>
</tr>
</thead>
<tbody class="border-top">
<tr>
<td style="white-space:nowrap">
<code>conditions</code>
<br>
<em>
<a href="#projectcontour.io/v1.DetailedCondition">
[]DetailedCondition
</a>
</em>
</td>
<td>
<em>(Optional)</em>
<p>Conditions contains information about the current status of the HTTPProxy,
in an upstream-friendly container.</p>
<p>Contour will update a single condition, <code>Valid</code>, that is in normal-true polarity.
That is, when <code>currentStatus</code> is <code>valid</code>, the <code>Valid</code> condition will be <code>status: true</code>,
and vice versa.</p>
<p>Contour will leave untouched any other Conditions set in this block,
in case some other controller wants to add a Condition.</p>
<p>If you are another controller owner and wish to add a condition, you <em>should</em>
namespace your condition with a label, like <code>controller.domain.com\ConditionName</code>.</p>
</td>
</tr>
</tbody>
</table>
<h3 id="projectcontour.io/v1.TimeoutPolicy">TimeoutPolicy
</h3>
<p>
(<em>Appears on:</em>
<a href="#projectcontour.io/v1.Route">Route</a>, 
<a href="#projectcontour.io/v1alpha1.ExtensionServiceSpec">ExtensionServiceSpec</a>)
</p>
<p>
<p>TimeoutPolicy configures timeouts that are used for handling network requests.</p>
<p>TimeoutPolicy durations are expressed in the Go <a href="https://godoc.org/time#ParseDuration">Duration format</a>.
Valid time units are &ldquo;ns&rdquo;, &ldquo;us&rdquo; (or &ldquo;µs&rdquo;), &ldquo;ms&rdquo;, &ldquo;s&rdquo;, &ldquo;m&rdquo;, &ldquo;h&rdquo;.
The string &ldquo;infinity&rdquo; is also a valid input and specifies no timeout.
A value of &ldquo;0s&rdquo; will be treated as if the field were not set, i.e. by using Envoy&rsquo;s default behavior.</p>
<p>Example input values: &ldquo;300ms&rdquo;, &ldquo;5s&rdquo;, &ldquo;1m&rdquo;.</p>
</p>
<table class="table table-striped table-borderless" style="border:none">
<thead class="border-bottom">
<tr>
<th>Field</th>
<th>Description</th>
</tr>
</thead>
<tbody class="border-top">
<tr>
<td style="white-space:nowrap">
<code>response</code>
<br>
<em>
string
</em>
</td>
<td>
<em>(Optional)</em>
<p>Timeout for receiving a response from the server after processing a request from client.
If not supplied, Envoy&rsquo;s default value of 15s applies.</p>
</td>
</tr>
<tr>
<td style="white-space:nowrap">
<code>idle</code>
<br>
<em>
string
</em>
</td>
<td>
<em>(Optional)</em>
<p>Timeout for how long the proxy should wait while there is no activity during single request/response (for HTTP/1.1) or stream (for HTTP/2).
Timeout will not trigger while HTTP/1.1 connection is idle between two consecutive requests.
If not specified, there is no per-route idle timeout, though a connection manager-wide
stream_idle_timeout default of 5m still applies.</p>
</td>
</tr>
</tbody>
</table>
<h3 id="projectcontour.io/v1.UpstreamValidation">UpstreamValidation
</h3>
<p>
(<em>Appears on:</em>
<a href="#projectcontour.io/v1.Service">Service</a>, 
<a href="#projectcontour.io/v1alpha1.ExtensionServiceSpec">ExtensionServiceSpec</a>)
</p>
<p>
<p>UpstreamValidation defines how to verify the backend service&rsquo;s certificate</p>
</p>
<table class="table table-striped table-borderless" style="border:none">
<thead class="border-bottom">
<tr>
<th>Field</th>
<th>Description</th>
</tr>
</thead>
<tbody class="border-top">
<tr>
<td style="white-space:nowrap">
<code>caSecret</code>
<br>
<em>
string
</em>
</td>
<td>
<p>Name or namespaced name of the Kubernetes secret used to validate the certificate presented by the backend</p>
</td>
</tr>
<tr>
<td style="white-space:nowrap">
<code>subjectName</code>
<br>
<em>
string
</em>
</td>
<td>
<p>Key which is expected to be present in the &lsquo;subjectAltName&rsquo; of the presented certificate</p>
</td>
</tr>
</tbody>
</table>
<h3 id="projectcontour.io/v1.VirtualHost">VirtualHost
</h3>
<p>
(<em>Appears on:</em>
<a href="#projectcontour.io/v1.HTTPProxySpec">HTTPProxySpec</a>)
</p>
<p>
<p>VirtualHost appears at most once. If it is present, the object is considered
to be a &ldquo;root&rdquo;.</p>
</p>
<table class="table table-striped table-borderless" style="border:none">
<thead class="border-bottom">
<tr>
<th>Field</th>
<th>Description</th>
</tr>
</thead>
<tbody class="border-top">
<tr>
<td style="white-space:nowrap">
<code>fqdn</code>
<br>
<em>
string
</em>
</td>
<td>
<p>The fully qualified domain name of the root of the ingress tree
all leaves of the DAG rooted at this object relate to the fqdn.</p>
</td>
</tr>
<tr>
<td style="white-space:nowrap">
<code>tls</code>
<br>
<em>
<a href="#projectcontour.io/v1.TLS">
TLS
</a>
</em>
</td>
<td>
<em>(Optional)</em>
<p>If present the fields describes TLS properties of the virtual
host. The SNI names that will be matched on are described in fqdn,
the tls.secretName secret must contain a certificate that itself
contains a name that matches the FQDN.</p>
</td>
</tr>
<tr>
<td style="white-space:nowrap">
<code>authorization</code>
<br>
<em>
<a href="#projectcontour.io/v1.AuthorizationServer">
AuthorizationServer
</a>
</em>
</td>
<td>
<em>(Optional)</em>
<p>This field configures an extension service to perform
authorization for this virtual host. Authorization can
only be configured on virtual hosts that have TLS enabled.
If the TLS configuration requires client certificate
validation, the client certificate is always included in the
authentication check request.</p>
</td>
</tr>
<tr>
<td style="white-space:nowrap">
<code>corsPolicy</code>
<br>
<em>
<a href="#projectcontour.io/v1.CORSPolicy">
CORSPolicy
</a>
</em>
</td>
<td>
<em>(Optional)</em>
<p>Specifies the cross-origin policy to apply to the VirtualHost.</p>
</td>
</tr>
<tr>
<td style="white-space:nowrap">
<code>rateLimitPolicy</code>
<br>
<em>
<a href="#projectcontour.io/v1.RateLimitPolicy">
RateLimitPolicy
</a>
</em>
</td>
<td>
<em>(Optional)</em>
<p>The policy for rate limiting on the virtual host.</p>
</td>
</tr>
</tbody>
</table>
<hr/>
<h2 id="projectcontour.io/v1alpha1">projectcontour.io/v1alpha1</h2>
<p>
<p>Package v1alpha1 contains API Schema definitions for the projectcontour.io v1alpha1 API group</p>
</p>
Resource Types:
<ul><li>
<a href="#projectcontour.io/v1alpha1.ContourConfiguration">ContourConfiguration</a>
</li><li>
<a href="#projectcontour.io/v1alpha1.ContourDeployment">ContourDeployment</a>
</li><li>
<a href="#projectcontour.io/v1alpha1.ExtensionService">ExtensionService</a>
</li></ul>
<h3 id="projectcontour.io/v1alpha1.ContourConfiguration">ContourConfiguration
</h3>
<p>
<p>ContourConfiguration is the schema for a Contour instance.</p>
</p>
<table class="table table-striped table-borderless" style="border:none">
<thead class="border-bottom">
<tr>
<th>Field</th>
<th>Description</th>
</tr>
</thead>
<tbody class="border-top">
<tr>
<td>
<code>apiVersion</code>
<br>
string</td>
<td>
<code>
projectcontour.io/v1alpha1
</code>
</td>
</tr>
<tr>
<td>
<code>kind</code>
<br>
string
</td>
<td><code>ContourConfiguration</code></td>
</tr>
<tr>
<td style="white-space:nowrap">
<code>metadata</code>
<br>
<em>
<a href="https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.18/#objectmeta-v1-meta">
Kubernetes meta/v1.ObjectMeta
</a>
</em>
</td>
<td>
Refer to the Kubernetes API documentation for the fields of the
<code>metadata</code> field.
</td>
</tr>
<tr>
<td style="white-space:nowrap">
<code>spec</code>
<br>
<em>
<a href="#projectcontour.io/v1alpha1.ContourConfigurationSpec">
ContourConfigurationSpec
</a>
</em>
</td>
<td>
<br>
<br>
<table style="border:none">
<tr>
<td style="white-space:nowrap">
<code>xdsServer</code>
<br>
<em>
<a href="#projectcontour.io/v1alpha1.XDSServerConfig">
XDSServerConfig
</a>
</em>
</td>
<td>
<em>(Optional)</em>
<p>XDSServer contains parameters for the xDS server.</p>
</td>
</tr>
<tr>
<td style="white-space:nowrap">
<code>ingress</code>
<br>
<em>
<a href="#projectcontour.io/v1alpha1.IngressConfig">
IngressConfig
</a>
</em>
</td>
<td>
<em>(Optional)</em>
<p>Ingress contains parameters for ingress options.</p>
</td>
</tr>
<tr>
<td style="white-space:nowrap">
<code>debug</code>
<br>
<em>
<a href="#projectcontour.io/v1alpha1.DebugConfig">
DebugConfig
</a>
</em>
</td>
<td>
<em>(Optional)</em>
<p>Debug contains parameters to enable debug logging
and debug interfaces inside Contour.</p>
</td>
</tr>
<tr>
<td style="white-space:nowrap">
<code>health</code>
<br>
<em>
<a href="#projectcontour.io/v1alpha1.HealthConfig">
HealthConfig
</a>
</em>
</td>
<td>
<em>(Optional)</em>
<p>Health defines the endpoints Contour uses to serve health checks.</p>
</td>
</tr>
<tr>
<td style="white-space:nowrap">
<code>envoy</code>
<br>
<em>
<a href="#projectcontour.io/v1alpha1.EnvoyConfig">
EnvoyConfig
</a>
</em>
</td>
<td>
<em>(Optional)</em>
<p>Envoy contains parameters for Envoy as well
as how to optionally configure a managed Envoy fleet.</p>
</td>
</tr>
<tr>
<td style="white-space:nowrap">
<code>gateway</code>
<br>
<em>
<a href="#projectcontour.io/v1alpha1.GatewayConfig">
GatewayConfig
</a>
</em>
</td>
<td>
<em>(Optional)</em>
<p>Gateway contains parameters for the gateway-api Gateway that Contour
is configured to serve traffic.</p>
</td>
</tr>
<tr>
<td style="white-space:nowrap">
<code>httpproxy</code>
<br>
<em>
<a href="#projectcontour.io/v1alpha1.HTTPProxyConfig">
HTTPProxyConfig
</a>
</em>
</td>
<td>
<em>(Optional)</em>
<p>HTTPProxy defines parameters on HTTPProxy.</p>
</td>
</tr>
<tr>
<td style="white-space:nowrap">
<code>enableExternalNameService</code>
<br>
<em>
bool
</em>
</td>
<td>
<em>(Optional)</em>
<p>EnableExternalNameService allows processing of ExternalNameServices
Defaults to disabled for security reasons.</p>
</td>
</tr>
<tr>
<td style="white-space:nowrap">
<code>rateLimitService</code>
<br>
<em>
<a href="#projectcontour.io/v1alpha1.RateLimitServiceConfig">
RateLimitServiceConfig
</a>
</em>
</td>
<td>
<em>(Optional)</em>
<p>RateLimitService optionally holds properties of the Rate Limit Service
to be used for global rate limiting.</p>
</td>
</tr>
<tr>
<td style="white-space:nowrap">
<code>policy</code>
<br>
<em>
<a href="#projectcontour.io/v1alpha1.PolicyConfig">
PolicyConfig
</a>
</em>
</td>
<td>
<em>(Optional)</em>
<p>Policy specifies default policy applied if not overridden by the user</p>
</td>
</tr>
<tr>
<td style="white-space:nowrap">
<code>metrics</code>
<br>
<em>
<a href="#projectcontour.io/v1alpha1.MetricsConfig">
MetricsConfig
</a>
</em>
</td>
<td>
<em>(Optional)</em>
<p>Metrics defines the endpoint Contour uses to serve metrics.</p>
</td>
</tr>
</table>
</td>
</tr>
<tr>
<td style="white-space:nowrap">
<code>status</code>
<br>
<em>
<a href="#projectcontour.io/v1alpha1.ContourConfigurationStatus">
ContourConfigurationStatus
</a>
</em>
</td>
<td>
<em>(Optional)</em>
</td>
</tr>
</tbody>
</table>
<h3 id="projectcontour.io/v1alpha1.ContourDeployment">ContourDeployment
</h3>
<p>
<p>ContourDeployment is the schema for a Contour Deployment.</p>
</p>
<table class="table table-striped table-borderless" style="border:none">
<thead class="border-bottom">
<tr>
<th>Field</th>
<th>Description</th>
</tr>
</thead>
<tbody class="border-top">
<tr>
<td>
<code>apiVersion</code>
<br>
string</td>
<td>
<code>
projectcontour.io/v1alpha1
</code>
</td>
</tr>
<tr>
<td>
<code>kind</code>
<br>
string
</td>
<td><code>ContourDeployment</code></td>
</tr>
<tr>
<td style="white-space:nowrap">
<code>metadata</code>
<br>
<em>
<a href="https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.18/#objectmeta-v1-meta">
Kubernetes meta/v1.ObjectMeta
</a>
</em>
</td>
<td>
Refer to the Kubernetes API documentation for the fields of the
<code>metadata</code> field.
</td>
</tr>
<tr>
<td style="white-space:nowrap">
<code>spec</code>
<br>
<em>
<a href="#projectcontour.io/v1alpha1.ContourDeploymentSpec">
ContourDeploymentSpec
</a>
</em>
</td>
<td>
<br>
<br>
<table style="border:none">
<tr>
<td style="white-space:nowrap">
<code>replicas</code>
<br>
<em>
int32
</em>
</td>
<td>
<p>Replicas is the desired number of Contour replicas. If unset,
defaults to 2.</p>
</td>
</tr>
<tr>
<td style="white-space:nowrap">
<code>config</code>
<br>
<em>
<a href="#projectcontour.io/v1alpha1.ContourConfigurationSpec">
ContourConfigurationSpec
</a>
</em>
</td>
<td>
<p>Config is the config that the instances of Contour are to utilize.</p>
</td>
</tr>
</table>
</td>
</tr>
<tr>
<td style="white-space:nowrap">
<code>status</code>
<br>
<em>
<a href="#projectcontour.io/v1alpha1.ContourDeploymentStatus">
ContourDeploymentStatus
</a>
</em>
</td>
<td>
</td>
</tr>
</tbody>
</table>
<h3 id="projectcontour.io/v1alpha1.ExtensionService">ExtensionService
</h3>
<p>
<p>ExtensionService is the schema for the Contour extension services API.
An ExtensionService resource binds a network service to the Contour
API so that Contour API features can be implemented by collaborating
components.</p>
</p>
<table class="table table-striped table-borderless" style="border:none">
<thead class="border-bottom">
<tr>
<th>Field</th>
<th>Description</th>
</tr>
</thead>
<tbody class="border-top">
<tr>
<td>
<code>apiVersion</code>
<br>
string</td>
<td>
<code>
projectcontour.io/v1alpha1
</code>
</td>
</tr>
<tr>
<td>
<code>kind</code>
<br>
string
</td>
<td><code>ExtensionService</code></td>
</tr>
<tr>
<td style="white-space:nowrap">
<code>metadata</code>
<br>
<em>
<a href="https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.18/#objectmeta-v1-meta">
Kubernetes meta/v1.ObjectMeta
</a>
</em>
</td>
<td>
Refer to the Kubernetes API documentation for the fields of the
<code>metadata</code> field.
</td>
</tr>
<tr>
<td style="white-space:nowrap">
<code>spec</code>
<br>
<em>
<a href="#projectcontour.io/v1alpha1.ExtensionServiceSpec">
ExtensionServiceSpec
</a>
</em>
</td>
<td>
<br>
<br>
<table style="border:none">
<tr>
<td style="white-space:nowrap">
<code>services</code>
<br>
<em>
<a href="#projectcontour.io/v1alpha1.ExtensionServiceTarget">
[]ExtensionServiceTarget
</a>
</em>
</td>
<td>
<p>Services specifies the set of Kubernetes Service resources that
receive GRPC extension API requests.
If no weights are specified for any of the entries in
this array, traffic will be spread evenly across all the
services.
Otherwise, traffic is balanced proportionally to the
Weight field in each entry.</p>
</td>
</tr>
<tr>
<td style="white-space:nowrap">
<code>validation</code>
<br>
<em>
<a href="#projectcontour.io/v1.UpstreamValidation">
UpstreamValidation
</a>
</em>
</td>
<td>
<em>(Optional)</em>
<p>UpstreamValidation defines how to verify the backend service&rsquo;s certificate</p>
</td>
</tr>
<tr>
<td style="white-space:nowrap">
<code>protocol</code>
<br>
<em>
string
</em>
</td>
<td>
<em>(Optional)</em>
<p>Protocol may be used to specify (or override) the protocol used to reach this Service.
Values may be h2 or h2c. If omitted, protocol-selection falls back on Service annotations.</p>
</td>
</tr>
<tr>
<td style="white-space:nowrap">
<code>loadBalancerPolicy</code>
<br>
<em>
<a href="#projectcontour.io/v1.LoadBalancerPolicy">
LoadBalancerPolicy
</a>
</em>
</td>
<td>
<em>(Optional)</em>
<p>The policy for load balancing GRPC service requests. Note that the
<code>Cookie</code> and <code>RequestHash</code> load balancing strategies cannot be used
here.</p>
</td>
</tr>
<tr>
<td style="white-space:nowrap">
<code>timeoutPolicy</code>
<br>
<em>
<a href="#projectcontour.io/v1.TimeoutPolicy">
TimeoutPolicy
</a>
</em>
</td>
<td>
<em>(Optional)</em>
<p>The timeout policy for requests to the services.</p>
</td>
</tr>
<tr>
<td style="white-space:nowrap">
<code>protocolVersion</code>
<br>
<em>
<a href="#projectcontour.io/v1alpha1.ExtensionProtocolVersion">
ExtensionProtocolVersion
</a>
</em>
</td>
<td>
<em>(Optional)</em>
<p>This field sets the version of the GRPC protocol that Envoy uses to
send requests to the extension service. Since Contour always uses the
v3 Envoy API, this is currently fixed at &ldquo;v3&rdquo;. However, other
protocol options will be available in future.</p>
</td>
</tr>
</table>
</td>
</tr>
<tr>
<td style="white-space:nowrap">
<code>status</code>
<br>
<em>
<a href="#projectcontour.io/v1alpha1.ExtensionServiceStatus">
ExtensionServiceStatus
</a>
</em>
</td>
<td>
</td>
</tr>
</tbody>
</table>
<h3 id="projectcontour.io/v1alpha1.AccessLogFields">AccessLogFields
(<code>[]string</code> alias)</h3>
<p>
(<em>Appears on:</em>
<a href="#projectcontour.io/v1alpha1.EnvoyLogging">EnvoyLogging</a>)
</p>
<p>
</p>
<h3 id="projectcontour.io/v1alpha1.AccessLogType">AccessLogType
(<code>string</code> alias)</h3>
<p>
(<em>Appears on:</em>
<a href="#projectcontour.io/v1alpha1.EnvoyLogging">EnvoyLogging</a>)
</p>
<p>
<p>AccessLogType is the name of a supported access logging mechanism.</p>
</p>
<h3 id="projectcontour.io/v1alpha1.ClusterDNSFamilyType">ClusterDNSFamilyType
(<code>string</code> alias)</h3>
<p>
(<em>Appears on:</em>
<a href="#projectcontour.io/v1alpha1.ClusterParameters">ClusterParameters</a>)
</p>
<p>
<p>ClusterDNSFamilyType is the Ip family to use for resolving DNS
names in an Envoy cluster config.</p>
</p>
<h3 id="projectcontour.io/v1alpha1.ClusterParameters">ClusterParameters
</h3>
<p>
(<em>Appears on:</em>
<a href="#projectcontour.io/v1alpha1.EnvoyConfig">EnvoyConfig</a>)
</p>
<p>
<p>ClusterParameters holds various configurable cluster values.</p>
</p>
<table class="table table-striped table-borderless" style="border:none">
<thead class="border-bottom">
<tr>
<th>Field</th>
<th>Description</th>
</tr>
</thead>
<tbody class="border-top">
<tr>
<td style="white-space:nowrap">
<code>dnsLookupFamily</code>
<br>
<em>
<a href="#projectcontour.io/v1alpha1.ClusterDNSFamilyType">
ClusterDNSFamilyType
</a>
</em>
</td>
<td>
<p>DNSLookupFamily defines how external names are looked up
When configured as V4, the DNS resolver will only perform a lookup
for addresses in the IPv4 family. If V6 is configured, the DNS resolver
will only perform a lookup for addresses in the IPv6 family.
If AUTO is configured, the DNS resolver will first perform a lookup
for addresses in the IPv6 family and fallback to a lookup for addresses
in the IPv4 family.
Note: This only applies to externalName clusters.</p>
<p>See <a href="https://www.envoyproxy.io/docs/envoy/latest/api-v3/config/cluster/v3/cluster.proto.html#envoy-v3-api-enum-config-cluster-v3-cluster-dnslookupfamily">https://www.envoyproxy.io/docs/envoy/latest/api-v3/config/cluster/v3/cluster.proto.html#envoy-v3-api-enum-config-cluster-v3-cluster-dnslookupfamily</a>
for more information.</p>
</td>
</tr>
</tbody>
</table>
<h3 id="projectcontour.io/v1alpha1.ContourConfigurationSpec">ContourConfigurationSpec
</h3>
<p>
(<em>Appears on:</em>
<a href="#projectcontour.io/v1alpha1.ContourConfiguration">ContourConfiguration</a>, 
<a href="#projectcontour.io/v1alpha1.ContourDeploymentSpec">ContourDeploymentSpec</a>)
</p>
<p>
<p>ContourConfigurationSpec represents a configuration of a Contour controller.
It contains most of all the options that can be customized, the
other remaining options being command line flags.</p>
</p>
<table class="table table-striped table-borderless" style="border:none">
<thead class="border-bottom">
<tr>
<th>Field</th>
<th>Description</th>
</tr>
</thead>
<tbody class="border-top">
<tr>
<td style="white-space:nowrap">
<code>xdsServer</code>
<br>
<em>
<a href="#projectcontour.io/v1alpha1.XDSServerConfig">
XDSServerConfig
</a>
</em>
</td>
<td>
<em>(Optional)</em>
<p>XDSServer contains parameters for the xDS server.</p>
</td>
</tr>
<tr>
<td style="white-space:nowrap">
<code>ingress</code>
<br>
<em>
<a href="#projectcontour.io/v1alpha1.IngressConfig">
IngressConfig
</a>
</em>
</td>
<td>
<em>(Optional)</em>
<p>Ingress contains parameters for ingress options.</p>
</td>
</tr>
<tr>
<td style="white-space:nowrap">
<code>debug</code>
<br>
<em>
<a href="#projectcontour.io/v1alpha1.DebugConfig">
DebugConfig
</a>
</em>
</td>
<td>
<em>(Optional)</em>
<p>Debug contains parameters to enable debug logging
and debug interfaces inside Contour.</p>
</td>
</tr>
<tr>
<td style="white-space:nowrap">
<code>health</code>
<br>
<em>
<a href="#projectcontour.io/v1alpha1.HealthConfig">
HealthConfig
</a>
</em>
</td>
<td>
<em>(Optional)</em>
<p>Health defines the endpoints Contour uses to serve health checks.</p>
</td>
</tr>
<tr>
<td style="white-space:nowrap">
<code>envoy</code>
<br>
<em>
<a href="#projectcontour.io/v1alpha1.EnvoyConfig">
EnvoyConfig
</a>
</em>
</td>
<td>
<em>(Optional)</em>
<p>Envoy contains parameters for Envoy as well
as how to optionally configure a managed Envoy fleet.</p>
</td>
</tr>
<tr>
<td style="white-space:nowrap">
<code>gateway</code>
<br>
<em>
<a href="#projectcontour.io/v1alpha1.GatewayConfig">
GatewayConfig
</a>
</em>
</td>
<td>
<em>(Optional)</em>
<p>Gateway contains parameters for the gateway-api Gateway that Contour
is configured to serve traffic.</p>
</td>
</tr>
<tr>
<td style="white-space:nowrap">
<code>httpproxy</code>
<br>
<em>
<a href="#projectcontour.io/v1alpha1.HTTPProxyConfig">
HTTPProxyConfig
</a>
</em>
</td>
<td>
<em>(Optional)</em>
<p>HTTPProxy defines parameters on HTTPProxy.</p>
</td>
</tr>
<tr>
<td style="white-space:nowrap">
<code>enableExternalNameService</code>
<br>
<em>
bool
</em>
</td>
<td>
<em>(Optional)</em>
<p>EnableExternalNameService allows processing of ExternalNameServices
Defaults to disabled for security reasons.</p>
</td>
</tr>
<tr>
<td style="white-space:nowrap">
<code>rateLimitService</code>
<br>
<em>
<a href="#projectcontour.io/v1alpha1.RateLimitServiceConfig">
RateLimitServiceConfig
</a>
</em>
</td>
<td>
<em>(Optional)</em>
<p>RateLimitService optionally holds properties of the Rate Limit Service
to be used for global rate limiting.</p>
</td>
</tr>
<tr>
<td style="white-space:nowrap">
<code>policy</code>
<br>
<em>
<a href="#projectcontour.io/v1alpha1.PolicyConfig">
PolicyConfig
</a>
</em>
</td>
<td>
<em>(Optional)</em>
<p>Policy specifies default policy applied if not overridden by the user</p>
</td>
</tr>
<tr>
<td style="white-space:nowrap">
<code>metrics</code>
<br>
<em>
<a href="#projectcontour.io/v1alpha1.MetricsConfig">
MetricsConfig
</a>
</em>
</td>
<td>
<em>(Optional)</em>
<p>Metrics defines the endpoint Contour uses to serve metrics.</p>
</td>
</tr>
</tbody>
</table>
<h3 id="projectcontour.io/v1alpha1.ContourConfigurationStatus">ContourConfigurationStatus
</h3>
<p>
(<em>Appears on:</em>
<a href="#projectcontour.io/v1alpha1.ContourConfiguration">ContourConfiguration</a>)
</p>
<p>
<p>ContourConfigurationStatus defines the observed state of a ContourConfiguration resource.</p>
</p>
<table class="table table-striped table-borderless" style="border:none">
<thead class="border-bottom">
<tr>
<th>Field</th>
<th>Description</th>
</tr>
</thead>
<tbody class="border-top">
<tr>
<td style="white-space:nowrap">
<code>conditions</code>
<br>
<em>
<a href="#projectcontour.io/v1.DetailedCondition">
[]DetailedCondition
</a>
</em>
</td>
<td>
<em>(Optional)</em>
<p>Conditions contains the current status of the Contour resource.</p>
<p>Contour will update a single condition, <code>Valid</code>, that is in normal-true polarity.</p>
<p>Contour will not modify any other Conditions set in this block,
in case some other controller wants to add a Condition.</p>
</td>
</tr>
</tbody>
</table>
<h3 id="projectcontour.io/v1alpha1.ContourDeploymentSpec">ContourDeploymentSpec
</h3>
<p>
(<em>Appears on:</em>
<a href="#projectcontour.io/v1alpha1.ContourDeployment">ContourDeployment</a>)
</p>
<p>
<p>ContourDeploymentSpec defines the parameters of how a Contour
instance should be configured.</p>
</p>
<table class="table table-striped table-borderless" style="border:none">
<thead class="border-bottom">
<tr>
<th>Field</th>
<th>Description</th>
</tr>
</thead>
<tbody class="border-top">
<tr>
<td style="white-space:nowrap">
<code>replicas</code>
<br>
<em>
int32
</em>
</td>
<td>
<p>Replicas is the desired number of Contour replicas. If unset,
defaults to 2.</p>
</td>
</tr>
<tr>
<td style="white-space:nowrap">
<code>config</code>
<br>
<em>
<a href="#projectcontour.io/v1alpha1.ContourConfigurationSpec">
ContourConfigurationSpec
</a>
</em>
</td>
<td>
<p>Config is the config that the instances of Contour are to utilize.</p>
</td>
</tr>
</tbody>
</table>
<h3 id="projectcontour.io/v1alpha1.ContourDeploymentStatus">ContourDeploymentStatus
</h3>
<p>
(<em>Appears on:</em>
<a href="#projectcontour.io/v1alpha1.ContourDeployment">ContourDeployment</a>)
</p>
<p>
<p>ContourDeploymentStatus defines the observed state of a ContourDeployment resource.</p>
</p>
<table class="table table-striped table-borderless" style="border:none">
<thead class="border-bottom">
<tr>
<th>Field</th>
<th>Description</th>
</tr>
</thead>
<tbody class="border-top">
<tr>
<td style="white-space:nowrap">
<code>conditions</code>
<br>
<em>
<a href="#projectcontour.io/v1.DetailedCondition">
[]DetailedCondition
</a>
</em>
</td>
<td>
<em>(Optional)</em>
<p>Conditions contains the current status of the Contour resource.</p>
<p>Contour will update a single condition, <code>Valid</code>, that is in normal-true polarity.</p>
<p>Contour will not modify any other Conditions set in this block,
in case some other controller wants to add a Condition.</p>
</td>
</tr>
</tbody>
</table>
<h3 id="projectcontour.io/v1alpha1.DebugConfig">DebugConfig
</h3>
<p>
(<em>Appears on:</em>
<a href="#projectcontour.io/v1alpha1.ContourConfigurationSpec">ContourConfigurationSpec</a>)
</p>
<p>
<p>DebugConfig contains Contour specific troubleshooting options.</p>
</p>
<table class="table table-striped table-borderless" style="border:none">
<thead class="border-bottom">
<tr>
<th>Field</th>
<th>Description</th>
</tr>
</thead>
<tbody class="border-top">
<tr>
<td style="white-space:nowrap">
<code>address</code>
<br>
<em>
string
</em>
</td>
<td>
<em>(Optional)</em>
<p>Defines the Contour debug address interface.</p>
</td>
</tr>
<tr>
<td style="white-space:nowrap">
<code>port</code>
<br>
<em>
int
</em>
</td>
<td>
<em>(Optional)</em>
<p>Defines the Contour debug address port.</p>
</td>
</tr>
<tr>
<td style="white-space:nowrap">
<code>logLevel</code>
<br>
<em>
<a href="#projectcontour.io/v1alpha1.LogLevel">
LogLevel
</a>
</em>
</td>
<td>
<p>DebugLogLevel defines the log level which Contour will
use when outputting log information.</p>
</td>
</tr>
<tr>
<td style="white-space:nowrap">
<code>kubernetesLogLevel</code>
<br>
<em>
uint
</em>
</td>
<td>
<em>(Optional)</em>
<p>KubernetesDebugLogLevel defines the log level which Contour will
use when outputting Kubernetes specific log information.</p>
<p>Details: <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/sig-instrumentation/logging.md">https://github.com/kubernetes/community/blob/master/contributors/devel/sig-instrumentation/logging.md</a></p>
</td>
</tr>
</tbody>
</table>
<h3 id="projectcontour.io/v1alpha1.EnvoyConfig">EnvoyConfig
</h3>
<p>
(<em>Appears on:</em>
<a href="#projectcontour.io/v1alpha1.ContourConfigurationSpec">ContourConfigurationSpec</a>)
</p>
<p>
<p>EnvoyConfig defines how Envoy is to be Configured from Contour.</p>
</p>
<table class="table table-striped table-borderless" style="border:none">
<thead class="border-bottom">
<tr>
<th>Field</th>
<th>Description</th>
</tr>
</thead>
<tbody class="border-top">
<tr>
<td style="white-space:nowrap">
<code>listener</code>
<br>
<em>
<a href="#projectcontour.io/v1alpha1.EnvoyListenerConfig">
EnvoyListenerConfig
</a>
</em>
</td>
<td>
<p>Listener hold various configurable Envoy listener values.</p>
</td>
</tr>
<tr>
<td style="white-space:nowrap">
<code>service</code>
<br>
<em>
<a href="#projectcontour.io/v1alpha1.NamespacedName">
NamespacedName
</a>
</em>
</td>
<td>
<p>Service holds Envoy service parameters for setting Ingress status.</p>
</td>
</tr>
<tr>
<td style="white-space:nowrap">
<code>http</code>
<br>
<em>
<a href="#projectcontour.io/v1alpha1.EnvoyListener">
EnvoyListener
</a>
</em>
</td>
<td>
<p>Defines the HTTP Listener for Envoy.</p>
</td>
</tr>
<tr>
<td style="white-space:nowrap">
<code>https</code>
<br>
<em>
<a href="#projectcontour.io/v1alpha1.EnvoyListener">
EnvoyListener
</a>
</em>
</td>
<td>
<p>Defines the HTTP Listener for Envoy.</p>
</td>
</tr>
<tr>
<td style="white-space:nowrap">
<code>health</code>
<br>
<em>
<a href="#projectcontour.io/v1alpha1.HealthConfig">
HealthConfig
</a>
</em>
</td>
<td>
<em>(Optional)</em>
<p>Health defines the endpoint Envoy uses to serve health checks.</p>
</td>
</tr>
<tr>
<td style="white-space:nowrap">
<code>metrics</code>
<br>
<em>
<a href="#projectcontour.io/v1alpha1.MetricsConfig">
MetricsConfig
</a>
</em>
</td>
<td>
<p>Metrics defines the endpoint Envoy uses to serve metrics.</p>
</td>
</tr>
<tr>
<td style="white-space:nowrap">
<code>clientCertificate</code>
<br>
<em>
<a href="#projectcontour.io/v1alpha1.NamespacedName">
NamespacedName
</a>
</em>
</td>
<td>
<em>(Optional)</em>
<p>ClientCertificate defines the namespace/name of the Kubernetes
secret containing the client certificate and private key
to be used when establishing TLS connection to upstream
cluster.</p>
</td>
</tr>
<tr>
<td style="white-space:nowrap">
<code>logging</code>
<br>
<em>
<a href="#projectcontour.io/v1alpha1.EnvoyLogging">
EnvoyLogging
</a>
</em>
</td>
<td>
<p>Logging defines how Envoy&rsquo;s logs can be configured.</p>
</td>
</tr>
<tr>
<td style="white-space:nowrap">
<code>defaultHTTPVersions</code>
<br>
<em>
<a href="#projectcontour.io/v1alpha1.HTTPVersionType">
[]HTTPVersionType
</a>
</em>
</td>
<td>
<p>DefaultHTTPVersions defines the default set of HTTPS
versions the proxy should accept. HTTP versions are
strings of the form &ldquo;HTTP/xx&rdquo;. Supported versions are
&ldquo;HTTP/1.1&rdquo; and &ldquo;HTTP/2&rdquo;.</p>
</td>
</tr>
<tr>
<td style="white-space:nowrap">
<code>timeouts</code>
<br>
<em>
<a href="#projectcontour.io/v1alpha1.TimeoutParameters">
TimeoutParameters
</a>
</em>
</td>
<td>
<em>(Optional)</em>
<p>Timeouts holds various configurable timeouts that can
be set in the config file.</p>
</td>
</tr>
<tr>
<td style="white-space:nowrap">
<code>cluster</code>
<br>
<em>
<a href="#projectcontour.io/v1alpha1.ClusterParameters">
ClusterParameters
</a>
</em>
</td>
<td>
<p>Cluster holds various configurable Envoy cluster values that can
be set in the config file.</p>
</td>
</tr>
<tr>
<td style="white-space:nowrap">
<code>network</code>
<br>
<em>
<a href="#projectcontour.io/v1alpha1.NetworkParameters">
NetworkParameters
</a>
</em>
</td>
<td>
<p>Network holds various configurable Envoy network values.</p>
</td>
</tr>
</tbody>
</table>
<h3 id="projectcontour.io/v1alpha1.EnvoyListener">EnvoyListener
</h3>
<p>
(<em>Appears on:</em>
<a href="#projectcontour.io/v1alpha1.EnvoyConfig">EnvoyConfig</a>)
</p>
<p>
<p>EnvoyListener defines parameters for an Envoy Listener.</p>
</p>
<table class="table table-striped table-borderless" style="border:none">
<thead class="border-bottom">
<tr>
<th>Field</th>
<th>Description</th>
</tr>
</thead>
<tbody class="border-top">
<tr>
<td style="white-space:nowrap">
<code>address</code>
<br>
<em>
string
</em>
</td>
<td>
<p>Defines an Envoy Listener Address.</p>
</td>
</tr>
<tr>
<td style="white-space:nowrap">
<code>port</code>
<br>
<em>
int
</em>
</td>
<td>
<p>Defines an Envoy listener Port.</p>
</td>
</tr>
<tr>
<td style="white-space:nowrap">
<code>accessLog</code>
<br>
<em>
string
</em>
</td>
<td>
<p>AccessLog defines where Envoy logs are outputted for this listener.</p>
</td>
</tr>
</tbody>
</table>
<h3 id="projectcontour.io/v1alpha1.EnvoyListenerConfig">EnvoyListenerConfig
</h3>
<p>
(<em>Appears on:</em>
<a href="#projectcontour.io/v1alpha1.EnvoyConfig">EnvoyConfig</a>)
</p>
<p>
<p>EnvoyListenerConfig hold various configurable Envoy listener values.</p>
</p>
<table class="table table-striped table-borderless" style="border:none">
<thead class="border-bottom">
<tr>
<th>Field</th>
<th>Description</th>
</tr>
</thead>
<tbody class="border-top">
<tr>
<td style="white-space:nowrap">
<code>useProxyProtocol</code>
<br>
<em>
bool
</em>
</td>
<td>
<p>Use PROXY protocol for all listeners.</p>
</td>
</tr>
<tr>
<td style="white-space:nowrap">
<code>disableAllowChunkedLength</code>
<br>
<em>
bool
</em>
</td>
<td>
<p>DisableAllowChunkedLength disables the RFC-compliant Envoy behavior to
strip the &ldquo;Content-Length&rdquo; header if &ldquo;Transfer-Encoding: chunked&rdquo; is
also set. This is an emergency off-switch to revert back to Envoy&rsquo;s
default behavior in case of failures. Please file an issue if failures
are encountered.
See: <a href="https://github.com/projectcontour/contour/issues/3221">https://github.com/projectcontour/contour/issues/3221</a></p>
</td>
</tr>
<tr>
<td style="white-space:nowrap">
<code>connectionBalancer</code>
<br>
<em>
string
</em>
</td>
<td>
<p>ConnectionBalancer. If the value is exact, the listener will use the exact connection balancer
See <a href="https://www.envoyproxy.io/docs/envoy/latest/api-v2/api/v2/listener.proto#envoy-api-msg-listener-connectionbalanceconfig">https://www.envoyproxy.io/docs/envoy/latest/api-v2/api/v2/listener.proto#envoy-api-msg-listener-connectionbalanceconfig</a>
for more information.</p>
</td>
</tr>
<tr>
<td style="white-space:nowrap">
<code>tls</code>
<br>
<em>
<a href="#projectcontour.io/v1alpha1.EnvoyTLS">
EnvoyTLS
</a>
</em>
</td>
<td>
<p>TLS holds various configurable Envoy TLS listener values.</p>
</td>
</tr>
</tbody>
</table>
<h3 id="projectcontour.io/v1alpha1.EnvoyLogging">EnvoyLogging
</h3>
<p>
(<em>Appears on:</em>
<a href="#projectcontour.io/v1alpha1.EnvoyConfig">EnvoyConfig</a>)
</p>
<p>
<p>EnvoyLogging defines how Envoy&rsquo;s logs can be configured.</p>
</p>
<table class="table table-striped table-borderless" style="border:none">
<thead class="border-bottom">
<tr>
<th>Field</th>
<th>Description</th>
</tr>
</thead>
<tbody class="border-top">
<tr>
<td style="white-space:nowrap">
<code>accessLogFormat</code>
<br>
<em>
<a href="#projectcontour.io/v1alpha1.AccessLogType">
AccessLogType
</a>
</em>
</td>
<td>
<p>AccessLogFormat sets the global access log format.
Valid options are &lsquo;envoy&rsquo; or &lsquo;json&rsquo;</p>
</td>
</tr>
<tr>
<td style="white-space:nowrap">
<code>accessLogFormatString</code>
<br>
<em>
string
</em>
</td>
<td>
<em>(Optional)</em>
<p>AccessLogFormatString sets the access log format when format is set to <code>envoy</code>.
When empty, Envoy&rsquo;s default format is used.</p>
</td>
</tr>
<tr>
<td style="white-space:nowrap">
<code>jsonFields</code>
<br>
<em>
<a href="#projectcontour.io/v1alpha1.AccessLogFields">
AccessLogFields
</a>
</em>
</td>
<td>
<em>(Optional)</em>
<p>AccessLogFields sets the fields that JSON logging will
output when AccessLogFormat is json.</p>
</td>
</tr>
</tbody>
</table>
<h3 id="projectcontour.io/v1alpha1.EnvoyTLS">EnvoyTLS
</h3>
<p>
(<em>Appears on:</em>
<a href="#projectcontour.io/v1alpha1.EnvoyListenerConfig">EnvoyListenerConfig</a>)
</p>
<p>
<p>EnvoyTLS describes tls parameters for Envoy listneners.</p>
</p>
<table class="table table-striped table-borderless" style="border:none">
<thead class="border-bottom">
<tr>
<th>Field</th>
<th>Description</th>
</tr>
</thead>
<tbody class="border-top">
<tr>
<td style="white-space:nowrap">
<code>minimumProtocolVersion</code>
<br>
<em>
string
</em>
</td>
<td>
<p>MinimumProtocolVersion is the minimum TLS version this vhost should
negotiate. Valid options are <code>1.2</code> (default) and <code>1.3</code>.</p>
</td>
</tr>
<tr>
<td style="white-space:nowrap">
<code>cipherSuites</code>
<br>
<em>
<a href="#projectcontour.io/v1alpha1.TLSCipherType">
[]TLSCipherType
</a>
</em>
</td>
<td>
<p>CipherSuites defines the TLS ciphers to be supported by Envoy TLS
listeners when negotiating TLS 1.2. Ciphers are validated against the
set that Envoy supports by default. This parameter should only be used
by advanced users. Note that these will be ignored when TLS 1.3 is in
use.</p>
<p>See: <a href="https://www.envoyproxy.io/docs/envoy/latest/api-v3/extensions/transport_sockets/tls/v3/common.proto#extensions-transport-sockets-tls-v3-tlsparameters">https://www.envoyproxy.io/docs/envoy/latest/api-v3/extensions/transport_sockets/tls/v3/common.proto#extensions-transport-sockets-tls-v3-tlsparameters</a>
Note: This list is a superset of what is valid for stock Envoy builds and those using BoringSSL FIPS.</p>
</td>
</tr>
</tbody>
</table>
<h3 id="projectcontour.io/v1alpha1.ExtensionProtocolVersion">ExtensionProtocolVersion
(<code>string</code> alias)</h3>
<p>
(<em>Appears on:</em>
<a href="#projectcontour.io/v1alpha1.ExtensionServiceSpec">ExtensionServiceSpec</a>)
</p>
<p>
<p>ExtensionProtocolVersion is the version of the GRPC protocol used
to access extension services. The only version currently supported
is &ldquo;v3&rdquo;.</p>
</p>
<h3 id="projectcontour.io/v1alpha1.ExtensionServiceSpec">ExtensionServiceSpec
</h3>
<p>
(<em>Appears on:</em>
<a href="#projectcontour.io/v1alpha1.ExtensionService">ExtensionService</a>)
</p>
<p>
<p>ExtensionServiceSpec defines the desired state of an ExtensionService resource.</p>
</p>
<table class="table table-striped table-borderless" style="border:none">
<thead class="border-bottom">
<tr>
<th>Field</th>
<th>Description</th>
</tr>
</thead>
<tbody class="border-top">
<tr>
<td style="white-space:nowrap">
<code>services</code>
<br>
<em>
<a href="#projectcontour.io/v1alpha1.ExtensionServiceTarget">
[]ExtensionServiceTarget
</a>
</em>
</td>
<td>
<p>Services specifies the set of Kubernetes Service resources that
receive GRPC extension API requests.
If no weights are specified for any of the entries in
this array, traffic will be spread evenly across all the
services.
Otherwise, traffic is balanced proportionally to the
Weight field in each entry.</p>
</td>
</tr>
<tr>
<td style="white-space:nowrap">
<code>validation</code>
<br>
<em>
<a href="#projectcontour.io/v1.UpstreamValidation">
UpstreamValidation
</a>
</em>
</td>
<td>
<em>(Optional)</em>
<p>UpstreamValidation defines how to verify the backend service&rsquo;s certificate</p>
</td>
</tr>
<tr>
<td style="white-space:nowrap">
<code>protocol</code>
<br>
<em>
string
</em>
</td>
<td>
<em>(Optional)</em>
<p>Protocol may be used to specify (or override) the protocol used to reach this Service.
Values may be h2 or h2c. If omitted, protocol-selection falls back on Service annotations.</p>
</td>
</tr>
<tr>
<td style="white-space:nowrap">
<code>loadBalancerPolicy</code>
<br>
<em>
<a href="#projectcontour.io/v1.LoadBalancerPolicy">
LoadBalancerPolicy
</a>
</em>
</td>
<td>
<em>(Optional)</em>
<p>The policy for load balancing GRPC service requests. Note that the
<code>Cookie</code> and <code>RequestHash</code> load balancing strategies cannot be used
here.</p>
</td>
</tr>
<tr>
<td style="white-space:nowrap">
<code>timeoutPolicy</code>
<br>
<em>
<a href="#projectcontour.io/v1.TimeoutPolicy">
TimeoutPolicy
</a>
</em>
</td>
<td>
<em>(Optional)</em>
<p>The timeout policy for requests to the services.</p>
</td>
</tr>
<tr>
<td style="white-space:nowrap">
<code>protocolVersion</code>
<br>
<em>
<a href="#projectcontour.io/v1alpha1.ExtensionProtocolVersion">
ExtensionProtocolVersion
</a>
</em>
</td>
<td>
<em>(Optional)</em>
<p>This field sets the version of the GRPC protocol that Envoy uses to
send requests to the extension service. Since Contour always uses the
v3 Envoy API, this is currently fixed at &ldquo;v3&rdquo;. However, other
protocol options will be available in future.</p>
</td>
</tr>
</tbody>
</table>
<h3 id="projectcontour.io/v1alpha1.ExtensionServiceStatus">ExtensionServiceStatus
</h3>
<p>
(<em>Appears on:</em>
<a href="#projectcontour.io/v1alpha1.ExtensionService">ExtensionService</a>)
</p>
<p>
<p>ExtensionServiceStatus defines the observed state of an
ExtensionService resource.</p>
</p>
<table class="table table-striped table-borderless" style="border:none">
<thead class="border-bottom">
<tr>
<th>Field</th>
<th>Description</th>
</tr>
</thead>
<tbody class="border-top">
<tr>
<td style="white-space:nowrap">
<code>conditions</code>
<br>
<em>
<a href="#projectcontour.io/v1.DetailedCondition">
[]DetailedCondition
</a>
</em>
</td>
<td>
<em>(Optional)</em>
<p>Conditions contains the current status of the ExtensionService resource.</p>
<p>Contour will update a single condition, <code>Valid</code>, that is in normal-true polarity.</p>
<p>Contour will not modify any other Conditions set in this block,
in case some other controller wants to add a Condition.</p>
</td>
</tr>
</tbody>
</table>
<h3 id="projectcontour.io/v1alpha1.ExtensionServiceTarget">ExtensionServiceTarget
</h3>
<p>
(<em>Appears on:</em>
<a href="#projectcontour.io/v1alpha1.ExtensionServiceSpec">ExtensionServiceSpec</a>)
</p>
<p>
<p>ExtensionServiceTarget defines an Kubernetes Service to target with
extension service traffic.</p>
</p>
<table class="table table-striped table-borderless" style="border:none">
<thead class="border-bottom">
<tr>
<th>Field</th>
<th>Description</th>
</tr>
</thead>
<tbody class="border-top">
<tr>
<td style="white-space:nowrap">
<code>name</code>
<br>
<em>
string
</em>
</td>
<td>
<p>Name is the name of Kubernetes service that will accept service
traffic.</p>
</td>
</tr>
<tr>
<td style="white-space:nowrap">
<code>port</code>
<br>
<em>
int
</em>
</td>
<td>
<p>Port (defined as Integer) to proxy traffic to since a service can have multiple defined.</p>
</td>
</tr>
<tr>
<td style="white-space:nowrap">
<code>weight</code>
<br>
<em>
uint32
</em>
</td>
<td>
<em>(Optional)</em>
<p>Weight defines proportion of traffic to balance to the Kubernetes Service.</p>
</td>
</tr>
</tbody>
</table>
<h3 id="projectcontour.io/v1alpha1.GatewayConfig">GatewayConfig
</h3>
<p>
(<em>Appears on:</em>
<a href="#projectcontour.io/v1alpha1.ContourConfigurationSpec">ContourConfigurationSpec</a>)
</p>
<p>
<p>GatewayConfig holds the config for Gateway API controllers.</p>
</p>
<table class="table table-striped table-borderless" style="border:none">
<thead class="border-bottom">
<tr>
<th>Field</th>
<th>Description</th>
</tr>
</thead>
<tbody class="border-top">
<tr>
<td style="white-space:nowrap">
<code>controllerName</code>
<br>
<em>
string
</em>
</td>
<td>
<p>ControllerName is used to determine whether Contour should reconcile a
GatewayClass. The string takes the form of &ldquo;projectcontour.io/<namespace>/contour&rdquo;.
If unset, the gatewayclass controller will not be started.</p>
</td>
</tr>
</tbody>
</table>
<h3 id="projectcontour.io/v1alpha1.HTTPProxyConfig">HTTPProxyConfig
</h3>
<p>
(<em>Appears on:</em>
<a href="#projectcontour.io/v1alpha1.ContourConfigurationSpec">ContourConfigurationSpec</a>)
</p>
<p>
<p>HTTPProxyConfig defines parameters on HTTPProxy.</p>
</p>
<table class="table table-striped table-borderless" style="border:none">
<thead class="border-bottom">
<tr>
<th>Field</th>
<th>Description</th>
</tr>
</thead>
<tbody class="border-top">
<tr>
<td style="white-space:nowrap">
<code>disablePermitInsecure</code>
<br>
<em>
bool
</em>
</td>
<td>
<p>DisablePermitInsecure disables the use of the
permitInsecure field in HTTPProxy.</p>
</td>
</tr>
<tr>
<td style="white-space:nowrap">
<code>rootNamespaces</code>
<br>
<em>
[]string
</em>
</td>
<td>
<em>(Optional)</em>
<p>Restrict Contour to searching these namespaces for root ingress routes.</p>
</td>
</tr>
<tr>
<td style="white-space:nowrap">
<code>fallbackCertificate</code>
<br>
<em>
<a href="#projectcontour.io/v1alpha1.NamespacedName">
NamespacedName
</a>
</em>
</td>
<td>
<em>(Optional)</em>
<p>FallbackCertificate defines the namespace/name of the Kubernetes secret to
use as fallback when a non-SNI request is received.</p>
</td>
</tr>
</tbody>
</table>
<h3 id="projectcontour.io/v1alpha1.HTTPVersionType">HTTPVersionType
(<code>string</code> alias)</h3>
<p>
(<em>Appears on:</em>
<a href="#projectcontour.io/v1alpha1.EnvoyConfig">EnvoyConfig</a>)
</p>
<p>
<p>HTTPVersionType is the name of a supported HTTP version.</p>
</p>
<h3 id="projectcontour.io/v1alpha1.HeadersPolicy">HeadersPolicy
</h3>
<p>
(<em>Appears on:</em>
<a href="#projectcontour.io/v1alpha1.PolicyConfig">PolicyConfig</a>)
</p>
<p>
</p>
<table class="table table-striped table-borderless" style="border:none">
<thead class="border-bottom">
<tr>
<th>Field</th>
<th>Description</th>
</tr>
</thead>
<tbody class="border-top">
<tr>
<td style="white-space:nowrap">
<code>set</code>
<br>
<em>
map[string]string
</em>
</td>
<td>
<em>(Optional)</em>
</td>
</tr>
<tr>
<td style="white-space:nowrap">
<code>remove</code>
<br>
<em>
[]string
</em>
</td>
<td>
<em>(Optional)</em>
</td>
</tr>
</tbody>
</table>
<h3 id="projectcontour.io/v1alpha1.HealthConfig">HealthConfig
</h3>
<p>
(<em>Appears on:</em>
<a href="#projectcontour.io/v1alpha1.ContourConfigurationSpec">ContourConfigurationSpec</a>, 
<a href="#projectcontour.io/v1alpha1.EnvoyConfig">EnvoyConfig</a>)
</p>
<p>
<p>HealthConfig defines the endpoints to enable health checks.</p>
</p>
<table class="table table-striped table-borderless" style="border:none">
<thead class="border-bottom">
<tr>
<th>Field</th>
<th>Description</th>
</tr>
</thead>
<tbody class="border-top">
<tr>
<td style="white-space:nowrap">
<code>address</code>
<br>
<em>
string
</em>
</td>
<td>
<p>Defines the health address interface.</p>
</td>
</tr>
<tr>
<td style="white-space:nowrap">
<code>port</code>
<br>
<em>
int
</em>
</td>
<td>
<p>Defines the health port.</p>
</td>
</tr>
</tbody>
</table>
<h3 id="projectcontour.io/v1alpha1.IngressConfig">IngressConfig
</h3>
<p>
(<em>Appears on:</em>
<a href="#projectcontour.io/v1alpha1.ContourConfigurationSpec">ContourConfigurationSpec</a>)
</p>
<p>
<p>IngressConfig defines ingress specific config items.</p>
</p>
<table class="table table-striped table-borderless" style="border:none">
<thead class="border-bottom">
<tr>
<th>Field</th>
<th>Description</th>
</tr>
</thead>
<tbody class="border-top">
<tr>
<td style="white-space:nowrap">
<code>className</code>
<br>
<em>
string
</em>
</td>
<td>
<em>(Optional)</em>
<p>Ingress Class Name Contour should use.</p>
</td>
</tr>
<tr>
<td style="white-space:nowrap">
<code>statusAddress</code>
<br>
<em>
string
</em>
</td>
<td>
<em>(Optional)</em>
<p>Address to set in Ingress object status.</p>
</td>
</tr>
</tbody>
</table>
<h3 id="projectcontour.io/v1alpha1.LogLevel">LogLevel
(<code>string</code> alias)</h3>
<p>
(<em>Appears on:</em>
<a href="#projectcontour.io/v1alpha1.DebugConfig">DebugConfig</a>)
</p>
<p>
<p>LogLevel is the logging levels available.</p>
</p>
<h3 id="projectcontour.io/v1alpha1.MetricsConfig">MetricsConfig
</h3>
<p>
(<em>Appears on:</em>
<a href="#projectcontour.io/v1alpha1.ContourConfigurationSpec">ContourConfigurationSpec</a>, 
<a href="#projectcontour.io/v1alpha1.EnvoyConfig">EnvoyConfig</a>)
</p>
<p>
<p>MetricsConfig defines the metrics endpoint.</p>
</p>
<table class="table table-striped table-borderless" style="border:none">
<thead class="border-bottom">
<tr>
<th>Field</th>
<th>Description</th>
</tr>
</thead>
<tbody class="border-top">
<tr>
<td style="white-space:nowrap">
<code>address</code>
<br>
<em>
string
</em>
</td>
<td>
<p>Defines the metrics address interface.</p>
</td>
</tr>
<tr>
<td style="white-space:nowrap">
<code>port</code>
<br>
<em>
int
</em>
</td>
<td>
<p>Defines the metrics port.</p>
</td>
</tr>
<tr>
<td style="white-space:nowrap">
<code>tls</code>
<br>
<em>
<a href="#projectcontour.io/v1alpha1.MetricsTLS">
MetricsTLS
</a>
</em>
</td>
<td>
<em>(Optional)</em>
<p>TLS holds TLS file config details.
Metrics and health endpoints cannot have same port number when metrics is served over HTTPS.</p>
</td>
</tr>
</tbody>
</table>
<h3 id="projectcontour.io/v1alpha1.MetricsTLS">MetricsTLS
</h3>
<p>
(<em>Appears on:</em>
<a href="#projectcontour.io/v1alpha1.MetricsConfig">MetricsConfig</a>)
</p>
<p>
<p>TLS holds TLS file config details.</p>
</p>
<table class="table table-striped table-borderless" style="border:none">
<thead class="border-bottom">
<tr>
<th>Field</th>
<th>Description</th>
</tr>
</thead>
<tbody class="border-top">
<tr>
<td style="white-space:nowrap">
<code>caFile</code>
<br>
<em>
string
</em>
</td>
<td>
<em>(Optional)</em>
<p>CA filename.</p>
</td>
</tr>
<tr>
<td style="white-space:nowrap">
<code>certFile</code>
<br>
<em>
string
</em>
</td>
<td>
<em>(Optional)</em>
<p>Client certificate filename.</p>
</td>
</tr>
<tr>
<td style="white-space:nowrap">
<code>keyFile</code>
<br>
<em>
string
</em>
</td>
<td>
<em>(Optional)</em>
<p>Client key filename.</p>
</td>
</tr>
</tbody>
</table>
<h3 id="projectcontour.io/v1alpha1.NamespacedName">NamespacedName
</h3>
<p>
(<em>Appears on:</em>
<a href="#projectcontour.io/v1alpha1.EnvoyConfig">EnvoyConfig</a>, 
<a href="#projectcontour.io/v1alpha1.HTTPProxyConfig">HTTPProxyConfig</a>, 
<a href="#projectcontour.io/v1alpha1.RateLimitServiceConfig">RateLimitServiceConfig</a>)
</p>
<p>
<p>NamespacedName defines the namespace/name of the Kubernetes resource referred from the config file.
Used for Contour config YAML file parsing, otherwise we could use K8s types.NamespacedName.</p>
</p>
<table class="table table-striped table-borderless" style="border:none">
<thead class="border-bottom">
<tr>
<th>Field</th>
<th>Description</th>
</tr>
</thead>
<tbody class="border-top">
<tr>
<td style="white-space:nowrap">
<code>name</code>
<br>
<em>
string
</em>
</td>
<td>
</td>
</tr>
<tr>
<td style="white-space:nowrap">
<code>namespace</code>
<br>
<em>
string
</em>
</td>
<td>
</td>
</tr>
</tbody>
</table>
<h3 id="projectcontour.io/v1alpha1.NetworkParameters">NetworkParameters
</h3>
<p>
(<em>Appears on:</em>
<a href="#projectcontour.io/v1alpha1.EnvoyConfig">EnvoyConfig</a>)
</p>
<p>
<p>NetworkParameters hold various configurable network values.</p>
</p>
<table class="table table-striped table-borderless" style="border:none">
<thead class="border-bottom">
<tr>
<th>Field</th>
<th>Description</th>
</tr>
</thead>
<tbody class="border-top">
<tr>
<td style="white-space:nowrap">
<code>numTrustedHops</code>
<br>
<em>
uint32
</em>
</td>
<td>
<em>(Optional)</em>
<p>XffNumTrustedHops defines the number of additional ingress proxy hops from the
right side of the x-forwarded-for HTTP header to trust when determining the origin
client’s IP address.</p>
<p>See <a href="https://www.envoyproxy.io/docs/envoy/v1.17.0/api-v3/extensions/filters/network/http_connection_manager/v3/http_connection_manager.proto?highlight=xff_num_trusted_hops">https://www.envoyproxy.io/docs/envoy/v1.17.0/api-v3/extensions/filters/network/http_connection_manager/v3/http_connection_manager.proto?highlight=xff_num_trusted_hops</a>
for more information.</p>
</td>
</tr>
<tr>
<td style="white-space:nowrap">
<code>adminPort</code>
<br>
<em>
int
</em>
</td>
<td>
<p>Configure the port used to access the Envoy Admin interface.
If configured to port &ldquo;0&rdquo; then the admin interface is disabled.</p>
</td>
</tr>
</tbody>
</table>
<h3 id="projectcontour.io/v1alpha1.PolicyConfig">PolicyConfig
</h3>
<p>
(<em>Appears on:</em>
<a href="#projectcontour.io/v1alpha1.ContourConfigurationSpec">ContourConfigurationSpec</a>)
</p>
<p>
<p>PolicyConfig holds default policy used if not explicitly set by the user</p>
</p>
<table class="table table-striped table-borderless" style="border:none">
<thead class="border-bottom">
<tr>
<th>Field</th>
<th>Description</th>
</tr>
</thead>
<tbody class="border-top">
<tr>
<td style="white-space:nowrap">
<code>requestHeaders</code>
<br>
<em>
<a href="#projectcontour.io/v1alpha1.HeadersPolicy">
HeadersPolicy
</a>
</em>
</td>
<td>
<em>(Optional)</em>
<p>RequestHeadersPolicy defines the request headers set/removed on all routes</p>
</td>
</tr>
<tr>
<td style="white-space:nowrap">
<code>responseHeaders</code>
<br>
<em>
<a href="#projectcontour.io/v1alpha1.HeadersPolicy">
HeadersPolicy
</a>
</em>
</td>
<td>
<em>(Optional)</em>
<p>ResponseHeadersPolicy defines the response headers set/removed on all routes</p>
</td>
</tr>
<tr>
<td style="white-space:nowrap">
<code>applyToIngress</code>
<br>
<em>
bool
</em>
</td>
<td>
<em>(Optional)</em>
<p>ApplyToIngress determines if the Policies will apply to ingress objects</p>
</td>
</tr>
</tbody>
</table>
<h3 id="projectcontour.io/v1alpha1.RateLimitServiceConfig">RateLimitServiceConfig
</h3>
<p>
(<em>Appears on:</em>
<a href="#projectcontour.io/v1alpha1.ContourConfigurationSpec">ContourConfigurationSpec</a>)
</p>
<p>
<p>RateLimitServiceConfig defines properties of a global Rate Limit Service.</p>
</p>
<table class="table table-striped table-borderless" style="border:none">
<thead class="border-bottom">
<tr>
<th>Field</th>
<th>Description</th>
</tr>
</thead>
<tbody class="border-top">
<tr>
<td style="white-space:nowrap">
<code>extensionService</code>
<br>
<em>
<a href="#projectcontour.io/v1alpha1.NamespacedName">
NamespacedName
</a>
</em>
</td>
<td>
<p>ExtensionService identifies the extension service defining the RLS.</p>
</td>
</tr>
<tr>
<td style="white-space:nowrap">
<code>domain</code>
<br>
<em>
string
</em>
</td>
<td>
<p>Domain is passed to the Rate Limit Service.</p>
</td>
</tr>
<tr>
<td style="white-space:nowrap">
<code>failOpen</code>
<br>
<em>
bool
</em>
</td>
<td>
<p>FailOpen defines whether to allow requests to proceed when the
Rate Limit Service fails to respond with a valid rate limit
decision within the timeout defined on the extension service.</p>
</td>
</tr>
<tr>
<td style="white-space:nowrap">
<code>enableXRateLimitHeaders</code>
<br>
<em>
bool
</em>
</td>
<td>
<p>EnableXRateLimitHeaders defines whether to include the X-RateLimit
headers X-RateLimit-Limit, X-RateLimit-Remaining, and X-RateLimit-Reset
(as defined by the IETF Internet-Draft linked below), on responses
to clients when the Rate Limit Service is consulted for a request.</p>
<p>ref. <a href="https://tools.ietf.org/id/draft-polli-ratelimit-headers-03.html">https://tools.ietf.org/id/draft-polli-ratelimit-headers-03.html</a></p>
</td>
</tr>
</tbody>
</table>
<h3 id="projectcontour.io/v1alpha1.TLS">TLS
</h3>
<p>
(<em>Appears on:</em>
<a href="#projectcontour.io/v1alpha1.XDSServerConfig">XDSServerConfig</a>)
</p>
<p>
<p>TLS holds TLS file config details.</p>
</p>
<table class="table table-striped table-borderless" style="border:none">
<thead class="border-bottom">
<tr>
<th>Field</th>
<th>Description</th>
</tr>
</thead>
<tbody class="border-top">
<tr>
<td style="white-space:nowrap">
<code>caFile</code>
<br>
<em>
string
</em>
</td>
<td>
<em>(Optional)</em>
<p>CA filename.</p>
</td>
</tr>
<tr>
<td style="white-space:nowrap">
<code>certFile</code>
<br>
<em>
string
</em>
</td>
<td>
<em>(Optional)</em>
<p>Client certificate filename.</p>
</td>
</tr>
<tr>
<td style="white-space:nowrap">
<code>keyFile</code>
<br>
<em>
string
</em>
</td>
<td>
<em>(Optional)</em>
<p>Client key filename.</p>
</td>
</tr>
<tr>
<td style="white-space:nowrap">
<code>insecure</code>
<br>
<em>
bool
</em>
</td>
<td>
<p>Allow serving the xDS gRPC API without TLS.</p>
</td>
</tr>
</tbody>
</table>
<h3 id="projectcontour.io/v1alpha1.TLSCipherType">TLSCipherType
(<code>string</code> alias)</h3>
<p>
(<em>Appears on:</em>
<a href="#projectcontour.io/v1alpha1.EnvoyTLS">EnvoyTLS</a>)
</p>
<p>
</p>
<h3 id="projectcontour.io/v1alpha1.TimeoutParameters">TimeoutParameters
</h3>
<p>
(<em>Appears on:</em>
<a href="#projectcontour.io/v1alpha1.EnvoyConfig">EnvoyConfig</a>)
</p>
<p>
<p>TimeoutParameters holds various configurable proxy timeout values.</p>
</p>
<table class="table table-striped table-borderless" style="border:none">
<thead class="border-bottom">
<tr>
<th>Field</th>
<th>Description</th>
</tr>
</thead>
<tbody class="border-top">
<tr>
<td style="white-space:nowrap">
<code>requestTimeout</code>
<br>
<em>
string
</em>
</td>
<td>
<em>(Optional)</em>
<p>RequestTimeout sets the client request timeout globally for Contour. Note that
this is a timeout for the entire request, not an idle timeout. Omit or set to
&ldquo;infinity&rdquo; to disable the timeout entirely.</p>
<p>See <a href="https://www.envoyproxy.io/docs/envoy/latest/api-v3/extensions/filters/network/http_connection_manager/v3/http_connection_manager.proto#envoy-v3-api-field-extensions-filters-network-http-connection-manager-v3-httpconnectionmanager-request-timeout">https://www.envoyproxy.io/docs/envoy/latest/api-v3/extensions/filters/network/http_connection_manager/v3/http_connection_manager.proto#envoy-v3-api-field-extensions-filters-network-http-connection-manager-v3-httpconnectionmanager-request-timeout</a>
for more information.</p>
</td>
</tr>
<tr>
<td style="white-space:nowrap">
<code>connectionIdleTimeout</code>
<br>
<em>
string
</em>
</td>
<td>
<em>(Optional)</em>
<p>ConnectionIdleTimeout defines how long the proxy should wait while there are
no active requests (for HTTP/1.1) or streams (for HTTP/2) before terminating
an HTTP connection. Set to &ldquo;infinity&rdquo; to disable the timeout entirely.</p>
<p>See <a href="https://www.envoyproxy.io/docs/envoy/latest/api-v3/config/core/v3/protocol.proto#envoy-v3-api-field-config-core-v3-httpprotocoloptions-idle-timeout">https://www.envoyproxy.io/docs/envoy/latest/api-v3/config/core/v3/protocol.proto#envoy-v3-api-field-config-core-v3-httpprotocoloptions-idle-timeout</a>
for more information.</p>
</td>
</tr>
<tr>
<td style="white-space:nowrap">
<code>streamIdleTimeout</code>
<br>
<em>
string
</em>
</td>
<td>
<em>(Optional)</em>
<p>StreamIdleTimeout defines how long the proxy should wait while there is no
request activity (for HTTP/1.1) or stream activity (for HTTP/2) before
terminating the HTTP request or stream. Set to &ldquo;infinity&rdquo; to disable the
timeout entirely.</p>
<p>See <a href="https://www.envoyproxy.io/docs/envoy/latest/api-v3/extensions/filters/network/http_connection_manager/v3/http_connection_manager.proto#envoy-v3-api-field-extensions-filters-network-http-connection-manager-v3-httpconnectionmanager-stream-idle-timeout">https://www.envoyproxy.io/docs/envoy/latest/api-v3/extensions/filters/network/http_connection_manager/v3/http_connection_manager.proto#envoy-v3-api-field-extensions-filters-network-http-connection-manager-v3-httpconnectionmanager-stream-idle-timeout</a>
for more information.</p>
</td>
</tr>
<tr>
<td style="white-space:nowrap">
<code>maxConnectionDuration</code>
<br>
<em>
string
</em>
</td>
<td>
<em>(Optional)</em>
<p>MaxConnectionDuration defines the maximum period of time after an HTTP connection
has been established from the client to the proxy before it is closed by the proxy,
regardless of whether there has been activity or not. Omit or set to &ldquo;infinity&rdquo; for
no max duration.</p>
<p>See <a href="https://www.envoyproxy.io/docs/envoy/latest/api-v3/config/core/v3/protocol.proto#envoy-v3-api-field-config-core-v3-httpprotocoloptions-max-connection-duration">https://www.envoyproxy.io/docs/envoy/latest/api-v3/config/core/v3/protocol.proto#envoy-v3-api-field-config-core-v3-httpprotocoloptions-max-connection-duration</a>
for more information.</p>
</td>
</tr>
<tr>
<td style="white-space:nowrap">
<code>delayedCloseTimeout</code>
<br>
<em>
string
</em>
</td>
<td>
<em>(Optional)</em>
<p>DelayedCloseTimeout defines how long envoy will wait, once connection
close processing has been initiated, for the downstream peer to close
the connection before Envoy closes the socket associated with the connection.</p>
<p>Setting this timeout to &lsquo;infinity&rsquo; will disable it, equivalent to setting it to &lsquo;0&rsquo;
in Envoy. Leaving it unset will result in the Envoy default value being used.</p>
<p>See <a href="https://www.envoyproxy.io/docs/envoy/latest/api-v3/extensions/filters/network/http_connection_manager/v3/http_connection_manager.proto#envoy-v3-api-field-extensions-filters-network-http-connection-manager-v3-httpconnectionmanager-delayed-close-timeout">https://www.envoyproxy.io/docs/envoy/latest/api-v3/extensions/filters/network/http_connection_manager/v3/http_connection_manager.proto#envoy-v3-api-field-extensions-filters-network-http-connection-manager-v3-httpconnectionmanager-delayed-close-timeout</a>
for more information.</p>
</td>
</tr>
<tr>
<td style="white-space:nowrap">
<code>connectionShutdownGracePeriod</code>
<br>
<em>
string
</em>
</td>
<td>
<em>(Optional)</em>
<p>ConnectionShutdownGracePeriod defines how long the proxy will wait between sending an
initial GOAWAY frame and a second, final GOAWAY frame when terminating an HTTP/2 connection.
During this grace period, the proxy will continue to respond to new streams. After the final
GOAWAY frame has been sent, the proxy will refuse new streams.</p>
<p>See <a href="https://www.envoyproxy.io/docs/envoy/latest/api-v3/extensions/filters/network/http_connection_manager/v3/http_connection_manager.proto#envoy-v3-api-field-extensions-filters-network-http-connection-manager-v3-httpconnectionmanager-drain-timeout">https://www.envoyproxy.io/docs/envoy/latest/api-v3/extensions/filters/network/http_connection_manager/v3/http_connection_manager.proto#envoy-v3-api-field-extensions-filters-network-http-connection-manager-v3-httpconnectionmanager-drain-timeout</a>
for more information.</p>
</td>
</tr>
</tbody>
</table>
<h3 id="projectcontour.io/v1alpha1.XDSServerConfig">XDSServerConfig
</h3>
<p>
(<em>Appears on:</em>
<a href="#projectcontour.io/v1alpha1.ContourConfigurationSpec">ContourConfigurationSpec</a>)
</p>
<p>
<p>XDSServerConfig holds the config for the Contour xDS server.</p>
</p>
<table class="table table-striped table-borderless" style="border:none">
<thead class="border-bottom">
<tr>
<th>Field</th>
<th>Description</th>
</tr>
</thead>
<tbody class="border-top">
<tr>
<td style="white-space:nowrap">
<code>type</code>
<br>
<em>
<a href="#projectcontour.io/v1alpha1.XDSServerType">
XDSServerType
</a>
</em>
</td>
<td>
<p>Defines the XDSServer to use for <code>contour serve</code>.</p>
</td>
</tr>
<tr>
<td style="white-space:nowrap">
<code>address</code>
<br>
<em>
string
</em>
</td>
<td>
<p>Defines the xDS gRPC API address which Contour will serve.</p>
</td>
</tr>
<tr>
<td style="white-space:nowrap">
<code>port</code>
<br>
<em>
int
</em>
</td>
<td>
<p>Defines the xDS gRPC API port which Contour will serve.</p>
</td>
</tr>
<tr>
<td style="white-space:nowrap">
<code>tls</code>
<br>
<em>
<a href="#projectcontour.io/v1alpha1.TLS">
TLS
</a>
</em>
</td>
<td>
<em>(Optional)</em>
<p>TLS holds TLS file config details.</p>
</td>
</tr>
</tbody>
</table>
<h3 id="projectcontour.io/v1alpha1.XDSServerType">XDSServerType
(<code>string</code> alias)</h3>
<p>
(<em>Appears on:</em>
<a href="#projectcontour.io/v1alpha1.XDSServerConfig">XDSServerConfig</a>)
</p>
<p>
<p>XDSServerType is the type of xDS server implementation.</p>
</p>
<hr/>
<p><em>
Generated with <code>gen-crd-api-reference-docs</code>.
</em></p>