github.com/projectcontour/contour@v1.28.2/site/content/docs/v1.10.0/config/inclusion-delegation.md (about) 1 # HTTPProxy Inclusion 2 3 HTTPProxy permits the splitting of a system's configuration into separate HTTPProxy instances using **inclusion**. 4 5 Inclusion, as the name implies, allows for one HTTPProxy object to be included in another, optionally with some conditions inherited from the parent. 6 Contour reads the inclusion tree and merges the included routes into one big object internally before rendering Envoy config. 7 Importantly, the included HTTPProxy objects do not have to be in the same namespace. 8 9 Each tree of HTTPProxy starts with a root, the top level object of the configuration for a particular virtual host. 10 Each root HTTPProxy defines a `virtualhost` key, which describes properties such as the fully qualified name of the virtual host, TLS configuration, etc. 11 12 HTTPProxies included from the root must not contain a virtualhost key. 13 Root objects cannot include other roots either transitively or directly. 14 This permits the owner of an HTTPProxy root to allow the inclusion of a portion of the route space inside a virtual host, and to allow that route space to be further subdivided with inclusions. 15 Because the path is not necessarily used as the only key, the route space can be multi-dimensional. 16 17 ## Conditions and Inclusion 18 19 Like Routes, Inclusion may specify a set of [conditions][1]. 20 These conditions are added to any conditions on the routes included. 21 This process is recursive. 22 23 Conditions are sets of individual condition statements, for example `prefix: /blog` is the condition that the matching request's path must start with `/blog`. 24 When conditions are combined through inclusion Contour merges the conditions inherited via inclusion with any conditions specified on the route. 25 This may result in duplicates, for example two `prefix:` conditions, or two header match conditions with the same name and value. 26 To resolve this Contour applies the following logic. 27 28 - `prefix:` conditions are concatenated together in the order they were applied from the root object. For example the conditions, `prefix: /api`, `prefix: /v1` becomes a single `prefix: /api/v1` conditions. Note: Multiple prefixes cannot be supplied on a single set of Route conditions. 29 - Proxies with repeated identical `header:` conditions of type "exact match" (the same header keys exactly) are marked as "Invalid" since they create an un-routable configuration. 30 31 ## Configuring Inclusion 32 33 Inclusion is a top-level field in the HTTPProxy [spec][2] element. 34 It requires one field, `name`, and has two optional fields: 35 36 - `namespace`. This will assume the included HTTPProxy is in the same namespace if it's not specified. 37 - a `conditions` block. 38 39 ## Inclusion Within the Same Namespace 40 41 HTTPProxies can include other HTTPProxy objects in the namespace by specifying the name of the object and its namespace in the top-level `includes` block. 42 Note that `includes` is a list, and so it must use the YAML list construct. 43 44 In this example, the HTTPProxy `include-root` has included the configuration for paths matching `/service2` from the HTTPProxy named `service2` in the same namespace as `include-root` (the `default` namespace). 45 It's important to note that `service2` HTTPProxy has not defined a `virtualhost` property as it is NOT a root HTTPProxy. 46 47 ```yaml 48 # httpproxy-inclusion-samenamespace.yaml 49 apiVersion: projectcontour.io/v1 50 kind: HTTPProxy 51 metadata: 52 name: include-root 53 namespace: default 54 spec: 55 virtualhost: 56 fqdn: root.bar.com 57 includes: 58 # Includes the /service2 path from service2 in the same namespace 59 - name: service2 60 namespace: default 61 conditions: 62 - prefix: /service2 63 routes: 64 - conditions: 65 - prefix: / 66 services: 67 - name: s1 68 port: 80 69 --- 70 apiVersion: projectcontour.io/v1 71 kind: HTTPProxy 72 metadata: 73 name: service2 74 namespace: default 75 spec: 76 routes: 77 - services: # matches /service2 78 - name: s2 79 port: 80 80 - conditions: 81 - prefix: /blog # matches /service2/blog 82 services: 83 - name: blog 84 port: 80 85 ``` 86 87 ## Inclusion Across Namespaces 88 89 Inclusion can also happen across Namespaces by specifying a `namespace` in the `inclusion`. 90 This is a particularly powerful paradigm for enabling multi-team Ingress management. 91 92 In this example, the root HTTPProxy has included configuration for paths matching `/blog` to the `blog` HTTPProxy object in the `marketing` namespace. 93 94 ```yaml 95 # httpproxy-inclusion-across-namespaces.yaml 96 --- 97 apiVersion: projectcontour.io/v1 98 kind: HTTPProxy 99 metadata: 100 name: namespace-include-root 101 namespace: default 102 spec: 103 virtualhost: 104 fqdn: ns-root.bar.com 105 includes: 106 # delegate the subpath, `/blog` to the HTTPProxy object in the marketing namespace with the name `blog` 107 - name: blog 108 namespace: marketing 109 conditions: 110 - prefix: /blog 111 routes: 112 - services: 113 - name: s1 114 port: 80 115 116 --- 117 apiVersion: projectcontour.io/v1 118 kind: HTTPProxy 119 metadata: 120 name: blog 121 namespace: marketing 122 spec: 123 routes: 124 - services: 125 - name: s2 126 port: 80 127 ``` 128 129 ## Orphaned HTTPProxy children 130 131 It is possible for HTTPProxy objects to exist that have not been delegated to by another HTTPProxy. 132 These objects are considered "orphaned" and will be ignored by Contour in determining ingress configuration. 133 134 [1]: request-routing#conditions 135 [2]: api/#projectcontour.io/v1.HTTPProxySpec