Edit this page
Report an issueCustom Resource Definitions API Reference
Packages
- configuration.konghq.com/v1
- configuration.konghq.com/v1alpha1
- configuration.konghq.com/v1beta1
- gateway-operator.konghq.com/v1alpha1
- gateway-operator.konghq.com/v1beta1
- incubator.ingress-controller.konghq.com/v1alpha1
- konnect.konghq.com/v1alpha1
configuration.konghq.com/v1
Package v1 contains API Schema definitions for the konghq.com v1 API group.
- KongClusterPlugin
- KongConsumer
- KongIngress
-
KongPlugin
KongClusterPlugin
KongClusterPlugin is the Schema for the kongclusterplugins API.
The only differences between KongPlugin and KongClusterPlugin are that KongClusterPlugin is a
Kubernetes cluster-level resource instead of a namespaced resource, and can be applied as a
global plugin using global label.
| Field | Description |
|---|---|
apiVersion string
|
configuration.konghq.com/v1 |
kind string
|
KongClusterPlugin |
metadata ObjectMeta
|
Refer to Kubernetes API documentation for fields of metadata. |
consumerRef string
|
ConsumerRef is a reference to a particular consumer. |
disabled boolean
|
Disabled set if the plugin is disabled or not. |
config JSON
|
Config contains the plugin configuration. It’s a list of keys and values required to configure the plugin. Please read the documentation of the plugin being configured to set values in here. For any plugin in Kong, anything that goes in the config JSON key in the Admin API request, goes into this property. Only one of config or configFrom may be used in a KongClusterPlugin, not both at once. |
configFrom NamespacedConfigSource
|
ConfigFrom references a secret containing the plugin configuration. This should be used when the plugin configuration contains sensitive information, such as AWS credentials in the Lambda plugin or the client secret in the OIDC plugin. Only one of config or configFrom may be used in a KongClusterPlugin, not both at once. |
configPatches NamespacedConfigPatch array
|
ConfigPatches represents JSON patches to the configuration of the plugin. Each item means a JSON patch to add something in the configuration, where path is specified in path and value is in valueFrom referencing a key in a secret. When Config is specified, patches will be applied to the configuration in Config. Otherwise, patches will be applied to an empty object. |
plugin string
|
PluginName is the name of the plugin to which to apply the config. |
run_on string
|
RunOn configures the plugin to run on the first or the second or both nodes in case of a service mesh deployment. |
protocols KongProtocol array
|
Protocols configures plugin to run on requests received on specific protocols. |
ordering PluginOrdering
|
Ordering overrides the normal plugin execution order. It’s only available on Kong Enterprise. <phase> is a request processing phase (for example, access or body_filter) and <plugin> is the name of the plugin that will run before or after the KongPlugin. For example, a KongPlugin with plugin: rate-limiting and before.access: ["key-auth"] will create a rate limiting plugin that limits requests before they are authenticated. |
instance_name string
|
InstanceName is an optional custom name to identify an instance of the plugin. This is useful when running the same plugin in multiple contexts, for example, on multiple services. |
KongConsumer
KongConsumer is the Schema for the kongconsumers API.
When this resource is created, a corresponding consumer entity will be created in Kong.
While KongConsumer exists in a specific Kubernetes namespace, KongConsumers from all namespaces
are combined into a single Kong configuration, and no KongConsumers with the same
kubernetes.io/ingress.class may share the same Username or CustomID value.
| Field | Description |
|---|---|
apiVersion string
|
configuration.konghq.com/v1 |
kind string
|
KongConsumer |
metadata ObjectMeta
|
Refer to Kubernetes API documentation for fields of metadata. |
username string
|
Username is a Kong cluster-unique username of the consumer. |
custom_id string
|
CustomID is a Kong cluster-unique existing ID for the consumer - useful for mapping Kong with users in your existing database. |
credentials string array
|
Credentials are references to secrets containing a credential to be provisioned in Kong. |
consumerGroups string array
|
ConsumerGroups are references to consumer groups (that consumer wants to be part of) provisioned in Kong. |
spec KongConsumerSpec
|
KongIngress
KongIngress is the Schema for the kongingresses API.
It serves as an “extension” to Ingress resource. It is not meant as a replacement to the Ingress resource in Kubernetes.
The Ingress resource spec in Kubernetes can define routing policies based on HTTP Host header and paths.
While this is sufficient in most cases, sometimes, users may want more control over routing at the Ingress level.
Once a KongIngress resource is created, it needs to be associated with an Ingress or Service resource using the
konghq.com/override annotation.
KongIngress is not supported on Gateway APIs resources, such as HTTPRoute and TCPRoute. These resources must use annotations.
Many fields available on KongIngress are also available as annotations. When an annotation is available, it is the preferred means of configuring that setting, and the annotation value will take precedence over a KongIngress value if both set the same setting.
| Field | Description |
|---|---|
apiVersion string
|
configuration.konghq.com/v1 |
kind string
|
KongIngress |
metadata ObjectMeta
|
Refer to Kubernetes API documentation for fields of metadata. |
upstream KongIngressUpstream
|
Upstream represents a virtual hostname and can be used to loadbalance incoming requests over multiple targets (e.g. Kubernetes Services can be a target, OR Endpoints can be targets). |
proxy KongIngressService
|
Proxy defines additional connection options for the routes to be configured in the Kong Gateway, e.g. connection_timeout, retries, etc. |
route KongIngressRoute
|
Route define rules to match client requests. Each Route is associated with a Service, and a Service may have multiple Routes associated to it. |
KongPlugin
KongPlugin is the Schema for the kongplugins API.
Plugins can be associated with the Ingress, Service, HTTPRoute, KongConsumer or KongConsumerGroup object in Kubernetes using konghq.com/plugins annotation.
| Field | Description |
|---|---|
apiVersion string
|
configuration.konghq.com/v1 |
kind string
|
KongPlugin |
metadata ObjectMeta
|
Refer to Kubernetes API documentation for fields of metadata. |
consumerRef string
|
ConsumerRef is a reference to a particular consumer. |
disabled boolean
|
Disabled set if the plugin is disabled or not. |
config JSON
|
Config contains the plugin configuration. It’s a list of keys and values required to configure the plugin. Please read the documentation of the plugin being configured to set values in here. For any plugin in Kong, anything that goes in the config JSON key in the Admin API request, goes into this property. Only one of config or configFrom may be used in a KongPlugin, not both at once. |
configFrom ConfigSource
|
ConfigFrom references a secret containing the plugin configuration. This should be used when the plugin configuration contains sensitive information, such as AWS credentials in the Lambda plugin or the client secret in the OIDC plugin. Only one of config or configFrom may be used in a KongPlugin, not both at once. |
configPatches ConfigPatch array
|
ConfigPatches represents JSON patches to the configuration of the plugin. Each item means a JSON patch to add something in the configuration, where path is specified in path and value is in valueFrom referencing a key in a secret. When Config is specified, patches will be applied to the configuration in Config. Otherwise, patches will be applied to an empty object. |
plugin string
|
PluginName is the name of the plugin to which to apply the config. |
run_on string
|
RunOn configures the plugin to run on the first or the second or both nodes in case of a service mesh deployment. |
protocols KongProtocol array
|
Protocols configures plugin to run on requests received on specific protocols. |
ordering PluginOrdering
|
Ordering overrides the normal plugin execution order. It’s only available on Kong Enterprise. <phase> is a request processing phase (for example, access or body_filter) and <plugin> is the name of the plugin that will run before or after the KongPlugin. For example, a KongPlugin with plugin: rate-limiting and before.access: ["key-auth"] will create a rate limiting plugin that limits requests before they are authenticated. |
instance_name string
|
InstanceName is an optional custom name to identify an instance of the plugin. This is useful when running the same plugin in multiple contexts, for example, on multiple services. |
Types
In this section you will find types that the CRDs rely on.
ConfigPatch
ConfigPatch is a JSON patch (RFC6902) to add values from Secret to the generated configuration.
It is an equivalent of the following patch:
{"op": "add", "path": {.Path}, "value": {.ComputedValueFrom}}.
| Field | Description |
|---|---|
path string
|
Path is the JSON-Pointer value (RFC6901) that references a location within the target configuration. |
valueFrom ConfigSource
|
ValueFrom is the reference to a key of a secret where the patched value comes from. |
Appears in:
ConfigSource
ConfigSource is a wrapper around SecretValueFromSource.
| Field | Description |
|---|---|
secretKeyRef SecretValueFromSource
|
Specifies a name and a key of a secret to refer to. The namespace is implicitly set to the one of referring object. |
Appears in:
KongConsumerSpec
KongConsumerSpec defines the specification of the KongConsumer.
| Field | Description |
|---|---|
controlPlaneRef ControlPlaneRef
|
ControlPlaneRef is a reference to a ControlPlane this Consumer is associated with. |
tags Tags
|
Tags is an optional set of tags applied to the consumer. |
Appears in:
KongIngressRoute
KongIngressRoute contains KongIngress route configuration.
It contains the subset of go-kong.kong.Route fields supported by kongstate.Route.overrideByKongIngress.
Deprecated: use Ingress’ annotations instead.
| Field | Description |
|---|---|
methods string array
|
Methods is a list of HTTP methods that match this Route. Deprecated: use Ingress’ “konghq.com/methods” annotation instead. |
headers object (keys:string, values:string array)
|
Headers contains one or more lists of values indexed by header name that will cause this Route to match if present in the request. The Host header cannot be used with this attribute. Deprecated: use Ingress’ “konghq.com/headers” annotation instead. |
protocols KongProtocol array
|
Protocols is an array of the protocols this Route should allow. Deprecated: use Ingress’ “konghq.com/protocols” annotation instead. |
regex_priority integer
|
RegexPriority is a number used to choose which route resolves a given request when several routes match it using regexes simultaneously. Deprecated: use Ingress’ “konghq.com/regex-priority” annotation instead. |
strip_path boolean
|
StripPath sets When matching a Route via one of the paths strip the matching prefix from the upstream request URL. Deprecated: use Ingress’ “konghq.com/strip-path” annotation instead. |
preserve_host boolean
|
PreserveHost sets When matching a Route via one of the hosts domain names, use the request Host header in the upstream request headers. If set to false, the upstream Host header will be that of the Service’s host. Deprecated: use Ingress’ “konghq.com/preserve-host” annotation instead. |
https_redirect_status_code integer
|
HTTPSRedirectStatusCode is the status code Kong responds with when all properties of a Route match except the protocol. Deprecated: use Ingress’ “ingress.kubernetes.io/force-ssl-redirect” or “konghq.com/https-redirect-status-code” annotations instead. |
path_handling string
|
PathHandling controls how the Service path, Route path and requested path are combined when sending a request to the upstream. Deprecated: use Ingress’ “konghq.com/path-handling” annotation instead. |
snis string array
|
SNIs is a list of SNIs that match this Route when using stream routing. Deprecated: use Ingress’ “konghq.com/snis” annotation instead. |
request_buffering boolean
|
RequestBuffering sets whether to enable request body buffering or not. Deprecated: use Ingress’ “konghq.com/request-buffering” annotation instead. |
response_buffering boolean
|
ResponseBuffering sets whether to enable response body buffering or not. Deprecated: use Ingress’ “konghq.com/response-buffering” annotation instead. |
Appears in:
KongIngressService
KongIngressService contains KongIngress service configuration. It contains the subset of go-kong.kong.Service fields supported by kongstate.Service.overrideByKongIngress. Deprecated: use Service’s annotations instead.
| Field | Description |
|---|---|
protocol string
|
The protocol used to communicate with the upstream. Deprecated: use Service’s “konghq.com/protocol” annotation instead. |
path string
|
(optional) The path to be used in requests to the upstream server. Deprecated: use Service’s “konghq.com/path” annotation instead. |
retries integer
|
The number of retries to execute upon failure to proxy. Deprecated: use Service’s “konghq.com/retries” annotation instead. |
connect_timeout integer
|
The timeout in milliseconds for establishing a connection to the upstream server. Deprecated: use Service’s “konghq.com/connect-timeout” annotation instead. |
read_timeout integer
|
The timeout in milliseconds between two successive read operations for transmitting a request to the upstream server. Deprecated: use Service’s “konghq.com/read-timeout” annotation instead. |
write_timeout integer
|
The timeout in milliseconds between two successive write operations for transmitting a request to the upstream server. Deprecated: use Service’s “konghq.com/write-timeout” annotation instead. |
Appears in:
KongIngressUpstream
KongIngressUpstream contains KongIngress upstream configuration.
It contains the subset of go-kong.kong.Upstream fields supported by kongstate.Upstream.overrideByKongIngress.
| Field | Description |
|---|---|
host_header string
|
HostHeader is The hostname to be used as Host header when proxying requests through Kong. |
algorithm string
|
Algorithm is the load balancing algorithm to use. Accepted values are: “round-robin”, “consistent-hashing”, “least-connections”, “latency”. |
slots integer
|
Slots is the number of slots in the load balancer algorithm. |
healthchecks Healthcheck
|
Healthchecks defines the health check configurations in Kong. |
hash_on string
|
HashOn defines what to use as hashing input. Accepted values are: “none”, “consumer”, “ip”, “header”, “cookie”, “path”, “query_arg”, “uri_capture”. |
hash_fallback string
|
HashFallback defines What to use as hashing input if the primary hash_on does not return a hash. Accepted values are: “none”, “consumer”, “ip”, “header”, “cookie”. |
hash_on_header string
|
HashOnHeader defines the header name to take the value from as hash input. Only required when “hash_on” is set to “header”. |
hash_fallback_header string
|
HashFallbackHeader is the header name to take the value from as hash input. Only required when “hash_fallback” is set to “header”. |
hash_on_cookie string
|
The cookie name to take the value from as hash input. Only required when “hash_on” or “hash_fallback” is set to “cookie”. |
hash_on_cookie_path string
|
The cookie path to set in the response headers. Only required when “hash_on” or “hash_fallback” is set to “cookie”. |
hash_on_query_arg string
|
HashOnQueryArg is the query string parameter whose value is the hash input when “hash_on” is set to “query_arg”. |
hash_fallback_query_arg string
|
HashFallbackQueryArg is the “hash_fallback” version of HashOnQueryArg. |
hash_on_uri_capture string
|
HashOnURICapture is the name of the capture group whose value is the hash input when “hash_on” is set to “uri_capture”. |
hash_fallback_uri_capture string
|
HashFallbackURICapture is the “hash_fallback” version of HashOnURICapture. |
Appears in:
KongProtocol
Underlying type: string
KongProtocol is a valid Kong protocol. This alias is necessary to deal with https://github.com/kubernetes-sigs/controller-tools/issues/342
Appears in:
NamespacedConfigPatch
NamespacedConfigPatch is a JSON patch to add values from secrets to KongClusterPlugin to the generated configuration of plugin in Kong.
| Field | Description |
|---|---|
path string
|
Path is the JSON path to add the patch. |
valueFrom NamespacedConfigSource
|
ValueFrom is the reference to a key of a secret where the patched value comes from. |
Appears in:
NamespacedConfigSource
NamespacedConfigSource is a wrapper around NamespacedSecretValueFromSource.
| Field | Description |
|---|---|
secretKeyRef NamespacedSecretValueFromSource
|
Specifies a name, a namespace, and a key of a secret to refer to. |
Appears in:
NamespacedSecretValueFromSource
NamespacedSecretValueFromSource represents the source of a secret value specifying the secret namespace.
| Field | Description |
|---|---|
namespace string
|
The namespace containing the secret. |
name string
|
The secret containing the key. |
key string
|
The key containing the value. |
Appears in:
SecretValueFromSource
SecretValueFromSource represents the source of a secret value.
| Field | Description |
|---|---|
name string
|
The secret containing the key. |
key string
|
The key containing the value. |
Appears in:
configuration.konghq.com/v1alpha1
Package v1alpha1 contains API Schema definitions for the configuration.konghq.com v1alpha1 API group.
- IngressClassParameters
- KongCACertificate
- KongCertificate
- KongCredentialACL
- KongCredentialAPIKey
- KongCredentialBasicAuth
- KongCredentialHMAC
- KongCredentialJWT
- KongCustomEntity
- KongDataPlaneClientCertificate
- KongKey
- KongKeySet
- KongLicense
- KongPluginBinding
- KongRoute
- KongSNI
- KongService
- KongTarget
- KongUpstream
-
KongVault
IngressClassParameters
IngressClassParameters is the Schema for the IngressClassParameters API.
| Field | Description |
|---|---|
apiVersion string
|
configuration.konghq.com/v1alpha1 |
kind string
|
IngressClassParameters |
metadata ObjectMeta
|
Refer to Kubernetes API documentation for fields of metadata. |
spec IngressClassParametersSpec
|
Spec is the IngressClassParameters specification. |
KongCACertificate
KongCACertificate is the schema for CACertificate API which defines a Kong CA Certificate.
| Field | Description |
|---|---|
apiVersion string
|
configuration.konghq.com/v1alpha1 |
kind string
|
KongCACertificate |
metadata ObjectMeta
|
Refer to Kubernetes API documentation for fields of metadata. |
spec KongCACertificateSpec
|
KongCertificate
KongCertificate is the schema for Certificate API which defines a Kong Certificate.
| Field | Description |
|---|---|
apiVersion string
|
configuration.konghq.com/v1alpha1 |
kind string
|
KongCertificate |
metadata ObjectMeta
|
Refer to Kubernetes API documentation for fields of metadata. |
spec KongCertificateSpec
|
KongCredentialACL
KongCredentialACL is the schema for ACL credentials API which defines a ACL credential for consumers.
| Field | Description |
|---|---|
apiVersion string
|
configuration.konghq.com/v1alpha1 |
kind string
|
KongCredentialACL |
metadata ObjectMeta
|
Refer to Kubernetes API documentation for fields of metadata. |
spec KongCredentialACLSpec
|
Spec contains the ACL credential specification. |
KongCredentialAPIKey
KongCredentialAPIKey is the schema for API key credentials API which defines a API key credential for consumers.
| Field | Description |
|---|---|
apiVersion string
|
configuration.konghq.com/v1alpha1 |
kind string
|
KongCredentialAPIKey |
metadata ObjectMeta
|
Refer to Kubernetes API documentation for fields of metadata. |
spec KongCredentialAPIKeySpec
|
Spec contains the API Key credential specification. |
KongCredentialBasicAuth
KongCredentialBasicAuth is the schema for BasicAuth credentials API which defines a BasicAuth credential for consumers.
| Field | Description |
|---|---|
apiVersion string
|
configuration.konghq.com/v1alpha1 |
kind string
|
KongCredentialBasicAuth |
metadata ObjectMeta
|
Refer to Kubernetes API documentation for fields of metadata. |
spec KongCredentialBasicAuthSpec
|
Spec contains the BasicAuth credential specification. |
KongCredentialHMAC
KongCredentialHMAC is the schema for HMAC credentials API which defines a HMAC credential for consumers.
| Field | Description |
|---|---|
apiVersion string
|
configuration.konghq.com/v1alpha1 |
kind string
|
KongCredentialHMAC |
metadata ObjectMeta
|
Refer to Kubernetes API documentation for fields of metadata. |
spec KongCredentialHMACSpec
|
Spec contains the HMAC credential specification. |
KongCredentialJWT
KongCredentialJWT is the schema for JWT credentials API which defines a JWT credential for consumers.
| Field | Description |
|---|---|
apiVersion string
|
configuration.konghq.com/v1alpha1 |
kind string
|
KongCredentialJWT |
metadata ObjectMeta
|
Refer to Kubernetes API documentation for fields of metadata. |
spec KongCredentialJWTSpec
|
Spec contains the JWT credential specification. |
KongCustomEntity
KongCustomEntity defines a “custom” Kong entity that KIC cannot support the entity type directly.
| Field | Description |
|---|---|
apiVersion string
|
configuration.konghq.com/v1alpha1 |
kind string
|
KongCustomEntity |
metadata ObjectMeta
|
Refer to Kubernetes API documentation for fields of metadata. |
spec KongCustomEntitySpec
|
KongDataPlaneClientCertificate
KongDataPlaneClientCertificate is the schema for KongDataPlaneClientCertificate API which defines a KongDataPlaneClientCertificate entity.
| Field | Description |
|---|---|
apiVersion string
|
configuration.konghq.com/v1alpha1 |
kind string
|
KongDataPlaneClientCertificate |
metadata ObjectMeta
|
Refer to Kubernetes API documentation for fields of metadata. |
spec KongDataPlaneClientCertificateSpec
|
KongKey
KongKey is the schema for KongKey API which defines a KongKey entity.
| Field | Description |
|---|---|
apiVersion string
|
configuration.konghq.com/v1alpha1 |
kind string
|
KongKey |
metadata ObjectMeta
|
Refer to Kubernetes API documentation for fields of metadata. |
spec KongKeySpec
|
KongKeySet
KongKeySet is the schema for KongKeySet API which defines a KongKeySet entity.
| Field | Description |
|---|---|
apiVersion string
|
configuration.konghq.com/v1alpha1 |
kind string
|
KongKeySet |
metadata ObjectMeta
|
Refer to Kubernetes API documentation for fields of metadata. |
spec KongKeySetSpec
|
KongLicense
KongLicense stores a Kong enterprise license to apply to managed Kong gateway instances.
| Field | Description |
|---|---|
apiVersion string
|
configuration.konghq.com/v1alpha1 |
kind string
|
KongLicense |
metadata ObjectMeta
|
Refer to Kubernetes API documentation for fields of metadata. |
rawLicenseString string
|
RawLicenseString is a string with the raw content of the license. |
enabled boolean
|
Enabled is set to true to let controllers (like KIC or KGO) to reconcile it. Default value is true to apply the license by default. |
KongPluginBinding
KongPluginBinding is the schema for Plugin Bindings API which defines a Kong Plugin Binding.
| Field | Description |
|---|---|
apiVersion string
|
configuration.konghq.com/v1alpha1 |
kind string
|
KongPluginBinding |
metadata ObjectMeta
|
Refer to Kubernetes API documentation for fields of metadata. |
spec KongPluginBindingSpec
|
KongRoute
KongRoute is the schema for Routes API which defines a Kong Route.
| Field | Description |
|---|---|
apiVersion string
|
configuration.konghq.com/v1alpha1 |
kind string
|
KongRoute |
metadata ObjectMeta
|
Refer to Kubernetes API documentation for fields of metadata. |
spec KongRouteSpec
|
KongSNI
KongSNI is the schema for SNI API which defines a Kong SNI.
| Field | Description |
|---|---|
apiVersion string
|
configuration.konghq.com/v1alpha1 |
kind string
|
KongSNI |
metadata ObjectMeta
|
Refer to Kubernetes API documentation for fields of metadata. |
spec KongSNISpec
|
KongService
KongService is the schema for Services API which defines a Kong Service.
| Field | Description |
|---|---|
apiVersion string
|
configuration.konghq.com/v1alpha1 |
kind string
|
KongService |
metadata ObjectMeta
|
Refer to Kubernetes API documentation for fields of metadata. |
spec KongServiceSpec
|
KongTarget
KongTarget is the schema for Target API which defines a Kong Target attached to a Kong Upstream.
| Field | Description |
|---|---|
apiVersion string
|
configuration.konghq.com/v1alpha1 |
kind string
|
KongTarget |
metadata ObjectMeta
|
Refer to Kubernetes API documentation for fields of metadata. |
spec KongTargetSpec
|
KongUpstream
KongUpstream is the schema for Upstream API which defines a Kong Upstream.
| Field | Description |
|---|---|
apiVersion string
|
configuration.konghq.com/v1alpha1 |
kind string
|
KongUpstream |
metadata ObjectMeta
|
Refer to Kubernetes API documentation for fields of metadata. |
spec KongUpstreamSpec
|
KongVault
KongVault is the schema for kongvaults API which defines a custom Kong vault. A Kong vault is a storage to store sensitive data, where the values can be referenced in configuration of plugins. See: https://docs.konghq.com/gateway/latest/kong-enterprise/secrets-management/
| Field | Description |
|---|---|
apiVersion string
|
configuration.konghq.com/v1alpha1 |
kind string
|
KongVault |
metadata ObjectMeta
|
Refer to Kubernetes API documentation for fields of metadata. |
spec KongVaultSpec
|
Types
In this section you will find types that the CRDs rely on.
ControlPlaneRef
Underlying type: [ControlPlaneRef](#controlplaneref)
ControlPlaneRef is the schema for the ControlPlaneRef type. It is used to reference a Control Plane entity.
| Field | Description |
|---|---|
type string
|
Type indicates the type of the control plane being referenced. Allowed values: - konnectID - konnectNamespacedRef - kic The default is kic, which implies that the Control Plane is KIC. |
konnectID KonnectIDType
|
KonnectID is the schema for the KonnectID type. This field is required when the Type is konnectID. |
konnectNamespacedRef KonnectNamespacedRef
|
KonnectNamespacedRef is a reference to a Konnect Control Plane entity inside the cluster. It contains the name of the Konnect Control Plane. This field is required when the Type is konnectNamespacedRef. |
Appears in:
ControllerReference
ControllerReference is a reference to a controller that reconciles the KongLicense.
| Field | Description |
|---|---|
group Group
|
Group is the group of referent. It should be empty if the referent is in “core” group (like pod). |
kind Kind
|
Kind is the kind of the referent. By default the nil kind means kind Pod. |
namespace Namespace
|
Namespace is the namespace of the referent. It should be empty if the referent is cluster scoped. |
name ObjectName
|
Name is the name of the referent. |
Appears in:
Group
Underlying type: string
Group refers to a Kubernetes Group. It must either be an empty string or a RFC 1123 subdomain.
Appears in:
IngressClassParametersSpec
IngressClassParametersSpec defines the desired state of IngressClassParameters.
| Field | Description |
|---|---|
serviceUpstream boolean
|
Offload load-balancing to kube-proxy or sidecar. |
enableLegacyRegexDetection boolean
|
EnableLegacyRegexDetection automatically detects if ImplementationSpecific Ingress paths are regular expression paths using the legacy 2.x heuristic. The controller adds the “~” prefix to those paths if the Kong version is 3.0 or higher. |
Appears in:
KeySetRef
KeySetRef is the schema for the KeySetRef type. It is used to reference a KeySet entity.
| Field | Description |
|---|---|
type KeySetRefType
|
Type defines type of the KeySet object reference. It can be one of: - konnectID - namespacedRef |
konnectID string
|
KonnectID is the schema for the KonnectID type. This field is required when the Type is konnectID. |
namespacedRef NameRef
|
NamespacedRef is a reference to a KeySet entity inside the cluster. This field is required when the Type is namespacedRef. |
Appears in:
KeySetRefType
Underlying type: string
KeySetRefType is the enum type for the KeySetRef.
Appears in:
Kind
Underlying type: string
Kind refers to a Kubernetes kind.
Appears in:
KongCACertificateAPISpec
KongCACertificateAPISpec contains the API specification for the KongCACertificate.
| Field | Description |
|---|---|
cert string
|
Cert is the PEM-encoded CA certificate. |
tags Tags
|
Tags is an optional set of tags applied to the certificate. |
Appears in:
KongCACertificateSpec
KongCACertificateSpec contains the specification for the KongCACertificate.
| Field | Description |
|---|---|
controlPlaneRef ControlPlaneRef
|
ControlPlaneRef references the Konnect Control Plane that this KongCACertificate should be created in. |
cert string
|
Cert is the PEM-encoded CA certificate. |
tags Tags
|
Tags is an optional set of tags applied to the certificate. |
Appears in:
KongCertificateAPISpec
KongCertificateAPISpec contains the API specification for the KongCertificate.
| Field | Description |
|---|---|
cert string
|
Cert is the PEM-encoded certificate. |
cert_alt string
|
CertAlt is the PEM-encoded certificate. This should only be set if you have both RSA and ECDSA types of certificate available and would like Kong to prefer serving using ECDSA certs when client advertises support for it. |
key string
|
Key is the PEM-encoded private key. |
key_alt string
|
KeyAlt is the PEM-encoded private key. This should only be set if you have both RSA and ECDSA types of certificate available and would like Kong to prefer serving using ECDSA certs when client advertises support for it. |
tags Tags
|
Tags is an optional set of tags applied to the certificate. |
Appears in:
KongCertificateSpec
KongCertificateSpec contains the specification for the KongCertificate.
| Field | Description |
|---|---|
controlPlaneRef ControlPlaneRef
|
ControlPlaneRef references the Konnect Control Plane that this KongCertificate should be created in. |
cert string
|
Cert is the PEM-encoded certificate. |
cert_alt string
|
CertAlt is the PEM-encoded certificate. This should only be set if you have both RSA and ECDSA types of certificate available and would like Kong to prefer serving using ECDSA certs when client advertises support for it. |
key string
|
Key is the PEM-encoded private key. |
key_alt string
|
KeyAlt is the PEM-encoded private key. This should only be set if you have both RSA and ECDSA types of certificate available and would like Kong to prefer serving using ECDSA certs when client advertises support for it. |
tags Tags
|
Tags is an optional set of tags applied to the certificate. |
Appears in:
KongCredentialACLAPISpec
KongCredentialACLAPISpec defines specification of an ACL credential.
| Field | Description |
|---|---|
group string
|
Group is the name for the ACL credential. |
tags Tags
|
Tags is a list of tags for the ACL credential. |
Appears in:
KongCredentialACLSpec
KongCredentialACLSpec defines specification of Kong ACL.
| Field | Description |
|---|---|
consumerRef LocalObjectReference
|
ConsumerRef is a reference to a Consumer this KongCredentialACL is associated with. |
group string
|
Group is the name for the ACL credential. |
tags Tags
|
Tags is a list of tags for the ACL credential. |
Appears in:
KongCredentialAPIKeyAPISpec
KongCredentialAPIKeyAPISpec defines specification of an API Key credential.
| Field | Description |
|---|---|
key string
|
Key is the key for the API Key credential. |
tags Tags
|
Tags is a list of tags for the API Key credential. |
Appears in:
KongCredentialAPIKeySpec
KongCredentialAPIKeySpec defines specification of a Kong Route.
| Field | Description |
|---|---|
consumerRef LocalObjectReference
|
ConsumerRef is a reference to a Consumer this KongCredentialAPIKey is associated with. |
key string
|
Key is the key for the API Key credential. |
tags Tags
|
Tags is a list of tags for the API Key credential. |
Appears in:
KongCredentialBasicAuthAPISpec
KongCredentialBasicAuthAPISpec defines specification of a BasicAuth credential.
| Field | Description |
|---|---|
password string
|
Password is the password for the BasicAuth credential. |
tags Tags
|
Tags is a list of tags for the BasicAuth credential. |
username string
|
Username is the username for the BasicAuth credential. |
Appears in:
KongCredentialBasicAuthSpec
KongCredentialBasicAuthSpec defines specification of a Kong Route.
| Field | Description |
|---|---|
consumerRef LocalObjectReference
|
ConsumerRef is a reference to a Consumer this CredentialBasicAuth is associated with. |
password string
|
Password is the password for the BasicAuth credential. |
tags Tags
|
Tags is a list of tags for the BasicAuth credential. |
username string
|
Username is the username for the BasicAuth credential. |
Appears in:
KongCredentialHMACAPISpec
KongCredentialHMACAPISpec defines specification of an HMAC credential.
| Field | Description |
|---|---|
id string
|
ID is the unique identifier for the HMAC credential. |
secret string
|
Secret is the secret for the HMAC credential. |
tags Tags
|
Tags is a list of tags for the HMAC credential. |
username string
|
Username is the username for the HMAC credential. |
Appears in:
KongCredentialHMACSpec
KongCredentialHMACSpec defines specification of a Kong Route.
| Field | Description |
|---|---|
consumerRef LocalObjectReference
|
ConsumerRef is a reference to a Consumer this KongCredentialHMAC is associated with. |
id string
|
ID is the unique identifier for the HMAC credential. |
secret string
|
Secret is the secret for the HMAC credential. |
tags Tags
|
Tags is a list of tags for the HMAC credential. |
username string
|
Username is the username for the HMAC credential. |
Appears in:
KongCredentialJWTAPISpec
KongCredentialJWTAPISpec defines specification of an JWT credential.
| Field | Description |
|---|---|
algorithm string
|
Algorithm is the algorithm used to sign the JWT token. |
id string
|
ID is the unique identifier for the JWT credential. |
key string
|
Key is the key for the JWT credential. |
rsa_public_key string
|
RSA PublicKey is the RSA public key for the JWT credential. |
secret string
|
Secret is the secret for the JWT credential. |
tags Tags
|
Tags is a list of tags for the JWT credential. |
Appears in:
KongCredentialJWTSpec
KongCredentialJWTSpec defines specification of a Kong Route.
| Field | Description |
|---|---|
consumerRef LocalObjectReference
|
ConsumerRef is a reference to a Consumer this KongCredentialJWT is associated with. |
algorithm string
|
Algorithm is the algorithm used to sign the JWT token. |
id string
|
ID is the unique identifier for the JWT credential. |
key string
|
Key is the key for the JWT credential. |
rsa_public_key string
|
RSA PublicKey is the RSA public key for the JWT credential. |
secret string
|
Secret is the secret for the JWT credential. |
tags Tags
|
Tags is a list of tags for the JWT credential. |
Appears in:
KongCustomEntitySpec
KongCustomEntitySpec defines the specification of the KongCustomEntity.
| Field | Description |
|---|---|
type string
|
EntityType is the type of the Kong entity. The type is used in generating declarative configuration. |
fields JSON
|
Fields defines the fields of the Kong entity itself. |
controllerName string
|
ControllerName specifies the controller that should reconcile it, like ingress class. |
parentRef ObjectReference
|
ParentRef references the kubernetes resource it attached to when its scope is “attached”. Currently only KongPlugin/KongClusterPlugin allowed. This will make the custom entity to be attached to the entity(service/route/consumer) where the plugin is attached. |
Appears in:
KongDataPlaneClientCertificateAPISpec
KongDataPlaneClientCertificateAPISpec defines the attributes of a Kong DP certificate.
| Field | Description |
|---|---|
cert string
|
Cert is the certificate in PEM format. Once the certificate gets programmed this field becomes immutable. |
Appears in:
KongDataPlaneClientCertificateSpec
KongDataPlaneClientCertificateSpec defines the spec for a KongDataPlaneClientCertificate.
| Field | Description |
|---|---|
controlPlaneRef ControlPlaneRef
|
ControlPlaneRef is a reference to a Konnect ControlPlane this KongDataPlaneClientCertificate is associated with. |
cert string
|
Cert is the certificate in PEM format. Once the certificate gets programmed this field becomes immutable. |
Appears in:
KongKeyAPISpec
KongKeyAPISpec defines the attributes of a Kong Key.
| Field | Description |
|---|---|
kid string
|
KID is a unique identifier for a key. When JWK is provided, KID has to match the KID in the JWK. |
name string
|
Name is an optional name to associate with the given key. |
jwk string
|
JWK is a JSON Web Key represented as a string. The JWK must contain a KID field that matches the KID in the KongKey. Either JWK or PEM must be set. |
pem PEMKeyPair
|
PEM is a keypair in PEM format. Either JWK or PEM must be set. |
tags Tags
|
Tags is an optional set of strings associated with the Key for grouping and filtering. |
Appears in:
KongKeySetAPISpec
KongKeySetAPISpec defines the attributes of a Kong KeySet.
| Field | Description |
|---|---|
name string
|
Name is a name of the KeySet. |
tags Tags
|
Tags is an optional set of strings associated with the KeySet for grouping and filtering. |
Appears in:
KongKeySetSpec
KongKeySetSpec defines the spec for a KongKeySet.
| Field | Description |
|---|---|
controlPlaneRef ControlPlaneRef
|
ControlPlaneRef is a reference to a Konnect ControlPlane with which KongKeySet is associated. |
name string
|
Name is a name of the KeySet. |
tags Tags
|
Tags is an optional set of strings associated with the KeySet for grouping and filtering. |
Appears in:
KongKeySpec
KongKeySpec defines the spec for a KongKey.
| Field | Description |
|---|---|
controlPlaneRef ControlPlaneRef
|
ControlPlaneRef is a reference to a Konnect ControlPlane this KongKey is associated with. |
keySetRef KeySetRef
|
KeySetRef is a reference to a KongKeySet this KongKey is attached to. ControlPlane referenced by a KongKeySet must be the same as the ControlPlane referenced by the KongKey. |
kid string
|
KID is a unique identifier for a key. When JWK is provided, KID has to match the KID in the JWK. |
name string
|
Name is an optional name to associate with the given key. |
jwk string
|
JWK is a JSON Web Key represented as a string. The JWK must contain a KID field that matches the KID in the KongKey. Either JWK or PEM must be set. |
pem PEMKeyPair
|
PEM is a keypair in PEM format. Either JWK or PEM must be set. |
tags Tags
|
Tags is an optional set of strings associated with the Key for grouping and filtering. |
Appears in:
KongLicenseControllerStatus
KongLicenseControllerStatus is the status of owning KongLicense being processed identified by the controllerName field.
| Field | Description |
|---|---|
controllerName string
|
ControllerName is an identifier of the controller to reconcile this KongLicense. Should be unique in the list of controller statuses. |
controllerRef ControllerReference
|
ControllerRef is the reference of the controller to reconcile this KongLicense. It is usually the name of (KIC/KGO) pod that reconciles it. |
conditions Condition array
|
Conditions describe the current conditions of the KongLicense on the controller. |
Appears in:
KongPluginBindingScope
Underlying type: string
KongPluginBindingScope defines the scope of the plugin binding. Allowed values are:
- OnlyTargets
- GlobalInControlPlane
Appears in:
KongPluginBindingSpec
KongPluginBindingSpec defines specification of a KongPluginBinding.
| Field | Description |
|---|---|
pluginRef PluginRef
|
PluginReference is a reference to the KongPlugin or KongClusterPlugin resource. |
targets KongPluginBindingTargets
|
Targets contains the targets references. It is possible to set multiple combinations of references, as described in https://docs.konghq.com/gateway/latest/key-concepts/plugins/#precedence The complete set of allowed combinations and their order of precedence for plugins configured to multiple entities is: 1. Consumer + route + service 2. Consumer group + service + route 3. Consumer + route 4. Consumer + service 5. Consumer group + route 6. Consumer group + service 7. Route + service 8. Consumer 9. Consumer group 10. Route 11. Service |
controlPlaneRef ControlPlaneRef
|
ControlPlaneRef is a reference to a ControlPlane this KongPluginBinding is associated with. |
scope KongPluginBindingScope
|
Scope defines the scope of the plugin binding. |
Appears in:
KongPluginBindingTargets
KongPluginBindingTargets contains the targets references.
| Field | Description |
|---|---|
routeRef TargetRefWithGroupKind
|
RouteReference can be used to reference one of the following resouces: - networking.k8s.io/Ingress - gateway.networking.k8s.io/HTTPRoute - gateway.networking.k8s.io/GRPCRoute - configuration.konghq.com/KongRoute |
serviceRef TargetRefWithGroupKind
|
ServiceReference can be used to reference one of the following resouces: - core/Service or /Service - configuration.konghq.com/KongService |
consumerRef TargetRef
|
ConsumerReference is used to reference a configuration.konghq.com/Consumer resource. The group/kind is fixed, therefore the reference is performed only by name. |
consumerGroupRef TargetRef
|
ConsumerGroupReference is used to reference a configuration.konghq.com/ConsumerGroup resource. The group/kind is fixed, therefore the reference is performed only by name. |
Appears in:
KongRouteAPISpec
KongRouteAPISpec represents the configuration of a Route in Kong as defined by the Konnect API.
These fields are mostly copied from sdk-konnect-go but some modifications have been made
to make the code generation required for Kubernetes CRDs work.
| Field | Description |
|---|---|
destinations Destinations array
|
A list of IP destinations of incoming connections that match this Route when using stream routing. Each entry is an object with fields “ip” (optionally in CIDR range notation) and/or “port”. |
headers object (keys:string, values:string array)
|
One or more lists of values indexed by header name that will cause this Route to match if present in the request. The Host header cannot be used with this attribute: hosts should be specified using the hosts attribute. When headers contains only one value and that value starts with the special prefix ~*, the value is interpreted as a regular expression. |
hosts string array
|
A list of domain names that match this Route. Note that the hosts value is case sensitive. |
https_redirect_status_code HTTPSRedirectStatusCode
|
The status code Kong responds with when all properties of a Route match except the protocol i.e. if the protocol of the request is HTTP instead of HTTPS. Location header is injected by Kong if the field is set to 301, 302, 307 or 308. Note: This config applies only if the Route is configured to only accept the https protocol. |
methods string array
|
A list of HTTP methods that match this Route. |
name string
|
The name of the Route. Route names must be unique, and they are case sensitive. For example, there can be two different Routes named “test” and “Test”. |
path_handling PathHandling
|
Controls how the Service path, Route path and requested path are combined when sending a request to the upstream. See above for a detailed description of each behavior. |
paths string array
|
A list of paths that match this Route. |
preserve_host boolean
|
When matching a Route via one of the hosts domain names, use the request Host header in the upstream request headers. If set to false, the upstream Host header will be that of the Service’s host. |
protocols RouteJSONProtocols array
|
An array of the protocols this Route should allow. See KongRoute for a list of accepted protocols. When set to only "https", HTTP requests are answered with an upgrade error. When set to only "http", HTTPS requests are answered with an error. |
regex_priority integer
|
A number used to choose which route resolves a given request when several routes match it using regexes simultaneously. When two routes match the path and have the same regex_priority, the older one (lowest created_at) is used. Note that the priority for non-regex routes is different (longer non-regex routes are matched before shorter ones). |
request_buffering boolean
|
Whether to enable request body buffering or not. With HTTP 1.1, it may make sense to turn this off on services that receive data with chunked transfer encoding. |
response_buffering boolean
|
Whether to enable response body buffering or not. With HTTP 1.1, it may make sense to turn this off on services that send data with chunked transfer encoding. |
snis string array
|
A list of SNIs that match this Route when using stream routing. |
sources Sources array
|
A list of IP sources of incoming connections that match this Route when using stream routing. Each entry is an object with fields “ip” (optionally in CIDR range notation) and/or “port”. |
strip_path boolean
|
When matching a Route via one of the paths, strip the matching prefix from the upstream request URL. |
tags Tags
|
An optional set of strings associated with the Route for grouping and filtering. |
Appears in:
KongRouteSpec
KongRouteSpec defines spec of a Kong Route.
| Field | Description |
|---|---|
controlPlaneRef ControlPlaneRef
|
ControlPlaneRef is a reference to a ControlPlane this KongRoute is associated with. Route can either specify a ControlPlaneRef and be ‘serviceless’ route or specify a ServiceRef and be associated with a Service. |
serviceRef ServiceRef
|
ServiceRef is a reference to a Service this KongRoute is associated with. Route can either specify a ControlPlaneRef and be ‘serviceless’ route or specify a ServiceRef and be associated with a Service. |
destinations Destinations array
|
A list of IP destinations of incoming connections that match this Route when using stream routing. Each entry is an object with fields “ip” (optionally in CIDR range notation) and/or “port”. |
headers object (keys:string, values:string array)
|
One or more lists of values indexed by header name that will cause this Route to match if present in the request. The Host header cannot be used with this attribute: hosts should be specified using the hosts attribute. When headers contains only one value and that value starts with the special prefix ~*, the value is interpreted as a regular expression. |
hosts string array
|
A list of domain names that match this Route. Note that the hosts value is case sensitive. |
https_redirect_status_code HTTPSRedirectStatusCode
|
The status code Kong responds with when all properties of a Route match except the protocol i.e. if the protocol of the request is HTTP instead of HTTPS. Location header is injected by Kong if the field is set to 301, 302, 307 or 308. Note: This config applies only if the Route is configured to only accept the https protocol. |
methods string array
|
A list of HTTP methods that match this Route. |
name string
|
The name of the Route. Route names must be unique, and they are case sensitive. For example, there can be two different Routes named “test” and “Test”. |
path_handling PathHandling
|
Controls how the Service path, Route path and requested path are combined when sending a request to the upstream. See above for a detailed description of each behavior. |
paths string array
|
A list of paths that match this Route. |
preserve_host boolean
|
When matching a Route via one of the hosts domain names, use the request Host header in the upstream request headers. If set to false, the upstream Host header will be that of the Service’s host. |
protocols RouteJSONProtocols array
|
An array of the protocols this Route should allow. See KongRoute for a list of accepted protocols. When set to only "https", HTTP requests are answered with an upgrade error. When set to only "http", HTTPS requests are answered with an error. |
regex_priority integer
|
A number used to choose which route resolves a given request when several routes match it using regexes simultaneously. When two routes match the path and have the same regex_priority, the older one (lowest created_at) is used. Note that the priority for non-regex routes is different (longer non-regex routes are matched before shorter ones). |
request_buffering boolean
|
Whether to enable request body buffering or not. With HTTP 1.1, it may make sense to turn this off on services that receive data with chunked transfer encoding. |
response_buffering boolean
|
Whether to enable response body buffering or not. With HTTP 1.1, it may make sense to turn this off on services that send data with chunked transfer encoding. |
snis string array
|
A list of SNIs that match this Route when using stream routing. |
sources Sources array
|
A list of IP sources of incoming connections that match this Route when using stream routing. Each entry is an object with fields “ip” (optionally in CIDR range notation) and/or “port”. |
strip_path boolean
|
When matching a Route via one of the paths, strip the matching prefix from the upstream request URL. |
tags Tags
|
An optional set of strings associated with the Route for grouping and filtering. |
Appears in:
KongSNIAPISpec
KongSNIAPISpec defines the spec of an SNI.
| Field | Description |
|---|---|
name string
|
Name is the name of the SNI. Required and must be a host or wildcard host. |
tags Tags
|
Tags is an optional set of strings associated with the SNI for grouping and filtering. |
Appears in:
KongSNISpec
KongSNISpec defines specification of a Kong SNI.
| Field | Description |
|---|---|
certificateRef NameRef
|
CertificateRef is the reference to the certificate to which the KongSNI is attached. |
name string
|
Name is the name of the SNI. Required and must be a host or wildcard host. |
tags Tags
|
Tags is an optional set of strings associated with the SNI for grouping and filtering. |
Appears in:
KongServiceAPISpec
KongServiceAPISpec defines the specification of a Kong Service.
| Field | Description |
|---|---|
url string
|
Helper field to set protocol, host, port and path using a URL. This field is write-only and is not returned in responses. |
connect_timeout integer
|
The timeout in milliseconds for establishing a connection to the upstream server. |
enabled boolean
|
Whether the Service is active. If set to false, the proxy behavior will be as if any routes attached to it do not exist (404). Default: true. |
host string
|
The host of the upstream server. Note that the host value is case sensitive. |
name string
|
The Service name. |
path string
|
The path to be used in requests to the upstream server. |
port integer
|
The upstream server port. |
protocol Protocol
|
The protocol used to communicate with the upstream. |
read_timeout integer
|
The timeout in milliseconds between two successive read operations for transmitting a request to the upstream server. |
retries integer
|
The number of retries to execute upon failure to proxy. |
tags Tags
|
An optional set of strings associated with the Service for grouping and filtering. |
tls_verify boolean
|
Whether to enable verification of upstream server TLS certificate. If set to null, then the Nginx default is respected. |
tls_verify_depth integer
|
Maximum depth of chain while verifying Upstream server’s TLS certificate. If set to null, then the Nginx default is respected. |
write_timeout integer
|
The timeout in milliseconds between two successive write operations for transmitting a request to the upstream server. |
Appears in:
KongServiceSpec
KongServiceSpec defines specification of a Kong Service.
| Field | Description |
|---|---|
controlPlaneRef ControlPlaneRef
|
ControlPlaneRef is a reference to a ControlPlane this KongService is associated with. |
url string
|
Helper field to set protocol, host, port and path using a URL. This field is write-only and is not returned in responses. |
connect_timeout integer
|
The timeout in milliseconds for establishing a connection to the upstream server. |
enabled boolean
|
Whether the Service is active. If set to false, the proxy behavior will be as if any routes attached to it do not exist (404). Default: true. |
host string
|
The host of the upstream server. Note that the host value is case sensitive. |
name string
|
The Service name. |
path string
|
The path to be used in requests to the upstream server. |
port integer
|
The upstream server port. |
protocol Protocol
|
The protocol used to communicate with the upstream. |
read_timeout integer
|
The timeout in milliseconds between two successive read operations for transmitting a request to the upstream server. |
retries integer
|
The number of retries to execute upon failure to proxy. |
tags Tags
|
An optional set of strings associated with the Service for grouping and filtering. |
tls_verify boolean
|
Whether to enable verification of upstream server TLS certificate. If set to null, then the Nginx default is respected. |
tls_verify_depth integer
|
Maximum depth of chain while verifying Upstream server’s TLS certificate. If set to null, then the Nginx default is respected. |
write_timeout integer
|
The timeout in milliseconds between two successive write operations for transmitting a request to the upstream server. |
Appears in:
KongTargetAPISpec
KongTargetAPISpec are the attributes of the Kong Target itself.
| Field | Description |
|---|---|
target string
|
Target is the target address of the upstream. |
weight integer
|
Weight is the weight this target gets within the upstream loadbalancer. |
tags Tags
|
Tags is an optional set of strings associated with the Target for grouping and filtering. |
Appears in:
KongTargetSpec
KongTargetSpec defines the spec of KongTarget.
| Field | Description |
|---|---|
upstreamRef NameRef
|
UpstreamRef is a reference to a KongUpstream this KongTarget is attached to. |
target string
|
Target is the target address of the upstream. |
weight integer
|
Weight is the weight this target gets within the upstream loadbalancer. |
tags Tags
|
Tags is an optional set of strings associated with the Target for grouping and filtering. |
Appears in:
KongUpstreamAPISpec
KongUpstreamAPISpec defines specification of a Kong Upstream.
| Field | Description |
|---|---|
algorithm UpstreamAlgorithm
|
Which load balancing algorithm to use. |
client_certificate UpstreamClientCertificate
|
If set, the certificate to be used as client certificate while TLS handshaking to the upstream server. |
hash_fallback HashFallback
|
What to use as hashing input if the primary hash_on does not return a hash (eg. header is missing, or no Consumer identified). Not available if hash_on is set to cookie. |
hash_fallback_header string
|
The header name to take the value from as hash input. Only required when hash_fallback is set to header. |
hash_fallback_query_arg string
|
The name of the query string argument to take the value from as hash input. Only required when hash_fallback is set to query_arg. |
hash_fallback_uri_capture string
|
The name of the route URI capture to take the value from as hash input. Only required when hash_fallback is set to uri_capture. |
hash_on HashOn
|
What to use as hashing input. Using none results in a weighted-round-robin scheme with no hashing. |
hash_on_cookie string
|
The cookie name to take the value from as hash input. Only required when hash_on or hash_fallback is set to cookie. If the specified cookie is not in the request, Kong will generate a value and set the cookie in the response. |
hash_on_cookie_path string
|
The cookie path to set in the response headers. Only required when hash_on or hash_fallback is set to cookie. |
hash_on_header string
|
The header name to take the value from as hash input. Only required when hash_on is set to header. |
hash_on_query_arg string
|
The name of the query string argument to take the value from as hash input. Only required when hash_on is set to query_arg. |
hash_on_uri_capture string
|
The name of the route URI capture to take the value from as hash input. Only required when hash_on is set to uri_capture. |
healthchecks Healthchecks
|
|
host_header string
|
The hostname to be used as Host header when proxying requests through Kong. |
name string
|
This is a hostname, which must be equal to the host of a Service. |
slots integer
|
The number of slots in the load balancer algorithm. If algorithm is set to round-robin, this setting determines the maximum number of slots. If algorithm is set to consistent-hashing, this setting determines the actual number of slots in the algorithm. Accepts an integer in the range 10-65536. |
tags Tags
|
An optional set of strings associated with the Upstream for grouping and filtering. |
use_srv_name boolean
|
If set, the balancer will use SRV hostname(if DNS Answer has SRV record) as the proxy upstream Host. |
Appears in:
KongUpstreamSpec
KongUpstreamSpec defines the spec of Kong Upstream.
| Field | Description |
|---|---|
controlPlaneRef ControlPlaneRef
|
ControlPlaneRef is a reference to a ControlPlane this KongUpstream is associated with. |
algorithm UpstreamAlgorithm
|
Which load balancing algorithm to use. |
client_certificate UpstreamClientCertificate
|
If set, the certificate to be used as client certificate while TLS handshaking to the upstream server. |
hash_fallback HashFallback
|
What to use as hashing input if the primary hash_on does not return a hash (eg. header is missing, or no Consumer identified). Not available if hash_on is set to cookie. |
hash_fallback_header string
|
The header name to take the value from as hash input. Only required when hash_fallback is set to header. |
hash_fallback_query_arg string
|
The name of the query string argument to take the value from as hash input. Only required when hash_fallback is set to query_arg. |
hash_fallback_uri_capture string
|
The name of the route URI capture to take the value from as hash input. Only required when hash_fallback is set to uri_capture. |
hash_on HashOn
|
What to use as hashing input. Using none results in a weighted-round-robin scheme with no hashing. |
hash_on_cookie string
|
The cookie name to take the value from as hash input. Only required when hash_on or hash_fallback is set to cookie. If the specified cookie is not in the request, Kong will generate a value and set the cookie in the response. |
hash_on_cookie_path string
|
The cookie path to set in the response headers. Only required when hash_on or hash_fallback is set to cookie. |
hash_on_header string
|
The header name to take the value from as hash input. Only required when hash_on is set to header. |
hash_on_query_arg string
|
The name of the query string argument to take the value from as hash input. Only required when hash_on is set to query_arg. |
hash_on_uri_capture string
|
The name of the route URI capture to take the value from as hash input. Only required when hash_on is set to uri_capture. |
healthchecks Healthchecks
|
|
host_header string
|
The hostname to be used as Host header when proxying requests through Kong. |
name string
|
This is a hostname, which must be equal to the host of a Service. |
slots integer
|
The number of slots in the load balancer algorithm. If algorithm is set to round-robin, this setting determines the maximum number of slots. If algorithm is set to consistent-hashing, this setting determines the actual number of slots in the algorithm. Accepts an integer in the range 10-65536. |
tags Tags
|
An optional set of strings associated with the Upstream for grouping and filtering. |
use_srv_name boolean
|
If set, the balancer will use SRV hostname(if DNS Answer has SRV record) as the proxy upstream Host. |
Appears in:
KongVaultSpec
KongVaultSpec defines specification of a custom Kong vault.
| Field | Description |
|---|---|
backend string
|
Backend is the type of the backend storing the secrets in the vault. The supported backends of Kong is listed here: https://docs.konghq.com/gateway/latest/kong-enterprise/secrets-management/backends/ |
prefix string
|
Prefix is the prefix of vault URI for referencing values in the vault. It is immutable after created. |
description string
|
Description is the additional information about the vault. |
config JSON
|
Config is the configuration of the vault. Varies for different backends. |
tags Tags
|
Tags are the tags associated to the vault for grouping and filtering. |
controlPlaneRef ControlPlaneRef
|
ControlPlaneRef is a reference to a Konnect ControlPlane this KongVault is associated with. |
Appears in:
KonnectNamespacedRef
KonnectNamespacedRef is the schema for the KonnectNamespacedRef type.
| Field | Description |
|---|---|
name string
|
Name is the name of the Konnect Control Plane. |
namespace string
|
Namespace is the namespace where the Konnect Control Plane is in. Currently only cluster scoped resources (KongVault) are allowed to set konnectNamespacedRef.namespace. |
Appears in:
Namespace
Underlying type: string
Namespace refers to a Kubernetes namespace. It must be a RFC 1123 label.
Appears in:
ObjectName
Underlying type: string
ObjectName refers to the name of a Kubernetes object. Object names can have a variety of forms, including RFC1123 subdomains, RFC 1123 labels, or RFC 1035 labels.
Appears in:
ObjectReference
ObjectReference defines reference of a kubernetes object.
| Field | Description |
|---|---|
group string
|
Group defines the API group of the referred object. |
kind string
|
Kind defines the kind of the referred object. |
namespace string
|
Empty namespace means the same namespace of the owning object. |
name string
|
Name defines the name of the referred object. |
Appears in:
PEMKeyPair
PEMKeyPair defines a keypair in PEM format.
| Field | Description |
|---|---|
private_key string
|
The private key in PEM format. |
public_key string
|
The public key in PEM format. |
Appears in:
PluginRef
PluginRef is a reference to a KongPlugin or KongClusterPlugin resource.
| Field | Description |
|---|---|
name string
|
Name is the name of the KongPlugin or KongClusterPlugin resource. |
kind string
|
Kind can be KongPlugin or KongClusterPlugin. If not set, it is assumed to be KongPlugin. |
Appears in:
ServiceRef
ServiceRef is a reference to a KongService.
| Field | Description |
|---|---|
type string
|
Type can be one of: - namespacedRef |
namespacedRef NameRef
|
NamespacedRef is a reference to a KongService. |
Appears in:
TargetRef
TargetRef is a reference based on the object’s name.
| Field | Description |
|---|---|
name string
|
Name is the name of the entity. |
Appears in:
TargetRefWithGroupKind
TargetRefWithGroupKind is a reference based on the object’s group, kind, and name.
| Field | Description |
|---|---|
name string
|
Name is the name of the entity. |
kind string
|
|
group string
|
Appears in:
configuration.konghq.com/v1beta1
Package v1beta1 contains API Schema definitions for the configuration.konghq.com v1beta1 API group.
- KongConsumerGroup
- KongUpstreamPolicy
- TCPIngress
-
UDPIngress
KongConsumerGroup
KongConsumerGroup is the Schema for the kongconsumergroups API.
KongConsumerGroup resources create consumer group resources.
| Field | Description |
|---|---|
apiVersion string
|
configuration.konghq.com/v1beta1 |
kind string
|
KongConsumerGroup |
metadata ObjectMeta
|
Refer to Kubernetes API documentation for fields of metadata. |
spec KongConsumerGroupSpec
|
KongUpstreamPolicy
KongUpstreamPolicy allows configuring algorithm that should be used for load balancing traffic between Kong
Upstream’s Targets. It also allows configuring health checks for Kong Upstream’s Targets.
Its configuration is similar to Kong Upstream object (https://docs.konghq.com/gateway/latest/admin-api/#upstream-object),
and it is applied to Kong Upstream objects created by the controller.
It can be attached to Services. To attach it to a Service, it has to be annotated with
konghq.com/upstream-policy: <name>, where <name> is the name of the KongUpstreamPolicy
object in the same namespace as the Service.
When attached to a Service, it will affect all Kong Upstreams created for the Service.
When attached to a Service used in a Gateway API Route rule with multiple BackendRefs, all of its Services MUST
be configured with the same KongUpstreamPolicy. Otherwise, the controller will *ignore the KongUpstreamPolicy.
Note: KongUpstreamPolicy doesn’t implement Gateway API’s GEP-713 strictly.
In particular, it doesn’t use the TargetRef for attaching to Services and Gateway API *Routes - annotations are
used instead. This is to allow reusing the same KongUpstreamPolicy for multiple Services and Gateway API *Routes.
See migrate KongIngress to KongUpstreamPolicy and customizing load balancing.
| Field | Description |
|---|---|
apiVersion string
|
configuration.konghq.com/v1beta1 |
kind string
|
KongUpstreamPolicy |
metadata ObjectMeta
|
Refer to Kubernetes API documentation for fields of metadata. |
spec KongUpstreamPolicySpec
|
Spec contains the configuration of the Kong upstream. |
TCPIngress
TCPIngress is the Schema for the tcpingresses API.
The Ingress resource in Kubernetes is HTTP-only. This custom resource is modeled similar to the Ingress resource, but for TCP and TLS SNI based routing purposes.
| Field | Description |
|---|---|
apiVersion string
|
configuration.konghq.com/v1beta1 |
kind string
|
TCPIngress |
metadata ObjectMeta
|
Refer to Kubernetes API documentation for fields of metadata. |
spec TCPIngressSpec
|
Spec is the TCPIngress specification. |
UDPIngress
UDPIngress is the Schema for the udpingresses API.
It makes it possible to route traffic to your UDP services using Kong (for example, DNS or Game Servers). For each rule provided in the spec, the Kong proxy environment must be updated to listen to UDP on that port as well.
| Field | Description |
|---|---|
apiVersion string
|
configuration.konghq.com/v1beta1 |
kind string
|
UDPIngress |
metadata ObjectMeta
|
Refer to Kubernetes API documentation for fields of metadata. |
spec UDPIngressSpec
|
Spec is the UDPIngress specification. |
Types
In this section you will find types that the CRDs rely on.
HTTPStatus
Underlying type: integer
HTTPStatus is an HTTP status code.
Appears in:
HashInput
Underlying type: string
HashInput is the input for consistent-hashing load balancing algorithm. Can be one of: “ip”, “consumer”, “path”.
Appears in:
IngressBackend
IngressBackend describes all endpoints for a given service and port.
| Field | Description |
|---|---|
serviceName string
|
Specifies the name of the referenced service. |
servicePort integer
|
Specifies the port of the referenced service. |
Appears in:
IngressRule
IngressRule represents a rule to apply against incoming requests. Matching is performed based on an (optional) SNI and port.
| Field | Description |
|---|---|
host string
|
Host is the fully qualified domain name of a network host, as defined by RFC 3986. If a Host is not specified, then port-based TCP routing is performed. Kong doesn’t care about the content of the TCP stream in this case. If a Host is specified, the protocol must be TLS over TCP. A plain-text TCP request cannot be routed based on Host. It can only be routed based on Port. |
port integer
|
Port is the port on which to accept TCP or TLS over TCP sessions and route. It is a required field. If a Host is not specified, the requested are routed based only on Port. |
backend IngressBackend
|
Backend defines the referenced service endpoint to which the traffic will be forwarded to. |
Appears in:
IngressTLS
IngressTLS describes the transport layer security.
| Field | Description |
|---|---|
hosts string array
|
Hosts are a list of hosts included in the TLS certificate. The values in this list must match the name/s used in the tlsSecret. Defaults to the wildcard host setting for the loadbalancer controller fulfilling this Ingress, if left unspecified. |
secretName string
|
SecretName is the name of the secret used to terminate SSL traffic. |
Appears in:
KongConsumerGroupSpec
KongConsumerGroupSpec defines the desired state of KongConsumerGroup.
| Field | Description |
|---|---|
name string
|
Name is the name of the ConsumerGroup in Kong. |
controlPlaneRef ControlPlaneRef
|
ControlPlaneRef is a reference to a ControlPlane this ConsumerGroup is associated with. |
tags Tags
|
Tags is an optional set of tags applied to the ConsumerGroup. |
Appears in:
KongUpstreamActiveHealthcheck
KongUpstreamActiveHealthcheck configures active health check probing.
| Field | Description |
|---|---|
type string
|
Type determines whether to perform active health checks using HTTP or HTTPS, or just attempt a TCP connection. Accepted values are “http”, “https”, “tcp”, “grpc”, “grpcs”. |
concurrency integer
|
Concurrency is the number of targets to check concurrently. |
healthy KongUpstreamHealthcheckHealthy
|
Healthy configures thresholds and HTTP status codes to mark targets healthy for an upstream. |
unhealthy KongUpstreamHealthcheckUnhealthy
|
Unhealthy configures thresholds and HTTP status codes to mark targets unhealthy for an upstream. |
httpPath string
|
HTTPPath is the path to use in GET HTTP request to run as a probe. |
httpsSni string
|
HTTPSSNI is the SNI to use in GET HTTPS request to run as a probe. |
httpsVerifyCertificate boolean
|
HTTPSVerifyCertificate is a boolean value that indicates if the certificate should be verified. |
timeout integer
|
Timeout is the probe timeout in seconds. |
headers object (keys:string, values:string array)
|
Headers is a list of HTTP headers to add to the probe request. |
Appears in:
KongUpstreamHash
KongUpstreamHash defines how to calculate hash for consistent-hashing load balancing algorithm. Only one of the fields must be set.
| Field | Description |
|---|---|
input HashInput
|
Input allows using one of the predefined inputs (ip, consumer, path). For other parametrized inputs, use one of the fields below. |
header string
|
Header is the name of the header to use as hash input. |
cookie string
|
Cookie is the name of the cookie to use as hash input. |
cookiePath string
|
CookiePath is cookie path to set in the response headers. |
queryArg string
|
QueryArg is the name of the query argument to use as hash input. |
uriCapture string
|
URICapture is the name of the URI capture group to use as hash input. |
Appears in:
KongUpstreamHealthcheck
KongUpstreamHealthcheck represents a health-check config of an Upstream in Kong.
| Field | Description |
|---|---|
active KongUpstreamActiveHealthcheck
|
Active configures active health check probing. |
passive KongUpstreamPassiveHealthcheck
|
Passive configures passive health check probing. |
threshold integer
|
Threshold is the minimum percentage of the upstream’s targets’ weight that must be available for the whole upstream to be considered healthy. |
Appears in:
KongUpstreamHealthcheckHealthy
KongUpstreamHealthcheckHealthy configures thresholds and HTTP status codes to mark targets healthy for an upstream.
| Field | Description |
|---|---|
httpStatuses HTTPStatus array
|
HTTPStatuses is a list of HTTP status codes that Kong considers a success. |
interval integer
|
Interval is the interval between active health checks for an upstream in seconds when in a healthy state. |
successes integer
|
Successes is the number of successes to consider a target healthy. |
Appears in:
KongUpstreamHealthcheckUnhealthy
KongUpstreamHealthcheckUnhealthy configures thresholds and HTTP status codes to mark targets unhealthy.
| Field | Description |
|---|---|
httpFailures integer
|
HTTPFailures is the number of failures to consider a target unhealthy. |
httpStatuses HTTPStatus array
|
HTTPStatuses is a list of HTTP status codes that Kong considers a failure. |
tcpFailures integer
|
TCPFailures is the number of TCP failures in a row to consider a target unhealthy. |
timeouts integer
|
Timeouts is the number of timeouts in a row to consider a target unhealthy. |
interval integer
|
Interval is the interval between active health checks for an upstream in seconds when in an unhealthy state. |
Appears in:
KongUpstreamPassiveHealthcheck
KongUpstreamPassiveHealthcheck configures passive checks around passive health checks.
| Field | Description |
|---|---|
type string
|
Type determines whether to perform passive health checks interpreting HTTP/HTTPS statuses, or just check for TCP connection success. Accepted values are “http”, “https”, “tcp”, “grpc”, “grpcs”. |
healthy KongUpstreamHealthcheckHealthy
|
Healthy configures thresholds and HTTP status codes to mark targets healthy for an upstream. |
unhealthy KongUpstreamHealthcheckUnhealthy
|
Unhealthy configures thresholds and HTTP status codes to mark targets unhealthy. |
Appears in:
KongUpstreamPolicySpec
KongUpstreamPolicySpec contains the specification for KongUpstreamPolicy.
| Field | Description |
|---|---|
algorithm string
|
Algorithm is the load balancing algorithm to use. Accepted values are: “round-robin”, “consistent-hashing”, “least-connections”, “latency”. |
slots integer
|
Slots is the number of slots in the load balancer algorithm. If not set, the default value in Kong for the algorithm is used. |
hashOn KongUpstreamHash
|
HashOn defines how to calculate hash for consistent-hashing load balancing algorithm. Algorithm must be set to “consistent-hashing” for this field to have effect. |
hashOnFallback KongUpstreamHash
|
HashOnFallback defines how to calculate hash for consistent-hashing load balancing algorithm if the primary hash function fails. Algorithm must be set to “consistent-hashing” for this field to have effect. |
healthchecks KongUpstreamHealthcheck
|
Healthchecks defines the health check configurations in Kong. |
Appears in:
TCPIngressSpec
TCPIngressSpec defines the desired state of TCPIngress.
| Field | Description |
|---|---|
rules IngressRule array
|
A list of rules used to configure the Ingress. |
tls IngressTLS array
|
TLS configuration. This is similar to the tls section in the Ingress resource in networking.v1beta1 group. The mapping of SNIs to TLS cert-key pair defined here will be used for HTTP Ingress rules as well. Once can define the mapping in this resource or the original Ingress resource, both have the same effect. |
Appears in:
UDPIngressRule
UDPIngressRule represents a rule to apply against incoming requests wherein no Host matching is available for request routing, only the port is used to match requests.
| Field | Description |
|---|---|
port integer
|
Port indicates the port for the Kong proxy to accept incoming traffic on, which will then be routed to the service Backend. |
backend IngressBackend
|
Backend defines the Kubernetes service which accepts traffic from the listening Port defined above. |
Appears in:
UDPIngressSpec
UDPIngressSpec defines the desired state of UDPIngress.
| Field | Description |
|---|---|
rules UDPIngressRule array
|
A list of rules used to configure the Ingress. |
Appears in:
gateway-operator.konghq.com/v1alpha1
Package v1alpha1 contains API Schema definitions for the gateway-operator.konghq.com v1alpha1 API group.
Package v1alpha1 contains API Schema definitions for the operator v1alpha1 API group
- AIGateway
- DataPlaneMetricsExtension
- KongPluginInstallation
- KonnectExtension
-
WatchNamespaceGrant
AIGateway
AIGateway is a network Gateway enabling access and management for AI &
Machine Learning models such as Large Language Models (LLM).
The underlying technology for the AIGateway is the Kong Gateway configured
with a variety of plugins which provide the the AI featureset.
This is a list of the plugins, which are available in Kong Gateway v3.6.x+:
- ai-proxy (https://github.com/kong/kong/tree/master/kong/plugins/ai-proxy)
- ai-request-transformer (https://github.com/kong/kong/tree/master/kong/plugins/ai-request-transformer)
- ai-response-transformers (https://github.com/kong/kong/tree/master/kong/plugins/ai-response-transformer)
- ai-prompt-template (https://github.com/kong/kong/tree/master/kong/plugins/ai-prompt-template)
- ai-prompt-guard-plugin (https://github.com/kong/kong/tree/master/kong/plugins/ai-prompt-guard)
- ai-prompt-decorator-plugin (https://github.com/kong/kong/tree/master/kong/plugins/ai-prompt-decorator)
So effectively the AIGateway resource provides a bespoke Gateway resource (which it owns and manages) with the gateway, consumers and plugin configurations automated and configurable via Kubernetes APIs.
The current iteration only supports the proxy itself, but the API is being built with room for future growth in several dimensions. For instance:
- Supporting auxiliary functions (e.g. decorator, guard, templater, token-rate-limit)
- Supporting request/response transformers
- Supporting more than just LLMs (e.g. CCNs, GANs, e.t.c.)
- Supporting more hosting options for LLMs (e.g. self hosted)
- Supporting more AI cloud providers
- Supporting more AI cloud provider features
The validation rules throughout are set up to ensure at least one cloud-provider-based LLM is specified, but in the future when we have more model types and more hosting options for those types so we may want to look into using CEL validation to ensure that at least one model configuration is provided. We may also want to use CEL to validate things like identifier unique-ness, e.t.c.
See: https://kubernetes.io/docs/reference/using-api/cel/
| Field | Description |
|---|---|
apiVersion string
|
gateway-operator.konghq.com/v1alpha1 |
kind string
|
AIGateway |
metadata ObjectMeta
|
Refer to Kubernetes API documentation for fields of metadata. |
spec AIGatewaySpec
|
Spec is the desired state of the AIGateway. |
DataPlaneMetricsExtension
DataPlaneMetricsExtension holds the configuration for the DataPlane metrics extension.
It can be attached to a ControlPlane using its spec.extensions.
When attached it will make the ControlPlane configure its DataPlane with
the specified metrics configuration.
Additionally, it will also make the operator expose DataPlane’s metrics
enriched with metadata required for in-cluster Kubernetes autoscaling.
NOTE: This is an enterprise feature. In order to use it you need to use
the EE version of Kong Gateway Operator with a valid license.
| Field | Description |
|---|---|
apiVersion string
|
gateway-operator.konghq.com/v1alpha1 |
kind string
|
DataPlaneMetricsExtension |
metadata ObjectMeta
|
Refer to Kubernetes API documentation for fields of metadata. |
spec DataPlaneMetricsExtensionSpec
|
KongPluginInstallation
KongPluginInstallation allows using a custom Kong Plugin distributed as a container image available in a registry. Such a plugin can be associated with GatewayConfiguration or DataPlane to be available for particular Kong Gateway and configured with KongPlugin CRD.
| Field | Description |
|---|---|
apiVersion string
|
gateway-operator.konghq.com/v1alpha1 |
kind string
|
KongPluginInstallation |
metadata ObjectMeta
|
Refer to Kubernetes API documentation for fields of metadata. |
spec KongPluginInstallationSpec
|
KonnectExtension
KonnectExtension is the Schema for the KonnectExtension API, and is intended to be referenced as extension by the DataPlane API. If a DataPlane successfully refers a KonnectExtension, the DataPlane deployment spec gets customized to include the konnect-related configuration.
| Field | Description |
|---|---|
apiVersion string
|
gateway-operator.konghq.com/v1alpha1 |
kind string
|
KonnectExtension |
metadata ObjectMeta
|
Refer to Kubernetes API documentation for fields of metadata. |
spec KonnectExtensionSpec
|
Spec is the specification of the KonnectExtension resource. |
WatchNamespaceGrant
WatchNamespaceGrant is a grant that allows a trusted namespace to watch resources in the namespace this grant exists in.
Grant permission to watch a designated namespace.
| Field | Description |
|---|---|
apiVersion string
|
gateway-operator.konghq.com/v1alpha1 |
kind string
|
WatchNamespaceGrant |
metadata ObjectMeta
|
Refer to Kubernetes API documentation for fields of metadata. |
spec WatchNamespaceGrantSpec
|
Spec is the desired state of the WatchNamespaceGrant. |
Types
In this section you will find types that the CRDs rely on.
AICloudProvider
AICloudProvider is the organization that provides API access to Large Language Models (LLMs).
| Field | Description |
|---|---|
name AICloudProviderName
|
Name is the unique name of an LLM provider. |
Appears in:
AICloudProviderAPITokenRef
AICloudProviderAPITokenRef is an reference to another object which contains the API token for an AI cloud provider.
| Field | Description |
|---|---|
name string
|
Name is the name of the reference object. |
namespace string
|
Namespace is the namespace of the reference object. If not specified, it will be assumed to be the same namespace as the object which references it. |
kind string
|
Kind is the API object kind If not specified, it will be assumed to be “Secret”. If a Secret is used as the Kind, the secret must contain a single key-value pair where the value is the secret API token. The key can be named anything, as long as there’s only one entry, but by convention it should be “apiToken”. |
Appears in:
AICloudProviderName
Underlying type: string
AICloudProviderName indicates the unique name of a supported AI cloud provider.
Appears in:
AIGatewayConsumerRef
AIGatewayConsumerRef indicates the Secret resource containing the credentials for the Kong consumer.
| Field | Description |
|---|---|
name string
|
Name is the name of the reference object. |
namespace string
|
Namespace is the namespace of the reference object. |
Appears in:
AIGatewayEndpoint
AIGatewayEndpoint is a network endpoint for accessing an AIGateway.
| Field | Description |
|---|---|
network EndpointNetworkAccessHint
|
NetworkAccessHint is a hint to the user about what kind of network access is expected for the reachability of this endpoint. |
url string
|
URL is the URL to access the endpoint from the network indicated by the NetworkAccessHint. |
models string array
|
AvailableModels is a list of the identifiers of all the AI models that are accessible from this endpoint. |
consumer AIGatewayConsumerRef
|
Consumer is a reference to the Secret that contains the credentials for the Kong consumer that is allowed to access this endpoint. |
conditions Condition array
|
Conditions describe the current conditions of the AIGatewayEndpoint. Known condition types are: - “Provisioning” - “EndpointReady” |
Appears in:
AIGatewaySpec
AIGatewaySpec defines the desired state of an AIGateway.
| Field | Description |
|---|---|
gatewayClassName string
|
GatewayClassName is the name of the GatewayClass which is responsible for the AIGateway. |
largeLanguageModels LargeLanguageModels
|
LargeLanguageModels is a list of Large Language Models (LLMs) to be managed by the AI Gateway. This is a required field because we only support LLMs at the moment. In future iterations we may support other model types. |
cloudProviderCredentials AICloudProviderAPITokenRef
|
CloudProviderCredentials is a reference to an object (e.g. a Kubernetes Secret) which contains the credentials needed to access the APIs of cloud providers. This is the global configuration that will be used by DEFAULT for all model configurations. A secret configured this way MAY include any number of key-value pairs equal to the number of providers you have, but used this way the keys MUST be named according to their providers (e.g. “openai”, “azure”, “cohere”, e.t.c.). For example: apiVersion: v1 kind: Secret metadata: name: devteam-ai-cloud-providers type: Opaque data: openai: ******* azure: ******* cohere: ********* See AICloudProviderName for a list of known and valid cloud providers. Note that the keys are NOT case-sensitive (e.g. “OpenAI”, “openai”, and “openAI” are all valid and considered the same keys) but if there are duplicates endpoints failures conditions will be emitted and endpoints will not be configured until the duplicates are resolved. This is currently considered required, but in future iterations will be optional as we do things like enable configuring credentials at the model level. |
Appears in:
CloudHostedLargeLanguageModel
CloudHostedLargeLanguageModel is the configuration for Large Language Models (LLM) hosted by a known and supported AI cloud provider (e.g. OpenAI, Cohere, Azure, e.t.c.).
| Field | Description |
|---|---|
identifier string
|
Identifier is the unique name which identifies the LLM. This will be used as part of the requests made to an AIGateway endpoint. For instance: if you provided the identifier “devteam-gpt-access”, then you would access this model via “https://${endpoint}/devteam-gpt-access” and supply it with your consumer credentials to authenticate requests. |
model string
|
Model is the model name of the LLM (e.g. gpt-3.5-turbo, phi-2, e.t.c.). If not specified, whatever the cloud provider specifies as the default model will be used. |
promptType LLMPromptType
|
PromptType is the type of prompt to be used for inference requests to the LLM (e.g. “chat”, “completions”). If “chat” is specified, prompts sent by the user will be interactive, contextual and stateful. The LLM will dynamically answer questions and simulate a dialogue, while also keeping track of the conversation to provide contextually relevant responses. If “completions” is specified, prompts sent by the user will be stateless and “one-shot”. The LLM will provide a single response to the prompt, without any context from previous prompts. If not specified, “completions” will be used as the default. |
defaultPrompts LLMPrompt array
|
DefaultPrompts is a list of prompts that should be provided to the LLM by default. This is generally used to influence inference behavior, for instance by providing a “system” role prompt that instructs the LLM to take on a certain persona. |
defaultPromptParams LLMPromptParams
|
DefaultPromptParams configures the parameters which will be sent with any and every inference request. If this is set, there is currently no way to override these parameters at the individual prompt level. This is an expected feature from later releases of our AI plugins. |
aiCloudProvider AICloudProvider
|
AICloudProvider defines the cloud provider that will fulfill the LLM requests for this CloudHostedLargeLanguageModel |
Appears in:
ClusterCertificateSecretRef
ClusterCertificateSecretRef contains the reference to the Secret containing the Konnect Control Plane’s cluster certificate.
| Field | Description |
|---|---|
name string
|
Name is the name of the Secret containing the Konnect Control Plane’s cluster certificate. |
Appears in:
DataPlaneMetricsExtensionSpec
DataPlaneMetricsExtensionSpec defines the spec for the DataPlaneMetricsExtension.
| Field | Description |
|---|---|
serviceSelector ServiceSelector
|
ServiceSelector holds the service selector specifying the services for which metrics should be collected. |
config MetricsConfig
|
Config holds the configuration for the DataPlane metrics. |
Appears in:
EndpointNetworkAccessHint
Underlying type: string
EndpointNetworkAccessHint provides a human readable indication of what kind
of network access is expected for a Gateway.
This isn’t meant to reflect knowledge of any specific network by name, which
is why it includes “hint” in the name. It’s meant to be a hint to the user
such as “internet-accessible”, “internal-only”.
Appears in:
KongPluginInstallationSpec
KongPluginInstallationSpec provides the information necessary to retrieve and install a Kong custom plugin.
| Field | Description |
|---|---|
image string
|
The image is an OCI image URL for a packaged custom Kong plugin. |
imagePullSecretRef SecretObjectReference
|
ImagePullSecretRef is a reference to a Kubernetes Secret containing credentials necessary to pull the OCI image in Image. It must follow the format in https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry. It is optional. If the image is public, omit this field. |
Appears in:
KonnectControlPlaneAPIAuthConfiguration
KonnectControlPlaneAPIAuthConfiguration contains the configuration to authenticate with Konnect API ControlPlane.
| Field | Description |
|---|---|
clusterCertificateSecretRef ClusterCertificateSecretRef
|
ClusterCertificateSecretRef is the reference to the Secret containing the Konnect Control Plane’s cluster certificate. |
Appears in:
KonnectExtensionSpec
KonnectExtensionSpec defines the desired state of KonnectExtension.
| Field | Description |
|---|---|
controlPlaneRef ControlPlaneRef
|
ControlPlaneRef is a reference to a ControlPlane this KonnectExtension is associated with. |
controlPlaneRegion string
|
ControlPlaneRegion is the region of the Konnect Control Plane. |
serverHostname string
|
ServerHostname is the fully qualified domain name of the Konnect server. For typical operation a default value doesn’t need to be adjusted. It matches the RFC 1123 definition of a hostname with 1 notable exception that numeric IP addresses are not allowed. Note that as per RFC1035 and RFC1123, a label must consist of lower case alphanumeric characters or ‘-‘, and must start and end with an alphanumeric character. No other punctuation is allowed. |
konnectControlPlaneAPIAuthConfiguration KonnectControlPlaneAPIAuthConfiguration
|
AuthConfiguration must be used to configure the Konnect API authentication. |
clusterDataPlaneLabels object (keys:string, values:string)
|
ClusterDataPlaneLabels is a set of labels that will be applied to the Konnect DataPlane. |
Appears in:
LLMPrompt
LLMPrompt is a text prompt that includes parameters, a role and content.
This is intended for situations like when you need to provide roles in a
prompt to an LLM in order to influence its behavior and responses.
For example, you might want to provide a “system” role and tell the LLM
something like “you are a helpful assistant who responds in the style of
Sherlock Holmes”.
| Field | Description |
|---|---|
content string
|
Content is the prompt text sent for inference. |
role LLMPromptRole
|
Role indicates the role of the prompt. This is used to identify the prompt’s purpose, such as “system” or “user” and can influence the behavior of the LLM. If not specified, “user” will be used as the default. |
Appears in:
LLMPromptParams
LLMPromptParams contains parameters that can be used to control the behavior of a large language model (LLM) when generating text based on a prompt.
| Field | Description |
|---|---|
temperature string
|
Temperature controls the randomness of predictions by scaling the logits before applying softmax. A lower temperature (e.g., 0.0 to 0.7) makes the model more confident in its predictions, leading to more repetitive and deterministic outputs. A higher temperature (e.g., 0.8 to 1.0) increases randomness, generating more diverse and creative outputs. At very high temperatures, the outputs may become nonsensical or highly unpredictable. |
maxTokens integer
|
Max Tokens specifies the maximum length of the model’s output in terms of the number of tokens (words or pieces of words). This parameter limits the output’s size, ensuring the model generates content within a manageable scope. A token can be a word or part of a word, depending on the model’s tokenizer. |
topK integer
|
TopK sampling is a technique where the model’s prediction is limited to the K most likely next tokens at each step of the generation process. The probability distribution is truncated to these top K tokens, and the next token is randomly sampled from this subset. This method helps in reducing the chance of selecting highly improbable tokens, making the text more coherent. A smaller K leads to more predictable text, while a larger K allows for more diversity but with an increased risk of incoherence. |
topP string
|
TopP (also known as nucleus sampling) is an alternative to top K sampling. Instead of selecting the top K tokens, top P sampling chooses from the smallest set of tokens whose cumulative probability exceeds the threshold P. This method dynamically adjusts the number of tokens considered at each step, depending on their probability distribution. It helps in maintaining diversity while also avoiding very unlikely tokens. A higher P value increases diversity but can lead to less coherence, whereas a lower P value makes the model’s outputs more focused and coherent. |
Appears in:
LLMPromptRole
Underlying type: string
LLMPromptRole indicates the role of a prompt for a large language model (LLM).
Appears in:
LLMPromptType
Underlying type: string
LLMPromptType indicates the type of prompt to be used for a large language model (LLM).
Appears in:
LargeLanguageModels
LargeLanguageModels is a list of Large Language Models (LLM) hosted in various ways (cloud hosted, self hosted, e.t.c.) which the AIGateway should serve and manage traffic for.
| Field | Description |
|---|---|
cloudHosted CloudHostedLargeLanguageModel array
|
CloudHosted configures LLMs hosted and served by cloud providers. This is currently a required field, requiring at least one cloud-hosted LLM be specified, however in future iterations we may add other hosting options such as self-hosted LLMs as separate fields. |
Appears in:
MetricsConfig
MetricsConfig holds the configuration for the DataPlane metrics.
| Field | Description |
|---|---|
latency boolean
|
Latency indicates whether latency metrics are enabled for the DataPlane. This translates into deployed instances having latency_metrics option set on the Prometheus plugin. |
bandwidth boolean
|
Bandwidth indicates whether bandwidth metrics are enabled for the DataPlane. This translates into deployed instances having bandwidth_metrics option set on the Prometheus plugin. |
upstreamHealth boolean
|
UpstreamHealth indicates whether upstream health metrics are enabled for the DataPlane. This translates into deployed instances having upstream_health_metrics option set on the Prometheus plugin. |
statusCode boolean
|
StatusCode indicates whether status code metrics are enabled for the DataPlane. This translates into deployed instances having status_code_metrics option set on the Prometheus plugin. |
Appears in:
ServiceSelector
ServiceSelector holds the service selector specification.
| Field | Description |
|---|---|
matchNames ServiceSelectorEntry array
|
MatchNames holds the list of Services names to match. |
Appears in:
ServiceSelectorEntry
ServiceSelectorEntry holds the name of a service to match.
| Field | Description |
|---|---|
name string
|
Name is the name of the service to match. |
Appears in:
WatchNamespaceGrantFrom
WatchNamespaceGrantFrom describes trusted namespaces.
| Field | Description |
|---|---|
group string
|
Group is the group of the referent. |
kind string
|
Kind is the kind of the referent. |
namespace string
|
Namespace is the namespace of the referent. |
Appears in:
WatchNamespaceGrantSpec
WatchNamespaceGrantSpec defines the desired state of an WatchNamespaceGrant.
| Field | Description |
|---|---|
from WatchNamespaceGrantFrom array
|
From describes the trusted namespaces and kinds that can reference the namespace this grant exists in. |
Appears in:
gateway-operator.konghq.com/v1beta1
Package v1beta1 contains API Schema definitions for the gateway-operator.konghq.com v1beta1 API group.
Package v1beta1 contains API Schema definitions for the gateway-operator.konghq.com v1beta1 API group
- ControlPlane
- DataPlane
-
GatewayConfiguration
ControlPlane
ControlPlane is the Schema for the controlplanes API
| Field | Description |
|---|---|
apiVersion string
|
gateway-operator.konghq.com/v1beta1 |
kind string
|
ControlPlane |
metadata ObjectMeta
|
Refer to Kubernetes API documentation for fields of metadata. |
spec ControlPlaneSpec
|
DataPlane
DataPlane is the Schema for the dataplanes API
| Field | Description |
|---|---|
apiVersion string
|
gateway-operator.konghq.com/v1beta1 |
kind string
|
DataPlane |
metadata ObjectMeta
|
Refer to Kubernetes API documentation for fields of metadata. |
spec DataPlaneSpec
|
GatewayConfiguration
GatewayConfiguration is the Schema for the gatewayconfigurations API.
| Field | Description |
|---|---|
apiVersion string
|
gateway-operator.konghq.com/v1beta1 |
kind string
|
GatewayConfiguration |
metadata ObjectMeta
|
Refer to Kubernetes API documentation for fields of metadata. |
spec GatewayConfigurationSpec
|
Types
In this section you will find types that the CRDs rely on.
Address
Address describes an address which can be either an IP address or a hostname.
| Field | Description |
|---|---|
type AddressType
|
Type of the address. |
value string
|
Value of the address. The validity of the values will depend on the type and support by the controller. Examples: 1.2.3.4, 128::1, my-ip-address. |
sourceType AddressSourceType
|
Source type of the address. |
Appears in:
AddressSourceType
Underlying type: string
AddressSourceType defines the type of source this address represents.
Can be one of:
PublicLoadBalancerPrivateLoadBalancerPublicIPPrivateIP
Appears in:
AddressType
Underlying type: string
AddressType defines how a network address is represented as a text string.
Can be one of:
IPAddressHostname
Appears in:
BlueGreenStrategy
BlueGreenStrategy defines the Blue Green deployment strategy.
| Field | Description |
|---|---|
promotion Promotion
|
Promotion defines how the operator handles promotion of resources. |
resources RolloutResources
|
Resources controls what happens to operator managed resources during or after a rollout. |
Appears in:
ControlPlaneDeploymentOptions
ControlPlaneDeploymentOptions is a shared type used on objects to indicate that their configuration results in a Deployment which is managed by the Operator and includes options for managing Deployments such as the the number of replicas or pod options like container image and resource requirements. version, as well as Env variable overrides.
| Field | Description |
|---|---|
replicas integer
|
Replicas describes the number of desired pods. This is a pointer to distinguish between explicit zero and not specified. This only affects the DataPlane deployments for now, for more details on ControlPlane scaling please see https://github.com/Kong/gateway-operator/issues/736. |
podTemplateSpec PodTemplateSpec
|
PodTemplateSpec defines PodTemplateSpec for Deployment’s pods. |
Appears in:
ControlPlaneOptions
ControlPlaneOptions indicates the specific information needed to deploy and connect a ControlPlane to a DataPlane object.
| Field | Description |
|---|---|
deployment ControlPlaneDeploymentOptions
|
|
dataplane string
|
DataPlanes refers to the named DataPlane objects which this ControlPlane is responsible for. Currently they must be in the same namespace as the DataPlane. |
extensions ExtensionRef array
|
Extensions provide additional or replacement features for the ControlPlane resources to influence or enhance functionality. |
watchNamespaces WatchNamespaces
|
WatchNamespaces indicates the namespaces to watch for resources. |
Appears in:
ControlPlaneSpec
ControlPlaneSpec defines the desired state of ControlPlane
| Field | Description |
|---|---|
deployment ControlPlaneDeploymentOptions
|
|
dataplane string
|
DataPlanes refers to the named DataPlane objects which this ControlPlane is responsible for. Currently they must be in the same namespace as the DataPlane. |
extensions ExtensionRef array
|
Extensions provide additional or replacement features for the ControlPlane resources to influence or enhance functionality. |
watchNamespaces WatchNamespaces
|
WatchNamespaces indicates the namespaces to watch for resources. |
gatewayClass ObjectName
|
GatewayClass indicates the Gateway resources which this ControlPlane should be responsible for configuring routes for (e.g. HTTPRoute, TCPRoute, UDPRoute, TLSRoute, e.t.c.). Required for the ControlPlane to have any effect: at least one Gateway must be present for configuration to be pushed to the data-plane and only Gateway resources can be used to identify data-plane entities. |
ingressClass string
|
IngressClass enables support for the older Ingress resource and indicates which Ingress resources this ControlPlane should be responsible for. Routing configured this way will be applied to the Gateway resources indicated by GatewayClass. If omitted, Ingress resources will not be supported by the ControlPlane. |
Appears in:
DataPlaneDeploymentOptions
DataPlaneDeploymentOptions specifies options for the Deployments (as in the Kubernetes resource “Deployment”) which are created and managed for the DataPlane resource.
| Field | Description |
|---|---|
rollout Rollout
|
Rollout describes a custom rollout strategy. |
replicas integer
|
Replicas describes the number of desired pods. This is a pointer to distinguish between explicit zero and not specified. This is effectively shorthand for setting a scaling minimum and maximum to the same value. This field and the scaling field are mutually exclusive: You can only configure one or the other. |
scaling Scaling
|
Scaling defines the scaling options for the deployment. |
podTemplateSpec PodTemplateSpec
|
PodTemplateSpec defines PodTemplateSpec for Deployment’s pods. It’s being applied on top of the generated Deployments using StrategicMergePatch. |
Appears in:
DataPlaneNetworkOptions
DataPlaneNetworkOptions defines network related options for a DataPlane.
| Field | Description |
|---|---|
services DataPlaneServices
|
Services indicates the configuration of Kubernetes Services needed for the topology of various forms of traffic (including ingress, e.t.c.) to and from the DataPlane. |
konnectCertificate KonnectCertificateOptions
|
KonnectCA is the certificate authority that the operator uses to provision client certificates the DataPlane will use to authenticate itself to the Konnect API. Requires Enterprise. |
Appears in:
DataPlaneOptions
DataPlaneOptions defines the information specifically needed to deploy the DataPlane.
| Field | Description |
|---|---|
deployment DataPlaneDeploymentOptions
|
|
network DataPlaneNetworkOptions
|
|
resources DataPlaneResources
|
|
extensions ExtensionRef array
|
Extensions provide additional or replacement features for the DataPlane resources to influence or enhance functionality. NOTE: since we have one extension only (KonnectExtension), we limit the amount of extensions to 1. |
pluginsToInstall NamespacedName array
|
PluginsToInstall is a list of KongPluginInstallation resources that will be installed and available in the DataPlane. |
Appears in:
DataPlaneResources
DataPlaneResources defines the resources that will be created and managed for the DataPlane.
| Field | Description |
|---|---|
podDisruptionBudget PodDisruptionBudget
|
PodDisruptionBudget is the configuration for the PodDisruptionBudget that will be created for the DataPlane. |
Appears in:
DataPlaneRolloutStatus
DataPlaneRolloutStatus describes the DataPlane rollout status.
| Field | Description |
|---|---|
services DataPlaneRolloutStatusServices
|
Services contain the information about the services which are available through which user can access the preview deployment. |
deployment DataPlaneRolloutStatusDeployment
|
Deployment contains the information about the preview deployment. |
conditions Condition array
|
Conditions contains the status conditions about the rollout. |
Appears in:
DataPlaneRolloutStatusDeployment
DataPlaneRolloutStatusDeployment is a rollout status field which contains fields specific for Deployments during the rollout.
| Field | Description |
|---|---|
selector string
|
Selector is a stable label selector value assigned to a DataPlane rollout status which is used throughout the rollout as a deterministic labels selector for Services and Deployments. |
Appears in:
DataPlaneRolloutStatusServices
DataPlaneRolloutStatusServices describes the status of the services during DataPlane rollout.
| Field | Description |
|---|---|
ingress RolloutStatusService
|
Ingress contains the name and the address of the preview service for ingress. Using this service users can send requests that will hit the preview deployment. |
adminAPI RolloutStatusService
|
AdminAPI contains the name and the address of the preview service for Admin API. Using this service users can send requests to configure the DataPlane’s preview deployment. |
Appears in:
DataPlaneServiceOptions
DataPlaneServiceOptions contains Services related DataPlane configuration.
| Field | Description |
|---|---|
ports DataPlaneServicePort array
|
Ports defines the list of ports that are exposed by the service. The ports field allows defining the name, port and targetPort of the underlying service ports, while the protocol is defaulted to TCP, as it is the only protocol currently supported. |
type ServiceType
|
Type determines how the Service is exposed. Defaults to LoadBalancer.ClusterIP allocates a cluster-internal IP address for load-balancing to endpoints.NodePort exposes the Service on each Node’s IP at a static port (the NodePort). To make the node port available, Kubernetes sets up a cluster IP address, the same as if you had requested a Service of type: ClusterIP.LoadBalancer builds on NodePort and creates an external load-balancer (if supported in the current cloud) which routes to the same endpoints as the clusterIP.More info: https://kubernetes.io/docs/concepts/services-networking/service/#publishing-services-service-types |
name string
|
Name defines the name of the service. If Name is empty, the controller will generate a service name from the owning object. |
annotations object (keys:string, values:string)
|
Annotations is an unstructured key value map stored with a resource that may be set by external tools to store and retrieve arbitrary metadata. They are not queryable and should be preserved when modifying objects. More info: http://kubernetes.io/docs/user-guide/annotations |
externalTrafficPolicy ServiceExternalTrafficPolicy
|
ExternalTrafficPolicy describes how nodes distribute service traffic they receive on one of the Service’s “externally-facing” addresses (NodePorts, ExternalIPs, and LoadBalancer IPs). If set to “Local”, the proxy will configure the service in a way that assumes that external load balancers will take care of balancing the service traffic between nodes, and so each node will deliver traffic only to the node-local endpoints of the service, without masquerading the client source IP. (Traffic mistakenly sent to a node with no endpoints will be dropped.) The default value, “Cluster”, uses the standard behavior of routing to all endpoints evenly (possibly modified by topology and other features). Note that traffic sent to an External IP or LoadBalancer IP from within the cluster will always get “Cluster” semantics, but clients sending to a NodePort from within the cluster may need to take traffic policy into account when picking a node. More info: https://kubernetes.io/docs/tasks/access-application-cluster/create-external-load-balancer/#preserving-the-client-source-ip |
Appears in:
DataPlaneServicePort
DataPlaneServicePort contains information on service’s port.
| Field | Description |
|---|---|
name string
|
The name of this port within the service. This must be a DNS_LABEL. All ports within a ServiceSpec must have unique names. When considering the endpoints for a Service, this must match the ‘name’ field in the EndpointPort. Optional if only one ServicePort is defined on this service. |
port integer
|
The port that will be exposed by this service. |
targetPort IntOrString
|
Number or name of the port to access on the pods targeted by the service. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. If this is a string, it will be looked up as a named port in the target Pod’s container ports. If this is not specified, the value of the ‘port’ field is used (an identity map). This field is ignored for services with clusterIP=None, and should be omitted or set equal to the ‘port’ field. More info: https://kubernetes.io/docs/concepts/services-networking/service/#defining-a-service |
nodePort integer
|
The port on each node on which this service is exposed when type is NodePort or LoadBalancer. Usually assigned by the system. If a value is specified, in-range, and not in use it will be used, otherwise the operation will fail. If not specified, a port will be allocated if this Service requires one. If this field is specified when creating a Service which does not need it, creation will fail. This field will be wiped when updating a Service to no longer need it (e.g. changing type from NodePort to ClusterIP). More info: https://kubernetes.io/docs/concepts/services-networking/service/#type-nodeport Can only be specified if type is NodePort or LoadBalancer. |
Appears in:
DataPlaneServices
DataPlaneServices contains Services related DataPlane configuration, shared with the GatewayConfiguration.
| Field | Description |
|---|---|
ingress DataPlaneServiceOptions
|
Ingress is the Kubernetes Service that will be used to expose ingress traffic for the DataPlane. Here you can determine whether the DataPlane will be exposed outside the cluster (e.g. using a LoadBalancer type Services) or only internally (e.g. ClusterIP), and inject any additional annotations you need on the service (for instance, if you need to influence a cloud provider LoadBalancer configuration). |
Appears in:
DataPlaneSpec
DataPlaneSpec defines the desired state of DataPlane
| Field | Description |
|---|---|
deployment DataPlaneDeploymentOptions
|
|
network DataPlaneNetworkOptions
|
|
resources DataPlaneResources
|
|
extensions ExtensionRef array
|
Extensions provide additional or replacement features for the DataPlane resources to influence or enhance functionality. NOTE: since we have one extension only (KonnectExtension), we limit the amount of extensions to 1. |
pluginsToInstall NamespacedName array
|
PluginsToInstall is a list of KongPluginInstallation resources that will be installed and available in the DataPlane. |
Appears in:
DeploymentOptions
DeploymentOptions is a shared type used on objects to indicate that their configuration results in a Deployment which is managed by the Operator and includes options for managing Deployments such as the number of replicas or pod options like container image and resource requirements. version, as well as Env variable overrides.
| Field | Description |
|---|---|
replicas integer
|
Replicas describes the number of desired pods. This is a pointer to distinguish between explicit zero and not specified. This is effectively shorthand for setting a scaling minimum and maximum to the same value. This field and the scaling field are mutually exclusive: You can only configure one or the other. |
scaling Scaling
|
Scaling defines the scaling options for the deployment. |
podTemplateSpec PodTemplateSpec
|
PodTemplateSpec defines PodTemplateSpec for Deployment’s pods. It’s being applied on top of the generated Deployments using StrategicMergePatch. |
Appears in:
GatewayConfigDataPlaneNetworkOptions
GatewayConfigDataPlaneNetworkOptions defines network related options for a DataPlane.
| Field | Description |
|---|---|
services GatewayConfigDataPlaneServices
|
Services indicates the configuration of Kubernetes Services needed for the topology of various forms of traffic (including ingress, etc.) to and from the DataPlane. |
Appears in:
GatewayConfigDataPlaneOptions
GatewayConfigDataPlaneOptions indicates the specific information needed to configure and deploy a DataPlane object.
| Field | Description |
|---|---|
deployment DataPlaneDeploymentOptions
|
|
network GatewayConfigDataPlaneNetworkOptions
|
|
resources GatewayConfigDataPlaneResources
|
|
extensions ExtensionRef array
|
Extensions provide additional or replacement features for the DataPlane resources to influence or enhance functionality. NOTE: since we have one extension only (KonnectExtension), we limit the amount of extensions to 1. |
pluginsToInstall NamespacedName array
|
PluginsToInstall is a list of KongPluginInstallation resources that will be installed and available in the Gateways (DataPlanes) that use this GatewayConfig. |
Appears in:
GatewayConfigDataPlaneResources
GatewayConfigDataPlaneResources defines the resources that will be created and managed for Gateway’s DataPlane.
| Field | Description |
|---|---|
podDisruptionBudget PodDisruptionBudget
|
PodDisruptionBudget is the configuration for the PodDisruptionBudget that will be created for the DataPlane. |
Appears in:
GatewayConfigDataPlaneServices
GatewayConfigDataPlaneServices contains Services related DataPlane configuration.
| Field | Description |
|---|---|
ingress GatewayConfigServiceOptions
|
Ingress is the Kubernetes Service that will be used to expose ingress traffic for the DataPlane. Here you can determine whether the DataPlane will be exposed outside the cluster (e.g. using a LoadBalancer type Services) or only internally (e.g. ClusterIP), and inject any additional annotations you need on the service (for instance, if you need to influence a cloud provider LoadBalancer configuration). |
Appears in:
GatewayConfigServiceOptions
GatewayConfigServiceOptions is used to includes options to customize the ingress service, such as the annotations.
| Field | Description |
|---|---|
type ServiceType
|
Type determines how the Service is exposed. Defaults to LoadBalancer.ClusterIP allocates a cluster-internal IP address for load-balancing to endpoints.NodePort exposes the Service on each Node’s IP at a static port (the NodePort). To make the node port available, Kubernetes sets up a cluster IP address, the same as if you had requested a Service of type: ClusterIP.LoadBalancer builds on NodePort and creates an external load-balancer (if supported in the current cloud) which routes to the same endpoints as the clusterIP.More info: https://kubernetes.io/docs/concepts/services-networking/service/#publishing-services-service-types |
name string
|
Name defines the name of the service. If Name is empty, the controller will generate a service name from the owning object. |
annotations object (keys:string, values:string)
|
Annotations is an unstructured key value map stored with a resource that may be set by external tools to store and retrieve arbitrary metadata. They are not queryable and should be preserved when modifying objects. More info: http://kubernetes.io/docs/user-guide/annotations |
externalTrafficPolicy ServiceExternalTrafficPolicy
|
ExternalTrafficPolicy describes how nodes distribute service traffic they receive on one of the Service’s “externally-facing” addresses (NodePorts, ExternalIPs, and LoadBalancer IPs). If set to “Local”, the proxy will configure the service in a way that assumes that external load balancers will take care of balancing the service traffic between nodes, and so each node will deliver traffic only to the node-local endpoints of the service, without masquerading the client source IP. (Traffic mistakenly sent to a node with no endpoints will be dropped.) The default value, “Cluster”, uses the standard behavior of routing to all endpoints evenly (possibly modified by topology and other features). Note that traffic sent to an External IP or LoadBalancer IP from within the cluster will always get “Cluster” semantics, but clients sending to a NodePort from within the cluster may need to take traffic policy into account when picking a node. More info: https://kubernetes.io/docs/tasks/access-application-cluster/create-external-load-balancer/#preserving-the-client-source-ip |
Appears in:
GatewayConfigurationSpec
GatewayConfigurationSpec defines the desired state of GatewayConfiguration
| Field | Description |
|---|---|
dataPlaneOptions GatewayConfigDataPlaneOptions
|
DataPlaneOptions is the specification for configuration overrides for DataPlane resources that will be created for the Gateway. |
controlPlaneOptions ControlPlaneOptions
|
ControlPlaneOptions is the specification for configuration overrides for ControlPlane resources that will be created for the Gateway. |
extensions ExtensionRef array
|
Extensions provide additional or replacement features for the Gateway resource to influence or enhance functionality. NOTE: currently, there’s only 1 extension that can be attached at the Gateway level (KonnectExtension), so the amount of extensions is limited to 1. |
Appears in:
HorizontalScaling
HorizontalScaling defines horizontal scaling options for the deployment. It holds all the options from the HorizontalPodAutoscalerSpec besides the ScaleTargetRef which is being controlled by the Operator.
| Field | Description |
|---|---|
minReplicas integer
|
minReplicas is the lower limit for the number of replicas to which the autoscaler can scale down. It defaults to 1 pod. minReplicas is allowed to be 0 if the alpha feature gate HPAScaleToZero is enabled and at least one Object or External metric is configured. Scaling is active as long as at least one metric value is available. |
maxReplicas integer
|
maxReplicas is the upper limit for the number of replicas to which the autoscaler can scale up. It cannot be less that minReplicas. |
metrics MetricSpec array
|
metrics contains the specifications for which to use to calculate the desired replica count (the maximum replica count across all metrics will be used). The desired replica count is calculated multiplying the ratio between the target value and the current value by the current number of pods. Ergo, metrics used must decrease as the pod count is increased, and vice-versa. See the individual metric source types for more information about how each type of metric must respond. If not set, the default metric will be set to 80% average CPU utilization. |
behavior HorizontalPodAutoscalerBehavior
|
behavior configures the scaling behavior of the target in both Up and Down directions (scaleUp and scaleDown fields respectively). If not set, the default HPAScalingRules for scale up and scale down are used. |
Appears in:
KonnectCertificateOptions
KonnectCertificateOptions indicates how the operator should manage the certificates that managed entities will use to interact with Konnect.
| Field | Description |
|---|---|
issuer NamespacedName
|
Issuer is the cert-manager Issuer or ClusterIssuer the operator will use to request certificates. When Namespace is set, the operator will retrieve the Issuer with that Name in that Namespace. When Namespace is omitted, the operator will retrieve the ClusterIssuer with that name. |
Appears in:
NamespacedName
NamespacedName is a resource identified by name and optional namespace.
| Field | Description |
|---|---|
namespace string
|
|
name string
|
Appears in:
PodDisruptionBudget
PodDisruptionBudget defines the configuration for the PodDisruptionBudget.
| Field | Description |
|---|---|
spec PodDisruptionBudgetSpec
|
Spec defines the specification of the PodDisruptionBudget. Selector is managed by the controller and cannot be set by the user. |
Appears in:
PodDisruptionBudgetSpec
PodDisruptionBudgetSpec defines the specification of a PodDisruptionBudget.
| Field | Description |
|---|---|
minAvailable IntOrString
|
An eviction is allowed if at least “minAvailable” pods selected by “selector” will still be available after the eviction, i.e. even in the absence of the evicted pod. So for example you can prevent all voluntary evictions by specifying “100%”. |
maxUnavailable IntOrString
|
An eviction is allowed if at most “maxUnavailable” pods selected by “selector” are unavailable after the eviction, i.e. even in absence of the evicted pod. For example, one can prevent all voluntary evictions by specifying 0. This is a mutually exclusive setting with “minAvailable”. |
unhealthyPodEvictionPolicy UnhealthyPodEvictionPolicyType
|
UnhealthyPodEvictionPolicy defines the criteria for when unhealthy pods should be considered for eviction. Current implementation considers healthy pods, as pods that have status.conditions item with type=”Ready”,status=”True”. Valid policies are IfHealthyBudget and AlwaysAllow. If no policy is specified, the default behavior will be used, which corresponds to the IfHealthyBudget policy. IfHealthyBudget policy means that running pods (status.phase=”Running”), but not yet healthy can be evicted only if the guarded application is not disrupted (status.currentHealthy is at least equal to status.desiredHealthy). Healthy pods will be subject to the PDB for eviction. AlwaysAllow policy means that all running pods (status.phase=”Running”), but not yet healthy are considered disrupted and can be evicted regardless of whether the criteria in a PDB is met. This means perspective running pods of a disrupted application might not get a chance to become healthy. Healthy pods will be subject to the PDB for eviction. Additional policies may be added in the future. Clients making eviction decisions should disallow eviction of unhealthy pods if they encounter an unrecognized policy in this field. This field is beta-level. The eviction API uses this field when the feature gate PDBUnhealthyPodEvictionPolicy is enabled (enabled by default). |
Appears in:
Promotion
Promotion is a type that contains fields that define how the operator handles promotion of resources during a blue/green rollout.
| Field | Description |
|---|---|
strategy PromotionStrategy
|
Strategy indicates how you want the operator to handle the promotion of the preview (green) resources (Deployments and Services) after all workflows and tests succeed, OR if you even want it to break before performing the promotion to allow manual inspection. |
Appears in:
PromotionStrategy
Underlying type: string
PromotionStrategy is the type of promotion strategy consts.
Allowed values:
-
BreakBeforePromotionis a promotion strategy which will ensure all new resources are ready and then break, to enable manual inspection. The user must indicate manually when they want the promotion to continue. That can be done by annotating theDataPlaneobject with"gateway-operator.konghq.com/promote-when-ready": "true".
Appears in:
Rollout
Rollout defines options for rollouts.
| Field | Description |
|---|---|
strategy RolloutStrategy
|
Strategy contains the deployment strategy for rollout. |
Appears in:
RolloutResourcePlan
Underlying type: [struct{Deployment RolloutResourcePlanDeployment "json:\"deployment,omitempty\""}](#struct{deployment-rolloutresourceplandeployment-"json:\"deployment,omitempty\""})
RolloutResourcePlan is a type that holds rollout resource plan related fields which control how the operator handles resources during and after a rollout.
Appears in:
RolloutResources
RolloutResources is the type which contains the fields which control how the operator manages the resources it manages during or after the rollout concludes.
| Field | Description |
|---|---|
plan RolloutResourcePlan
|
Plan defines the resource plan for managing resources during and after a rollout. |
Appears in:
RolloutStatusService
RolloutStatusService is a struct which contains status information about services that are exposed as part of the rollout.
| Field | Description |
|---|---|
name string
|
Name indicates the name of the service. |
addresses Address array
|
Addresses contains the addresses of a Service. |
Appears in:
RolloutStrategy
RolloutStrategy holds the rollout strategy options.
| Field | Description |
|---|---|
blueGreen BlueGreenStrategy
|
BlueGreen holds the options specific for Blue Green Deployments. |
Appears in:
Scaling
Scaling defines the scaling options for the deployment.
| Field | Description |
|---|---|
horizontal HorizontalScaling
|
HorizontalScaling defines horizontal scaling options for the deployment. |
Appears in:
ServiceOptions
ServiceOptions is used to includes options to customize the ingress service, such as the annotations.
| Field | Description |
|---|---|
type ServiceType
|
Type determines how the Service is exposed. Defaults to LoadBalancer.ClusterIP allocates a cluster-internal IP address for load-balancing to endpoints.NodePort exposes the Service on each Node’s IP at a static port (the NodePort). To make the node port available, Kubernetes sets up a cluster IP address, the same as if you had requested a Service of type: ClusterIP.LoadBalancer builds on NodePort and creates an external load-balancer (if supported in the current cloud) which routes to the same endpoints as the clusterIP.More info: https://kubernetes.io/docs/concepts/services-networking/service/#publishing-services-service-types |
name string
|
Name defines the name of the service. If Name is empty, the controller will generate a service name from the owning object. |
annotations object (keys:string, values:string)
|
Annotations is an unstructured key value map stored with a resource that may be set by external tools to store and retrieve arbitrary metadata. They are not queryable and should be preserved when modifying objects. More info: http://kubernetes.io/docs/user-guide/annotations |
externalTrafficPolicy ServiceExternalTrafficPolicy
|
ExternalTrafficPolicy describes how nodes distribute service traffic they receive on one of the Service’s “externally-facing” addresses (NodePorts, ExternalIPs, and LoadBalancer IPs). If set to “Local”, the proxy will configure the service in a way that assumes that external load balancers will take care of balancing the service traffic between nodes, and so each node will deliver traffic only to the node-local endpoints of the service, without masquerading the client source IP. (Traffic mistakenly sent to a node with no endpoints will be dropped.) The default value, “Cluster”, uses the standard behavior of routing to all endpoints evenly (possibly modified by topology and other features). Note that traffic sent to an External IP or LoadBalancer IP from within the cluster will always get “Cluster” semantics, but clients sending to a NodePort from within the cluster may need to take traffic policy into account when picking a node. More info: https://kubernetes.io/docs/tasks/access-application-cluster/create-external-load-balancer/#preserving-the-client-source-ip |
Appears in:
WatchNamespaces
WatchNamespaces defines the namespaces to watch for resources
| Field | Description |
|---|---|
type WatchNamespacesType
|
Type indicates the type of namespace watching to be done. By default, all namespaces are watched. |
list string array
|
List is a list of namespaces to watch for resources. Only used when Type is set to List. |
Appears in:
WatchNamespacesType
Underlying type: string
WatchNamespacesType indicates the type of namespace watching to be done.
Appears in:
incubator.ingress-controller.konghq.com/v1alpha1
Package v1alpha1 contains API Schema definitions for the incubator.ingress-controller.konghq.com v1alpha1 API group.
-
KongServiceFacade
KongServiceFacade
KongServiceFacade allows creating separate Kong Services for a single Kubernetes
Service. It can be used as Kubernetes Ingress’ backend (via its path’s backend.resource
field). It’s designed to enable creating two “virtual” Services in Kong that will point
to the same Kubernetes Service, but will have different configuration (e.g. different
set of plugins, different load balancing algorithm, etc.).
KongServiceFacade requires kubernetes.io/ingress.class annotation with a value
matching the ingressClass of the Kong Ingress Controller (kong by default) to be reconciled.
| Field | Description |
|---|---|
apiVersion string
|
incubator.ingress-controller.konghq.com/v1alpha1 |
kind string
|
KongServiceFacade |
metadata ObjectMeta
|
Refer to Kubernetes API documentation for fields of metadata. |
spec KongServiceFacadeSpec
|
Types
In this section you will find types that the CRDs rely on.
KongServiceFacadeBackend
KongServiceFacadeBackend is a reference to a Kubernetes Service that is used as a backend for a Kong Service Facade.
| Field | Description |
|---|---|
name string
|
Name is the name of the referenced Kubernetes Service. |
port integer
|
Port is the port of the referenced Kubernetes Service. |
Appears in:
KongServiceFacadeSpec
KongServiceFacadeSpec defines the desired state of KongServiceFacade.
| Field | Description |
|---|---|
backendRef KongServiceFacadeBackend
|
Backend is a reference to a Kubernetes Service that is used as a backend for this Kong Service Facade. |
Appears in:
konnect.konghq.com/v1alpha1
Package v1alpha1 contains API Schema definitions for the konnect.konghq.com v1alpha1 API group.
- KonnectAPIAuthConfiguration
- KonnectCloudGatewayDataPlaneGroupConfiguration
- KonnectCloudGatewayNetwork
- KonnectCloudGatewayTransitGateway
- KonnectExtension
-
KonnectGatewayControlPlane
KonnectAPIAuthConfiguration
KonnectAPIAuthConfiguration is the Schema for the Konnect configuration type.
| Field | Description |
|---|---|
apiVersion string
|
konnect.konghq.com/v1alpha1 |
kind string
|
KonnectAPIAuthConfiguration |
metadata ObjectMeta
|
Refer to Kubernetes API documentation for fields of metadata. |
spec KonnectAPIAuthConfigurationSpec
|
Spec is the specification of the KonnectAPIAuthConfiguration resource. |
KonnectCloudGatewayDataPlaneGroupConfiguration
KonnectCloudGatewayDataPlaneGroupConfiguration is the Schema for the Konnect Network API.
| Field | Description |
|---|---|
apiVersion string
|
konnect.konghq.com/v1alpha1 |
kind string
|
KonnectCloudGatewayDataPlaneGroupConfiguration |
metadata ObjectMeta
|
Refer to Kubernetes API documentation for fields of metadata. |
spec KonnectCloudGatewayDataPlaneGroupConfigurationSpec
|
Spec defines the desired state of KonnectCloudGatewayDataPlaneGroupConfiguration. |
KonnectCloudGatewayNetwork
KonnectCloudGatewayNetwork is the Schema for the Konnect Network API.
| Field | Description |
|---|---|
apiVersion string
|
konnect.konghq.com/v1alpha1 |
kind string
|
KonnectCloudGatewayNetwork |
metadata ObjectMeta
|
Refer to Kubernetes API documentation for fields of metadata. |
spec KonnectCloudGatewayNetworkSpec
|
Spec defines the desired state of KonnectCloudGatewayNetwork. |
KonnectCloudGatewayTransitGateway
KonnectCloudGatewayTransitGateway is the Schema for the Konnect Transit Gateway API.
| Field | Description |
|---|---|
apiVersion string
|
konnect.konghq.com/v1alpha1 |
kind string
|
KonnectCloudGatewayTransitGateway |
metadata ObjectMeta
|
Refer to Kubernetes API documentation for fields of metadata. |
spec KonnectCloudGatewayTransitGatewaySpec
|
Spec defines the desired state of KonnectCloudGatewayTransitGateway. |
KonnectExtension
KonnectExtension is the Schema for the KonnectExtension API, and is intended to be referenced as extension by the DataPlane, ControlPlane or GatewayConfiguration APIs. If one of the above mentioned resources successfully refers a KonnectExtension, the underlying deployment(s) spec gets customized to include the konnect-related configuration.
| Field | Description |
|---|---|
apiVersion string
|
konnect.konghq.com/v1alpha1 |
kind string
|
KonnectExtension |
metadata ObjectMeta
|
Refer to Kubernetes API documentation for fields of metadata. |
spec KonnectExtensionSpec
|
Spec is the specification of the KonnectExtension resource. |
KonnectGatewayControlPlane
KonnectGatewayControlPlane is the Schema for the KonnectGatewayControlplanes API.
| Field | Description |
|---|---|
apiVersion string
|
konnect.konghq.com/v1alpha1 |
kind string
|
KonnectGatewayControlPlane |
metadata ObjectMeta
|
Refer to Kubernetes API documentation for fields of metadata. |
spec KonnectGatewayControlPlaneSpec
|
Spec defines the desired state of KonnectGatewayControlPlane. |
Types
In this section you will find types that the CRDs rely on.
AWSTransitGateway
AWSTransitGateway is the configuration of an AWS transit gateway.
| Field | Description |
|---|---|
name string
|
Human-readable name of the transit gateway. |
dns_config TransitGatewayDNSConfig array
|
List of mappings from remote DNS server IP address sets to proxied internal domains, for a transit gateway attachment. |
cidr_blocks string array
|
CIDR blocks for constructing a route table for the transit gateway, when attaching to the owning network. |
attachment_config AwsTransitGatewayAttachmentConfig
|
configuration to attach to AWS transit gateway on the AWS side. |
Appears in:
AwsTransitGatewayAttachmentConfig
AwsTransitGatewayAttachmentConfig is the configuration to attach to a AWS transit gateway.
| Field | Description |
|---|---|
transit_gateway_id string
|
TransitGatewayID is the AWS transit gateway ID to create attachment to. |
ram_share_arn string
|
RAMShareArn is the resource share ARN to verify request to create transit gateway attachment. |
Appears in:
AzureTransitGateway
AzureTransitGateway is the configuration of an Azure transit gateway.
| Field | Description |
|---|---|
name string
|
Human-readable name of the transit gateway. |
dns_config TransitGatewayDNSConfig array
|
List of mappings from remote DNS server IP address sets to proxied internal domains, for a transit gateway attachment. |
attachment_config AzureVNETPeeringAttachmentConfig
|
configuration to attach to Azure VNET peering gateway. |
Appears in:
AzureVNETPeeringAttachmentConfig
AzureVNETPeeringAttachmentConfig is the configuration to attach to a Azure VNET peering gateway.
| Field | Description |
|---|---|
tenant_id string
|
TenantID is the tenant ID for the Azure VNET Peering attachment. |
subscription_id string
|
SubscriptionID is the subscription ID for the Azure VNET Peering attachment. |
resource_group_name string
|
ResourceGroupName is the resource group name for the Azure VNET Peering attachment. |
vnet_name string
|
VnetName is the VNET Name for the Azure VNET Peering attachment. |
Appears in:
CertificateSecret
CertificateSecret contains the information to access the client certificate.
| Field | Description |
|---|---|
provisioning ProvisioningMethod
|
Provisioning is the method used to provision the certificate. It can be either Manual or Automatic. In case manual provisioning is used, the certificate must be provided by the user. In case automatic provisioning is used, the certificate will be automatically generated by the system. |
secretRef SecretRef
|
CertificateSecretRef is the reference to the Secret containing the client certificate. |
Appears in:
ConfigurationDataPlaneGroupAutoscale
ConfigurationDataPlaneGroupAutoscale specifies the autoscale configuration for the data-plane group.
| Field | Description |
|---|---|
static ConfigurationDataPlaneGroupAutoscaleStatic
|
Static specifies the static configuration for the data-plane group. |
autopilot ConfigurationDataPlaneGroupAutoscaleAutopilot
|
Autopilot specifies the autoscale configuration for the data-plane group. |
type ConfigurationDataPlaneGroupAutoscaleType
|
Type of autoscaling to use. |
Appears in:
ConfigurationDataPlaneGroupAutoscaleAutopilot
ConfigurationDataPlaneGroupAutoscaleAutopilot specifies the autoscale configuration for the data-plane group.
| Field | Description |
|---|---|
base_rps integer
|
Base number of requests per second that the deployment target should support. |
max_rps integer
|
Max number of requests per second that the deployment target should support. If not set, this defaults to 10x base_rps. |
Appears in:
ConfigurationDataPlaneGroupAutoscaleStatic
ConfigurationDataPlaneGroupAutoscaleStatic specifies the static configuration for the data-plane group.
| Field | Description |
|---|---|
instance_type InstanceTypeName
|
Instance type name to indicate capacity. Currently supported values are small, medium, large but this list might be expanded in the future. For all the allowed values, please refer to the Konnect API documentation at https://docs.konghq.com/konnect/api/cloud-gateways/latest/#/Data-Plane%20Group%20Configurations/create-configuration. |
requested_instances integer
|
Number of data-planes the deployment target will contain. |
Appears in:
ConfigurationDataPlaneGroupAutoscaleType
Underlying type: string
ConfigurationDataPlaneGroupAutoscaleType is the type of autoscale configuration for the data-plane group.
Appears in:
ConfigurationDataPlaneGroupEnvironmentField
ConfigurationDataPlaneGroupEnvironmentField specifies an environment variable field for the data-plane group.
| Field | Description |
|---|---|
name string
|
Name of the environment variable field to set for the data-plane group. Must be prefixed by KONG_. |
value string
|
Value assigned to the environment variable field for the data-plane group. |
Appears in:
CreateControlPlaneRequest
CreateControlPlaneRequest - The request schema for the create control plane request.
| Field | Description |
|---|---|
name string
|
The name of the control plane. |
description string
|
The description of the control plane in Konnect. |
cluster_type CreateControlPlaneRequestClusterType
|
The ClusterType value of the cluster associated with the Control Plane. |
auth_type AuthType
|
The auth type value of the cluster associated with the Runtime Group. |
cloud_gateway boolean
|
Whether this control-plane can be used for cloud-gateways. |
proxy_urls ProxyURL array
|
Array of proxy URLs associated with reaching the data-planes connected to a control-plane. |
labels object (keys:string, values:string)
|
Labels store metadata of an entity that can be used for filtering an entity list or for searching across entity types. Keys must be of length 1-63 characters, and cannot start with “kong”, “konnect”, “mesh”, “kic”, or “_”. |
Appears in:
DataPlaneClientAuthStatus
DataPlaneClientAuthStatus contains the status information related to the ClientAuth configuration.
| Field | Description |
|---|---|
certificateSecretRef SecretRef
|
CertificateSecretRef is the reference to the Secret containing the client certificate. |
Appears in:
DataPlaneLabelValue
Underlying type: string
DataPlaneLabelValue is the type that defines the value of a label that will be applied to the Konnect DataPlane.
Appears in:
KonnectAPIAuthConfigurationRef
KonnectAPIAuthConfigurationRef is a reference to a KonnectAPIAuthConfiguration resource.
| Field | Description |
|---|---|
name string
|
Name is the name of the KonnectAPIAuthConfiguration resource. |
Appears in:
KonnectAPIAuthConfigurationSpec
KonnectAPIAuthConfigurationSpec is the specification of the KonnectAPIAuthConfiguration resource.
| Field | Description |
|---|---|
type KonnectAPIAuthType
|
|
token string
|
Token is the Konnect token used to authenticate with the Konnect API. |
secretRef SecretReference
|
SecretRef is a reference to a Kubernetes Secret containing the Konnect token. This secret is required to have the konghq.com/credential label set to “konnect”. |
serverURL string
|
ServerURL is the URL of the Konnect server. It can be either a full URL with an HTTPs scheme or just a hostname. Please refer to https://docs.konghq.com/konnect/network/ for the list of supported hostnames. |
Appears in:
KonnectAPIAuthType
Underlying type: string
KonnectAPIAuthType is the type of authentication used to authenticate with the Konnect API.
Appears in:
KonnectCloudGatewayDataPlaneGroupConfigurationSpec
KonnectCloudGatewayDataPlaneGroupConfigurationSpec defines the desired state of KonnectCloudGatewayDataPlaneGroupConfiguration.
| Field | Description |
|---|---|
version string
|
Version specifies the desired Kong Gateway version. |
dataplane_groups KonnectConfigurationDataPlaneGroup array
|
DataplaneGroups is a list of desired data-plane groups that describe where to deploy instances, along with how many instances. |
api_access APIAccess
|
APIAccess is the desired type of API access for data-plane groups. |
controlPlaneRef ControlPlaneRef
|
ControlPlaneRef is a reference to a ControlPlane which DataPlanes from this configuration will connect to. |
Appears in:
KonnectCloudGatewayDataPlaneGroupConfigurationStatusGroup
KonnectCloudGatewayDataPlaneGroupConfigurationStatusGroup defines the observed state of a deployed data-plane group.
| Field | Description |
|---|---|
id string
|
ID is the ID of the deployed data-plane group. |
cloud_gateway_network_id string
|
CloudGatewayNetworkID is the ID of the cloud gateway network. |
provider ProviderName
|
Name of cloud provider. |
region string
|
Region ID for cloud provider region. |
private_ip_addresses string array
|
PrivateIPAddresses is a list of private IP addresses of the internal load balancer that proxies traffic to this data-plane group. |
egress_ip_addresses string array
|
EgressIPAddresses is a list of egress IP addresses for the network that this data-plane group runs on. |
state string
|
State is the current state of the data plane group. Can be e.g. initializing, ready, terminating. |
Appears in:
KonnectCloudGatewayNetworkSpec
KonnectCloudGatewayNetworkSpec defines the desired state of KonnectCloudGatewayNetwork.
| Field | Description |
|---|---|
name string
|
Specifies the name of the network on Konnect. |
cloud_gateway_provider_account_id string
|
Specifies the provider Account ID. |
region string
|
Region ID for cloud provider region. |
availability_zones string array
|
List of availability zones that the network is attached to. |
cidr_block string
|
CIDR block configuration for the network. |
state NetworkCreateState
|
Initial state for creating a network. |
konnect KonnectConfiguration
|
Appears in:
KonnectCloudGatewayTransitGatewaySpec
KonnectCloudGatewayTransitGatewaySpec defines the desired state of KonnectCloudGatewayTransitGateway.
| Field | Description |
|---|---|
networkRef ObjectRef
|
NetworkRef is the schema for the NetworkRef type. |
type TransitGatewayType
|
Type is the type of the Konnect transit gateway. |
awsTransitGateway AWSTransitGateway
|
AWSTransitGateway is the configuration of an AWS transit gateway. Used when type is “AWS Transit Gateway”. |
azureTransitGateway AzureTransitGateway
|
AzureTransitGateway is the configuration of an Azure transit gateway. Used when type is “Azure Transit Gateway”. |
Appears in:
KonnectConfiguration
KonnectConfiguration is the Schema for the KonnectConfiguration API.
| Field | Description |
|---|---|
authRef KonnectAPIAuthConfigurationRef
|
APIAuthConfigurationRef is the reference to the API Auth Configuration that should be used for this Konnect Configuration. |
Appears in:
KonnectConfigurationDataPlaneGroup
KonnectConfigurationDataPlaneGroup is the schema for the KonnectConfiguration type.
| Field | Description |
|---|---|
provider ProviderName
|
Name of cloud provider. |
region string
|
Region for cloud provider region. |
networkRef ObjectRef
|
NetworkRef is the reference to the network that this data-plane group will be deployed on. Cross namespace references are not supported for networkRef of type namespacedRef. This will be enforced in the future but currently (due to limitation in CEL validation in Kubernetes 1.31 and older) it is not. |
autoscale ConfigurationDataPlaneGroupAutoscale
|
Autoscale configuration for the data-plane group. |
environment ConfigurationDataPlaneGroupEnvironmentField array
|
Array of environment variables to set for a data-plane group. |
Appears in:
KonnectEndpoints
KonnectEndpoints defines the Konnect endpoints for the control plane.
| Field | Description |
|---|---|
telemetry string
|
TelemetryEndpoint is the endpoint for telemetry. |
controlPlane string
|
ControlPlaneEndpoint is the endpoint for the control plane. |
Appears in:
KonnectEntityStatus
KonnectEntityStatus represents the status of a Konnect entity.
| Field | Description |
|---|---|
id string
|
ID is the unique identifier of the Konnect entity as assigned by Konnect API. If it’s unset (empty string), it means the Konnect entity hasn’t been created yet. |
serverURL string
|
ServerURL is the URL of the Konnect server in which the entity exists. |
organizationID string
|
OrgID is ID of Konnect Org that this entity has been created in. |
Appears in:
- KonnectCloudGatewayDataPlaneGroupConfigurationStatus
- KonnectCloudGatewayNetworkStatus
- KonnectCloudGatewayTransitGatewayStatus
- KonnectEntityStatusWithControlPlaneAndCertificateRefs
- KonnectEntityStatusWithControlPlaneAndConsumerRefs
- KonnectEntityStatusWithControlPlaneAndKeySetRef
- KonnectEntityStatusWithControlPlaneAndServiceRefs
- KonnectEntityStatusWithControlPlaneAndUpstreamRefs
- KonnectEntityStatusWithControlPlaneRef
- KonnectEntityStatusWithNetworkRef
- KonnectGatewayControlPlaneStatus
KonnectEntityStatusWithControlPlaneAndCertificateRefs
KonnectEntityStatusWithControlPlaneAndCertificateRefs represents the status of a Konnect entity with references to a ControlPlane and a Certificate.
| Field | Description |
|---|---|
id string
|
ID is the unique identifier of the Konnect entity as assigned by Konnect API. If it’s unset (empty string), it means the Konnect entity hasn’t been created yet. |
serverURL string
|
ServerURL is the URL of the Konnect server in which the entity exists. |
organizationID string
|
OrgID is ID of Konnect Org that this entity has been created in. |
controlPlaneID string
|
ControlPlaneID is the Konnect ID of the ControlPlane this entity is associated with. |
certificateID string
|
CertificateID is the Konnect ID of the Certificate this entity is associated with. |
Appears in:
KonnectEntityStatusWithControlPlaneAndConsumerRefs
KonnectEntityStatusWithControlPlaneAndConsumerRefs represents the status of a Konnect entity with references to a ControlPlane and a Consumer.
| Field | Description |
|---|---|
id string
|
ID is the unique identifier of the Konnect entity as assigned by Konnect API. If it’s unset (empty string), it means the Konnect entity hasn’t been created yet. |
serverURL string
|
ServerURL is the URL of the Konnect server in which the entity exists. |
organizationID string
|
OrgID is ID of Konnect Org that this entity has been created in. |
controlPlaneID string
|
ControlPlaneID is the Konnect ID of the ControlPlane this Route is associated with. |
consumerID string
|
ConsumerID is the Konnect ID of the Consumer this entity is associated with. |
Appears in:
- KongCredentialACLStatus
- KongCredentialAPIKeyStatus
- KongCredentialBasicAuthStatus
- KongCredentialHMACStatus
- KongCredentialJWTStatus
KonnectEntityStatusWithControlPlaneAndKeySetRef
KonnectEntityStatusWithControlPlaneAndKeySetRef represents the status of a Konnect entity with references to a ControlPlane and a KeySet.
| Field | Description |
|---|---|
id string
|
ID is the unique identifier of the Konnect entity as assigned by Konnect API. If it’s unset (empty string), it means the Konnect entity hasn’t been created yet. |
serverURL string
|
ServerURL is the URL of the Konnect server in which the entity exists. |
organizationID string
|
OrgID is ID of Konnect Org that this entity has been created in. |
controlPlaneID string
|
ControlPlaneID is the Konnect ID of the ControlPlane this entity is associated with. |
keySetID string
|
KeySetID is the Konnect ID of the KeySet this entity is associated with. |
Appears in:
KonnectEntityStatusWithControlPlaneAndServiceRefs
KonnectEntityStatusWithControlPlaneAndServiceRefs represents the status of a Konnect entity with references to a ControlPlane and a Service.
| Field | Description |
|---|---|
id string
|
ID is the unique identifier of the Konnect entity as assigned by Konnect API. If it’s unset (empty string), it means the Konnect entity hasn’t been created yet. |
serverURL string
|
ServerURL is the URL of the Konnect server in which the entity exists. |
organizationID string
|
OrgID is ID of Konnect Org that this entity has been created in. |
controlPlaneID string
|
ControlPlaneID is the Konnect ID of the ControlPlane this entity is associated with. |
serviceID string
|
ServiceID is the Konnect ID of the Service this entity is associated with. |
Appears in:
KonnectEntityStatusWithControlPlaneAndUpstreamRefs
KonnectEntityStatusWithControlPlaneAndUpstreamRefs represents the status of a Konnect entity with references to a ControlPlane and an Upstream.
| Field | Description |
|---|---|
id string
|
ID is the unique identifier of the Konnect entity as assigned by Konnect API. If it’s unset (empty string), it means the Konnect entity hasn’t been created yet. |
serverURL string
|
ServerURL is the URL of the Konnect server in which the entity exists. |
organizationID string
|
OrgID is ID of Konnect Org that this entity has been created in. |
controlPlaneID string
|
ControlPlaneID is the Konnect ID of the ControlPlane this entity is associated with. |
upstreamID string
|
UpstreamID is the Konnect ID of the Upstream this entity is associated with. |
Appears in:
KonnectEntityStatusWithControlPlaneRef
KonnectEntityStatusWithControlPlaneRef represents the status of a Konnect entity with a reference to a ControlPlane.
| Field | Description |
|---|---|
id string
|
ID is the unique identifier of the Konnect entity as assigned by Konnect API. If it’s unset (empty string), it means the Konnect entity hasn’t been created yet. |
serverURL string
|
ServerURL is the URL of the Konnect server in which the entity exists. |
organizationID string
|
OrgID is ID of Konnect Org that this entity has been created in. |
controlPlaneID string
|
ControlPlaneID is the Konnect ID of the ControlPlane this Route is associated with. |
Appears in:
- KongCACertificateStatus
- KongCertificateStatus
- KongConsumerGroupStatus
- KongConsumerStatus
- KongDataPlaneClientCertificateStatus
- KongKeySetStatus
- KongPluginBindingStatus
- KongServiceStatus
- KongUpstreamStatus
- KongVaultStatus
- KonnectCloudGatewayDataPlaneGroupConfigurationStatus
KonnectEntityStatusWithNetworkRef
KonnectEntityStatusWithNetworkRef represents the status of a Konnect entity with reference to a Konnect cloud gateway network.
| Field | Description |
|---|---|
id string
|
ID is the unique identifier of the Konnect entity as assigned by Konnect API. If it’s unset (empty string), it means the Konnect entity hasn’t been created yet. |
serverURL string
|
ServerURL is the URL of the Konnect server in which the entity exists. |
organizationID string
|
OrgID is ID of Konnect Org that this entity has been created in. |
networkID string
|
NetworkID is the Konnect ID of the Konnect cloud gateway network this entity is associated with. |
Appears in:
KonnectExtensionClientAuth
KonnectExtensionClientAuth contains the configuration for the client authentication for the DataPlane. At the moment authentication is only supported through client certificate, but it might be extended in the future, with e.g., token-based authentication.
| Field | Description |
|---|---|
certificateSecret CertificateSecret
|
CertificateSecret contains the information to access the client certificate. |
Appears in:
KonnectExtensionClusterType
Underlying type: string
KonnectExtensionClusterType is the type of the Konnect Control Plane.
Appears in:
KonnectExtensionControlPlane
KonnectExtensionControlPlane is the configuration for the Konnect Control Plane.
| Field | Description |
|---|---|
ref ControlPlaneRef
|
Ref is a reference to a Konnect ControlPlane this KonnectExtension is associated with. |
Appears in:
KonnectExtensionControlPlaneStatus
KonnectExtensionControlPlaneStatus contains the Konnect Control Plane status information.
| Field | Description |
|---|---|
controlPlaneID string
|
ControlPlaneID is the Konnect ID of the ControlPlane this KonnectExtension is associated with. |
clusterType KonnectExtensionClusterType
|
ClusterType is the type of the Konnect Control Plane. |
endpoints KonnectEndpoints
|
Endpoints defines the Konnect endpoints for the control plane. |
Appears in:
KonnectExtensionDataPlane
KonnectExtensionDataPlane is the configuration for the Konnect DataPlane.
| Field | Description |
|---|---|
labels object (keys:string, values:DataPlaneLabelValue)
|
Labels is a set of labels that will be applied to the Konnect DataPlane. |
Appears in:
KonnectExtensionKonnectSpec
KonnectExtensionKonnectSpec holds the konnect-related configuration.
| Field | Description |
|---|---|
controlPlane KonnectExtensionControlPlane
|
ControlPlane is the configuration for the Konnect Control Plane. |
dataPlane KonnectExtensionDataPlane
|
DataPlane is the configuration for the Konnect DataPlane. |
configuration KonnectConfiguration
|
Configuration holds the information needed to set up the Konnect Configuration. |
Appears in:
KonnectExtensionSpec
KonnectExtensionSpec defines the desired state of KonnectExtension.
| Field | Description |
|---|---|
konnect KonnectExtensionKonnectSpec
|
Konnect holds the konnect-related configuration |
clientAuth KonnectExtensionClientAuth
|
ClientAuth is the configuration for the client certificate authentication. In case the ControlPlaneRef is of type KonnectID, it is required to set up the connection with the Konnect Platform. |
Appears in:
KonnectGatewayControlPlaneSpec
KonnectGatewayControlPlaneSpec defines the desired state of KonnectGatewayControlPlane.
| Field | Description |
|---|---|
name string
|
The name of the control plane. |
description string
|
The description of the control plane in Konnect. |
cluster_type CreateControlPlaneRequestClusterType
|
The ClusterType value of the cluster associated with the Control Plane. |
auth_type AuthType
|
The auth type value of the cluster associated with the Runtime Group. |
cloud_gateway boolean
|
Whether this control-plane can be used for cloud-gateways. |
proxy_urls ProxyURL array
|
Array of proxy URLs associated with reaching the data-planes connected to a control-plane. |
labels object (keys:string, values:string)
|
Labels store metadata of an entity that can be used for filtering an entity list or for searching across entity types. Keys must be of length 1-63 characters, and cannot start with “kong”, “konnect”, “mesh”, “kic”, or “_”. |
mirror MirrorSpec
|
Mirror is the Konnect Mirror configuration. It is only applicable for ControlPlanes that are created as Mirrors. |
source EntitySource
|
Source represents the source type of the Konnect entity. |
members LocalObjectReference array
|
Members is a list of references to the KonnectGatewayControlPlaneMembers that are part of this control plane group. Only applicable for ControlPlanes that are created as groups. |
konnect KonnectConfiguration
|
Appears in:
KonnectTransitGatewayAPISpec
KonnectTransitGatewayAPISpec specifies a transit gateway on the Konnect side. The type and all the types it referenced are mostly copied github.com/Kong/sdk-konnect-go/models/components.CreateTransitGatewayRequest.
| Field | Description |
|---|---|
type TransitGatewayType
|
Type is the type of the Konnect transit gateway. |
awsTransitGateway AWSTransitGateway
|
AWSTransitGateway is the configuration of an AWS transit gateway. Used when type is “AWS Transit Gateway”. |
azureTransitGateway AzureTransitGateway
|
AzureTransitGateway is the configuration of an Azure transit gateway. Used when type is “Azure Transit Gateway”. |
Appears in:
MirrorKonnect
MirrorKonnect contains the Konnect Mirror configuration.
| Field | Description |
|---|---|
id KonnectIDType
|
ID is the ID of the Konnect entity. It can be set only in case the ControlPlane type is Mirror. |
Appears in:
MirrorSpec
MirrorSpec contains the Konnect Mirror configuration.
| Field | Description |
|---|---|
konnect MirrorKonnect
|
Konnect contains the KonnectID of the KonnectGatewayControlPlane that is mirrored. |
Appears in:
ProvisioningMethod
Underlying type: string
ProvisioningMethod is the type of the provisioning methods available to provision the certificate.
Appears in:
SecretRef
SecretRef contains the reference to the Secret containing the Konnect Control Plane’s cluster certificate.
| Field | Description |
|---|---|
name string
|
Name is the name of the Secret containing the Konnect Control Plane’s cluster certificate. |
Appears in:
TransitGatewayDNSConfig
TransitGatewayDNSConfig is the DNS configuration of a tansit gateway.
| Field | Description |
|---|---|
remote_dns_server_ip_addresses string array
|
RemoteDNSServerIPAddresses is the list of remote DNS server IP Addresses to connect to for resolving internal DNS via a transit gateway. |
domain_proxy_list string array
|
DomainProxyList is the list of internal domain names to proxy for DNS resolution from the listed remote DNS server IP addresses, for a transit gateway. |
Appears in:
TransitGatewayType
Underlying type: string
TransitGatewayType defines the type of Konnect transit gateway.
Appears in:
