Tetrate Enterprise Gateway for EnvoyVersion: v0.0.0-latestTetrate Envoy Gateway API Reference
teg.tetrate.io/v1alpha1
Resource Types
ExtendedSecurityPolicy
ExtendedSecurityPolicy allows the user to configure various security settings for a Gateway, including Web Application Firewall (WAF) directives.
Appears in:
| Field | Description |
|---|---|
apiVersion string | teg.tetrate.io/v1alpha1 |
kind string | ExtendedSecurityPolicy |
metadata ObjectMeta | Refer to Kubernetes API documentation for fields of metadata. |
spec ExtendedSecurityPolicySpec | |
status ExtendedSecurityPolicyStatus | Status defines the status details of the ExtendedSecurityPolicy. |
ExtendedSecurityPolicyList
ExtendedSecurityPolicyList contains a list of ExtendedSecurityPolicy
| Field | Description |
|---|---|
apiVersion string | teg.tetrate.io/v1alpha1 |
kind string | ExtendedSecurityPolicyList |
metadata ListMeta | Refer to Kubernetes API documentation for fields of metadata. |
items ExtendedSecurityPolicy array |
ExtendedSecurityPolicySpec
ExtendedSecurityPolicySpec specifies the desired state of the ExtendedSecurityPolicy.
Appears in:
| Field | Description |
|---|---|
targetRefs LocalPolicyTargetReferenceWithSectionName array | TargetRefs are the names of the Gateway resources this policy is being attached to. |
waf ExtendedSecurityPolicyWAF | WAF specifies the Web Application Firewall (WAF) directives to apply to the gateway. If specified, the target will be protected by the WAF rules. For details, please refer to the documentation: https://docs.tetrate.io/envoy-gateway/howto/coraza |
ExtendedSecurityPolicyStatus
ExtendedSecurityPolicyStatus contains the conditions by the reconciliation result.
Appears in:
| Field | Description |
|---|---|
conditions Condition array | Conditions is the list of conditions by the reconciliation result. Currently, at most one condition is set. Known .status.conditions.type is: "Accepted" |
ExtendedSecurityPolicyWAF
Appears in:
| Field | Description |
|---|---|
directives string | Directives is a string that consists of a series of SecLang directives to apply to the targets referenced by this policy. This is optional, and if not specified, the default WAF rules will be applied. For example, you can define the directives as follows: https://docs.tetrate.io/envoy-gateway/howto/coraza yaml<br />waf:<br /> directives: |<br /> Include @recommended-conf<br /> SecRuleEngine On<br /> SecDebugLogLevel 2<br /> Include @crs-setup-conf<br /> Include @owasp_crs/*.conf<br />where directives is a multi-line string containing the WAF rules in SecLang format. The above example is the default configuration when this field is not specified. |