application.tsb.tetrate.io/v2

Resource Types:

• API

• Application

API

↩ Parent

Name	Type	Description	Required
apiVersion	string	application.tsb.tetrate.io/v2	true
kind	string	API	true
metadata	object	Refer to the Kubernetes API documentation for the fields of the metadata field.	true
spec	object	An API configuring a set of servers and endpoints that expose the Application business logic.	false
status	object		false

API.spec

↩ Parent

An API configuring a set of servers and endpoints that expose the Application business logic.

Name	Type	Description	Required
configResources	[]object	The configuration resources that are related to this API object.	false
description	string	A description of the resource.	false
displayName	string	User friendly name for the resource.	false
endpoints	[]object	List of endpoints exposed by this API.	false
etag	string	The etag for the resource.	false
fqn	string	Fully-qualified name of the resource.	false
openapi	string	The raw OpenAPI spec for this API.	false
servers	[]object	List of servers that expose the API.	false
workloadSelector	object		false

API.spec.configResources[index]

↩ Parent

Name	Type	Description	Required
exclusivelyOwned	boolean		false
expectedEtag	string		false
fqn	string	The FQN of the resource this status is computed for.	false

API.spec.endpoints[index]

↩ Parent

Name	Type	Description	Required
hostnames	[]string	The list of hostnames where this endpoint is exposed.	false
methods	[]string	The list of HTTP methods this endpoint supports.	false
path	string	The HTTP path of the endpoint, relative to the hostnames exposed by the API.	false
service	string	The FQN of the service in the service registry that is exposing this endpoint.	false

API.spec.servers[index]

↩ Parent

Name	Type	Description	Required
authentication	object	Configuration to authenticate clients.	false
authorization	object	Configuration to authorize a request.	false
hostname	string	Hostname with which the service can be expected to be accessed by clients.	false
name	string	A name assigned to the server.	false
port	integer	The port where the server is exposed. Minimum: 0 Maximum: 4.294967295e+09	false
rateLimiting	object	Configuration for rate limiting requests.	false
routing	object	Routing rules associated with HTTP traffic to this service.	false
tls	object	TLS certificate info.	false
xxxOldAuthentication	object		false
xxxOldAuthorization	object		false

API.spec.servers[index].authentication

↩ Parent

Configuration to authenticate clients.

Name	Type	Description	Required
jwt	object		false

API.spec.servers[index].authentication.jwt

↩ Parent

Name	Type	Description	Required
audiences	[]string		false
issuer	string	Identifies the issuer that issued the JWT.	false
jwks	string	JSON Web Key Set of public keys to validate signature of the JWT.	false
jwksUri	string		false

API.spec.servers[index].authorization

↩ Parent

Configuration to authorize a request.

Name	Type	Description	Required
external	object		false
local	object		false

API.spec.servers[index].authorization.external

↩ Parent

Name	Type	Description	Required
includeRequestHeaders	[]string		false
tls	object		false
uri	string		false

API.spec.servers[index].authorization.external.tls

↩ Parent

Name	Type	Description	Required
files	object		false
mode	enum	Enum: DISABLED, SIMPLE, MUTUAL	false
subjectAltNames	[]string		false

API.spec.servers[index].authorization.external.tls.files

↩ Parent

Name	Type	Description	Required
caCertificates	string		false
clientCertificate	string	Certificate file to authenticate the client.	false
privateKey	string	Private key file associated with the client certificate.	false

API.spec.servers[index].authorization.local

↩ Parent

Name	Type	Description	Required
rules	[]object		false

API.spec.servers[index].authorization.local.rules[index]

↩ Parent

Name	Type	Description	Required
from	[]object		false
name	string	A friendly name to identify the binding.	false
to	[]object		false

API.spec.servers[index].authorization.local.rules[index].from[index]

↩ Parent

Name	Type	Description	Required
jwt	object	JWT configuration to identity the subject.	false

API.spec.servers[index].authorization.local.rules[index].from[index].jwt

↩ Parent

JWT configuration to identity the subject.

Name	Type	Description	Required
iss	string		false
other	map[string]string	A set of arbitrary claims that are required to qualify the subject.	false
sub	string		false

API.spec.servers[index].authorization.local.rules[index].to[index]

↩ Parent

Name	Type	Description	Required
methods	[]string	The HTTP methods that are allowed by this rule.	false
paths	[]string	The request path where the request is made against.	false

API.spec.servers[index].rateLimiting

↩ Parent

Configuration for rate limiting requests.

Name	Type	Description	Required
externalService	object	Configure ratelimiting using an external ratelimit server.	false
settings	object		false

API.spec.servers[index].rateLimiting.externalService

↩ Parent

Configure ratelimiting using an external ratelimit server.

Name	Type	Description	Required
domain	string	The rate limit domain to use when calling the rate limit service.	false
failClosed	boolean		false
rateLimitServerUri	string	The URI at which the external rate limit server can be reached.	false
rules	[]object	A set of rate limit rules.	false
timeout	string	The timeout in seconds for the external rate limit server RPC.	false
tls	object		false

API.spec.servers[index].rateLimiting.externalService.rules[index]

↩ Parent

Name	Type	Description	Required
dimensions	[]object	A list of dimensions that are to be applied for this rate limit configuration.	false

API.spec.servers[index].rateLimiting.externalService.rules[index].dimensions[index]

↩ Parent

Name	Type	Description	Required
destinationCluster	object	Rate limit on destination envoy cluster.	false
headerValueMatch	object	Rate limit on the existence of certain request headers.	false
remoteAddress	object	Rate limit on remote address of client.	false
requestHeaders	object	Rate limit on the value of certain request headers.	false
sourceCluster	object	Rate limit on source envoy cluster.	false

API.spec.servers[index].rateLimiting.externalService.rules[index].dimensions[index].headerValueMatch

↩ Parent

Rate limit on the existence of certain request headers.

Name	Type	Description	Required
descriptorValue	string	The value to use in the descriptor entry.	false
dontMatch	boolean	If set to true, the condition will be met when the header value does not match.	false
headers	map[string]object		false

API.spec.servers[index].rateLimiting.externalService.rules[index].dimensions[index].headerValueMatch.headers[key]

↩ Parent

Name	Type	Description	Required
exact	string	Exact string match.	false
prefix	string	Prefix-based match.	false
regex	string	ECMAscript style regex-based match.	false

API.spec.servers[index].rateLimiting.externalService.rules[index].dimensions[index].requestHeaders

↩ Parent

Rate limit on the value of certain request headers.

Name	Type	Description	Required
descriptorKey	string	The key to use in the descriptor entry.	false
headerName	string	The header name to be queried from the request headers.	false

API.spec.servers[index].rateLimiting.externalService.tls

↩ Parent

Name	Type	Description	Required
files	object		false
mode	enum	Enum: DISABLED, SIMPLE, MUTUAL	false
subjectAltNames	[]string		false

API.spec.servers[index].rateLimiting.externalService.tls.files

↩ Parent

Name	Type	Description	Required
caCertificates	string		false
clientCertificate	string	Certificate file to authenticate the client.	false
privateKey	string	Private key file associated with the client certificate.	false

API.spec.servers[index].rateLimiting.settings

↩ Parent

Name	Type	Description	Required
failClosed	boolean		false
rules	[]object	A list of rules for ratelimiting.	false
timeout	string	The timeout in seconds for the rate limit server RPC.	false

API.spec.servers[index].rateLimiting.settings.rules[index]

↩ Parent

Name	Type	Description	Required
dimensions	[]object	A list of dimensions to define each ratelimit rule.	false
limit	object	The ratelimit value that will be configured for the above rules.	false

API.spec.servers[index].rateLimiting.settings.rules[index].dimensions[index]

↩ Parent

Name	Type	Description	Required
header	object	Rate limit on certain HTTP headers.	false
remoteAddress	object	Rate limit on the remote address of client.	false

API.spec.servers[index].rateLimiting.settings.rules[index].dimensions[index].header

↩ Parent

Rate limit on certain HTTP headers.

Name	Type	Description	Required
dontMatch	boolean	If set to true, the condition will be met when the header value does not match.	false
name	string	Name of the header to match on.	false
value	object	Value of the header to match on if matching on a specific value.	false

API.spec.servers[index].rateLimiting.settings.rules[index].dimensions[index].header.value

↩ Parent

Value of the header to match on if matching on a specific value.

Name	Type	Description	Required
exact	string	Exact string match.	false
prefix	string	Prefix-based match.	false
regex	string	ECMAscript style regex-based match.	false

API.spec.servers[index].rateLimiting.settings.rules[index].dimensions[index].remoteAddress

↩ Parent

Rate limit on the remote address of client.

Name	Type	Description	Required
value	string	Ratelimit on a specific remote address.	false

API.spec.servers[index].rateLimiting.settings.rules[index].limit

↩ Parent

The ratelimit value that will be configured for the above rules.

Name	Type	Description	Required
requestsPerUnit	integer	Specifies the value of the rate limit. Minimum: 0 Maximum: 4.294967295e+09	false
unit	enum	Specifies the unit of time for rate limit. Enum: UNKNOWN, SECOND, MINUTE, HOUR, DAY	false

API.spec.servers[index].routing

↩ Parent

Routing rules associated with HTTP traffic to this service.

Name	Type	Description	Required
corsPolicy	object	Cross origin resource request policy settings for all routes.	false
rules	[]object	HTTP routes.	false

API.spec.servers[index].routing.corsPolicy

↩ Parent

Cross origin resource request policy settings for all routes.

Name	Type	Description	Required
allowCredentials	boolean		false
allowHeaders	[]string	List of HTTP headers that can be used when requesting the resource.	false
allowMethods	[]string	List of HTTP methods allowed to access the resource.	false
allowOrigin	[]string	The list of origins that are allowed to perform CORS requests.	false
exposeHeaders	[]string	A white list of HTTP headers that the browsers are allowed to access.	false
maxAge	string	Specifies how long the results of a preflight request can be cached.	false

API.spec.servers[index].routing.rules[index]

↩ Parent

Name	Type	Description	Required
match	[]object	One or more match conditions (OR-ed).	false
modify	object	One or more mutations to be performed before forwarding.	false
redirect	object	Redirect the request to a different host or URL or both.	false
route	object	Forward the request to the specified destination(s).	false

API.spec.servers[index].routing.rules[index].match[index]

↩ Parent

Name	Type	Description	Required
headers	map[string]object	The header keys must be lowercase and use hyphen as the separator, e.g.	false
uri	object	URI to match.	false

API.spec.servers[index].routing.rules[index].match[index].headers[key]

↩ Parent

Name	Type	Description	Required
exact	string	Exact string match.	false
prefix	string	Prefix-based match.	false
regex	string	ECMAscript style regex-based match.	false

API.spec.servers[index].routing.rules[index].match[index].uri

↩ Parent

URI to match.

Name	Type	Description	Required
exact	string	Exact string match.	false
prefix	string	Prefix-based match.	false
regex	string	ECMAscript style regex-based match.	false

API.spec.servers[index].routing.rules[index].modify

↩ Parent

One or more mutations to be performed before forwarding.

Name	Type	Description	Required
headers	object	Add/remove/overwrite one or more HTTP headers in a request or response.	false
rewrite	object	Rewrite the HTTP Host or URL or both.	false

API.spec.servers[index].routing.rules[index].modify.headers

↩ Parent

Add/remove/overwrite one or more HTTP headers in a request or response.

Name	Type	Description	Required
request	object	Header manipulation rules to apply before forwarding a request to the destination service.	false
response	object	Header manipulation rules to apply before returning a response to the caller.	false

API.spec.servers[index].routing.rules[index].modify.headers.request

↩ Parent

Header manipulation rules to apply before forwarding a request to the destination service.

Name	Type	Description	Required
add	map[string]string		false
remove	[]string	Remove a the specified headers.	false
set	map[string]string	Overwrite the headers specified by key with the given values.	false

API.spec.servers[index].routing.rules[index].modify.headers.response

↩ Parent

Header manipulation rules to apply before returning a response to the caller.

Name	Type	Description	Required
add	map[string]string		false
remove	[]string	Remove a the specified headers.	false
set	map[string]string	Overwrite the headers specified by key with the given values.	false

API.spec.servers[index].routing.rules[index].modify.rewrite

↩ Parent

Rewrite the HTTP Host or URL or both.

Name	Type	Description	Required
authority	string	Rewrite the Authority/Host header with this value.	false
uri	string	Rewrite the path (or the prefix) portion of the URI with this value.	false

API.spec.servers[index].routing.rules[index].redirect

↩ Parent

Redirect the request to a different host or URL or both.

Name	Type	Description	Required
authority	string	On a redirect, overwrite the Authority/Host portion of the URL with this value.	false
port	integer	Minimum: 0 Maximum: 4.294967295e+09	false
redirectCode	integer	Minimum: 0 Maximum: 4.294967295e+09	false
scheme	string	On a redirect, overwrite the scheme with this one.	false
uri	string	On a redirect, overwrite the Path portion of the URL with this value.	false

API.spec.servers[index].routing.rules[index].route

↩ Parent

Forward the request to the specified destination(s).

Name	Type	Description	Required
host	string		false
port	integer	The port on the service to forward the request to. Minimum: 0 Maximum: 4.294967295e+09	false

API.spec.servers[index].tls

↩ Parent

TLS certificate info.

Name	Type	Description	Required
files	object		false
mode	enum	Enum: DISABLED, SIMPLE, MUTUAL	false
secretName	string		false

API.spec.servers[index].tls.files

↩ Parent

Name	Type	Description	Required
caCertificates	string		false
privateKey	string		false
serverCertificate	string		false

API.spec.servers[index].xxxOldAuthentication

↩ Parent

Name	Type	Description	Required
jwt	object		false

API.spec.servers[index].xxxOldAuthentication.jwt

↩ Parent

Name	Type	Description	Required
audiences	[]string		false
issuer	string	Identifies the issuer that issued the JWT.	false
jwks	string	JSON Web Key Set of public keys to validate signature of the JWT.	false
jwksUri	string		false

API.spec.servers[index].xxxOldAuthorization

↩ Parent

Name	Type	Description	Required
external	object		false
local	object		false

API.spec.servers[index].xxxOldAuthorization.external

↩ Parent

Name	Type	Description	Required
includeRequestHeaders	[]string		false
uri	string		false

API.spec.servers[index].xxxOldAuthorization.local

↩ Parent

Name	Type	Description	Required
rules	[]object		false

API.spec.servers[index].xxxOldAuthorization.local.rules[index]

↩ Parent

Name	Type	Description	Required
from	[]object		false
name	string	A friendly name to identify the binding.	false
to	[]object		false

API.spec.servers[index].xxxOldAuthorization.local.rules[index].from[index]

↩ Parent

Name	Type	Description	Required
jwt	object	JWT configuration to identity the subject.	false

API.spec.servers[index].xxxOldAuthorization.local.rules[index].from[index].jwt

↩ Parent

JWT configuration to identity the subject.

Name	Type	Description	Required
iss	string		false
other	map[string]string	A set of arbitrary claims that are required to qualify the subject.	false
sub	string		false

API.spec.servers[index].xxxOldAuthorization.local.rules[index].to[index]

↩ Parent

Name	Type	Description	Required
methods	[]string	The HTTP methods that are allowed by this rule.	false
paths	[]string	The request path where the request is made against.	false

API.spec.workloadSelector

↩ Parent

Name	Type	Description	Required
labels	map[string]string		false
namespace	string	The namespace where the workload resides.	false

Application

↩ Parent

Name	Type	Description	Required
apiVersion	string	application.tsb.tetrate.io/v2	true
kind	string	Application	true
metadata	object	Refer to the Kubernetes API documentation for the fields of the metadata field.	true
spec	object		false
status	object		false

Application.spec

↩ Parent

Name	Type	Description	Required
configResources	[]object	The configuration resources that are related to this Application.	false
description	string	A description of the resource.	false
displayName	string	User friendly name for the resource.	false
etag	string	The etag for the resource.	false
fqn	string	Fully-qualified name of the resource.	false
gatewayGroup	string	Optional FQN of the Gateway Group to be used by the application.	false
namespaceSelector	object	Optional set of namespaces this application can configure.	false
services	[]string	Optional list of services that are part of the application.	false
workspace	string	FQN of the workspace this application is part of.	false

Application.spec.configResources[index]

↩ Parent

Name	Type	Description	Required
exclusivelyOwned	boolean		false
expectedEtag	string		false
fqn	string	The FQN of the resource this status is computed for.	false

Application.spec.namespaceSelector

↩ Parent

Optional set of namespaces this application can configure.

Name	Type	Description	Required
names	[]string		false