Gateway Common Configuration Messages
Configurations used to build gateways.
ClusterDestination
Field | Description | Validation Rule |
---|---|---|
name | string | – |
labels | map<string, string> | – |
network | string Deprecated: The | – |
weight | uint32 | – |
CorsPolicy
Field | Description | Validation Rule |
---|---|---|
allowOrigin | List of string | – |
allowMethods | List of string | – |
allowHeaders | List of string | – |
exposeHeaders | List of string | – |
maxAge | google.protobuf.Duration | – |
allowCredentials | google.protobuf.BoolValue | – |
ExternalRateLimitServiceSettings
Configuration for ratelimiting using an external ratelimit server The ratelimit server must expose Envoy's Rate Limit Service gRPC API.
If the rate limit service is called, and the response for any of the descriptors is over limit, a 429 response is returned. The rate limit filter also sets the x-envoy-ratelimited header.
If there is an error in calling rate limit service or rate limit service returns an error and failure_mode_deny is set to true, a 500 response is returned.
Field | Description | Validation Rule |
---|---|---|
domain | string | string = { |
failClosed | bool | – |
rateLimitServerUri | string | string = { |
rules | List of tetrateio.api.tsb.gateway.v2.ExternalRateLimitServiceSettings.RateLimitRule | repeated = { |
timeout | google.protobuf.Duration | – |
tls | tetrateio.api.tsb.auth.v2.ClientTLSSettings | – |
RateLimitDimension
RateLimitDimension is a set of conditions to match HTTP requests Once the conditions are satisfied, corresponding descriptors (set of keys and values) are emitted and sent to the external rate limit server. The server is expected to make a rate limit decision based on these descriptors. Please go through the Envoy RateLimit descriptor to get more information on descriptors
Field | Description | Validation Rule |
---|---|---|
sourceCluster | tetrateio.api.tsb.gateway.v2.ExternalRateLimitServiceSettings.RateLimitDimension.SourceCluster oneof _dimension_specifier | – |
destinationCluster | tetrateio.api.tsb.gateway.v2.ExternalRateLimitServiceSettings.RateLimitDimension.DestinationCluster oneof _dimension_specifier | – |
remoteAddress | tetrateio.api.tsb.gateway.v2.ExternalRateLimitServiceSettings.RateLimitDimension.RemoteAddress oneof _dimension_specifier | – |
requestHeaders | tetrateio.api.tsb.gateway.v2.ExternalRateLimitServiceSettings.RateLimitDimension.RequestHeaders oneof _dimension_specifier | – |
headerValueMatch | tetrateio.api.tsb.gateway.v2.ExternalRateLimitServiceSettings.RateLimitDimension.HeaderValueMatch oneof _dimension_specifier | – |
DestinationCluster
Emit descriptor entry - a key-value pair of the form ("destination_cluster", "\<routed target cluster\>")
where destination_cluster
is the destination
envoy cluster to which traffic is bound to.
HeaderValueMatch
Emit descriptor entry - a key-value pair of the form ("header_match", "\<descriptor_value\>")
, where descriptor_value
is a user
specified value corresponding to a header match event.
Field | Description | Validation Rule |
---|---|---|
headers | map<string, tetrateio.api.tsb.gateway.v2.StringMatch> | map = { |
descriptorValue | string | string = { |
dontMatch | bool | – |
RemoteAddress
Emit descriptor entry - a key-value pair of the form
("remote_address", "\<trusted address from x-forwarded-for\>")
RequestHeaders
Emit descriptor entry - a key-value pair of the form
("\<descriptor_key\>", "\<header_value_queried_from_header\>")
where descriptor_key
is a user specified key to emit when the
HTTP header is seen.
Field | Description | Validation Rule |
---|---|---|
headerName | string | string = { |
descriptorKey | string | string = { |
SourceCluster
Emit descriptor entry - a key-value pair of the form
("source_cluster", "\<local service cluster\>")
where source_cluster
is the source envoy cluster (corresponding to the --service-cluster
flag value set by Istio).
RateLimitRule
Field | Description | Validation Rule |
---|---|---|
dimensions | List of tetrateio.api.tsb.gateway.v2.ExternalRateLimitServiceSettings.RateLimitDimension | repeated = { |
HTTPRewrite
Configuration for an URL rewrite rule.
Field | Description | Validation Rule |
---|---|---|
uri | string | – |
authority | string | – |
Headers
Header manipulation rules.
Field | Description | Validation Rule |
---|---|---|
request | tetrateio.api.tsb.gateway.v2.Headers.HeaderOperations | – |
response | tetrateio.api.tsb.gateway.v2.Headers.HeaderOperations | – |