proxy.proto

Package: gloo.solo.io

Types:

Source File: github.com/solo-io/gloo/projects/gloo/api/v1/proxy.proto

Proxy

A Proxy is a container for the entire set of configuration that will to be applied to one or more Proxy instances. Proxies can be understood as a set of listeners, represents a different bind address/port where the proxy will listen for connections. Each listener has its own set of configuration.

If any of the sub-resources within a listener is declared invalid (e.g. due to invalid user configuration), the proxy will be marked invalid by Gloo.

Proxy instances that register with Gloo are assigned the proxy configuration corresponding with a proxy-specific identifier. In the case of Envoy, proxy instances are identified by their Node ID. Node IDs must match a existing Proxy Node ID can be specified in Envoy with the --service-node flag, or in the Envoy instance’s bootstrap config.

"listeners": []gloo.solo.io.Listener
"status": .core.solo.io.Status
"metadata": .core.solo.io.Metadata
Field Type Description Default
listeners []gloo.solo.io.Listener Define here each listener the proxy should create. Listeners define the a set of behaviors for a single bind address/port where the proxy will listen If no listeners are specified, the instances configured with the proxy resource will not accept connections.
status .core.solo.io.Status Status indicates the validation status of this resource. Status is read-only by clients, and set by gloo during validation
metadata .core.solo.io.Metadata Metadata contains the object metadata for this resource

Listener

Listeners define the address:port where the proxy will listen for incoming connections A Listener accepts connections (currently only HTTP is supported) and apply user-defined behavior for those connections, e.g. performing SSL termination, HTTP retries, and rate limiting.

"name": string
"bindAddress": string
"bindPort": int
"httpListener": .gloo.solo.io.HttpListener
"sslConfiguations": []gloo.solo.io.SslConfig
"useProxyProto": .google.protobuf.BoolValue
Field Type Description Default
name string the name of the listener. names must be unique for each listener within a proxy
bindAddress string the bind address for the listener. both ipv4 and ipv6 formats are supported
bindPort int the port to bind on ports numbers must be unique for listeners within a proxy
httpListener .gloo.solo.io.HttpListener The HTTP Listener is currently the only supported listener type. It contains configuration options for GLoo’s HTTP-level features including request-based routing
sslConfiguations []gloo.solo.io.SslConfig SSL Config is optional for the listener. If provided, the listener will serve TLS for connections on this port Multiple SslConfigs are supported for the pupose of SNI. Be aware that the SNI domain provided in the SSL Config must match a domain in virtual host TODO(ilackarms): ensure that ssl configs without a matching virtual host are errored
useProxyProto .google.protobuf.BoolValue Enable ProxyProtocol support for this listener

HttpListener

Use this listener to configure proxy behavior for any HTTP-level features including defining routes (via virtualservices). HttpListeners also contain plugin configuration that applies globally across all virtaul hosts on the listener. Some plugins can be configured to work both on the listener and virtual host level (such as the rate limit plugin)

"virtualHosts": []gloo.solo.io.VirtualHost
"listenerPlugins": .gloo.solo.io.ListenerPlugins
Field Type Description Default
virtualHosts []gloo.solo.io.VirtualHost the set of virtual hosts that will be accessible by clients connecting to this listener. at least one virtual host must be specified for this listener to be active (else connections will be refused) the set of domains for each virtual host must be unique, or the config will be considered invalid
listenerPlugins .gloo.solo.io.ListenerPlugins Plugins contains top-level plugin configuration to be applied to a listener Listener config is applied to all HTTP traffic that connects to this listener. Some configuration here can be overridden in Virtual Host Plugin configuration or Route Plugin configuration Plugins should be specified here in the form of "plugin_name": {..//plugin_config...} to allow specifying multiple plugins.

VirtualHost

Virtual Hosts group an ordered list of routes under one or more domains. Each Virtual Host has a logical name, which must be unique for the listener. An HTTP request is first matched to a virtual host based on its host header, then to a route within the virtual host. If a request is not matched to any virtual host or a route therein, the target proxy will reply with a 404.

"name": string
"domains": []string
"routes": []gloo.solo.io.Route
"virtualHostPlugins": .gloo.solo.io.VirtualHostPlugins
"corsPolicy": .gloo.solo.io.CorsPolicy
Field Type Description Default
name string the logical name of the virtual host. names must be unique for each virtual host within a listener
domains []string The list of domains (i.e.: matching the Host header of a request) that belong to this virtual host. Note that the wildcard will not match the empty string. e.g. “*-bar.foo.com” will match “baz-bar.foo.com” but not “-bar.foo.com”. Additionally, a special entry “*” is allowed which will match any host/authority header. Only a single virtual host in the entire route configuration can match on “*”. A domain must be unique across all virtual hosts or the config will be invalidated by Gloo Domains on virtual hosts obey the same rules as Envoy Virtual Hosts
routes []gloo.solo.io.Route The list of HTTP routes define routing actions to be taken for incoming HTTP requests whose host header matches this virtual host. If the request matches more than one route in the list, the first route matched will be selected. If the list of routes is empty, the virtual host will be ignored by Gloo.
virtualHostPlugins .gloo.solo.io.VirtualHostPlugins Plugins contains top-level plugin configuration to be applied to a listener Listener config is applied to all HTTP traffic that connects to this listener. Some configuration here can be overridden in Virtual Host Plugin configuration or Route Plugin configuration Plugins should be specified here in the form of "plugin_name": {..//plugin_config...} to allow specifying multiple plugins.
corsPolicy .gloo.solo.io.CorsPolicy CorsPolicy defines Cross-Origin Resource Sharing for a virtual service.

Route

* Routes declare the entrypoints on virtual hosts and the action to take for matched requests.

"matcher": .gloo.solo.io.Matcher
"routeAction": .gloo.solo.io.RouteAction
"redirectAction": .gloo.solo.io.RedirectAction
"directResponseAction": .gloo.solo.io.DirectResponseAction
"routePlugins": .gloo.solo.io.RoutePlugins
Field Type Description Default
matcher .gloo.solo.io.Matcher The matcher contains parameters for matching requests (i.e.: based on HTTP path, headers, etc.)
routeAction .gloo.solo.io.RouteAction This action is the primary action to be selected for most routes. The RouteAction tells the proxy to route requests to an upstream.
redirectAction .gloo.solo.io.RedirectAction Redirect actions tell the proxy to return a redirect response to the downstream client
directResponseAction .gloo.solo.io.DirectResponseAction Return an arbitrary HTTP response directly, without proxying.
routePlugins .gloo.solo.io.RoutePlugins Route Plugins extend the behavior of routes. Route plugins include configuration such as retries, rate limiting, and request/resonse transformation. Plugins should be specified here in the form of "plugin_name": {..//plugin_config...} to allow specifying multiple plugins.

Matcher

Parameters for matching routes to requests received by a Gloo-managed proxy

"prefix": string
"exact": string
"regex": string
"headers": []gloo.solo.io.HeaderMatcher
"queryParameters": []gloo.solo.io.QueryParameterMatcher
"methods": []string
Field Type Description Default
prefix string If specified, the route is a prefix rule meaning that the prefix must match the beginning of the :path header.
exact string If specified, the route is an exact path rule meaning that the path must exactly match the :path header once the query string is removed.
regex string If specified, the route is a regular expression rule meaning that the regex must match the :path header once the query string is removed. The entire path (without the query string) must match the regex. The rule will not match if only a subsequence of the :path header matches the regex. The regex grammar is defined here <http://en.cppreference.com/w/cpp/regex/ecmascript>_. Examples: * The regex /b[io]t matches the path /bit * The regex /b[io]t matches the path /bot * The regex /b[io]t does not match the path /bite * The regex /b[io]t does not match the path /bit/bot
headers []gloo.solo.io.HeaderMatcher Specifies a set of headers that the route should match on. The router will check the request’s headers against all the specified headers in the route config. A match will happen if all the headers in the route are present in the request with the same values (or based on presence if the value field is not in the config).
queryParameters []gloo.solo.io.QueryParameterMatcher Specifies a set of URL query parameters on which the route should match. The router will check the query string from the path header against all the specified query parameters. If the number of specified query parameters is nonzero, they all must match the path header’s query string for a match to occur.
methods []string HTTP Method/Verb(s) to match on. If none specified, the matcher will ignore the HTTP Method

HeaderMatcher

Internally, Gloo always uses the HTTP/2 :authority header to represent the HTTP/1 Host header. Thus, if attempting to match on Host, match on :authority instead.

In the absence of any header match specifier, match will default to present_match i.e, a request that has the name header will match, regardless of the header’s value.

"name": string
"value": string
"regex": bool
Field Type Description Default
name string Specifies the name of the header in the request.
value string Specifies the value of the header. If the value is absent a request that has the name header will match, regardless of the header’s value.
regex bool Specifies whether the header value should be treated as regex or not.

QueryParameterMatcher

Query parameter matching treats the query string of a request’s :path header as an ampersand-separated list of keys and/or key=value elements.

"name": string
"value": string
"regex": bool
Field Type Description Default
name string Specifies the name of a key that must be present in the requested path’s query string.
value string Specifies the value of the key. If the value is absent, a request that contains the key in its query string will match, whether the key appears with a value (e.g., “?debug=true”) or not (e.g., “?debug”)
regex bool Specifies whether the query parameter value is a regular expression. Defaults to false. The entire query parameter value (i.e., the part to the right of the equals sign in “key=value”) must match the regex. E.g., the regex “\d+$” will match “123” but not “a123” or “123a”.

RouteAction

RouteActions are used to route matched requests to upstreams.

"single": .gloo.solo.io.Destination
"multi": .gloo.solo.io.MultiDestination
"upstreamGroup": .core.solo.io.ResourceRef
Field Type Description Default
single .gloo.solo.io.Destination Use SingleDestination to route to a single upstream
multi .gloo.solo.io.MultiDestination Use MultiDestination to load balance requests between multiple upstreams (by weight)
upstreamGroup .core.solo.io.ResourceRef Use a reference to an upstream group for routing.

Destination

Destinations define routable destinations for proxied requests

"upstream": .core.solo.io.ResourceRef
"destinationSpec": .gloo.solo.io.DestinationSpec
"subset": .gloo.solo.io.Subset
Field Type Description Default
upstream .core.solo.io.ResourceRef The upstream to route requests to
destinationSpec .gloo.solo.io.DestinationSpec Some upstreams utilize plugins which require or permit additional configuration on routes targeting them. gRPC upstreams, for example, allow specifying REST-style parameters for JSON-to-gRPC transcoding in the destination config. If the destination config is required for the upstream and not provided by the user, Gloo will invalidate the destination and its parent resources.
subset .gloo.solo.io.Subset If specified, traffic will only be routed to a subset of the upstream. If upstream doesn’t contain the specified subset, we will fallback to normal upstream routing.

UpstreamGroup

"destinations": []gloo.solo.io.WeightedDestination
"status": .core.solo.io.Status
"metadata": .core.solo.io.Metadata
Field Type Description Default
destinations []gloo.solo.io.WeightedDestination The destinations that are part of this upstream group.
status .core.solo.io.Status Status indicates the validation status of this resource. Status is read-only by clients, and set by gloo during validation
metadata .core.solo.io.Metadata Metadata contains the object metadata for this resource

MultiDestination

MultiDestination is a container for a set of weighted destinations. Gloo will load balance traffic for a single route across multiple destinations according to their specified weights.

"destinations": []gloo.solo.io.WeightedDestination
Field Type Description Default
destinations []gloo.solo.io.WeightedDestination This list must contain at least one destination or the listener housing this route will be invalid, causing Gloo to error the parent proxy resource.

WeightedDestination

WeightedDestination attaches a weight to a single destination.

"destination": .gloo.solo.io.Destination
"weight": int
Field Type Description Default
destination .gloo.solo.io.Destination
weight int Weight must be greater than zero Routing to each destination will be balanced by the ratio of the destination’s weight to the total weight on a route

RedirectAction

TODO(ilackarms): evaluate how much to differentiate (or if even to include) RedirectAction Notice: RedirectAction is copioed directly from https://github.com/envoyproxy/envoy/blob/master/api/envoy/api/v2/route/route.proto

"hostRedirect": string
"pathRedirect": string
"prefixRewrite": string
"responseCode": .gloo.solo.io.RedirectAction.RedirectResponseCode
"httpsRedirect": bool
"stripQuery": bool
Field Type Description Default
hostRedirect string The host portion of the URL will be swapped with this value.
pathRedirect string The path portion of the URL will be swapped with this value.
prefixRewrite string Indicates that during redirection, the matched prefix (or path) should be swapped with this value. This option allows redirect URLs be dynamically created based on the request. Pay attention to the use of trailing slashes as mentioned in RouteAction’s prefix_rewrite.
responseCode .gloo.solo.io.RedirectAction.RedirectResponseCode The HTTP status code to use in the redirect response. The default response code is MOVED_PERMANENTLY (301).
httpsRedirect bool The scheme portion of the URL will be swapped with “https”.
stripQuery bool Indicates that during redirection, the query portion of the URL will be removed. Default value is false.

RedirectResponseCode

Name Description
MOVED_PERMANENTLY Moved Permanently HTTP Status Code - 301.
FOUND Found HTTP Status Code - 302.
SEE_OTHER See Other HTTP Status Code - 303.
TEMPORARY_REDIRECT Temporary Redirect HTTP Status Code - 307.
PERMANENT_REDIRECT Permanent Redirect HTTP Status Code - 308.

DirectResponseAction

TODO(ilackarms): evaluate how much to differentiate (or if even to include) DirectResponseAction DirectResponseAction is copied directly from https://github.com/envoyproxy/envoy/blob/master/api/envoy/api/v2/route/route.proto

"status": int
"body": string
Field Type Description Default
status int Specifies the HTTP response status to be returned.
body string Specifies the content of the response body. If this setting is omitted, no body is included in the generated response. Note: Headers can be specified using the Header Modification plugin in the enclosing Route, Virtual Host, or Listener.

CorsPolicy

CorsPolicy defines Cross-Origin Resource Sharing for a virtual service.

"allowOrigin": []string
"allowOriginRegex": []string
"allowMethods": []string
"allowHeaders": []string
"exposeHeaders": []string
"maxAge": string
"allowCredentials": bool
Field Type Description Default
allowOrigin []string Specifies the origins that will be allowed to make CORS requests. An origin is allowed if either allow_origin or allow_origin_regex match.
allowOriginRegex []string Specifies regex patterns that match origins that will be allowed to make CORS requests. An origin is allowed if either allow_origin or allow_origin_regex match.
allowMethods []string Specifies the content for the access-control-allow-methods header.
allowHeaders []string Specifies the content for the access-control-allow-headers header.
exposeHeaders []string Specifies the content for the access-control-expose-headers header.
maxAge string Specifies the content for the access-control-max-age header.
allowCredentials bool Specifies whether the resource allows credentials.