ListenerRuleConfiguration¶
ListenerRuleConfigurations may be attached to Routes within the same namespace of the LRC.
Actions¶
ForwardActionConfig¶
apiVersion: gateway.k8s.aws/v1beta1
kind: ListenerRuleConfiguration
metadata:
name: example-lrc-config
namespace: example-ns
spec:
actions:
- type: "forward"
forwardConfig:
targetGroupStickinessConfig:
durationSeconds: 120
enabled: true
Configure the stickiness setting TargetGroups referenced in the Listener Rule.
For more information, please see the AWS documentation for stickiness
Default No stickiness
RedirectActionConfig¶
apiVersion: gateway.k8s.aws/v1beta1
kind: ListenerRuleConfiguration
metadata:
name: example-lrc-config
namespace: example-ns
spec:
actions:
- type: "redirect"
redirectConfig:
query: "foo"
Use this configuration in conjunction with the Re-direct configuration in HTTPRouteFilter to add query param information to the redirect.
Default ""
FixedResponseConfig¶
apiVersion: gateway.k8s.aws/v1beta1
kind: ListenerRuleConfiguration
metadata:
name: example-lrc-config
namespace: example-ns
spec:
actions:
- type: "fixed-response"
fixedResponseConfig:
statusCode: 404
contentType: "text/plain"
messageBody: "my fixed response"
Configures the ALB to send a fixed response.
Default No fixed response injected.
AuthenticateCognitoActionConfig¶
apiVersion: gateway.k8s.aws/v1beta1
kind: ListenerRuleConfiguration
metadata:
name: example-lrc-config
namespace: example-ns
spec:
actions:
- type: "authenticate-cognito"
authenticateCognitoConfig:
userPoolArn: "user-pool-arn"
userPoolClientId: "cid"
userPoolDomain: "example.com"
onUnauthenticatedRequest: "authenticate/deny/allow"
Configures the ALB to authenticate users with Cognito before forwarding the request to the backend.
Default No Cognito pre-routing check.
AuthenticateOidcActionConfig¶
apiVersion: gateway.k8s.aws/v1beta1
kind: ListenerRuleConfiguration
metadata:
name: example-lrc-config
namespace: example-ns
spec:
actions:
- type: "authenticate-oidc"
authenticateOIDCConfig:
authorizationEndpoint: "https://my-auth-server.com"
secret:
name: "my-secret-name"
issuer: "https://my-issuer.com"
tokenEndpoint: "https://my-token-endpoint.com"
userInfoEndpoint: "https://my-user-info-endpoint.com"
onUnauthenticatedRequest: "authenticate/deny/allow"
Important When specifying the secret, the secret name must exist within the namespace of the ListenerRuleConfiguration.
Configures the ALB to authenticate users with an OIDC Provider before forwarding the request to the backend.
Default No OIDC pre-routing check.
Conditions¶
ListenerRuleCondition¶
# source-ip-condition.yaml
apiVersion: gateway.k8s.aws/v1beta1
kind: ListenerRuleConfiguration
metadata:
name: custom-rule-config-source-ip
namespace: example-ns
spec:
conditions:
- field: source-ip
sourceIPConfig:
values:
- 10.0.0.0/5
Adds Source IP conditions into the routing rules. For granular control of which rules to apply the LRC to, use the matchIndex field.