Skip to content

ListenerRuleConfiguration

ListenerRuleConfigurations may be attached to Routes within the same namespace of the LRC.

Actions

ForwardActionConfig

apiVersion: gateway.k8s.aws/v1beta1
kind: ListenerRuleConfiguration
metadata:
  name: example-lrc-config
  namespace: example-ns
spec:
  actions:
    - type: "forward"
      forwardConfig:
        targetGroupStickinessConfig:
          durationSeconds: 120
          enabled: true

Configure the stickiness setting TargetGroups referenced in the Listener Rule.

For more information, please see the AWS documentation for stickiness

Default No stickiness

RedirectActionConfig

apiVersion: gateway.k8s.aws/v1beta1
kind: ListenerRuleConfiguration
metadata:
  name: example-lrc-config
  namespace: example-ns
spec:
  actions:
    - type: "redirect"
      redirectConfig:
        query: "foo"

Use this configuration in conjunction with the Re-direct configuration in HTTPRouteFilter to add query param information to the redirect.

Default ""

FixedResponseConfig

apiVersion: gateway.k8s.aws/v1beta1
kind: ListenerRuleConfiguration
metadata:
  name: example-lrc-config
  namespace: example-ns
spec:
  actions:
    - type: "fixed-response"
      fixedResponseConfig:
        statusCode: 404
        contentType: "text/plain"
        messageBody: "my fixed response"

Configures the ALB to send a fixed response.

Default No fixed response injected.

AuthenticateCognitoActionConfig

apiVersion: gateway.k8s.aws/v1beta1
kind: ListenerRuleConfiguration
metadata:
  name: example-lrc-config
  namespace: example-ns
spec:
  actions:
    - type: "authenticate-cognito"
      authenticateCognitoConfig:
        userPoolArn: "user-pool-arn"
        userPoolClientId: "cid"
        userPoolDomain: "example.com"
        onUnauthenticatedRequest: "authenticate/deny/allow"

Configures the ALB to authenticate users with Cognito before forwarding the request to the backend.

Default No Cognito pre-routing check.

AuthenticateOidcActionConfig

apiVersion: gateway.k8s.aws/v1beta1
kind: ListenerRuleConfiguration
metadata:
  name: example-lrc-config
  namespace: example-ns
spec:
  actions:
    - type: "authenticate-oidc"
      authenticateOIDCConfig:
        authorizationEndpoint: "https://my-auth-server.com"
        secret:
          name: "my-secret-name"
        issuer: "https://my-issuer.com"
        tokenEndpoint: "https://my-token-endpoint.com"
        userInfoEndpoint: "https://my-user-info-endpoint.com"
        onUnauthenticatedRequest: "authenticate/deny/allow"

Important When specifying the secret, the secret name must exist within the namespace of the ListenerRuleConfiguration.

Configures the ALB to authenticate users with an OIDC Provider before forwarding the request to the backend.

Default No OIDC pre-routing check.

Conditions

ListenerRuleCondition

# source-ip-condition.yaml
apiVersion: gateway.k8s.aws/v1beta1
kind: ListenerRuleConfiguration
metadata:
  name: custom-rule-config-source-ip
  namespace: example-ns
spec:
  conditions:
    - field: source-ip
      sourceIPConfig:
        values:
          - 10.0.0.0/5

Adds Source IP conditions into the routing rules. For granular control of which rules to apply the LRC to, use the matchIndex field.