API Reference¶

Packages¶

gateway.k8s.aws/v1beta1

gateway.k8s.aws/v1beta1¶

Package v1beta1 contains API Schema definitions for the elbv2 v1beta1 API group

Resource Types¶

LoadBalancerConfiguration
TargetGroupConfiguration

ALPNPolicy¶

Underlying type: string

ALPNPolicy defines the ALPN policy configuration for TLS listeners forwarding to TLS target groups HTTP1Only Negotiate only HTTP/1.. The ALPN preference list is http/1.1, http/1.0. HTTP2Only Negotiate only HTTP/2. The ALPN preference list is h2. HTTP2Optional Prefer HTTP/1. over HTTP/2 (which can be useful for HTTP/2 testing). The ALPN preference list is http/1.1, http/1.0, h2. HTTP2Preferred Prefer HTTP/2 over HTTP/1.*. The ALPN preference list is h2, http/1.1, http/1.0. None Do not negotiate ALPN. This is the default.

Validation: - Enum: [HTTP1Only HTTP2Only HTTP2Optional HTTP2Preferred None]

Appears in: - ListenerConfiguration

Field	Description
`None`
`HTTP1Only`
`HTTP2Only`
`HTTP2Optional`
`HTTP2Preferred`

AdvertiseTrustStoreCaNamesEnum¶

Underlying type: string

Validation: - Enum: [on off]

Appears in: - MutualAuthenticationAttributes

Field	Description
`on`
`off`

HealthCheckConfiguration¶

HealthCheckConfiguration defines the Health Check configuration for a Target Group.

Appears in: - TargetGroupProps

Field	Description	Validation
`healthyThresholdCount` integer	healthyThresholdCount The number of consecutive health checks successes required before considering an unhealthy target healthy.
`healthCheckInterval` integer	healthCheckInterval The approximate amount of time, in seconds, between health checks of an individual target.
`healthCheckPath` string	healthCheckPath The destination for health checks on the targets.
`healthCheckPort` string	healthCheckPort The port the load balancer uses when performing health checks on targets. The default is to use the port on which each target receives traffic from the load balancer.
`healthCheckProtocol` TargetGroupHealthCheckProtocol	healthCheckProtocol The protocol to use to connect with the target. The GENEVE, TLS, UDP, and TCP_UDP protocols are not supported for health checks.	Enum: [http https tcp]
`healthCheckTimeout` integer	healthCheckTimeout The amount of time, in seconds, during which no response means a failed health check
`unhealthyThresholdCount` integer	unhealthyThresholdCount The number of consecutive health check failures required before considering the target unhealthy.
`matcher` HealthCheckMatcher	healthCheckCodes The HTTP or gRPC codes to use when checking for a successful response from a target

HealthCheckMatcher¶

TODO: Add a validation in the admission webhook to check if only one of HTTPCode or GRPCCode is set. Information to use when checking for a successful response from a target.

Appears in: - HealthCheckConfiguration

Field	Description	Default	Validation
`httpCode` string	The HTTP codes.
`grpcCode` string	The gRPC codes

ListenerAttribute¶

ListenerAttribute defines listener attribute.

Appears in: - ListenerConfiguration

Field	Description	Default	Validation
`key` string	The key of the attribute.
`value` string	The value of the attribute.

ListenerConfiguration¶

Appears in: - LoadBalancerConfigurationSpec

Field	Description	Validation
`protocolPort` ProtocolPort	protocolPort is identifier for the listener on load balancer. It should be of the form PROTOCOL:PORT	Pattern: `^(HTTP\\|HTTPS\\|TLS\\|TCP\\|UDP)?:(6553[0-5]\\|655[0-2]\d\\|65[0-4]\d\{2\}\\|6[0-4]\d\{3\}\\|[1-5]\d\{4\}\\|[1-9]\d\{0,3\})?$`
`defaultCertificate` string	TODO: Add validation in admission webhook to make it required for secure protocols defaultCertificate the cert arn to be used by default.
`certificates` string array	certificates is the list of other certificates to add to the listener.
`sslPolicy` string	sslPolicy is the security policy that defines which protocols and ciphers are supported for secure listeners [HTTPS or TLS listener].
`alpnPolicy` ALPNPolicy	alpnPolicy an optional string that allows you to configure ALPN policies on your Load Balancer	Enum: [HTTP1Only HTTP2Only HTTP2Optional HTTP2Preferred None]
`mutualAuthentication` MutualAuthenticationAttributes	mutualAuthentication defines the mutual authentication configuration information.
`listenerAttributes` ListenerAttribute array	listenerAttributes defines the attributes for the listener

LoadBalancerAttribute¶

LoadBalancerAttribute defines LB attribute.

Appears in: - LoadBalancerConfigurationSpec

Field	Description	Default	Validation
`key` string	The key of the attribute.
`value` string	The value of the attribute.

LoadBalancerConfigMergeMode¶

Underlying type: string

LoadBalancerConfigMergeMode is the merging behavior defined when both Gateway and GatewayClass have lb configurations. See the individual configuration fields for the exact merge behavior applied.

Validation: - Enum: [prefer-gateway prefer-gateway-class]

Appears in: - LoadBalancerConfigurationSpec

Field	Description
`prefer-gateway-class`	MergeModePreferGatewayClass when both lb configurations have a field specified, this mode gives precedence to the configuration in the GatewayClass
`prefer-gateway`	MergeModePreferGatewayClass when both lb configurations have a field specified, this mode gives precedence to the configuration in the Gateway

LoadBalancerConfiguration¶

LoadBalancerConfiguration is the Schema for the LoadBalancerConfiguration API

Field	Description	Default	Validation
`apiVersion` string	`gateway.k8s.aws/v1beta1`
`kind` string	`LoadBalancerConfiguration`
`metadata` ObjectMeta	Refer to Kubernetes API documentation for fields of `metadata`.
`spec` LoadBalancerConfigurationSpec
`status` LoadBalancerConfigurationStatus

LoadBalancerConfigurationSpec¶

LoadBalancerConfigurationSpec defines the desired state of LoadBalancerConfiguration

Appears in: - LoadBalancerConfiguration

Field	Description	Validation
`mergingMode` LoadBalancerConfigMergeMode	mergingMode defines the merge behavior when both the Gateway and GatewayClass have a defined LoadBalancerConfiguration. This field is only honored for the configuration attached to the GatewayClass.	Enum: [prefer-gateway prefer-gateway-class]
`loadBalancerName` string	loadBalancerName defines the name of the LB to provision. If unspecified, it will be automatically generated.	MaxLength: 32 MinLength: 1
`scheme` LoadBalancerScheme	scheme defines the type of LB to provision. If unspecified, it will be automatically inferred.	Enum: [internal internet-facing]
`ipAddressType` LoadBalancerIpAddressType	loadBalancerIPType defines what kind of load balancer to provision (ipv4, dual stack)	Enum: [ipv4 dualstack dualstack-without-public-ipv4]
`enforceSecurityGroupInboundRulesOnPrivateLinkTraffic` string	enforceSecurityGroupInboundRulesOnPrivateLinkTraffic Indicates whether to evaluate inbound security group rules for traffic sent to a Network Load Balancer through Amazon Web Services PrivateLink.
`customerOwnedIpv4Pool` string	customerOwnedIpv4Pool [Application LoadBalancer] is the ID of the customer-owned address for Application Load Balancers on Outposts pool.
`ipv4IPAMPoolId` string	IPv4IPAMPoolId [Application LoadBalancer] defines the IPAM pool ID used for IPv4 Addresses on the ALB.
`loadBalancerSubnets` SubnetConfiguration	loadBalancerSubnets is an optional list of subnet configurations to be used in the LB This value takes precedence over loadBalancerSubnetsSelector if both are selected.
`loadBalancerSubnetsSelector` map[string][]string	LoadBalancerSubnetsSelector specifies subnets in the load balancer's VPC where each tag specified in the map key contains one of the values in the corresponding value list.
`listenerConfigurations` ListenerConfiguration	listenerConfigurations is an optional list of configurations for each listener on LB
`securityGroups` string	securityGroups an optional list of security group ids or names to apply to the LB
`securityGroupPrefixes` string	securityGroupPrefixes an optional list of prefixes that are allowed to access the LB.
`sourceRanges` string	sourceRanges an optional list of CIDRs that are allowed to access the LB.
`vpcId` string	vpcId is the ID of the VPC for the load balancer.
`loadBalancerAttributes` LoadBalancerAttribute array	LoadBalancerAttributes defines the attribute of LB
`tags` map[string]string	Tags the AWS Tags on all related resources to the gateway.
`enableICMP` boolean	EnableICMP [Network LoadBalancer] enables the creation of security group rules to the managed security group to allow explicit ICMP traffic for Path MTU discovery for IPv4 and dual-stack VPCs
`manageBackendSecurityGroupRules` boolean	ManageBackendSecurityGroupRules [Application / Network LoadBalancer] specifies whether you want the controller to configure security group rules on Node/Pod for traffic access when you specify securityGroups
`minimumLoadBalancerCapacity` MinimumLoadBalancerCapacity	MinimumLoadBalancerCapacity define the capacity reservation for LoadBalancers

LoadBalancerConfigurationStatus¶

LoadBalancerConfigurationStatus defines the observed state of TargetGroupBinding

Appears in: - LoadBalancerConfiguration

Field	Description	Default	Validation
`observedGatewayConfigurationGeneration` integer	The generation of the Gateway Configuration attached to the Gateway object.
`observedGatewayClassConfigurationGeneration` integer	The generation of the Gateway Configuration attached to the GatewayClass object.

LoadBalancerIpAddressType¶

Underlying type: string

LoadBalancerIpAddressType is the IP Address type of your LB.

Validation: - Enum: [ipv4 dualstack dualstack-without-public-ipv4]

Appears in: - LoadBalancerConfigurationSpec

Field	Description
`ipv4`
`dualstack`
`dualstack-without-public-ipv4`

LoadBalancerScheme¶

Underlying type: string

LoadBalancerScheme is the scheme of your LB

with internal scheme, the LB is only accessible within the VPC.
with internet-facing scheme, the LB is accesible via the public internet.

Validation: - Enum: [internal internet-facing]

Appears in: - LoadBalancerConfigurationSpec

Field	Description
`internal`
`internet-facing`

MinimumLoadBalancerCapacity¶

MinimumLoadBalancerCapacity Information about a load balancer capacity reservation.

Appears in: - LoadBalancerConfigurationSpec

Field	Description	Default	Validation
`capacityUnits` integer	The Capacity Units Value.

MutualAuthenticationAttributes¶

Information about the mutual authentication attributes of a listener.

Appears in: - ListenerConfiguration

Field	Description	Validation
`advertiseTrustStoreCaNames` AdvertiseTrustStoreCaNamesEnum	Indicates whether trust store CA certificate names are advertised.	Enum: [on off]
`ignoreClientCertificateExpiry` boolean	Indicates whether expired client certificates are ignored.
`mode` MutualAuthenticationMode	The client certificate handling method. Options are off, passthrough or verify	Enum: [off passthrough verify]
`trustStore` string	The Name or ARN of the trust store.

MutualAuthenticationMode¶

Underlying type: string

MutualAuthenticationMode mTLS mode for mutual TLS authentication config for listener

Validation: - Enum: [off passthrough verify]

Appears in: - MutualAuthenticationAttributes

Field	Description
`off`
`passthrough`
`verify`

Protocol¶

Underlying type: string

Validation: - Enum: [HTTP HTTPS TCP TLS UDP TCP_UDP]

Appears in: - TargetGroupProps

Field	Description
`HTTP`
`HTTPS`
`TCP`
`TLS`
`UDP`
`TCP_UDP`

ProtocolPort¶

Underlying type: string

Validation: - Pattern: ^(HTTP|HTTPS|TLS|TCP|UDP)?:(6553[0-5]|655[0-2]\d|65[0-4]\d{2}|6[0-4]\d{3}|[1-5]\d{4}|[1-9]\d{0,3})?$

Appears in: - ListenerConfiguration

ProtocolVersion¶

Underlying type: string

Validation: - Enum: [HTTP1 HTTP2 GRPC]

Appears in: - TargetGroupProps

Field	Description
`HTTP1`
`HTTP2`
`GRPC`

Reference¶

Reference defines how to look up the Target Group configuration for a service.

Appears in: - TargetGroupConfigurationSpec

Field	Description	Default
`group` string	Group is the group of the referent. For example, "gateway.networking.k8s.io". When unspecified or empty string, core API group is inferred.
`kind` string	Kind is the Kubernetes resource kind of the referent. For example "Service". Defaults to "Service" when not specified.	Service
`name` string	Name is the name of the referent.

RouteConfiguration¶

RouteConfiguration defines the per route configuration

Appears in: - TargetGroupConfigurationSpec

Field	Description	Default	Validation
`routeIdentifier` RouteIdentifier	name the identifier of the route, it should be in the form of ROUTE:NAMESPACE:NAME
`targetGroupProps` TargetGroupProps	targetGroupProps the target group specific properties

RouteIdentifier¶

RouteIdentifier the complete set of route attributes that identify a route.

Appears in: - RouteConfiguration

Field	Description	Default	Validation
`kind` string
`namespace` string
`name` string

SubnetConfiguration¶

SubnetConfiguration defines the subnet settings for a Load Balancer.

Appears in: - LoadBalancerConfigurationSpec

Field	Description	Default	Validation
`identifier` string	identifier [Application LoadBalancer / Network LoadBalancer] name or id for the subnet
`eipAllocation` string	eipAllocation [Network LoadBalancer] the EIP name for this subnet.
`privateIPv4Allocation` string	privateIPv4Allocation [Network LoadBalancer] the private ipv4 address to assign to this subnet.
`ipv6Allocation` string	IPv6Allocation [Network LoadBalancer] the ipv6 address to assign to this subnet.
`sourceNatIPv6Prefix` string	SourceNatIPv6Prefix [Network LoadBalancer] The IPv6 prefix to use for source NAT. Specify an IPv6 prefix (/80 netmask) from the subnet CIDR block or auto_assigned to use an IPv6 prefix selected at random from the subnet CIDR block.

TargetGroupAttribute¶

TargetGroupAttribute defines target group attribute.

Appears in: - TargetGroupProps

Field	Description	Default	Validation
`key` string	The key of the attribute.
`value` string	The value of the attribute.

TargetGroupConfiguration¶

TargetGroupConfiguration is the Schema for defining TargetGroups with an AWS ELB Gateway

Field	Description	Default	Validation
`apiVersion` string	`gateway.k8s.aws/v1beta1`
`kind` string	`TargetGroupConfiguration`
`metadata` ObjectMeta	Refer to Kubernetes API documentation for fields of `metadata`.
`spec` TargetGroupConfigurationSpec
`status` TargetGroupConfigurationStatus

TargetGroupConfigurationSpec¶

TargetGroupConfigurationSpec defines the TargetGroup properties for a route.

Appears in: - TargetGroupConfiguration

Field	Description	Default	Validation
`targetReference` Reference	targetReference the kubernetes object to attach the Target Group settings to.
`defaultConfiguration` TargetGroupProps	defaultRouteConfiguration fallback configuration applied to all routes, unless overridden by route-specific configurations.
`routeConfigurations` RouteConfiguration array	routeConfigurations the route configuration for specific routes. the longest prefix match (kind:namespace:name) is taken to combine with the default properties.

TargetGroupConfigurationStatus¶

TargetGroupConfigurationStatus defines the observed state of TargetGroupConfiguration

Appears in: - TargetGroupConfiguration

Field	Description	Default	Validation
`observedGatewayConfigurationGeneration` integer	The generation of the Gateway Configuration attached to the Gateway object.
`observedGatewayClassConfigurationGeneration` integer	The generation of the Gateway Configuration attached to the GatewayClass object.

TargetGroupHealthCheckProtocol¶

Underlying type: string

Validation: - Enum: [http https tcp]

Appears in: - HealthCheckConfiguration

Field	Description
`HTTP`
`HTTPS`
`TCP`

TargetGroupIPAddressType¶

Underlying type: string

TargetGroupIPAddressType is the IP Address type of your ELBV2 TargetGroup.

Validation: - Enum: [ipv4 ipv6]

Appears in: - TargetGroupProps

Field	Description
`ipv4`
`ipv6`

TargetGroupProps¶

TargetGroupProps defines the target group properties

Appears in: - RouteConfiguration - TargetGroupConfigurationSpec

Field	Description	Validation
`targetGroupName` string	targetGroupName specifies the name to assign to the Target Group. If not defined, then one is generated.
`ipAddressType` TargetGroupIPAddressType	ipAddressType specifies whether the target group is of type IPv4 or IPv6. If unspecified, it will be automatically inferred.	Enum: [ipv4 ipv6]
`healthCheckConfig` HealthCheckConfiguration	healthCheckConfig The Health Check configuration for this backend.
`nodeSelector` LabelSelector	node selector for instance type target groups to only register certain nodes
`targetGroupAttributes` TargetGroupAttribute array	targetGroupAttributes defines the attribute of target group
`targetType` TargetType	targetType is the TargetType of TargetGroup. If unspecified, it will be automatically inferred as instance.	Enum: [instance ip]
`protocol` Protocol	Protocol [Application / Network Load Balancer] the protocol for the target group. If unspecified, it will be automatically inferred.	Enum: [HTTP HTTPS TCP TLS UDP TCP_UDP]
`protocolVersion` ProtocolVersion	protocolVersion [HTTP/HTTPS protocol] The protocol version. The possible values are GRPC , HTTP1 and HTTP2	Enum: [HTTP1 HTTP2 GRPC]
`enableMultiCluster` boolean	EnableMultiCluster [Application / Network LoadBalancer] Allows for multiple Clusters / Services to use the generated TargetGroup ARN
`tags` map[string]string	Tags the Tags to add on the target group.

TargetType¶

Underlying type: string

TargetType is the targetType of your ELBV2 TargetGroup.

with instance TargetType, nodes with nodePort for your service will be registered as targets
with ip TargetType, Pods with containerPort for your service will be registered as targets

Validation: - Enum: [instance ip]

Appears in: - TargetGroupProps

Field	Description
`instance`
`ip`