NetworkServicesHTTPRoute
| Property | Value |
|---|---|
| Google Cloud Service Name | Network Services |
| Google Cloud Service Documentation | /traffic-director/docs/ |
| Google Cloud REST Resource Name | v1/projects.locations.httpRoutes |
| Google Cloud REST Resource Documentation | /traffic-director/docs/reference/network-services/rest/v1/projects.locations.httpRoutes |
| Config Connector Resource Short Names | gcpnetworkserviceshttproute gcpnetworkserviceshttproutes networkserviceshttproute |
| Config Connector Service Name | networkservices.googleapis.com |
| Config Connector Resource Fully Qualified Name | networkserviceshttproutes.networkservices.cnrm.cloud.google.com |
| Can Be Referenced by IAMPolicy/IAMPolicyMember | No |
| Config Connector Default Average Reconcile Interval In Seconds | 600 |
Custom Resource Definition Properties
Spec
Schema
description: string
gateways:
- external: string
name: string
namespace: string
hostnames:
- string
location: string
meshes:
- external: string
name: string
namespace: string
projectRef:
external: string
name: string
namespace: string
resourceID: string
rules:
- action:
corsPolicy:
allowCredentials: boolean
allowHeaders:
- string
allowMethods:
- string
allowOriginRegexes:
- string
allowOrigins:
- string
disabled: boolean
exposeHeaders:
- string
maxAge: string
destinations:
- serviceRef:
external: string
name: string
namespace: string
weight: integer
faultInjectionPolicy:
abort:
httpStatus: integer
percentage: integer
delay:
fixedDelay: string
percentage: integer
redirect:
hostRedirect: string
httpsRedirect: boolean
pathRedirect: string
portRedirect: integer
prefixRewrite: string
responseCode: string
stripQuery: boolean
requestHeaderModifier:
add:
string: string
remove:
- string
set:
string: string
requestMirrorPolicy:
destination:
serviceRef:
external: string
name: string
namespace: string
weight: integer
responseHeaderModifier:
add:
string: string
remove:
- string
set:
string: string
retryPolicy:
numRetries: integer
perTryTimeout: string
retryConditions:
- string
timeout: string
urlRewrite:
hostRewrite: string
pathPrefixRewrite: string
matches:
- fullPathMatch: string
headers:
- exactMatch: string
header: string
invertMatch: boolean
prefixMatch: string
presentMatch: boolean
rangeMatch:
end: integer
start: integer
regexMatch: string
suffixMatch: string
ignoreCase: boolean
prefixMatch: string
queryParameters:
- exactMatch: string
presentMatch: boolean
queryParameter: string
regexMatch: string
regexMatch: string
| Fields | |
|---|---|
|
Optional |
Optional. A free-text description of the resource. Max length 1024 characters. |
|
Optional |
|
|
Optional |
|
|
Optional |
Allowed value: The `selfLink` field of a `NetworkServicesGateway` resource. |
|
Optional |
Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names |
|
Optional |
Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/ |
|
Required |
Required. Hostnames define a set of hosts that should match against the HTTP host header to select a HttpRoute to process the request. Hostname is the fully qualified domain name of a network host, as defined by RFC 1123 with the exception that ip addresses are not allowed. Wildcard hosts are supported as "*" (no prefix or suffix allowed). |
|
Required |
|
|
Required |
Immutable. The location for the resource |
|
Optional |
|
|
Optional |
|
|
Optional |
Allowed value: The `selfLink` field of a `NetworkServicesMesh` resource. |
|
Optional |
Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names |
|
Optional |
Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/ |
|
Required |
Immutable. The Project that this resource belongs to. |
|
Optional |
The project for the resource Allowed value: The Google Cloud resource name of a `Project` resource (format: `projects/{{name}}`). |
|
Optional |
Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names |
|
Optional |
Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/ |
|
Optional |
Immutable. Optional. The name of the resource. Used for creation and acquisition. When unset, the value of `metadata.name` is used as the default. |
|
Required |
Required. Rules that define how traffic is routed and handled. |
|
Required |
|
|
Optional |
The detailed rule defining how to route matched traffic. |
|
Optional |
The specification for allowing client side cross-origin requests. |
|
Optional |
In response to a preflight request, setting this to true indicates that the actual request can include user credentials. This translates to the Access-Control-Allow-Credentials header. Default value is false. |
|
Optional |
Specifies the content for Access-Control-Allow-Headers header. |
|
Optional |
|
|
Optional |
Specifies the content for Access-Control-Allow-Methods header. |
|
Optional |
|
|
Optional |
Specifies the regular expression patterns that match allowed origins. For regular expression grammar, please see https://github.com/google/re2/wiki/Syntax. |
|
Optional |
|
|
Optional |
Specifies the list of origins that will be allowed to do CORS requests. An origin is allowed if it matches either an item in allow_origins or an item in allow_origin_regexes. |
|
Optional |
|
|
Optional |
If true, the CORS policy is disabled. The default value is false, which indicates that the CORS policy is in effect. |
|
Optional |
Specifies the content for Access-Control-Expose-Headers header. |
|
Optional |
|
|
Optional |
Specifies how long result of a preflight request can be cached in seconds. This translates to the Access-Control-Max-Age header. |
|
Optional |
The destination to which traffic should be forwarded. |
|
Optional |
|
|
Optional |
|
|
Optional |
The URL of a BackendService to route traffic to. Allowed value: The Google Cloud resource name of a `ComputeBackendService` resource (format: `projects/{{project}}/global/backendServices/{{name}}`). |
|
Optional |
Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names |
|
Optional |
Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/ |
|
Optional |
Specifies the proportion of requests forwarded to the backend referenced by the serviceName field. This is computed as: weight/Sum(weights in this destination list). For non-zero values, there may be some epsilon from the exact proportion defined here depending on the precision an implementation supports. If only one serviceName is specified and it has a weight greater than 0, 100% of the traffic is forwarded to that backend. If weights are specified for any one service name, they need to be specified for all of them. If weights are unspecified for all services, then, traffic is distributed in equal proportions to all of them. |
|
Optional |
The specification for fault injection introduced into traffic to test the resiliency of clients to backend service failure. As part of fault injection, when clients send requests to a backend service, delays can be introduced on a percentage of requests before sending those requests to the backend service. Similarly requests from clients can be aborted for a percentage of requests. timeout and retry_policy will be ignored by clients that are configured with a fault_injection_policy |
|
Optional |
The specification for aborting to client requests. |
|
Optional |
The HTTP status code used to abort the request. The value must be between 200 and 599 inclusive. |
|
Optional |
The percentage of traffic which will be aborted. The value must be between [0, 100] |
|
Optional |
The specification for injecting delay to client requests. |
|
Optional |
Specify a fixed delay before forwarding the request. |
|
Optional |
The percentage of traffic on which delay will be injected. The value must be between [0, 100] |
|
Optional |
If set, the request is directed as configured by this field. |
|
Optional |
The host that will be used in the redirect response instead of the one that was supplied in the request. |
|
Optional |
If set to true, the URL scheme in the redirected request is set to https. If set to false, the URL scheme of the redirected request will remain the same as that of the request. The default is set to false. |
|
Optional |
The path that will be used in the redirect response instead of the one that was supplied in the request. path_redirect can not be supplied together with prefix_redirect. Supply one alone or neither. If neither is supplied, the path of the original request will be used for the redirect. |
|
Optional |
The port that will be used in the redirected request instead of the one that was supplied in the request. |
|
Optional |
Indicates that during redirection, the matched prefix (or path) should be swapped with this value. This option allows URLs be dynamically created based on the request. |
|
Optional |
The HTTP Status code to use for the redirect. Possible values: MOVED_PERMANENTLY_DEFAULT, FOUND, SEE_OTHER, TEMPORARY_REDIRECT, PERMANENT_REDIRECT |
|
Optional |
if set to true, any accompanying query portion of the original URL is removed prior to redirecting the request. If set to false, the query portion of the original URL is retained. The default is set to false. |
|
Optional |
The specification for modifying the headers of a matching request prior to delivery of the request to the destination. |
|
Optional |
Add the headers with given map where key is the name of the header, value is the value of the header. |
|
Optional |
Remove headers (matching by header names) specified in the list. |
|
Optional |
|
|
Optional |
Completely overwrite/replace the headers with given map where key is the name of the header, value is the value of the header. |
|
Optional |
Specifies the policy on how requests intended for the routes destination are shadowed to a separate mirrored destination. Proxy will not wait for the shadow destination to respond before returning the response. Prior to sending traffic to the shadow service, the host/authority header is suffixed with -shadow. |
|
Optional |
The destination the requests will be mirrored to. The weight of the destination will be ignored. |
|
Optional |
|
|
Optional |
The URL of a BackendService to route traffic to. Allowed value: The Google Cloud resource name of a `ComputeBackendService` resource (format: `projects/{{project}}/global/backendServices/{{name}}`). |
|
Optional |
Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names |
|
Optional |
Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/ |
|
Optional |
Specifies the proportion of requests forwarded to the backend referenced by the serviceName field. This is computed as: weight/Sum(weights in this destination list). For non-zero values, there may be some epsilon from the exact proportion defined here depending on the precision an implementation supports. If only one serviceName is specified and it has a weight greater than 0, 100% of the traffic is forwarded to that backend. If weights are specified for any one service name, they need to be specified for all of them. If weights are unspecified for all services, then, traffic is distributed in equal proportions to all of them. |
|
Optional |
The specification for modifying the headers of a response prior to sending the response back to the client. |
|
Optional |
Add the headers with given map where key is the name of the header, value is the value of the header. |
|
Optional |
Remove headers (matching by header names) specified in the list. |
|
Optional |
|
|
Optional |
Completely overwrite/replace the headers with given map where key is the name of the header, value is the value of the header. |
|
Optional |
Specifies the retry policy associated with this route. |
|
Optional |
Specifies the allowed number of retries. This number must be > 0. If not specified, default to 1. |
|
Optional |
Specifies a non-zero timeout per retry attempt. |
|
Optional |
Specifies one or more conditions when this retry policy applies. Valid values are: 5xx: Proxy will attempt a retry if the destination service responds with any 5xx response code, of if the destination service does not respond at all, example: disconnect, reset, read timeout, connection failure and refused streams. gateway-error: Similar to 5xx, but only applies to response codes 502, 503, 504. reset: Proxy will attempt a retry if the destination service does not respond at all (disconnect/reset/read timeout) connect-failure: Proxy will retry on failures connecting to destination for example due to connection timeouts. retriable-4xx: Proxy will retry fro retriable 4xx response codes. Currently the only retriable error supported is 409. refused-stream: Proxy will retry if the destination resets the stream with a REFUSED_STREAM error code. This reset type indicates that it is safe to retry. |
|
Optional |
|
|
Optional |
Specifies the timeout for selected route. Timeout is computed from the time the request has been fully processed (i.e. end of stream) up until the response has been completely processed. Timeout includes all retries. |
|
Optional |
The specification for rewrite URL before forwarding requests to the destination. |
|
Optional |
Prior to forwarding the request to the selected destination, the requests host header is replaced by this value. |
|
Optional |
Prior to forwarding the request to the selected destination, the matching portion of the requests path is replaced by this value. |
|
Optional |
A list of matches define conditions used for matching the rule against incoming HTTP requests. Each match is independent, i.e. this rule will be matched if ANY one of the matches is satisfied. |
|
Optional |
|
|
Optional |
The HTTP request path value should exactly match this value. Only one of full_path_match, prefix_match, or regex_match should be used. |
|
Optional |
Specifies a list of HTTP request headers to match against. ALL of the supplied headers must be matched. |
|
Optional |
|
|
Optional |
The value of the header should match exactly the content of exact_match. |
|
Optional |
The name of the HTTP header to match against. |
|
Optional |
If specified, the match result will be inverted before checking. Default value is set to false. |
|
Optional |
The value of the header must start with the contents of prefix_match. |
|
Optional |
A header with header_name must exist. The match takes place whether or not the header has a value. |
|
Optional |
If specified, the rule will match if the request header value is within the range. |
|
Optional |
End of the range (exclusive) |
|
Optional |
Start of the range (inclusive) |
|
Optional |
The value of the header must match the regular expression specified in regex_match. For regular expression grammar, please see: https://github.com/google/re2/wiki/Syntax |
|
Optional |
The value of the header must end with the contents of suffix_match. |
|
Optional |
Specifies if prefix_match and full_path_match matches are case sensitive. The default value is false. |
|
Optional |
The HTTP request path value must begin with specified prefix_match. prefix_match must begin with a /. Only one of full_path_match, prefix_match, or regex_match should be used. |
|
Optional |
Specifies a list of query parameters to match against. ALL of the query parameters must be matched. |
|
Optional |
|
|
Optional |
The value of the query parameter must exactly match the contents of exact_match. Only one of exact_match, regex_match, or present_match must be set. |
|
Optional |
Specifies that the QueryParameterMatcher matches if request contains query parameter, irrespective of whether the parameter has a value or not. Only one of exact_match, regex_match, or present_match must be set. |
|
Optional |
The name of the query parameter to match. |
|
Optional |
The value of the query parameter must match the regular expression specified by regex_match. For regular expression grammar, please see https://github.com/google/re2/wiki/Syntax Only one of exact_match, regex_match, or present_match must be set. |
|
Optional |
The HTTP request path value must satisfy the regular expression specified by regex_match after removing any query parameters and anchor supplied with the original URL. For regular expression grammar, please see https://github.com/google/re2/wiki/Syntax Only one of full_path_match, prefix_match, or regex_match should be used. |
Status
Schema
conditions:
- lastTransitionTime: string
message: string
reason: string
status: string
type: string
createTime: string
observedGeneration: integer
selfLink: string
updateTime: string
| Fields | |
|---|---|
conditions |
Conditions represent the latest available observation of the resource's current state. |
conditions[] |
|
conditions[].lastTransitionTime |
Last time the condition transitioned from one status to another. |
conditions[].message |
Human-readable message indicating details about last transition. |
conditions[].reason |
Unique, one-word, CamelCase reason for the condition's last transition. |
conditions[].status |
Status is the status of the condition. Can be True, False, Unknown. |
conditions[].type |
Type is the type of the condition. |
createTime |
Output only. The timestamp when the resource was created. |
observedGeneration |
ObservedGeneration is the generation of the resource that was most recently observed by the Config Connector controller. If this is equal to metadata.generation, then that means that the current reported status reflects the most recent desired state of the resource. |
selfLink |
Output only. Server-defined URL of this resource |
updateTime |
Output only. The timestamp when the resource was updated. |
Sample YAML(s)
Typical Use Case
# Copyright 2022 Google LLC
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
apiVersion: networkservices.cnrm.cloud.google.com/v1beta1
kind: NetworkServicesHTTPRoute
metadata:
name: networkserviceshttproute-sample
labels:
foo: bar
spec:
description: "A test HttpRoute"
meshes:
- name: "networkserviceshttproute-dep"
gateways:
- name: "networkserviceshttproute-dep"
location: "global"
hostnames:
- "test1"
- "test2"
rules:
- matches:
- fullPathMatch: "/foo/bar"
headers:
- header: "foo-header"
prefixMatch: "bar-value"
- prefixMatch: "/foo/"
ignoreCase: true
- regexMatch: "/foo/.*/bar/.*"
- prefixMatch: "/"
headers:
- header: "foo"
exactMatch: "bar"
- header: "foo"
regexMatch: "b.*ar"
- header: "foo"
prefixMatch: "ba"
- header: "foo"
presentMatch: true
- header: "foo"
suffixMatch: "ar"
- header: "foo"
rangeMatch:
start: 0
end: 5
invertMatch: true
- prefixMatch: "/"
queryParameters:
- queryParameter: "foo"
exactMatch: "bar"
- queryParameter: "foo"
regexMatch: ".*bar.*"
- queryParameter: "foo"
presentMatch: true
action:
destinations:
- serviceRef:
name: "networkserviceshttproute-dep"
weight: 1
- serviceRef:
name: "networkserviceshttproute-dep"
weight: 1
urlRewrite:
pathPrefixRewrite: "foo"
hostRewrite: "foo"
corsPolicy:
allowOrigins:
- "foo.com"
- "bar.com"
allowOriginRegexes:
- ".*.foo.com"
- ".*.bar.com"
allowMethods:
- "GET"
- "POST"
allowHeaders:
- "foo"
- "bar"
exposeHeaders:
- "foo"
- "bar"
maxAge: "35"
allowCredentials: true
disabled: false
faultInjectionPolicy:
abort:
httpStatus: 501
percentage: 1
delay:
fixedDelay: "10s"
percentage: 2
requestHeaderModifier:
add:
foo1: "bar1"
baz1: "qux1"
set:
foo2: "bar2"
baz2: "qux2"
remove:
- "foo3"
- "bar3"
requestMirrorPolicy:
destination:
serviceRef:
name: "networkserviceshttproute-dep"
responseHeaderModifier:
add:
foo1: "bar1"
baz1: "qux1"
set:
foo2: "bar2"
baz2: "qux2"
remove:
- "foo3"
- "bar3"
retryPolicy:
numRetries: 3
perTryTimeout: "5s"
retryConditions:
- "refused-stream"
- "cancelled"
timeout: "30s"
- action:
redirect:
hostRedirect: "foo"
responseCode: "MOVED_PERMANENTLY_DEFAULT"
httpsRedirect: true
stripQuery: true
portRedirect: 7777
- action:
redirect:
hostRedirect: "test"
prefixRewrite: "foo"
responseCode: "FOUND"
- action:
redirect:
hostRedirect: "test"
pathRedirect: "/foo"
responseCode: "FOUND"
projectRef:
# Replace "${PROJECT_ID?}" with your project ID
external: "projects/${PROJECT_ID?}"
---
apiVersion: compute.cnrm.cloud.google.com/v1beta1
kind: ComputeBackendService
metadata:
name: networkserviceshttproute-dep
spec:
loadBalancingScheme: "INTERNAL_SELF_MANAGED"
location: global
projectRef:
# Replace "${PROJECT_ID?}" with your project ID
external: "projects/${PROJECT_ID?}"
---
apiVersion: networkservices.cnrm.cloud.google.com/v1beta1
kind: NetworkServicesGateway
metadata:
name: networkserviceshttproute-dep
spec:
location: "global"
type: "OPEN_MESH"
scope: "networkserviceshttproute-sample-scope"
ports:
- 80
- 443
projectRef:
# Replace "${PROJECT_ID?}" with your project ID
external: "projects/${PROJECT_ID?}"
---
apiVersion: networkservices.cnrm.cloud.google.com/v1beta1
kind: NetworkServicesMesh
metadata:
name: networkserviceshttproute-dep
spec:
location: "global"
projectRef:
# Replace "${PROJECT_ID?}" with your project ID
external: "projects/${PROJECT_ID?}"