NetworkServicesHTTPRoute


Property Value
Google Cloud Service Name Network Services
Google Cloud Service Documentation /traffic-director/docs/
Google Cloud REST Resource Name v1/projects.locations.httpRoutes
Google Cloud REST Resource Documentation /traffic-director/docs/reference/network-services/rest/v1/projects.locations.httpRoutes
Config Connector Resource Short Names gcpnetworkserviceshttproute
gcpnetworkserviceshttproutes
networkserviceshttproute
Config Connector Service Name networkservices.googleapis.com
Config Connector Resource Fully Qualified Name networkserviceshttproutes.networkservices.cnrm.cloud.google.com
Can Be Referenced by IAMPolicy/IAMPolicyMember No
Config Connector Default Average Reconcile Interval In Seconds 600

Custom Resource Definition Properties

Annotations

Fields
cnrm.cloud.google.com/state-into-spec

Spec

Schema

description: string
gateways:
- external: string
  name: string
  namespace: string
hostnames:
- string
location: string
meshes:
- external: string
  name: string
  namespace: string
projectRef:
  external: string
  name: string
  namespace: string
resourceID: string
rules:
- action:
    corsPolicy:
      allowCredentials: boolean
      allowHeaders:
      - string
      allowMethods:
      - string
      allowOriginRegexes:
      - string
      allowOrigins:
      - string
      disabled: boolean
      exposeHeaders:
      - string
      maxAge: string
    destinations:
    - serviceRef:
        external: string
        name: string
        namespace: string
      weight: integer
    faultInjectionPolicy:
      abort:
        httpStatus: integer
        percentage: integer
      delay:
        fixedDelay: string
        percentage: integer
    redirect:
      hostRedirect: string
      httpsRedirect: boolean
      pathRedirect: string
      portRedirect: integer
      prefixRewrite: string
      responseCode: string
      stripQuery: boolean
    requestHeaderModifier:
      add:
        string: string
      remove:
      - string
      set:
        string: string
    requestMirrorPolicy:
      destination:
        serviceRef:
          external: string
          name: string
          namespace: string
        weight: integer
    responseHeaderModifier:
      add:
        string: string
      remove:
      - string
      set:
        string: string
    retryPolicy:
      numRetries: integer
      perTryTimeout: string
      retryConditions:
      - string
    timeout: string
    urlRewrite:
      hostRewrite: string
      pathPrefixRewrite: string
  matches:
  - fullPathMatch: string
    headers:
    - exactMatch: string
      header: string
      invertMatch: boolean
      prefixMatch: string
      presentMatch: boolean
      rangeMatch:
        end: integer
        start: integer
      regexMatch: string
      suffixMatch: string
    ignoreCase: boolean
    prefixMatch: string
    queryParameters:
    - exactMatch: string
      presentMatch: boolean
      queryParameter: string
      regexMatch: string
    regexMatch: string
Fields

description

Optional

string

Optional. A free-text description of the resource. Max length 1024 characters.

gateways

Optional

list (object)

gateways[]

Optional

object

gateways[].external

Optional

string

Allowed value: The `selfLink` field of a `NetworkServicesGateway` resource.

gateways[].name

Optional

string

Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names

gateways[].namespace

Optional

string

Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/

hostnames

Required

list (string)

Required. Hostnames define a set of hosts that should match against the HTTP host header to select a HttpRoute to process the request. Hostname is the fully qualified domain name of a network host, as defined by RFC 1123 with the exception that ip addresses are not allowed. Wildcard hosts are supported as "*" (no prefix or suffix allowed).

hostnames[]

Required

string

location

Required

string

Immutable. The location for the resource

meshes

Optional

list (object)

meshes[]

Optional

object

meshes[].external

Optional

string

Allowed value: The `selfLink` field of a `NetworkServicesMesh` resource.

meshes[].name

Optional

string

Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names

meshes[].namespace

Optional

string

Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/

projectRef

Required

object

Immutable. The Project that this resource belongs to.

projectRef.external

Optional

string

The project for the resource Allowed value: The Google Cloud resource name of a `Project` resource (format: `projects/{{name}}`).

projectRef.name

Optional

string

Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names

projectRef.namespace

Optional

string

Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/

resourceID

Optional

string

Immutable. Optional. The name of the resource. Used for creation and acquisition. When unset, the value of `metadata.name` is used as the default.

rules

Required

list (object)

Required. Rules that define how traffic is routed and handled.

rules[]

Required

object

rules[].action

Optional

object

The detailed rule defining how to route matched traffic.

rules[].action.corsPolicy

Optional

object

The specification for allowing client side cross-origin requests.

rules[].action.corsPolicy.allowCredentials

Optional

boolean

In response to a preflight request, setting this to true indicates that the actual request can include user credentials. This translates to the Access-Control-Allow-Credentials header. Default value is false.

rules[].action.corsPolicy.allowHeaders

Optional

list (string)

Specifies the content for Access-Control-Allow-Headers header.

rules[].action.corsPolicy.allowHeaders[]

Optional

string

rules[].action.corsPolicy.allowMethods

Optional

list (string)

Specifies the content for Access-Control-Allow-Methods header.

rules[].action.corsPolicy.allowMethods[]

Optional

string

rules[].action.corsPolicy.allowOriginRegexes

Optional

list (string)

Specifies the regular expression patterns that match allowed origins. For regular expression grammar, please see https://github.com/google/re2/wiki/Syntax.

rules[].action.corsPolicy.allowOriginRegexes[]

Optional

string

rules[].action.corsPolicy.allowOrigins

Optional

list (string)

Specifies the list of origins that will be allowed to do CORS requests. An origin is allowed if it matches either an item in allow_origins or an item in allow_origin_regexes.

rules[].action.corsPolicy.allowOrigins[]

Optional

string

rules[].action.corsPolicy.disabled

Optional

boolean

If true, the CORS policy is disabled. The default value is false, which indicates that the CORS policy is in effect.

rules[].action.corsPolicy.exposeHeaders

Optional

list (string)

Specifies the content for Access-Control-Expose-Headers header.

rules[].action.corsPolicy.exposeHeaders[]

Optional

string

rules[].action.corsPolicy.maxAge

Optional

string

Specifies how long result of a preflight request can be cached in seconds. This translates to the Access-Control-Max-Age header.

rules[].action.destinations

Optional

list (object)

The destination to which traffic should be forwarded.

rules[].action.destinations[]

Optional

object

rules[].action.destinations[].serviceRef

Optional

object

rules[].action.destinations[].serviceRef.external

Optional

string

The URL of a BackendService to route traffic to. Allowed value: The Google Cloud resource name of a `ComputeBackendService` resource (format: `projects/{{project}}/global/backendServices/{{name}}`).

rules[].action.destinations[].serviceRef.name

Optional

string

Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names

rules[].action.destinations[].serviceRef.namespace

Optional

string

Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/

rules[].action.destinations[].weight

Optional

integer

Specifies the proportion of requests forwarded to the backend referenced by the serviceName field. This is computed as: weight/Sum(weights in this destination list). For non-zero values, there may be some epsilon from the exact proportion defined here depending on the precision an implementation supports. If only one serviceName is specified and it has a weight greater than 0, 100% of the traffic is forwarded to that backend. If weights are specified for any one service name, they need to be specified for all of them. If weights are unspecified for all services, then, traffic is distributed in equal proportions to all of them.

rules[].action.faultInjectionPolicy

Optional

object

The specification for fault injection introduced into traffic to test the resiliency of clients to backend service failure. As part of fault injection, when clients send requests to a backend service, delays can be introduced on a percentage of requests before sending those requests to the backend service. Similarly requests from clients can be aborted for a percentage of requests. timeout and retry_policy will be ignored by clients that are configured with a fault_injection_policy

rules[].action.faultInjectionPolicy.abort

Optional

object

The specification for aborting to client requests.

rules[].action.faultInjectionPolicy.abort.httpStatus

Optional

integer

The HTTP status code used to abort the request. The value must be between 200 and 599 inclusive.

rules[].action.faultInjectionPolicy.abort.percentage

Optional

integer

The percentage of traffic which will be aborted. The value must be between [0, 100]

rules[].action.faultInjectionPolicy.delay

Optional

object

The specification for injecting delay to client requests.

rules[].action.faultInjectionPolicy.delay.fixedDelay

Optional

string

Specify a fixed delay before forwarding the request.

rules[].action.faultInjectionPolicy.delay.percentage

Optional

integer

The percentage of traffic on which delay will be injected. The value must be between [0, 100]

rules[].action.redirect

Optional

object

If set, the request is directed as configured by this field.

rules[].action.redirect.hostRedirect

Optional

string

The host that will be used in the redirect response instead of the one that was supplied in the request.

rules[].action.redirect.httpsRedirect

Optional

boolean

If set to true, the URL scheme in the redirected request is set to https. If set to false, the URL scheme of the redirected request will remain the same as that of the request. The default is set to false.

rules[].action.redirect.pathRedirect

Optional

string

The path that will be used in the redirect response instead of the one that was supplied in the request. path_redirect can not be supplied together with prefix_redirect. Supply one alone or neither. If neither is supplied, the path of the original request will be used for the redirect.

rules[].action.redirect.portRedirect

Optional

integer

The port that will be used in the redirected request instead of the one that was supplied in the request.

rules[].action.redirect.prefixRewrite

Optional

string

Indicates that during redirection, the matched prefix (or path) should be swapped with this value. This option allows URLs be dynamically created based on the request.

rules[].action.redirect.responseCode

Optional

string

The HTTP Status code to use for the redirect. Possible values: MOVED_PERMANENTLY_DEFAULT, FOUND, SEE_OTHER, TEMPORARY_REDIRECT, PERMANENT_REDIRECT

rules[].action.redirect.stripQuery

Optional

boolean

if set to true, any accompanying query portion of the original URL is removed prior to redirecting the request. If set to false, the query portion of the original URL is retained. The default is set to false.

rules[].action.requestHeaderModifier

Optional

object

The specification for modifying the headers of a matching request prior to delivery of the request to the destination.

rules[].action.requestHeaderModifier.add

Optional

map (key: string, value: string)

Add the headers with given map where key is the name of the header, value is the value of the header.

rules[].action.requestHeaderModifier.remove

Optional

list (string)

Remove headers (matching by header names) specified in the list.

rules[].action.requestHeaderModifier.remove[]

Optional

string

rules[].action.requestHeaderModifier.set

Optional

map (key: string, value: string)

Completely overwrite/replace the headers with given map where key is the name of the header, value is the value of the header.

rules[].action.requestMirrorPolicy

Optional

object

Specifies the policy on how requests intended for the routes destination are shadowed to a separate mirrored destination. Proxy will not wait for the shadow destination to respond before returning the response. Prior to sending traffic to the shadow service, the host/authority header is suffixed with -shadow.

rules[].action.requestMirrorPolicy.destination

Optional

object

The destination the requests will be mirrored to. The weight of the destination will be ignored.

rules[].action.requestMirrorPolicy.destination.serviceRef

Optional

object

rules[].action.requestMirrorPolicy.destination.serviceRef.external

Optional

string

The URL of a BackendService to route traffic to. Allowed value: The Google Cloud resource name of a `ComputeBackendService` resource (format: `projects/{{project}}/global/backendServices/{{name}}`).

rules[].action.requestMirrorPolicy.destination.serviceRef.name

Optional

string

Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names

rules[].action.requestMirrorPolicy.destination.serviceRef.namespace

Optional

string

Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/

rules[].action.requestMirrorPolicy.destination.weight

Optional

integer

Specifies the proportion of requests forwarded to the backend referenced by the serviceName field. This is computed as: weight/Sum(weights in this destination list). For non-zero values, there may be some epsilon from the exact proportion defined here depending on the precision an implementation supports. If only one serviceName is specified and it has a weight greater than 0, 100% of the traffic is forwarded to that backend. If weights are specified for any one service name, they need to be specified for all of them. If weights are unspecified for all services, then, traffic is distributed in equal proportions to all of them.

rules[].action.responseHeaderModifier

Optional

object

The specification for modifying the headers of a response prior to sending the response back to the client.

rules[].action.responseHeaderModifier.add

Optional

map (key: string, value: string)

Add the headers with given map where key is the name of the header, value is the value of the header.

rules[].action.responseHeaderModifier.remove

Optional

list (string)

Remove headers (matching by header names) specified in the list.

rules[].action.responseHeaderModifier.remove[]

Optional

string

rules[].action.responseHeaderModifier.set

Optional

map (key: string, value: string)

Completely overwrite/replace the headers with given map where key is the name of the header, value is the value of the header.

rules[].action.retryPolicy

Optional

object

Specifies the retry policy associated with this route.

rules[].action.retryPolicy.numRetries

Optional

integer

Specifies the allowed number of retries. This number must be > 0. If not specified, default to 1.

rules[].action.retryPolicy.perTryTimeout

Optional

string

Specifies a non-zero timeout per retry attempt.

rules[].action.retryPolicy.retryConditions

Optional

list (string)

Specifies one or more conditions when this retry policy applies. Valid values are: 5xx: Proxy will attempt a retry if the destination service responds with any 5xx response code, of if the destination service does not respond at all, example: disconnect, reset, read timeout, connection failure and refused streams. gateway-error: Similar to 5xx, but only applies to response codes 502, 503, 504. reset: Proxy will attempt a retry if the destination service does not respond at all (disconnect/reset/read timeout) connect-failure: Proxy will retry on failures connecting to destination for example due to connection timeouts. retriable-4xx: Proxy will retry fro retriable 4xx response codes. Currently the only retriable error supported is 409. refused-stream: Proxy will retry if the destination resets the stream with a REFUSED_STREAM error code. This reset type indicates that it is safe to retry.

rules[].action.retryPolicy.retryConditions[]

Optional

string

rules[].action.timeout

Optional

string

Specifies the timeout for selected route. Timeout is computed from the time the request has been fully processed (i.e. end of stream) up until the response has been completely processed. Timeout includes all retries.

rules[].action.urlRewrite

Optional

object

The specification for rewrite URL before forwarding requests to the destination.

rules[].action.urlRewrite.hostRewrite

Optional

string

Prior to forwarding the request to the selected destination, the requests host header is replaced by this value.

rules[].action.urlRewrite.pathPrefixRewrite

Optional

string

Prior to forwarding the request to the selected destination, the matching portion of the requests path is replaced by this value.

rules[].matches

Optional

list (object)

A list of matches define conditions used for matching the rule against incoming HTTP requests. Each match is independent, i.e. this rule will be matched if ANY one of the matches is satisfied.

rules[].matches[]

Optional

object

rules[].matches[].fullPathMatch

Optional

string

The HTTP request path value should exactly match this value. Only one of full_path_match, prefix_match, or regex_match should be used.

rules[].matches[].headers

Optional

list (object)

Specifies a list of HTTP request headers to match against. ALL of the supplied headers must be matched.

rules[].matches[].headers[]

Optional

object

rules[].matches[].headers[].exactMatch

Optional

string

The value of the header should match exactly the content of exact_match.

rules[].matches[].headers[].header

Optional

string

The name of the HTTP header to match against.

rules[].matches[].headers[].invertMatch

Optional

boolean

If specified, the match result will be inverted before checking. Default value is set to false.

rules[].matches[].headers[].prefixMatch

Optional

string

The value of the header must start with the contents of prefix_match.

rules[].matches[].headers[].presentMatch

Optional

boolean

A header with header_name must exist. The match takes place whether or not the header has a value.

rules[].matches[].headers[].rangeMatch

Optional

object

If specified, the rule will match if the request header value is within the range.

rules[].matches[].headers[].rangeMatch.end

Optional

integer

End of the range (exclusive)

rules[].matches[].headers[].rangeMatch.start

Optional

integer

Start of the range (inclusive)

rules[].matches[].headers[].regexMatch

Optional

string

The value of the header must match the regular expression specified in regex_match. For regular expression grammar, please see: https://github.com/google/re2/wiki/Syntax

rules[].matches[].headers[].suffixMatch

Optional

string

The value of the header must end with the contents of suffix_match.

rules[].matches[].ignoreCase

Optional

boolean

Specifies if prefix_match and full_path_match matches are case sensitive. The default value is false.

rules[].matches[].prefixMatch

Optional

string

The HTTP request path value must begin with specified prefix_match. prefix_match must begin with a /. Only one of full_path_match, prefix_match, or regex_match should be used.

rules[].matches[].queryParameters

Optional

list (object)

Specifies a list of query parameters to match against. ALL of the query parameters must be matched.

rules[].matches[].queryParameters[]

Optional

object

rules[].matches[].queryParameters[].exactMatch

Optional

string

The value of the query parameter must exactly match the contents of exact_match. Only one of exact_match, regex_match, or present_match must be set.

rules[].matches[].queryParameters[].presentMatch

Optional

boolean

Specifies that the QueryParameterMatcher matches if request contains query parameter, irrespective of whether the parameter has a value or not. Only one of exact_match, regex_match, or present_match must be set.

rules[].matches[].queryParameters[].queryParameter

Optional

string

The name of the query parameter to match.

rules[].matches[].queryParameters[].regexMatch

Optional

string

The value of the query parameter must match the regular expression specified by regex_match. For regular expression grammar, please see https://github.com/google/re2/wiki/Syntax Only one of exact_match, regex_match, or present_match must be set.

rules[].matches[].regexMatch

Optional

string

The HTTP request path value must satisfy the regular expression specified by regex_match after removing any query parameters and anchor supplied with the original URL. For regular expression grammar, please see https://github.com/google/re2/wiki/Syntax Only one of full_path_match, prefix_match, or regex_match should be used.

Status

Schema

conditions:
- lastTransitionTime: string
  message: string
  reason: string
  status: string
  type: string
createTime: string
observedGeneration: integer
selfLink: string
updateTime: string
Fields
conditions

list (object)

Conditions represent the latest available observation of the resource's current state.

conditions[]

object

conditions[].lastTransitionTime

string

Last time the condition transitioned from one status to another.

conditions[].message

string

Human-readable message indicating details about last transition.

conditions[].reason

string

Unique, one-word, CamelCase reason for the condition's last transition.

conditions[].status

string

Status is the status of the condition. Can be True, False, Unknown.

conditions[].type

string

Type is the type of the condition.

createTime

string

Output only. The timestamp when the resource was created.

observedGeneration

integer

ObservedGeneration is the generation of the resource that was most recently observed by the Config Connector controller. If this is equal to metadata.generation, then that means that the current reported status reflects the most recent desired state of the resource.

selfLink

string

Output only. Server-defined URL of this resource

updateTime

string

Output only. The timestamp when the resource was updated.

Sample YAML(s)

Typical Use Case

# Copyright 2022 Google LLC
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
#     http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.

apiVersion: networkservices.cnrm.cloud.google.com/v1beta1
kind: NetworkServicesHTTPRoute
metadata:
  name: networkserviceshttproute-sample
  labels:
    foo: bar
spec:
  description: "A test HttpRoute"
  meshes:
  - name: "networkserviceshttproute-dep"
  gateways:
  - name: "networkserviceshttproute-dep"
  location: "global"
  hostnames:
  - "test1"
  - "test2"
  rules:
  - matches:
    - fullPathMatch: "/foo/bar"
      headers:
      - header: "foo-header"
        prefixMatch: "bar-value"
    - prefixMatch: "/foo/"
      ignoreCase: true
    - regexMatch: "/foo/.*/bar/.*"
    - prefixMatch: "/"
      headers:
      - header: "foo"
        exactMatch: "bar"
      - header: "foo"
        regexMatch: "b.*ar"
      - header: "foo"
        prefixMatch: "ba"
      - header: "foo"
        presentMatch: true
      - header: "foo"
        suffixMatch: "ar"
      - header: "foo"
        rangeMatch:
          start: 0
          end: 5
        invertMatch: true
    - prefixMatch: "/"
      queryParameters:
      - queryParameter: "foo"
        exactMatch: "bar"
      - queryParameter: "foo"
        regexMatch: ".*bar.*"
      - queryParameter: "foo"
        presentMatch: true
    action:
      destinations:
      - serviceRef:
          name: "networkserviceshttproute-dep"
        weight: 1
      - serviceRef:
          name: "networkserviceshttproute-dep"
        weight: 1
      urlRewrite:
        pathPrefixRewrite: "foo"
        hostRewrite: "foo"
      corsPolicy:
        allowOrigins:
        - "foo.com"
        - "bar.com"
        allowOriginRegexes:
        - ".*.foo.com"
        - ".*.bar.com"
        allowMethods:
        - "GET"
        - "POST"
        allowHeaders:
        - "foo"
        - "bar"
        exposeHeaders:
        - "foo"
        - "bar"
        maxAge: "35"
        allowCredentials: true
        disabled: false
      faultInjectionPolicy:
        abort:
          httpStatus: 501
          percentage: 1
        delay:
          fixedDelay: "10s"
          percentage: 2
      requestHeaderModifier:
        add:
          foo1: "bar1"
          baz1: "qux1"
        set:
          foo2: "bar2"
          baz2: "qux2"
        remove:
        - "foo3"
        - "bar3"
      requestMirrorPolicy:
        destination:
          serviceRef:
            name: "networkserviceshttproute-dep"
      responseHeaderModifier:
        add:
          foo1: "bar1"
          baz1: "qux1"
        set:
          foo2: "bar2"
          baz2: "qux2"
        remove:
        - "foo3"
        - "bar3"
      retryPolicy:
        numRetries: 3
        perTryTimeout: "5s"
        retryConditions:
        - "refused-stream"
        - "cancelled"
      timeout: "30s"
  - action:
      redirect:
        hostRedirect: "foo"
        responseCode: "MOVED_PERMANENTLY_DEFAULT"
        httpsRedirect: true
        stripQuery: true
        portRedirect: 7777
  - action:
      redirect:
        hostRedirect: "test"
        prefixRewrite: "foo"
        responseCode: "FOUND"
  - action:
      redirect:
        hostRedirect: "test"
        pathRedirect: "/foo"
        responseCode: "FOUND"
  projectRef:
    # Replace "${PROJECT_ID?}" with your project ID
    external: "projects/${PROJECT_ID?}"
---
apiVersion: compute.cnrm.cloud.google.com/v1beta1
kind: ComputeBackendService
metadata:
  name: networkserviceshttproute-dep
spec:
  loadBalancingScheme: "INTERNAL_SELF_MANAGED"
  location: global
  projectRef:
    # Replace "${PROJECT_ID?}" with your project ID
    external: "projects/${PROJECT_ID?}"
---
apiVersion: networkservices.cnrm.cloud.google.com/v1beta1
kind: NetworkServicesGateway
metadata:
  name: networkserviceshttproute-dep
spec:
  location: "global"
  type: "OPEN_MESH"
  scope: "networkserviceshttproute-sample-scope"
  ports:
  - 80
  - 443
  projectRef:
    # Replace "${PROJECT_ID?}" with your project ID
    external: "projects/${PROJECT_ID?}"
---
apiVersion: networkservices.cnrm.cloud.google.com/v1beta1
kind: NetworkServicesMesh
metadata:
  name: networkserviceshttproute-dep
spec:
  location: "global"
  projectRef:
    # Replace "${PROJECT_ID?}" with your project ID
    external: "projects/${PROJECT_ID?}"