diff --git a/api/v1alpha1/jwt_types.go b/api/v1alpha1/jwt_types.go
index 945ab68ae608..4f844b0e9fcf 100644
--- a/api/v1alpha1/jwt_types.go
+++ b/api/v1alpha1/jwt_types.go
@@ -8,9 +8,9 @@ package v1alpha1
// JWT defines the configuration for JSON Web Token (JWT) authentication.
type JWT struct {
- // AllowMissing determines whether a missing JWT is acceptable, defaulting to false if not specified.
- // Note: Even if allowMissing is set to true, JWT authentication will still fail if an invalid JWT is presented.
- AllowMissing *bool `json:"allowMissing,omitempty"`
+ // Optional determines whether a missing JWT is acceptable, defaulting to false if not specified.
+ // Note: Even if optional is set to true, JWT authentication will still fail if an invalid JWT is presented.
+ Optional *bool `json:"optional,omitempty"`
// Providers defines the JSON Web Token (JWT) authentication provider type.
// When multiple JWT providers are specified, the JWT is considered valid if
diff --git a/api/v1alpha1/zz_generated.deepcopy.go b/api/v1alpha1/zz_generated.deepcopy.go
index d959961e7bda..b50f4d2d71f2 100644
--- a/api/v1alpha1/zz_generated.deepcopy.go
+++ b/api/v1alpha1/zz_generated.deepcopy.go
@@ -2202,8 +2202,8 @@ func (in *JSONPatchOperation) DeepCopy() *JSONPatchOperation {
// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
func (in *JWT) DeepCopyInto(out *JWT) {
*out = *in
- if in.AllowMissing != nil {
- in, out := &in.AllowMissing, &out.AllowMissing
+ if in.Optional != nil {
+ in, out := &in.Optional, &out.Optional
*out = new(bool)
**out = **in
}
diff --git a/charts/gateway-helm/crds/generated/gateway.envoyproxy.io_securitypolicies.yaml b/charts/gateway-helm/crds/generated/gateway.envoyproxy.io_securitypolicies.yaml
index e5720170389b..dafc82504a19 100644
--- a/charts/gateway-helm/crds/generated/gateway.envoyproxy.io_securitypolicies.yaml
+++ b/charts/gateway-helm/crds/generated/gateway.envoyproxy.io_securitypolicies.yaml
@@ -422,10 +422,10 @@ spec:
description: JWT defines the configuration for JSON Web Token (JWT)
authentication.
properties:
- allowMissing:
+ optional:
description: |-
- AllowMissing determines whether a missing JWT is acceptable, defaulting to false if not specified.
- Note: Even if allowMissing is set to true, JWT authentication will still fail if an invalid JWT is presented.
+ Optional determines whether a missing JWT is acceptable, defaulting to false if not specified.
+ Note: Even if optional is set to true, JWT authentication will still fail if an invalid JWT is presented.
type: boolean
providers:
description: |-
diff --git a/internal/gatewayapi/securitypolicy.go b/internal/gatewayapi/securitypolicy.go
index e3d9dbd8f9c7..f03e46590db3 100644
--- a/internal/gatewayapi/securitypolicy.go
+++ b/internal/gatewayapi/securitypolicy.go
@@ -527,7 +527,7 @@ func wildcard2regex(wildcard string) string {
func (t *Translator) buildJWT(jwt *egv1a1.JWT) *ir.JWT {
return &ir.JWT{
- AllowMissing: ptr.Deref(jwt.AllowMissing, false),
+ AllowMissing: ptr.Deref(jwt.Optional, false),
Providers: jwt.Providers,
}
}
diff --git a/internal/gatewayapi/testdata/securitypolicy-with-jwt-optional.in.yaml b/internal/gatewayapi/testdata/securitypolicy-with-jwt-optional.in.yaml
index 5567d0b986b9..1ae633f805c5 100644
--- a/internal/gatewayapi/testdata/securitypolicy-with-jwt-optional.in.yaml
+++ b/internal/gatewayapi/testdata/securitypolicy-with-jwt-optional.in.yaml
@@ -124,4 +124,4 @@ securityPolicies:
- session_access_token
params:
- token
- allowMissing: true
+ optional: true
diff --git a/internal/gatewayapi/testdata/securitypolicy-with-jwt-optional.out.yaml b/internal/gatewayapi/testdata/securitypolicy-with-jwt-optional.out.yaml
index 9b47bb8990d2..caf5e85171f7 100644
--- a/internal/gatewayapi/testdata/securitypolicy-with-jwt-optional.out.yaml
+++ b/internal/gatewayapi/testdata/securitypolicy-with-jwt-optional.out.yaml
@@ -160,7 +160,7 @@ infraIR:
name: envoy-gateway/gateway-1/http
ports:
- containerPort: 10080
- name: http
+ name: http-80
protocol: HTTP
servicePort: 80
metadata:
@@ -175,7 +175,7 @@ infraIR:
name: envoy-gateway/gateway-2/http
ports:
- containerPort: 10080
- name: http
+ name: http-80
protocol: HTTP
servicePort: 80
metadata:
@@ -192,7 +192,7 @@ securityPolicies:
namespace: default
spec:
jwt:
- allowMissing: true
+ optional: true
providers:
- audiences:
- three.foo.com
diff --git a/site/content/en/latest/api/extension_types.md b/site/content/en/latest/api/extension_types.md
index 4068596f6a45..6ec8cac52a03 100644
--- a/site/content/en/latest/api/extension_types.md
+++ b/site/content/en/latest/api/extension_types.md
@@ -40,9 +40,9 @@ _Appears in:_
| Value | Description |
| ----- | ----------- |
-| `http/1.0` | HTTPProtocolVersion1_0 specifies that HTTP/1.0 should be negotiable with ALPN
|
-| `http/1.1` | HTTPProtocolVersion1_1 specifies that HTTP/1.1 should be negotiable with ALPN
|
-| `h2` | HTTPProtocolVersion2 specifies that HTTP/2 should be negotiable with ALPN
|
+| `http/1.0` | HTTPProtocolVersion1_0 specifies that HTTP/1.0 should be negotiable with ALPN
|
+| `http/1.1` | HTTPProtocolVersion1_1 specifies that HTTP/1.1 should be negotiable with ALPN
|
+| `h2` | HTTPProtocolVersion2 specifies that HTTP/2 should be negotiable with ALPN
|
#### ALSEnvoyProxyAccessLog
@@ -81,8 +81,8 @@ _Appears in:_
| Value | Description |
| ----- | ----------- |
-| `HTTP` | ALSEnvoyProxyAccessLogTypeHTTP defines the HTTP access log type and will populate StreamAccessLogsMessage.http_logs.
|
-| `TCP` | ALSEnvoyProxyAccessLogTypeTCP defines the TCP access log type and will populate StreamAccessLogsMessage.tcp_logs.
|
+| `HTTP` | ALSEnvoyProxyAccessLogTypeHTTP defines the HTTP access log type and will populate StreamAccessLogsMessage.http_logs.
|
+| `TCP` | ALSEnvoyProxyAccessLogTypeTCP defines the TCP access log type and will populate StreamAccessLogsMessage.tcp_logs.
|
#### ALSEnvoyProxyHTTPAccessLogConfig
@@ -150,8 +150,8 @@ _Appears in:_
| Value | Description |
| ----- | ----------- |
-| `Text` | ActiveHealthCheckPayloadTypeText defines the Text type payload.
|
-| `Binary` | ActiveHealthCheckPayloadTypeBinary defines the Binary type payload.
|
+| `Text` | ActiveHealthCheckPayloadTypeText defines the Text type payload.
|
+| `Binary` | ActiveHealthCheckPayloadTypeBinary defines the Binary type payload.
|
#### ActiveHealthCheckerType
@@ -165,8 +165,8 @@ _Appears in:_
| Value | Description |
| ----- | ----------- |
-| `HTTP` | ActiveHealthCheckerTypeHTTP defines the HTTP type of health checking.
|
-| `TCP` | ActiveHealthCheckerTypeTCP defines the TCP type of health checking.
|
+| `HTTP` | ActiveHealthCheckerTypeHTTP defines the HTTP type of health checking.
|
+| `TCP` | ActiveHealthCheckerTypeTCP defines the TCP type of health checking.
|
#### BackOffPolicy
@@ -288,8 +288,8 @@ _Appears in:_
| Value | Description |
| ----- | ----------- |
-| `Merge` | Merge merges the provided bootstrap with the default one. The provided bootstrap can add or override a value
within a map, or add a new value to a list.
Please note that the provided bootstrap can't override a value within a list.
|
-| `Replace` | Replace replaces the default bootstrap with the provided one.
|
+| `Merge` | Merge merges the provided bootstrap with the default one. The provided bootstrap can add or override a value
within a map, or add a new value to a list.
Please note that the provided bootstrap can't override a value within a list.
|
+| `Replace` | Replace replaces the default bootstrap with the provided one.
|
#### CORS
@@ -530,7 +530,7 @@ _Appears in:_
| Value | Description |
| ----- | ----------- |
-| `SourceIP` | SourceIPConsistentHashType hashes based on the source IP address.
|
+| `SourceIP` | SourceIPConsistentHashType hashes based on the source IP address.
|
#### CustomHeaderExtensionSettings
@@ -579,9 +579,9 @@ _Appears in:_
| Value | Description |
| ----- | ----------- |
-| `Literal` | CustomTagTypeLiteral adds hard-coded value to each span.
|
-| `Environment` | CustomTagTypeEnvironment adds value from environment variable to each span.
|
-| `RequestHeader` | CustomTagTypeRequestHeader adds value from request header to each span.
|
+| `Literal` | CustomTagTypeLiteral adds hard-coded value to each span.
|
+| `Environment` | CustomTagTypeEnvironment adds value from environment variable to each span.
|
+| `RequestHeader` | CustomTagTypeRequestHeader adds value from request header to each span.
|
#### EnvironmentCustomTag
@@ -786,13 +786,13 @@ _Appears in:_
| Value | Description |
| ----- | ----------- |
-| `default` | LogComponentGatewayDefault defines the "default"-wide logging component. When specified,
all other logging components are ignored.
|
-| `provider` | LogComponentProviderRunner defines the "provider" runner component.
|
-| `gateway-api` | LogComponentGatewayAPIRunner defines the "gateway-api" runner component.
|
-| `xds-translator` | LogComponentXdsTranslatorRunner defines the "xds-translator" runner component.
|
-| `xds-server` | LogComponentXdsServerRunner defines the "xds-server" runner component.
|
-| `infrastructure` | LogComponentInfrastructureRunner defines the "infrastructure" runner component.
|
-| `global-ratelimit` | LogComponentGlobalRateLimitRunner defines the "global-ratelimit" runner component.
|
+| `default` | LogComponentGatewayDefault defines the "default"-wide logging component. When specified,
all other logging components are ignored.
|
+| `provider` | LogComponentProviderRunner defines the "provider" runner component.
|
+| `gateway-api` | LogComponentGatewayAPIRunner defines the "gateway-api" runner component.
|
+| `xds-translator` | LogComponentXdsTranslatorRunner defines the "xds-translator" runner component.
|
+| `xds-server` | LogComponentXdsServerRunner defines the "xds-server" runner component.
|
+| `infrastructure` | LogComponentInfrastructureRunner defines the "infrastructure" runner component.
|
+| `global-ratelimit` | LogComponentGlobalRateLimitRunner defines the "global-ratelimit" runner component.
|
#### EnvoyGatewayLogging
@@ -1019,7 +1019,7 @@ _Appears in:_
| Value | Description |
| ----- | ----------- |
-| `JSONPatch` | JSONPatchEnvoyPatchType allows the user to patch the generated xDS resources using JSONPatch semantics.
For more details on the semantics, please refer to https://datatracker.ietf.org/doc/html/rfc6902
|
+| `JSONPatch` | JSONPatchEnvoyPatchType allows the user to patch the generated xDS resources using JSONPatch semantics.
For more details on the semantics, please refer to https://datatracker.ietf.org/doc/html/rfc6902
|
#### EnvoyProxy
@@ -1104,10 +1104,10 @@ _Appears in:_
| Value | Description |
| ----- | ----------- |
-| `type.googleapis.com/envoy.config.listener.v3.Listener` | ListenerEnvoyResourceType defines the Type URL of the Listener resource
|
-| `type.googleapis.com/envoy.config.route.v3.RouteConfiguration` | RouteConfigurationEnvoyResourceType defines the Type URL of the RouteConfiguration resource
|
-| `type.googleapis.com/envoy.config.cluster.v3.Cluster` | ClusterEnvoyResourceType defines the Type URL of the Cluster resource
|
-| `type.googleapis.com/envoy.config.endpoint.v3.ClusterLoadAssignment` | ClusterLoadAssignmentEnvoyResourceType defines the Type URL of the ClusterLoadAssignment resource
|
+| `type.googleapis.com/envoy.config.listener.v3.Listener` | ListenerEnvoyResourceType defines the Type URL of the Listener resource
|
+| `type.googleapis.com/envoy.config.route.v3.RouteConfiguration` | RouteConfigurationEnvoyResourceType defines the Type URL of the RouteConfiguration resource
|
+| `type.googleapis.com/envoy.config.cluster.v3.Cluster` | ClusterEnvoyResourceType defines the Type URL of the Cluster resource
|
+| `type.googleapis.com/envoy.config.endpoint.v3.ClusterLoadAssignment` | ClusterLoadAssignmentEnvoyResourceType defines the Type URL of the ClusterLoadAssignment resource
|
#### ExtAuth
@@ -1521,9 +1521,9 @@ _Appears in:_
| Value | Description |
| ----- | ----------- |
-| `Exact` | HeaderMatchExact matches the exact value of the Value field against the value of
the specified HTTP Header.
|
-| `RegularExpression` | HeaderMatchRegularExpression matches a regular expression against the value of the
specified HTTP Header. The regex string must adhere to the syntax documented in
https://github.com/google/re2/wiki/Syntax.
|
-| `Distinct` | HeaderMatchDistinct matches any and all possible unique values encountered in the
specified HTTP Header. Note that each unique value will receive its own rate limit
bucket.
Note: This is only supported for Global Rate Limits.
|
+| `Exact` | HeaderMatchExact matches the exact value of the Value field against the value of
the specified HTTP Header.
|
+| `RegularExpression` | HeaderMatchRegularExpression matches a regular expression against the value of the
specified HTTP Header. The regex string must adhere to the syntax documented in
https://github.com/google/re2/wiki/Syntax.
|
+| `Distinct` | HeaderMatchDistinct matches any and all possible unique values encountered in the
specified HTTP Header. Note that each unique value will receive its own rate limit
bucket.
Note: This is only supported for Global Rate Limits.
|
#### HeaderSettings
@@ -1583,7 +1583,7 @@ _Appears in:_
| Value | Description |
| ----- | ----------- |
-| `Host` | InfrastructureProviderTypeHost defines the "Host" provider.
|
+| `Host` | InfrastructureProviderTypeHost defines the "Host" provider.
|
#### JSONPatchOperation
@@ -1626,8 +1626,7 @@ _Appears in:_
| Field | Type | Required | Description |
| --- | --- | --- | --- |
-
-| `allowMissing` | _boolean_ | true | AllowMissing determines whether a missing JWT is acceptable, defaulting to false if not specified.
Note: Even if allowMissing is set to true, JWT authentication will still fail if an invalid JWT is presented. |
+| `optional` | _boolean_ | true | Optional determines whether a missing JWT is acceptable, defaulting to false if not specified.
Note: Even if optional is set to true, JWT authentication will still fail if an invalid JWT is presented. |
| `providers` | _[JWTProvider](#jwtprovider) array_ | true | Providers defines the JSON Web Token (JWT) authentication provider type.
When multiple JWT providers are specified, the JWT is considered valid if
any of the providers successfully validate the JWT. For additional details,
see https://www.envoyproxy.io/docs/envoy/latest/configuration/http/http_filters/jwt_authn_filter.html. |
@@ -1897,10 +1896,10 @@ _Appears in:_
| Value | Description |
| ----- | ----------- |
-| `ConsistentHash` | ConsistentHashLoadBalancerType load balancer policy.
|
-| `LeastRequest` | LeastRequestLoadBalancerType load balancer policy.
|
-| `Random` | RandomLoadBalancerType load balancer policy.
|
-| `RoundRobin` | RoundRobinLoadBalancerType load balancer policy.
|
+| `ConsistentHash` | ConsistentHashLoadBalancerType load balancer policy.
|
+| `LeastRequest` | LeastRequestLoadBalancerType load balancer policy.
|
+| `Random` | RandomLoadBalancerType load balancer policy.
|
+| `RoundRobin` | RoundRobinLoadBalancerType load balancer policy.
|
#### LocalRateLimit
@@ -1929,10 +1928,10 @@ _Appears in:_
| Value | Description |
| ----- | ----------- |
-| `debug` | LogLevelDebug defines the "debug" logging level.
|
-| `info` | LogLevelInfo defines the "Info" logging level.
|
-| `warn` | LogLevelWarn defines the "Warn" logging level.
|
-| `error` | LogLevelError defines the "Error" logging level.
|
+| `debug` | LogLevelDebug defines the "debug" logging level.
|
+| `info` | LogLevelInfo defines the "Info" logging level.
|
+| `warn` | LogLevelWarn defines the "Warn" logging level.
|
+| `error` | LogLevelError defines the "Error" logging level.
|
@@ -1949,7 +1948,7 @@ _Appears in:_
| Value | Description |
| ----- | ----------- |
-| `OpenTelemetry` | |
+| `OpenTelemetry` | |
#### OIDC
@@ -2062,10 +2061,10 @@ _Appears in:_
| Value | Description |
| ----- | ----------- |
-| `KeepUnchanged` | KeepUnchangedAction keeps escaped slashes as they arrive without changes
|
-| `RejectRequest` | RejectRequestAction rejects client requests containing escaped slashes
with a 400 status. gRPC requests will be rejected with the INTERNAL (13)
error code.
The "httpN.downstream_rq_failed_path_normalization" counter is incremented
for each rejected request.
|
-| `UnescapeAndRedirect` | UnescapeAndRedirect unescapes %2F and %5C sequences and redirects to the new path
if these sequences were present.
Redirect occurs after path normalization and merge slashes transformations if
they were configured. gRPC requests will be rejected with the INTERNAL (13)
error code.
This option minimizes possibility of path confusion exploits by forcing request
with unescaped slashes to traverse all parties: downstream client, intermediate
proxies, Envoy and upstream server.
The “httpN.downstream_rq_redirected_with_normalized_path” counter is incremented
for each redirected request.
|
-| `UnescapeAndForward` | UnescapeAndForward unescapes %2F and %5C sequences and forwards the request.
Note: this option should not be enabled if intermediaries perform path based access
control as it may lead to path confusion vulnerabilities.
|
+| `KeepUnchanged` | KeepUnchangedAction keeps escaped slashes as they arrive without changes
|
+| `RejectRequest` | RejectRequestAction rejects client requests containing escaped slashes
with a 400 status. gRPC requests will be rejected with the INTERNAL (13)
error code.
The "httpN.downstream_rq_failed_path_normalization" counter is incremented
for each rejected request.
|
+| `UnescapeAndRedirect` | UnescapeAndRedirect unescapes %2F and %5C sequences and redirects to the new path
if these sequences were present.
Redirect occurs after path normalization and merge slashes transformations if
they were configured. gRPC requests will be rejected with the INTERNAL (13)
error code.
This option minimizes possibility of path confusion exploits by forcing request
with unescaped slashes to traverse all parties: downstream client, intermediate
proxies, Envoy and upstream server.
The “httpN.downstream_rq_redirected_with_normalized_path” counter is incremented
for each redirected request.
|
+| `UnescapeAndForward` | UnescapeAndForward unescapes %2F and %5C sequences and forwards the request.
Note: this option should not be enabled if intermediaries perform path based access
control as it may lead to path confusion vulnerabilities.
|
#### PathSettings
@@ -2110,8 +2109,8 @@ _Appears in:_
| Value | Description |
| ----- | ----------- |
-| `Kubernetes` | ProviderTypeKubernetes defines the "Kubernetes" provider.
|
-| `File` | ProviderTypeFile defines the "File" provider. This type is not implemented
until https://github.com/envoyproxy/gateway/issues/1001 is fixed.
|
+| `Kubernetes` | ProviderTypeKubernetes defines the "Kubernetes" provider.
|
+| `File` | ProviderTypeFile defines the "File" provider. This type is not implemented
until https://github.com/envoyproxy/gateway/issues/1001 is fixed.
|
#### ProxyAccessLog
@@ -2157,8 +2156,8 @@ _Appears in:_
| Value | Description |
| ----- | ----------- |
-| `Text` | ProxyAccessLogFormatTypeText defines the text accesslog format.
|
-| `JSON` | ProxyAccessLogFormatTypeJSON defines the JSON accesslog format.
|
+| `Text` | ProxyAccessLogFormatTypeText defines the text accesslog format.
|
+| `JSON` | ProxyAccessLogFormatTypeJSON defines the JSON accesslog format.
|
#### ProxyAccessLogSetting
@@ -2204,9 +2203,9 @@ _Appears in:_
| Value | Description |
| ----- | ----------- |
-| `ALS` | ProxyAccessLogSinkTypeALS defines the gRPC Access Log Service (ALS) sink.
The service must implement the Envoy gRPC Access Log Service streaming API:
https://www.envoyproxy.io/docs/envoy/latest/api-v3/service/accesslog/v3/als.proto
|
-| `File` | ProxyAccessLogSinkTypeFile defines the file accesslog sink.
|
-| `OpenTelemetry` | ProxyAccessLogSinkTypeOpenTelemetry defines the OpenTelemetry accesslog sink.
When the provider is Kubernetes, EnvoyGateway always sends `k8s.namespace.name`
and `k8s.pod.name` as additional attributes.
|
+| `ALS` | ProxyAccessLogSinkTypeALS defines the gRPC Access Log Service (ALS) sink.
The service must implement the Envoy gRPC Access Log Service streaming API:
https://www.envoyproxy.io/docs/envoy/latest/api-v3/service/accesslog/v3/als.proto
|
+| `File` | ProxyAccessLogSinkTypeFile defines the file accesslog sink.
|
+| `OpenTelemetry` | ProxyAccessLogSinkTypeOpenTelemetry defines the OpenTelemetry accesslog sink.
When the provider is Kubernetes, EnvoyGateway always sends `k8s.namespace.name`
and `k8s.pod.name` as additional attributes.
|
#### ProxyBootstrap
@@ -2235,16 +2234,16 @@ _Appears in:_
| Value | Description |
| ----- | ----------- |
-| `default` | LogComponentDefault defines the default logging component.
See more details: https://www.envoyproxy.io/docs/envoy/latest/operations/cli#cmdoption-l
|
-| `upstream` | LogComponentUpstream defines the "upstream" logging component.
|
-| `http` | LogComponentHTTP defines the "http" logging component.
|
-| `connection` | LogComponentConnection defines the "connection" logging component.
|
-| `admin` | LogComponentAdmin defines the "admin" logging component.
|
-| `client` | LogComponentClient defines the "client" logging component.
|
-| `filter` | LogComponentFilter defines the "filter" logging component.
|
-| `main` | LogComponentMain defines the "main" logging component.
|
-| `router` | LogComponentRouter defines the "router" logging component.
|
-| `runtime` | LogComponentRuntime defines the "runtime" logging component.
|
+| `default` | LogComponentDefault defines the default logging component.
See more details: https://www.envoyproxy.io/docs/envoy/latest/operations/cli#cmdoption-l
|
+| `upstream` | LogComponentUpstream defines the "upstream" logging component.
|
+| `http` | LogComponentHTTP defines the "http" logging component.
|
+| `connection` | LogComponentConnection defines the "connection" logging component.
|
+| `admin` | LogComponentAdmin defines the "admin" logging component.
|
+| `client` | LogComponentClient defines the "client" logging component.
|
+| `filter` | LogComponentFilter defines the "filter" logging component.
|
+| `main` | LogComponentMain defines the "main" logging component.
|
+| `router` | LogComponentRouter defines the "router" logging component.
|
+| `runtime` | LogComponentRuntime defines the "runtime" logging component.
|
#### ProxyLogging
@@ -2350,8 +2349,8 @@ _Appears in:_
| Value | Description |
| ----- | ----------- |
-| `V1` | ProxyProtocolVersionV1 is the PROXY protocol version 1 (human readable format).
|
-| `V2` | ProxyProtocolVersionV2 is the PROXY protocol version 2 (binary format).
|
+| `V1` | ProxyProtocolVersionV1 is the PROXY protocol version 1 (human readable format).
|
+| `V2` | ProxyProtocolVersionV2 is the PROXY protocol version 2 (binary format).
|
#### ProxyTelemetry
@@ -2433,7 +2432,7 @@ _Appears in:_
| Value | Description |
| ----- | ----------- |
-| `Redis` | RedisBackendType uses a redis database for the rate limit service.
|
+| `Redis` | RedisBackendType uses a redis database for the rate limit service.
|
#### RateLimitMetrics
@@ -2587,8 +2586,8 @@ _Appears in:_
| Value | Description |
| ----- | ----------- |
-| `Global` | GlobalRateLimitType allows the rate limits to be applied across all Envoy
proxy instances.
|
-| `Local` | LocalRateLimitType allows the rate limits to be applied on a per Envoy
proxy instance basis.
|
+| `Global` | GlobalRateLimitType allows the rate limits to be applied across all Envoy
proxy instances.
|
+| `Local` | LocalRateLimitType allows the rate limits to be applied on a per Envoy
proxy instance basis.
|
#### RateLimitUnit
@@ -2603,10 +2602,10 @@ _Appears in:_
| Value | Description |
| ----- | ----------- |
-| `Second` | RateLimitUnitSecond specifies the rate limit interval to be 1 second.
|
-| `Minute` | RateLimitUnitMinute specifies the rate limit interval to be 1 minute.
|
-| `Hour` | RateLimitUnitHour specifies the rate limit interval to be 1 hour.
|
-| `Day` | RateLimitUnitDay specifies the rate limit interval to be 1 day.
|
+| `Second` | RateLimitUnitSecond specifies the rate limit interval to be 1 second.
|
+| `Minute` | RateLimitUnitMinute specifies the rate limit interval to be 1 minute.
|
+| `Hour` | RateLimitUnitHour specifies the rate limit interval to be 1 hour.
|
+| `Day` | RateLimitUnitDay specifies the rate limit interval to be 1 day.
|
#### RateLimitValue
@@ -2679,7 +2678,7 @@ _Appears in:_
| Value | Description |
| ----- | ----------- |
-| `File` | ResourceProviderTypeFile defines the "File" provider.
|
+| `File` | ResourceProviderTypeFile defines the "File" provider.
|
#### Retry
@@ -2781,8 +2780,8 @@ _Appears in:_
| Value | Description |
| ----- | ----------- |
-| `Cluster` | ServiceExternalTrafficPolicyCluster routes traffic to all endpoints.
|
-| `Local` | ServiceExternalTrafficPolicyLocal preserves the source IP of the traffic by
routing only to endpoints on the same node as the traffic was received on
(dropping the traffic if there are no local endpoints).
|
+| `Cluster` | ServiceExternalTrafficPolicyCluster routes traffic to all endpoints.
|
+| `Local` | ServiceExternalTrafficPolicyLocal preserves the source IP of the traffic by
routing only to endpoints on the same node as the traffic was received on
(dropping the traffic if there are no local endpoints).
|
#### ServiceType
@@ -2796,9 +2795,9 @@ _Appears in:_
| Value | Description |
| ----- | ----------- |
-| `ClusterIP` | ServiceTypeClusterIP means a service will only be accessible inside the
cluster, via the cluster IP.
|
-| `LoadBalancer` | ServiceTypeLoadBalancer means a service will be exposed via an
external load balancer (if the cloud provider supports it).
|
-| `NodePort` | ServiceTypeNodePort means a service will be exposed on each Kubernetes Node
at a static Port, common across all Nodes.
|
+| `ClusterIP` | ServiceTypeClusterIP means a service will only be accessible inside the
cluster, via the cluster IP.
|
+| `LoadBalancer` | ServiceTypeLoadBalancer means a service will be exposed via an
external load balancer (if the cloud provider supports it).
|
+| `NodePort` | ServiceTypeNodePort means a service will be exposed on each Kubernetes Node
at a static Port, common across all Nodes.
|
#### ShutdownConfig
@@ -2843,8 +2842,8 @@ _Appears in:_
| Value | Description |
| ----- | ----------- |
-| `Exact` | SourceMatchExact All IP Addresses within the specified Source IP CIDR are treated as a single client selector
and share the same rate limit bucket.
|
-| `Distinct` | SourceMatchDistinct Each IP Address within the specified Source IP CIDR is treated as a distinct client selector
and uses a separate rate limit bucket/counter.
Note: This is only supported for Global Rate Limits.
|
+| `Exact` | SourceMatchExact All IP Addresses within the specified Source IP CIDR are treated as a single client selector
and share the same rate limit bucket.
|
+| `Distinct` | SourceMatchDistinct Each IP Address within the specified Source IP CIDR is treated as a distinct client selector
and uses a separate rate limit bucket/counter.
Note: This is only supported for Global Rate Limits.
|
#### StringMatch
@@ -2876,10 +2875,10 @@ _Appears in:_
| Value | Description |
| ----- | ----------- |
-| `Exact` | StringMatchExact :the input string must match exactly the match value.
|
-| `Prefix` | StringMatchPrefix :the input string must start with the match value.
|
-| `Suffix` | StringMatchSuffix :the input string must end with the match value.
|
-| `RegularExpression` | StringMatchRegularExpression :The input string must match the regular expression
specified in the match value.
The regex string must adhere to the syntax documented in
https://github.com/google/re2/wiki/Syntax.
|
+| `Exact` | StringMatchExact :the input string must match exactly the match value.
|
+| `Prefix` | StringMatchPrefix :the input string must start with the match value.
|
+| `Suffix` | StringMatchSuffix :the input string must end with the match value.
|
+| `RegularExpression` | StringMatchRegularExpression :The input string must match the regular expression
specified in the match value.
The regex string must adhere to the syntax documented in
https://github.com/google/re2/wiki/Syntax.
|
#### TCPActiveHealthChecker
@@ -2959,11 +2958,11 @@ _Appears in:_
| Value | Description |
| ----- | ----------- |
-| `Auto` | TLSAuto allows Envoy to choose the optimal TLS Version
|
-| `1.0` | TLS1.0 specifies TLS version 1.0
|
-| `1.1` | TLS1.1 specifies TLS version 1.1
|
-| `1.2` | TLSv1.2 specifies TLS version 1.2
|
-| `1.3` | TLSv1.3 specifies TLS version 1.3
|
+| `Auto` | TLSAuto allows Envoy to choose the optimal TLS Version
|
+| `1.0` | TLS1.0 specifies TLS version 1.0
|
+| `1.1` | TLS1.1 specifies TLS version 1.1
|
+| `1.2` | TLSv1.2 specifies TLS version 1.2
|
+| `1.3` | TLSv1.3 specifies TLS version 1.3
|
#### Timeout
@@ -3009,8 +3008,8 @@ _Appears in:_
| Value | Description |
| ----- | ----------- |
-| `OpenTelemetry` | |
-| `OpenTelemetry` | |
+| `OpenTelemetry` | |
+| `OpenTelemetry` | |
#### TriggerEnum
@@ -3024,18 +3023,18 @@ _Appears in:_
| Value | Description |
| ----- | ----------- |
-| `5xx` | The upstream server responds with any 5xx response code, or does not respond at all (disconnect/reset/read timeout).
Includes connect-failure and refused-stream.
|
-| `gateway-error` | The response is a gateway error (502,503 or 504).
|
-| `reset` | The upstream server does not respond at all (disconnect/reset/read timeout.)
|
-| `connect-failure` | Connection failure to the upstream server (connect timeout, etc.). (Included in *5xx*)
|
-| `retriable-4xx` | The upstream server responds with a retriable 4xx response code.
Currently, the only response code in this category is 409.
|
-| `refused-stream` | The upstream server resets the stream with a REFUSED_STREAM error code.
|
-| `retriable-status-codes` | The upstream server responds with any response code matching one defined in the RetriableStatusCodes.
|
-| `cancelled` | The gRPC status code in the response headers is “cancelled”.
|
-| `deadline-exceeded` | The gRPC status code in the response headers is “deadline-exceeded”.
|
-| `internal` | The gRPC status code in the response headers is “internal”.
|
-| `resource-exhausted` | The gRPC status code in the response headers is “resource-exhausted”.
|
-| `unavailable` | The gRPC status code in the response headers is “unavailable”.
|
+| `5xx` | The upstream server responds with any 5xx response code, or does not respond at all (disconnect/reset/read timeout).
Includes connect-failure and refused-stream.
|
+| `gateway-error` | The response is a gateway error (502,503 or 504).
|
+| `reset` | The upstream server does not respond at all (disconnect/reset/read timeout.)
|
+| `connect-failure` | Connection failure to the upstream server (connect timeout, etc.). (Included in *5xx*)
|
+| `retriable-4xx` | The upstream server responds with a retriable 4xx response code.
Currently, the only response code in this category is 409.
|
+| `refused-stream` | The upstream server resets the stream with a REFUSED_STREAM error code.
|
+| `retriable-status-codes` | The upstream server responds with any response code matching one defined in the RetriableStatusCodes.
|
+| `cancelled` | The gRPC status code in the response headers is “cancelled”.
|
+| `deadline-exceeded` | The gRPC status code in the response headers is “deadline-exceeded”.
|
+| `internal` | The gRPC status code in the response headers is “internal”.
|
+| `resource-exhausted` | The gRPC status code in the response headers is “resource-exhausted”.
|
+| `unavailable` | The gRPC status code in the response headers is “unavailable”.
|
#### Wasm
@@ -3086,8 +3085,8 @@ _Appears in:_
| Value | Description |
| ----- | ----------- |
-| `HTTP` | HTTPWasmCodeSourceType allows the user to specify the wasm code in an HTTP URL.
|
-| `Image` | ImageWasmCodeSourceType allows the user to specify the wasm code in an OCI image.
|
+| `HTTP` | HTTPWasmCodeSourceType allows the user to specify the wasm code in an HTTP URL.
|
+| `Image` | ImageWasmCodeSourceType allows the user to specify the wasm code in an OCI image.
|
#### WithUnderscoresAction
@@ -3102,9 +3101,9 @@ _Appears in:_
| Value | Description |
| ----- | ----------- |
-| `Allow` | WithUnderscoresActionAllow allows headers with underscores to be passed through.
|
-| `RejectRequest` | WithUnderscoresActionRejectRequest rejects the client request. HTTP/1 requests are rejected with
the 400 status. HTTP/2 requests end with the stream reset.
|
-| `DropHeader` | WithUnderscoresActionDropHeader drops the client header with name containing underscores. The header
is dropped before the filter chain is invoked and as such filters will not see
dropped headers.
|
+| `Allow` | WithUnderscoresActionAllow allows headers with underscores to be passed through.
|
+| `RejectRequest` | WithUnderscoresActionRejectRequest rejects the client request. HTTP/1 requests are rejected with
the 400 status. HTTP/2 requests end with the stream reset.
|
+| `DropHeader` | WithUnderscoresActionDropHeader drops the client header with name containing underscores. The header
is dropped before the filter chain is invoked and as such filters will not see
dropped headers.
|
#### XDSTranslatorHook
@@ -3119,10 +3118,10 @@ _Appears in:_
| Value | Description |
| ----- | ----------- |
-| `VirtualHost` | |
-| `Route` | |
-| `HTTPListener` | |
-| `Translation` | |
+| `VirtualHost` | |
+| `Route` | |
+| `HTTPListener` | |
+| `Translation` | |
#### XDSTranslatorHooks