Skip to content

API Specification

This page contains the API field specification for Gateway API.

Packages:

application-networking.k8s.aws/v1alpha1

Resource Types:

AccessLogPolicy

Field Description
apiVersion
string
application-networking.k8s.aws/v1alpha1
kind
string
AccessLogPolicy
metadata
Kubernetes meta/v1.ObjectMeta
Refer to the Kubernetes API documentation for the fields of the metadata field.
spec
AccessLogPolicySpec


destinationArn
string

The Amazon Resource Name (ARN) of the destination that will store access logs. Supported values are S3 Bucket, CloudWatch Log Group, and Firehose Delivery Stream ARNs.

Changes to this value results in replacement of the VPC Lattice Access Log Subscription.

targetRef
sigs.k8s.io/gateway-api/apis/v1alpha2.NamespacedPolicyTargetReference

TargetRef points to the Kubernetes Gateway, HTTPRoute, or GRPCRoute resource that will have this policy attached.

This field is following the guidelines of Kubernetes Gateway API policy attachment.

status
AccessLogPolicyStatus

Status defines the current state of AccessLogPolicy.

IAMAuthPolicy

Field Description
apiVersion
string
application-networking.k8s.aws/v1alpha1
kind
string
IAMAuthPolicy
metadata
Kubernetes meta/v1.ObjectMeta
Refer to the Kubernetes API documentation for the fields of the metadata field.
spec
IAMAuthPolicySpec


policy
string

IAM auth policy content. It is a JSON string that uses the same syntax as AWS IAM policies. Please check the VPC Lattice documentation to get the common elements in an auth policy

targetRef
sigs.k8s.io/gateway-api/apis/v1alpha2.NamespacedPolicyTargetReference

TargetRef points to the Kubernetes Gateway, HTTPRoute, or GRPCRoute resource that will have this policy attached.

This field is following the guidelines of Kubernetes Gateway API policy attachment.

status
IAMAuthPolicyStatus

Status defines the current state of IAMAuthPolicy.

ServiceExport

ServiceExport declares that the Service with the same name and namespace as this export should be consumable from other clusters.

Field Description
apiVersion
string
application-networking.k8s.aws/v1alpha1
kind
string
ServiceExport
metadata
Kubernetes meta/v1.ObjectMeta
(Optional) Refer to the Kubernetes API documentation for the fields of the metadata field.
status
ServiceExportStatus
(Optional)

status describes the current state of an exported service. Service configuration comes from the Service that had the same name and namespace as this ServiceExport. Populated by the multi-cluster service implementation’s controller.

ServiceImport

ServiceImport describes a service imported from clusters in a ClusterSet.

Field Description
apiVersion
string
application-networking.k8s.aws/v1alpha1
kind
string
ServiceImport
metadata
Kubernetes meta/v1.ObjectMeta
(Optional) Refer to the Kubernetes API documentation for the fields of the metadata field.
spec
ServiceImportSpec
(Optional)

spec defines the behavior of a ServiceImport.



ports
[]ServicePort
ips
[]string
(Optional)

ip will be used as the VIP for this service when type is ClusterSetIP.

type
ServiceImportType

type defines the type of this service. Must be ClusterSetIP or Headless.

sessionAffinity
Kubernetes core/v1.ServiceAffinity
(Optional)

Supports “ClientIP” and “None”. Used to maintain session affinity. Enable client IP based session affinity. Must be ClientIP or None. Defaults to None. Ignored when type is Headless More info: https://kubernetes.io/docs/concepts/services-networking/service/#virtual-ips-and-service-proxies

sessionAffinityConfig
Kubernetes core/v1.SessionAffinityConfig
(Optional)

sessionAffinityConfig contains session affinity configuration.

status
ServiceImportStatus
(Optional)

status contains information about the exported services that form the multi-cluster service referenced by this ServiceImport.

TargetGroupPolicy

Field Description
apiVersion
string
application-networking.k8s.aws/v1alpha1
kind
string
TargetGroupPolicy
metadata
Kubernetes meta/v1.ObjectMeta
Refer to the Kubernetes API documentation for the fields of the metadata field.
spec
TargetGroupPolicySpec


protocol
string
(Optional)

The protocol to use for routing traffic to the targets. Supported values are HTTP (default) and HTTPS.

Changes to this value results in a replacement of VPC Lattice target group.

protocolVersion
string
(Optional)

The protocol version to use. Supported values are HTTP1 (default) and HTTP2. When a policy is behind GRPCRoute, this field value will be ignored as GRPC is only supported through HTTP/2.

Changes to this value results in a replacement of VPC Lattice target group.

targetRef
sigs.k8s.io/gateway-api/apis/v1alpha2.NamespacedPolicyTargetReference

TargetRef points to the kubernetes Service resource that will have this policy attached.

This field is following the guidelines of Kubernetes Gateway API policy attachment.

healthCheck
HealthCheckConfig
(Optional)

The health check configuration.

Changes to this value will update VPC Lattice resource in place.

status
TargetGroupPolicyStatus

VpcAssociationPolicy

Field Description
apiVersion
string
application-networking.k8s.aws/v1alpha1
kind
string
VpcAssociationPolicy
metadata
Kubernetes meta/v1.ObjectMeta
Refer to the Kubernetes API documentation for the fields of the metadata field.
spec
VpcAssociationPolicySpec


securityGroupIds
[]SecurityGroupId
(Optional)

SecurityGroupIds defines the security groups enforced on the VpcServiceNetworkAssociation. Security groups does not take effect if AssociateWithVpc is set to false.

For more details, please check the VPC Lattice documentation https://docs.aws.amazon.com/vpc-lattice/latest/ug/security-groups.html

associateWithVpc
bool
(Optional)

AssociateWithVpc indicates whether the VpcServiceNetworkAssociation should be created for the current VPC of k8s cluster.

This value will be considered true by default.

targetRef
sigs.k8s.io/gateway-api/apis/v1alpha2.NamespacedPolicyTargetReference

TargetRef points to the kubernetes Gateway resource that will have this policy attached.

This field is following the guidelines of Kubernetes Gateway API policy attachment.

status
VpcAssociationPolicyStatus

AccessLogPolicySpec

(Appears on:AccessLogPolicy)

AccessLogPolicySpec defines the desired state of AccessLogPolicy.

Field Description
destinationArn
string

The Amazon Resource Name (ARN) of the destination that will store access logs. Supported values are S3 Bucket, CloudWatch Log Group, and Firehose Delivery Stream ARNs.

Changes to this value results in replacement of the VPC Lattice Access Log Subscription.

targetRef
sigs.k8s.io/gateway-api/apis/v1alpha2.NamespacedPolicyTargetReference

TargetRef points to the Kubernetes Gateway, HTTPRoute, or GRPCRoute resource that will have this policy attached.

This field is following the guidelines of Kubernetes Gateway API policy attachment.

AccessLogPolicyStatus

(Appears on:AccessLogPolicy)

AccessLogPolicyStatus defines the observed state of AccessLogPolicy.

Field Description
conditions
[]Kubernetes meta/v1.Condition
(Optional)

Conditions describe the current conditions of the AccessLogPolicy.

Implementations should prefer to express Policy conditions using the PolicyConditionType and PolicyConditionReason constants so that operators and tools can converge on a common vocabulary to describe AccessLogPolicy state.

Known condition types are:

  • “Accepted”
  • “Ready”

ClusterStatus

(Appears on:ServiceImportStatus)

ClusterStatus contains service configuration mapped to a specific source cluster

Field Description
cluster
string

cluster is the name of the exporting cluster. Must be a valid RFC-1123 DNS label.

HealthCheckConfig

(Appears on:TargetGroupPolicySpec)

HealthCheckConfig defines health check configuration for given VPC Lattice target group. For the detailed explanation and supported values, please refer to VPC Lattice documentationon health checks.

Field Description
enabled
bool
(Optional)

Indicates whether health checking is enabled.

intervalSeconds
int64
(Optional)

The approximate amount of time, in seconds, between health checks of an individual target.

timeoutSeconds
int64
(Optional)

The amount of time, in seconds, to wait before reporting a target as unhealthy.

healthyThresholdCount
int64
(Optional)

The number of consecutive successful health checks required before considering an unhealthy target healthy.

unhealthyThresholdCount
int64
(Optional)

The number of consecutive failed health checks required before considering a target unhealthy.

statusMatch
string
(Optional)

A regular expression to match HTTP status codes when checking for successful response from a target.

path
string
(Optional)

The destination for health checks on the targets.

port
int64

The port used when performing health checks on targets. If not specified, health check defaults to the port that a target receives traffic on.

protocol
HealthCheckProtocol
(Optional)

The protocol used when performing health checks on targets.

protocolVersion
HealthCheckProtocolVersion
(Optional)

The protocol version used when performing health checks on targets. Defaults to HTTP/1.

HealthCheckProtocol (string alias)

(Appears on:HealthCheckConfig)

Value Description

"HTTP"

"HTTPS"

HealthCheckProtocolVersion (string alias)

(Appears on:HealthCheckConfig)

Value Description

"HTTP1"

"HTTP2"

IAMAuthPolicySpec

(Appears on:IAMAuthPolicy)

IAMAuthPolicySpec defines the desired state of IAMAuthPolicy. When the controller handles IAMAuthPolicy creation, if the targetRef k8s and VPC Lattice resource exists, the controller will change the auth_type of that VPC Lattice resource to AWS_IAM and attach this policy. When the controller handles IAMAuthPolicy deletion, if the targetRef k8s and VPC Lattice resource exists, the controller will change the auth_type of that VPC Lattice resource to NONE and detach this policy.

Field Description
policy
string

IAM auth policy content. It is a JSON string that uses the same syntax as AWS IAM policies. Please check the VPC Lattice documentation to get the common elements in an auth policy

targetRef
sigs.k8s.io/gateway-api/apis/v1alpha2.NamespacedPolicyTargetReference

TargetRef points to the Kubernetes Gateway, HTTPRoute, or GRPCRoute resource that will have this policy attached.

This field is following the guidelines of Kubernetes Gateway API policy attachment.

IAMAuthPolicyStatus

(Appears on:IAMAuthPolicy)

IAMAuthPolicyStatus defines the observed state of IAMAuthPolicy.

Field Description
conditions
[]Kubernetes meta/v1.Condition
(Optional)

Conditions describe the current conditions of the IAMAuthPolicy.

Implementations should prefer to express Policy conditions using the PolicyConditionType and PolicyConditionReason constants so that operators and tools can converge on a common vocabulary to describe IAMAuthPolicy state.

Known condition types are:

  • “Accepted”
  • “Ready”

SecurityGroupId (string alias)

(Appears on:VpcAssociationPolicySpec)

ServiceExportCondition

(Appears on:ServiceExportStatus)

ServiceExportCondition contains details for the current condition of this service export.

Once KEP-1623 is implemented, this will be replaced by metav1.Condition.

Field Description
type
ServiceExportConditionType
status
Kubernetes core/v1.ConditionStatus

Status is one of {“True”, “False”, “Unknown”}

lastTransitionTime
Kubernetes meta/v1.Time
(Optional)
reason
string
(Optional)
message
string
(Optional)

ServiceExportConditionType (string alias)

(Appears on:ServiceExportCondition)

ServiceExportConditionType identifies a specific condition.

Value Description

"Conflict"

ServiceExportConflict means that there is a conflict between two exports for the same Service. When “True”, the condition message should contain enough information to diagnose the conflict: field(s) under contention, which cluster won, and why. Users should not expect detailed per-cluster information in the conflict message.

"Valid"

ServiceExportValid means that the service referenced by this service export has been recognized as valid by a controller. This will be false if the service is found to be unexportable (ExternalName, not found).

ServiceExportStatus

(Appears on:ServiceExport)

ServiceExportStatus contains the current status of an export.

Field Description
conditions
[]ServiceExportCondition
(Optional)

ServiceImportSpec

(Appears on:ServiceImport)

ServiceImportSpec describes an imported service and the information necessary to consume it.

Field Description
ports
[]ServicePort
ips
[]string
(Optional)

ip will be used as the VIP for this service when type is ClusterSetIP.

type
ServiceImportType

type defines the type of this service. Must be ClusterSetIP or Headless.

sessionAffinity
Kubernetes core/v1.ServiceAffinity
(Optional)

Supports “ClientIP” and “None”. Used to maintain session affinity. Enable client IP based session affinity. Must be ClientIP or None. Defaults to None. Ignored when type is Headless More info: https://kubernetes.io/docs/concepts/services-networking/service/#virtual-ips-and-service-proxies

sessionAffinityConfig
Kubernetes core/v1.SessionAffinityConfig
(Optional)

sessionAffinityConfig contains session affinity configuration.

ServiceImportStatus

(Appears on:ServiceImport)

ServiceImportStatus describes derived state of an imported service.

Field Description
clusters
[]ClusterStatus
(Optional)

clusters is the list of exporting clusters from which this service was derived.

ServiceImportType (string alias)

(Appears on:ServiceImportSpec)

ServiceImportType designates the type of a ServiceImport

Value Description

"ClusterSetIP"

ClusterSetIP are only accessible via the ClusterSet IP.

"Headless"

Headless services allow backend pods to be addressed directly.

ServicePort

(Appears on:ServiceImportSpec)

ServicePort represents the port on which the service is exposed

Field Description
name
string
(Optional)

The name of this port within the service. This must be a DNS_LABEL. All ports within a ServiceSpec must have unique names. When considering the endpoints for a Service, this must match the ‘name’ field in the EndpointPort. Optional if only one ServicePort is defined on this service.

protocol
Kubernetes core/v1.Protocol
(Optional)

The IP protocol for this port. Supports “TCP”, “UDP”, and “SCTP”. Default is TCP.

appProtocol
string
(Optional)

The application protocol for this port. This field follows standard Kubernetes label syntax. Un-prefixed names are reserved for IANA standard service names (as per RFC-6335 and http://www.iana.org/assignments/service-names). Non-standard protocols should use prefixed names such as mycompany.com/my-custom-protocol. Field can be enabled with ServiceAppProtocol feature gate.

port
int32

The port that will be exposed by this service.

TargetGroupPolicySpec

(Appears on:TargetGroupPolicy)

TargetGroupPolicySpec defines the desired state of TargetGroupPolicy.

Field Description
protocol
string
(Optional)

The protocol to use for routing traffic to the targets. Supported values are HTTP (default) and HTTPS.

Changes to this value results in a replacement of VPC Lattice target group.

protocolVersion
string
(Optional)

The protocol version to use. Supported values are HTTP1 (default) and HTTP2. When a policy is behind GRPCRoute, this field value will be ignored as GRPC is only supported through HTTP/2.

Changes to this value results in a replacement of VPC Lattice target group.

targetRef
sigs.k8s.io/gateway-api/apis/v1alpha2.NamespacedPolicyTargetReference

TargetRef points to the kubernetes Service resource that will have this policy attached.

This field is following the guidelines of Kubernetes Gateway API policy attachment.

healthCheck
HealthCheckConfig
(Optional)

The health check configuration.

Changes to this value will update VPC Lattice resource in place.

TargetGroupPolicyStatus

(Appears on:TargetGroupPolicy)

TargetGroupPolicyStatus defines the observed state of TargetGroupPolicy.

Field Description
conditions
[]Kubernetes meta/v1.Condition
(Optional)

Conditions describe the current conditions of the AccessLogPolicy.

Implementations should prefer to express Policy conditions using the PolicyConditionType and PolicyConditionReason constants so that operators and tools can converge on a common vocabulary to describe AccessLogPolicy state.

Known condition types are:

  • “Accepted”
  • “Ready”

VpcAssociationPolicySpec

(Appears on:VpcAssociationPolicy)

VpcAssociationPolicySpec defines the desired state of VpcAssociationPolicy.

Field Description
securityGroupIds
[]SecurityGroupId
(Optional)

SecurityGroupIds defines the security groups enforced on the VpcServiceNetworkAssociation. Security groups does not take effect if AssociateWithVpc is set to false.

For more details, please check the VPC Lattice documentation https://docs.aws.amazon.com/vpc-lattice/latest/ug/security-groups.html

associateWithVpc
bool
(Optional)

AssociateWithVpc indicates whether the VpcServiceNetworkAssociation should be created for the current VPC of k8s cluster.

This value will be considered true by default.

targetRef
sigs.k8s.io/gateway-api/apis/v1alpha2.NamespacedPolicyTargetReference

TargetRef points to the kubernetes Gateway resource that will have this policy attached.

This field is following the guidelines of Kubernetes Gateway API policy attachment.

VpcAssociationPolicyStatus

(Appears on:VpcAssociationPolicy)

VpcAssociationPolicyStatus defines the observed state of VpcAssociationPolicy.

Field Description
conditions
[]Kubernetes meta/v1.Condition
(Optional)

Conditions describe the current conditions of the VpcAssociationPolicy.

Implementations should prefer to express Policy conditions using the PolicyConditionType and PolicyConditionReason constants so that operators and tools can converge on a common vocabulary to describe VpcAssociationPolicy state.

Known condition types are:

  • “Accepted”

Generated with gen-crd-api-reference-docs on git commit 5de8f32.