API Specification

This page contains the API field specification for Gateway API.

Packages:

• application-networking.k8s.aws/v1alpha1

application-networking.k8s.aws/v1alpha1

Resource Types:

• AccessLogPolicy
• IAMAuthPolicy
• ServiceExport
• ServiceImport
• TargetGroupPolicy
• VpcAssociationPolicy

AccessLogPolicy

Field	Description
apiVersion string	application-networking.k8s.aws/v1alpha1
kind string	AccessLogPolicy
metadata Kubernetes meta/v1.ObjectMeta	Refer to the Kubernetes API documentation for the fields of the metadata field.
spec AccessLogPolicySpec	destinationArn string The Amazon Resource Name (ARN) of the destination that will store access logs. Supported values are S3 Bucket, CloudWatch Log Group, and Firehose Delivery Stream ARNs. Changes to this value results in replacement of the VPC Lattice Access Log Subscription. targetRef sigs.k8s.io/gateway-api/apis/v1alpha2.NamespacedPolicyTargetReference TargetRef points to the Kubernetes Gateway, HTTPRoute, or GRPCRoute resource that will have this policy attached. This field is following the guidelines of Kubernetes Gateway API policy attachment.
status AccessLogPolicyStatus	Status defines the current state of AccessLogPolicy.

IAMAuthPolicy

Field	Description
apiVersion string	application-networking.k8s.aws/v1alpha1
kind string	IAMAuthPolicy
metadata Kubernetes meta/v1.ObjectMeta	Refer to the Kubernetes API documentation for the fields of the metadata field.
spec IAMAuthPolicySpec	policy string IAM auth policy content. It is a JSON string that uses the same syntax as AWS IAM policies. Please check the VPC Lattice documentation to get the common elements in an auth policy targetRef sigs.k8s.io/gateway-api/apis/v1alpha2.NamespacedPolicyTargetReference TargetRef points to the Kubernetes Gateway, HTTPRoute, or GRPCRoute resource that will have this policy attached. This field is following the guidelines of Kubernetes Gateway API policy attachment.
status IAMAuthPolicyStatus	Status defines the current state of IAMAuthPolicy.

ServiceExport

ServiceExport declares that the Service with the same name and namespace as this export should be consumable from other clusters.

Field	Description
apiVersion string	application-networking.k8s.aws/v1alpha1
kind string	ServiceExport
metadata Kubernetes meta/v1.ObjectMeta	(Optional) Refer to the Kubernetes API documentation for the fields of the metadata field.
status ServiceExportStatus	(Optional) status describes the current state of an exported service. Service configuration comes from the Service that had the same name and namespace as this ServiceExport. Populated by the multi-cluster service implementation’s controller.

ServiceImport

ServiceImport describes a service imported from clusters in a ClusterSet.

Field	Description
apiVersion string	application-networking.k8s.aws/v1alpha1
kind string	ServiceImport
metadata Kubernetes meta/v1.ObjectMeta	(Optional) Refer to the Kubernetes API documentation for the fields of the metadata field.
spec ServiceImportSpec	(Optional) spec defines the behavior of a ServiceImport. ports []ServicePort ips []string (Optional) ip will be used as the VIP for this service when type is ClusterSetIP. type ServiceImportType type defines the type of this service. Must be ClusterSetIP or Headless. sessionAffinity Kubernetes core/v1.ServiceAffinity (Optional) Supports “ClientIP” and “None”. Used to maintain session affinity. Enable client IP based session affinity. Must be ClientIP or None. Defaults to None. Ignored when type is Headless More info: https://kubernetes.io/docs/concepts/services-networking/service/#virtual-ips-and-service-proxies sessionAffinityConfig Kubernetes core/v1.SessionAffinityConfig (Optional) sessionAffinityConfig contains session affinity configuration.
status ServiceImportStatus	(Optional) status contains information about the exported services that form the multi-cluster service referenced by this ServiceImport.

TargetGroupPolicy

Field	Description
apiVersion string	application-networking.k8s.aws/v1alpha1
kind string	TargetGroupPolicy
metadata Kubernetes meta/v1.ObjectMeta	Refer to the Kubernetes API documentation for the fields of the metadata field.
spec TargetGroupPolicySpec	protocol string (Optional) The protocol to use for routing traffic to the targets. Supported values are HTTP (default) and HTTPS. Changes to this value results in a replacement of VPC Lattice target group. protocolVersion string (Optional) The protocol version to use. Supported values are HTTP1 (default) and HTTP2. When a policy is behind GRPCRoute, this field value will be ignored as GRPC is only supported through HTTP/2. Changes to this value results in a replacement of VPC Lattice target group. targetRef sigs.k8s.io/gateway-api/apis/v1alpha2.NamespacedPolicyTargetReference TargetRef points to the kubernetes Service resource that will have this policy attached. This field is following the guidelines of Kubernetes Gateway API policy attachment. healthCheck HealthCheckConfig (Optional) The health check configuration. Changes to this value will update VPC Lattice resource in place.
status TargetGroupPolicyStatus

VpcAssociationPolicy

Field	Description
apiVersion string	application-networking.k8s.aws/v1alpha1
kind string	VpcAssociationPolicy
metadata Kubernetes meta/v1.ObjectMeta	Refer to the Kubernetes API documentation for the fields of the metadata field.
spec VpcAssociationPolicySpec	securityGroupIds []SecurityGroupId (Optional) SecurityGroupIds defines the security groups enforced on the VpcServiceNetworkAssociation. Security groups does not take effect if AssociateWithVpc is set to false. For more details, please check the VPC Lattice documentation https://docs.aws.amazon.com/vpc-lattice/latest/ug/security-groups.html associateWithVpc bool (Optional) AssociateWithVpc indicates whether the VpcServiceNetworkAssociation should be created for the current VPC of k8s cluster. This value will be considered true by default. targetRef sigs.k8s.io/gateway-api/apis/v1alpha2.NamespacedPolicyTargetReference TargetRef points to the kubernetes Gateway resource that will have this policy attached. This field is following the guidelines of Kubernetes Gateway API policy attachment.
status VpcAssociationPolicyStatus

AccessLogPolicySpec

(Appears on:AccessLogPolicy)

AccessLogPolicySpec defines the desired state of AccessLogPolicy.

Field	Description
destinationArn string	The Amazon Resource Name (ARN) of the destination that will store access logs. Supported values are S3 Bucket, CloudWatch Log Group, and Firehose Delivery Stream ARNs. Changes to this value results in replacement of the VPC Lattice Access Log Subscription.
targetRef sigs.k8s.io/gateway-api/apis/v1alpha2.NamespacedPolicyTargetReference	TargetRef points to the Kubernetes Gateway, HTTPRoute, or GRPCRoute resource that will have this policy attached. This field is following the guidelines of Kubernetes Gateway API policy attachment.

AccessLogPolicyStatus

(Appears on:AccessLogPolicy)

AccessLogPolicyStatus defines the observed state of AccessLogPolicy.

Field	Description
conditions []Kubernetes meta/v1.Condition	(Optional) Conditions describe the current conditions of the AccessLogPolicy. Implementations should prefer to express Policy conditions using the PolicyConditionType and PolicyConditionReason constants so that operators and tools can converge on a common vocabulary to describe AccessLogPolicy state. Known condition types are: “Accepted” “Ready”

ClusterStatus

(Appears on:ServiceImportStatus)

ClusterStatus contains service configuration mapped to a specific source cluster

Field	Description
cluster string	cluster is the name of the exporting cluster. Must be a valid RFC-1123 DNS label.

HealthCheckConfig

(Appears on:TargetGroupPolicySpec)

HealthCheckConfig defines health check configuration for given VPC Lattice target group. For the detailed explanation and supported values, please refer to VPC Lattice documentationon health checks.

Field	Description
enabled bool	(Optional) Indicates whether health checking is enabled.
intervalSeconds int64	(Optional) The approximate amount of time, in seconds, between health checks of an individual target.
timeoutSeconds int64	(Optional) The amount of time, in seconds, to wait before reporting a target as unhealthy.
healthyThresholdCount int64	(Optional) The number of consecutive successful health checks required before considering an unhealthy target healthy.
unhealthyThresholdCount int64	(Optional) The number of consecutive failed health checks required before considering a target unhealthy.
statusMatch string	(Optional) A regular expression to match HTTP status codes when checking for successful response from a target.
path string	(Optional) The destination for health checks on the targets.
port int64	The port used when performing health checks on targets. If not specified, health check defaults to the port that a target receives traffic on.
protocol HealthCheckProtocol	(Optional) The protocol used when performing health checks on targets.
protocolVersion HealthCheckProtocolVersion	(Optional) The protocol version used when performing health checks on targets. Defaults to HTTP/1.

HealthCheckProtocol (string alias)

(Appears on:HealthCheckConfig)

Value	Description
"HTTP"
"HTTPS"

HealthCheckProtocolVersion (string alias)

(Appears on:HealthCheckConfig)

Value	Description
"HTTP1"
"HTTP2"

IAMAuthPolicySpec

(Appears on:IAMAuthPolicy)

IAMAuthPolicySpec defines the desired state of IAMAuthPolicy. When the controller handles IAMAuthPolicy creation, if the targetRef k8s and VPC Lattice resource exists, the controller will change the auth_type of that VPC Lattice resource to AWS_IAM and attach this policy. When the controller handles IAMAuthPolicy deletion, if the targetRef k8s and VPC Lattice resource exists, the controller will change the auth_type of that VPC Lattice resource to NONE and detach this policy.

Field	Description
policy string	IAM auth policy content. It is a JSON string that uses the same syntax as AWS IAM policies. Please check the VPC Lattice documentation to get the common elements in an auth policy
targetRef sigs.k8s.io/gateway-api/apis/v1alpha2.NamespacedPolicyTargetReference	TargetRef points to the Kubernetes Gateway, HTTPRoute, or GRPCRoute resource that will have this policy attached. This field is following the guidelines of Kubernetes Gateway API policy attachment.

IAMAuthPolicyStatus

(Appears on:IAMAuthPolicy)

IAMAuthPolicyStatus defines the observed state of IAMAuthPolicy.

Field	Description
conditions []Kubernetes meta/v1.Condition	(Optional) Conditions describe the current conditions of the IAMAuthPolicy. Implementations should prefer to express Policy conditions using the PolicyConditionType and PolicyConditionReason constants so that operators and tools can converge on a common vocabulary to describe IAMAuthPolicy state. Known condition types are: “Accepted” “Ready”

SecurityGroupId (string alias)

(Appears on:VpcAssociationPolicySpec)

ServiceExportCondition

(Appears on:ServiceExportStatus)

ServiceExportCondition contains details for the current condition of this service export.

Once KEP-1623 is implemented, this will be replaced by metav1.Condition.

Field	Description
type ServiceExportConditionType
status Kubernetes core/v1.ConditionStatus	Status is one of {“True”, “False”, “Unknown”}
lastTransitionTime Kubernetes meta/v1.Time	(Optional)
reason string	(Optional)
message string	(Optional)

ServiceExportConditionType (string alias)

(Appears on:ServiceExportCondition)

ServiceExportConditionType identifies a specific condition.

Value	Description
"Conflict"	ServiceExportConflict means that there is a conflict between two exports for the same Service. When “True”, the condition message should contain enough information to diagnose the conflict: field(s) under contention, which cluster won, and why. Users should not expect detailed per-cluster information in the conflict message.
"Valid"	ServiceExportValid means that the service referenced by this service export has been recognized as valid by a controller. This will be false if the service is found to be unexportable (ExternalName, not found).

ServiceExportStatus

(Appears on:ServiceExport)

ServiceExportStatus contains the current status of an export.

Field	Description
conditions []ServiceExportCondition	(Optional)

ServiceImportSpec

(Appears on:ServiceImport)

ServiceImportSpec describes an imported service and the information necessary to consume it.

Field	Description
ports []ServicePort
ips []string	(Optional) ip will be used as the VIP for this service when type is ClusterSetIP.
type ServiceImportType	type defines the type of this service. Must be ClusterSetIP or Headless.
sessionAffinity Kubernetes core/v1.ServiceAffinity	(Optional) Supports “ClientIP” and “None”. Used to maintain session affinity. Enable client IP based session affinity. Must be ClientIP or None. Defaults to None. Ignored when type is Headless More info: https://kubernetes.io/docs/concepts/services-networking/service/#virtual-ips-and-service-proxies
sessionAffinityConfig Kubernetes core/v1.SessionAffinityConfig	(Optional) sessionAffinityConfig contains session affinity configuration.

ServiceImportStatus

(Appears on:ServiceImport)

ServiceImportStatus describes derived state of an imported service.

Field	Description
clusters []ClusterStatus	(Optional) clusters is the list of exporting clusters from which this service was derived.

ServiceImportType (string alias)

(Appears on:ServiceImportSpec)

ServiceImportType designates the type of a ServiceImport

Value	Description
"ClusterSetIP"	ClusterSetIP are only accessible via the ClusterSet IP.
"Headless"	Headless services allow backend pods to be addressed directly.

ServicePort

(Appears on:ServiceImportSpec)

ServicePort represents the port on which the service is exposed

Field	Description
name string	(Optional) The name of this port within the service. This must be a DNS_LABEL. All ports within a ServiceSpec must have unique names. When considering the endpoints for a Service, this must match the ‘name’ field in the EndpointPort. Optional if only one ServicePort is defined on this service.
protocol Kubernetes core/v1.Protocol	(Optional) The IP protocol for this port. Supports “TCP”, “UDP”, and “SCTP”. Default is TCP.
appProtocol string	(Optional) The application protocol for this port. This field follows standard Kubernetes label syntax. Un-prefixed names are reserved for IANA standard service names (as per RFC-6335 and http://www.iana.org/assignments/service-names). Non-standard protocols should use prefixed names such as mycompany.com/my-custom-protocol. Field can be enabled with ServiceAppProtocol feature gate.
port int32	The port that will be exposed by this service.

TargetGroupPolicySpec

(Appears on:TargetGroupPolicy)

TargetGroupPolicySpec defines the desired state of TargetGroupPolicy.

Field	Description
protocol string	(Optional) The protocol to use for routing traffic to the targets. Supported values are HTTP (default) and HTTPS. Changes to this value results in a replacement of VPC Lattice target group.
protocolVersion string	(Optional) The protocol version to use. Supported values are HTTP1 (default) and HTTP2. When a policy is behind GRPCRoute, this field value will be ignored as GRPC is only supported through HTTP/2. Changes to this value results in a replacement of VPC Lattice target group.
targetRef sigs.k8s.io/gateway-api/apis/v1alpha2.NamespacedPolicyTargetReference	TargetRef points to the kubernetes Service resource that will have this policy attached. This field is following the guidelines of Kubernetes Gateway API policy attachment.
healthCheck HealthCheckConfig	(Optional) The health check configuration. Changes to this value will update VPC Lattice resource in place.

TargetGroupPolicyStatus

(Appears on:TargetGroupPolicy)

TargetGroupPolicyStatus defines the observed state of TargetGroupPolicy.

Field	Description
conditions []Kubernetes meta/v1.Condition	(Optional) Conditions describe the current conditions of the AccessLogPolicy. Implementations should prefer to express Policy conditions using the PolicyConditionType and PolicyConditionReason constants so that operators and tools can converge on a common vocabulary to describe AccessLogPolicy state. Known condition types are: “Accepted” “Ready”

VpcAssociationPolicySpec

(Appears on:VpcAssociationPolicy)

VpcAssociationPolicySpec defines the desired state of VpcAssociationPolicy.

Field	Description
securityGroupIds []SecurityGroupId	(Optional) SecurityGroupIds defines the security groups enforced on the VpcServiceNetworkAssociation. Security groups does not take effect if AssociateWithVpc is set to false. For more details, please check the VPC Lattice documentation https://docs.aws.amazon.com/vpc-lattice/latest/ug/security-groups.html
associateWithVpc bool	(Optional) AssociateWithVpc indicates whether the VpcServiceNetworkAssociation should be created for the current VPC of k8s cluster. This value will be considered true by default.
targetRef sigs.k8s.io/gateway-api/apis/v1alpha2.NamespacedPolicyTargetReference	TargetRef points to the kubernetes Gateway resource that will have this policy attached. This field is following the guidelines of Kubernetes Gateway API policy attachment.

VpcAssociationPolicyStatus

(Appears on:VpcAssociationPolicy)

VpcAssociationPolicyStatus defines the observed state of VpcAssociationPolicy.

Field	Description
conditions []Kubernetes meta/v1.Condition	(Optional) Conditions describe the current conditions of the VpcAssociationPolicy. Implementations should prefer to express Policy conditions using the PolicyConditionType and PolicyConditionReason constants so that operators and tools can converge on a common vocabulary to describe VpcAssociationPolicy state. Known condition types are: “Accepted”

---

Generated with gen-crd-api-reference-docs on git commit 5de8f32.